CVE-2023-40217: Bypass TLS handshake on closed sockets

[ambv]

Bug report

Originally reported by @aapooksman via the Python Security Response Team mailing list on 2023-08-08. Thanks for the responsible disclosure!

Checklist

• I am confident this is a bug in CPython, not a bug in a third-party project
• I have searched the CPython issue tracker,
  and am confident this bug has not been reported before

CPython versions tested on:

3.8, 3.9, 3.10, 3.11, 3.12, CPython main branch

Operating systems tested on:

Linux, macOS

A clear and concise description of the bug:

Instances of ssl.SSLSocket are vulnerable to a bypass of the TLS handshake and included protections (like certificate verification) and could lead applications to treat unencrypted data received pre-TLS-handshake that is followed by an immediate connection close as if it were post-handshake TLS encrypted data.

Linked PRs

• gh-108310: Fix CVE-2023-40217: Check for & avoid the ssl pre-close flaw #108315
• [3.12] gh-108310: Fix CVE-2023-40217: Check for & avoid the ssl pre-close flaw #108316
• [3.11] gh-108310: Fix CVE-2023-40217: Check for & avoid the ssl pre-close flaw #108317
• [3.10] gh-108310: Fix CVE-2023-40217: Check for & avoid the ssl pre-close flaw #108318
• [3.9] gh-108310: Fix CVE-2023-40217: Check for & avoid the ssl pre-close flaw #108320
• [3.8] gh-108310: Fix CVE-2023-40217: Check for & avoid the ssl pre-close flaw #108321
• [3.8] gh-108310: Fix TestPreHandshakeClose tests in test_ssl #110718