000035885 - TLS 1.3 interoperability with RSA BSAFE Micro Edition Suite (MES) using Extended Random TLS extension

Document created by RSA Customer Support Employee on Jan 11, 2018
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000035885
Applies ToRSA Product Set: BSAFE Micro Edition Suite (MES)
RSA Product/Service Type: Extended Random TLS Extension
RSA Version/Condition: 3.2.x.x to 4.0.3
IssueTLS 1.3-capable clients may fail to connect to a TLS server build with RSA BSAFE Micro Edition Suite (MES).
CauseSome versions of RSA BSAFE Micro Edition Suite (MES) implemented the draft TLS extension ID #40 as “Extended Random” whereas TLS 1.3 draft uses ID #40 as “key_share” extension, causing a TLS draft 1.3-capable client to fail to connect to a TLS server built with those versions of MES.
 
ResolutionSource code version customers of MES 3.2.x.x must recompile MES with -DNO_TLS_EXT_RAND compilation flag.
Source code version customers of MES 4.0 to 4.0.3 must ensure to recompile MES without -DTLS_EXT_RAND compilation flag.
 
NotesThe RSA BSAFE product suite is available in a pre-compiled binary format, as well as source code for customers licensed to the latter format.
RSA BSAFE MES versions 3.2.x.x. to 4.0.3 allowed the inclusion and use of the "Extended Random" TLS extension draft.
Binary format of MES provided by RSA to customers was compiled to make the Extended Random TLS extension unavailable.
Customers compiling their own version of MES have the ability to opt-in, or opt-out of this TLS extension. 
Note that no version of BSAFE supports TLS 1.3 as of January 2018.

Attachments

    Outcomes