[gnutls-devel] GnuTLS | DTLS handshake failure for lost SessionTicket in 3.6.3 (#543)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Wed Aug 15 09:44:41 CEST 2018

New Issue was created.

Issue 543: https://gitlab.com/gnutls/gnutls/issues/543
Author:    Hanno Becker

Running a GnuTLS 3.6.3 DTLS client, if the server's `NewSessionTicket` gets lost while the `ChangeCipherSpec` goes through, the client does not request retransmission by retransmitting his last flight, and the handshake comes to halt.

Steps to reproduce using Mbed TLS 2.7, from within the Mbed TLS base directory:
- Run UDP proxy emulating a lossy network `./programs/tests/udp_proxy server_addr=localhost server_port=10000 listen_addr=localhost listen_port=20000 drop=5 delay=5 duplicate=5 seed=14`
- Run Mbed TLS server `./programs/ssl/ssl_server2 dtls=1 server_addr=localhost server_port=10000 crt_file=tests/data_files/server5.crt key_file=tests/data_files/server5.key`
- Run GnuTLS 3.6.3 client `GNUTLS_DIR/gnutls-cli --udp --port=20000  --insecure localhost`

The proxy log shows that the `NewSessionTicket` message gets dropped, while the `ChangeCipherSpec` goes through. 

Looking at the code, the following might be the reason: 
- When `_gnutls_recv_new_session_ticket()` is called first, it finds a CCS, which seems to be ignored but not dropped, see [here](https://github.com/gnutls/gnutls/blob/gnutls_3_6_3/lib/buffers.c#L1294).
- When `_gnutls_recv_new_session_ticket()` is called again, the [retransmission timeout check]( https://github.com/gnutls/gnutls/blob/gnutls_3_6_3/lib/ext/session_ticket.c#L726) is omitted because `gnutls_record_check_pending()` signals the pending CCS. This leads to `_gnutls_io_recv_int()` being called, which as far as I see falls down to `_gnutls_recv_in_buffers` [here](https://github.com/gnutls/gnutls/blob/gnutls_3_6_3/lib/buffers.c#L1423) as the calls to `get_last_packet()` return `EAGAIN`. The timeout for the call to `_gnutls_recv_in_buffers` is the entire remaining maximum handshake time, and not the retransmission timeout (in the test ~38s), hence the handshake comes to a halt.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/543
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180815/fc9a0b47/attachment.html>

More information about the Gnutls-devel mailing list