Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

schannel: ban server ALPN selection during recv renegotiation #9463

Closed
wants to merge 4 commits into from
Closed

schannel: ban server ALPN selection during recv renegotiation #9463

wants to merge 4 commits into from

Conversation

jay
Copy link
Member

@jay jay commented Sep 9, 2022

By the time schannel_recv is renegotiating the connection, libcurl has already decided on a protocol and it is too late for the server to select a protocol via ALPN.

Ref: #9451

Closes #xxxx

I'm not entirely sure if this is correct, I don't really understand the way ALPN is expected to work on renegotiation. For example, if the connection is immediately renegotiated before any application data is received, then maybe it would work to change protocols based on server ALPN selection?

@jay jay added TLS Windows Windows-specific labels Sep 9, 2022
@jay jay mentioned this pull request Sep 9, 2022
Closed
@jay jay force-pushed the schannel_alpn_on_renegotiate branch 2 times, most recently from 6e58c00 to 3c8f463 Compare September 14, 2022 07:54
@jay
Copy link
Member Author

jay commented Sep 14, 2022

I've modified this slightly to allow the server to select an ALPN protocol on renegotiation as long as it is the same as what was originally selected, since it's not documented how schannel handles this.

@jay
schannel: ban server ALPN selection during recv renegotiation
6713b21 
By the time schannel_recv is renegotiating the connection, libcurl has
already decided on a protocol and it is too late for the server to
select a protocol via ALPN.

Ref: curl#9451

Closes #xxxx
@jay
squashme: relax the check
6748cee 
Change it so the server can select an ALPN protocol during renegotiation
just not different than what it originally selected.
@jay
squashme: fixup init local alpn var
4eb1e9d
@jay
squashme: don't squelch alpn accepted msg on renegotiation
e251a78
@jay jay force-pushed the schannel_alpn_on_renegotiate branch from 3c29651 to e251a78 Compare September 22, 2022 07:25
@jay jay closed this in 5c0d02b Sep 26, 2022
@jay jay deleted the schannel_alpn_on_renegotiate branch September 26, 2022 07:32
jquepi pushed a commit to jquepi/curl.1.555 that referenced this pull request Oct 24, 2022
@jay @jquepi
schannel: ban server ALPN change during recv renegotiation
8efdcf6 
By the time schannel_recv is renegotiating the connection, libcurl has
already decided on a protocol and it is too late for the server to
select a protocol via ALPN except for the originally selected protocol.

Ref: curl/curl#9451

Closes curl/curl#9463
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
TLS Windows Windows-specific
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@jay