search

eclipse / tinydtls

Eclipse tinydtls
https://projects.eclipse.org/projects/iot.tinydtls
Other
105 stars 57 forks source link

Version Downgrade during the Handshake #209

Closed bathooman closed 4 months ago

bathooman commented 11 months ago

During our tests, we noticed that the handshake could continue if the server chooses to use a lower version of the protocol compared to the version used in earlier records through the handshake. I will try to clarify this through an example:

During the handshake, when the server sends the ServerHello message, it uses DTLS 1.2 as the record version. Now if in the following record containing the ServerHelloDone message, the server chooses to use DTLS 1.0 as the record version, the handshake continues without interruption. Although the security implications of this are unknown (or none in the case of TinyDTLS), I believe it is still good practice to abort when a version downgrade occurs. For example, OpenSSL aborts the handshake in such a scenario. An example of such a downgrade can be found in the attached PCAP file.

tinydtls-0.zip

boaks commented 11 months ago

Thanks for reporting. I will look into this tomorrow.

boaks commented 11 months ago

If possible, please test, if PR #210 works for you.

boaks commented 4 months ago

The fix is merged. OK to close?

bathooman commented 4 months ago

Thanks for the fix.