OpenSSL 3.0.0: Handle UNEXPECTED_EOF_WHILE_READING / wrap SSL_OP_IGNORE_UNEXPECTED_EOF #87960

tiran · 2021-04-09T14:13:11Z

BPO	43794
Nosy	@tiran, @agronholm, @miss-islington
PRs	bpo-43794: OpenSSL 3.0.0: set OP_IGNORE_UNEXPECTED_EOF by default (GH-25309) #25309 [3.9] bpo-43794: OpenSSL 3.0.0: set OP_IGNORE_UNEXPECTED_EOF by default (GH-25309) #25313 [3.8] bpo-43794: OpenSSL 3.0.0: set OP_IGNORE_UNEXPECTED_EOF by default (GH-25309) #25314

^{Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.}

Show more details

GitHub fields:

assignee = 'https://github.com/tiran'
closed_at = <Date 2021-05-02.14:07:05.788>
created_at = <Date 2021-04-09.14:13:11.374>
labels = ['expert-SSL', 'type-bug', '3.8', '3.9', '3.10']
title = 'OpenSSL 3.0.0: Handle UNEXPECTED_EOF_WHILE_READING / wrap SSL_OP_IGNORE_UNEXPECTED_EOF'
updated_at = <Date 2021-12-11.23:41:17.142>
user = 'https://github.com/tiran'

bugs.python.org fields:

activity = <Date 2021-12-11.23:41:17.142>
actor = 'alex.gronholm'
assignee = 'christian.heimes'
closed = True
closed_date = <Date 2021-05-02.14:07:05.788>
closer = 'christian.heimes'
components = ['SSL']
creation = <Date 2021-04-09.14:13:11.374>
creator = 'christian.heimes'
dependencies = []
files = []
hgrepos = []
issue_num = 43794
keywords = ['patch']
message_count = 6.0
messages = ['390632', '390640', '390642', '390643', '392699', '408350']
nosy_count = 3.0
nosy_names = ['christian.heimes', 'alex.gronholm', 'miss-islington']
pr_nums = ['25309', '25313', '25314']
priority = 'normal'
resolution = 'fixed'
stage = 'resolved'
status = 'closed'
superseder = None
type = 'behavior'
url = 'https://bugs.python.org/issue43794'
versions = ['Python 3.8', 'Python 3.9', 'Python 3.10']

tiran · 2021-04-09T14:13:11Z

OpenSSL 3.0.0 state machine handles unexpected EOFs more strict and requires peers to properly shut down connections. The old OpenSSL 1.1.1 behavior can be get back with SSL_OP_IGNORE_UNEXPECTED_EOF.

I propose to add the option by default until Python's ssl module has better ways to perform one-way shutdown of connections.

https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_options.html

Some TLS implementations do not send the mandatory close_notify alert on shutdown. If the application tries to wait for the close_notify alert but the peer closes the connection without sending it, an error is generated. When this option is enabled the peer does not need to send the close_notify alert and a closed connection will be treated as if the close_notify alert was received.

You should only enable this option if the protocol running over TLS can detect a truncation attack itself, and that the application is checking for that truncation attack.

tiran · 2021-04-09T15:59:37Z

New changeset 6f37ebc by Christian Heimes in branch 'master':
bpo-43794: OpenSSL 3.0.0: set OP_IGNORE_UNEXPECTED_EOF by default (GH-25309)
6f37ebc

miss-islington · 2021-04-09T16:21:13Z

New changeset e18ebd9 by Miss Islington (bot) in branch '3.8':
bpo-43794: OpenSSL 3.0.0: set OP_IGNORE_UNEXPECTED_EOF by default (GH-25309)
e18ebd9

miss-islington · 2021-04-09T16:21:59Z

New changeset 54d89a3 by Miss Islington (bot) in branch '3.9':
bpo-43794: OpenSSL 3.0.0: set OP_IGNORE_UNEXPECTED_EOF by default (GH-25309)
54d89a3

tiran · 2021-05-02T14:07:06Z

I have updated whatsnew in #70003.

agronholm · 2021-12-11T23:41:17Z

OpenSSL 1.1.1 also handled EOFs strictly, but this behavior was generally suppressed in the ssl module through the default setting of suppress_ragged_eofs=True (thus enabling truncation attacks by default). The PR changes the behavior of existing applications in such a way that previously detectable unexpected EOFs are now no longer detectable by default. To make matters worse, EOF errors are not translated to SSLEOFError anymore, and instead I have to match the strerror attribute in SSLError to detect this condition.

tiran added 3.8 only security fixes 3.9 only security fixes 3.10 only security fixes labels Apr 9, 2021

tiran self-assigned this Apr 9, 2021

tiran added topic-SSL type-bug An unexpected behavior, bug, or error 3.8 only security fixes 3.9 only security fixes 3.10 only security fixes labels Apr 9, 2021

tiran self-assigned this Apr 9, 2021

tiran added topic-SSL type-bug An unexpected behavior, bug, or error labels Apr 9, 2021

tiran closed this as completed May 2, 2021

ezio-melotti transferred this issue from another repository Apr 10, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

OpenSSL 3.0.0: Handle UNEXPECTED_EOF_WHILE_READING / wrap SSL_OP_IGNORE_UNEXPECTED_EOF #87960

OpenSSL 3.0.0: Handle UNEXPECTED_EOF_WHILE_READING / wrap SSL_OP_IGNORE_UNEXPECTED_EOF #87960

tiran commented Apr 9, 2021

tiran commented Apr 9, 2021

tiran commented Apr 9, 2021

miss-islington commented Apr 9, 2021

miss-islington commented Apr 9, 2021

tiran commented May 2, 2021

agronholm mannequin commented Dec 11, 2021

OpenSSL 3.0.0: Handle UNEXPECTED_EOF_WHILE_READING / wrap SSL_OP_IGNORE_UNEXPECTED_EOF #87960

OpenSSL 3.0.0: Handle UNEXPECTED_EOF_WHILE_READING / wrap SSL_OP_IGNORE_UNEXPECTED_EOF #87960

Comments

tiran commented Apr 9, 2021

tiran commented Apr 9, 2021

tiran commented Apr 9, 2021

miss-islington commented Apr 9, 2021

miss-islington commented Apr 9, 2021

tiran commented May 2, 2021

agronholm mannequin commented Dec 11, 2021