[Bug 2019094] Re: [SRU] Focal: TLS 1.3 doesn't work on strict firewall/middlebox
Mauricio Faria de Oliveira
2019094 at bugs.launchpad.net
Wed May 24 01:00:07 UTC 2023
Reverse Build Dependencies with Static Linking: none found.
We (Gerald, Matthew, and I) did not find any rev-build-deps
that link with static libraries provided in libgnutls28-dev.
We've independently verified build logs, and peer reviewed
each other's filter approach. A summary is provided below.
So, as far as we can tell, no other packages would need to
go through No-Change-Rebuilds to pick up these changes.
The (run-time) rev-deps would use dynamic linking, only,
and thus do not need rebuilding, of course.
...
Static libraries:
---
$ dpkg-deb -c libgnutls28-dev_3.6.13-2ubuntu1.8_amd64.deb | grep '.a$'
<...> ./usr/lib/x86_64-linux-gnu/libgnutls-dane.a
<...> ./usr/lib/x86_64-linux-gnu/libgnutls-openssl.a
<...> ./usr/lib/x86_64-linux-gnu/libgnutls.a
<...> ./usr/lib/x86_64-linux-gnu/libgnutlsxx.a
Reverse Build Dependencies:
---
$ reverse-depends --release focal --build-depends libgnutls28-dev
Excluding tests (Reverse-Testsuite-Triggers):
- Main: 30
- Universe: 121
$ reverse-depends --release focal --build-depends --component main libgnutls28-dev 2>&1 | sed -n '/^Reverse-Build-Depends/,/^$/ { s:^\* ::p } ' | wc -l
30
$ reverse-depends --release focal --build-depends --component universe libgnutls28-dev 2>&1 | sed -n '/^Reverse-Build-Depends/,/^$/ { s:^\* ::p } ' | wc -l
121
Build logs:
---
Obtained via the Launchpad API, for the latest published
source package in Focal, all architectures that built OK.
@ https://git.launchpad.net/ubuntu-support-tools/plain/tools/sru/build-
logs.py
Linking options:
---
The static libraries can be specified in several ways,
and the 'gcc' and 'ld' manual pages indicate these:
# Static only
libname.a
-l:libname.a
# Shared (default) or static (affected by options below)
-lname
-l name
-static
-Wl,-Bstatic
-Wl,-static
-Wl,-non_shared
-Wl,-dn
-Xlinker -Bstatic
-Xlinker -static
-Xlinker -non_shared
-Xlinker -dn
The 'pkg-config' files specify options as usual:
$ dpkg-deb -x dpkg-deb -c libgnutls28-dev_3.6.13-2ubuntu1.8_amd64.deb deb-libgnutls28-dev
$ grep gnutls deb-libgnutls28-dev/usr/lib/x86_64-linux-gnu/pkgconfig/*.pc | grep -v URL:
deb-libgnutls28-dev/usr/lib/x86_64-linux-gnu/pkgconfig/gnutls-dane.pc:Libs: -L${libdir} -lgnutls-dane
deb-libgnutls28-dev/usr/lib/x86_64-linux-gnu/pkgconfig/gnutls-dane.pc:Requires.private: gnutls
deb-libgnutls28-dev/usr/lib/x86_64-linux-gnu/pkgconfig/gnutls.pc:Libs: -L${libdir} -lgnutls
grep/sed:
We've used different grep approaches individually,
below there's a conservative one, which does not
use 'grep -v' that might lead to false negatives;
but instead just removes unrelated text w/ `sed`.
For a very conservative approach, see the bottom
of this comment.
grep logs (main):
---
For main, there are 188 build logs from 30 source packages.
