bug: s2n_handshake_type_set_tls12_flag causes TLS1.3 codepath to fail

Question

bug: s2n_handshake_type_set_tls12_flag causes TLS1.3 codepath to fail

maddeleine opened this issue 3 months ago · 0 comments

Security issue notifications

If you discover a potential security issue in s2n we ask that you notify
AWS Security via our vulnerability reporting page. Please do not create a public github issue.

Problem:

The s2n_handshake_type_set_tls12_flag() ensures the handshake type is not TLS1.3 and additionally sets a TLS1.2 state machine. This is fine, most of the time this function is called in TLS1.2-specific code. However, while reading through the s2n_resume.c file, I noticed it's actually called in s2n_decrypt_session_ticket(), which is a codepath for both TLS1.2 and TLS1.3. Presumably if the conditions of this if-statement are hit, this causes a ticket to not be successfully decrypted, leading maybe to a smaller amount of successful TLS1.3 resumption?

Solution:

Probably gate this if-statement to only execute if TLS1.2 was negotiated. Or investigate and see if there's a solution that makes more sense.

Requirements / Acceptance Criteria:

Include test.

Out of scope:

N/A