Re: [TLS] Fwd: Clarification on interleaving app data and handshake records

Hubert Kario <hkario@redhat.com> Fri, 04 December 2015 17:45 UTC

Return-Path: <hkario@redhat.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D39A41A902E for <tls@ietfa.amsl.com>; Fri, 4 Dec 2015 09:45:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.911
X-Spam-Level:
X-Spam-Status: No, score=-6.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KNaDK2RL0pVM for <tls@ietfa.amsl.com>; Fri, 4 Dec 2015 09:45:33 -0800 (PST)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0C9F11A9008 for <tls@ietf.org>; Fri, 4 Dec 2015 09:45:33 -0800 (PST)
Received: from int-mx13.intmail.prod.int.phx2.redhat.com (int-mx13.intmail.prod.int.phx2.redhat.com [10.5.11.26]) by mx1.redhat.com (Postfix) with ESMTPS id 96461C0A15F3; Fri, 4 Dec 2015 17:45:32 +0000 (UTC)
Received: from pintsize.usersys.redhat.com (dhcp-0-105.brq.redhat.com [10.34.0.105]) by int-mx13.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id tB4HjVrE005168 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 4 Dec 2015 12:45:32 -0500
From: Hubert Kario <hkario@redhat.com>
To: Kurt Roeckx <kurt@roeckx.be>
Date: Fri, 04 Dec 2015 18:45:25 +0100
Message-ID: <2348468.lpGyMim7ub@pintsize.usersys.redhat.com>
User-Agent: KMail/4.14.10 (Linux/4.2.6-201.fc22.x86_64; KDE/4.14.14; x86_64; ; )
In-Reply-To: <20151016203610.GA5596@roeckx.be>
References: <20151015130040.9F1BB1A2EF@ld9781.wdf.sap.corp> <2977428.j4DNTR9LXR@pintsize.usersys.redhat.com> <20151016203610.GA5596@roeckx.be>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="nextPart6502285.HHKI0eEsQq"; micalg="pgp-sha512"; protocol="application/pgp-signature"
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.26
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/WlXurdFH0wNISyZWoWMQL95nBfI>
Cc: tls@ietf.org
Subject: Re: [TLS] Fwd: Clarification on interleaving app data and handshake records
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Dec 2015 17:45:39 -0000

On Friday 16 October 2015 22:36:10 Kurt Roeckx wrote:
> On Fri, Oct 16, 2015 at 04:05:34PM +0200, Hubert Kario wrote:
> > On Friday 16 October 2015 09:16:01 Watson Ladd wrote:
> > > Unfortunately I don't know how to verify this. Can miTLS cover
> > > this
> > > case?
> > 
> > you mean, you want an implementation that can insert application
> > data in any place of the handshake?
> 
> Have you tried running any of your tests against miTLS?

Yes, I finally did

miTLS does accept Application Data when it is send between Client Hello 
and Client Key Exchange and rejects it when it is sent between Change 
Cipher Spec and Finished.

Though I will need to modify tlsfuzzer a bit more before I will be able 
to publish an automated test case for that*

 * - miTLS writes HTTP responses in a line-by-line basis, making 
handling of its responses a bit more complex
-- 
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic