Opened 3 years ago

Last modified 22 months ago

#554 new Bug / Defect

Add support for partial TLS record reads (i.e. support 1/n-1 record splitting)

Reported by: Steffan Karger Owned by:
Priority: major Milestone: release 2.5
Component: Crypto Version: OpenVPN git master branch (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:
Cc:

Description

This ticket is a follow-up for #524.

OpenVPN assumes that its control channel messages are sent and received unfragmented, which is actually not conforming to the TLS spec. See RFC5246, section 6.2.1:

Client message boundaries are not preserved in the record layer (i.e.,
multiple client messages of the same ContentType? MAY be coalesced
into a single TLSPlaintext record, or a single message MAY be
fragmented across several records).

In practice, this assumption only becomes invalid if 1/n-1 record splitting is enabled in PolarSSL/mbed TLS. As a quick fix for #524, record splitting is explicitly disabled. (That should be fine for openvpn. Record splitting is a counter measure against the BEAST attack, which requires an attacker to influence the data in the records to obtain other data in the same record. But unlike browsers, openvpn does not give an attacker control over the transmitted data.)

Still, I think we should adhere to the spec to be able to support tricks like 1/n-1 splitting. It will make OpenVPN more robust against future changes in SSL libraries.

Change History (3)

comment:1 Changed 3 years ago by Steffan Karger

Milestone: release 2.4beta 2.4

comment:2 Changed 2 years ago by Steffan Karger

OpenVPN 3 support this now, and would like to be able use this feature to remove some limitations on the protocol. See https://github.com/OpenVPN/openvpn3/commit/2255bab0.

comment:3 Changed 22 months ago by Gert Döring

Milestone: beta 2.4release 2.5

still relevant, but missed the boat -> 2.5

Note: See TracTickets for help on using tickets.