Removing Extensions from Client Hello Header

classic Classic list List threaded Threaded
15 messages Options
Reply | Threaded
Open this post in threaded view
|

Removing Extensions from Client Hello Header

Phil Neumiller
I am speaking TLS 1.3 with openssl to a hardware device that I can't change.
I need the client hello header to only support certain  extensions, yet I
see no way in the SSL API to remove the default extensions in the TLS 1.3
client hello.  Can I clear them all and just add the ones I want?  What am I
missing?  Do I have to modify the SSL code to do this?  It seems like there
should be an orthodox way to do this.




-----
Phillip Neumiller
Platform Engineering
Directstream, LLC
--
Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html
Phillip Neumiller Platform Engineering Directstream, LLC
Reply | Threaded
Open this post in threaded view
|

Re: Removing Extensions from Client Hello Header

OpenSSL - User mailing list
On Mon, Nov 11, 2019 at 12:32:22PM -0700, Phil Neumiller wrote:
> I am speaking TLS 1.3 with openssl to a hardware device that I can't change.
> I need the client hello header to only support certain  extensions, yet I
> see no way in the SSL API to remove the default extensions in the TLS 1.3
> client hello.  Can I clear them all and just add the ones I want?  What am I
> missing?  Do I have to modify the SSL code to do this?  It seems like there
> should be an orthodox way to do this.

You have to disable them one by one; see SSL_CTX_set_options(3) and (e.g.)
SSL_OP_NO_EXTENDED_MASTER_SECRET.

-Ben
Reply | Threaded
Open this post in threaded view
|

Re: Removing Extensions from Client Hello Header

Matt Caswell-2


On 11/11/2019 19:43, Benjamin Kaduk via openssl-users wrote:
> On Mon, Nov 11, 2019 at 12:32:22PM -0700, Phil Neumiller wrote:
>> I am speaking TLS 1.3 with openssl to a hardware device that I can't change.
>> I need the client hello header to only support certain  extensions, yet I

Any compliant implementation should ignore extensions it doesn't
understand so why do you need to do this?

>> see no way in the SSL API to remove the default extensions in the TLS 1.3
>> client hello.  Can I clear them all and just add the ones I want?  What am I
>> missing?  Do I have to modify the SSL code to do this?  It seems like there
>> should be an orthodox way to do this.
>
> You have to disable them one by one; see SSL_CTX_set_options(3) and (e.g.)
> SSL_OP_NO_EXTENDED_MASTER_SECRET.

Only certain headers can be disabled in this way. Many of the extensions
present in a TLSv1.3 ClientHello are necessary for proper functioning of
the protocol.

Which extensions did you actually want to disable?

Matt
Reply | Threaded
Open this post in threaded view
|

Re: Removing Extensions from Client Hello Header

Phil Neumiller
By doing the following in my code:




I was able to get the Client Hello Extensions down to.

