mbedtls icon indicating copy to clipboard operation
mbedtls copied to clipboard

Published 20 hours ago verified publisher icon Mbed-TLS

Show better practice in ssl_client1

Open gilles-peskine-arm opened this issue 9 months ago • 0 comments

programs/ssl/ssl_client1.c disables server authentication by default. (OPTIONAL then ignored except for printing a message.)

    /* OPTIONAL is not optimal for security,
     * but makes interop easier in this simplified example */
    mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_OPTIONAL);
…
    mbedtls_printf("  . Verifying peer X.509 certificate...");

    /* In real life, we probably want to bail out when ret != 0 */
    if ((flags = mbedtls_ssl_get_verify_result(&ssl)) != 0) {
        mbedtls_printf(" failed\n");
    }

This is not good practice, so we shouldn't make that the most obvious TLS client example. A real-world TLS client should not bypass server authentication. See also https://github.com/Mbed-TLS/mbedtls/issues/7080.

In addition to showing bad practice, this doesn't even work with TLS 1.3, where server authentication is always enabled (see discussion in https://github.com/Mbed-TLS/mbedtls/issues/7075).

gilles-peskine-arm avatar Apr 30 '24 17:04 gilles-peskine-arm