From: Daiki Ueno <ueno@gnu.org>
To: "Ludovic Courtès" <ludo@gnu.org>
Cc: 49035@debbugs.gnu.org, Emmanuel Agullo <emmanuel.agullo@inria.fr>,
gnutls-help@lists.gnutls.org
Subject: bug#49035: [gnutls-help] TLS downgrade at bitbucket.org
Date: Sat, 19 Jun 2021 17:17:30 +0200 [thread overview]
Message-ID: <87tultyjcl.fsf-ueno@gnu.org> (raw)
In-Reply-To: <87eed2re43.fsf_-_@gnu.org> ("Ludovic Courtès"'s message of "Tue, 15 Jun 2021 23:51:08 +0200")
Ludovic Courtès <ludo@gnu.org> writes:
> $ gnutls-cli --priority="NORMAL:-ARCFOUR-128:-CTYPE-ALL:+CTYPE-X509:-VERS-SSL3.0:-VERS-TLS-ALL:+VERS-TLS1.0:+VERS-TLS1.1:+VERS-TLS1.2:+VERS-TLS1.3" -p https bitbucket.org
> Processed 444 CA certificate(s).
> Resolving 'bitbucket.org:https'...
> Connecting to '2406:da00:ff00::6b17:d1f5:443'...
> |<1>| Detected downgrade to TLS 1.2 from TLS 1.3
> *** Fatal error: An illegal parameter has been received.
[...]
> The key thing here is “Detected downgrade to TLS 1.2 from TLS 1.3”.
>
> Why is a downgrade detected when using the most explicit priority
> string and not when using the shorter string?
I would say this is an expected behavior when the TLS downgrade
protection mechanism[1] is in action. What happens is as follows:
- the client advertises TLS 1.0, TLS 1.1, TLS 1.2, and TLS 1.3 (in this
order) in the supported_versions extension
- the server skips TLS 1.0 and TLS 1.1 (maybe it's disabled), sees TLS
1.2 first in supported_versions, then TLS 1.3; while it also supports
TLS 1.3, as TLS 1.2 has precedence and it selects TLS 1.2 and sends
the downgrade sentinel in server_random
- the client sees the sentinel while TLS 1.3 is enabled, treats it as an
unwanted protocol downgrade
> Aren’t these two priority strings supposed to be equivalent today?
No. If -VERS-TLS-ALL is used, the default priorities on TLS versions in
NORMAL are ignored; the user is responsible for building the priority
string so it reflects the actual preference, which in this case is:
-VERS-TLS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0
Footnotes:
[1] https://datatracker.ietf.org/doc/html/rfc8446#section-4.1.3
Regards,
--
Daiki Ueno
next prev parent reply other threads:[~2021-06-20 12:30 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-15 9:16 bug#49035: Git 2.32.0 fails with ‘gnutls_handshake’ error Ludovic Courtès
2021-06-15 12:38 ` Ludovic Courtès
2021-06-15 21:51 ` bug#49035: TLS downgrade at bitbucket.org Ludovic Courtès
2021-06-18 12:10 ` bug#49035: Git 2.32.0 fails with ‘gnutls_handshake’ error Ludovic Courtès
2021-06-18 15:43 ` Ludovic Courtès
2021-06-19 15:17 ` Daiki Ueno [this message]
2021-06-20 21:26 ` bug#49035: [gnutls-help] TLS downgrade at bitbucket.org Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87tultyjcl.fsf-ueno@gnu.org \
--to=ueno@gnu.org \
--cc=49035@debbugs.gnu.org \
--cc=emmanuel.agullo@inria.fr \
--cc=gnutls-help@lists.gnutls.org \
--cc=ludo@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).