openssl icon indicating copy to clipboard operation
openssl copied to clipboard

Published 20 hours ago verified publisher icon openssl

unexpected close of connection with compressed certificate

Open GeorgePantelakis opened this issue 1 year ago • 7 comments

When a compressed certificate is used we send the following compressed certificate message:

struct { CertificateCompressionAlgorithm algorithm; uint24 uncompressed_length; opaque compressed_certificate_message<1..2^24-1>; } CompressedCertificate;

When we have a very big compressed_certificate_message (>1,000,000 bytes) OpenSSL closes the connection unexpectedly rather than sending a bad_certificate alert.

GeorgePantelakis avatar Sep 16 '24 13:09 GeorgePantelakis

For testing you can use https://github.com/tlsfuzzer/tlsfuzzer/blob/master/scripts/test-tls13-client-certificate-compression.py against and OpenSSL server.

GeorgePantelakis avatar Sep 16 '24 13:09 GeorgePantelakis

Running that script I get:

Traceback (most recent call last):
  File "/home/matt/dev/tlsfuzzer/scripts/test-tls13-client-certificate-compression.py", line 13, in <module>
    from tlsfuzzer.runner import Runner
  File "/home/matt/dev/tlsfuzzer/tlsfuzzer/runner.py", line 13, in <module>
    from .expect import ExpectClose, ExpectNoMessage, ExpectAlert
  File "/home/matt/dev/tlsfuzzer/tlsfuzzer/expect.py", line 13, in <module>
    from tlslite.constants import ContentType, HandshakeType, CertificateType,\
ImportError: cannot import name 'CertificateCompressionAlgorithm' from 'tlslite.constants' (/home/matt/dev/tlsfuzzer/tlslite/constants.py)

mattcaswell avatar Sep 16 '24 14:09 mattcaswell

Do you have the latest version of tlslite? tlslite-ng==0.8.0-beta3

GeorgePantelakis avatar Sep 16 '24 15:09 GeorgePantelakis

Looks like it:

$ venv/bin/pip install --upgrade --pre tlslite-ng
Requirement already satisfied: tlslite-ng in ./venv/lib/python3.12/site-packages (0.8.0b3)
Requirement already satisfied: ecdsa>=0.18.0b1 in ./venv/lib/python3.12/site-packages (from tlslite-ng) (0.19.0)
Requirement already satisfied: six>=1.9.0 in ./venv/lib/python3.12/site-packages (from ecdsa>=0.18.0b1->tlslite-ng) (1.16.0)

mattcaswell avatar Sep 16 '24 15:09 mattcaswell

@mattcaswell but you used the tlslite that's linked to the tlsfuzzer directory (/home/matt/dev/tlsfuzzer/tlslite/constants.py), not the one in the virtual environment, update the one that the symlink (/home/matt/dev/tlsfuzzer/tlslite) links to

tomato42 avatar Sep 16 '24 15:09 tomato42

Also see https://github.com/openssl/openssl/issues/25473. The unexpected close might be because the server closes the connection after sending the "illegal parameter" alert due to excessive message size, and the client has not yet finished sending the bomb data at that point in time. So it fails during send, and has no chance to receive the alert. So in essence this could be working as designed and the failure is a result of the client side behavior.

ifranzki avatar Sep 18 '24 12:09 ifranzki

There are some relative messages in https://github.com/openssl/openssl/issues/25473. Also some interesting concerns in https://github.com/openssl/openssl/issues/25473#issuecomment-2360725747.

GeorgePantelakis avatar Sep 19 '24 13:09 GeorgePantelakis