enforce ALPN overlap?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,

Based on https://alpaca-attack.com/, I was looking at
how a TLS connection with ALPN set to e.g., "banana"
by the client to a server that has ALPN set to "h2"
would behave.  For example:

$ openssl s_server -www -accept 443 -alpn h2 \
	-key /tmp/key.pem -cert /tmp/cert.pem

and

$ openssl s_client -connect localhost:443 -alpn banana

It seems that OpenSSL will simply not negotiate ALPN,
but leave the connection open:

[...]
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
[...]
---
read R BLOCK

In Go, a recent commit changed their behavior to
enforce ALPN overlap:
https://github.com/golang/go/commit/90d6bbbe42c15d444c1da0a1c293192d6f735a8e


Is there any plan or consideration to follow that
approach?

-Jan



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux