[prev in list] [next in list] [prev in thread] [next in thread] 

List:       libressl
Subject:    Re: SSL_CTX_get_{min,max}_proto_version behavior discrepancy?
From:       "Huang, Alan" <Alan.Huang () utdallas ! edu>
Date:       2018-06-29 4:34:23
Message-ID: BN6PR01MB2242D4605B54347C77F77F4DEF4E0 () BN6PR01MB2242 ! prod ! exchangelabs ! com
[Download RAW message or body]

Actually, upon further review, I have discovered that there is a
discrepancy between LibreSSL's behavior and the behavior that is
documented.

The documentation for `SSL_CTX_set_{min,max}_proto_version` states:
```
Setting the minimum or maximum version to 0 will enable protocol
versions down to the lowest or up to the highest version *supported by
the library*, respectively.
```
(emphasis mine)

However, this does not appear to be the case. The functions
`ssl_version_set_{min,max}`, if called with `ver` equal to zero, will
set the minimum or maximum version of the `SSL_CTX` to the minimum or
maximum version supported by the `SSL_METHOD` that was passed to
`SSL_CTX_new`.

A proof of concept follows:
```
#include <openssl/ssl.h>
#include <openssl/ossl_typ.h>
#include <stdio.h>

int main(){
    SSL_CTX *ctx = NULL;
    ctx = SSL_CTX_new(TLSv1_2_method());

    SSL_CTX_set_min_proto_version(ctx, 0);
    printf("min ver: %d\n", SSL_CTX_get_min_proto_version(ctx));
    printf("max ver: %d\n", SSL_CTX_get_max_proto_version(ctx));
    return 0;
}
```

According to the documentation, the expected output should be:
```
min ver: 769
max ver: 771
```

However, the output that is obtained is actually:
```
min ver: 771
max ver: 771
```

I realize that this is, at worst, mere pedantry, as the use of
`TLSv{1,1_1,1_2}_{,server_,client_}method()` methods are discouraged,
and the recommended `SSL_METHOD` methods are
`TLS_{,server_,client_}method(); additionally, the protocols that the
recommended `SSL_METHOD`s enable are exactly congruous with the
protocols that LibreSSL supports.

However, the discrepancy between documented behavior and actual behavior
bothers me greatly.

Thanks for your attention regarding this matter.

Sincerely,
Alan Huang

-----Original Message-----
From: Huang, Alan [mailto:Alan.Huang@utdallas.edu] 
Sent: Thursday, June 28, 2018 9:00 PM
To: libressl@openbsd.org
Subject: SSL_CTX_get_{min,max}_proto_version behavior discrepancy?

I have noticed a discrepancy in the behaviors of \
`SSL_CTX_get_{min,max}_proto_version(3)` between LibreSSL and OpenSSL.

The intended behaviors of `SSL_CTX_get_{min,max}_proto_version(3)` seem unclear. The \
documentation from man.openbsd.org states:

```
The getter functions return the configured version or 0 if ctx or ssl has been \
configured to automatically use the lowest or highest version supported by the \
library. ```

This is identical to the documentation of the function in OpenSSL.
However, when running the following code:

```
#include <openssl/ssl.h>
#include <openssl/ossl_typ.h>
#include <stdio.h>

int main(){
    SSL_CTX *ctx = NULL;
    int v;
    ctx = SSL_CTX_new(TLS_method());

    printf("min ver: %d\n", SSL_CTX_get_min_proto_version(ctx));
    printf("max ver: %d\n", SSL_CTX_get_max_proto_version(ctx));
    return 0;
}
```

I get the following output using LibreSSL:

```
min ver: 769
max ver: 771
```

And the following output using OpenSSL:

```
min ver: 0
max ver: 0
```

From reading LibreSSL's source, I can see that when `SSL_CTX_new` is called, \
`ret->internal->{min,max}_version` is set to `meth->internal->{min,max}_version`.

However, OpenSSL's `SSL_CTX_new` sets `ret->min_proto_version` to zero.

I am using LibreSSL 2.7.4 and OpenSSL 1.1.0g  2 Nov 2017.

Both projects' documentation for `SSL_CTX_get_{min,max}_proto_version`
are identical. I'm unsure whether the differing implementations are intentional. I \
would appreciate clarification.

Thanks,
Alan Huang


[prev in list] [next in list] [prev in thread] [next in thread]