Details
-
Bug
-
Resolution: Unresolved
-
P2: Important
-
None
-
6.1, 5.15, 6.2
-
-
8
-
Team 2 Foundation_Sprint 41, Foundation PM Prioritized
Description
When OpenSSL started supporting TLS 1.3, we noticed that QSslSocket would emit the PSK signal for every connection. To work around that we merged this patch:
https://codereview.qt-project.org/c/qt/qtbase/+/264895
This fixed the issue, surpressing the 0-RTT PSK callback from OpenSSL. And in our testing, there were no problem since the test servers we tested with didn't yet use or support TLS 1.3, so the handshake fell back to TLS 1.2 and queried for PSK again, but this time we do emit the signal.
Because the server was falling back to TLS 1.2 it wasn't noticed that if the client and server both use TLS 1.3 there is no room for the user to transmit the PSK (this would still be 0-RTT and would not have the identity hint set)!
We should investigate some ways to mitigate this (TLS 1.3 specific signal could be one option) or, at the very least, document the behavior.
For now users can opt-out and re-enable PSK for TLS 1.3 with QT_USE_TLS_1_3_PSK
Attachments
Issue Links
- mentioned in
-
Page Loading...
Gerrit Reviews
For Gerrit Dashboard: QTBUG-95670 | ||||||
---|---|---|---|---|---|---|
# | Subject | Branch | Project | Status | CR | V |
367921,8 | OpenSSL: Let people opt-in to use TLS 1.3 PSK callback | dev | qt/qtbase | Status: MERGED | +2 | 0 |
369833,2 | OpenSSL: Let people opt-in to use TLS 1.3 PSK callback | 6.2 | qt/qtbase | Status: MERGED | +2 | 0 |
369834,3 | OpenSSL: Let people opt-in to use TLS 1.3 PSK callback | 6.1 | qt/qtbase | Status: MERGED | +2 | 0 |
369835,3 | OpenSSL: Let people opt-in to use TLS 1.3 PSK callback | tqtc/lts-5.15 | qt/tqtc-qtbase | Status: MERGED | +2 | 0 |