gnutls_priority_set in post client hello function breaks handshake for clients with TLS versions < 1.3
If a server calls
gnutls_priority_set in a post client hello function the handshake breaks unless both peers support TLS 1.3. This breaks servers that allow virtual hosts (using SNI) that may have different priority settings because they have to load the right priorities after parsing the SNI.
I discovered the problem while testing mod_gnutls with GnuTLS 3.6.4 (at commit 1c0b4baa). The distro-provided version 3.5.18 works as expected.
Steps to Reproduce:
- Compile prio-issue-repro.c (slightly modified version of the echo server example
- Run the binary (expects a certificate
server/x509.pemand private key
server/secret.key) and try the following client commands.
gnutls-cli -p 5556 localhost --insecure --priority=NORMAL
gnutls-cli -p 5556 localhost --insecure --priority=NORMAL:-VERS-TLS1.3
--insecure just to ignore certificate validation)
gnutls-cli call connects successfully and you can use the echo server. The second one fails, the server logs
Handshake has failed (No supported cipher suites have been found.)
Both client commands should work. If you comment the
CHECK(gnutls_priority_set(session, *p)); line in the
hello_prio function they do, which is why I believe the issue is triggered by