[openssl.org #3514] BUG: openssl fails to downgrade tls protocol version during SSL handshake, when client tries to resume tls1.2 session

Wed, 03 Sep 2014 06:07:12 -0700 

When client sends ClientHello with TLS 1.2 in ClientHello.client_version,
server may respond with a ServerHello containing an older version number,
if it does not support version, suggested by client. If client agrees,
the negotiation will proceed as appropriate for the negotiated protocol
(according to http://tools.ietf.org/html/rfc5246#appendix-E.1).

But openssl client fails to downgrade tls protocol, if it tries to resume
tls1.2 session, even when server responds with new session id and
switches to the full handshake. Handshake terminated by client with
“protocol_version” alert. Expected behaviour is downgrading to
the version suggested by server and continuing with full handshake.

How to reproduce:

a) create and save tls1.2 session parameters:

openssl s_server -cert ./srv.crt -key ./srv.key -no_ssl2 -no_ssl3 -accept 11111
openssl s_client -connect 127.0.0.1:11111 -no_ssl2 -no_ssl3 -debug -sess_out 
sess.txt -no_ticket

b) try to resume saved session with server that does not support tls1.2:

openssl s_server -cert ./srv.crt -key ./srv.key -no_ssl2 -no_ssl3 -no_tls1_2 
-no_tls1_1 -accept 11111
openssl s_client -connect 127.0.0.1:11111 -no_ssl2 -no_ssl3 -debug -sess_in 
sees.txt -no_ticket

Handshake will fail with:
"139874422396744:error:1409442E:SSL routines:SSL3_READ_BYTES:tlsv1 alert 
protocol version:s3_pkt.c:1257:SSL alert number 70"


% openssl version -a
OpenSSL 1.0.1e-fips 11 Feb 2013
built on: Wed Aug 13 19:13:02 UTC 2014
platform: linux-x86_64
options:  bn(64,64) md2(int) rc4(16x,int) des(idx,cisc,16,int) idea(int) 
blowfish(idx) 
compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT 
-DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -DTERMIO -Wall -O2 -g 
-pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector 
--param=ssp-buffer-size=4 -m64 -mtune=generic -Wa,--noexecstack -DPURIFY 
-DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 
-DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM 
-DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
OPENSSLDIR: "/etc/pki/tls"
engines:  dynamic 

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to