ssl_tls13_parse_client_hello() does not handle legacy_compression_methods properly #9243
Labels
Comments
This was referenced Jun 11, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Summary
ssl_tls13_parse_client_hello() assumes legacy_compression_methods length will always be zero which is true for TLS 1.3 However if TLS 1.3 is enabled by default all clientHello requests (including TLS 1.2 requests) will go to ssl_tls13_parse_client_hello() first and then passed to TLS 1.2 parsing function later but processing legacy_compression_methods happens earlier so it might be not zero if it's a TLS 1.2 request.
System information
Mbed TLS version (number or commit id): 3.6.0
Operating system and version: all
Configuration (if not default, please attach
mbedtls_config.h): defualtCompiler and options (if you used a pre-built binary, please indicate how you obtained it): N/A
Additional environment information:
Expected behavior
ssl_tls13_parse_client_hello() returns SSL_CLIENT_HELLO_TLS1_2 if legacy_compression_methods wasn't zero
Actual behavior
ssl_tls13_parse_client_hello() continues normally but parsing of subsequent data is wrong.
Steps to reproduce
send TLS 1.2 ClientHello request with non zero legacy_compression_methods
Additional information
The text was updated successfully, but these errors were encountered: