boaks
commented
3 months ago Yes,
if (clientExtensions == null || clientExtensions.isEmpty()) {
throw new HandshakeException("Server wants extensions, but client not!",
new AlertMessage(AlertLevel.FATAL, AlertDescription.UNSUPPORTED_EXTENSION));
} else {
for (HelloExtension serverExtension : serverExtensions.getExtensions()) {
if (clientExtensions.getExtension(serverExtension.getType()) == null) {
if (serverExtension.getType() == HelloExtension.ExtensionType.RENEGOTIATION_INFO) {
hasRenegotiationInfoExtension = true;
if (secureRenegotiation != DtlsSecureRenegotiation.NONE) {
continue;
}
}
throw new HandshakeException(
"Server wants " + serverExtension.getType() + ", but client didn't propose it!",
new AlertMessage(AlertLevel.FATAL, AlertDescription.UNSUPPORTED_EXTENSION));
}
}
}In the case of empty client extensions, the special handling of RENEGOTIATION_INFO isn't applied ;-). Requires an fix.
As workaround, please enable the extended master secret extension.
# DTLS extended master secret mode.
# [NONE, OPTIONAL, ENABLED, REQUIRED].
# Default: ENABLED
DTLS.EXTENDED_MASTER_SECRET_MODE=ENABLED
kkonieczny-avs
I am using californium client and server in version 3.12.1. An error occurs if the client sends no extensions in ClientHello, but requests secure renegotiation by adding TLS_EMPTY_RENEGOTIATION_INFO_SCSV to cipher suites. The server will add secure_renegotiation extension to ServerHello as requested, but the client will throw unsupported extension error and terminate the connection. Both client and server are using DtlsSecureRenegotiation.WANTED. I believe this error is thrown in ClientHandshaker.java in line 497. I have zipped .pcapng file, because github doesn't support this extension. secure_renegotation_bug.pcapng.zip