Extended Master Secret (resumption) failing

Question

Extended Master Secret (resumption) failing

Closed this issue a year ago · 4 comments

Hi,

stack --resolver=lts-16.0 test results in a test failure. e.g.

tls                 >     Extended Master Secret (resumption):        client exception: HandshakeFailed (Error_Protocol ("server resumes a session which is not EMS consistent",True,HandshakeFailure)), supported: Supported {supportedVersions = [TLS12], supportedCiphers = [DHE-DSA-RC4-SHA1,RSA-null-SHA1,ECDHE-ECDSA-AES256CCM-SHA256,DHE-RSA-AES128-SHA1], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA1,SignatureDSS),(HashIntrinsic,SignatureEd448),(HashSHA256,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureEd25519),(HashSHA1,SignatureRSA),(HashSHA512,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA256)], supportedSecureRenegotiation = False, supportedClientInitiatedRenegotiation = False, supportedExtendedMasterSec = AllowEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [X25519,P384,FFDHE2048]}
tls                 > server exception: AsyncCancelled, supported: Supported {supportedVersions = [TLS12], supportedCiphers = [RSA-null-SHA1], supportedCompressions = [0], supportedHashSignatures = [(HashIntrinsic,SignatureRSApssRSAeSHA512),(HashSHA256,SignatureRSA),(HashIntrinsic,SignatureEd448),(HashSHA1,SignatureDSS),(HashSHA384,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA256),(HashSHA512,SignatureRSA),(HashIntrinsic,SignatureRSApssRSAeSHA384),(HashSHA1,SignatureRSA),(HashIntrinsic,SignatureEd25519)], supportedSecureRenegotiation = False, supportedClientInitiatedRenegotiation = False, supportedExtendedMasterSec = AllowEMS, supportedSession = True, supportedFallbackScsv = True, supportedEmptyPacket = True, supportedGroups = [FFDHE2048,FFDHE2048,X25519,X25519]}
tls                 > FAIL (0.02s)
tls                 >       *** Failed! Exception: 'HandshakeFailed (Error_Protocol ("server resumes a session which is not EMS consistent",True,HandshakeFailure))' (after 3 tests):
tls                 >       Use --quickcheck-replay=452766 to reproduce.

Likewise with lts-15.16, and cabal test x509-validation (for those same dependencies lts-16.0 and lts-15.16).

This has caused some issues with NixOS/nixpkgs#90032

Answer 1 · 2020-06-28T19:30:03.000Z

If tls test suite fails like this and x509-validation test suite loops forever, it's likely caused by an absence of entropy when generating random numbers in cryptonite.

Could you please check what CPU this was built on and if impacted by an RDRAND bug?

Answer 2 · 2020-06-29T15:11:24.000Z

Yes, wow, what a catch. Turns out this is relevant for the machine I tested on. I presume it will also be relevant on the CI machines for which the build was failing — I can't confirm this directly.

Answer 3 · 2020-07-01T17:15:35.000Z

Is the impact like what I could read in articles: after suspend/resume a function like getRandomBytes in the IO monad returns a constant stream of 0xFF ?

It's a serious issue if end-user machines are impacted by this.
I would hope a microcode or OS patch to disable RDRAND at least.

Answer 4 · 2023-12-22T03:23:33.000Z

crypton now can handle the case where hClose for /dev/random throws an exception.
Closing bug please reopen if not fixed.