Disable SSL_ERROR_WANT_READ / WRITE ?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Disable SSL_ERROR_WANT_READ / WRITE ?

pratyush parimal
Hi all,

I see a lot of questions and answers about how to handle SSL_ERROR_WANT_READ / WRITE during SSL_read/write, and I understand that the error is returned when the SSL library needs to do a handshake in the middle of read/write operation, so we need to repeat the call when the appropriate event happens.

But what I don't understand is, why does the library need to re-do the handshake? If I set up my program so go through the SSL_connect/accept calls properly (and handle SSL_ERROR_WANT_READ/WRITE in there properly) and do the handshake successfully in the beginning itself, then why does the library need to do a handshake again?

If I'm happy with my initial handshake, is there a way to disable subsequent handshaking for that socket?

Thanks,
Pratyush.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Disable SSL_ERROR_WANT_READ / WRITE ?

Michael Wojcik
> From: openssl-users [mailto:[hidden email]] On Behalf Of pratyush parimal
> Sent: Wednesday, December 06, 2017 12:55

> But what I don't understand is, why does the library need to re-do the handshake?

I don't wish to sound rude, but this is answered right in the OpenSSL documentation for the SSL error codes: "This is mainly because TLS/SSL handshakes may occur at any time during the protocol (initiated by either the client or the server)".

*Either side* can initiate a new handshake. Unless you control the TLS implementations on both sides, you can't guarantee there won't be new handshakes.

Or at least that used to be the case. TLSv1.3 got rid of renegotiation, so if you have a TLSv1.3 connection, it will never renegotiate.

However, you could still get at least SSL_ERROR_WANT_WRITE. Why? Because the peer could send something that your side has to respond to. For example, it could erroneously try to renegotiate, and now you need to send an alert.

WANT_READ / WANT_WRITE are part of life with TLS. You'll just have to handle them. Complicated protocols are complicated.

If you're wondering why renegotiation happens in pre-TLSv1.3 versions, you can find various articles online suggesting some of the more plausible (though probably not terribly common) scenarios. Probably the most common is needing to re-key because enough data has been transmitted that a passive attacker could derive some information about the key. It's also possible that the initial connection did not involve a client certificate, but now one side or the other has decided the client should send one. I've never seen that happen but I've seen it suggested.

--
Michael Wojcik
Distinguished Engineer, Micro Focus



--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Disable SSL_ERROR_WANT_READ / WRITE ?

OpenSSL - User mailing list
➢    Or at least that used to be the case. TLSv1.3 got rid of renegotiation, so if you have a TLSv1.3 connection, it will never renegotiate.
   
But it could ask for a certificate, which would trigger SSL_WANT_WRITE


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Disable SSL_ERROR_WANT_READ / WRITE ?

Michael Wojcik
> From: openssl-users [mailto:[hidden email]] On Behalf
> Of Salz, Rich via openssl-users
> Sent: Wednesday, December 06, 2017 15:22
>
> ➢    Or at least that used to be the case. TLSv1.3 got rid of renegotiation, so if
> you have a TLSv1.3 connection, it will never renegotiate.
>
> But it could ask for a certificate, which would trigger SSL_WANT_WRITE

Yeah. I alluded to that later in my message, though not very clearly.

The main point is that you have to handle WANT_x.

I also forgot to mention that Eric Rescorla's book calls renegotiation "rehandshaking", so someone trying to understand this process (in SSL/TLS versions prior to 1.3) might also want to look for that term.

--
Michael Wojcik
Distinguished Engineer, Micro Focus



--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users