Le 05/11/2018 17:07, Stuart Henderson a écrit :
On 2018/11/05 17:02, Joel Carnat wrote:
Le 05/11/2018 16:38, Stuart Henderson a écrit :
> On 2018-11-05, Joel Carnat <j...@carnat.net> wrote:
> > Le 05/11/2018 13:48, Stuart Henderson a écrit :
> > > On 2018-11-05, Joel Carnat <j...@carnat.net> wrote:
> > > > Hi,
> > > >
> > > > I'm using ldap(1) to query a remote Synology Directory Server
> > > > (OpenLDAP
> > > > 2.4.x).
> > > > Unfortunately, it fails saying:
> > > > TLS failed: handshake failed: error:14004410:SSL
> > > > routines:CONNECT_CR_SRVR_HELLO:sslv3 alert handshake failure
> > > > ldap: LDAP connection failed
> > > >
> > > > When I use the OpenLDAP ldapsearch, same arguments, I succeeds.
> > > >
> > > > Using openssl s_client, I could confirm that the OpenLDAP server
> > > > accept
> > > > TLS:
> > > > New, TLSv1/SSLv3, Cipher is AES256-GCM-SHA384
> > > > Server public key is 2048 bit
> > > > Secure Renegotiation IS supported
> > > > Compression: NONE
> > > > Expansion: NONE
> > > > No ALPN negotiated
> > > > SSL-Session:
> > > > Protocol : TLSv1.2
> > > > (...)
> > >
> > > If this were a cert problem you'd get a message like this from
> > > ldap(1)
> > >
> > > TLS failed: certificate verification failed: unable to get local
> > > issuer certificate
> > > ldap: LDAP connection failed
> > >
> > > or
> > >
> > > TLS failed: name `XX' not present in server certificate
> > >
> > > So it's not that.
> > >
> > > ldap(1) uses libtls which defaults to only allowing secure ciphers,
> > > specifically TLSv1.2+AEAD+ECDHE:TLSv1.2+AEAD+DHE.
> > >
> > > ldap(1) doesn't provide a way to weaken that, though you could add
> > > a call to tls_config_set_ciphers(tls_config, "compat") in
> > > ldapc_connect()
> > > to test if it would work.
> > >
> > > Or an s_client command that would force these ciphers:
> > >
> > > openssl s_client -cipher TLSv1.2+AEAD+ECDHE:TLSv1.2+AEAD+DHE -CAfile
> > > /etc/ssl/cert.pem -connect $hostname:636
> > >
> > > If not, perhaps the Synology box is using old OpenSSL without support
> > > for these ciphers, or perhaps the cipher config is forcing only old
> > > ciphers. FWIW this is what I am currently using on OpenBSD slapd:
> > >
> > > olcTLSCipherSuite: TLSv1.2+AEAD+ECDHE:TLSv1.2+AEAD+DHE
> >
> > olcTLSCipherSuite is, by default, empty.
> > I could change it to
> > "HIGH:+SSLv3:+TLSv1:MEDIUM:+SSLv2:@STRENGTH:+SHA:+MD5:!NULL" which
> > doesn't solve the problem.
> > When I try to set it as yours, it says:
> > dn: cn=config
> > changetype: modify
> > replace: olcTLSCipherSuite
> > olcTLSCipherSuite: TLSv1.2+AEAD+ECDHE:TLSv1.2+AEAD+DHE
> >
> > modifying entry "cn=config"
> > ldap_modify: Other (e.g., implementation specific) error (80)
> >
> > From OpenBSD, the openssl commands returns:
> > CONNECTED(00000003)
> > 13559346237984:error:14004410:SSL routines:CONNECT_CR_SRVR_HELLO:sslv3
> > alert handshake failure:/usr/src/lib/libssl/ssl_pkt.c:1200:SSL alert
> > number 40
> > 13559346237984:error:140040E5:SSL routines:CONNECT_CR_SRVR_HELLO:ssl
> > handshake failure:/usr/src/lib/libssl/ssl_pkt.c:585:
> > ---
> > no peer certificate available
> > ---
> > No client certificate CA names sent
> > ---
> > SSL handshake has read 7 bytes and written 0 bytes
> > ---
> > New, (NONE), Cipher is (NONE)
> > Secure Renegotiation IS NOT supported
> > Compression: NONE
> > Expansion: NONE
> > No ALPN negotiated
> > SSL-Session:
> > Protocol : TLSv1.2
> > Cipher : 0000
> > Session-ID:
> > Session-ID-ctx:
> > Master-Key:
> > Start Time: 1541425938
> > Timeout : 7200 (sec)
> > Verify return code: 0 (ok)
> > ---
> >
> > On the syno, I can see:
> > # openssl version
> > OpenSSL 1.0.2o-fips 27 Mar 2018
> > # openssl ciphers -v TLSv1.2+AEAD+ECDHE:TLSv1.2+AEAD+DHE
> > Error in cipher list
> > 139812538357392:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no
> > cipher match:ssl_lib.c:1383:
> >
> > Does this definitively indicates "ldap search" won't work with
> > OpenLDAP/OpenSSL shipped in Synology DSM ?
> >
> >
>
> Oh, I see this cipher list syntax wasn't available in 1.0.x,
> to check you'll need to expand it (on libressl or openssl 1.1) and
> pass the whole string in. e.g. try this
>
> openssl ciphers
>
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256
>
> and see which if any are available with their 1.0.2o-fips build.
>
> If there's no common cipher then "ldap search" can't work with
> TLS without patching.
This gives:
# openssl ciphers
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256
So there should be common ciphers then... I'd probably either bump up
logging on the Synology if that's possible (can you manually run
slapd in the foreground with debug flags?) or point wireshark at a
pcap of the exchange and see if that gives further clues ...
I could run tcmpdump on the Syno and generate the pcap file while doing
lookups.
The working ldapsearch goes:
Client Hello
Cipher Suites (46 suites)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009f)
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006b)
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9)
Cipher Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8)
Cipher Suite: TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xccaa)
Cipher Suite: Unknown (0xff85)
Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 (0x00c4)
Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0088)
Cipher Suite: TLS_GOSTR341001_WITH_28147_CNT_IMIT (0x0081)
Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
Cipher Suite: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 (0x00c0)
Cipher Suite: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0084)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 (0x00be)
Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0045)
Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
Cipher Suite: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 (0x00ba)
Cipher Suite: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0041)
Cipher Suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA (0xc007)
Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005)
Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004)
Cipher Suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008)
Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
Server Hello
Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)
I could find a list of acceptable ciphers from the server.
But reading docs about SSL HandShake, I'm not sure OpenLDAP slapd would
ever announce its compatible ciphers...
The failing ldap(1) attempts goes:
Client Hello
Cipher Suites (10 suites)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9)
Cipher Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009f)
Cipher Suite: TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xccaa)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e)
Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
No Server Hello but
Secure Sockets Layer
TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Handshake
Failure)
Content Type: Alert (21)
Version: TLS 1.2 (0x0303)
Length: 2
Alert Message
Level: Fatal (2)
Description: Handshake Failure (40)
Looks like I'll have to wait until Synology upgrades OpenSSL.
I don't fancy modifying ldap(1) to lower security. I'll just use it to
search on local slapd.
Thanks.
