Some problems with TLS 1.3 and PSK

Mon Jan 14 13:48:42 CET 2019

Hi guys,

as you know, Moonshot and the Trust Router use dynamically established 
TLS PSK for allowing communication between RADIUS servers.
This has been working nicely so far, but I've started testing with 
Debian Buster, which ships OpenSSL 1.1 which defaults to TLS 1.3 and 
I've found some issues with both, 3.0.17 and 3.0.18.
All the problems are not shown if tls_max_version = 1.2 is used.

In 3.0.17, problems only arise when psk_query is used with the 
certificate TLS configuration parameters. When using psk_hexphrase and 
psk_identity without any certificate parameter, everything works as well.

This is what happens with psk_query + certificates activated:

On the client:
openssl s_client -connect 172.17.0.2:2083 -psk 
03592CFAD91DB9E6DBDC022A80E14D15B62493C7D6D114272FD70374EA920E75DEB5DFC760487D96F8E1D4310FC617167DD539CB4245BEFE083BE71CA28F937A13EE3ECA0EBC4FC6687A948CE0F32FBF99AAF2B9024EAEF5688B1CA054F3DDA54D65277223ED25FB3C2D7F39FDE1FE1D2EF1D8B6F04F97121095A077A33784CD2754E0E6A8511F5DC334A0394E41B7300ED7ACCC62F8903B9092A0CD40FA12F8DC825852BD080292519450F37C80D96033704E86E36874635D800F0AD4230E9C9343060E25343BF9D33A12B979EF6318A6F32FCE9791423C82DE8DCF17634247592D86F4F5029CFF258D6DDC8ADDFB6223E02C8B7843C991686966775B9044D3 
-psk_identity key-2378d9 -cipher aPSK

On the server:
Listening on auth from client (172.17.0.3, 34362) -> (*, 2083, 
virtual-server=abfab-idp)
Waking up in 0.4 seconds.
(0) Initiating new EAP-TLS session
(0) Setting verify mode to require certificate from client
(0) (other): before SSL initialization
(0) TLS_accept: before SSL initialization
(0) TLS_accept: before SSL initialization
(0) <<< recv UNKNOWN TLS VERSION ?0304? [length 0176]
rlm_sql (psksql): Reserved connection (0)
(0) Executing select query: select 
'03592CFAD91DB9E6DBDC022A80E14D15B62493C7D6D114272FD70374EA920E75DEB5DFC760487D96F8E1D4310FC617167DD539CB4245BEFE083BE71CA28F937A13EE3ECA0EBC4FC6687A948CE0F32FBF99AAF2B9024EAEF5688B1CA054F3DDA54D65277223ED25FB3C2D7F39FDE1FE1D2EF1D8B6F04F97121095A077A33784CD2754E0E6A8511F5DC334A0394E41B7300ED7ACCC62F8903B9092A0CD40FA12F8DC825852BD080292519450F37C80D96033704E86E36874635D800F0AD4230E9C9343060E25343BF9D33A12B979EF6318A6F32FCE9791423C82DE8DCF17634247592D86F4F5029CFF258D6DDC8ADDFB6223E02C8B7843C991686966775B9044D3' 
from (select 'x' as dummy)
rlm_sql (psksql): Released connection (0)
(0) EXPAND %{psksql:select 
'03592CFAD91DB9E6DBDC022A80E14D15B62493C7D6D114272FD70374EA920E75DEB5DFC760487D96F8E1D4310FC617167DD539CB4245BEFE083BE71CA28F937A13EE3ECA0EBC4FC6687A948CE0F32FBF99AAF2B9024EAEF5688B1CA054F3DDA54D65277223ED25FB3C2D7F39FDE1FE1D2EF1D8B6F04F97121095A077A33784CD2754E0E6A8511F5DC334A0394E41B7300ED7ACCC62F8903B9092A0CD40FA12F8DC825852BD080292519450F37C80D96033704E86E36874635D800F0AD4230E9C9343060E25343BF9D33A12B979EF6318A6F32FCE9791423C82DE8DCF17634247592D86F4F5029CFF258D6DDC8ADDFB6223E02C8B7843C991686966775B9044D3' 
from (select 'x' as dummy)}
(0)    --> 
03592CFAD91DB9E6DBDC022A80E14D15B62493C7D6D114272FD70374EA920E75DEB5DFC760487D96F8E1D4310FC617167DD539CB4245BEFE083BE71CA28F937A13EE3ECA0EBC4FC6687A948CE0F32FBF99AAF2B9024EAEF5688B1CA054F3DDA54D65277223ED25FB3C2D7F39FDE1FE1D2EF1D8B6F04F97121095A077A33784CD2754E0E6A8511F5DC334A0394E41B7300ED7ACCC62F8903B9092A0CD40FA12F8DC825852BD080292519450F37C80D96033704E86E36874635D800F0AD4230E9C9343060E25343BF9D33A12B979EF6318A6F32FCE9791423C82DE8DCF17634247592D86F4F5029CFF258D6DDC8ADDFB6223E02C8B7843C991686966775B9044D3
(0) TLS_accept: SSLv3/TLS read client hello
(0) >>> send UNKNOWN TLS VERSION ?0304? [length 0058]
(0) TLS_accept: SSLv3/TLS write server hello
(0) >>> send UNKNOWN TLS VERSION ?0304? [length 0001]
(0) TLS_accept: SSLv3/TLS write change cipher spec
(0) TLS_accept: TLSv1.3 early data
(0) TLS_accept: Need to read more data: TLSv1.3 early data
(0) In SSL Handshake Phase
(0) In SSL Accept mode
Waking up in 0.4 seconds.
(0) <<< recv UNKNOWN TLS VERSION ?0304? [length 0002]
(0) ERROR: TLS Alert read:fatal:internal error
(0) TLS_accept: Need to read more data: error
(0) ERROR: Failed in __FUNCTION__ (SSL_read): error:14094438:SSL 
routines:ssl3_read_bytes:tlsv1 alert internal error
(0) In SSL Handshake Phase
(0) In SSL Accept mode
(0) SSL Application Data
(0) SSL_read Error
(0) ERROR: Error in fragmentation logic
(0) Application data status 4
Waking up in 0.4 seconds.
Closing TLS socket from client port 34362

