Hi,
I made some tests[1] with Leshan to check the behavoir of a DTLS
handshake failure.
Currently when the server is not able to continue the handshake
(handshake_failure (40), bad_certificate(42),
unsupported_certificate(43), ...) it terminates the session quietly.
The client will never get a response, and will retry again an
again, this looks like that :
-------(test with bad
psk)-----------
C: Client Hello
S: Hello Verify Request
C: Client Hello
S: Server Hello, Server Hello Done
C: Client Key Exhange, Change Cipher Spec, Encrypted Handshake
message.
// server does not validate the key and close the
session quietly
// the client try to re-send, and we start a dialogue
of deaf ...
C: Client Key Exhange, Change Cipher Spec, Encrypted Handshake
message.
S: Client Hello
C: Client Hello
C: Client Hello
S: Server Hello, Server
Hello Done
C: Client Key Exhange, Change Cipher Spec, Encrypted Handshake
message.
C: Client Key Exhange, Change Cipher
Spec, Encrypted Handshake message.
S: Client Hello
.... ...
------------------------------------
I don't know if this is the expected behavior.
The TLS 1.2 spec define handshake alert[2] and the Scandium code
seems to use it (AlertDescription.class[3])
I find in the code something which should be a bug in
terminateConnection[4], we send an alert message only if we have a
session in the session store but in case of Handshake failure we
have no session in the store (we add it in the store only when the
handshake is done)
I made a crappy workarround to send the alert message with the
session used by the Handshaker and get this :
-----(test with bad psk + 1 workaround)--
C: Client Hello
S: Hello Verify Request
C: Client Hello
S: Server Hello, Server Hello Done
C: Client Key Exhange, Change Cipher Spec, Encrypted Handshake
message.
S: Alert (internal error)
// server get the error and send an alert
// the client ignore it and another kind of dialogue
of deaf starts ...
C: Client Key Exhange, Change Cipher Spec, Encrypted Handshake
message.
S: Client Hello
S: Client Hello
C: Client Hello
S: Alert (Unexpected Message)
C: Client Key Exhange, Change Cipher Spec, Encrypted Handshake
message.
S: Client Hello
.... ...
------------------------------------
I think we get the same kind of problem at client side when it
receives the alert. This time it's in the processAlertRecord[5]
method.
So, I made the same kind of workaround at client side, the
communication looks better but the client still retry again and
again until timed out :
-----(test
with bad psk + 2 workarounds)--
C: Client Hello
S: Hello Verify Request
C: Client Hello
S: Server Hello, Server Hello Done
C: Client Key Exhange, Change Cipher Spec, Encrypted Handshake
message.
S: Alert (internal error)
// server get the error and send an alert
// client get it, but retry from beginning
C: Client Hello
S: Hello Verify Request
C: Client Hello
S: Server Hello, Server Hello Done
C: Client Key Exhange, Change Cipher Spec, Encrypted Handshake
message.
S: Alert (internal error)
.... ...
------------------------------------
For a Leshan/Californium user point of view this is a bit strange.
When we send a request through DTLS and the handshake fails, we get
no feedback and the request just failed with a timeout.
Should we get a message reject instead [6] or something like that ?
Simon
[1]https://github.com/eclipse/leshan/blob/x509-cert-impl/leshan-integration-tests/src/test/java/org/eclipse/leshan/integration/tests/SecurityTest.java#L66
[2]https://tools.ietf.org/html/rfc5246#appendix-A.3
[3]https://github.com/eclipse/californium.scandium/blob/master/src/main/java/org/eclipse/californium/scandium/dtls/AlertMessage.java#L108
[4]https://github.com/eclipse/californium.scandium/blob/master/src/main/java/org/eclipse/californium/scandium/DTLSConnector.java#L417
[5]https://github.com/eclipse/californium.scandium/blob/master/src/main/java/org/eclipse/californium/scandium/DTLSConnector.java#L482
[6]https://github.com/eclipse/californium/blob/master/californium-core/src/main/java/org/eclipse/californium/core/coap/MessageObserver.java#L69
|