Re: [TLS] Servers respond with BadRecordMac after ClientFinished, sent when PSK+EarlyData
Kristijan Sedlak <xpepermint@gmail.com> Tue, 09 August 2022 07:06 UTC
Return-Path: <xpepermint@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 861A1C15A732 for <tls@ietfa.amsl.com>; Tue, 9 Aug 2022 00:06:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aYAds6RNAlH9 for <tls@ietfa.amsl.com>; Tue, 9 Aug 2022 00:06:11 -0700 (PDT)
Received: from mail-ej1-x631.google.com (mail-ej1-x631.google.com [IPv6:2a00:1450:4864:20::631]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4495EC15C504 for <tls@ietf.org>; Tue, 9 Aug 2022 00:06:11 -0700 (PDT)
Received: by mail-ej1-x631.google.com with SMTP id a7so20643913ejp.2 for <tls@ietf.org>; Tue, 09 Aug 2022 00:06:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:from:to:cc; bh=nEN2QAbv2dJfFKCltZReCSPQFUbqHUVLeScHoQ4lzxE=; b=a0HPMRctFgRcwrgUV44z8X4/4janysgfZyXgbvDyxC0BzI5wkzYX9g6zjcm2NuokKb yGHWWWBuML64q9NhP02nBdPomBZUwGLn8RJJqwRR3vmHBAA+71SF7CkRxMptix7QYTcX 822it972mGEX1vrpvCbVgQaehI/qvhNh88w6TTSk6jv18i40s9uMez8GPUy1l6i9jZfl JzbWuEQe9Da8c+iGGo5lGTowreYivamfsvDbQybpQ0+kt+IgtoHqE3nYhMJFTO8WWK9S 8HBXIOMeLuScPfzOespvYIGiae73zBTs6otnyJvxNrwZUkAL+45wp5DthaOabIuA9Yef fQ6Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:x-gm-message-state:from:to:cc; bh=nEN2QAbv2dJfFKCltZReCSPQFUbqHUVLeScHoQ4lzxE=; b=yp9IoAl4qdzdDrsS7ZkdyqEBoEarIQPptx0AMR4R3HIFWQ37IVhQ+NTJaTNZp7fUzx BWYn7sUVGkJjd2elkkK5hBjKLv2M+yYIny4h4Xf+rdkBkY0NgmoTPZC4XdNw5rUijJLc Ra2UzCFPjnAyDuhpg7y5E8Je488XoJ4BLBsheTadta+MzkazcCUcpwNGMHXdDzf5c0PA O1D4FEKYUIIwXbrVjz8xn1AXOKh62HYQ7tGLNGOU/f9bRiygGXZ9h2Pedx3r3DsWTJFc yB24Npn1lkXC09UQN9Wi1QnY81l4dsyAYxQ0JbC3ymn+mMryk7LQ/bF3d9aMKXgQ/nb5 vLHw==
X-Gm-Message-State: ACgBeo15+6qi9YfSJWvBq2PjGf4142rndOEhNrDtFp4Fprhbt+8OGqCy KpFV68CG3otfHYU/R/Tbk/CWlbuck2Y=
X-Google-Smtp-Source: AA6agR5xl0nGgg08pX1NF+3k8PlyInq2aeCjIZPZRBe0sfswSn5aTn/zSaZB3Ou5MdYV2IRMqblziA==
X-Received: by 2002:a17:907:2721:b0:731:2aeb:7940 with SMTP id d1-20020a170907272100b007312aeb7940mr9794423ejl.448.1660028769010; Tue, 09 Aug 2022 00:06:09 -0700 (PDT)
Received: from smtpclient.apple (84-255-199-63.static.t-2.net. [84.255.199.63]) by smtp.gmail.com with ESMTPSA id o25-20020a509b19000000b0043d8d0ba6a3sm5598391edi.85.2022.08.09.00.05.32 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 09 Aug 2022 00:05:36 -0700 (PDT)
From: Kristijan Sedlak <xpepermint@gmail.com>
Message-Id: <311E53EC-C6D0-44F2-BA8E-ED15939ACEF1@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_60E5D215-19F0-4CB6-9471-F0C81F442A74"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.1\))
Date: Tue, 09 Aug 2022 09:05:31 +0200
In-Reply-To: <YvID85L+ICWVh9gi@LK-Perkele-VII2.locald>
Cc: tls@ietf.org
To: Ilari Liusvaara <ilariliusvaara@welho.com>
References: <987212E5-9A26-4408-9BD5-2D26FA106D3F@gmail.com> <YvID85L+ICWVh9gi@LK-Perkele-VII2.locald>
X-Mailer: Apple Mail (2.3696.120.41.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/xLOeaKnMQuUg7vcu4C-6SO7N1Zc>
X-Mailman-Approved-At: Tue, 16 Aug 2022 07:07:28 -0700
Subject: Re: [TLS] Servers respond with BadRecordMac after ClientFinished, sent when PSK+EarlyData
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Aug 2022 07:06:15 -0000
Hey Ilari, thank’s for replying. I did verify the transcript as well. Everything seems to be correct. I bet if it wasn't the 1-RTT and 0-RTT(no-early-data) would fail too. Something weird is going on only in 0-RTT(early-data) case. Can you maybe point me to an URL with the correct TLS1.3 implementation where I could safely test the client? Best, Kristijan > On 9 Aug 2022, at 08:51, Ilari Liusvaara <ilariliusvaara@welho.com> wrote: > > Ilari
- [TLS] Servers respond with BadRecordMac after Cli… Kristijan Sedlak
- Re: [TLS] Servers respond with BadRecordMac after… Ilari Liusvaara
- Re: [TLS] Servers respond with BadRecordMac after… Kristijan Sedlak
- Re: [TLS] Servers respond with BadRecordMac after… Nick Harper
- Re: [TLS] Servers respond with BadRecordMac after… Ilari Liusvaara
- Re: [TLS] Servers respond with BadRecordMac after… Kristijan Sedlak
- Re: [TLS] Servers respond with BadRecordMac after… Eric Rescorla
- Re: [TLS] Servers respond with BadRecordMac after… Kristijan Sedlak
- Re: [TLS] Servers respond with BadRecordMac after… Kristijan Sedlak
- Re: [TLS] Servers respond with BadRecordMac after… tomoya kuwayama