Unable to set IsSecure with TLSv1.3

Discussion of open issues, suggestions and bugs regarding network security and data protection solution - SecureBridge
Post Reply
robert84
Posts: 8
Joined: Sun 28 Aug 2022 16:51

Unable to set IsSecure with TLSv1.3

Post by robert84 » Sun 28 Aug 2022 20:11

Hi

I'm having some trouble setting IsSecure on TLSv1.3. When I attempt so I get a EScError exception with message: 'The other side has sent a failure alert: [47]'

The code to trigger it is very simple, it is basically:

Code: Select all

    Protocols := [spTls13];
    Connect;
    IsSecure := True;
I'm providing a complete ZIP including:

- stunnel config file to run as server side
- Delphi 7 test project

It can be downloaded from: https://oshi.at/XDZf

In order to reproduce:

1. Start stunnel with:

Code: Select all

sudo stunnel test.conf
2. Build Project1.dpr and run it.

3. Press on button labeled 'TLSv1.2'. You'll see that a successful connection is logged on stunnel:

Code: Select all

2022.08.28 21:59:53 LOG5[0]: Service [test] accepted connection from 127.0.0.1:42950
2022.08.28 21:59:53 LOG6[0]: Peer certificate not required
2022.08.28 21:59:53 LOG6[0]: No peer certificate received
2022.08.28 21:59:53 LOG6[0]: Session id: XXXX
2022.08.28 21:59:53 LOG6[0]: TLS accepted: new session negotiated
2022.08.28 21:59:53 LOG6[0]: TLSv1.2 ciphersuite: ECDHE-RSA-AES256-GCM-SHA384 (256-bit encryption)
2022.08.28 21:59:53 LOG6[0]: Local mode child started (PID=1089023)
4. Now press button labeled 'TLSv1.3'. The app will raise EScError exception, and stunnel will display this:

Code: Select all

2022.08.28 22:02:35 LOG5[0]: Service [test] accepted connection from 127.0.0.1:42952
2022.08.28 22:02:35 LOG6[0]: Peer certificate not required
2022.08.28 22:02:35 LOG3[0]: SSL_accept: ../ssl/statem/extensions_srvr.c:697: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share
2022.08.28 22:02:35 LOG5[0]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket

robert84
Posts: 8
Joined: Sun 28 Aug 2022 16:51

Re: Unable to set IsSecure with TLSv1.3

Post by robert84 » Wed 31 Aug 2022 18:44

Test case for Lazarus (tested on win32):

https://oshi.at/Gciz

Raedel
Posts: 2
Joined: Wed 19 Oct 2022 18:12

Re: Unable to set IsSecure with TLSv1.3

Post by Raedel » Wed 19 Oct 2022 19:29

Same Issue... Answer from devs?

Post Reply