Handshake Protocol: Client Hello
    Handshake Type: Client Hello (1)
    Length: 365
    Version: TLS 1.2 (0x0303)
    Random: 19ff8a9231e83985887f5e45f2c9b243f0ccaa955beb1f03…
    Session ID Length: 32
    Session ID: ebcab15bff6e5abfc14588298b45a56f74963eda97645992…
    Cipher Suites Length: 8
    Cipher Suites (4 suites)
        Cipher Suite: TLS_AES_256_GCM_SHA384 (0x1302)
        Cipher Suite: TLS_CHACHA20_POLY1305_SHA256 (0x1303)
        Cipher Suite: TLS_AES_128_GCM_SHA256 (0x1301)
        Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
    Compression Methods Length: 1
    Compression Methods (1 method)
        Compression Method: null (0)
    Extensions Length: 284
    Extension: ec_point_formats (len=4)
        Type: ec_point_formats (11)
        Length: 4
        EC point formats Length: 3
        Elliptic curves point formats (3)
            EC point format: uncompressed (0)
            EC point format: ansiX962_compressed_prime (1)
            EC point format: ansiX962_compressed_char2 (2)
    Extension: supported_groups (len=8)
        Type: supported_groups (10)
        Length: 8
        Supported Groups List Length: 6
        Supported Groups (3 groups)
            Supported Group: secp521r1 (0x0019)
            Supported Group: secp384r1 (0x0018)
            Supported Group: secp256r1 (0x0017)
    Extension: session_ticket (len=0)
        Type: session_ticket (35)
        Length: 0
        Data (0 bytes)
    Extension: encrypt_then_mac (len=0)
        Type: encrypt_then_mac (22)
        Length: 0
    Extension: extended_master_secret (len=0)
        Type: extended_master_secret (23)
        Length: 0
    Extension: signature_algorithms (len=30)
        Type: signature_algorithms (13)
        Length: 30
        Signature Hash Algorithms Length: 28
        Signature Hash Algorithms (14 algorithms)
            Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)
                Signature Hash Algorithm Hash: SHA256 (4)
                Signature Hash Algorithm Signature: ECDSA (3)
            Signature Algorithm: ecdsa_secp384r1_sha384 (0x0503)
                Signature Hash Algorithm Hash: SHA384 (5)
                Signature Hash Algorithm Signature: ECDSA (3)
            Signature Algorithm: ecdsa_secp521r1_sha512 (0x0603)
                Signature Hash Algorithm Hash: SHA512 (6)
                Signature Hash Algorithm Signature: ECDSA (3)
            Signature Algorithm: ed25519 (0x0807)
                Signature Hash Algorithm Hash: Unknown (8)
                Signature Hash Algorithm Signature: Unknown (7)
            Signature Algorithm: ed448 (0x0808)
                Signature Hash Algorithm Hash: Unknown (8)
                Signature Hash Algorithm Signature: Unknown (8)
            Signature Algorithm: rsa_pss_pss_sha256 (0x0809)
                Signature Hash Algorithm Hash: Unknown (8)
                Signature Hash Algorithm Signature: Unknown (9)
            Signature Algorithm: rsa_pss_pss_sha384 (0x080a)
                Signature Hash Algorithm Hash: Unknown (8)
                Signature Hash Algorithm Signature: Unknown (10)
            Signature Algorithm: rsa_pss_pss_sha512 (0x080b)
                Signature Hash Algorithm Hash: Unknown (8)
                Signature Hash Algorithm Signature: Unknown (11)
            Signature Algorithm: rsa_pss_rsae_sha256 (0x0804)
                Signature Hash Algorithm Hash: Unknown (8)
                Signature Hash Algorithm Signature: Unknown (4)
            Signature Algorithm: rsa_pss_rsae_sha384 (0x0805)
                Signature Hash Algorithm Hash: Unknown (8)
                Signature Hash Algorithm Signature: Unknown (5)
            Signature Algorithm: rsa_pss_rsae_sha512 (0x0806)
                Signature Hash Algorithm Hash: Unknown (8)
                Signature Hash Algorithm Signature: Unknown (6)
            Signature Algorithm: rsa_pkcs1_sha256 (0x0401)
                Signature Hash Algorithm Hash: SHA256 (4)
                Signature Hash Algorithm Signature: RSA (1)
            Signature Algorithm: rsa_pkcs1_sha384 (0x0501)
                Signature Hash Algorithm Hash: SHA384 (5)
                Signature Hash Algorithm Signature: RSA (1)
            Signature Algorithm: rsa_pkcs1_sha512 (0x0601)
                Signature Hash Algorithm Hash: SHA512 (6)
                Signature Hash Algorithm Signature: RSA (1)
    Extension: supported_versions (len=3)
        Type: supported_versions (43)
        Length: 3
        Supported Versions length: 2
        Supported Version: TLS 1.3 (0x0304)
    Extension: psk_key_exchange_modes (len=2)
        Type: psk_key_exchange_modes (45)
        Length: 2
        PSK Key Exchange Modes Length: 1
        PSK Key Exchange Mode: PSK with (EC)DHE key establishment
(psk_dhe_ke) (1)
    Extension: key_share (len=139)
        Type: key_share (51)
        Length: 139
        Key Share extension
            Client Key Share Length: 137
            Key Share Entry: Group: secp521r1, Key Exchange length: 133
                Group: secp521r1 (25)
                Key Exchange Length: 133
                Key Exchange:
040044c7b3890387abc775e036f375acf9247ffad580a078…
    Extension: pre_shared_key (len=58)
        Type: pre_shared_key (41)
        Length: 58
        Pre-Shared Key extension
            Identities Length: 21
            PSK Identity (length: 15)
                Identity Length: 15
                Identity: 436c69656e745f6964656e74697479
                Obfuscated Ticket Age: 0
            PSK Binders length: 33
            PSK Binders

Is this the minimal standard compliant set of extensions?  





