Bug 1439270 - NSS/TLS: Alert sent by server upon receiving malformed extended master secret extension is incorrect
Summary: NSS/TLS: Alert sent by server upon receiving malformed extended master secret...
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: nss
Version: 7.4
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: ---
Assignee: Daiki Ueno
QA Contact: Hubert Kario
Depends On:
TreeView+ depends on / blocked
Reported: 2017-04-05 14:43 UTC by Hubert Kario
Modified: 2018-04-10 09:26 UTC (History)
3 users (show)

Fixed In Version: nss-3.34.0-0.1.beta1.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2018-04-10 09:25:43 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Priority Status Summary Last Updated
Mozilla Foundation 1353750 -- RESOLVED malformed extended master secret extension causes incorrect alert 2020-05-19 11:03:53 UTC
Red Hat Product Errata RHEA-2018:0679 None None None 2018-04-10 09:26:39 UTC

Description Hubert Kario 2017-04-05 14:43:45 UTC
Description of problem:
When server receives malformed EMS extension, it replies with handshake_failure instead of decode_error.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
git clone https://github.com/tomato42/tlsfuzzer.git
pushd tlsfuzzer
git checkout extended-master-secret-parameterise
git clone https://github.com/warner/python-ecdsa .python-ecdsa
ln -s .python-ecdsa/ecdsa ecdsa
git clone https://github.com/tomato42/tlslite-ng.git .tlslite-ng
pushd .tlslite-ng
git checkout ems-fixup
ln -s .tlslite-ng/tlslite tlslite
openssl req -x509 -newkey rsa -keyout localhost.key -out localhost.crt -nodes -batch -subj /CN=localhost
openssl pkcs12 -export -passout pass:  -out localhost.p12 -inkey localhost.key -in localhost.crt
mkdir nssdb
certutil -N -d sql:nssdb --empty-password
pk12util -i localhost.p12 -d sql:nssdb -W ''
selfserv -n localhost -p 4433 -d sql:./nssdb -V tls1.0: -H 1 -U 0 -G 

# in another terminal, same directory
PYTHONPATH=tlsfuzzer python tlsfuzzer/scripts/test-extended-master-secret-extension.py 'malformed extended master secret ext'

Actual results:
Server prints
selfserv: HDX PR_Read returned error -12260:
SSL received a malformed Client Hello handshake message.

Client prints:
AssertionError: Alert description 40 != 50

Expected results:
test case pass, server replies with decode_error alert

Additional info:

Comment 3 Kai Engert (:kaie) (inactive account) 2017-09-01 11:43:49 UTC
Seems to be fixed upstream, will be picked up when we rebase to NSS 3.32 or later.

Comment 11 errata-xmlrpc 2018-04-10 09:25:43 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.