Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix checks for TLS_FALLBACK_SCSV #816

Closed
wants to merge 1 commit into from
Closed

Fix checks for TLS_FALLBACK_SCSV #816

wants to merge 1 commit into from

Conversation

andresag01
Copy link
Contributor

The code in library/ssl_srv.c looks for the cipher suite value
TLS_FALLBACK_SCSV in the list of supported cipher suites of the
ClientHello as decribed in RFC7507. However, Section 4 says that the
client SHOULD place the TLS_FALLBACK_SCSV at the end of the list of
cipher suites, a condition that was not checked. This patch introduces
the additional check.

NOTES:

  • The PR needs to be backported to mbed TLS versions 1.3 and 2.1.
  • This change addresses Bug in SCSV #810
  • The PR does not include automated tests because to enforce the path through the code we need to craft a special ClientHello that does not have the TLS_FALLBACK_SCSV at the end of the cipher suites list. However, the change was tested manually.

Fix checks for TLS_FALLBACK_SCSV
00ff84b 
The code in library/ssl_srv.c looks for the cipher suite value
TLS_FALLBACK_SCSV in the list of supported cipher suites of the
ClientHello as decribed in RFC7507. However, Section 4 says that the
client SHOULD place the TLS_FALLBACK_SCSV at the end of the list of
cipher suites, a condition that was not checked. This patch introduces
the additional check.
@andresag01
Copy link
Contributor Author

@yanesca and @sbutcher-arm: Could you please review this change?

@andresag01 andresag01 mentioned this pull request Feb 22, 2017
Closed
@ghost
Copy link

ghost commented Feb 22, 2017

As far as I can see, this solves the issue. Many thanks!!

@ghost ghost mentioned this pull request Feb 22, 2017
Closed
@simonbutcher
Copy link
Contributor

Hi @hsleisink,

You're obviously welcome to use the fix, but I feel I have to point out, we haven't finished it yet. And it's still pending review and potentially rework.

@ghost
Copy link

ghost commented Feb 23, 2017

Ok, thanks. I will wait until it's considered 'finished'. Any indication about when it will be finished?

@ghost
Copy link

ghost commented Apr 5, 2017

Can this patch already be considered as 'finished'?

@gilles-peskine-arm gilles-peskine-arm mentioned this pull request May 16, 2017
Merged
@gilles-peskine-arm
Copy link
Contributor

After further investigation, it turns out that the offset calculation was the problem. The server should not care about the position of TLS_FALLBACK_SCSV in the ciphersuite list; the offset calculation bug made it accidentally care. I have submitted PR #924 with only the offset calculation fix, and a non-regression test.

daverodgman added a commit that referenced this pull request Mar 12, 2021
@daverodgman
Merge pull request #816 from ARMmbed/development
e483a77 
Merge recent commits from development into 2.26.0-rc
This was referenced Mar 15, 2021
Merged
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@andresag01 @simonbutcher @gilles-peskine-arm