[cf-dev] expected behavior for handshake failure ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[cf-dev] expected behavior for handshake failure ?

From: Simon Bernard <contact@xxxxxxxxxxxxxxx>
Date: Wed, 08 Jul 2015 15:41:14 +0200
Delivered-to: cf-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/cf-dev>
List-help: <mailto:cf-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/cf-dev>, <mailto:cf-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/cf-dev>, <mailto:cf-dev-request@eclipse.org?subject=unsubscribe>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Icedove/31.7.0

Hi,

I made some tests[1] with Leshan to check the behavoir of a DTLS handshake failure.
Currently when the server is not able to continue the handshake (handshake_failure (40), bad_certificate(42), unsupported_certificate(43), ...) it terminates the session quietly.
The client will never get a response, and will retry again an again, this looks like that :
-------(test with bad psk)-----------
   C: Client Hello
   S: Hello Verify Request
   C: Client Hello
   S: Server Hello, Server Hello Done
   C: Client Key Exhange, Change Cipher Spec, Encrypted Handshake message.
            // server does not validate the key and close the session quietly
      // the client try to re-send, and we start a dialogue of deaf ...
   C: Client Key Exhange, Change Cipher Spec, Encrypted Handshake message.
   S: Client Hello
   C: Client Hello
   C: Client Hello
    S: Server Hello, Server Hello Done
   C: Client Key Exhange, Change Cipher Spec, Encrypted Handshake message.
   C: Client Key Exhange, Change Cipher Spec, Encrypted Handshake message.
   S: Client Hello
     .... ...
------------------------------------

I don't know if this is the expected behavior.
The TLS 1.2 spec define handshake alert[2] and the Scandium code seems to use it (AlertDescription.class[3])

I find in the code something which should be a bug in terminateConnection[4], we send an alert message only if we have a session in the session store but in case of Handshake failure we have no session in the store (we add it in the store only when the handshake is done)

   I made a crappy workarround to send the alert message with the session used by the Handshaker and get this :
-----(test with bad psk + 1 workaround)--
   C: Client Hello
   S: Hello Verify Request
   C: Client Hello
   S: Server Hello, Server Hello Done
   C: Client Key Exhange, Change Cipher Spec, Encrypted Handshake message.
   S: Alert (internal error)
            // server get the error and send an alert
// the client ignore it and another kind of dialogue of deaf starts ...
   C: Client Key Exhange, Change Cipher Spec, Encrypted Handshake message.
   S: Client Hello
   S: Client Hello
   C: Client Hello
   S: Alert (Unexpected Message)
   C: Client Key Exhange, Change Cipher Spec, Encrypted Handshake message.
   S: Client Hello
     .... ...
------------------------------------

I think we get the same kind of problem at client side when it receives the alert. This time it's in the processAlertRecord[5] method.

So, I made the same kind of workaround at client side, the communication looks better but the client still retry again and again until timed out :
-----(test with bad psk + 2 workarounds)--
   C: Client Hello
   S: Hello Verify Request
   C: Client Hello
   S: Server Hello, Server Hello Done
   C: Client Key Exhange, Change Cipher Spec, Encrypted Handshake message.
   S: Alert (internal error)
         // server get the error and send an alert
       // client get it, but retry from beginning
   C: Client Hello
   S: Hello Verify Request
   C: Client Hello
   S: Server Hello, Server Hello Done
   C: Client Key Exhange, Change Cipher Spec, Encrypted Handshake message.
   S: Alert (internal error)
     .... ...
------------------------------------

For a Leshan/Californium user point of view this is a bit strange. When we send a request through DTLS and the handshake fails, we get no feedback and the request just failed with a timeout.
Should we get a message reject instead [6] or something like that ?

Simon

[1]https://github.com/eclipse/leshan/blob/x509-cert-impl/leshan-integration-tests/src/test/java/org/eclipse/leshan/integration/tests/SecurityTest.java#L66
[2]https://tools.ietf.org/html/rfc5246#appendix-A.3
[3]https://github.com/eclipse/californium.scandium/blob/master/src/main/java/org/eclipse/californium/scandium/dtls/AlertMessage.java#L108
[4]https://github.com/eclipse/californium.scandium/blob/master/src/main/java/org/eclipse/californium/scandium/DTLSConnector.java#L417
[5]https://github.com/eclipse/californium.scandium/blob/master/src/main/java/org/eclipse/californium/scandium/DTLSConnector.java#L482
[6]https://github.com/eclipse/californium/blob/master/californium-core/src/main/java/org/eclipse/californium/core/coap/MessageObserver.java#L69

Follow-Ups:
- Re: [cf-dev] expected behavior for handshake failure ?
  - From: Kai

Prev by Date: [cf-dev] Face-to-face 2015-07-02 minutes
Next by Date: Re: [cf-dev] expected behavior for handshake failure ?
Previous by thread: [cf-dev] Face-to-face 2015-07-02 minutes
Next by thread: Re: [cf-dev] expected behavior for handshake failure ?
Index(es):
- Date
- Thread

Breadcrumbs