bug: s2n_handshake_type_set_tls12_flag causes TLS1.3 codepath to fail
maddeleine opened this issue · 0 comments
Security issue notifications
If you discover a potential security issue in s2n we ask that you notify
AWS Security via our vulnerability reporting page. Please do not create a public github issue.
Problem:
The s2n_handshake_type_set_tls12_flag() ensures the handshake type is not TLS1.3 and additionally sets a TLS1.2 state machine. This is fine, most of the time this function is called in TLS1.2-specific code. However, while reading through the s2n_resume.c file, I noticed it's actually called in s2n_decrypt_session_ticket(), which is a codepath for both TLS1.2 and TLS1.3. Presumably if the conditions of this if-statement are hit, this causes a ticket to not be successfully decrypted, leading maybe to a smaller amount of successful TLS1.3 resumption?
Solution:
Probably gate this if-statement to only execute if TLS1.2 was negotiated. Or investigate and see if there's a solution that makes more sense.
Requirements / Acceptance Criteria:
Include test.
Out of scope:
N/A