/ Zope / Apsis / Pound Mailing List / Archive / 2018 / 2018-12 / [Patch] Wrong use of Fallback SCSV / TLS1.3 interoperability

[ << ] [ >> ]

[ Pound package removed from Ubuntu 18.04 / John ... ] [ dual-stack listeners? / "Amitai ... ]

[Patch] Wrong use of Fallback SCSV / TLS1.3 interoperability
"Frank Schmirler" <frank.schmirler(at)linogate.com>
2018-12-22 23:47:50 [ FULL ]
Hi,

we just ran into problems after a backend server was upgraded to support TLS
1.3 while the openssl pound runs with only supports TLS up to 1.2. The
connection failed with "tlsv1 alert inappropriate fallback". It turned out
that pound incorrectly sets SSL_MODE_SEND_FALLBACK_SCSV on backend
connections. A client should set this flag only after a connection with a
server failed and the client now retries with a lower TLS version. It must not
be used by clients like pound, which rely on the TLS version negotiation built
into the TLS protocol. So just drop the three lines in config.c (patch
attached).

[1] https://tools.ietf.org/html/rfc7507#section-1
[2]
https://github.com/openssl/openssl/blob/1d97c8435171a7af575f73c526d79e1ef0ee5960/ssl/ssl.h#L672
[3]
https://security.stackexchange.com/questions/70988/why-do-browsers-probe-and-fallback-or-why-ssl-mode-send-fallback-scsv

Regards,
Frank
Attachments:  
pound-2.8-fallback_scsv.diff text/x-patch 569 Bytes

MailBoxer