$ ls -1 | wc -l
188
$ ls -1 | sed 's/^buildlog_ubuntu-focal-[^\.]\+\.// ; s/_.*_BUILDING.txt//' | sort -u | wc -l
30
filename or -l:filename
$ grep -ar gnutls | grep -c -e 'libgnutls.a' -e 'libgnutls-openssl.a' -e 'libgnutls-dane.a' -e 'libgnutlsxx.a'
0
-static
$ grep -ar gnutls | grep '\-static' | sed 's/-enable-static//; s/-static-libgcc//' | grep -c '[[:blank:]]-static'
0
-Wl,<option>
$ grep -ar gnutls | grep '\-Wl,-Bstatic' | sed "s/'-Wl,-Bstatic', '-Wl,-Bdynamic'//" | grep -c '\-Wl,-Bstatic'
0
$ grep -ar gnutls | grep -c '\-Wl,-static'
0
$ grep -ar gnutls | grep -c '\-Wl,-non_shared'
0
$ grep -ar gnutls | grep -c '\-Wl,-dn'
0
-Xlinker <option>
$ grep -ar gnutls | grep -c '\-Xlinker -Bstatic'
0
$ grep -ar gnutls | grep -c '\-Xlinker -static'
0
$ grep -ar gnutls | grep -c '\-Xlinker -non_shared'
0
$ grep -ar gnutls | grep -c '\-Xlinker -dn'
0
grep logs (universe):
---
For universe, there are 600 build logs from 121 source packages.
$ ls -1 | wc -l
600
$ ls -1 | sed 's/^buildlog_ubuntu-focal-[^\.]\+\.// ; s/_.*_BUILDING.txt//' | sort -u | wc -l
121
filename or -l:filename
$ grep -ar gnutls | grep -c -e 'libgnutls.a' -e 'libgnutls-openssl.a' -e 'libgnutls-dane.a' -e 'libgnutlsxx.a'
0
-static
$ grep -ar gnutls | grep '\-static' | sed 's/-enable-static//; s/-static-libgcc//' | grep -c '[[:blank:]]-static'
6
All from test program in wget.
$ grep -ar gnutls | grep '\-static' | sed 's/-enable-static//; s/-static-libgcc//' | grep '[[:blank:]]-static'
buildlog_ubuntu-focal-s390x.wget2_1.99.1-2.1_BUILDING.txt:<...> gcc <...> -static <...> -o test_linking test_linking-test_linking.o libwget.la <...> -lgnutls
buildlog_ubuntu-focal-amd64.wget2_1.99.1-2.1_BUILDING.txt:<...> gcc <...> -static <...> -o test_linking test_linking-test_linking.o libwget.la <...> -lgnutls
buildlog_ubuntu-focal-arm64.wget2_1.99.1-2.1_BUILDING.txt:<...> gcc <...> -static <...> -o test_linking test_linking-test_linking.o libwget.la <...> -lgnutls
buildlog_ubuntu-focal-riscv64.wget2_1.99.1-2.1_BUILDING.txt:<...> gcc <...> -static <...> -o test_linking test_linking-test_linking.o libwget.la <...> -lgnutls
buildlog_ubuntu-focal-ppc64el.wget2_1.99.1-2.1_BUILDING.txt:<...> gcc <...> -static <...> -o test_linking test_linking-test_linking.o libwget.la <...> -lgnutls
buildlog_ubuntu-focal-armhf.wget2_1.99.1-2.1_BUILDING.txt:<...> gcc <...> -static <...> -o test_linking test_linking-test_linking.o libwget.la <...> -lgnutls
-Wl,<option>
$ grep -ar gnutls | grep '\-Wl,-Bstatic' | sed "s/'-Wl,-Bstatic', '-Wl,-Bdynamic'//" | grep -c '\-Wl,-Bstatic'
0
$ grep -ar gnutls | grep -c '\-Wl,-static'
0
$ grep -ar gnutls | grep -c '\-Wl,-non_shared'
0
$ grep -ar gnutls | grep -c '\-Wl,-dn'
0
-Xlinker <option>
$ grep -ar gnutls | grep -c '\-Xlinker -Bstatic'
0
$ grep -ar gnutls | grep -c '\-Xlinker -static'
0
$ grep -ar gnutls | grep -c '\-Xlinker -non_shared'
0
$ grep -ar gnutls | grep -c '\-Xlinker -dn'
0
...
