-
Notifications
You must be signed in to change notification settings - Fork 77
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
concern regarding TLS extension sorting #22
Comments
Sort-normalization is used for both QUIC and TLS when the "tls/1" fingerprint format is in use. QUIC_Extension is included in the TLS fingerprint specification just because QUIC extensions are essentially TLS extensions, and thus could show up there. The primary goal for the fingerprint strings is enable exact matching between a protocol message and a database of fingerprint strings. Sort normalization is needed for that use case, which is why we developed the tls/1 format. We left the code in place to select the older tls/ format to support other use cases, such the one you are describing. There is more background info at https://hnull.org/2022/12/01/sorting-out-randomized-tls-fingerprints/. Thanks for pointing out the issue of server responses depending on the extension order. It makes me wonder: does the Google/Android library avoid reordering some extensions? If so, that would introduce a recognizable behavior that could be used in fingerprinting. If not, it seems that some sessions might needlessly get rejected by the server. |
Thanks for clearing that up. Do you agree that the current documentation you are responding to is vague here? If so I think it would be helpful to update it. This way people will clearly know that both
thats fine, but then it seems that the word "older" is misleading, as while its technically true, the "older" option is still valid and will remain so for the foreseeable future. both use cases are important, so in my opinion one is not "better" than the other, they have different use cases. It might be better to just call them:
or similar. to me "older" is similar to "discontinued" or "obsolete".
I dont agree with your wording here. an implementation does not "avoid reordering". an implementation might just send the extensions in whatever order they were constructed in. "avoid reordering" suggests that the client took an active role against changing the order, when in all likelihood the extensions were just dumped into an array and sent as is. its reordering thats an active process, one that a client would purposefully have needed to implement.
client and server are not randomizing or sorting here, as it would be wasted computation on both sides. at least in the case of |
I came across this today:
https://github.com/cisco/mercury/blob/main/doc/npf.md#tls
which is concerning. some servers, such as
android.googleapis.com
, are sensitive to the extension order. This is not theoretical. for example, using these extensions:I get this result:
if I swap the first two, I get this:
So if extensions are sorted, then an NPF cannot be used to reconstruct the original client hello, which would make it useless for actually making network requests. So imagine this conversation:
Also, this is confusing:
supposedly
tls/1
sorts the extensions, but it also listsQUIC_Extension
. does that mean only QUIC hellos can be sorted?The text was updated successfully, but these errors were encountered: