Nmap Development mailing list archives
[NSE] Incorrect SNI construct in tls.lua
From: nnposter () users sourceforge net
Date: Tue, 8 Apr 2014 0:42:25 +0000
The current version of tls.lua implements the data structure of the SNI extension as a single name entry. The correct implementation, as specified in RFC 6066, is to treat it as a list (which typically consists of a single name entry). The effect of the bug is that the malformed extension is corrupting the tail of Client Hello, which in turn is causing some TLS server implementations reject the handshake. As an example, Windows Schannel is fine but IBM JSSE2 will abort. Cheers, nnposter Patch against revision 32792 follows: --- nselib/tls.lua.orig 2014-04-07 17:24:44.777719900 -0600 +++ nselib/tls.lua 2014-04-07 18:19:02.820709700 -0600 @@ -189,7 +189,7 @@ ["server_name"] = function (server_name) -- Only supports host_name type (0), as per RFC -- Support for other types could be added later - return bin.pack(">CSA", 0, #server_name, server_name) + return bin.pack(">P", bin.pack(">CP", 0, server_name)) end, ["max_fragment_length"] = tostring, ["client_certificate_url"] = tostring, _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] Incorrect SNI construct in tls.lua nnposter (Apr 07)
- Re: [NSE] Incorrect SNI construct in tls.lua Daniel Miller (Apr 07)