initial config influences negotiation when using client hello config resolution
jmayclin opened this issue · comments
Problem:
Customers commonly want to configure a config based on the presented SNI. For example, setting different security policies or different certificates based on SNI. Our client-hello-config-resolution example shows how to set this up.
The example includes the following comment
While this is true in the general case, there are some suprising side effects that we either need to change or document.
We call the client-hello-cb at the end of s2n_client_hello_recv, but s2n_parse_client_hello
is called with the initial config. s2n_parse_client_hello
relies on the initial config in two places.
SSLv2 Client Hellos
As part of parse_client_hello, we handle SSLv2 client hellos. We reject some of the SSLv2 formatted client hellos based off of the supported version of the security policy on the initial client hello.
s2n-tls/tls/s2n_client_hello.c
Lines 814 to 831 in 4dae2b2
Default Curve
If the client doesn't explicitly specify the supported elliptic curves, s2n-tls will choose the default based on the curves in the initial config.
s2n-tls/tls/s2n_client_hello.c
Lines 474 to 500 in 4dae2b2
Solution:
Option 1
Make no mutating actions until after the client hello callback has been called. This is a conceptually cleaner approach that is significantly easier to reason about.
Option 2
Document the tricky things.