Topic: WolfSSL 4.8.1: Invalid client ticket handshake failure

When a client presents a ticket that causes DoClientTicket() to return an error (e.g., -1), the ticket should be disregarded and the handshake should complete. The current implementation instead terminates the handshake. If the client then retries with the same ticket, the connection attempts will loop forever - a pretty fatal real-world outcome.

Please change the logic in TLSX_SessionTicket_Parse() (under /* got actual ticket from client */) accordingly.

Thank you very much in advance!

Share

Re: WolfSSL 4.8.1: Invalid client ticket handshake failure

Hi Mor71,

Thank you for the report. I am trying to setup a use-case to reproduce. If you have any further tips you can share please do. If you'd like to keep the details private you can email support@wolfssl.com and reference this forum post.

I will share my results shortly.

Thanks,
David Garske, wolfSSL

Share

Re: WolfSSL 4.8.1: Invalid client ticket handshake failure

Hi David,

Steps to reproduce:

- Take a server app with a custom ticket encryption callback
- Modify the callback to always return WOLFSSL_TICKET_RET_FATAL - the symbol name is misleading, because the ticket encryption callbacks that you provide (internal and myTicketEncCb() in wolfssl/test.h) return it in benign situations such as a name mismatch.
- Confirm that connections to the server can no longer be established if a client presents a ticket.

Fix:

Treat WOLFSSL_TICKET_RET_FATAL as non-fatal (perhaps rename the symbol, too).

Thanks!

Share

Re: WolfSSL 4.8.1: Invalid client ticket handshake failure

Hi Mor71,

Thank you so much for this report! I was able to reproduce and locate the server side bug. I've put up a fix here:
https://github.com/wolfSSL/wolfssl/pull/4509

Let me know if you continue to see any issues.

Thanks,
David Garske, wolfSSL

Share