1 (edited by razvi.david 2023-11-01 09:26:35)

Topic: -373 error when TLS 1.2 session ticket is not accepted by server

Firstly, a TLS 1.2 session ticket is requested and acquired from the server. The connection is then gracefully completed.
About a second later, a new connection is established and the use of the session ticket is attempted. A client hello is sent to the server with the ticket, but the server instead initiates a new key exchange. This is the moment in which WolfSSL errors out with -373, and the connection is terminated. I have attached 2 pcap files: one in which the session ticket is obtained, and one with the session ticket use attempt that errors out.

I have 2 questions:
1. Is the server breaking the protocol? I tried OpenSSL cli and the 2nd connection does succeed, even though the ticket is not reused.
2. Is there any option to instruct the library to continue using the connection, even though the session ticket we sent was ignored?

Thank you.


Edit: Cannot attach files, here is link: https://drive.google.com/file/d/1E0Hvdc … sp=sharing

Share

Re: -373 error when TLS 1.2 session ticket is not accepted by server

Hello razvi.david

Welcome to the wolfSSL Forums.

Could you tell us a bit about your project using wolfSSL?

Is the server restarted in between sessions?

You can observe a successful session ticket reuse using the examples.
<wolfssl>
./configure --enable-session-ticket && make

<server>
./examples/server/server -i

SSL version is TLSv1.2
SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
SSL curve name is SECP256R1
Client message: hello wolfssl!
SSL version is TLSv1.2
SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
SSL curve name is SECP256R1
Client message: hello wolfssl!
SSL version is TLSv1.2
SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
SSL reused session
Client message: resuming wolfssl!

<client connects twice>
./examples/client/client -r

Session Ticket CB: ticketSz = 142, ctx = initial session
SSL version is TLSv1.2
SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
SSL curve name is SECP256R1
I hear you fa shizzle!
Session Ticket CB: ticketSz = 142, ctx = resumed session
SSL version is TLSv1.2
SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
SSL reused session
reused session id
 resumeI hear you fa shizzle!

Additionally, here is a TLS resume example:
https://github.com/wolfSSL/wolfssl-exam … s-resume.c

As for allowing the connection with a session ticket that is unrecognized, I believe that is supported. The server should just send a new session ticket. That would be the same if a session ticket expired.

Thanks,

Re: -373 error when TLS 1.2 session ticket is not accepted by server

Hello,

I use WolfSSL to listen to websocket streams over TLS.

The server is not restarted, and this is an edge case in whitch the server simply ignores the ticket. In general, I use tickets successfully.

As I said, I'm getting error -373 (and as you can see in the pcap, a client alert is sent) when the server unexpectedly ignores the ticket and initiates another handshake.

Share

Re: -373 error when TLS 1.2 session ticket is not accepted by server

I just tested this edge case using the TLS resume example I referred to earlier. I set a BP after the first connection completed, and restarted the server to ensure the session ticket would not be recognized.

The second client connection succeeded, and it was indicated that the session could not be resumed, i.e. a new session was established.

Message for server: test
Server: I hear you fa shizzle!
Session ID not reused; Successful resume.
Message for server: test
Server: I hear you fa shizzle!

Could you share the configuration settings being used? Also please enable debug logging (./configure --enable-debug and add a call to wolfSSL_Debugging_ON() in the client) and share the log showing the error.

5 (edited by razvi.david 2023-11-02 04:13:57)

Re: -373 error when TLS 1.2 session ticket is not accepted by server

Hello,

the production configuration cli is:

./configure --disable-tls13 --enable-singlethread --enable-curve25519 --enable-ed25519 --enable-sp --enable-sp-asm --enable-staticmemory --enable-sni --enable-alpn --disable-harden --enable-session-ticket --enable-bigcache --enable-supportedcurves --disable-oldtls --enable-aesni --enable-intelasm --disable-shared --enable-static --enable-fasthugemath CFLAGS="-O3 -march=native -DWC_NO_HARDEN -DSINGLE_THREADED"

we get the same error with a simplified version:

 ./configure --enable-session-ticket --enable-static --disable-shared --enable-sni --enable-alpn

The output log is:
https://pastebin.com/raw/DciAZeYM


Thanks for helping!

Share

Re: -373 error when TLS 1.2 session ticket is not accepted by server

Hi razvi.david

Are you working with the latest code from the repository? We did recently fix an issue that sounds similar to this.

Would you like to open a support ticket? The forum is a low priority venue for helping customers. Please send an email to support@wolfssl.com and reference this forum post.

Thanks,
Eric - wolfSSL Support

Re: -373 error when TLS 1.2 session ticket is not accepted by server

Hey,

Tried release 5.6.4  and the issue persists.

Shall I send an email, or open a GitHub issue?

Share