From: Mats Klepsland Date: Mon, 29 Oct 2018 20:20:33 +0000 (+0100) Subject: app-layer-ssl: add 0-RTT support for TLSv1.3 X-Git-Tag: suricata-4.1.0~46 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3b73b7d542466ec0d6f4b581627bdc2581275596;p=thirdparty%2Fsuricata.git app-layer-ssl: add 0-RTT support for TLSv1.3 --- diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c index d2a0cc3022..e9f431e6f8 100644 --- a/src/app-layer-ssl.c +++ b/src/app-layer-ssl.c @@ -2208,6 +2208,14 @@ static int SSLv3Decode(uint8_t direction, SSLState *ssl_state, break; case SSLV3_APPLICATION_PROTOCOL: + /* In TLSv1.3 early data (0-RTT) could be sent before the + handshake is complete (rfc8446, section 2.3). We should + therefore not mark the handshake as done before we have + seen the ServerHello record. */ + if ((ssl_state->flags & SSL_AL_FLAG_EARLY_DATA) && + ((ssl_state->flags & SSL_AL_FLAG_STATE_SERVER_HELLO) == 0)) + break; + if ((ssl_state->flags & SSL_AL_FLAG_CLIENT_CHANGE_CIPHER_SPEC) && (ssl_state->flags & SSL_AL_FLAG_SERVER_CHANGE_CIPHER_SPEC)) { @@ -2234,8 +2242,16 @@ static int SSLv3Decode(uint8_t direction, SSLState *ssl_state, break; case SSLV3_HANDSHAKE_PROTOCOL: - if (ssl_state->flags & SSL_AL_FLAG_CHANGE_CIPHER_SPEC) - break; + if (ssl_state->flags & SSL_AL_FLAG_CHANGE_CIPHER_SPEC) { + /* In TLSv1.3, ChangeCipherSpec is only used for middlebox + compability (rfc8446, appendix D.4). */ + if ((ssl_state->client_connp.version > TLS_VERSION_12) && + ((ssl_state->flags & SSL_AL_FLAG_STATE_SERVER_HELLO) == 0)) { + /* do nothing */ + } else { + break; + } + } if (ssl_state->curr_connp->record_length < 4) { SSLParserReset(ssl_state);