diff options
| author | David Benjamin <davidben@chromium.org> | 2016-03-25 14:52:05 -0700 |
|---|---|---|
| committer | David Benjamin <davidben@chromium.org> | 2016-03-25 14:52:05 -0700 |
| commit | fc9ecb089db72d44eb036cbef0e75fa4f83bfa80 (patch) | |
| tree | a5135db4f118abf2dd88005b4d2d407d35445167 | |
| parent | 41158db4a7d847eb8864f3cdbc09edc272f3a16f (diff) | |
| download | nss-hg-fc9ecb089db72d44eb036cbef0e75fa4f83bfa80.tar.gz | |
Bug 1259515: Move signature_algorithms extension to the end.
WebSphere Application Server 7.0 appears to be intolerant of an
empty extension at the end. To that end, also ensure we never
send an empty padding extension.
r=martin.thomson,dkeeler,wtc
| -rw-r--r-- | lib/ssl/ssl3ext.c | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/lib/ssl/ssl3ext.c b/lib/ssl/ssl3ext.c index 3e847e2bb..07d114ee4 100644 --- a/lib/ssl/ssl3ext.c +++ b/lib/ssl/ssl3ext.c @@ -341,11 +341,15 @@ static const ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] { ssl_app_layer_protocol_xtn, &ssl3_ClientSendAppProtoXtn }, { ssl_use_srtp_xtn, &ssl3_ClientSendUseSRTPXtn }, { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn }, - { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn }, { ssl_tls13_draft_version_xtn, &ssl3_ClientSendDraftVersionXtn }, { ssl_signed_cert_timestamp_xtn, &ssl3_ClientSendSignedCertTimestampXtn }, { ssl_tls13_key_share_xtn, &tls13_ClientSendKeyShareXtn }, - { ssl_tls13_pre_shared_key_xtn, &tls13_ClientSendPreSharedKeyXtn } + { ssl_tls13_pre_shared_key_xtn, &tls13_ClientSendPreSharedKeyXtn }, + /* Some servers (e.g. WebSphere Application Server 7.0 and Tomcat) will + * time out or terminate the connection if the last extension in the + * client hello is empty. They are not intolerant of TLS 1.2, so list + * signature_algorithms at the end. See bug 1243641. */ + { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn } /* any extra entries will appear as { 0, NULL } */ }; @@ -2679,9 +2683,12 @@ ssl3_CalculatePaddingExtensionLength(unsigned int clientHelloLength) } extensionLength = 512 - recordLength; - /* Extensions take at least four bytes to encode. */ - if (extensionLength < 4) { - extensionLength = 4; + /* Extensions take at least four bytes to encode. Always include at least + * one byte of data if including the extension. Some servers (e.g. + * WebSphere Application Server 7.0 and Tomcat) will time out or terminate + * the connection if the last extension in the client hello is empty. */ + if (extensionLength < 4 + 1) { + extensionLength = 4 + 1; } return extensionLength; |