Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto/tls: ClientHello offers a long list of old cipher suites even though MinVersion is set to TLS 1.3 #59332

Closed
marten-seemann opened this issue Mar 30, 2023 · 5 comments
Closed

crypto/tls: ClientHello offers a long list of old cipher suites even though MinVersion is set to TLS 1.3 #59332

marten-seemann opened this issue Mar 30, 2023 · 5 comments
Labels
FrozenDueToAge

Comments

@marten-seemann
Copy link
Contributor

What version of Go are you using (go version)?

$ go version
1.20.2

Does this issue reproduce with the latest release?

Yes

What did you do?

I set tls.Config.MinVersion to tls.VersionTLS13 and started a TLS handshake. I recorded a pcap using Wireshark and inspected the TLS ClientHello.

What did you expect to see?

Since RFC 8446 only defines 3 cipher suites for the use with TLS 1.3, I expected the ClientHello to only contain those 3 cipher suites.

While TLS 1.3-only might not be common on TCP so far (although people in the IETF TLS working group have started thinking about what it would take to deprecate TLS 1.2 at some point), it is the only mode that's valid for the use with QUIC (as defined in RFC 9001).

What did you see instead?

A long list of 25 cipher suites was offered, with the TLS 1.3 cipher suites appended at the end. Sending cipher suites that aren't valid for TLS 1.3 is wasteful if only TLS 1.3 is supported anyway.
@gopherbot
Copy link

Change https://go.dev/cl/480535 mentions this issue: crypto/tls: only offer TLS 1.3 cipher suites if minimum version is TLS 1.3

@marten-seemann marten-seemann mentioned this issue Mar 30, 2023
Merged
@mateusz834
Copy link
Member

Duplicate: #57771?

@marten-seemann
Copy link
Contributor Author

marten-seemann commented Mar 30, 2023
edited

Duplicate: #57771?

Yes, I didn't see that one. The title is a bit misleading, as these cipher suites are not incorrect (as long as they're not selected), they're just wasteful.
The fix submitted for that issue is less efficient than my fix, as it causes an extra allocation. I've commented on that CL.

@seankhliao
Copy link
Member

let's use the older issue

@seankhliao
Copy link
Member

Duplicate of #57771

@seankhliao seankhliao marked this as a duplicate of #57771 Mar 30, 2023
@seankhliao seankhliao closed this as not planned Won't fix, can't repro, duplicate, stale Mar 30, 2023
@golang golang locked and limited conversation to collaborators Mar 29, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@marten-seemann @gopherbot @seankhliao @mateusz834