From 5c3b91f681524aa6c4e98dd4bda5c353a87a1ba0 Mon Sep 17 00:00:00 2001 From: sthen Date: Tue, 2 Apr 2024 22:50:54 +0000 Subject: [PATCH] Backout previous commit (intending that libressl client rejects a supported groups extension from the server). It triggers 'CONNECT_CR_SRVR_HELLO:tlsv1 alert decode error' when connecting to a (modern) java server (tomcat 10.1.18 on openjdk 17.0.10). "please revert" tb@ --- lib/libssl/ssl_tlsext.c | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/lib/libssl/ssl_tlsext.c b/lib/libssl/ssl_tlsext.c index 6649baf291f..90734457e57 100644 --- a/lib/libssl/ssl_tlsext.c +++ b/lib/libssl/ssl_tlsext.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_tlsext.c,v 1.146 2024/03/28 00:22:35 beck Exp $ */ +/* $OpenBSD: ssl_tlsext.c,v 1.147 2024/04/02 22:50:54 sthen Exp $ */ /* * Copyright (c) 2016, 2017, 2019 Joel Sing * Copyright (c) 2017 Doug Hogan @@ -324,8 +324,22 @@ static int tlsext_supportedgroups_client_process(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) { - /* Servers should not send this extension per the RFC. */ - return 0; + /* + * Servers should not send this extension per the RFC. + * + * However, certain F5 BIG-IP systems incorrectly send it. This bug is + * from at least 2014 but as of 2017, there are still large sites with + * this unpatched in production. As a result, we need to currently skip + * over the extension and ignore its content: + * + * https://support.f5.com/csp/article/K37345003 + */ + if (!CBS_skip(cbs, CBS_len(cbs))) { + *alert = SSL_AD_INTERNAL_ERROR; + return 0; + } + + return 1; } /* -- 2.20.1