And just in case, considering build logs that might not include
gcc/ld commands but could just mention the word 'static', we've
looked at the source packages in main, and filtered out 'static'
usages that aren't linking related.
The command below resulted in relatively few items, which have
been checked not to be doing static linking to libgnutls28-dev.
$ grep -ar static | sed 's/-enable-static//; s/-disable-static//;
s/-static-libgcc//; s/-Wl,-Bstatic//; s/static flag -static works//;
s/build static libraries//; s/statically linked program can//;
s/disable-static//; s/static const//; s/static int//; s/static GType//;
s/static ConfigOCs//; s/static gboolean//; s/static void//; s/gpgv-
static//g; s/_static//g; s/statically//; s/static volatile//g; s/static-
routes//; s/static lib//; /cups_2.3.1-9ubuntu1.2/d; s/test-static//g;
s/static-nodes//; s/ibft\/static//; s/static analysis tool//;
s/pstat_getstatic//; s/non-static ID//; s/copying static files//;
s/getty-static.service//g; s/kmod-static-nodes.service//g; s/static-
ports.conf//g; s/minimal signature verification tool (static build)//;
s/Creating a static entry subordinate to a dynamic one (should fail)//;
s/Turning a dynamic into a static entry (should fail)//; s/to allow
static and//; s/busybox-static//; s/In static member function//; ' | sed
's/^[^\.]\+\.//; s,[/-][^-]\+-linux-gnu,ARCH-linux-gnu,g;' | sort -u |
grep --color=always static | less -R
** Description changed:
- < IN PROGRESS >
-
[ Impact ]
* On Focal, the TLS 1.3 handshake might fail on strict
(or misbehaving) proprietary firewall/middlebox that
requires a non-empty Session ID (as TLS 1.2) per RFC.
* The RFC specifies the ClientHello should always have
a non-empty session ID, but this _is_ empty in Focal.
* RFC 8446, Appendix D.4. Middlebox Compatibility Mode [1]
"""
... a significant number of middleboxes misbehave
when a TLS client/server pair negotiates TLS 1.3.
... handshake look more like a TLS 1.2 handshake:
- The client always provides a non-empty session ID
in the ClientHello, ...
"""
* Reverse build dependencies that link against the
static libraries in libgnutls28-dev (check needed)
would need No-Change Rebuilds to pick up this fix.
(see `reverse-depends -b -r focal libgnutls28-dev`)
+
+ However, none were found (details in comment #8).
[ Test Plan ]
* Check whether TLS 1.3 handshake has `Session ID:`
- Focal (no):
$ gnutls-cli --priority NORMAL:-VERS-ALL:+VERS-TLS1.3 ubuntu.com </dev/null
...
- Description: (TLS1.3-X.509)-...
- Options:
- Handshake was completed
...
- Jammy (yes):
$ gnutls-cli --priority NORMAL:-VERS-ALL:+VERS-TLS1.3 ubuntu.com </dev/null
...
- Description: (TLS1.3-X.509)-...
- Session ID: CB:7D:DF:...
- Options:
- Handshake was completed
...
* Check tests run at build time (`Testsuite summary for GnuTLS`).
Tests passed per the build log from PPA with test packages:
===================================
Testsuite summary for GnuTLS 3.6.13
===================================
# TOTAL: 25
# PASS: 8
# SKIP: 17
# XFAIL: 0
* Check autopkgtests from gnutls28 against PPA/SRU [4].
Tests passed against PPA with test packages:
autopkgtest [13:47:40]: @@@@@@@@@@@@@@@@@@@@ summary
run-upstream-testsuite PASS
* Check autopkgtests from reverse test triggers against PPA/SRU
$ reverse-depends -b -r focal src:gnutls28
Reverse-Testsuite-Triggers
* ...
* (Internal) Verify the original reporter's proprietary
firewall/middlebox now works with TLS 1.3 from GnuTLS.
