Re: [openssl-dev] TLS 1.3 client hello issue
Thanks for responding. Yes, I have done the steps mentioned above. Here
are my settings:
int min_version = TLS1_3_VERSION, max_version = TLS1_3_VERSION;
meth = isClient ? tlsv1_3_client_method() : tlsv1_3_server_method();
//meth = isClient ? TLS_client_method() : TLS_server_method();
///
// Create new SSL context using the chosen SSL_METHOD
ctx = SSL_CTX_new(meth);
if (ctx == NULL)
{
// throw error
}
if (SSL_CTX_set_min_proto_version(ctx, min_version) == 0)
{
// throw error
}
if (SSL_CTX_set_max_proto_version(ctx, max_version) == 0)
{
// throw error
}
// Configure SSL to use the cipher suite specified
// TLS1_3_TXT_AES_128_GCM_SHA256
// ./include/openssl/tls1.h:# define
TLS1_3_TXT_AES_128_GCM_SHA256 "TLS13-AES-128-GCM-SHA256"
int set_cipher;
if (! (set_cipher = SSL_CTX_set_cipher_list(ctx, cipherSuite.c_str())) )
{
throw (InvalidTestConfiguration("OpenSslApi::OpenSslInitContext",
"Failed to set ciphers"));
}
The set_min_proto/set_max_proto calls succeed.
If I want to get the AES_128_GCM_SHA256 Cipher for TLS 1.3 to be used, are
these the steps to be used?
Should I instead, select also, AES128-GCM-SHA256 a TLS 1.2 cipher in the
list, and set the min_proto to TLS 1.2, and max_proto to 1.3 ? I need to
avoid hitting the default case below:
static WRITE_TRAN ossl_statem_client13_write_transition(SSL *s)
{
OSSL_STATEM *st = >statem;
/*
* Note: There are no cases for TLS_ST_BEFORE because we haven't
negotiated
* TLSv1.3 yet at that point. They are handled by
* ossl_statem_client_write_transition().
*/
switch (st->hand_state) {
default:
"
On Mon, Sep 18, 2017 at 5:40 AM, Benjamin Kaduk wrote:
> On 09/18/2017 01:07 AM, Mahesh Bhoothapuri wrote:
>
> Hi,
>
> I am sending a Tls 1.3 client hello, and am seeing an issue with
>
> ossl_statem_client_write_transition in statem_clnt.c.
>
>
> /*
> * Note that immediately before/after a ClientHello we don't know what
> * version we are going to negotiate yet, so we don't take this branch
> until
> * later
> */
>
> /*
> * ossl_statem_client_write_transition() works out what handshake state to
> * move to next when the client is writing messages to be sent to the
> server.
> */
> WRITE_TRAN ossl_statem_client_write_transition(SSL *s)
> {
>
> if (SSL_IS_TLS13(s))
> return ossl_statem_client13_write_transition(s);
> }
>
> And in:
>
>
> /*
> * ossl_statem_client_write_transition() works out what handshake state to
> * move to next when the client is writing messages to be sent to the
> server.
> */
> WRITE_TRAN ossl_statem_client_write_transition(SSL *s)
> {
>
>/*
> * Note: There are no cases for TLS_ST_BEFORE because we haven't
> negotiated
> * TLSv1.3 yet at that point. They are handled by
> * ossl_statem_client_write_transition().
> */
>
> switch (st->hand_state) {
> default:
> /* Shouldn't happen */
> return WRITE_TRAN_ERROR;
>
> }
>
> With a TLS 1.3 client hello, using tls 1.3 version, the st->hand_state is
>
>
> Sorry, I just want to clarify what you are doing -- are you taking
> SSL_CTX_new(TLS_method()) and then calling SSL_CTX_set_min_proto_version(ctx,
> TLS1_3_VERSION) and SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION)?
>
> I note that there is no version-specific TLSv1_3_method() available, and
> in any case, it's of questionable wisdom to attempt to force TLS 1.3 only
> while the specification is still in draft status -- in any case where the
> client and server implementations are not tightly controlled, negotiation
> failures seem quite likely.
>
> TLS_ST_BEFORE and so, the default error is returned.
>
> When I added :
>
> case TLS_ST_BEFORE:
> st->hand_state = TLS_ST_CW_CLNT_HELLO;
> return WRITE_TRAN_CONTINUE;
>
>
> The reason there is not currently a case for TLS_ST_BEFORE is that whether
> or not we're going to be using TLS 1.3 is supposed to be determined on the
> server as part of version negotiation, so when we're sending a ClientHello,
> our version is in an indeterminate status -- the general-purpose TLS method
> must be used at that part of the handshake.
>
> The client hello gets sent out, but I only saw a TLS 1.2 version being
> sent.
