Artifact Content

Artifact b5a633ec899a6e5df11388cb995fb02a3461cb6bef767259ebfbeaaf778a4ba1:

Ticket change [b5a633ec89] - New ticket [d0518a5645151339|d0518a5645] <i>tls::socket -cipher arg not working as expected when -tls1.3 is true</i>. by anonymous 2019-04-15 21:26:20.
D 2019-04-15T21:26:20.672
J foundin 1.7.17
J icomment The\s"-cipher"\sswitch\sin\sthe\stls::socket\scommand\sshould\sallow\san\sexplicit\scipher\s\r\nto\suse\sfor\sa\ssession.\s\sIt\sdoes\snot\sdo\sthis\swhen\sthe\stls1.3\sswitch\sis\sset\sto\strue.\r\n\r\nOpenssl\sversion\sis\s1.1.1b\r\ntcltls\sversion\s1.7.17\r\n\r\nWhen\sthe\ssocket\sis\sset\sup\sin\sthe\sfollowing\sfashion\sit\sfunctions\scorrectly\s\r\nallowing\sthe\spassed\scipher\sto\sbe\sused\sexplicitly.\s\s\r\n\r\nExamples\sof\sindividually\spassed\sciphers\sinclude:\r\n\s\r\nDHE-RSA-AES256-GCM-SHA384\s\r\nDHE-RSA-AES256-SHA256\s\r\nAES256-GCM-SHA384\s\r\nAES256-SHA256\s\r\nDHE-RSA-AES128-GCM-SHA256\s\r\nDHE-RSA-AES128-SHA256\s\r\nAES128-GCM-SHA256\s\r\nAES128-SHA256\s\s\s\s\s......\sand\sso\son\s\r\n\r\nset\sserver_channel\s[tls::socket\s\\\r\n\s\s\s-tls1.3\s0\s\\\r\n\s\s\s-tls1.2\s1\s\r\n\s\s\s-tls1\s0\s\\\r\n\s\s\s-tls1.1\s0\s\\\r\n\s\s\s-ssl2\s0\s\\\r\n\s\s\s-ssl3\s0\s\\\r\n\s\s\s-server\sEchoAccept\s\\\r\n\s\s\s-request\s1\s\\\r\n\s\s\s-require\s1\s\\\r\n\s\s\s-cafile\s$CA_CERTIFICATE\s\\\r\n\s\s\s-certfile\s$CERTFILE\s\\\r\n\s\s\s-keyfile\s$PRIVATE_KEY\s\\\r\n\s\s\s-password\sget_master_password\s\\\r\n\s\s\s-cipher\s$ENCRYPTION_CIPHER\s\\\r\n\s\s\s$LISTEN_SOCKET\s]\r\n\r\nA\ssimilar\ssetup\sis\sin\splace\sfor\sthe\sclient.\r\n\r\nWhen\sthe\stls1.3\sswitch\sis\sset\sto\strue,\sthe\sability\sto\sindividually\sselect\sthe\sexplicit\scipher\sgoes\saway.\s\s\r\nIn\smy\ssetup,\sit\salways\sdefaults\sto\sTLS_AES_256_GCM_SHA384.\r\n\r\nWhen\stls1.2\sis\strue\sand\stls1.3\sis\sfalse\sis\sworks\sas\sexpected.\r\nWhen\stls1.3\sis\strue,\sit\sdoes\snot\sfunction\sas\sexpected\s(regarless\sof\show\stls1.2\sis\sset).\r\n\r\nCorrect\sand\scorresponding\ssetup\swas\sdone\son\sthe\sclient\sside\swhen\sinvestigated.
J login anonymous
J mimetype text/x-fossil-plain
J private_contact 07dea8439aa410135bf1d5b46943118fd70e6703
J severity Critical
J status Open
J title tls::socket\s-cipher\sarg\snot\sworking\sas\sexpected\swhen\s-tls1.3\sis\strue
J type Code\sDefect
K d0518a5645151339f345c259e25b512c2bf3d63f
U anonymous
Z a47b7036d208207705f4cc98ea312365