On 09/18/2017 01:07 AM, Mahesh Bhoothapuri wrote: > > Hi, > > I am sending a Tls 1.3 client hello, and am seeing an issue with > > ossl_statem_client_write_transition in statem_clnt.c. > > > /* > * Note that immediately before/after a ClientHello we don't know what > * version we are going to negotiate yet, so we don't take this > branch until > * later > */ > > /* > * ossl_statem_client_write_transition() works out what handshake state to > * move to next when the client is writing messages to be sent to the > server. > */ > WRITE_TRAN ossl_statem_client_write_transition(SSL *s) > { > > if (SSL_IS_TLS13(s)) > return ossl_statem_client13_write_transition(s); > } > > And in: > > > /* > * ossl_statem_client_write_transition() works out what handshake state to > * move to next when the client is writing messages to be sent to the > server. > */ > WRITE_TRAN ossl_statem_client_write_transition(SSL *s) > { > > /* > * Note: There are no cases for TLS_ST_BEFORE because we haven't > negotiated > * TLSv1.3 yet at that point. They are handled by > * ossl_statem_client_write_transition(). > */ > > switch (st->hand_state) { > default: > /* Shouldn't happen */ > return WRITE_TRAN_ERROR; > > } > > With a TLS 1.3 client hello, using tls 1.3 version, the st->hand_state is
Sorry, I just want to clarify what you are doing -- are you taking SSL_CTX_new(TLS_method()) and then calling SSL_CTX_set_min_proto_version(ctx, TLS1_3_VERSION) and SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION)? I note that there is no version-specific TLSv1_3_method() available, and in any case, it's of questionable wisdom to attempt to force TLS 1.3 only while the specification is still in draft status -- in any case where the client and server implementations are not tightly controlled, negotiation failures seem quite likely. > TLS_ST_BEFORE and so, the default error is returned. > > When I added : > > case TLS_ST_BEFORE: > st->hand_state = TLS_ST_CW_CLNT_HELLO; > return WRITE_TRAN_CONTINUE; > The reason there is not currently a case for TLS_ST_BEFORE is that whether or not we're going to be using TLS 1.3 is supposed to be determined on the server as part of version negotiation, so when we're sending a ClientHello, our version is in an indeterminate status -- the general-purpose TLS method must be used at that part of the handshake. > The client hello gets sent out, but I only saw a TLS 1.2 version being > sent. > Is this a bug? The legacy_version field in a TLS 1.3 ClientHello will be 0x0303, matching the historical value for TLS 1.2. The actual list of versions are conveyed in a "supported_versions" extension, which is what you need to be looking at. -Ben
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev