From 3b73b7d542466ec0d6f4b581627bdc2581275596 Mon Sep 17 00:00:00 2001 From: Mats Klepsland Date: Mon, 29 Oct 2018 21:20:33 +0100 Subject: [PATCH] app-layer-ssl: add 0-RTT support for TLSv1.3 --- src/app-layer-ssl.c | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c index d2a0cc3022..e9f431e6f8 100644 --- a/src/app-layer-ssl.c +++ b/src/app-layer-ssl.c @@ -2208,6 +2208,14 @@ static int SSLv3Decode(uint8_t direction, SSLState *ssl_state, break; case SSLV3_APPLICATION_PROTOCOL: + /* In TLSv1.3 early data (0-RTT) could be sent before the + handshake is complete (rfc8446, section 2.3). We should + therefore not mark the handshake as done before we have + seen the ServerHello record. */ + if ((ssl_state->flags & SSL_AL_FLAG_EARLY_DATA) && + ((ssl_state->flags & SSL_AL_FLAG_STATE_SERVER_HELLO) == 0)) + break; + if ((ssl_state->flags & SSL_AL_FLAG_CLIENT_CHANGE_CIPHER_SPEC) && (ssl_state->flags & SSL_AL_FLAG_SERVER_CHANGE_CIPHER_SPEC)) { @@ -2234,8 +2242,16 @@ static int SSLv3Decode(uint8_t direction, SSLState *ssl_state, break; case SSLV3_HANDSHAKE_PROTOCOL: - if (ssl_state->flags & SSL_AL_FLAG_CHANGE_CIPHER_SPEC) - break; + if (ssl_state->flags & SSL_AL_FLAG_CHANGE_CIPHER_SPEC) { + /* In TLSv1.3, ChangeCipherSpec is only used for middlebox + compability (rfc8446, appendix D.4). */ + if ((ssl_state->client_connp.version > TLS_VERSION_12) && + ((ssl_state->flags & SSL_AL_FLAG_STATE_SERVER_HELLO) == 0)) { + /* do nothing */ + } else { + break; + } + } if (ssl_state->curr_connp->record_length < 4) { SSLParserReset(ssl_state);