Skip to content

Comments

Fail immediately if we have no key shares to send#28283

Closed
mattcaswell wants to merge 3 commits intoopenssl:masterfrom
mattcaswell:no-empty-keyshare
Closed

Fail immediately if we have no key shares to send#28283
mattcaswell wants to merge 3 commits intoopenssl:masterfrom
mattcaswell:no-empty-keyshare

Conversation

@mattcaswell
Copy link
Member

@mattcaswell mattcaswell commented Aug 15, 2025

If we are configured in such a way that we have no valid key shares to
send in the ClientHello we should immediately abort the connection.

Fixes #28281

@mattcaswell
Fail immediately if we have no key shares to send
40480fc 
If we are configured in such a way that we have no valid key shares to
send in the ClientHello we should immediately abort the connection.

Fixes openssl#28281
@mattcaswell
Test setting a client to send a key share not allowed in TLSv1.3
e251b4d
@mattcaswell mattcaswell added branch: master Applies to master branch approval: review pending This pull request needs review by a committer triaged: bug The issue/pr is/fixes a bug severity: regression The issue/pr is a regression from previous released version tests: present The PR has suitable tests present branch: 3.5 Applies to openssl-3.5 labels Aug 15, 2025
@mattcaswell mattcaswell mentioned this pull request Aug 15, 2025
Closed
@kroeckx
Copy link
Member

kroeckx commented Aug 16, 2025

I think key share is TLS 1.3 only. Are there no possibilities to negotiate TLS 1.2 with what is configured?

@paulidale paulidale added approval: done This pull request has the required number of approvals and removed approval: review pending This pull request needs review by a committer labels Aug 17, 2025
@mattcaswell
Copy link
Member Author

mattcaswell commented Aug 18, 2025

I think key share is TLS 1.3 only.

It is.

Are there no possibilities to negotiate TLS 1.2 with what is configured?

If the client additionally set a max protocol version of TLSv1.2 to suppress the attempt to send a key share, then a connection could be achieved (and this PR would not prevent that). But attempting to send an empty key share makes no sense to me (this is not something we've ever supported).

@kroeckx
Copy link
Member

kroeckx commented Aug 18, 2025

I assume the server not supporting TLS 1.3 would also make it work.

@kroeckx
Copy link
Member

kroeckx commented Aug 18, 2025

But I'm fine with giving an error

@mattcaswell
Copy link
Member Author

mattcaswell commented Aug 18, 2025

I assume the server not supporting TLS 1.3 would also make it work.

Indeed. But of course we cannot know what the server will do from the client side. So we really should not create a ClientHello with a key share extension that we are not prepared to work with if the server does select TLSv1.3

@openssl-machine
Copy link
Collaborator

openssl-machine commented Aug 18, 2025

24 hours has passed since 'approval: done' was set, but as this PR has been updated in that time the label 'approval: ready to merge' is not being automatically set. Please review the updates and set the label manually.

@mattcaswell mattcaswell added approval: ready to merge The 24 hour grace period has passed, ready to merge and removed approval: done This pull request has the required number of approvals labels Aug 19, 2025
@mattcaswell
Copy link
Member Author

mattcaswell commented Aug 20, 2025

Pushed to master/3.5. Thanks for the reviews.

openssl-machine pushed a commit that referenced this pull request Aug 20, 2025
@mattcaswell
Fail immediately if we have no key shares to send
610cc1e 
If we are configured in such a way that we have no valid key shares to
send in the ClientHello we should immediately abort the connection.

Fixes #28281

Reviewed-by: Neil Horman <[email protected]>
Reviewed-by: Hugo Landau <[email protected]>
Reviewed-by: Paul Dale <[email protected]>
(Merged from #28283)

(cherry picked from commit 47b0f17)
openssl-machine pushed a commit that referenced this pull request Aug 20, 2025
@mattcaswell
Test setting a client to send a key share not allowed in TLSv1.3
a7f52c9 
Reviewed-by: Neil Horman <[email protected]>
Reviewed-by: Hugo Landau <[email protected]>
Reviewed-by: Paul Dale <[email protected]>
(Merged from #28283)

(cherry picked from commit 9226b3e)
openssl-machine pushed a commit that referenced this pull request Aug 20, 2025
@mattcaswell
Fail immediately if we have no key shares to send
47b0f17 
If we are configured in such a way that we have no valid key shares to
send in the ClientHello we should immediately abort the connection.

Fixes #28281

Reviewed-by: Neil Horman <[email protected]>
Reviewed-by: Hugo Landau <[email protected]>
Reviewed-by: Paul Dale <[email protected]>
(Merged from #28283)
openssl-machine pushed a commit that referenced this pull request Aug 20, 2025
@mattcaswell
Test setting a client to send a key share not allowed in TLSv1.3
9226b3e 
Reviewed-by: Neil Horman <[email protected]>
Reviewed-by: Hugo Landau <[email protected]>
Reviewed-by: Paul Dale <[email protected]>
(Merged from #28283)
@esyr esyr mentioned this pull request Sep 15, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nhorman nhorman nhorman approved these changes

@paulidale paulidale paulidale approved these changes

+1 more reviewer

@hlandau hlandau hlandau approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

approval: ready to merge The 24 hour grace period has passed, ready to merge branch: master Applies to master branch branch: 3.5 Applies to openssl-3.5 severity: regression The issue/pr is a regression from previous released version tests: present The PR has suitable tests present triaged: bug The issue/pr is/fixes a bug

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

TLS-1.2 Brainpool keyshare aborts TLS-1.3 connection

6 participants

@mattcaswell @kroeckx @openssl-machine @nhorman @hlandau @paulidale