On Sat, Jun 07, 2014, Doug Smith wrote:
> All,
>
> Running into an issue with OpenSSL 1.0.1h and EAP-FAST/wpa_supplicant TLS
> session resumption.
>
> CVE-2014-0224 code added code to reject the ChangeCipherSpec message if it is
> received in incorrect order.
> Normally the TLS client sends the Finished message before the
> ChangeCipherSpec message is received from the server.
> The 1.0.1h code now appears to set a flag SSL3_FLAGS_CCX_OK when Finished is
> sent by the client.
> And the code checks this flag when the ChangeCipherSpec message is received;
> rejecting the CCS packet if the flag isn't set.
>
> Unfortunately for TLS session resumption, the server sends the
> ChangeCipherSpec *before* the client sends the Finished message.
> (See figure 2 of RFC4507 -- http://tools.ietf.org/html/rfc4507)
> This is resulting in the ChangeCipherSpec packet being rejected for EAP-FAST
> session resumption because the SSL3_FLAGS_CCS_OK isn't set.
>
> Any guidance would be appreciated.
>
> Thanks,
> Doug
>
> Note: EAP-FAST uses the SSL_set_session_ticket_ext...() functions to set the
> session ticket that is used for TLS session resumption.
>
I think from your message you're getting the error on the client?
If so try this patch:
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 34efff8..cd43873 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -1037,6 +1037,7 @@ int ssl3_get_server_hello(SSL *s)
{
s->session->cipher = pref_cipher ?
pref_cipher : ssl_get_cipher_by_char(s, p+j);
+ s->s3->flags |= SSL3_FLAGS_CCS_OK;
}
}
If you get the error message on the server or get it after applying that
patch let me know.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
