Server initiated TLS 1.2 rehandshake fails due to session tickets
When the client requests session ticket and has received a NewSessionTicket in the first handshake, the second handshake fails as it waits for NewSessionTicket while the server doesn't indicate sending it. Simple reproducer would be to configure Apache httpd with TLS 1.2 as the maximum protocol version and expose a protected resource as:
SSLProtocol all -SSLv3 -TLSv1.3
<Location /client>
SSLRequire true
SSLVerifyClient require
# SSLVerifyDepth 10
# SSLOptions +StdEnvVars
</Location>
and access the resource with gnutls-cli:
$ gnutls-cli -d3 --x509keyfile=doc/credentials/x509/clikey-rsa-pss.pem --x509certfile=doc/credentials/x509/clicert-rsa-pss.pem --x509cafile=/etc/pki/tls/certs/localhost.crt --verify-hostname=fedora --crlf -p 443 localhost
[...]
- Handshake was completed
- Simple Client Mode:
GET /client/ HTTP/1.1
Host: fedora
[...]
|<3>| ASSERT: ../../../lib/ext/session_ticket.c[_gnutls_recv_new_session_ticket]:776
|<3>| ASSERT: ../../lib/handshake.c[handshake_client]:3230
*** Fatal error: An unexpected TLS packet was received.
*** Rehandshake Failed: An unexpected TLS packet was received.
|<3>| ASSERT: ../../lib/record.c[check_session_status]:1661
*** Fatal error: The specified session has been invalidated for some reason.
*** Server has terminated the connection abnormally.
Proposed solution is to clear session->internals.session_ticket_renew
in send_client_hello
.
Edited by Daiki Ueno