TLS: allow but warn about 0x0304 in Client Hello legacy version field.

You're Not Supposed To Do That, as per RFC 8446 section 4.1.2 "Client
Hello".

Also do the equivalent check for DTLS, as RFC 9147 Section 5.3 "Client
Hello" says You're Not Supposed To Do The Equivalent.  We don't yet
handle DTLS 1.3, but if we ever do....

Fixes #18851.

While we're at it, improve two comments to clarify what
ssl_dissect_hnd_hello_common() does (and to fix one place where the old
comment was incorrect).
This commit is contained in:
Guy Harris 2023-02-09 01:49:28 -08:00 committed by John Thacker
parent 60b87b55db
commit 2d173ec34c
3 changed files with 32 additions and 5 deletions

View File

@ -9001,12 +9001,31 @@ ssl_dissect_hnd_cli_hello(ssl_common_dissect_t *hf, tvbuff_t *tvb,
gchar *ja3_dash = "";
/* show the client version */
proto_tree_add_item_ret_uint(tree, hf->hf.hs_client_version, tvb,
offset, 2, ENC_BIG_ENDIAN, &ja3_value);
ti = proto_tree_add_item_ret_uint(tree, hf->hf.hs_client_version, tvb,
offset, 2, ENC_BIG_ENDIAN, &ja3_value);
offset += 2;
wmem_strbuf_append_printf(ja3, "%i,", ja3_value);
/* dissect fields that are also present in ClientHello */
/*
* Is it version 1.3?
* If so, that's an error; TLS and DTLS 1.3 Client Hellos claim
* to be TLS 1.2, and mention 1.3 in an extension. See RFC 8446
* section 4.1.2 "Client Hello" and RFC 9147 Section 5.3 "Client
* Hello".
*/
if (dtls_hfs != NULL) {
if (ja3_value == DTLSV1DOT3_VERSION) {
/* Don't do that. */
expert_add_info(pinfo, ti, &hf->ei.client_version_error);
}
} else {
if (ja3_value == TLSV1DOT3_VERSION) {
/* Don't do that. */
expert_add_info(pinfo, ti, &hf->ei.client_version_error);
}
}
/* dissect fields that are present in both ClientHello and ServerHello */
offset = ssl_dissect_hnd_hello_common(hf, tvb, tree, offset, session, ssl, FALSE, FALSE);
/* fields specific for DTLS (cookie_len, cookie) */
@ -9138,7 +9157,7 @@ ssl_dissect_hnd_srv_hello(ssl_common_dissect_t *hf, tvbuff_t *tvb,
offset += 2;
wmem_strbuf_append_printf(ja3, "%i", ja3_value);
/* dissect fields that are also present in ClientHello */
/* dissect fields that are present in both ClientHello and ServerHello */
offset = ssl_dissect_hnd_hello_common(hf, tvb, tree, offset, session, ssl, TRUE, is_hrr);
if (ssl) {

View File

@ -258,6 +258,7 @@ typedef struct _StringInfo {
#define DTLSV1DOT0_VERSION 0xfeff
#define DTLSV1DOT0_OPENSSL_VERSION 0x100
#define DTLSV1DOT2_VERSION 0xfefd
#define DTLSV1DOT3_VERSION 0xfefc
/* Returns the TLS 1.3 draft version or 0 if not applicable. */
static inline guint8 extract_tls13_draft_version(guint32 version) {
@ -1099,6 +1100,7 @@ typedef struct ssl_common_dissect {
} ett;
struct {
/* Generic expert info for malformed packets. */
expert_field client_version_error;
expert_field malformed_vector_length;
expert_field malformed_buffer_too_small;
expert_field malformed_trailing_data;
@ -1294,7 +1296,8 @@ ssl_common_dissect_t name = { \
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 \
}, \
/* ei */ { \
EI_INIT, EI_INIT, EI_INIT, EI_INIT, EI_INIT, EI_INIT, EI_INIT \
EI_INIT, EI_INIT, EI_INIT, EI_INIT, EI_INIT, EI_INIT, EI_INIT, \
EI_INIT \
}, \
}
/* }}} */
@ -2501,6 +2504,10 @@ ssl_common_dissect_t name = { \
/* {{{ */
#define SSL_COMMON_EI_LIST(name, prefix) \
{ & name .ei.client_version_error, \
{ prefix ".handshake.client_version_error", PI_PROTOCOL, PI_WARN, \
"Client Hello legacy version field specifies version 1.3, not version 1.2; some servers may not be able to handle that.", EXPFILL } \
}, \
{ & name .ei.malformed_vector_length, \
{ prefix ".malformed.vector_length", PI_PROTOCOL, PI_WARN, \
"Variable vector length is outside the permitted range", EXPFILL } \

View File

@ -3874,6 +3874,7 @@ ssl_looks_like_sslv3(tvbuff_t *tvb, const guint32 offset)
case TLSV1_VERSION:
case TLSV1DOT1_VERSION:
case TLSV1DOT2_VERSION:
case TLSV1DOT3_VERSION:
case TLCPV1_VERSION:
return 1;
}