There is a test package available in the following ppa:
https://launchpad.net/~mruffell/+archive/ubuntu/sf359157-test
If you install the test package, the session ID is set
correctly.
[ Regression Potential ]
* TLS 1.3 handshake now includes non-empty Session ID
in ClientHello, so there's a behavior change in the
Client side-only, but it does affect how particular
Servers handle the client, depending on Session ID.
* Thus, theoretically, if issues were to occur, that
likely would manifest as client connection errors
with TLS 1.3 (failures would be realized early and
fast), and a workaround available is using TLS 1.2.
* Even though changes to TLS handshake understandably
may be scary (considering the impact of regressions),
the proposed change is specified by the RFC (and is
there to help w/ wider compatibility) and is already
implemented in later versions (3.7.1 in Hirsute [5]).
[ Other Info ]
* Bionic is not impacted (TLS 1.2 only)
* Jammy and later already fixed (TLS 1.3 on GnuTLS 3.7+)
The fixes required are:
commit e0bb98e1f71f94691f600839ff748d3a9f469d3e
Author: Norbert Pocs <npocs at redhat.com>
Date: Fri Oct 30 17:18:30 2020 +0100
Subject: Fix non-empty session id (TLS13_APPENDIX_D4)
Link: https://gitlab.com/gnutls/gnutls/-/commit/e0bb98e1f71f94691f600839ff748d3a9f469d3e
commit 5416fdc259d8df9b797d249f3e5d58789b2e2cf9
Author: Daiki Ueno <ueno at gnu.org>
Date: Wed Feb 3 15:50:08 2021 +0100
Subject: gnutls_session_is_resumed: don't check session ID in TLS 1.3
Link: https://gitlab.com/gnutls/gnutls/-/commit/5416fdc259d8df9b797d249f3e5d58789b2e2cf9
commit 05ee0d49fe93d8812ef220c7b830c4b3553ac4fd
Author: Daiki Ueno <ueno at gnu.org>
Date: Sun Jan 24 07:34:24 2021 +0100
Subject: handshake: TLS 1.3: don't generate session ID in resumption mode
Link: https://gitlab.com/gnutls/gnutls/-/commit/05ee0d49fe93d8812ef220c7b830c4b3553ac4fd
[ Links ]
[1] https://www.rfc-editor.org/rfc/rfc8446#appendix-D.4
[2] https://gitlab.com/gnutls/gnutls/-/commit/e0bb98e1f71f94691f600839ff748d3a9f469d3e
[3] https://gitlab.com/gnutls/gnutls/-/commit/05ee0d49fe93d8812ef220c7b830c4b3553ac4fd
[4] https://autopkgtest.ubuntu.com/packages/g/gnutls28
[5] https://launchpad.net/ubuntu/+source/gnutls28/3.7.1-3ubuntu1
Issue: https://gitlab.com/gnutls/gnutls/-/issues/1074
FixMR: https://gitlab.com/gnutls/gnutls/-/merge_requests/1350
** Description changed:
[ Impact ]
* On Focal, the TLS 1.3 handshake might fail on strict
(or misbehaving) proprietary firewall/middlebox that
requires a non-empty Session ID (as TLS 1.2) per RFC.
* The RFC specifies the ClientHello should always have
a non-empty session ID, but this _is_ empty in Focal.
* RFC 8446, Appendix D.4. Middlebox Compatibility Mode [1]
"""
... a significant number of middleboxes misbehave
when a TLS client/server pair negotiates TLS 1.3.
... handshake look more like a TLS 1.2 handshake:
- The client always provides a non-empty session ID
in the ClientHello, ...
"""
* Reverse build dependencies that link against the
static libraries in libgnutls28-dev (check needed)
would need No-Change Rebuilds to pick up this fix.
(see `reverse-depends -b -r focal libgnutls28-dev`)
- However, none were found (details in comment #8).
+ However, none were found (details in comment #8).
