Required TLS Extensions

TL;DR

Yes, servers can require clients to send specific TLS extensions during the handshake process. This is done using the require keyword in the ServerHello message. Common examples include server name indication (SNI) and application-layer protocol negotiation (ALPN). If a client doesn’t support or offer the required extension, the handshake will fail.

How Servers Require TLS Extensions

1. Understanding TLS Handshake Basics: The TLS handshake is how a secure connection is established. It starts with the ClientHello (from the client) and continues with the ServerHello (from the server). The ServerHello advertises what the server supports, including extensions.
2. ServerHello Extensions: The ServerHello message contains an extension list. This list details which TLS extensions the server supports *and* whether they are optional or required.
3. The ‘require’ Keyword: To make an extension mandatory, the server sets a flag in the extension data indicating it’s ‘required’. Clients must then include this extension in their subsequent handshake messages.
4. Checking for Required Extensions (using OpenSSL s_client): You can use OpenSSL to simulate a client and see if extensions are being requested. For example:

   openssl s_client -connect yourdomain.com:443

   Examine the output for lines mentioning ‘extension type’ and whether it’s marked as required.

5. Common Required Extensions:
   • Server Name Indication (SNI): Almost universally required on modern servers hosting multiple domains. Allows the server to present the correct certificate based on the hostname requested by the client.
   • Application-Layer Protocol Negotiation (ALPN): Used for HTTP/2 and other protocols, enabling the client and server to agree on the best protocol version.
   • Session Ticket Extension: Allows servers to resume sessions without full handshakes. While not always *required*, it’s often preferred.

Practical Steps for Identifying Required Extensions

1. Use a Browser Developer Tool: Most modern browsers show TLS extension information in their developer tools (usually under the ‘Security’ or ‘Connection’ tab). Look for extensions marked as ‘required’.
2. Wireshark Analysis: Capture the TLS handshake with Wireshark. Filter for SSL/TLS traffic and inspect the ServerHello message to see which extensions are advertised and if they have the ‘require’ flag set.
3. Test with Different Clients: Try connecting to the server using different clients (e.g., OpenSSL s_client, curl, various browsers) to see how they handle required extensions. A client that doesn’t support a required extension will typically show an error during the handshake.

Example: SNI Requirement

If a server requires SNI, and you try connecting without providing a hostname (or with an incorrect one), the handshake will fail. The client needs to include the server_name extension in its ClientHello.

Troubleshooting Handshake Failures

• Client Compatibility: Ensure your client software is up-to-date and supports the required extensions.
• Configuration Issues: Check your server’s TLS configuration to confirm which extensions are enabled and set as mandatory.
• Firewall/Proxy Interference: Sometimes, firewalls or proxies can interfere with the TLS handshake. Ensure they aren’t blocking or modifying the extension data.