Skip to content

Validate cipher suite after HelloRetryRequest #9340

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Oct 31, 2025
Merged

Validate cipher suite after HelloRetryRequest #9340

merged 2 commits into from
Oct 31, 2025
+199 −74

Conversation

@julek-wolfssl
Copy link
Member

Add validation to ensure the cipher suite in the ServerHello matches the one specified in the HelloRetryRequest.

@julek-wolfssl julek-wolfssl self-assigned this Oct 24, 2025
@julek-wolfssl julek-wolfssl requested a review from rizlik October 24, 2025 12:56
@julek-wolfssl julek-wolfssl linked an issue Oct 24, 2025 that may be closed by this pull request
[Bug]: RFC 8446 violation : WolfSSL accept HelloRetryRequests with changing ciphers #9331
Closed
@julek-wolfssl julek-wolfssl mentioned this pull request Oct 24, 2025
Closed
@julek-wolfssl julek-wolfssl force-pushed the tls13-hrr-cs-change branch 6 times, most recently from 08903de to ef0c81b Compare October 27, 2025 15:18
rizlik
rizlik reviewed Oct 28, 2025
View reviewed changes
Copy link
Contributor

@rizlik rizlik left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did you consider checking ssl->options.cipherSuite* against the value on the wire while parsing the ServerHello instead of storing in a new variable? This also moves the check inside DoTls13ServerHello that looks like a better place for the check

@julek-wolfssl
Copy link
Member Author

@rizlik The check is already inside of DoTls13ServerHello so I'm not sure what you mean. I used a new variable because I wanted to make the check explicit but if you think it is safe to assume ssl->options.cipherSuite* does not change value then I can change it to re-use that.

@julek-wolfssl
Copy link
Member Author

Retest this please FAIL scripts/openssl.test

@rizlik
Copy link
Contributor

rizlik commented Oct 28, 2025

@rizlik The check is already inside of DoTls13ServerHello so I'm not sure what you mean.

disregard this .

I used a new variable because I wanted to make the check explicit but if you think it is safe to assume ssl->options.cipherSuite* does not change value then I can change it to re-use that.

It's ok to add a new variable then,

rizlik
rizlik previously approved these changes Oct 28, 2025
View reviewed changes
@julek-wolfssl
Validate cipher suite after HelloRetryRequest
c14b1a0 
- Add validation to ensure the cipher suite in the ServerHello matches the one specified in the HelloRetryRequest.
- test_TLSX_CA_NAMES_bad_extension: use the same ciphersuite in HRR and SH
@julek-wolfssl
dtls: Check PSK ciphersuite against local list
7b7f9a4
@julek-wolfssl julek-wolfssl requested a review from rizlik October 29, 2025 13:10
@douzzer douzzer merged commit 7085421 into wolfSSL:master Oct 31, 2025
261 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rizlik rizlik rizlik approved these changes

@douzzer douzzer douzzer approved these changes

Assignees

@wolfSSL-Bot wolfSSL-Bot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Bug]: RFC 8446 violation : WolfSSL accept HelloRetryRequests with changing ciphers

4 participants

@julek-wolfssl @rizlik @douzzer @wolfSSL-Bot