rustls Panic Vulnerability in Server Acceptor Accept Method via Fragmented TLS ClientHello

A denial-of-service vulnerability has been identified in the rustls crate versions 0.23.13 prior to 0.23.18. When the rustls::server::Acceptor::accept method is used, a panic occurs if the TLS ClientHello message is fragmented. This issue arises during the TLS handshake process, specifically in servers that implement mutual TLS (mTLS) and use the rustls-ffi's rustls_acceptor_accept API.

Impact

Exploitation of this vulnerability causes a panic in the server, disrupting the TLS handshake process and potentially leading to a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by setting up a Rocket-based web server with mTLS configuration and using the rust reqwest library as a client. The server will crash during the TLS handshake process when it receives a fragmented ClientHello message, while the same request works fine with curl.

Remediation

Users can upgrade to rustls version 0.23.18 or later to address this vulnerability.