Session hash #287
Merged
Session hash #287
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
interop (of extended master secret) was tested successfully with polarssl |
hannesm
force-pushed
the
session-hash
branch
from
97eb00f
to
f9bd6e8
Compare
…ange, and depending on session.extended_ms computes the extended or normal master secret
hannesm
force-pushed
the
session-hash
branch
from
f9bd6e8
to
aa39f2a
Compare
…therwise, do full handshake), always send extended_ms in clienthello, use in serverhello if sent by client
hannesm
force-pushed
the
session-hash
branch
from
aa39f2a
to
dac9e39
Compare
|
rebased to master. This change integrates session hash (RFC 7627), and only proceeds with resuming a session if the old and new session support session hash, to prevent triple handshake mitm attacks. might be a bit too conservative for the use case where someone runs a public web server and wants to get speed improvements from resumption; there enabling resumption if renegotiation is off should be secure. |
hannesm
added a commit
to hannesm/ocaml-tls
that referenced
this pull request
Jun 29, 2017
…t is used In answer_server_hello_renegotiate, the session never set extended_ms to true, which needs to be the case if both ServerHello and ClientHello contained the extension. The asymmetry between answer_server_hello and answer_server_hello_renegotiate was introduced in June 2015 (0.7.0, commit dac9e39, PR mirleft#287). A test setup is to run mbedtls_ssl_server2 renegotiate=1 renegotiation=1 renego_period=2 exchanges=3 and on our other side a test_client or similar where ~reneg:true is passed to Config.client. Instead of copy and pasting code betweent the two functions, I took the opportunity to unify some parts into common functions (as was already partially done with valid_cipher).
hannesm
added a commit
to hannesm/ocaml-tls
that referenced
this pull request
Dec 7, 2017
…t is used In answer_server_hello_renegotiate, the session never set extended_ms to true, which needs to be the case if both ServerHello and ClientHello contained the extension. The asymmetry between answer_server_hello and answer_server_hello_renegotiate was introduced in June 2015 (0.7.0, commit dac9e39, PR mirleft#287). A test setup is to run mbedtls_ssl_server2 renegotiate=1 renegotiation=1 renego_period=2 exchanges=3 and on our other side a test_client or similar where ~reneg:true is passed to Config.client. Instead of copy and pasting code betweent the two functions, I took the opportunity to unify some parts into common functions (as was already partially done with valid_cipher).
hannesm
added a commit
to hannesm/ocaml-tls
that referenced
this pull request
Dec 16, 2017
…t is used In answer_server_hello_renegotiate, the session never set extended_ms to true, which needs to be the case if both ServerHello and ClientHello contained the extension. The asymmetry between answer_server_hello and answer_server_hello_renegotiate was introduced in June 2015 (0.7.0, commit dac9e39, PR mirleft#287). A test setup is to run mbedtls_ssl_server2 renegotiate=1 renegotiation=1 renego_period=2 exchanges=3 and on our other side a test_client or similar where ~reneg:true is passed to Config.client. Instead of copy and pasting code betweent the two functions, I took the opportunity to unify some parts into common functions (as was already partially done with valid_cipher).
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
based on resumption #283 an implementation of session hash (proposed draft). resumption is only possible if an extended_master_secret was used (due to triple handshake the only sensible way to deal with it)