New call to TTls12HandshakeProtocol.ReadSignatureAndHash is raising exceptions for connections which used to work
Posted: Wed 09 Jan 2019 19:53
We recently updated to SecureBridge 9.0.1 and are experiencing an issue where a new call to the TTls12HandshakeProtocol.ReadSignatureAndHash method is raising an exception for connections which worked fine under SecureBridge 8.1.3.
Below is the stack trace from version 9.0.1:
In TTls12HandshakeProtocol.ReadSignatureHash, line 651 is making a call to TCipherSuites.BufToSignatureScheme. Several calls to this method end up assigning ss to Result. However, at some point in the ReadSignatureHash loop, a call will reach the end of BufToSignatureScheme and an exception is raised.
Here is the code block. Debugger optimization is preventing me from evaluating it, so I can't tell what the values are, in TScSSLSignatureScheme.
In version 8.1.3, TClientHandshakeLayer.ProcessCertificateRequest never called TTls13HandshakeProtocol.ParseCertificateRequestMessage -> TTls12HandshakeProtocol.ReadSignatureAndHash -> TCipherSuites.BufToSignatureScheme. So, all of this is new to us.
Can you shed any light? Thanks!
Below is the stack trace from version 9.0.1:
Code: Select all
:00efc020 THandshakeProtocolService.ParseCertificateRequestMessage
:00ef5adb TClientHandshakeLayer.ProcessCertificateRequest + $8F
:00ef3f5f TClientHandshakeLayer.InternalProcessMessage + $83
:00ef9d11 TRecordLayer.ProcessBytes + $139
:00ef85c3 TSecureController.ProcessReceivedMessage + $23
:00ef844f TSecureController.Connect + $6F
:00f3e5c0 TSecureSocket.SetIsSecure + $B0
:00f42ca6 TScSSLClient.SetIsSecure + $282
Here is the code block. Debugger optimization is preventing me from evaluating it, so I can't tell what the values are, in TScSSLSignatureScheme.
Code: Select all
for ss := Low(TScSSLSignatureScheme) to High(TScSSLSignatureScheme) do
if Value = SIGNATURE_SCHEME_CODES[ss] then begin
Result := ss;
Exit;
end;
raise EScError.Create(seInvalidSignatureSchemeAlgorithm);
Can you shed any light? Thanks!