-----
Phillip Neumiller
Platform Engineering
Directstream, LLC
--
Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html
Phillip Neumiller Platform Engineering Directstream, LLC
Reply | Threaded
Open this post in threaded view
|

Re: Removing Extensions from Client Hello Header

Phil Neumiller
Code: SSL_CTX_set_options(ctx, !SSL_OP_ALL);




-----
Phillip Neumiller
Platform Engineering
Directstream, LLC
--
Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html
Phillip Neumiller Platform Engineering Directstream, LLC
Reply | Threaded
Open this post in threaded view
|

Re: Removing Extensions from Client Hello Header

Phil Neumiller
In reply to this post by Matt Caswell-2
The hardware wants to see a client hello like the following:

Handshake Protocol: Client Hello
    Handshake Type: Client Hello (1)
    Length: 253
    Version: TLS 1.2 (0x0303)
    Random: 000000000000000100000002000000040000000900000012…
        GMT Unix Time: Dec 31, 1969 17:00:00.000000000 MST
        Random Bytes: 000000010000000200000004000000090000001200000024…
    Session ID Length: 0
    Cipher Suites Length: 2
    Cipher Suites (1 suite)
        Cipher Suite: TLS_AES_256_GCM_SHA384 (0x1302)
    Compression Methods Length: 1
    Compression Methods (1 method)
        Compression Method: null (0)
    Extensions Length: 210
    Extension: supported_groups (len=4)
        Type: supported_groups (10)
        Length: 4
        Supported Groups List Length: 2
        Supported Groups (1 group)
            Supported Group: x25519 (0x001d)
    Extension: signature_algorithms (len=4)
        Type: signature_algorithms (13)
        Length: 4
        Signature Hash Algorithms Length: 2
        Signature Hash Algorithms (1 algorithm)
            Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)
                Signature Hash Algorithm Hash: SHA256 (4)
                Signature Hash Algorithm Signature: ECDSA (3)
    Extension: key_share (len=38)
        Type: key_share (51)
        Length: 38
        Key Share extension
            Client Key Share Length: 36
            Key Share Entry: Group: x25519, Key Exchange length: 32
                Group: x25519 (29)
                Key Exchange Length: 32
                Key Exchange:
000000920000012400000249000004920000092400001249…
    Extension: psk_key_exchange_modes (len=2)
        Type: psk_key_exchange_modes (45)
        Length: 2
        PSK Key Exchange Modes Length: 1
        PSK Key Exchange Mode: PSK with (EC)DHE key establishment
(psk_dhe_ke) (1)
    Extension: supported_versions (len=3)
        Type: supported_versions (43)
        Length: 3
        Supported Versions length: 2
        Supported Version: TLS 1.3 (0x0304)
    Extension: heartbeat (len=1)
        Type: heartbeat (15)
        Length: 1
        Mode: Peer not allowed to send requests (2)
    Extension: pre_shared_key (len=130)
        Type: pre_shared_key (41)
        Length: 130
        Pre-Shared Key extension
            Identities Length: 28
            PSK Identity (length: 8)
                Identity Length: 8
                Identity: 0000924900012492
                Obfuscated Ticket Age: 0
            PSK Identity (length: 8)
                Identity Length: 8
                Identity: 0000000000000000
                Obfuscated Ticket Age: 0
            PSK Binders length: 98
            PSK Binders




-----
Phillip Neumiller
Platform Engineering
Directstream, LLC
--
Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html
Phillip Neumiller Platform Engineering Directstream, LLC
Reply | Threaded
Open this post in threaded view
|

RE: Removing Extensions from Client Hello Header

Michael Wojcik
In reply to this post by Phil Neumiller
-----Original Message-----
> From: openssl-users [mailto:[hidden email]] On Behalf Of
> Phil Neumiller
> Sent: Monday, November 11, 2019 15:57
>
> Code: SSL_CTX_set_options(ctx, !SSL_OP_ALL);

That's just a verbose way of saying SSL_CTX_set_options(ctx, 0).