[ Test Plan ]
* Check whether TLS 1.3 handshake has `Session ID:`
- Focal (no):
$ gnutls-cli --priority NORMAL:-VERS-ALL:+VERS-TLS1.3 ubuntu.com </dev/null
...
- Description: (TLS1.3-X.509)-...
- Options:
- Handshake was completed
...
- Jammy (yes):
$ gnutls-cli --priority NORMAL:-VERS-ALL:+VERS-TLS1.3 ubuntu.com </dev/null
...
- Description: (TLS1.3-X.509)-...
- Session ID: CB:7D:DF:...
- Options:
- Handshake was completed
...
* Check tests run at build time (`Testsuite summary for GnuTLS`).
Tests passed per the build log from PPA with test packages:
===================================
Testsuite summary for GnuTLS 3.6.13
===================================
- # TOTAL: 25
- # PASS: 8
- # SKIP: 17
- # XFAIL: 0
* Check autopkgtests from gnutls28 against PPA/SRU [4].
Tests passed against PPA with test packages:
- autopkgtest [13:47:40]: @@@@@@@@@@@@@@@@@@@@ summary
+ autopkgtest [00:30:20]: @@@@@@@@@@@@@@@@@@@@ summary
run-upstream-testsuite PASS
* Check autopkgtests from reverse test triggers against PPA/SRU
$ reverse-depends -b -r focal src:gnutls28
Reverse-Testsuite-Triggers
* ...
* (Internal) Verify the original reporter's proprietary
firewall/middlebox now works with TLS 1.3 from GnuTLS.
There is a test package available in the following ppa:
https://launchpad.net/~mruffell/+archive/ubuntu/sf359157-test
If you install the test package, the session ID is set
correctly.
[ Regression Potential ]
* TLS 1.3 handshake now includes non-empty Session ID
in ClientHello, so there's a behavior change in the
Client side-only, but it does affect how particular
Servers handle the client, depending on Session ID.
* Thus, theoretically, if issues were to occur, that
likely would manifest as client connection errors
with TLS 1.3 (failures would be realized early and
fast), and a workaround available is using TLS 1.2.
* Even though changes to TLS handshake understandably
may be scary (considering the impact of regressions),
the proposed change is specified by the RFC (and is
there to help w/ wider compatibility) and is already
implemented in later versions (3.7.1 in Hirsute [5]).
[ Other Info ]
* Bionic is not impacted (TLS 1.2 only)
* Jammy and later already fixed (TLS 1.3 on GnuTLS 3.7+)
The fixes required are:
commit e0bb98e1f71f94691f600839ff748d3a9f469d3e
Author: Norbert Pocs <npocs at redhat.com>
Date: Fri Oct 30 17:18:30 2020 +0100
Subject: Fix non-empty session id (TLS13_APPENDIX_D4)
Link: https://gitlab.com/gnutls/gnutls/-/commit/e0bb98e1f71f94691f600839ff748d3a9f469d3e
commit 5416fdc259d8df9b797d249f3e5d58789b2e2cf9
Author: Daiki Ueno <ueno at gnu.org>
Date: Wed Feb 3 15:50:08 2021 +0100
Subject: gnutls_session_is_resumed: don't check session ID in TLS 1.3
Link: https://gitlab.com/gnutls/gnutls/-/commit/5416fdc259d8df9b797d249f3e5d58789b2e2cf9
commit 05ee0d49fe93d8812ef220c7b830c4b3553ac4fd
Author: Daiki Ueno <ueno at gnu.org>
Date: Sun Jan 24 07:34:24 2021 +0100
Subject: handshake: TLS 1.3: don't generate session ID in resumption mode
Link: https://gitlab.com/gnutls/gnutls/-/commit/05ee0d49fe93d8812ef220c7b830c4b3553ac4fd
[ Links ]
[1] https://www.rfc-editor.org/rfc/rfc8446#appendix-D.4
[2] https://gitlab.com/gnutls/gnutls/-/commit/e0bb98e1f71f94691f600839ff748d3a9f469d3e
[3] https://gitlab.com/gnutls/gnutls/-/commit/05ee0d49fe93d8812ef220c7b830c4b3553ac4fd
[4] https://autopkgtest.ubuntu.com/packages/g/gnutls28
[5] https://launchpad.net/ubuntu/+source/gnutls28/3.7.1-3ubuntu1
Issue: https://gitlab.com/gnutls/gnutls/-/issues/1074
FixMR: https://gitlab.com/gnutls/gnutls/-/merge_requests/1350
** Description changed:
[ Impact ]
* On Focal, the TLS 1.3 handshake might fail on strict
(or misbehaving) proprietary firewall/middlebox that
requires a non-empty Session ID (as TLS 1.2) per RFC.
