Skip to content

crypto/tls: missing check for versions offered in ClientHello when using QUIC #63723

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
marten-seemann opened this issue Oct 25, 2023 · 3 comments
Closed

crypto/tls: missing check for versions offered in ClientHello when using QUIC #63723

marten-seemann opened this issue Oct 25, 2023 · 3 comments
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.

Comments

@marten-seemann
Copy link
Contributor

What version of Go are you using (go version)?

$ go version
go version go1.21.0 darwin/arm64

Does this issue reproduce with the latest release?

Yes

What did you do?

RFC 9001 Section 4.2 requires the server to check the client's offered TLS versions:

Clients MUST NOT offer TLS versions older than 1.3.

What did you expect to see?

I expected crypto/tls to perform this required check.

What did you see instead?

It didn't.
@gopherbot
Copy link
Contributor

Change https://go.dev/cl/537576 mentions this issue: crypto/tls: check client's supported versions when using QUIC

@marten-seemann marten-seemann mentioned this issue Oct 25, 2023
Merged
@dr2chase
Copy link
Contributor

@neild this seems related to #63722

@dr2chase dr2chase added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Oct 25, 2023
@marten-seemann
Copy link
Contributor Author

As I pointed out in https://go-review.googlesource.com/c/go/+/537576/comments/da21b228_b5c4580f, the current check for Config.MinVersion in QUICConn.Start is not sufficient to prevent a version older than TLS 1.3 from being negotiated if GetConfigForClient returns a Config that doesn't set the TLS 1.3 as the MinVersion.

@golang golang locked and limited conversation to collaborators Nov 20, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@marten-seemann @dr2chase @gopherbot