Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto/tls: using TLS 1.3 renders incorrect behavior for IMAP #36234

Open
dobegor opened this issue Dec 20, 2019 · 3 comments
Open

crypto/tls: using TLS 1.3 renders incorrect behavior for IMAP #36234

dobegor opened this issue Dec 20, 2019 · 3 comments
Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone
Backlog

Comments

@dobegor
Copy link

dobegor commented Dec 20, 2019
edited

What version of Go are you using (go version)?

$ go version
go version go1.13.5 darwin/amd64

Does this issue reproduce with the latest release?

Yes.

What operating system and processor architecture are you using (go env)?

go env Output
$ go env
$ go env
GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/Users/dobegor/Library/Caches/go-build"
GOENV="/Users/dobegor/Library/Application Support/go/env"
GOEXE=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="darwin"
GONOPROXY=""
GONOSUMDB=""
GOOS="darwin"
GOPATH="/Users/dobegor/go"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/local/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/darwin_amd64"
GCCGO="gccgo"
AR="ar"
CC="clang"
CXX="clang++"
CGO_ENABLED="1"
GOMOD=""
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=/var/folders/9h/8ghw84gx02l6__ryvxp4yzwh0000gn/T/go-build681607661=/tmp/go-build -gno-record-gcc-switches -fno-common"

What did you do?

Playground
go run main.go

What did you expect to see?

* OK [CAPABILITY IMAP4rev1 SASL-IR AUTH=PLAIN AUTH=XOAUTH2 AUTH=OAUTHBEARER ID MOVE NAMESPACE XYMHIGHESTMODSEQ UIDPLUS LITERAL+ CHILDREN X-MSG-EXT OBJECTID] IMAP4rev1 Hello

What did you see instead?

The aforementioned string repeated twice.
This problem does not occur using openssl client:


$ openssl s_client -tls1_3 -connect imap.mail.yahoo.com:993
CONNECTED(00000006)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance EV Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert SHA2 High Assurance Server CA
verify return:1
depth=0 C = US, ST = California, L = Sunnyvale, O = Oath Inc, CN = *.imap.mail.yahoo.com
verify return:1
---
Certificate chain
 0 s:C = US, ST = California, L = Sunnyvale, O = Oath Inc, CN = *.imap.mail.yahoo.com
   i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert SHA2 High Assurance Server CA
 1 s:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert SHA2 High Assurance Server CA
   i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance EV Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGcTCCBVmgAwIBAgIQArWhretx7e5aWJOBGGgO2jANBgkqhkiG9w0BAQsFADBw
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz
dXJhbmNlIFNlcnZlciBDQTAeFw0xOTA5MDQwMDAwMDBaFw0yMDAzMDIxMjAwMDBa
MGkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlT
dW5ueXZhbGUxETAPBgNVBAoTCE9hdGggSW5jMR4wHAYDVQQDDBUqLmltYXAubWFp
bC55YWhvby5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkNNlL
eOX+OjwT0IoW3yxJnfMeG59Ca4WhgpYoHcdWRvVBbgY8AtbEutpAZnbCv+0VZoHU
aYarZMOMQxkj85ctSJwd0o2jWImSzD60rXEP3gBWSNwqrspEKXECfO2Hor/V1B4x
tvxGTaUqM5Sx+MbxK3wRbxQ94DlGzO7601/P63HxNj3ZLJcwyzjXxHzcUddbXrBv
/4cBbLiFSt2b9g+651bbXT/1N7vy0ioY4P6IqlxbENVi01CAGMKXXjDXOKwd5rby
44e3IDpc7Zyeuyjuzw3/+KRTc1qJel+8meXpvQ4+6r4R5aEytIC2NZIH21x6BrnL
GcpmbrUmvgw0pg2FAgMBAAGjggMMMIIDCDAfBgNVHSMEGDAWgBRRaP+QrwIHdTzM
2WVkYqISuFlyOzAdBgNVHQ4EFgQU43meravjcr0dEvw0di2raJ8FAE0wNQYDVR0R
BC4wLIIVKi5pbWFwLm1haWwueWFob28uY29tghNpbWFwLm1haWwueWFob28uY29t
MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
dQYDVR0fBG4wbDA0oDKgMIYuaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NoYTIt
aGEtc2VydmVyLWc2LmNybDA0oDKgMIYuaHR0cDovL2NybDQuZGlnaWNlcnQuY29t
L3NoYTItaGEtc2VydmVyLWc2LmNybDBMBgNVHSAERTBDMDcGCWCGSAGG/WwBATAq
MCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeB
DAECAjCBgwYIKwYBBQUHAQEEdzB1MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5k
aWdpY2VydC5jb20wTQYIKwYBBQUHMAKGQWh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0
LmNvbS9EaWdpQ2VydFNIQTJIaWdoQXNzdXJhbmNlU2VydmVyQ0EuY3J0MAwGA1Ud
EwEB/wQCMAAwggEFBgorBgEEAdZ5AgQCBIH2BIHzAPEAdwC72d+8H4pxtZOUI5eq
kntHOFeVCqtS6BqQlmQ2jh7RhQAAAWz9MEmXAAAEAwBIMEYCIQC5rnbFRD4/bLRc
DNpJuW/R7d+tdoADAj67eTc+vL764gIhAJwPetvPwUN9TjqCBQsFO1Z5RCTSOdhu
3KdMNzO89R64AHYAh3W/51l8+IxDmV+9827/Vo1HVjb/SrVgwbTq/16ggw8AAAFs
/TBKLQAABAMARzBFAiEAzZC0ZftrLgXK6f36htcLNPmQy0tVY4NCXZgTu6wcGtQC
ICn1Z4jKxtKHyQCZ/hsTRPL2BWh2bqD6I9ltEGDdzGO1MA0GCSqGSIb3DQEBCwUA
A4IBAQAZAkmD3dCsQruIokYaomS2IG2Md3WgJDyLoWyiwptv5Ix7XQ9FxdIRvu2+
H7zf5tKla1QZsLRGUhadleP0KCNsqG3xLR6lLsfIRYD1FKAUGF1DpSbha8IqM2A8
r3nj0Tb2cTzIF93lTawGOWMDPEXumQEwe/XsiCBLCFhOfND6qLvDPwSKDV7KGisg
DRqg6HlLdBrzFHBx9VUh9GSB+Kfm5FJlUyR3aOdgGzQgsQwnG273DBVNPXmZP2L1
GgtSke1E+Iv9UJSTf+6RVZ0KbjpMPINI/fTAuFyspRZXh7Jo8cYhWOfYd8bhfXji
VszJKFBPCtVYA2RlMPS/5jJl9Qma
-----END CERTIFICATE-----
subject=C = US, ST = California, L = Sunnyvale, O = Oath Inc, CN = *.imap.mail.yahoo.com
issuer=C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert SHA2 High Assurance Server CA
---
No client certificate CA names sent
Requested Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA1:RSA+SHA1
Shared Requested Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3470 bytes and written 353 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: 4CA4B10E59B920287331D731700F956440546EBCED6ECDEE75104A76D90AA540
    Session-ID-ctx:
    Resumption PSK: B67BC1696B76C34FB167391D81BB816BF2E3FE90694BDED547AE1C322547F973452508277947C2E646DA1C50BB423A18
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 60 (seconds)
    TLS session ticket:
    0000 - c7 32 a7 3e d6 be d2 74-a9 03 b2 1e be 32 f6 c2   .2.>...t.....2..
    0010 - 30 28 5d c5 3a 76 9b 0e-26 58 ff 1a e7 83 cf bf   0(].:v..&X......
    Start Time: 1576857012
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: 5D7B86E4B5A1C0B76404A12696A049DB8CA528338BA2AD7A70236642DF017D11
    Session-ID-ctx:
    Resumption PSK: F72E8CCD6C76E66C04BBA37E502CF589410FD43D5FAD9E435C28C8E5B3C2E7A1115B6E0B2034A6B1729686D49C63C582
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 60 (seconds)
    TLS session ticket:
    0000 - f0 3c f6 a3 6b 9b 29 7b-e7 14 80 29 3e db 72 71   .<..k.){...)>.rq
    0010 - 64 4e 5d fd 4b 9f be 4e-52 8e 8c 94 16 d8 c9 1a   dN].K..NR.......
    Start Time: 1576857012
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
* OK [CAPABILITY IMAP4rev1 SASL-IR AUTH=PLAIN AUTH=XOAUTH2 AUTH=OAUTHBEARER ID MOVE NAMESPACE XYMHIGHESTMODSEQ UIDPLUS LITERAL+ CHILDREN X-MSG-EXT OBJECTID] IMAP4rev1 Hello

