Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-50736

Make OpenSSL explicitly accept SNIs presented in ClientHello

    • Fully Compatible
    • ALL
    • v4.7, v4.4, v4.2, v4.0, v3.6
    • Security 2020-09-21

      It appears the OS X shell can provide Session IDs in its TLS 1.2 handshake, which enable session resumption. This might interact with the server's understanding of SNIs.

      OpenSSL's SSL_get_servername method extracts the SNI for us, and is defined by the documentation to behave thus:

      On the server, after the servername extension has been processed and a TLSv1.2 (or below) resumption did not occur

      The function will return the servername requested by the client in this handshake or NULL if none was requested.

      So, after accepting a connection attempt, SSL_get_servername will return the name the client requested. But later:

      On the server, after the servername extension has been processed and a TLSv1.2 (or below) resumption occurred

      If a servername was accepted by the server in the original handshake then it will return that servername, or NULL otherwise.

      This means that OpenSSL ignores the second connection attempt's advertised SNI, in favor of the original... if the original connection's SNI was "accepted". SNIs can be accepted in an application provided callback, which we don't set. We probably need to define a callback to accept the client's SNI, so that we consistently see an SNI across all connections, whether or not they are resumed.

      This can be done by using the SSL_CTX_set_tlsext_servername_callback function.

            Assignee:
            spencer.jackson@mongodb.com Spencer Jackson
            Reporter:
            spencer.jackson@mongodb.com Spencer Jackson
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: