Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto/tls: Go HTTP server - when receiving Client Hello with SNI - is not including Server Name extension in Server Hello #54691

Closed
sysarch-repo opened this issue Aug 26, 2022 · 1 comment
Closed

crypto/tls: Go HTTP server - when receiving Client Hello with SNI - is not including Server Name extension in Server Hello #54691

sysarch-repo opened this issue Aug 26, 2022 · 1 comment
Labels
FrozenDueToAge

Comments

@sysarch-repo
Copy link

sysarch-repo commented Aug 26, 2022
edited

go version go1.16.10 linux/amd64

Does this issue reproduce with the latest release?

UNKNOWN (no control over the Go version)

What did you do?

HTTPS server with the support of SNI as per:

func (ep Endpoint) getConfigForClient(info *tls.ClientHelloInfo) (*tls.Config, error) {
  if len(info.ServerName) == 0 {
    return nil, nil
  } else {
    tlsConfig, err := ep.getTlsServerConfig(info.ServerName)
    if err == nil {
      tlsConfig.ServerName = info.ServerName
    }

    return tlsConfig, err
  }
}

I am aware that adding the ServerName from the received Client Hello info is probably not the intended way to do it.

What did you expect to see?

Server Name extension in the Server Hello.

From RFC4366:
A server that receives a client hello containing the "server_name"
extension MAY use the information contained in the extension to guide
its selection of an appropriate certificate to return to the client,
and/or other aspects of security policy. In this event, the server
SHALL include an extension of type "server_name" in the (extended)
server hello. The "extension_data" field of this extension SHALL be
empty.

What did you see instead?

Handshake Protocol: Client Hello
    Handshake Type: Client Hello (1)
    Length: 275
    Version: TLS 1.2 (0x0303)
    Random: 67d628701660d6757d4dfec28be789e814562e5a7d262d0620af145ecb6de416
    Session ID Length: 32
    Session ID: 66f5bfd5bb08c5d661af3e871679762b8503b6c8dda9e8feaa754db71ad5d70e
    Cipher Suites Length: 38
    Cipher Suites (19 suites)
    Compression Methods Length: 1
    Compression Methods (1 method)
    Extensions Length: 164
    Extension: server_name (len=41)
        Type: server_name (0)
        Length: 41
        Server Name Indication extension
            Server Name list length: 39
            Server Name Type: host_name (0)
            Server Name length: 36
            **Server Name: nf.5gc.mnc001.mcc001.3gppnetwork.org**
    Extension: status_request (len=5)
    Extension: supported_groups (len=10)
    Extension: ec_point_formats (len=2)
    Extension: signature_algorithms (len=26)
    Extension: renegotiation_info (len=1)
    Extension: signed_certificate_timestamp (len=0)
    Extension: supported_versions (len=5)
    Extension: key_share (len=38)

Handshake Protocol: Server Hello
    Handshake Type: Server Hello (2)
    Length: 51
    Version: TLS 1.2 (0x0303)
    Random: 382582267f10d66eefc38ea031534a6d92eac6493dace867978e4993566b1702
    Session ID Length: 0
    Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
    Compression Method: null (0)
    Extensions Length: 11
    Extension: renegotiation_info (len=1)
        Type: renegotiation_info (65281)
        Length: 1
        Renegotiation Info extension
            Renegotiation info extension length: 0
    Extension: ec_point_formats (len=2)
        Type: ec_point_formats (11)
        Length: 2
        EC point formats Length: 1
        Elliptic curves point formats (1)
            EC point format: uncompressed (0)

go env:
GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/home/ubuntu/.cache/go-build"
GOENV="/home/ubuntu/.config/go/env"
GOEXE=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GOMODCACHE="/home/ubuntu/go/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/home/ubuntu/go"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/local/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64"
GOVCS=""
GOVERSION="go1.16.10"
GCCGO="gccgo"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD="/home/ubuntu/go/src/nti-nf/nf/go.mod"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build4262555082=/tmp/go-build -gno-record-gcc-switches"
@seankhliao
Copy link
Member

Duplicate of #16072

@seankhliao seankhliao marked this as a duplicate of #16072 Aug 26, 2022
@seankhliao seankhliao closed this as not planned Won't fix, can't repro, duplicate, stale Aug 26, 2022
@seankhliao seankhliao changed the title Go HTTP server - when receiving Client Hello with SNI - is not including Server Name extension in Server Hello crypto/tls: Go HTTP server - when receiving Client Hello with SNI - is not including Server Name extension in Server Hello Aug 26, 2022
@golang golang locked and limited conversation to collaborators Aug 26, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@gopherbot @seankhliao @sysarch-repo