* The RFC specifies the ClientHello should always have
a non-empty session ID, but this _is_ empty in Focal.
* RFC 8446, Appendix D.4. Middlebox Compatibility Mode [1]
"""
... a significant number of middleboxes misbehave
when a TLS client/server pair negotiates TLS 1.3.
... handshake look more like a TLS 1.2 handshake:
- The client always provides a non-empty session ID
in the ClientHello, ...
"""
* Reverse build dependencies that link against the
static libraries in libgnutls28-dev (check needed)
would need No-Change Rebuilds to pick up this fix.
(see `reverse-depends -b -r focal libgnutls28-dev`)
However, none were found (details in comment #8).
[ Test Plan ]
* Check whether TLS 1.3 handshake has `Session ID:`
- Focal (no):
$ gnutls-cli --priority NORMAL:-VERS-ALL:+VERS-TLS1.3 ubuntu.com </dev/null
...
- Description: (TLS1.3-X.509)-...
- Options:
- Handshake was completed
...
- Jammy (yes):
$ gnutls-cli --priority NORMAL:-VERS-ALL:+VERS-TLS1.3 ubuntu.com </dev/null
...
- Description: (TLS1.3-X.509)-...
- Session ID: CB:7D:DF:...
- Options:
- Handshake was completed
...
* Check tests run at build time (`Testsuite summary for GnuTLS`).
Tests passed per the build log from PPA with test packages:
===================================
Testsuite summary for GnuTLS 3.6.13
===================================
- * Check autopkgtests from gnutls28 against PPA/SRU [4].
+ * Check autopkgtests from gnutls28 against PPA/SRU [4,6].
Tests passed against PPA with test packages:
autopkgtest [00:30:20]: @@@@@@@@@@@@@@@@@@@@ summary
run-upstream-testsuite PASS
* Check autopkgtests from reverse test triggers against PPA/SRU
$ reverse-depends -b -r focal src:gnutls28
Reverse-Testsuite-Triggers
* ...
* (Internal) Verify the original reporter's proprietary
firewall/middlebox now works with TLS 1.3 from GnuTLS.
There is a test package available in the following ppa:
https://launchpad.net/~mruffell/+archive/ubuntu/sf359157-test
If you install the test package, the session ID is set
correctly.
[ Regression Potential ]
* TLS 1.3 handshake now includes non-empty Session ID
in ClientHello, so there's a behavior change in the
Client side-only, but it does affect how particular
Servers handle the client, depending on Session ID.
* Thus, theoretically, if issues were to occur, that
likely would manifest as client connection errors
with TLS 1.3 (failures would be realized early and
fast), and a workaround available is using TLS 1.2.
* Even though changes to TLS handshake understandably
may be scary (considering the impact of regressions),
the proposed change is specified by the RFC (and is
there to help w/ wider compatibility) and is already
implemented in later versions (3.7.1 in Hirsute [5]).
[ Other Info ]
* Bionic is not impacted (TLS 1.2 only)
* Jammy and later already fixed (TLS 1.3 on GnuTLS 3.7+)
The fixes required are:
commit e0bb98e1f71f94691f600839ff748d3a9f469d3e
Author: Norbert Pocs <npocs at redhat.com>
Date: Fri Oct 30 17:18:30 2020 +0100
Subject: Fix non-empty session id (TLS13_APPENDIX_D4)
Link: https://gitlab.com/gnutls/gnutls/-/commit/e0bb98e1f71f94691f600839ff748d3a9f469d3e
commit 5416fdc259d8df9b797d249f3e5d58789b2e2cf9
Author: Daiki Ueno <ueno at gnu.org>
Date: Wed Feb 3 15:50:08 2021 +0100
Subject: gnutls_session_is_resumed: don't check session ID in TLS 1.3
Link: https://gitlab.com/gnutls/gnutls/-/commit/5416fdc259d8df9b797d249f3e5d58789b2e2cf9
commit 05ee0d49fe93d8812ef220c7b830c4b3553ac4fd
Author: Daiki Ueno <ueno at gnu.org>
Date: Sun Jan 24 07:34:24 2021 +0100
Subject: handshake: TLS 1.3: don't generate session ID in resumption mode
Link: https://gitlab.com/gnutls/gnutls/-/commit/05ee0d49fe93d8812ef220c7b830c4b3553ac4fd
[ Links ]
[1] https://www.rfc-editor.org/rfc/rfc8446#appendix-D.4
[2] https://gitlab.com/gnutls/gnutls/-/commit/e0bb98e1f71f94691f600839ff748d3a9f469d3e
[3] https://gitlab.com/gnutls/gnutls/-/commit/05ee0d49fe93d8812ef220c7b830c4b3553ac4fd
[4] https://autopkgtest.ubuntu.com/packages/g/gnutls28
[5] https://launchpad.net/ubuntu/+source/gnutls28/3.7.1-3ubuntu1
+ [6] https://autopkgtest.ubuntu.com/results/autopkgtest-focal-mruffell-sf359157-test/focal/amd64/g/gnutls28/20230524_003031_dcf0a@/log.gz
Issue: https://gitlab.com/gnutls/gnutls/-/issues/1074
FixMR: https://gitlab.com/gnutls/gnutls/-/merge_requests/1350
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to gnutls28 in Ubuntu.
https://bugs.launchpad.net/bugs/2019094
Title:
[SRU] Focal: TLS 1.3 doesn't work on strict firewall/middlebox
Status in gnutls28 package in Ubuntu:
Invalid
Status in gnutls28 source package in Focal:
In Progress
Bug description:
[ Impact ]
* On Focal, the TLS 1.3 handshake might fail on strict
(or misbehaving) proprietary firewall/middlebox that
requires a non-empty Session ID (as TLS 1.2) per RFC.
* The RFC specifies the ClientHello should always have
a non-empty session ID, but this _is_ empty in Focal.
* RFC 8446, Appendix D.4. Middlebox Compatibility Mode [1]
"""
... a significant number of middleboxes misbehave
when a TLS client/server pair negotiates TLS 1.3.
... handshake look more like a TLS 1.2 handshake:
- The client always provides a non-empty session ID
in the ClientHello, ...
"""
* Reverse build dependencies that link against the
static libraries in libgnutls28-dev (check needed)
would need No-Change Rebuilds to pick up this fix.
(see `reverse-depends -b -r focal libgnutls28-dev`)
However, none were found (details in comment #8).
[ Test Plan ]
* Check whether TLS 1.3 handshake has `Session ID:`
- Focal (no):
$ gnutls-cli --priority NORMAL:-VERS-ALL:+VERS-TLS1.3 ubuntu.com </dev/null
...
- Description: (TLS1.3-X.509)-...
- Options:
- Handshake was completed
...
- Jammy (yes):
$ gnutls-cli --priority NORMAL:-VERS-ALL:+VERS-TLS1.3 ubuntu.com </dev/null
...
- Description: (TLS1.3-X.509)-...
- Session ID: CB:7D:DF:...
- Options:
- Handshake was completed
...
* Check tests run at build time (`Testsuite summary for GnuTLS`).
Tests passed per the build log from PPA with test packages:
===================================
Testsuite summary for GnuTLS 3.6.13
===================================
* Check autopkgtests from gnutls28 against PPA/SRU [4,6].
Tests passed against PPA with test packages:
autopkgtest [00:30:20]: @@@@@@@@@@@@@@@@@@@@ summary
run-upstream-testsuite PASS
* Check autopkgtests from reverse test triggers against PPA/SRU
$ reverse-depends -b -r focal src:gnutls28
Reverse-Testsuite-Triggers
* ...
* (Internal) Verify the original reporter's proprietary
firewall/middlebox now works with TLS 1.3 from GnuTLS.
There is a test package available in the following ppa:
https://launchpad.net/~mruffell/+archive/ubuntu/sf359157-test
If you install the test package, the session ID is set
correctly.
[ Regression Potential ]
* TLS 1.3 handshake now includes non-empty Session ID
in ClientHello, so there's a behavior change in the
Client side-only, but it does affect how particular
Servers handle the client, depending on Session ID.
* Thus, theoretically, if issues were to occur, that
likely would manifest as client connection errors
with TLS 1.3 (failures would be realized early and
fast), and a workaround available is using TLS 1.2.
* Even though changes to TLS handshake understandably
may be scary (considering the impact of regressions),
the proposed change is specified by the RFC (and is
there to help w/ wider compatibility) and is already
implemented in later versions (3.7.1 in Hirsute [5]).
[ Other Info ]
* Bionic is not impacted (TLS 1.2 only)
* Jammy and later already fixed (TLS 1.3 on GnuTLS 3.7+)
The fixes required are:
commit e0bb98e1f71f94691f600839ff748d3a9f469d3e
Author: Norbert Pocs <npocs at redhat.com>
Date: Fri Oct 30 17:18:30 2020 +0100
Subject: Fix non-empty session id (TLS13_APPENDIX_D4)
Link: https://gitlab.com/gnutls/gnutls/-/commit/e0bb98e1f71f94691f600839ff748d3a9f469d3e
commit 5416fdc259d8df9b797d249f3e5d58789b2e2cf9
Author: Daiki Ueno <ueno at gnu.org>
Date: Wed Feb 3 15:50:08 2021 +0100
Subject: gnutls_session_is_resumed: don't check session ID in TLS 1.3
Link: https://gitlab.com/gnutls/gnutls/-/commit/5416fdc259d8df9b797d249f3e5d58789b2e2cf9
commit 05ee0d49fe93d8812ef220c7b830c4b3553ac4fd
Author: Daiki Ueno <ueno at gnu.org>
Date: Sun Jan 24 07:34:24 2021 +0100
Subject: handshake: TLS 1.3: don't generate session ID in resumption mode
Link: https://gitlab.com/gnutls/gnutls/-/commit/05ee0d49fe93d8812ef220c7b830c4b3553ac4fd
[ Links ]
[1] https://www.rfc-editor.org/rfc/rfc8446#appendix-D.4
[2] https://gitlab.com/gnutls/gnutls/-/commit/e0bb98e1f71f94691f600839ff748d3a9f469d3e
[3] https://gitlab.com/gnutls/gnutls/-/commit/05ee0d49fe93d8812ef220c7b830c4b3553ac4fd
[4] https://autopkgtest.ubuntu.com/packages/g/gnutls28
[5] https://launchpad.net/ubuntu/+source/gnutls28/3.7.1-3ubuntu1
[6] https://autopkgtest.ubuntu.com/results/autopkgtest-focal-mruffell-sf359157-test/focal/amd64/g/gnutls28/20230524_003031_dcf0a@/log.gz
Issue: https://gitlab.com/gnutls/gnutls/-/issues/1074
FixMR: https://gitlab.com/gnutls/gnutls/-/merge_requests/1350
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnutls28/+bug/2019094/+subscriptions
More information about the foundations-bugs
mailing list