Welcome! Log In Create A New Profile

Advanced

Re: Compatibility of X25519Kyber768 ClientHello

Previous Message Next Message
Forum List Message List New Topic Print View
Maxim Dounin
October 09, 2023 02:04PM
Hello!

On Mon, Oct 09, 2023 at 11:55:15PM +0800, Gentry Deng via nginx wrote:

> I recently encountered a compatibility issue with X25519Kyber768
> https://bugs.chromium.org/p/chromium/issues/detail?id=1484074: I was
> unable to access the site via X25519Kyber768-enabled Google Chrome on a
> server with only TLS 1.2 enabled, but not TLS 1.3.
>
> The Chromium team replied:
>
>
> > Regarding TLS 1.2 vs TLS 1.3, a TLS ClientHello is generally good for
> > all the parameters we support. So though we include TLS 1.3 with Kyber
> > in there, we also include parameters for TLS 1.3 without Kyber and TLS
> > 1.2. So if the server and network well behaving correctly, it's
> > perfectly fine if the server only supports TLS 1.2.
> >
> > I'm able to reproduce the problem. It looks like a bug in
> > www.paypal.cn's server. They didn't implement TLS 1.2 correctly.
> > Specifically, they do not correctly handle when the ClientHello comes
> > in in two reads. Before Kyber, this wasn't very common because
> > ClientHellos usually fit in a packet. But Kyber makes ClientHellos
> > larger, so it is possible to get only a partial ClientHello in the
> > first read, and require a second read to try again. This is something
> > that any TCP-based application needs to handle; you may not have
> > gotten the whole message on a given read and need to keep on reading.
> >
> > www.paypal.cn will need to fix their server to correctly handle this case.
>
>
> So the Chromium team isn't considering making a change, so I'm wondering
> how compatible nginx is with this? Or what version is needed to make it
> error free?

There are no known issues in nginx with ClientHello split between
packets (with all supported SSL libraries). And I would be very
much surprised if there are any, as this is indeed a very basic
thing TCP-based applications used to handle.

Such issues are more likely to be seen in various packet-based
filtering solutions, and I would assume this is most likely the
case for the site in question.

--
Maxim Dounin
http://mdounin.ru/
_______________________________________________
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
Reply Quote
RSS
Subject Author Posted

Compatibility of X25519Kyber768 ClientHello

Gentry Deng via nginx October 09, 2023 11:56AM

Re: Compatibility of X25519Kyber768 ClientHello

Maxim Dounin October 09, 2023 02:04PM

Re: Compatibility of X25519Kyber768 ClientHello

noloader October 09, 2023 02:48PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 135
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready