Re: openssl-1.1 SNI callback causing client failures

Fri, 17 Feb 2017 10:23:59 -0800 

Hi Roberto

> Le 17 févr. 2017 à 01:27, Roberto Guimaraes <[email protected]> a écrit :
> 
> greetings,
> 
> just a heads up that we’ve seen client breakage when using haproxy with 
> openssl-1.1 — dunno how far along you are concerning ossl1.1 usage, but it 
> has become very clear that openssl-1.1 behaves differently in a number of 
> ways esp SNI callback.
> 
> so, openssl-1.0.x does not actually send the warnings/alerts when the 
> callback returns SSL_TLSEXT_ERR_NOACK or SSL_TLSEXT_ERR_ALERT_WARNING, but 
> openssl-1.1 will send them.
> 
> Some clients, such as java1.8 and gnutls, will fail upon receiving these 
> warnings, even if the RFC isn’t clear on the correct behavior.
> 
It’s strange. I suppose it’s another problem. Need logs and more infos to help.

> I don’t know if this 100% applicable to you, but perhaps consider removing 
> the warnings unless explicitly requested with strict_sni? Looking at the 
> “reference” s_server.c in openssl-1.1 and it does return ERR_OK for both 
> mismatch and missing servername.
> 
I don’t seen any changes about that at s_server.c in openssl-1.1.

SSL_TLSEXT_ERR_NOACK is used when client does not sent an SNI. Is not a warning 
and is useful.

SSL_TLSEXT_ERR_ALERT_WARNING is used when certificate does not match the SNI 
sent by the client.
it could be removed because clients check it and generate the alert.
Replacing it with SSL_TLSEXT_ERR_OK will not change anything to correct 
clients. BoringSSL ignores it and
sends SSL_TLSEXT_ERR_OK instead and it does not change anything for all known 
clients (via ssllabs).

Manu

> roberto
> 
> diff --git a/src/ssl_sock.c b/src/ssl_sock.c
> index e7eb5df..2b227fc 100644
> --- a/src/ssl_sock.c
> +++ b/src/ssl_sock.c
> @@ -1470,7 +1470,7 @@ static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, 
> void *priv)
> #endif
>                return (s->strict_sni ?
>                        SSL_TLSEXT_ERR_ALERT_FATAL :
> -                       SSL_TLSEXT_ERR_NOACK);
> +                       SSL_TLSEXT_ERR_OK);
>        }
> 
>        for (i = 0; i < trash.size; i++) {
> @@ -1507,7 +1507,7 @@ static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, 
> void *priv)
> #endif
>                return (s->strict_sni ?
>                        SSL_TLSEXT_ERR_ALERT_FATAL :
> -                       SSL_TLSEXT_ERR_ALERT_WARNING);
> +                       SSL_TLSEXT_ERR_OK);
>        }
> 
>        /* switch ctx */

Reply via email to