Rustls (or briansmith/ring) AES CBC option DONT_INSERT_EMPTY_FRAGMENTS analogue

0
votes

I am using rustls library (https://github.com/ctz/rustls) for the TLS connections. Everything is good except that some servers don't establish the connection (fails after HelloClient message) due to they do not support empty fragments for CBC mode (the option name from the OpenSSL is SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS, more details here https://www.openssl.org/~bodo/tls-cbc.txt). I know that rustls uses ring library as well (https://github.com/briansmith/ring), but I couln't find the similar option there also.

I tried to research the rustls and ring code, but no similar option were found.

I expect to establish the tls connection without empty fragments with the server that doesn't support it. E.g. Window 7 uses tls 1.0 (or 1.1) by default.

Thank you for help.

1
rust

1 Answers

1
votes

Rustls doesn't support CBC cipher suites or TLS 1.0 or 1.1. The way CBC is used (MAC-then-Encrypt) in TLS is considered insecure (especially so when used with the option you want), and Rustls doesn't implement insecure algorithms. Rustls supports TLS 1.2 and 1.3 and only AEAD algorithms (AES-GCM and ChaCha20-Poly1305).

If you want to write a server using Rustls, you'll need to ensure your clients support at least TLS 1.2 and use secure cipher suites. You should do this anyway if you care about your data security or have any sort of compliance requirements.

As a note, Windows 7 will be EOL in January, so its TLS support shouldn't be a concern after then.