|
|
|
|
|
|
by xenolinguist
4466 days ago
|
|
|
I'm one of the guys who helped isolate the problem that led to this bug report, and here's my take: I agree, this is not a vulnerability; it prevents legitimate connections rather than allowing illicit ones. Your "3rd party" remark doesn't make sense to me; In our case, we control the entire PKI, so both the client and server certificates are issued by our own "1st party". And it's definitely a bug - no quotes. The client is _not_ the party canceling the connection; it's failing to send a necessary signature verification message to the server during handshaking, which causes well-behaved _servers_ to send a fatal alert to the _client_. On the SecureTransport side, the library then downgrades the SSL version and tries to connect again. Note that I'm not suggesting the root bug is "implement ECC"; the root bug is the fact that NSURLCredential and/or NSURLConnection accept identities with invalid keys. The failure shouldn't be occurring 3/4 of the way through TLS handshaking, but at a much higher level where the next guy to run afoul of this won't lose a week to trying to figure out what they did wrong, when the real answer is (most likely) "You're using an unsupported key type". PS - The same issue is verified to exist in OS X as well as iOS. |
|
|
By "third party", I simply meant "server software not running on iOS". I wasn't referring to the PKI, which isn't actually implicated in this bug report.
The client isn't aborting the connection directly, but it is indirectly doing so by failing to complete the TLS handshake properly.
I'm not sure what the user-visible difference is between this failing mid-handshake versus failing when SecureTransport is configured, but I see what you mean about being annoying to debug.
The most likely reason you're the first person figuring this bug out even for OS X (unsurprising, given that SecureTransport is shared) is that most OS X browsers don't use SecureTransport, but rather NSS, which does have workable ECC client certs.
As you've discovered, client certificates are a bit of an exotic feature.