Perhaps you meant SSL_CTX_set_options(ctx, ~SSL_OP_ALL)? I certainly wouldn't recommend that - it would enable a host of options which aren't included in SSL_OP_ALL, and which you very likely shouldn't be enabling. (And also some you perhaps should, such as SSL_OP_SINGLE_ECDH_USE, though I don't remember offhand if that affects TLSv1.3.)

SSL_OP_ALL is defined as "various bug workarounds that should be rather harmless". I don't believe its use is appropriate here.

As with any implementation of any protocol, there are limits to OpenSSL's ability to deal with noncompliant peers. This may be a case where you have to customize your OpenSSL build in order to get it to connect to your apparently-non-compliant server.

--
Michael Wojcik
Distinguished Engineer, Micro Focus



Reply | Threaded
Open this post in threaded view
|

Re: Removing Extensions from Client Hello Header

Matt Caswell-2


On 11/11/2019 22:12, Michael Wojcik wrote:

> -----Original Message-----
>> From: openssl-users [mailto:[hidden email]] On Behalf Of
>> Phil Neumiller
>> Sent: Monday, November 11, 2019 15:57
>>
>> Code: SSL_CTX_set_options(ctx, !SSL_OP_ALL);
>
> That's just a verbose way of saying SSL_CTX_set_options(ctx, 0).
>
> Perhaps you meant SSL_CTX_set_options(ctx, ~SSL_OP_ALL)? I certainly wouldn't recommend that - it would enable a host of options which aren't included in SSL_OP_ALL, and which you very likely shouldn't be enabling. (And also some you perhaps should, such as SSL_OP_SINGLE_ECDH_USE, though I don't remember offhand if that affects TLSv1.3.)

There is no need to enable SSL_OP_SINGLE_ECDH_USE. In fact that option
does nothing:

/* Removed from OpenSSL 1.1.0. Was 0x00080000L */
# define SSL_OP_SINGLE_ECDH_USE                          0x0


Matt
Reply | Threaded
Open this post in threaded view
|

Re: Removing Extensions from Client Hello Header

Matt Caswell-2
In reply to this post by Phil Neumiller


On 11/11/2019 21:09, Phil Neumiller wrote:
> The hardware wants to see a client hello like the following:

By this do you imply that if you give it additional extensions it fails?
That is a highly non-compliant implementation!!

Matt
Reply | Threaded
Open this post in threaded view
|

Re: Removing Extensions from Client Hello Header

Matt Caswell-2
In reply to this post by Phil Neumiller


On 11/11/2019 20:51, Phil Neumiller wrote:
>     Extension: ec_point_formats (len=4)
>         Type: ec_point_formats (11)
>         Length: 4
>         EC point formats Length: 3
>         Elliptic curves point formats (3)
>             EC point format: uncompressed (0)
>             EC point format: ansiX962_compressed_prime (1)
>             EC point format: ansiX962_compressed_char2 (2)

>     Extension: session_ticket (len=0)
>         Type: session_ticket (35)
>         Length: 0
>         Data (0 bytes)
>     Extension: encrypt_then_mac (len=0)
>         Type: encrypt_then_mac (22)
>         Length: 0
>     Extension: extended_master_secret (len=0)
>         Type: extended_master_secret (23)
>         Length: 0


You don't need these four for TLSv1.3

SSL_OP_NO_TICKET will turn off session_ticket.
SSL_OP_NO_ENCRYPT_THEN_MAC will turn off encrypt_then_mac.
SSL_OP_NO_EXTENDED_MASTER_SECRET will turn off extended_master_secret.

Don't switch off encrypt-then-mac or extended-master-secret unless you
*really* need to. They don't do anything in TLSv1.3 but if you ever
ended up negotiating TLSv1.2 by mistake for some reason then switching
these things off has security consequences.

I think the only way to get rid of ec_point_formats would be to disable
EC from being used completely. But, you need EC to be enabled in order
use TLSv1.3 (at least in 1.1.1 - in master its different). So I don't
think you can get rid of this extension.

But I'd really look at why your hardware is failing when these
extensions are present. Is it intolerant of one particular extension? If
so I'd just disable that one.


Matt



Reply | Threaded
Open this post in threaded view
|

Re: Removing Extensions from Client Hello Header

Phil Neumiller
This post was updated on .
In reply to this post by OpenSSL - User mailing list
Thanks for all the useful advice.  I was able to get the server to accept
this client hello message.

