Bug 1410861 - NSS server does not comply with the RFC 7919
Summary: NSS server does not comply with the RFC 7919
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: nss
Version: 6.8
Hardware: Unspecified
OS: Unspecified
Target Milestone: pre-dev-freeze
: ---
Assignee: nss-nspr-maint
QA Contact: BaseOS QE Security Team
Depends On:
TreeView+ depends on / blocked
Reported: 2017-01-06 16:07 UTC by Hubert Kario
Modified: 2017-08-31 14:01 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2017-08-31 14:01:08 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Mozilla Foundation 1330618 0 P3 RESOLVED Non-compliance with RFC 7919 (FFDHE) 2021-01-10 20:45:51 UTC

Description Hubert Kario 2017-01-06 16:07:13 UTC
Description of problem:
the NSS server does not comply with the RFC 7919 MUST requirement in  Section 4

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
git clone https://github.com/tomato42/tlsfuzzer.git
pushd tlsfuzzer
git checkout ffdhe # won't be necessary in future
git clone https://github.com/warner/python-ecdsa .python-ecdsa
ln -s .python-ecdsa/ecdsa ecdsa
git clone https://github.com/tomato42/tlslite-ng.git .tlslite-ng
pushd .tlslite-ng
git checkout ffdhe # won't be necessary in future
ln -s .tlslite-ng/tlslite tlslite
openssl req -x509 -newkey rsa -keyout localhost.key -out localhost.crt -nodes -batch -subj /CN=localhost
openssl pkcs12 -export -passout pass:  -out localhost.p12 -inkey localhost.key -in localhost.crt
mkdir nssdb
certutil -N -d sql:nssdb --empty-password
pk12util -i localhost.p12 -d sql:nssdb -W ''
./selfserv -d sql:./nssdb -p 4433 -V tls1.0: -H 1 -n localhost
# in another terminal, same directory
PYTHONPATH=tlsfuzzer python tlsfuzzer/scripts/test-ffdhe-negotiation.py 'no overlap between groups'

Actual results:
no overlap between groups ...
Error encountered while processing node <tlsfuzzer.expect.ExpectAlert object at 0x1e18b90> (child: <tlsfuzzer.expect.ExpectClose object at 0x1e18bd0>) with last message being: <tlslite.messages.Message object at 0x1e1c350>
Error while processing
Traceback (most recent call last):
  File "tlsfuzzer/scripts/test-ffdhe-negotiation.py", line 295, in main
  File "/tmp/tmp.y0pmCSjuzr/tlsfuzzer/tlsfuzzer/runner.py", line 168, in run
    node.process(self.state, msg)
  File "/tmp/tmp.y0pmCSjuzr/tlsfuzzer/tlsfuzzer/expect.py", line 542, in process
    raise AssertionError(problem_desc)
AssertionError: Alert description 40 != 71

Expected results:
no overlap between groups ...

Additional info:
RFC 7919 MUST requirement in Section 4:

   If the extension is present
   with FFDHE groups, none of the client's offered groups are acceptable
   by the server, and none of the client's proposed non-FFDHE cipher
   suites are acceptable to the server, the server MUST end the
   connection with a fatal TLS alert of type insufficient_security(71).

Comment 2 Kai Engert (:kaie) (inactive account) 2017-01-11 15:43:41 UTC
If you find deficiencies in NSS that aren't specific to our packaging, please always report an upstream bug.

Note You need to log in before you can comment on or make changes to this bug.