internal_error alert

[roelfdutoit]

The following ClientHello triggers an internal_error alert from your server:
16 03 01 00 ab 01 00 00 a7 03 03 89 e0 74 5a 7c 5b a5 47 c0 c0 8c 66 f7 95 45 f9 96 e7 15 98 9c 62 dc 12 c8 5e b5 e4 d0 07 f4 41 10 0d 0a 82 cf af f6 23 66 2d ea 54 b2 9c aa 8b 17 00 08 13 02 13 01 c0 2f 00 3c 01 00 00 66 00 0d 00 08 00 06 08 04 04 03 04 01 00 0a 00 06 00 04 00 1d 00 17 00 00 00 3f 00 3d 00 00 3a 30 35 37 30 33 31 65 63 2d 34 36 39 36 2d 34 38 33 39 2d 39 61 39 32 2d 31 61 34 33 31 38 61 62 30 34 64 36 2d 33 2e 74 6c 73 31 33 2d 76 34 2e 6d 69 74 6d 2e 77 61 74 63 68 00 28 00 02 00 00 00 2b 00 03 02 7f 16

I suspect it is because of the empty key_share. Do you support that?

Secondary issue: your client sends a session_id with length 16 when running TLS 1.3 compatibility mode. Either I missed the TLS 1.2 full handshake that generated that 16B session_id, or your stack is not following the draft-22 spec (which states that the generated session_id should be 32B).

[roelfdutoit]

Reproduce by saving the bytes in a file, then:
cat CH_tls13_mitmwatch.hex | xxd -r -p > CH_tls13_mitmwatch.bin
cat CH_tls13_mitmwatch.bin | nc 159.203.57.164 443 | hexdump -C

Output:

00000000 15 03 03 00 02 02 50 |......P|

.. with 0x50 = 80 = internal_error

[grittygrease]

cc: Peter

…

On Fri, Feb 2, 2018 at 2:26 PM Roelof duToit ***@***.***> wrote: Reproduce by saving the bytes in a file, then: cat CH_tls13_mitmwatch.hex | xxd -r -p > CH_tls13_mitmwatch.bin cat CH_tls13_mitmwatch.bin | nc 159.203.57.164 443 | hexdump -C Output: 00000000 15 03 03 00 02 02 50 |......P| .. with 0x50 = 80 = internal_error

[Lekensteyn]

https://github.com/cloudflare/tls-tris is used as TLS library which does not support HRR yet: cloudflare/tls-tris#40

[roelfdutoit]

Thanks Peter. I will adjust my test to avoid HRR.