Re: Post-CVE Wishlist

On Fri, 2021-12-10 at 15:43 +0200, Heikki Linnakangas wrote:
> ProcessStartupPacket() currently reads the first 4 bytes coming from the 
> client to decide what kind of a connection it is, and I believe a TLS 
> ClientHello message always begins with the same sequence of bytes, so it 
> would be easy to check for.
> 
> You could use recv(.., MSG_PEEK | MSG_WAITALL) flags to leave the bytes 
> in the OS buffer. Not sure how portable that is, though. Alternatively, 
> you could stash them e.g. in a global variable and modify 
> secure_raw_read() to return those bytes first.
> 
> Overall, doesn't seem very hard to me.

After further thought... Seems like sharing a port between implicit and
explicit TLS will still allow a MITM to put bytes on the wire to try to
attack the client-to-server communication, because they can craft the
SSLRequest themselves and then hand it off to the real client.

But they shouldn't be able to attack the server-to-client communication
if the client is using implicit TLS, so it's still an overall
improvement? I wonder if there are any other protocols out there doing this.

--Jacob