CVE-2023-40217: Bypass TLS handshake on closed sockets #108310
Description
Bug report
Originally reported by @aapooksman via the Python Security Response Team mailing list on 2023-08-08. Thanks for the responsible disclosure!
Checklist
- I am confident this is a bug in CPython, not a bug in a third-party project
- I have searched the CPython issue tracker,
and am confident this bug has not been reported before
CPython versions tested on:
3.8, 3.9, 3.10, 3.11, 3.12, CPython main branch
Operating systems tested on:
Linux, macOS
A clear and concise description of the bug:
Instances of ssl.SSLSocket are vulnerable to a bypass of the TLS handshake and included protections (like certificate verification) and could lead applications to treat unencrypted data received pre-TLS-handshake that is followed by an immediate connection close as if it were post-handshake TLS encrypted data.
Linked PRs
- gh-108310: Fix CVE-2023-40217: Check for & avoid the ssl pre-close flaw #108315
- [3.12] gh-108310: Fix CVE-2023-40217: Check for & avoid the ssl pre-close flaw #108316
- [3.11] gh-108310: Fix CVE-2023-40217: Check for & avoid the ssl pre-close flaw #108317
- [3.10] gh-108310: Fix CVE-2023-40217: Check for & avoid the ssl pre-close flaw #108318
- [3.9] gh-108310: Fix CVE-2023-40217: Check for & avoid the ssl pre-close flaw #108320
- [3.8] gh-108310: Fix CVE-2023-40217: Check for & avoid the ssl pre-close flaw #108321
- [3.8] gh-108310: Fix TestPreHandshakeClose tests in test_ssl #110718