TLSv1.3 Record Layer: Handshake Protocol: Client Hello
    Content Type: Handshake (22)
    Version: TLS 1.2 (0x0303)
    Length: 257
    Handshake Protocol: Client Hello
        Handshake Type: Client Hello (1)
        Length: 253
        Version: TLS 1.2 (0x0303)
        Random: 000000000000000100000002000000040000000900000012…
        Session ID Length: 0
        Cipher Suites Length: 2
        Cipher Suites (1 suite)
            Cipher Suite: TLS_AES_256_GCM_SHA384 (0x1302)
        Compression Methods Length: 1
        Compression Methods (1 method)
            Compression Method: null (0)
        Extensions Length: 210
        Extension: supported_groups (len=4)
            Type: supported_groups (10)
            Length: 4
            Supported Groups List Length: 2
            Supported Groups (1 group)
                Supported Group: x25519 (0x001d)
        Extension: signature_algorithms (len=4)
            Type: signature_algorithms (13)
            Length: 4
            Signature Hash Algorithms Length: 2
            Signature Hash Algorithms (1 algorithm)
                Signature Algorithm: rsa_pss_rsae_sha512 (0x0806)
                    Signature Hash Algorithm Hash: Unknown (8)
                    Signature Hash Algorithm Signature: Unknown (6)
        Extension: key_share (len=38)
            Type: key_share (51)
            Length: 38
            Key Share extension
                Client Key Share Length: 36
                Key Share Entry: Group: x25519, Key Exchange length: 32
                    Group: x25519 (29)
                    Key Exchange Length: 32
                    Key Exchange:
000000920000012400000249000004920000092400001249…
        Extension: psk_key_exchange_modes (len=2)
            Type: psk_key_exchange_modes (45)
            Length: 2
            PSK Key Exchange Modes Length: 1
            PSK Key Exchange Mode: PSK with (EC)DHE key establishment
(psk_dhe_ke) (1)
        Extension: supported_versions (len=3)
            Type: supported_versions (43)
            Length: 3
            Supported Versions length: 2
            Supported Version: TLS 1.3 (0x0304)
        Extension: heartbeat (len=1)
            Type: heartbeat (15)
            Length: 1
            Mode: Peer not allowed to send requests (2)
        Extension: pre_shared_key (len=130)
            Type: pre_shared_key (41)
            Length: 130
            Pre-Shared Key extension
                Identities Length: 28
                PSK Identity (length: 8)
                    Identity Length: 8
                    Identity: 0000924900012492
                    Obfuscated Ticket Age: 0
                PSK Identity (length: 8)
                    Identity Length: 8
                    Identity: 0000000000000000
                    Obfuscated Ticket Age: 0
                PSK Binders length: 98
                PSK Binders

So just one signature algorithm.  Now the response I got from the OpenSSL
TLS server is this server hello.

TLSv1.3 Record Layer: Handshake Protocol: Server Hello
    Content Type: Handshake (22)
    Version: TLS 1.2 (0x0303)
    Length: 90
    Handshake Protocol: Server Hello
        Handshake Type: Server Hello (2)
        Length: 86
        Version: TLS 1.2 (0x0303)
        Random: 7f9801c0f94da77d9d2c100cba7ff587bec25bca39defd81…
        Session ID Length: 0
        Cipher Suite: TLS_AES_256_GCM_SHA384 (0x1302)
        Compression Method: null (0)
        Extensions Length: 46
        Extension: supported_versions (len=2)
            Type: supported_versions (43)
            Length: 2
            Supported Version: TLS 1.3 (0x0304)
        Extension: key_share (len=36)
            Type: key_share (51)
            Length: 36
            Key Share extension
                Key Share Entry: Group: x25519, Key Exchange length: 32
                    Group: x25519 (29)
                    Key Exchange Length: 32
                    Key Exchange:
ab6c1e5e5a83cdeee70487c509bd0810668a32fa2402f7d7…

Now to try the actual hardware....  At least openssl TLS 1.3 is OK with just
1 signature algorithm for my special case of external out of band PSK.  I didn't have to change any OpenSSL code so I'm happy with this.  Is there a way to clear all the signature algorithms and just add the one I want?