In 3.0.18, things are different. It complains about the session:
  ... new connection request on TCP socket
Listening on auth from client (172.17.0.3, 34384) -> (*, 2083, 
virtual-server=abfab-idp)
Waking up in 0.9 seconds.
(0) Initiating new TLS session
(0) Setting verify mode to require certificate from client
(0) (other): before SSL initialization
(0) TLS_accept: before SSL initialization
(0) TLS_accept: before SSL initialization
(0) <<< recv TLS 1.3  [length 0176]
rlm_sql (psksql): Reserved connection (0)
(0) Executing select query: select 
'03592CFAD91DB9E6DBDC022A80E14D15B62493C7D6D114272FD70374EA920E75DEB5DFC760487D96F8E1D4310FC617167DD539CB4245BEFE083BE71CA28F937A13EE3ECA0EBC4FC6687A948CE0F32FBF99AAF2B9024EAEF5688B1CA054F3DDA54D65277223ED25FB3C2D7F39FDE1FE1D2EF1D8B6F04F97121095A077A33784CD2754E0E6A8511F5DC334A0394E41B7300ED7ACCC62F8903B9092A0CD40FA12F8DC825852BD080292519450F37C80D96033704E86E36874635D800F0AD4230E9C9343060E25343BF9D33A12B979EF6318A6F32FCE9791423C82DE8DCF17634247592D86F4F5029CFF258D6DDC8ADDFB6223E02C8B7843C991686966775B9044D3' 
from (select 'x' as dummy)
rlm_sql (psksql): Released connection (0)
(0) EXPAND %{psksql:select 
'03592CFAD91DB9E6DBDC022A80E14D15B62493C7D6D114272FD70374EA920E75DEB5DFC760487D96F8E1D4310FC617167DD539CB4245BEFE083BE71CA28F937A13EE3ECA0EBC4FC6687A948CE0F32FBF99AAF2B9024EAEF5688B1CA054F3DDA54D65277223ED25FB3C2D7F39FDE1FE1D2EF1D8B6F04F97121095A077A33784CD2754E0E6A8511F5DC334A0394E41B7300ED7ACCC62F8903B9092A0CD40FA12F8DC825852BD080292519450F37C80D96033704E86E36874635D800F0AD4230E9C9343060E25343BF9D33A12B979EF6318A6F32FCE9791423C82DE8DCF17634247592D86F4F5029CFF258D6DDC8ADDFB6223E02C8B7843C991686966775B9044D3' 
from (select 'x' as dummy)}
(0)    --> 
03592CFAD91DB9E6DBDC022A80E14D15B62493C7D6D114272FD70374EA920E75DEB5DFC760487D96F8E1D4310FC617167DD539CB4245BEFE083BE71CA28F937A13EE3ECA0EBC4FC6687A948CE0F32FBF99AAF2B9024EAEF5688B1CA054F3DDA54D65277223ED25FB3C2D7F39FDE1FE1D2EF1D8B6F04F97121095A077A33784CD2754E0E6A8511F5DC334A0394E41B7300ED7ACCC62F8903B9092A0CD40FA12F8DC825852BD080292519450F37C80D96033704E86E36874635D800F0AD4230E9C9343060E25343BF9D33A12B979EF6318A6F32FCE9791423C82DE8DCF17634247592D86F4F5029CFF258D6DDC8ADDFB6223E02C8B7843C991686966775B9044D3
(0) TLS_accept: SSLv3/TLS read client hello
(0) >>> send TLS 1.3  [length 0058]
(0) TLS_accept: SSLv3/TLS write server hello
(0) >>> send TLS 1.3  [length 0001]
(0) TLS_accept: SSLv3/TLS write change cipher spec
(0) TLS_accept: TLSv1.3 early data
(0) TLS_accept: Need to read more data: TLSv1.3 early data
(0) TLS - In Handshake Phase
(0) TLS - Failed getting session
(0) FAILED in TLS handshake receive
Closing TLS socket from client port 34384
Client has closed connection
  ... shutting down socket auth from client (172.17.0.3, 34384) -> (*, 
2083, virtual-server=abfab-idp)
Waking up in 2.9 seconds.
... cleaning up socket auth from client (172.17.0.3, 34384) -> (*, 2083, 
virtual-server=abfab-idp)
Ready to process requests

In this case, the issue seems to have been caused by this commit 
https://github.com/FreeRADIUS/freeradius-server/commit/f2d93cffbd1a78ae2dbf136d8a0c41173c172f1d, 
as reverting it reverts to the previous issue with 3.0.17.

Any ideas with the issue with 3.0.17?

Thanks,

-- 
Alejandro Perez-Mendez
Technical Specialist (AAA), Trust & Identity
M (+34) 619 333 219
Skype alejandro_perez_mendez
jisc.ac.uk

Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800.

Jisc Services Limited is a wholly owned Jisc subsidiary and a company limited by guarantee which is registered in England under company number 2881024, VAT number GB 197 0632 86. The registered office is: One Castle Park, Tower Hill, Bristol BS2 0JA. T 0203 697 5800.  