IETF Logo Mail Archive

[TLS] Another ClientHello length intolerance bug?

"David A. Cooper" <david.cooper@nist.gov> Wed, 12 September 2018 16:24 UTC

Return-Path: <david.cooper@nist.gov>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 22FD7130E2A for <tls@ietfa.amsl.com>; Wed, 12 Sep 2018 09:24:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.578
X-Spam-Level:
X-Spam-Status: No, score=-1.578 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.723, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kZco2LKM4gL9 for <tls@ietfa.amsl.com>; Wed, 12 Sep 2018 09:24:20 -0700 (PDT)
Received: from wsget2.nist.gov (wsget2.nist.gov [IPv6:2610:20:6005:13::151]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D04F4130E43 for <tls@ietf.org>; Wed, 12 Sep 2018 09:24:19 -0700 (PDT)
Received: from WSGHUB1.xchange.nist.gov (129.6.42.34) by wsget2.nist.gov (129.6.13.151) with Microsoft SMTP Server (TLS) id 14.3.408.0; Wed, 12 Sep 2018 12:24:11 -0400
Received: from postmark.nist.gov (129.6.16.94) by mail-g.nist.gov (129.6.42.33) with Microsoft SMTP Server id 14.3.408.0; Wed, 12 Sep 2018 12:24:16 -0400
Received: from [129.6.105.183] (cooper-optiplex-9010.campus.nist.gov [129.6.105.183]) by postmark.nist.gov (8.13.8/8.13.1) with ESMTP id w8CGNumQ011061 for <tls@ietf.org>; Wed, 12 Sep 2018 12:23:57 -0400
To: "tls@ietf.org" <tls@ietf.org>
From: "David A. Cooper" <david.cooper@nist.gov>
Message-ID: <43b796a4-156a-6f16-4426-07c3cece61ba@nist.gov>
Date: Wed, 12 Sep 2018 12:23:56 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1
MIME-Version: 1.0
Content-Type: text/html; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-NIST-MailScanner-Information:
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/ddvVfePJ4sg_uQbD6vdcAJuLx7A>
Subject: [TLS] Another ClientHello length intolerance bug?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Sep 2018 16:24:22 -0000

According to RFC 7685 there was at least one TLS implementation that would hang the connection if it received a ClientHello record with a TLSCiphertext.length between 256 and 511 bytes.

During some recent testing I believe that I have come across a similar length intolerance bug. A number of servers seem to hang or close the connection if sent a ClientHello record with a TLSCiphertext.length of 266, 522, 778, ... (i.e., if TLSCiphertext.length mod 256 = 10). I have also encountered one server that will also hang the connection if sent a ClientHello record with a TLSCiphertext.length of 270, 526, 782 ... (i.e., if TLSCiphertext.length mod 256 = 14).

A test for this was just added to the development branch of testssl.sh (https://github.com/drwetter/testssl.sh" rel="nofollow">https://github.com/drwetter/testssl.sh) -- run testssl.sh with the "--grease" option.

As the server banner being returned by the servers that seem to have this problem are not all the same it is my guess that it is actually some middlebox that the is the source of the problem.

Has anyone else encountered this problem? We are trying to validate that this is a real bug (https://github.com/drwetter/testssl.sh/pull/1113" rel="nofollow">https://github.com/drwetter/testssl.sh/pull/1113).

Thanks,

David

v2.23.0 | Report a Bug | By Email