Bug 1686579 - GnuTLS server sends downgrade sentinel when negotiating TLS 1.3
Summary: GnuTLS server sends downgrade sentinel when negotiating TLS 1.3
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: gnutls
Version: 8.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: 8.0
Assignee: Anderson Sasaki
QA Contact: Tomas Mraz
Depends On: 1682477 1689967
TreeView+ depends on / blocked
Reported: 2019-03-07 18:17 UTC by Hubert Kario
Modified: 2019-11-05 22:26 UTC (History)
3 users (show)

Fixed In Version: gnutls-3.6.8-1.el8
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2019-11-05 22:26:14 UTC
Type: Bug
Target Upstream Version:

Attachments (Terms of Use)

System ID Priority Status Summary Last Updated
Gitlab gnutls/gnutls/issues/689 None None None 2019-03-07 18:19:51 UTC
Gitlab gnutls/gnutls/issues/734 None None None 2019-03-20 20:16:16 UTC
Red Hat Bugzilla 1716563 None ASSIGNED GnuTLS doesn't send downgrade sentinels with TLS 1.3 disabled 2019-08-19 16:44:57 UTC
Red Hat Product Errata RHSA-2019:3600 None None None 2019-11-05 22:26:28 UTC

Description Hubert Kario 2019-03-07 18:17:45 UTC
Description of problem:
ServerHello message sent by gnutls server includes the sentinel value in server_random that should be used when the server has TLS 1.3 enabled but negotiated TLS 1.2, despite the connection using TLS 1.3.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. run any tlsfuzzer test that negotiates TLS 1.3, e.g. test-tls13-keyupdate.py

Actual results:
sanity ...
Error encountered while processing node <tlsfuzzer.expect.ExpectServerHello object at 0x7f6103b1eef0> (child: <tlsfuzzer.expect.ExpectChangeCipherSpec object at 0x7f6103b1ef28>) with last message being: <tlslite.messages.Message object at 0x7f6103b62668>
Error while processing
Traceback (most recent call last):
  File "tlsfuzzer/scripts/test-tls13-keyupdate.py", line 585, in main
  File "/tmp/tmp.bVoGaKAI5j/tlsfuzzer/tlsfuzzer/runner.py", line 227, in run
    node.process(self.state, msg)
  File "/tmp/tmp.bVoGaKAI5j/tlsfuzzer/tlsfuzzer/expect.py", line 586, in process
  File "/tmp/tmp.bVoGaKAI5j/tlsfuzzer/tlsfuzzer/expect.py", line 666, in _check_downgrade_protection
    "Server set downgrade protection sentinel but shouldn't "
AssertionError: Server set downgrade protection sentinel but shouldn't have done that

Expected results:
connection established, error not printed, random not including the sentinel value

Additional info:

Comment 2 Anderson Sasaki 2019-03-13 16:00:54 UTC
Upstream fix:

Comment 3 Hubert Kario 2019-03-20 20:10:30 UTC
One more problem: the server is not setting the downgrade sentinel when the TLS 1.3 support is disabled and TLS 1.1 or TLS 1.0 is negotiated.

Comment 6 Hubert Kario 2019-06-03 15:49:39 UTC
see also: bug 1716563

Comment 10 errata-xmlrpc 2019-11-05 22:26:14 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.