Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be available on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.
Bug 1656435 - Connections using TLS 1.3 and PSK fail for keys larger than 512 bits
Summary: Connections using TLS 1.3 and PSK fail for keys larger than 512 bits
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: openssl
Version: 29
Hardware: x86_64
OS: Linux
unspecified
medium
Target Milestone: ---
Assignee: Tomas Mraz
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-12-05 14:01 UTC by Jakob Hirsch
Modified: 2019-03-15 14:45 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-03-15 14:45:57 UTC
Type: Bug


Attachments (Terms of Use)

Description Jakob Hirsch 2018-12-05 14:01:03 UTC
Description of problem:

TLS 1.3 was introduced with OpenSSL 1.1.1 and is used by default if the application 


Version-Release number of selected component (if applicable):

openssl-1.1.1-3.fc29.x86_64


How reproducible:

Always


Steps to Reproduce:
1. Start server with a key longer than 512 bits (here: 130 nibbles => 65 bytes => 520 bits)
    openssl s_server -accept 4433 -nocert -psk $(printf '%.sa' {1..130})
2. Try to connect 
    openssl s_client -connect :4433 -psk $(printf '%.sa' {1..130})
3. 


Actual results:

Server side:
Using default temp DH parameters
ACCEPT
ERROR
140164733306688:error:140940F4:SSL routines:ssl3_read_bytes:unexpected message:ssl/record/rec_layer_s3.c:1461:
shutting down SSL
CONNECTION CLOSED

Client side:
CONNECTED(00000004)
139953634740032:error:142120DB:SSL routines:tls_construct_ctos_early_data:bad psk:ssl/statem/extensions_clnt.c:752:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 7 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---


Expected results:

A successfull connection.


Additional info:

The connection can be successfully established by simply reducing the PSK size to 128 hex chars (i.e. 512 bits).
It also works by disabling TLS 1.3 (-no_tls1_3 or -tls1_2) on the client side.

It also works with OpenSSL 1.1.1a (tried on an Arch Linux machine, sorry), so it's probably already fixed upstream, I could not find a matching issue there, though.


Note You need to log in before you can comment on or make changes to this bug.