-----
Phillip Neumiller
Platform Engineering
Directstream, LLC
--
Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html
Phillip Neumiller Platform Engineering Directstream, LLC
Reply | Threaded
Open this post in threaded view
|

Re: Removing Extensions from Client Hello Header

OpenSSL - User mailing list
On Tue, Nov 12, 2019 at 01:13:49PM -0700, Phil Neumiller wrote:
> Thanks for all the useful device.  I was able to get the server to accept
> this client hello message.

If you're willing/able to share, it can be useful for us to know what products
are buggy in that they don't implement extensions in a proper, extensible, manner
and need to have the ClientHello extensions adjusted like this.  If we have a
list of "likely suspects" it can make diagnosing future connection issues
easier.

Thanks,

Ben
Reply | Threaded
Open this post in threaded view
|

Re: Removing Extensions from Client Hello Header

Phil Neumiller
In reply to this post by Phil Neumiller
I find the comment below about TLS 1.3 troubling.

static int test_set_sigalgs(int idx)
{
    SSL_CTX *cctx = NULL, *sctx = NULL;
    SSL *clientssl = NULL, *serverssl = NULL;
    int testresult = 0;
    const sigalgs_list *curr;
    int testctx;

    /* Should never happen */
    if (!TEST_size_t_le((size_t)idx, OSSL_NELEM(testsigalgs) * 2))
        return 0;

    testctx = ((size_t)idx < OSSL_NELEM(testsigalgs));
    curr = testctx ? &testsigalgs[idx]
                   : &testsigalgs[idx - OSSL_NELEM(testsigalgs)];

    if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
TLS_client_method(),
                                       TLS1_VERSION, 0,
                                       &sctx, &cctx, cert, privkey)))
        return 0;

*    /*
     * TODO(TLS1.3): These APIs cannot set TLSv1.3 sig algs so we just test
it
     * for TLSv1.2 for now until we add a new API.
     */*
    SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION);

    if (testctx) {
        int ret;

        if (curr->list != NULL)
            ret = SSL_CTX_set1_sigalgs(cctx, curr->list, curr->listlen);
        else
            ret = SSL_CTX_set1_sigalgs_list(cctx, curr->liststr);

        if (!ret) {



-----
Phillip Neumiller
Platform Engineering
Directstream, LLC
--
Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html
Phillip Neumiller Platform Engineering Directstream, LLC
Reply | Threaded
Open this post in threaded view
|

Re: Removing Extensions from Client Hello Header

OpenSSL - User mailing list
On Tue, Nov 12, 2019 at 03:08:19PM -0700, Phil Neumiller wrote:
> I find the comment below about TLS 1.3 troubling.
[...]

> *    /*
>      * TODO(TLS1.3): These APIs cannot set TLSv1.3 sig algs so we just test
> it
>      * for TLSv1.2 for now until we add a new API.
>      */*
>     SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION);
>
>     if (testctx) {
>         int ret;
>
>         if (curr->list != NULL)
>             ret = SSL_CTX_set1_sigalgs(cctx, curr->list, curr->listlen);
>         else
>             ret = SSL_CTX_set1_sigalgs_list(cctx, curr->liststr);

I don't.
From SSL_CTX_set1_sigalgs.pod:

% The TLS 1.3 signature scheme names (such as "rsa_pss_pss_sha256") can also
% be used with the B<_list> forms of the API.

The TLS 1.3 schemes don't decompose into SIG+HASH, so this is just a constraint
inherent to the old API, not a bug.

-Ben
Reply | Threaded
Open this post in threaded view
|

Re: Removing Extensions from Client Hello Header

Hubert Kario
In reply to this post by OpenSSL - User mailing list
On Tuesday, 12 November 2019 21:22:51 CET, Benjamin Kaduk via openssl-users
wrote:

> On Tue, Nov 12, 2019 at 01:13:49PM -0700, Phil Neumiller wrote:
>> Thanks for all the useful device.  I was able to get the server to accept
>> this client hello message.
>
> If you're willing/able to share, it can be useful for us to
> know what products
> are buggy in that they don't implement extensions in a proper,
> extensible, manner
> and need to have the ClientHello extensions adjusted like this.
>  If we have a
> list of "likely suspects" it can make diagnosing future connection issues
> easier.

contributing a fingerprint to https://github.com/WestpointLtd/tls_prober 
would
also be really welcome, for the same reasons

--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00  Brno, Czech Republic