> Is this a bug?
>
>
> The legacy_version field in a TLS 1.3 ClientHello will be 0x0303, matching
> the historical value for TLS 1.2. The actual list of versions are conveyed
> in a "supported_versions" extension, which is what you need to be looking
> at.
>
> -Ben
>
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] TLS 1.3 client hello issue
On 09/18/2017 01:07 AM, Mahesh Bhoothapuri wrote:
>
> Hi,
>
> I am sending a Tls 1.3 client hello, and am seeing an issue with
>
> ossl_statem_client_write_transition in statem_clnt.c.
>
>
> /*
> * Note that immediately before/after a ClientHello we don't know what
> * version we are going to negotiate yet, so we don't take this
> branch until
> * later
> */
>
> /*
> * ossl_statem_client_write_transition() works out what handshake state to
> * move to next when the client is writing messages to be sent to the
> server.
> */
> WRITE_TRAN ossl_statem_client_write_transition(SSL *s)
> {
>
> if (SSL_IS_TLS13(s))
> return ossl_statem_client13_write_transition(s);
> }
>
> And in:
>
>
> /*
> * ossl_statem_client_write_transition() works out what handshake state to
> * move to next when the client is writing messages to be sent to the
> server.
> */
> WRITE_TRAN ossl_statem_client_write_transition(SSL *s)
> {
>
> /*
> * Note: There are no cases for TLS_ST_BEFORE because we haven't
> negotiated
> * TLSv1.3 yet at that point. They are handled by
> * ossl_statem_client_write_transition().
> */
>
> switch (st->hand_state) {
> default:
> /* Shouldn't happen */
> return WRITE_TRAN_ERROR;
>
> }
>
> With a TLS 1.3 client hello, using tls 1.3 version, the st->hand_state is
Sorry, I just want to clarify what you are doing -- are you taking
SSL_CTX_new(TLS_method()) and then calling
SSL_CTX_set_min_proto_version(ctx, TLS1_3_VERSION) and
SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION)?
I note that there is no version-specific TLSv1_3_method() available, and
in any case, it's of questionable wisdom to attempt to force TLS 1.3
only while the specification is still in draft status -- in any case
where the client and server implementations are not tightly controlled,
negotiation failures seem quite likely.
> TLS_ST_BEFORE and so, the default error is returned.
>
> When I added :
>
> case TLS_ST_BEFORE:
> st->hand_state = TLS_ST_CW_CLNT_HELLO;
> return WRITE_TRAN_CONTINUE;
>
The reason there is not currently a case for TLS_ST_BEFORE is that
whether or not we're going to be using TLS 1.3 is supposed to be
determined on the server as part of version negotiation, so when we're
sending a ClientHello, our version is in an indeterminate status -- the
general-purpose TLS method must be used at that part of the handshake.
> The client hello gets sent out, but I only saw a TLS 1.2 version being
> sent.
> Is this a bug?
The legacy_version field in a TLS 1.3 ClientHello will be 0x0303,
matching the historical value for TLS 1.2. The actual list of versions
are conveyed in a "supported_versions" extension, which is what you need
to be looking at.
-Ben
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] TLS 1.3 client hello issue
Hi,
I am sending a Tls 1.3 client hello, and am seeing an issue with
ossl_statem_client_write_transition in statem_clnt.c.
/*
* Note that immediately before/after a ClientHello we don't know what
* version we are going to negotiate yet, so we don't take this branch
until
* later
*/
/*
* ossl_statem_client_write_transition() works out what handshake state to
* move to next when the client is writing messages to be sent to the
server.
*/
WRITE_TRAN ossl_statem_client_write_transition(SSL *s)
{
if (SSL_IS_TLS13(s))
return ossl_statem_client13_write_transition(s);
}
And in:
/*
* ossl_statem_client_write_transition() works out what handshake state to
* move to next when the client is writing messages to be sent to the
server.
*/
WRITE_TRAN ossl_statem_client_write_transition(SSL *s)
{
/*
* Note: There are no cases for TLS_ST_BEFORE because we haven't
negotiated
* TLSv1.3 yet at that point. They are handled by
* ossl_statem_client_write_transition().
*/
switch (st->hand_state) {
default:
/* Shouldn't happen */
return WRITE_TRAN_ERROR;
}
With a TLS 1.3 client hello, using tls 1.3 version, the st->hand_state is
TLS_ST_BEFORE and so, the default error is returned.
When I added :
case TLS_ST_BEFORE:
st->hand_state = TLS_ST_CW_CLNT_HELLO;
return WRITE_TRAN_CONTINUE;
The client hello gets sent out, but I only saw a TLS 1.2 version being sent.
Is this a bug?
Thanks,
Mahesh
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
