Description of problem:
ServerHello message sent by gnutls server includes the sentinel value in server_random that should be used when the server has TLS 1.3 enabled but negotiated TLS 1.2, despite the connection using TLS 1.3.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. run any tlsfuzzer test that negotiates TLS 1.3, e.g. test-tls13-keyupdate.py
Error encountered while processing node <tlsfuzzer.expect.ExpectServerHello object at 0x7f6103b1eef0> (child: <tlsfuzzer.expect.ExpectChangeCipherSpec object at 0x7f6103b1ef28>) with last message being: <tlslite.messages.Message object at 0x7f6103b62668>
Error while processing
Traceback (most recent call last):
File "tlsfuzzer/scripts/test-tls13-keyupdate.py", line 585, in main
File "/tmp/tmp.bVoGaKAI5j/tlsfuzzer/tlsfuzzer/runner.py", line 227, in run
File "/tmp/tmp.bVoGaKAI5j/tlsfuzzer/tlsfuzzer/expect.py", line 586, in process
File "/tmp/tmp.bVoGaKAI5j/tlsfuzzer/tlsfuzzer/expect.py", line 666, in _check_downgrade_protection
"Server set downgrade protection sentinel but shouldn't "
AssertionError: Server set downgrade protection sentinel but shouldn't have done that
connection established, error not printed, random not including the sentinel value
One more problem: the server is not setting the downgrade sentinel when the TLS 1.3 support is disabled and TLS 1.1 or TLS 1.0 is negotiated.
see also: bug 1716563
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.