Kamil Dudka wrote:
>> You're right, for NSS this is currently the only viable solution to turn
>> off TLS extensions in the ClientHello in NSS. Maybe NSS should add
>> support for setting another option for an SSL socket, something like
>> SSL_DISABLE_TLS_EXTENSIONS... What about your contacts to the NSS people
>
> I'll check their bugzilla and perhaps fill a bug requesting this. But prepare
> yourself to answer possible questions since I am not familiar with the
> SSL/TLS
> terminology at all ;-)
Would you be able/willing to compile curl against a patched version of
NSS? The attached diff is a first try to add an
SSL_DISABLE_TLS_EXTENSIONS option to NSS... in lib/nss.c, you could then
simply turn them off with
if (data->state.tls_broken_server
&& SSL_OptionSet(model, SSL_DISABLE_TLS_EXTENSIONS, PR_TRUE))
goto error;
(you wouldn't have to turn "tlsv1" off, and the SSL_V2_COMPATIBLE_HELLO
line can also be left as is)
>> within Redhat (Elio, Bob, ...), would they listen to you and make sure
>> that this happens "reasonably soon"? ;-)
>
> They'll also listen to you. AFAICT the NSS development is not controlled
> by RH. The final decision usually hangs on Nelson Bolyard who has nothing
> to do with RH. But he is fairly openminded to good ideas.
Correct, it won't really be possible without Nelson's blessing (he's
MisterSSL, after all). But if the feature request comes from one of
NSS's "sponsors" (= RH + Sun), then it might have more weight.
> From their perspective, Firefox works, no bugs are filled by users in regard
> to this aspect ... I don't think there is a good chance to implement such
> extension right now.
As a short-term fix, falling back to SSL 3.0 is certainly a working
solution. But when TLS extensions become more common, I would expect
interoperability issues to do so as well - and that's why I think it
would be useful to have an option of turning them off completely in NSS
(something which curl could also expose through a command-line option,
if desired).
Kaspar
Index: ssl.h
===================================================================
RCS file: /cvsroot/mozilla/security/nss/lib/ssl/ssl.h,v
retrieving revision 1.28
diff -u -r1.28 ssl.h
--- ssl.h 6 Mar 2008 20:16:22 -0000 1.28
+++ ssl.h 21 Oct 2009 12:15:35 -0000
@@ -114,6 +114,8 @@
#define SSL_NO_LOCKS 17 /* Don't use locks for protection */
#define SSL_ENABLE_SESSION_TICKETS 18 /* Enable TLS SessionTicket */
/* extension (off by default) */
+#define SSL_DISABLE_TLS_EXTENSIONS 19 /* Disable TLS extensions */
+ /* completely (off by default) */
#ifdef SSL_DEPRECATED_FUNCTION
/* Old deprecated function names */
Index: ssl3con.c
===================================================================
RCS file: /cvsroot/mozilla/security/nss/lib/ssl/ssl3con.c,v
retrieving revision 1.117
diff -u -r1.117 ssl3con.c
--- ssl3con.c 16 Oct 2009 17:45:35 -0000 1.117
+++ ssl3con.c 21 Oct 2009 12:15:36 -0000
@@ -3642,7 +3642,8 @@
if (!num_suites)
return SECFailure; /* ssl3_config_match_init has set error code. */
- if (ss->opt.enableTLS && ss->version > SSL_LIBRARY_VERSION_3_0) {
+ if (ss->opt.enableTLS && !ss->opt.disableTLSExtensions &&
+ ss->version > SSL_LIBRARY_VERSION_3_0) {
PRUint32 maxBytes = 65535; /* 2^16 - 1 */
PRInt32 extLen;
@@ -4687,7 +4688,7 @@
* such stuff in the interest of maximal interoperability (being
* "generous in what you accept").
*/
- if (isTLS && length != 0) {
+ if (isTLS && length != 0 && !ss->opt.disableTLSExtensions) {
SECItem extensions;
rv = ssl3_ConsumeHandshakeVariable(ss, &extensions, 2, &b, &length);
if (rv != SECSuccess || length != 0)
@@ -5664,7 +5665,7 @@
* of interoperability (and backwards compatibility).
*/
- if (length) {
+ if (length && !ss->opt.disableTLSExtensions) {
/* Get length of hello extensions */
PRInt32 extension_length;
extension_length = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length);
Index: sslimpl.h
===================================================================
RCS file: /cvsroot/mozilla/security/nss/lib/ssl/sslimpl.h,v
retrieving revision 1.66
diff -u -r1.66 sslimpl.h
--- sslimpl.h 17 Dec 2008 06:09:19 -0000 1.66
+++ sslimpl.h 21 Oct 2009 12:15:36 -0000
@@ -334,6 +334,7 @@
unsigned int bypassPKCS11 : 1; /* 16 */
unsigned int noLocks : 1; /* 17 */
unsigned int enableSessionTickets : 1; /* 18 */
+ unsigned int disableTLSExtensions : 1; /* 19 */
} sslOptions;
typedef enum { sslHandshakingUndetermined = 0,
Index: sslsock.c
===================================================================
RCS file: /cvsroot/mozilla/security/nss/lib/ssl/sslsock.c,v
retrieving revision 1.57
diff -u -r1.57 sslsock.c
--- sslsock.c 9 Apr 2009 01:46:22 -0000 1.57
+++ sslsock.c 21 Oct 2009 12:15:36 -0000
@@ -180,6 +180,7 @@
PR_FALSE, /* bypassPKCS11 */
PR_FALSE, /* noLocks */
PR_FALSE, /* enableSessionTickets */
+ PR_FALSE /* disableTLSExtensions */
};
sslSessionIDLookupFunc ssl_sid_lookup;
@@ -703,6 +704,14 @@
case SSL_ENABLE_SESSION_TICKETS:
ss->opt.enableSessionTickets = on;
+ if (on)
+ ss->opt.disableTLSExtensions = PR_FALSE;
+ break;
+
+ case SSL_DISABLE_TLS_EXTENSIONS:
+ ss->opt.disableTLSExtensions = on;
+ if (on)
+ ss->opt.enableSessionTickets = PR_FALSE;
break;
default:
@@ -763,6 +772,9 @@
case SSL_ENABLE_SESSION_TICKETS:
on = ss->opt.enableSessionTickets;
break;
+ case SSL_DISABLE_TLS_EXTENSIONS:
+ on = ss->opt.disableTLSExtensions;
+ break;
default:
PORT_SetError(SEC_ERROR_INVALID_ARGS);
@@ -807,6 +819,9 @@
case SSL_ENABLE_SESSION_TICKETS:
on = ssl_defaults.enableSessionTickets;
break;
+ case SSL_DISABLE_TLS_EXTENSIONS:
+ on = ssl_defaults.disableTLSExtensions;
+ break;
default:
PORT_SetError(SEC_ERROR_INVALID_ARGS);
@@ -936,6 +951,14 @@
case SSL_ENABLE_SESSION_TICKETS:
ssl_defaults.enableSessionTickets = on;
+ if (on)
+ ssl_defaults.disableTLSExtensions = PR_FALSE;
+ break;
+
+ case SSL_DISABLE_TLS_EXTENSIONS:
+ ssl_defaults.disableTLSExtensions = on;
+ if (on)
+ ssl_defaults.enableSessionTickets = PR_FALSE;
break;
default:
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
