Last Modified: Nov 02, 2023
Known Affected Versions:
14.1.4, 22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168, 14.1.5, 22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206, 220.127.116.11, 16.1.3, 18.104.22.168, 22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206
Opened: Apr 05, 2023 Severity: 3-Major
When the client Hello message contains session_ticket extension, it was observed that the extensions which are configured after the session ticket extension were not processed and all the extensions are being ignored.
A few requests are not forwarded correctly, for example, in scenario where server_name extension is configured after session_ticket but due to the current issue, [SSL::extensions exists -type 0] is returning 0 even though the server_name extension is present in Client Hello.
Configure SSL extensions along with session_ticket extension.
Configure all the required extensions before the session_ticket extension.
TLS extensions which are configured after session_ticket are not parsed from Client Hello messages. Changes have been made in such a way that ext_sz variable which holds the size of all the extns configured in client Hello message is not limited to SSL_SZ_SESSIONID which is 32 bytes.