gnutls_priority_set in post client hello function breaks handshake for clients with TLS versions < 1.3
If a server calls gnutls_priority_set in a post client hello function the handshake breaks unless both peers support TLS 1.3. This breaks servers that allow virtual hosts (using SNI) that may have different priority settings because they have to load the right priorities after parsing the SNI.
I discovered the problem while testing mod_gnutls with GnuTLS 3.6.4 (at commit 1c0b4baa). The distro-provided version 3.5.18 works as expected.
Steps to Reproduce:
- Compile prio-issue-repro.c (slightly modified version of the echo server example
doc/examples/ex-serv-x509.c) - Run the binary (expects a certificate
server/x509.pemand private keyserver/secret.key) and try the following client commands. gnutls-cli -p 5556 localhost --insecure --priority=NORMALgnutls-cli -p 5556 localhost --insecure --priority=NORMAL:-VERS-TLS1.3
(--insecure just to ignore certificate validation)
Actual results:
The first gnutls-cli call connects successfully and you can use the echo server. The second one fails, the server logs Handshake has failed (No supported cipher suites have been found.)
Expected results:
Both client commands should work. If you comment the CHECK(gnutls_priority_set(session, *p)); line in the hello_prio function they do, which is why I believe the issue is triggered by gnutls_priority_set.