130 likes | 240 Views
TLS Record Layer Bugs. Pasi.Eronen@nokia.com IETF67 TLS WG. Background. Testing inspired by Yngve’s draft No illegal inputs (overflows etc.). Fragmentation.
E N D
TLS Record Layer Bugs Pasi.Eronen@nokia.comIETF67 TLS WG
Background • Testing inspired by Yngve’s draft • No illegal inputs (overflows etc.)
Fragmentation “multiple client messages of the same ContentType MAY be coalesced into a single TLSPlaintext record, or a single message MAY be fragmented across several records”
Fragmentation: test results • OpenSSL fail • Microsoft IIS fail • Mozilla NSS OK • Certicom OK • GnuTLS OK • Sun JSSE OK • Cryptlib fail • PureTLS fail • TLSLite fail • MatrixSSL fail
Fragmentation: proposal • MUST NOT fragment Handshake, Alert, and CCS messages • Unless larger than max. fragment size • …At least when using TLS_NULL_WITH_NULL_NULL?
Empty fragments: test results • OpenSSL fail • Microsoft IIS fail • Mozilla NSS fail • Certicom OK • GnuTLS OK • Sun JSSE fail • Cryptlib fail • PureTLS fail • TLSLite fail • MatrixSSL fail
Empty fragments: proposal • MUST NOT send empty fragments • … with Handshake/Alert/CCS content type only?
Large padding “padding MAY be any length up to 255 bytes, as long as it results in the TLSCiphertext.length being an integral multiple of the block length”
Large padding: test results • OpenSSL OK • Microsoft IIS OK • Mozilla NSS OK • Certicom OK • GnuTLS OK • Sun JSSE OK • Cryptlib OK • PureTLS OK • TLSLite OK • MatrixSSL fail
Unknown content types “If a TLS implementation receives a record type it does not understand, it SHOULD just ignore it.”
Unknown content: test results • OpenSSL OK • Microsoft IIS fail • Mozilla NSS fail • Certicom fail • GnuTLS fail • Sun JSSE OK • Cryptlib fail • PureTLS fail • TLSLite fail • MatrixSSL fail
Unknown content: proposal • MUST NOT send other content types except when negotiated using a TLS extension
Summary • I have some more tests… • Anyone interested in more testing? • SSL accelerator boxes? • Lotus Domino?