On 07/12/2004 10:51 AM, Nelson B wrote:
Finder wrote:
I'd seen the references in ssl3con.c but wasn't sure why they were
being called. Your analysis at least made me think of the workaround;
I disabled all the DHE_* ciphers from the SSL server, and now
TBird/PSM works. So I at least have a workaround.
I would like to help with the ssltap idea, but would need some help
with that. At least with ethereal, I was seeing the client hello
going out, server hello coming back, and then nothing (TBird would
then give the error). I think it's because the server was saying that
some DHE ciphers were okay to use; and TBird/PSM was trying to see if
it could comply, but was unable to generate any DH keypairs. It has
no key material to work with nor any DH parameters for the keypairs.
In SSL, the client hello includes a list of cipher suites that are
supported/allowed by the client. The server picks one, which must be
one that the server also supports and for which the server has been
properly configured, and then sends back to the client the server hello,
saying "I picked this one". The client must then use the ciphersuite
chosen by the server.
For a DHE ciphersuite, the server must send an additional message
to the client, immediately after the server certificate. That
"server key exchange" message contains the DH params.
I'm guessing that the server negotiated a DHE ciphersuite but then either
a) didn't send any server key exchange message, or
b) sent a server key exchange message with invalid params.
The problem is that Thunderbird 0.7.3 fails to generate an ephemeal DH
key larger than 1024 bits with error SEC_ERROR_KEYGEN_FAIL (-8092)
returned by NSS module.
Since 1024 DH is relatively weaker than 128 AES or 3DES, there is little
benefit in supporting the small subset of DHE in default configuration
of Thunderbird, because this partial support breaks interoperability
with resonably configured SSL servers.
Here is how to reproduce this issue with openssl-0.9.7a-35.
# On the same host where you run Thunderbird, do the following:
openssl dhparam -out dhparam-2048 2048
# this will take 5 mins on Pentium 3Ghz
# create file server.pem with proper content
# run the following:
openssl s_server -debug -accept 1993 -cipher EDH-RSA-DES-CBC3-SHA
# Change IMAP server settings to the localhost:1993, secure IMAP.
# Click on any IMAP folder, such as Inbox.
# The Thunderbird will display certificate warnings and hang.
# openssl will wait after displaying ACCEPT line.
# This is a normal behaviour
# now exit the openssl and run it again with the following addition:
openssl s_server -debug -accept 1993 \
-cipher EDH-RSA-DES-CBC3-SHA -dhparam dhparam-2048
# Click on the IMAP folder in Thunderbird again.
# This time the Thunderbird will display error -8092
The problem exists in Win32 and Linux build of Thunderbird.
I also verified this with another SSL server.
As mentioned before, the following workaround should be used. Disable
all "*dhe_*" proposals in security-prefs.js when you see error -8092:
pref("security.ssl3.dhe_rsa_aes_256_sha", false);
pref("security.ssl3.dhe_dss_aes_256_sha", false);
pref("security.ssl3.dhe_rsa_aes_128_sha", false);
pref("security.ssl3.dhe_dss_aes_128_sha", false);
pref("security.ssl3.dhe_rsa_des_ede3_sha", false);
pref("security.ssl3.dhe_dss_des_ede3_sha", false);
pref("security.ssl3.dhe_rsa_des_sha", false);
pref("security.ssl3.dhe_dss_des_sha", false);
_______________________________________________
mozilla-crypto mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-crypto
