search

postmanlabs / postman-app-support

Postman is an API platform for building and using APIs. Postman simplifies each step of the API lifecycle and streamlines collaboration so you can create better APIs—faster.
https://www.postman.com
5.81k stars 839 forks source link

Support of SNI for Postman MQTT Client #12804

Open akrambek opened 4 months ago

akrambek commented 4 months ago

Is there an existing issue for this?

Describe the Issue

Describe the bug I'm attempting to connect to an MQTT service that requires setting SNI when connecting over the TLS protocol, for example, mqtts://localhost:7883. Upon capturing packets with Wireshark, I discovered that Postman does not provide SNI by default. The MQTT server expects the following, with server_name TLS ClientHello extension set to localhost.

Frame 994: 573 bytes on wire (4584 bits), 573 bytes captured (4584 bits) on interface lo0, id 0
Null/Loopback
Internet Protocol Version 4, Src: 127.0.0.1, Dst: 127.0.0.1
Transmission Control Protocol, Src Port: 56889, Dst Port: 7883, Seq: 1, Ack: 1, Len: 517
Transport Layer Security
    TLSv1.3 Record Layer: Handshake Protocol: Client Hello
        Content Type: Handshake (22)
        Version: TLS 1.0 (0x0301)
        Length: 512
        Handshake Protocol: Client Hello
            Handshake Type: Client Hello (1)
            Length: 508
            Version: TLS 1.2 (0x0303)
            Random: 910acfe4d9aa4bf610aba17bbfbed5f53991d2061ff5b2551b11c430854c61d4
            Session ID Length: 32
            Session ID: 84defa324f751335a817aa6960d889680e4d0453e1b708ec907ad8c59d807183
            Cipher Suites Length: 36
            Cipher Suites (18 suites)
            Compression Methods Length: 1
            Compression Methods (1 method)
            Extensions Length: 399
            Extension: server_name (len=14) name=localhost
                Type: server_name (0)
                Length: 14
                Server Name Indication extension
            Extension: extended_master_secret (len=0)
                Type: extended_master_secret (23)
                Length: 0
            Extension: renegotiation_info (len=1)
                Type: renegotiation_info (65281)
                Length: 1
                Renegotiation Info extension
            Extension: supported_groups (len=8)
                Type: supported_groups (10)
                Length: 8
                Supported Groups List Length: 6
                Supported Groups (3 groups)
            Extension: ec_point_formats (len=2)
                Type: ec_point_formats (11)
                Length: 2
                EC point formats Length: 1
                Elliptic curves point formats (1)
            Extension: session_ticket (len=0)
                Type: session_ticket (35)
                Length: 0
                Session Ticket: <MISSING>
            Extension: application_layer_protocol_negotiation (len=12)
                Type: application_layer_protocol_negotiation (16)
                Length: 12
                ALPN Extension Length: 10
                ALPN Protocol
.....

however received the following instead

Frame 2164: 290 bytes on wire (2320 bits), 290 bytes captured (2320 bits) on interface lo0, id 0
Null/Loopback
Internet Protocol Version 4, Src: 127.0.0.1, Dst: 127.0.0.1
Transmission Control Protocol, Src Port: 65269, Dst Port: 7883, Seq: 1, Ack: 1, Len: 234
Transport Layer Security
    TLSv1.3 Record Layer: Handshake Protocol: Client Hello
        Content Type: Handshake (22)
        Version: TLS 1.0 (0x0301)
        Length: 229
        Handshake Protocol: Client Hello
            Handshake Type: Client Hello (1)
            Length: 225
            Version: TLS 1.2 (0x0303)
            Random: dbd3d941376acef36da9e587789d384607ec5e2bfc497fe32c953ec35986fbee
            Session ID Length: 32
            Session ID: bf0e937b8d3f360599e365f0666791a389f6fc5587f5a6e1b83482d2cdf71883
            Cipher Suites Length: 36
            Cipher Suites (18 suites)
            Compression Methods Length: 1
            Compression Methods (1 method)
            Extensions Length: 116
            Extension: extended_master_secret (len=0)
                Type: extended_master_secret (23)
                Length: 0
            Extension: renegotiation_info (len=1)
                Type: renegotiation_info (65281)
                Length: 1
                Renegotiation Info extension
            Extension: supported_groups (len=8)
                Type: supported_groups (10)
                Length: 8
                Supported Groups List Length: 6
                Supported Groups (3 groups)
            Extension: ec_point_formats (len=2)
                Type: ec_point_formats (11)
                Length: 2
                EC point formats Length: 1
                Elliptic curves point formats (1)
            Extension: session_ticket (len=0)
                Type: session_ticket (35)
                Length: 0
                Session Ticket: <MISSING>
   .....

Steps To Reproduce

  1. Download postman for mac
  2. Connect to mqtt over using mqtts for example mqtts://localhost:7883

Screenshots or Videos

No video

Operating System

macOS

Postman Version

10.24.18

Postman Platform

Postman App

User Account Type

Signed In User

Additional Context?

No additional context

jonathanhaviv commented 4 months ago

@akrambek Thanks for bringing this to our attention! We will take a look at this issue, and let you know if we need any more information or once we release support for SNI and ALPN.