If I disable TLS 1.3, the problem does not occur:

$ env GODEBUG=tls13=0 go run main.go
* OK [CAPABILITY IMAP4rev1 SASL-IR AUTH=PLAIN AUTH=XOAUTH2 AUTH=OAUTHBEARER ID MOVE NAMESPACE XYMHIGHESTMODSEQ UIDPLUS LITERAL+ CHILDREN X-MSG-EXT OBJECTID] IMAP4rev1 Hello
^Csignal: interrupt
$ go run main.go
* OK [CAPABILITY IMAP4rev1 SASL-IR AUTH=PLAIN AUTH=XOAUTH2 AUTH=OAUTHBEARER ID MOVE NAMESPACE XYMHIGHESTMODSEQ UIDPLUS LITERAL+ CHILDREN X-MSG-EXT OBJECTID] IMAP4rev1 Hello
* OK [CAPABILITY IMAP4rev1 SASL-IR AUTH=PLAIN AUTH=XOAUTH2 AUTH=OAUTHBEARER ID MOVE NAMESPACE XYMHIGHESTMODSEQ UIDPLUS LITERAL+ CHILDREN X-MSG-EXT OBJECTID] IMAP4rev1 Hello
^Csignal: interrupt
@dmitshur dmitshur added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Dec 20, 2019
@dmitshur dmitshur added this to the Backlog milestone Dec 20, 2019
@dmitshur
Copy link
Contributor

/cc @FiloSottile @katiehockman

@bigshahan
Copy link

+1 We are able to reproduce. Appears to be specific to Verizon Mail servers though, such as Yahoo.

@bigshahan
Copy link

Can confirm that it is specific to Yahoo IMAP server and other Verizon Mail servers. Cannot reproduce on other providers, such as Gmail.

@skinass skinass mentioned this issue Jan 16, 2020
Closed
@itsthisjustin itsthisjustin mentioned this issue May 12, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Projects
None yet
Milestone
Backlog
Development

No branches or pull requests
3 participants
@bigshahan @dmitshur @dobegor