[gnutls-devel] GnuTLS | Incorrect handling of session resumption with changed ClientHello (#657)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Wed Dec 19 15:53:59 CET 2018 

New Issue was created.

Issue 657: https://gitlab.com/gnutls/gnutls/issues/657
Author:    Hubert Kario
Assignee:  

## Description of problem:
When a client tries to resume a TLS 1.2 session (using session ID) without advertising cipher used in previous session, gnutls continues resumption while picking cipher from the resumed session. This is RFC 5246 violation.

## Version of gnutls used:
435437ad94723612deb1e238379d457b2456d83f

## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
manual compile on Fedora

## How reproducible:
always

Steps to Reproduce:

 * run tlsfuzzer `test-resumption-with-wrong-ciphers.py` from https://github.com/tomato42/tlsfuzzer/pull/487

## Actual results:
```
sanity ...
OK

sanity - session ID resume ...
OK

resumption of safe session with NULL cipher ...
Error encountered while processing node <tlsfuzzer.expect.ExpectAlert object at 0x7f58a157b3d0> (child: <tlsfuzzer.expect.ExpectClose object at 0x7f58a157b410>) with last message being: <tlslite.messages.Message object at 0x7f58a157b950>
Error while processing
Traceback (most recent call last):
  File "scripts/test-resumption-with-wrong-ciphers.py", line 276, in main
    runner.run()
  File "/home/hkario/dev/tlsfuzzer/tlsfuzzer/runner.py", line 217, in run
    RecordHeader2)))
AssertionError: Unexpected message from peer: Handshake(server_hello)

sanity - aes-256 cipher ...
OK

resumption with cipher from old CH but not selected by server ...
Error encountered while processing node <tlsfuzzer.expect.ExpectAlert object at 0x7f58a15f3e50> (child: <tlsfuzzer.expect.ExpectClose object at 0x7f58a15f3e90>) with last message being: <tlslite.messages.Message object at 0x7f58a15b7cd0>
Error while processing
Traceback (most recent call last):
  File "scripts/test-resumption-with-wrong-ciphers.py", line 276, in main
    runner.run()
  File "/home/hkario/dev/tlsfuzzer/tlsfuzzer/runner.py", line 217, in run
    RecordHeader2)))
AssertionError: Unexpected message from peer: Handshake(server_hello)

sanity ...
OK

Misbehaving client session resumption script
Check if server detects a misbehaving client in session resumption

Reproducer for CVE-2010-4180

version: 1

Test end
successful: 4
failed: 2
  'resumption of safe session with NULL cipher'
  'resumption with cipher from old CH but not selected by server'
```

## Expected results:

all pass

If the server recognised the session, it needs to verify that the new Client Hello can be used to resume old session and abort with `illegal_parameter` if it isn't.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/657
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20181219/3ed8c0aa/attachment.html>

More information about the Gnutls-devel mailing list