kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Ignore 0-RTT-capable tickets unless enabled.

Browse Source 
Until we've gotten it fully working, we should not mint any of these
SSL_SESSIONs, to avoid constraining future versions of our client code.

Notably, if any of our TLS 1.3 clients today serialized sessions, we
would need to rev the serialization format. Without opting into 0-RTT, a
TLS 1.3 client will create SSL_SESSIONs tagged as 0-RTT-capable but
missing important fields (ALPN, etc.). When that serialized session
makes its way to a future version of our client code, it would disagree
with the server about the ALPN value stored in the ticket and cause
interop failures.

I believe the only client code enabling TLS 1.3 right now is Chrome, and
the window is small, so it should be fine. But fix this now before it
becomes a problem.

Change-Id: Ie2b109f8d158017a6f3b4cb6169050d38a66b31c
Reviewed-on: https://boringssl-review.googlesource.com/13342
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
This commit is contained in:
David Benjamin 2017-01-25 19:53:43 -05:00 committed by CQ bot account: commit-bot@chromium.org
parent 258508fce1
commit 9b16066654
2 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
ssl/test/runner/runner.go
View File

@ -8443,10 +8443,23 @@ func addSessionTicketTests() {
}, },
}, },
flags: []string{ flags: []string{
"-enable-early-data",
"-expect-early-data-info", "-expect-early-data-info",
}, },
}) })
// Test that 0-RTT tickets are ignored in clients unless opted in.
testCases = append(testCases, testCase{
testType: clientTest,
name: "TLS13-SendTicketEarlyDataInfo-Disabled",
config: Config{
MaxVersion: VersionTLS13,
Bugs: ProtocolBugs{
SendTicketEarlyDataInfo: 16384,
},
},
})
testCases = append(testCases, testCase{ testCases = append(testCases, testCase{
testType: clientTest, testType: clientTest,
name: "TLS13-DuplicateTicketEarlyDataInfo", name: "TLS13-DuplicateTicketEarlyDataInfo",

2
ssl/tls13_client.c
View File

@ -651,7 +651,7 @@ int tls13_process_new_session_ticket(SSL *ssl) {
goto err; goto err;
} }
if (have_early_data_info) { if (have_early_data_info && ssl->ctx->enable_early_data) {
if (!CBS_get_u32(&early_data_info, &session->ticket_max_early_data) || if (!CBS_get_u32(&early_data_info, &session->ticket_max_early_data) ||
CBS_len(&early_data_info) != 0) { CBS_len(&early_data_info) != 0) {
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);