You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
tlsfuzzer sends the QUIC transport parameters extension (extension number 57) in various test scripts, for example in test-tls13-shuffled-extentions.py, test-tls13-large-number-of-extensions.py, or test-large-hello.py. This extension MUST NOT be sent unless the transport is QUIC and endpoints that support the extension receiving it MUST abort the handshake with an unsupported extension alert, see the penultimate paragraph in RFC 9001, section 8.2.
While it is possible to work around this by excluding extension number 57 using the --exc command line flag or using -m in the case of test-large-hello.py, it would be nice if tlsfuzzer did not send this extension by default, or, alternatively, if it didn't fail on receiving an unsupported extension alert on sending it.
Describe how to reproduce the problem
We ran into this issue during our regular tlsfuzzer runs against LibreSSL head with this commit: openbsd/src@db80cf4
Expected behaviour
tlsfuzzer does not send QUIC transport parameters or if it does it handles unsupported extension alerts gracefully.
Include errors or backtraces
multiple extensions 16377 ...
Error encountered while processing node ExpectServerHello() (child: <tlsfuzzer.expect.ExpectCertificate object at 0x4acdd4f5280>) with last message being: <tlslite.messages.Message object at 0x4ad338f47f0>
Error while processing
Traceback (most recent call last):
File "/usr/local/share/tlsfuzzer/scripts/test-large-hello.py", line 423, in main
runner.run()
File "/usr/local/lib/python3.9/site-packages/tlsfuzzer/runner.py", line 234, in run
raise AssertionError("Unexpected message from peer: " +
AssertionError: Unexpected message from peer: Alert(fatal, unsupported_extension)
The text was updated successfully, but these errors were encountered:
Bug Report
System Information
Problem description
tlsfuzzer sends the QUIC transport parameters extension (extension number 57) in various test scripts, for example in
test-tls13-shuffled-extentions.py
,test-tls13-large-number-of-extensions.py
, ortest-large-hello.py
. This extension MUST NOT be sent unless the transport is QUIC and endpoints that support the extension receiving it MUST abort the handshake with an unsupported extension alert, see the penultimate paragraph in RFC 9001, section 8.2.While it is possible to work around this by excluding extension number 57 using the
--exc
command line flag or using-m
in the case of test-large-hello.py, it would be nice if tlsfuzzer did not send this extension by default, or, alternatively, if it didn't fail on receiving an unsupported extension alert on sending it.Describe how to reproduce the problem
We ran into this issue during our regular tlsfuzzer runs against LibreSSL head with this commit:
openbsd/src@db80cf4
Expected behaviour
tlsfuzzer does not send QUIC transport parameters or if it does it handles unsupported extension alerts gracefully.
Include errors or backtraces
The text was updated successfully, but these errors were encountered: