Handle multiple NewSessionTicket messages

[zhihan]

If a server sends multiple NewSessionTicket in post-handshake data, the client will error out with the following message:

"bad new session ticket message"

[hannestschofenig]

I believe this issue is related to https://github.com/hannestschofenig/mbedtls/issues/54

[hannestschofenig]

I fixed this issue in https://github.com/hannestschofenig/mbedtls/pull/61

[zhihan]

Not sure if the issue is fixed. Here is my attempt to connect to enabled.tls13.com:

% ./ssl_client2 server_name=enabled.tls13.com server_port=443 ca_file=/etc/ssl/cert.pem auth_mode=optional

. Seeding the random number generator... ok
. Loading the CA root certificate ... ok (114 skipped)
. Loading the client cert. and key... ok (key type: EC)
. Connecting to tcp/enabled.tls13.com/443... ok
. Setting up the SSL/TLS structure... ok
. Performing the SSL/TLS handshake... ok
[ Protocol is TLSv1.3 ]
[ Ciphersuite is TLS_CHACHA20_POLY1305_SHA256 ]
[ Key Exchange Mode is ECDHE-ECDSA ]
[ Record expansion is 5 ]
. Verifying peer X.509 certificate... failed
! The certificate is not correctly signed by the trusted CA

. Peer certificate information ...
cert. version : 3
serial number : 02:A7:C1:95:57:7F:F0:E9:0C:35:99:61:D2:04:B0:ED
issuer name : C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3
subject name : C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com
issued on : 2020-08-17 00:00:00
expires on : 2021-08-17 12:00:00
signed using : ECDSA with SHA256
EC key size : 256 bits
basic constraints : CA=false
subject alt name :
dNSName : tls13.com
dNSName : *.tls13.com
dNSName : sni.cloudflaressl.com
key usage : Digital Signature
ext key usage : TLS Web Server Authentication, TLS Web Client Authentication
certificate policies : ???, ???

Write to server: 34 bytes written in 1 fragments

GET / HTTP/1.0
Extra-header:

< Read from server: mbedtls_ssl_read returned -0x6e00
Last error was: -0x6E00 - SSL - Processing of the NewSessionTicket handshake message failed

[hanno-becker]

@zhihan I believe this issue is fixed in the sense that the client no longer fails upon receipt of multiple NewSessionTicket messages. Could you confirm?

However, IIRC the client will ignore all but the first ticket, which is something that will be addressed by @hannestschofenig' ongoing rework of the ticket handling -- @hannestschofenig, correct me if I'm wrong here.

[hannestschofenig]

https://github.com/hannestschofenig/mbedtls/pull/161 addresses this issue.

[zhihan]

Thanks!

On Tue, Mar 23, 2021, 7:14 AM Hannes Tschofenig @.***> wrote:

161 https://github.com/hannestschofenig/mbedtls/pull/161 addresses

this issue.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/hannestschofenig/mbedtls/issues/56#issuecomment-804818592, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAJIY6KLXNCD2RPQ4O3ZYPDTFBZXXANCNFSM4TQAGITQ .

[hannestschofenig]

I executed

./ssl_client2 server_name=enabled.tls13.com server_port=443 auth_mode=optional

(using the code at https://github.com/hannestschofenig/mbedtls/pull/161) and it saved two tickets:

Write to server: 34 bytes written in 1 fragments

GET / HTTP/1.0 Extra-header:

< Read from server: got ticket. . Saving session for reuse... ok [ Saved 259 bytes of session data] got ticket. . Saving session for reuse... ok [ Saved 259 bytes of session data] 329 bytes read

HTTP/1.1 403 Forbidden Server: cloudflare Date: Wed, 24 Mar 2021 14:53:57 GMT Content-Type: text/html Content-Length: 151 Connection: close CF-RAY: 6350bb61dddd18e5-FRA

403 Forbidden

---

cloudflare

. Closing the connection... done