postman-app-support icon indicating copy to clipboard operation
postman-app-support copied to clipboard

Published 20 hours ago verified publisher icon postmanlabs

Support of SNI for Postman MQTT Client

Open akrambek opened this issue 1 year ago • 1 comments

Is there an existing issue for this?

  • [X] I have searched the tracker for existing similar issues and I know that duplicates will be closed

Describe the Issue

Describe the bug I'm attempting to connect to an MQTT service that requires setting SNI when connecting over the TLS protocol, for example, mqtts://localhost:7883. Upon capturing packets with Wireshark, I discovered that Postman does not provide SNI by default. The MQTT server expects the following, with server_name TLS ClientHello extension set to localhost.

Frame 994: 573 bytes on wire (4584 bits), 573 bytes captured (4584 bits) on interface lo0, id 0
Null/Loopback
Internet Protocol Version 4, Src: 127.0.0.1, Dst: 127.0.0.1
Transmission Control Protocol, Src Port: 56889, Dst Port: 7883, Seq: 1, Ack: 1, Len: 517
Transport Layer Security
    TLSv1.3 Record Layer: Handshake Protocol: Client Hello
        Content Type: Handshake (22)
        Version: TLS 1.0 (0x0301)
        Length: 512
        Handshake Protocol: Client Hello
            Handshake Type: Client Hello (1)
            Length: 508
            Version: TLS 1.2 (0x0303)
            Random: 910acfe4d9aa4bf610aba17bbfbed5f53991d2061ff5b2551b11c430854c61d4
            Session ID Length: 32
            Session ID: 84defa324f751335a817aa6960d889680e4d0453e1b708ec907ad8c59d807183
            Cipher Suites Length: 36
            Cipher Suites (18 suites)
            Compression Methods Length: 1
            Compression Methods (1 method)
            Extensions Length: 399
            Extension: server_name (len=14) name=localhost
                Type: server_name (0)
                Length: 14
                Server Name Indication extension
            Extension: extended_master_secret (len=0)
                Type: extended_master_secret (23)
                Length: 0
            Extension: renegotiation_info (len=1)
                Type: renegotiation_info (65281)
                Length: 1
                Renegotiation Info extension
            Extension: supported_groups (len=8)
                Type: supported_groups (10)
                Length: 8
                Supported Groups List Length: 6
                Supported Groups (3 groups)
            Extension: ec_point_formats (len=2)
                Type: ec_point_formats (11)
                Length: 2
                EC point formats Length: 1
                Elliptic curves point formats (1)
            Extension: session_ticket (len=0)
                Type: session_ticket (35)
                Length: 0
                Session Ticket: <MISSING>
            Extension: application_layer_protocol_negotiation (len=12)
                Type: application_layer_protocol_negotiation (16)
                Length: 12
                ALPN Extension Length: 10
                ALPN Protocol
.....

however received the following instead

Frame 2164: 290 bytes on wire (2320 bits), 290 bytes captured (2320 bits) on interface lo0, id 0
Null/Loopback
Internet Protocol Version 4, Src: 127.0.0.1, Dst: 127.0.0.1
Transmission Control Protocol, Src Port: 65269, Dst Port: 7883, Seq: 1, Ack: 1, Len: 234
Transport Layer Security
    TLSv1.3 Record Layer: Handshake Protocol: Client Hello
        Content Type: Handshake (22)
        Version: TLS 1.0 (0x0301)
        Length: 229
        Handshake Protocol: Client Hello
            Handshake Type: Client Hello (1)
            Length: 225
            Version: TLS 1.2 (0x0303)
            Random: dbd3d941376acef36da9e587789d384607ec5e2bfc497fe32c953ec35986fbee
            Session ID Length: 32
            Session ID: bf0e937b8d3f360599e365f0666791a389f6fc5587f5a6e1b83482d2cdf71883
            Cipher Suites Length: 36
            Cipher Suites (18 suites)
            Compression Methods Length: 1
            Compression Methods (1 method)
            Extensions Length: 116
            Extension: extended_master_secret (len=0)
                Type: extended_master_secret (23)
                Length: 0
            Extension: renegotiation_info (len=1)
                Type: renegotiation_info (65281)
                Length: 1
                Renegotiation Info extension
            Extension: supported_groups (len=8)
                Type: supported_groups (10)
                Length: 8
                Supported Groups List Length: 6
                Supported Groups (3 groups)
            Extension: ec_point_formats (len=2)
                Type: ec_point_formats (11)
                Length: 2
                EC point formats Length: 1
                Elliptic curves point formats (1)
            Extension: session_ticket (len=0)
                Type: session_ticket (35)
                Length: 0
                Session Ticket: <MISSING>
   .....

Steps To Reproduce

  1. Download postman for mac
  2. Connect to mqtt over using mqtts for example mqtts://localhost:7883

Screenshots or Videos

No video

Operating System

macOS

Postman Version

10.24.18

Postman Platform

Postman App

User Account Type

Signed In User

Additional Context?

No additional context

akrambek avatar Apr 18 '24 15:04 akrambek

@akrambek Thanks for bringing this to our attention! We will take a look at this issue, and let you know if we need any more information or once we release support for SNI and ALPN.

jonathanhaviv avatar Apr 20 '24 00:04 jonathanhaviv