Issue metadata
Sign in to add a comment
|
Server Hello causes error in BoringSSL
Reported by
t...@ritter.vg,
Aug 15
|
||||||||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:62.0) Gecko/20100101 Firefox/62.0 Example URL: https://anonymity.is Steps to reproduce the problem: 1. Try to go to https://anonymity.is - it should fail 2. Try to go to https://rittervg.com - it should succeed What is the expected behavior? It never fails What went wrong? It doesn't work. Using net-internals, I traced it to something in the Server Hello, but it's unclear what exactly the problem is. Did this work before? Yes Chrome version: 70.0.3523.0 Channel: canary OS Version: OS X 10.13 Flash Version: rittervg.com and anonymity.is are vhosts of ritter.vg on the same box and are configured identically. The only thing that should be different between them is the Certificate and the SCTs returned in the handshake. It's possible something is wrong in one of those (especially the SCTs), but other browsers can connect fine and wireshark can decode everything so it seems like BoringSSL ought to not fail so spectacularly?
,
Aug 15
I knew this seemed familiar! You appear to have run into this before over at issue #700047 . :-)
,
Aug 15
Uhg. I'm sorry. I can't close this myself, but please do.
,
Aug 15
|
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by davidben@chromium.org
, Aug 15Labels: Needs-Feedback
There's a syntax error in anonymity.is's ServerHello. Specifically, it appears to be sending an SCT extension with body "\x00\x00". That is, for this structure: struct { SerializedSCT sct_list <1..2^16-1>; } SignedCertificateTimestampList; https://tools.ietf.org/html/rfc6962#section-3.3 It is sending an empty sct_list field. This is invalid. The "1" means that the minimum byte length is one, that is, if you don't have SCTs to send, you should omit the SCT extension rather than sending an empty one. BoringSSL is, accordingly, rejecting the ServerHello. What server software are you running? Is it expected that you're not configuring any SCTs on anonymity.is. That appears to be what's happening.