starting from nightly-2020-08-18 rustls can't connect to some websites · Issue #76803 · rust-lang/rust (original) (raw)

I tried this code:

use std::io::{self, stdout, Write}; use std:🥅:TcpStream; use std::sync::Arc;

use rustls::{ciphersuite, ClientConfig, ClientSession, Session, Stream}; use webpki::DNSNameRef; use webpki_roots::TLS_SERVER_ROOTS;

fn main() { env_logger::init();

let mut config = ClientConfig::with_ciphersuites(&[&ciphersuite::TLS13_AES_256_GCM_SHA384]);
config
    .root_store
    .add_server_trust_anchors(&TLS_SERVER_ROOTS);
// works with TLSv1_2 or with different ciphersuites
config.versions = vec![rustls::ProtocolVersion::TLSv1_3];
// this is what gets picked by default when using TLS 1.3
config.ciphersuites = vec![&rustls::ciphersuite::TLS13_AES_256_GCM_SHA384];

const DOMAIN: &str = "example.com";

let dns_name = DNSNameRef::try_from_ascii_str(DOMAIN).unwrap();
let mut sess = ClientSession::new(&Arc::new(config), dns_name);
let mut sock = TcpStream::connect((DOMAIN, 443)).unwrap();
let mut tls = Stream::new(&mut sess, &mut sock);
tls.write_all(
    [
        "GET / HTTP/1.1\r\n",
        "Host: ",
        DOMAIN,
        "\r\n",
        "Connection: close\r\n",
        "\r\n",
    ]
    .join("")
    .as_bytes(),
)
.unwrap(); // fails here
let ciphersuite = tls.sess.get_negotiated_ciphersuite().unwrap();
println!("Current ciphersuite: {:?}", ciphersuite.suite);

let mut out = stdout();
if let Err(err) = io::copy(&mut tls, &mut out) {
    eprintln!("err: {}", err)
}

}

With dependencies:

rustls = { version = "0.18.1", features = ["logging"] } webpki = "0.21.3" webpki-roots = "0.20.0" env_logger = "0.7.1"

I expected to see this happen: it establishes a TLS connection, sends the HTTP/1.1 request and prints the entire response

Instead, this happened: fails with Custom { kind: InvalidData, error: DecryptError }

I bisected this to nightly-2020-08-18. I couldn't reproduce this issue with other websites.

Meta

rustc --version --verbose:

rustc 1.48.0-nightly (9b4154193 2020-09-14)
binary: rustc
commit-hash: 9b4154193e8471f36b1a9e781f1ef7d492fc6a6c
commit-date: 2020-09-14
host: x86_64-unknown-linux-gnu
release: 1.48.0-nightly
LLVM version: 11.0

Backtrace when running with cargo run

thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: Custom { kind: InvalidData, error: DecryptError }', src/main.rs:39:6
stack backtrace:
   0: rust_begin_unwind
             at /rustc/9b4154193e8471f36b1a9e781f1ef7d492fc6a6c/library/std/src/panicking.rs:483
   1: core::panicking::panic_fmt
             at /rustc/9b4154193e8471f36b1a9e781f1ef7d492fc6a6c/library/core/src/panicking.rs:85
   2: core::option::expect_none_failed
             at /rustc/9b4154193e8471f36b1a9e781f1ef7d492fc6a6c/library/core/src/option.rs:1221
   3: core::result::Result<T,E>::unwrap
             at /home/paolo/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/result.rs:973
   4: proxy_bug::main
             at ./src/main.rs:27
   5: core::ops::function::FnOnce::call_once
             at /home/paolo/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/ops/function.rs:227
note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.