[Bug]: ClientHello's handshake version issue
SmallTown123 opened this issue · comments
Contact Details
Version
5.5.1
Description
We found that the handshake version field of TLS1.3 can only be 0x0303, and will respond with an Alert message for any other content, is this a compatibility issue with other TLS implementation libraries?
Reproduction steps
No response
Relevant log output
No response
Hi @SmallTown123 ,
My name is Anthony and I am a member of the wolfSSL team. Please see the RFC for TLS 1.3: https://datatracker.ietf.org/doc/html/rfc8446#section-4.1.2
In particular, I will quote a specific passage:
legacy_version: In previous versions of TLS, this field was used for
version negotiation and represented the highest version number
supported by the client. Experience has shown that many servers
do not properly implement version negotiation, leading to "version
intolerance" in which the server rejects an otherwise acceptable
ClientHello with a version number higher than it supports. In
TLS 1.3, the client indicates its version preferences in the
"supported_versions" extension (Section 4.2.1) and the
legacy_version field MUST be set to 0x0303, which is the version
number for TLS 1.2. TLS 1.3 ClientHellos are identified as having
a legacy_version of 0x0303 and a supported_versions extension
present with 0x0304 as the highest version indicated therein.
(See Appendix D for details about backward compatibility.)
So this is required to be this way.
I hope this helps. Please let me know if you need more clarifications.
Warm regards, Anthony
May ask, can you please let us know a bit about yourself and your project? Is this project academic, professional or personal? We love to know how people are using our software so please feel free to let us know as much as you care to share.
Warm regards, Anthony
Hi, Anthony. Thanks for your reply, we are using a deep differential fuzzing framework TLS-DeepDiffer, but sorry the work is not yet published and we are not yet able to provide more detailed information, we will get in touch with you if we have more security findings, thanks.
After your analysis, we feel that there may be some problems with other TLS implementation libraries in this regard, thanks!
Excellent. When you are able to show us your published work, please send a message to "facts at wolfssl.com" and "anthony at wolfssl.com". I will now proceed to close this issue.
Warm regards, Anthony
I think wolfSSL and OpenSSL can agree to different approaches. We are a bit more strict about how we approach this. OpenSSL team chooses to be a bit more relaxed. That's fine.