[Bug 2019094] Re: [SRU] Focal: TLS 1.3 doesn't work on strict firewall/middlebox
Mauricio Faria de Oliveira
2019094 at bugs.launchpad.net
Thu May 18 13:28:54 UTC 2023
Hi Matthew,
Thanks for the extra attention with the fixes and identifying an
additional fix-up commit!
The debdiff looks great as usual, just a note on DEP3 (which I can adjust myself later, after the reverse-build-deps review):
Even though `Description` and `Subject` are similar, the former require continuation lines (i.e., ' .' for blank lines), while the latter doesn't [1].
So, for git patches, it's usually easier to just reuse the `Subject` line, and leave the long description outside of the structured fields, as suggested in DEP3.
Thanks,
Mauricio
[1] https://dep-team.pages.debian.net/deps/dep3/
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to gnutls28 in Ubuntu.
https://bugs.launchpad.net/bugs/2019094
Title:
[SRU] Focal: TLS 1.3 doesn't work on strict firewall/middlebox
Status in gnutls28 package in Ubuntu:
Invalid
Status in gnutls28 source package in Focal:
In Progress
Bug description:
< IN PROGRESS >
[ Impact ]
* On Focal, the TLS 1.3 handshake might fail on strict
(or misbehaving) proprietary firewall/middlebox that
requires a non-empty Session ID (as TLS 1.2) per RFC.
* The RFC specifies the ClientHello should always have
a non-empty session ID, but this _is_ empty in Focal.
* RFC 8446, Appendix D.4. Middlebox Compatibility Mode [1]
"""
... a significant number of middleboxes misbehave
when a TLS client/server pair negotiates TLS 1.3.
... handshake look more like a TLS 1.2 handshake:
- The client always provides a non-empty session ID
in the ClientHello, ...
"""
* Reverse build dependencies that link against the
static libraries in libgnutls28-dev (check needed)
would need No-Change Rebuilds to pick up this fix.
(see `reverse-depends -b -r focal libgnutls28-dev`)
[ Test Plan ]
* Check whether TLS 1.3 handshake has `Session ID:`
- Focal (no):
$ gnutls-cli --priority NORMAL:-VERS-ALL:+VERS-TLS1.3 ubuntu.com </dev/null
...
- Description: (TLS1.3-X.509)-...
- Options:
- Handshake was completed
...
- Jammy (yes):
$ gnutls-cli --priority NORMAL:-VERS-ALL:+VERS-TLS1.3 ubuntu.com </dev/null
...
- Description: (TLS1.3-X.509)-...
- Session ID: CB:7D:DF:...
- Options:
- Handshake was completed
...
* Check tests run at build time (`Testsuite summary for GnuTLS`).
Tests passed per the build log from PPA with test packages:
===================================
Testsuite summary for GnuTLS 3.6.13
===================================
# TOTAL: 25
# PASS: 8
# SKIP: 17
# XFAIL: 0
* Check autopkgtests from gnutls28 against PPA/SRU [4].
Tests passed against PPA with test packages:
autopkgtest [13:47:40]: @@@@@@@@@@@@@@@@@@@@ summary
run-upstream-testsuite PASS
* Check autopkgtests from reverse test triggers against PPA/SRU
$ reverse-depends -b -r focal src:gnutls28
Reverse-Testsuite-Triggers
* ...
* (Internal) Verify the original reporter's proprietary
firewall/middlebox now works with TLS 1.3 from GnuTLS.
There is a test package available in the following ppa:
https://launchpad.net/~mruffell/+archive/ubuntu/sf359157-test
If you install the test package, the session ID is set
correctly.
[ Regression Potential ]
* TLS 1.3 handshake now includes non-empty Session ID
in ClientHello, so there's a behavior change in the
Client side-only, but it does affect how particular
Servers handle the client, depending on Session ID.
* Thus, theoretically, if issues were to occur, that
likely would manifest as client connection errors
with TLS 1.3 (failures would be realized early and
fast), and a workaround available is using TLS 1.2.
* Even though changes to TLS handshake understandably
may be scary (considering the impact of regressions),
the proposed change is specified by the RFC (and is
there to help w/ wider compatibility) and is already
implemented in later versions (3.7.1 in Hirsute [5]).
[ Other Info ]
* Bionic is not impacted (TLS 1.2 only)
* Jammy and later already fixed (TLS 1.3 on GnuTLS 3.7+)
The fixes required are:
commit e0bb98e1f71f94691f600839ff748d3a9f469d3e
Author: Norbert Pocs <npocs at redhat.com>
Date: Fri Oct 30 17:18:30 2020 +0100
Subject: Fix non-empty session id (TLS13_APPENDIX_D4)
Link: https://gitlab.com/gnutls/gnutls/-/commit/e0bb98e1f71f94691f600839ff748d3a9f469d3e
commit 5416fdc259d8df9b797d249f3e5d58789b2e2cf9
Author: Daiki Ueno <ueno at gnu.org>
Date: Wed Feb 3 15:50:08 2021 +0100
Subject: gnutls_session_is_resumed: don't check session ID in TLS 1.3
Link: https://gitlab.com/gnutls/gnutls/-/commit/5416fdc259d8df9b797d249f3e5d58789b2e2cf9
commit 05ee0d49fe93d8812ef220c7b830c4b3553ac4fd
Author: Daiki Ueno <ueno at gnu.org>
Date: Sun Jan 24 07:34:24 2021 +0100
Subject: handshake: TLS 1.3: don't generate session ID in resumption mode
Link: https://gitlab.com/gnutls/gnutls/-/commit/05ee0d49fe93d8812ef220c7b830c4b3553ac4fd
[ Links ]
[1] https://www.rfc-editor.org/rfc/rfc8446#appendix-D.4
[2] https://gitlab.com/gnutls/gnutls/-/commit/e0bb98e1f71f94691f600839ff748d3a9f469d3e
[3] https://gitlab.com/gnutls/gnutls/-/commit/05ee0d49fe93d8812ef220c7b830c4b3553ac4fd
[4] https://autopkgtest.ubuntu.com/packages/g/gnutls28
[5] https://launchpad.net/ubuntu/+source/gnutls28/3.7.1-3ubuntu1
Issue: https://gitlab.com/gnutls/gnutls/-/issues/1074
FixMR: https://gitlab.com/gnutls/gnutls/-/merge_requests/1350
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnutls28/+bug/2019094/+subscriptions
More information about the foundations-bugs
mailing list