[asterisk-bugs] [JIRA] (ASTERISK-28657) SIPS TLS connection fails when session ticket extension is used

Marcel Dischinger (JIRA) noreply at issues.asterisk.org
Fri Dec 13 03:57:31 CST 2019 

     [ https://issues.asterisk.org/jira/browse/ASTERISK-28657?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Marcel Dischinger updated ASTERISK-28657:
-----------------------------------------

    Attachment: tlstest.pcap

Trace of TLS setup with Asterisk.
First, a TLS session is successfully established. See there the NewSessionTicket part.
The TLS session is then terminated by the client.
The client sets up a new session, sending the session ticket from the NewSessionTicket part now in the ClientHello, triggering the internal error in OpenSSL, leading to Asterisk closing the connection.

> SIPS TLS connection fails when session ticket extension is used
> ---------------------------------------------------------------
>
>                 Key: ASTERISK-28657
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-28657
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Channels/chan_sip/General
>    Affects Versions: 13.21.0
>         Environment: Tested with LTS certified, but according to the code this problem should apply to all newer versions as well.
> Using Debian Stretch and the dependencies used there (e.g., OpenSSL 1.1.0k).
> Using Asterisk with SIPS.
>            Reporter: Marcel Dischinger
>         Attachments: tlstest.pcap
>
>
> The TLS implementation of Asterisk using OpenSSL has a flaw that results in OpenSSL bailing with an internal error when a client tries to use session-reuse with the session ticket extension. This happens when Asterisk is used as a server for SIPS connections, i.e., SIPS-clients set up a TLS connection to Asterisk.
> h2. How does this work?
> # Client contacts Asterisk to set up a TLS connection
> # Certificates are exchanged, keys are derived
> # TLS session established
> # Asterisk sends a TLS NewSessionTicket extension message (see RFC 5077) to the client
> # TLS session is closed
> # Client starts a new TLS session, sends the session ticket from 4. with the ClientHello
> # Asterisk/OpenSSL should use this ticket to establish a new TLS session reusing the exchanged keys from the previous session.
> h2. Bug analysis
> From the asterisk log:
> {quote}ERROR tcptls.c: Problem setting up ssl connection: error:00000001:lib(0):func(0):reason(1), Internal SSL error
> WARNING tcptls.c: FILE * open {quote}
> Reason for this is described in the warning for ssl_ctx_set_session_id_context in OpenSSL (see, e.g.,
> https://linux.die.net/man/3/ssl_ctx_set_session_id_context): session id context is not set.
> h2. Bugfix
> To fix this, this context has to be set in  tcptls.c:__ssl_setup, e.g., directly before setting up the TLS options, right after setting up the general SSL-contect. There, add the following line:
> SSL_CTX_set_session_id_context(cfg->ssl_ctx, (const unsigned char *) "asterisk", 8);
> As an alternative, you can also disable the usage of RFC5077 by setting the SSL option SSL_OP_NO_TICKET. With this, Asterisk will no longer send the NewSessionTicket extension message, hence for the second TLS setup a SessionTicket is not included in the ClientHello.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list