Comments (5)
I think we're in the wrong here. I think this text from NIST:
To mitigate this failure, the server shall either: 1) maintain the trust anchors of the various
PKIs whose subscribers are the potential clients for the server and include them in the hints list
or 2) be configured to send an empty hints list (...)
Is talking only in terms of TLS1.2, where certificate_authorities
is required to be present by the encoding, but can be empty:
struct {
ClientCertificateType certificate_types<1..2^8-1>;
SignatureAndHashAlgorithm
supported_signature_algorithms<2^16-1>;
DistinguishedName certificate_authorities<0..2^16-1>;
} CertificateRequest;
However, in TLS1.3 it is in an extension which is defined:
opaque DistinguishedName<1..2^16-1>;
struct {
DistinguishedName authorities<3..2^16-1>;
} CertificateAuthoritiesExtension;
(the 1 in DistinguishedName
means each entry should be non-empty, the 3 in authorities
means at least one entry.)
Will do a PR to fix this shortly.
from rustls.
Interesting, thanks for filing a bug (both here and w/ OpenJDK)!
I'm about to log out for the evening but the change to allow an empty list was motivated by NIST.SP.800-52r2 3.5.4 "Server Hints List" where it says (emphasis mine):
To mitigate this failure, the server shall either: 1) maintain the trust anchors of the various
PKIs whose subscribers are the potential clients for the server and include them in the hints list
or 2) be configured to send an empty hints list so that the client can always provide a certificate it
possesses. The hints list shall be distinct from the serverβs trust anchor store.
That citation might be helpful context for the Java folks. (Edit: there's also some additional discussion in #1549)
And Java's implementation is supported by following words in the RFC
Since the RFC language in 8446 4.4.2.3 is a SHOULD I don't think the Java position to consider the extension invalid is supported by the text you're citing. π€
All that said: I think we added this feature fairly speculatively. If it's causing broad incompatibility with Java it makes sense to revisit!
See my repo: https://github.com/Taowyoo/java-tls13-bug
One other question. In this repo you're explicitly not sending any hints. Wouldn't it be appropriate in this circumstance to be doing what the webpki verifier does by default and populating the hints based on the trust store you use to verify client certificates?
It sounds like the incompatibility is specific to avoiding sending any hints and so I'm hoping you can help explain the motivation for that choice since it's not the default for Rustls own verifier implementations (and apparently causes compatibility issues π )
from rustls.
I'm about to log out for the evening but the change to allow an empty list was motivated by NIST.SP.800-52r2 3.5.4 "Server Hints List" where it says (emphasis mine):
Yes! This will help a lot when try to convince Java folks to accept the change.
Since the RFC language in 8446 4.4.2.3 is a SHOULD I don't think the Java position to consider the extension invalid is supported by the text you're citing. π€
Thank you for explaining the meaning of SHOULD.
It sounds like the incompatibility is specific to avoiding sending any hints and so I'm hoping you can help explain the motivation for that choice since it's not the default for Rustls own verifier implementations (and apparently causes compatibility issues π )
The use case is exactly same as your words in original commit:
In some circumstances the server may want the client to send whatever
client certificate it has on hand with no help from the server hints to
decide which will be appropriate.
Our use case is checking peer's certificate with special extension only when server name in SNI matches.
from rustls.
Wouldn't it be appropriate in this circumstance to be doing what the webpki verifier does by default and populating the hints based on the trust store you use to verify client certificates?
...
It sounds like the incompatibility is specific to avoiding sending any hints and so I'm hoping you can help explain the motivation for that choice
Maybe this is something like a (dangerous) configuration where any client certificate is accepted unconditionally and there are no trust anchors in play?
from rustls.
Ahhh! Yes ok, I'm swayed by that argument π Thanks @ctz
from rustls.
Related Issues (20)
- ERR_INVALID_HTTP_RESPONSE HOT 9
- v0.22 breaks backward compatibility HOT 3
- mtls doesn't prompt browser for certificate HOT 7
- how to upgrade to v0.22 in this code? HOT 12
- PrivateKeyDer support for pkcs11 / ccid HOT 3
- Client handshake succeeds in TLS 1.3 even though the server has rejected the certificate HOT 7
- Internal buffer size question and related issue HOT 1
- Can someone explain what this library is for? HOT 13
- `get_sni_extension` is no longer public which breaks our application HOT 6
- Support jemalloc for benchmarks
- reduce bifurcation of library internals by using low-level API in high-level API HOT 8
- Noticeable performance degradation from 0.21 to 0.22 HOT 2
- How can I explicitly disable TLS 1.3 in the config builder API and/or improve logging? HOT 2
- Please provide ClientConfig/ServerConfig functions that use an enabled CryptoProvider automatically HOT 7
- Compile error when target is wasm HOT 2
- Address difficulty upgrading between versions HOT 9
- Weird BoGo failure related with EarlyData HOT 1
- TLS1.3 performance problem HOT 8
- Request for Information on Dedicated discussion Channel for Rustls like Element.io or Discord Alternatives? HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from rustls.