Comments (13)
Hi @epoberezkin,
a switch to "tls-exporter" would also benefit SMP implementations in Rust that use rustls. I was experimenting a bit and this seems to be a major blocker for now. I got x448 and ed448 kind of working by using a custom CryptoProvider & ServerCertVerifier. But rustls currently only supports "tls-exporter" and they seem reluctant to add "tls-unique" for TLS 1.3 because it is not specified or rather got replaced by RFC9266 (which I find reasonable). See rustls/rustls#995 (comment) and rustls/rustls#1089.
from simplexmq.
We have - we use Peer Finished message from TLS handshake (tlsunique binding), as per this RFC and it is used as a session ID in each command, signed over with per-queue key.
from simplexmq.
@epoberezkin: Thanks for your answer!
tls-unique does not exist for TLS = 1.3...
from simplexmq.
I am not sure it’s correct, the way tlsunique is defined still makes sense - it’s a Finished message of the client, sent as part of TLS handshake - it exists in TLS 1.3.
Whether it sufficiently protects TLS 1.3 is another question. This RFC refers to triple handshake vulnerability of TLS 1.3, but if I understood it correctly it requires session resumption, and we disabled it.
Anyway, we will analyse whether we should switch to tls-exporter, and how important it is - thanks for the tip!
from simplexmq.
Just confirming – 3shake attack requires client certificates and session resumption – SimpleX doesn't use these. So tlsunique channel binding that SimpleX uses currently appears to be robust for both TLS 1.2 and 1.3.
from simplexmq.
Hi @epoberezkin,
Please note that tls-unique is only for TLS =< 1.2 (RFC5929 which has been removed in TLS 1.3) and tls-exporter is for TLS = 1.3 (RFC9266, this RFC has been released few days ago).
from simplexmq.
Please note that tls-unique is only for TLS =< 1.2 (RFC5929 which has been removed in TLS 1.3)
I am not sure this is correct.
What RFC9266 says is the following:
The "tls-unique" channel binding type defined in [RFC5929] was found to be susceptible to the "triple handshake vulnerability"...
So the motivation to introduce tls-exporter as the default channel binding was triple handshake vulnerability. As I wrote, triple handshake vulnerability is only relevant when session resumption is used together with client certificates. As we use neither, I don't see the problem to continue using tis-unique binding with both TLS 1.2 and 1.3 for now.
from simplexmq.
tls-unique is used with TLS =< 1.2 and tls-exporter is used with TLS = 1.3.
tls-unique does not work with TLS 1.3.
from simplexmq.
Sorry, can you please explain what “doesn’t work” mean. RFC doesn’t say that.
from simplexmq.
The RFC5929 "tls-unique" does not work with TLS 1.3, it is for this there is now the RFC9266 "tls-exporter".
For example:
You can see the code in Mellium SASL by the author of the RFC9266:
Prosody IM has been updated:
Miranda NG has been updated:
GNU SASL (GSASL) has been updated:
- https://git.savannah.gnu.org/gitweb/?p=gsasl.git;a=blob;f=NEWS;hb=HEAD
- https://git.savannah.gnu.org/gitweb/?p=gsasl.git;a=shortlog
glib/glib-networking has been updated, it was compatible with draft before:
from simplexmq.
I understood the statement, and other libraries/tools may have needed to update, e.g. if they allowed session resumption.
I am simply asking for the clarification of what “doesn’t work” mean in your statement. Options I can think of:
- cannot be defined or implemented. This is not the case, the way tls-unique is defined it can be implemented for TLS 1.3
- have been proven to be vulnerable. Only the case if triple handshake attack is possible, but it doesn’t apply here.
- ?
Once Haskell TLS library is updated - we may contribute - we will switch, but I explained why I don’t see it as urgent - it’s not a vulnerability in our case.
from simplexmq.
@epoberezkin: I think that you have seen the jabber.ru MITM and Channel Binding is the solution:
- https://notes.valdikss.org.ru/jabber.ru-mitm/
- https://snikket.org/blog/on-the-jabber-ru-mitm/
- https://www.devever.net/~hl/xmpp-incident
- https://blog.jmp.chat/b/certwatch
from simplexmq.
@ydylla: Thanks for your comment!
I can specify that there is a ticket for "tls-server-end-point" in rustls repository too:
from simplexmq.
Related Issues (20)
- fix build errors
- XFTP - Test failed at step Create file HOT 1
- [Proposal] Consider supporting OpenSSL 3, which is the default OpenSSL library on newer distros HOT 1
- Server components not listening to ipv4 (ipv6 compatability issue) HOT 3
- [Docker] Trying to set up SimpleXFTPServer HOT 5
- ntf server ? HOT 6
- Error Adding my own XFTP server HOT 6
- Help Running on Oracle Cloud Free Tier HOT 1
- Support newer GHCs
- Improvements for Downstream Packaging
- docker build fails HOT 2
- Impossible to add SMP or XFT address with the onion address if ports are not those by default HOT 1
- Question: many old "smp-server-store.log" files - safe to delete? HOT 2
- systemd service smp-server.service cannot start HOT 1
- xftp-server: no key port in section TRANSPORT HOT 1
- remove libcrypto.so.1.1 dependency from the server HOT 7
- Subject field
- Dependency problem while resolving dependencies of simplexmq HOT 1
- "extra-libraries: crypto" error causes docker build to fail HOT 2
- is there a complete list in which all fields are explained from smp-server-stats.daily.log file? HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from simplexmq.