[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#49035: TLS downgrade at bitbucket.org
|
From: |
Ludovic Courtès |
|
Subject: |
bug#49035: TLS downgrade at bitbucket.org |
|
Date: |
Tue, 15 Jun 2021 23:51:08 +0200 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) |
Hi,
(+Cc: gnutls-help; this is about a TLS 1.3→1.2 downgrade at
bitbucket.org, see <https://issues.guix.gnu.org/49035> for context.)
Ludovic Courtès <ludo@gnu.org> skribis:
> And indeed, cURL 7.77 (the replacement) exhibits the bogus behavior:
>
> $ guix environment -CN --no-grafts --ad-hoc curl@7.77 nss-certs -- curl
> https://bitbucket.org > /dev/null
> % Total % Received % Xferd Average Speed Time Time Time
> Current
> Dload Upload Total Spent Left Speed
> 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
> curl: (35) gnutls_handshake() failed: An illegal parameter has been received.
> $ guix environment -CN --no-grafts --ad-hoc curl@7.74 nss-certs -- curl
> https://bitbucket.org > /dev/null
> % Total % Received % Xferd Average Speed Time Time Time
> Current
> Dload Upload Total Spent Left Speed
> 100 75735 100 75735 0 0 134k 0 --:--:-- --:--:-- --:--:-- 134k
So these two cURL versions use different TLS priority strings; here’s
the one that cURL 7.77 uses (bad) vs. the one that 7.74 uses (good):
--8<---------------cut here---------------start------------->8---
$ gnutls-cli
--priority="NORMAL:-ARCFOUR-128:-CTYPE-ALL:+CTYPE-X509:-VERS-SSL3.0:-VERS-TLS-ALL:+VERS-TLS1.0:+VERS-TLS1.1:+VERS-TLS1.2:+VERS-TLS1.3"
-p https bitbucket.org
Processed 444 CA certificate(s).
Resolving 'bitbucket.org:https'...
Connecting to '2406:da00:ff00::6b17:d1f5:443'...
|<1>| Detected downgrade to TLS 1.2 from TLS 1.3
*** Fatal error: An illegal parameter has been received.
$ gnutls-cli
--priority="NORMAL:-ARCFOUR-128:-CTYPE-ALL:+CTYPE-X509:-VERS-SSL3.0" -p https
bitbucket.org
Processed 444 CA certificate(s).
Resolving 'bitbucket.org:https'...
Connecting to '2406:da00:ff00::6b17:d1f5:443'...
- Certificate type: X.509
- Got a certificate list of 2 certificates.
- Certificate[0] info:
- subject `CN=bitbucket.org,OU=Bitbucket,O=Atlassian\, Inc.,L=San
Francisco,ST=California,C=US,serialNumber=3928449,jurisdictionOfIncorporationStateOrProvinceName=Delaware,jurisdictionOfIncorporationCountryName=US,businessCategory=Private
Organization', issuer `CN=DigiCert SHA2 Extended Validation Server
CA,OU=www.digicert.com,O=DigiCert Inc,C=US', serial
0x040c19f4e9ba36e333316834b8908235, EC/ECDSA key 256 bits, signed using
RSA-SHA256, activated `2020-03-27 00:00:00 UTC', expires `2022-05-23 12:00:00
UTC', pin-sha256="nFuN2gwclU/9rBe3vz/UUe48hIdL5wLVY8Zke9vApM0="
Public Key ID:
sha1:5f7c6de5e52a6bc39dfdcd5230220f1a7957772b
sha256:9c5b8dda0c1c954ffdac17b7bf3fd451ee3c84874be702d563c6647bdbc0a4cd
Public Key PIN:
pin-sha256:nFuN2gwclU/9rBe3vz/UUe48hIdL5wLVY8Zke9vApM0=
- Certificate[1] info:
- subject `CN=DigiCert SHA2 Extended Validation Server
CA,OU=www.digicert.com,O=DigiCert Inc,C=US', issuer `CN=DigiCert High Assurance
EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US', serial
0x0c79a944b08c11952092615fe26b1d83, RSA key 2048 bits, signed using RSA-SHA256,
activated `2013-10-22 12:00:00 UTC', expires `2028-10-22 12:00:00 UTC',
pin-sha256="RRM1dGqnDFsCJXBTHky16vi1obOlCgFFn/yOhI/y+ho="
- Status: The certificate is trusted.
- Description:
(TLS1.3-X.509)-(ECDHE-SECP256R1)-(ECDSA-SECP256R1-SHA256)-(AES-128-GCM)
- Options: OCSP status request,
- Handshake was completed
- Simple Client Mode:
C-c C-c
--8<---------------cut here---------------end--------------->8---
The key thing here is “Detected downgrade to TLS 1.2 from TLS 1.3”.
Why is a downgrade detected when using the most explicit priority
string and not when using the shorter string?
Aren’t these two priority strings supposed to be equivalent today?
(This is with GnuTLS 3.6.16.)
Thanks,
Ludo’.