[SERVER-33329] Server and Shell do not emit TLS "protocol_version" alert messages Created: 14/Feb/18  Updated: 29/Oct/23  Resolved: 01/May/18

Status: Closed
Project: Core Server
Component/s: Networking, Security, Shell
Affects Version/s: None
Fix Version/s: 3.4.15, 3.6.5, 4.0.0-rc0

Type: Bug Priority: Major - P3
Reporter: Spencer Jackson Assignee: Spencer Jackson
Resolution: Fixed Votes: 0
Labels: security
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backports
Depends
Duplicate
is duplicated by SERVER-34813 SocketException: Secure.Transport: -9... Closed
Gantt Dependency
has to be done after SERVER-34237 Expose means for shell to disable TLS... Closed
Related
related to SERVER-39941 Report TLS handshake errors to client Backlog
Backwards Compatibility: Fully Compatible
Operating System: ALL
Backport Requested:
v3.6, v3.4, v3.2
Sprint: Platforms 2018-03-26, Platforms 2018-04-09, Platforms 2018-04-23, Platforms 2018-05-07
Participants:

 Description   

When connecting a shell which only supports TLS1.0 to an instance of openssl s_server, running with the arguments openssl s_server -port 27017 -cert jstests/libs/server.pem -tls1_2, the following error is emitted:

sajack@spencerjacksonDesktop /home/sajack/mongo git master () % ./mongo --ssl --sslCAFile jstests/libs/ca.pem --sslPEMKeyFile jstests/libs/server.pem --sslDisabledProtocols=TLS1_1,TLS1_2
MongoDB shell version v0.0.0
connecting to: mongodb://127.0.0.1:27017
2018-02-14T12:11:13.902-0500 E NETWORK  [thread1] SSL: error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version
2018-02-14T12:11:13.903-0500 E QUERY    [thread1] Error: socket exception [CONNECT_ERROR] :
connect@src/mongo/shell/mongo.js:251:13
@(connect):1:6
exception: connect failed

When connecting the same shell to a mongod which only supports TLS1.2, the following is emitted instead:

sajack@spencerjacksonDesktop /home/sajack/mongo git master () % ./mongo --ssl --sslCAFile jstests/libs/ca.pem --sslPEMKeyFile jstests/libs/server.pem --sslDisabledProtocols=TLS1_1,TLS1_2
MongoDB shell version v0.0.0
connecting to: mongodb://127.0.0.1:27017
2018-02-14T12:12:52.060-0500 E QUERY    [thread1] Error: socket exception [CLOSED] server [127.0.0.1:27017] :
connect@src/mongo/shell/mongo.js:251:13
@(connect):1:6
exception: connect failed

No "alert protocol version" error was emitted.

Per RFC 5246 Appendix E, TLS protocol version negotiation is:

A TLS 1.2 client who wishes to negotiate with such older servers will
send a normal TLS 1.2 ClientHello, containing { 3, 3 } (TLS 1.2) in
ClientHello.client_version. If the server does not support this
version, it will respond with a ServerHello containing an older
version number. If the client agrees to use this version, the
negotiation will proceed as appropriate for the negotiated protocol.

If the client sends a protocol version which is older than the server's oldest supported version, or the server replies with a protocol which is older than the client's oldest supported version:

If the version chosen by the server is not supported by the client
(or not acceptable), the client MUST send a "protocol_version" alert
message and close the connection.

If server supports (or is
willing to use) only versions greater than client_version, it MUST
send a "protocol_version" alert message and close the connection.

The has logic to print information about any fatal TLS errors it receives during handshake. However on protocol error, the server simply closes the socket without sending the alert message.

It appears that ASIO does not flush its buffers to the network when "fatal" errors are emitted by OpenSSL. This doesn't seem to be correct.

The following is how openssl s_server handles the raised error:

                case SSL_ERROR_SSL:
                    BIO_printf(bio_s_out, "ERROR\n");
                    (void)BIO_flush(bio_s_out);
                    ERR_print_errors(bio_err);
                    ret = 1;
                    goto err;
                    /* break; */



 Comments   
Comment by Githook User [ 04/May/18 ]

Author:

{'email': 'spencer.jackson@mongodb.com', 'name': 'Spencer Jackson', 'username': 'spencerjackson'}

Message: SERVER-33329: Make server and shell emit TLS protocol_version alerts

(cherry picked from commit 51af489a86f1862de87b51f26a9e818ec3b5df04)
(cherry picked from commit 56e653fdd204e1ad091e0736454aefc005b5ce3f)
Branch: v3.4
https://github.com/mongodb/mongo/commit/bc99911f0bbe0d0c18d46bd0ad44c0b136a162ff

Comment by Githook User [ 03/May/18 ]

Author:

{'email': 'spencer.jackson@mongodb.com', 'name': 'Spencer Jackson', 'username': 'spencerjackson'}

Message: SERVER-33329: Make server and shell emit TLS protocol_version alerts

(cherry picked from commit 51af489a86f1862de87b51f26a9e818ec3b5df04)
Branch: v3.6
https://github.com/mongodb/mongo/commit/56e653fdd204e1ad091e0736454aefc005b5ce3f

Comment by Githook User [ 01/May/18 ]

Author:

{'email': 'spencer.jackson@mongodb.com', 'name': 'Spencer Jackson', 'username': 'spencerjackson'}

Message: SERVER-33329: Make server and shell emit TLS protocol_version alerts
Branch: master
https://github.com/mongodb/mongo/commit/51af489a86f1862de87b51f26a9e818ec3b5df04

Generated at Thu Feb 08 04:33:03 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.