Skip to content
  • There are no suggestions because the search field is empty.

TLS 1.3 interoperability with RSA BSAFE Micro Edition Suite (MES) using Extended Random TLS extension

Issue

TLS 1.3-capable clients may fail to connect to a TLS server build with RSA BSAFE Micro Edition Suite (MES).


Cause

Some versions of RSA BSAFE Micro Edition Suite (MES) implemented the draft TLS extension ID #40 as “Extended Random” whereas TLS 1.3 draft uses ID #40 as “key_share” extension, causing a TLS draft 1.3-capable client to fail to connect to a TLS server built with those versions of MES.

Resolution

Source code version customers of MES 3.2.x.x must recompile MES with -DNO_TLS_EXT_RAND compilation flag.
Source code version customers of MES 4.0 to 4.0.3 must ensure to recompile MES without -DTLS_EXT_RAND compilation flag.

Notes

The RSA BSAFE product suite is available in a pre-compiled binary format, as well as source code for customers licensed to the latter format.

RSA BSAFE MES versions 3.2.x.x. to 4.0.3 allowed the inclusion and use of the "Extended Random" TLS extension draft.
Binary format of MES provided by RSA to customers was compiled to make the Extended Random TLS extension unavailable.
Customers compiling their own version of MES have the ability to opt-in, or opt-out of this TLS extension. 

Note that no version of BSAFE supports TLS 1.3 as of January 2018.

Internal Comments

Francois Lamoureux -- 29 Dec 2017
Do not publish / approve before I say so please, to be approved by Najeeb.

Jeff Shurtliff -- 5 Jan 2018
Removed the article from publication in Salesforce and am assigning the new draft to Francois until it is ready to be published.  Francois is to submit the article for technical once it is allowed to be published.
The article on RSA Link ( https://community.rsa.com/docs/DOC-85432) was moved to the RSA BSAFE Staging space temporarily.
When the article has been technically reviewed and enters the KCS Approval Queue, the article will need to be moved back to the RSA BSAFE Knowledge Base space before publishing the new draft.

Najeeb Peracha -- 11 Jan 2018
Setting the  Audience to  External and the  product category to (All => All RSA Products => ADMINISTRATIVE =>) “ Security Advisory (Restricted Access)” so the KB article is published automatically to the RSA Link  https://community.rsa.com/community/rsa-customer-support/security-advisories space.  The URL for this KB article, once published on RSA Link under the  RSA Security Advisories (All Products) space (accessible to customers/partners/employees after login), will be available in field "CommunityArticleURL".

Jeff Shurtliff -- 11 Jan 2018
Moved the document  https://community.rsa.com/docs/DOC-85432 from RSA BSAFE Staging over to the  RSA Security Advisories (All Products) space prior to approving.

Product Details

RSA Product Set: BSAFE Micro Edition Suite (MES)
RSA Product/Service Type: Extended Random TLS Extension
RSA Version/Condition: 3.2.x.x to 4.0.3

Summary

Some versions of RSA BSAFE Micro Edition Suite have interoperability issues caused by the use of Extended Random TLS extension


Approval Reviewer Queue

RSA Enterprise Data Protection Approval Queue