I would like to follow up on the path that Robin provided to fix bug associated with DTLS issue when using ECC keypair.
In summary, I was able to apply the patch into openssl-1.0.0e. I verified that the patch fixed the issued associated with bad encryption error. I verified the dtls1 connection (s_client and s_server) with and without -Verify at the server. The server, issuing CA, and root CA use prime256v1 curve. The cert signature is ecdsa-with-sha256. Thanks to Robin. Erwin On Fri, Oct 21, 2011 at 10:30 AM, Robin Seggelmann < seggelm...@fh-muenster.de> wrote: > Hi Erwin, > > The patch is for the current release 1.0.0e but should work with 1.0.0d as > well. However, I recommend using 1.0.0e anyway because several bugs have > been fixed in this version, as you might have seen on our website. > > Robin > > > On 21.10.2011, at 17:27, Erwin Himawan wrote: > > > Robin, > > > > Thanks for looking into this. Is this patch applicable to openssl-1.0.0d, > or is it for another release? > > > > I will definitely let you know whether the patch solve the issue. > > > > Erwin > > > > On Fri, Oct 21, 2011 at 2:44 AM, Robin Seggelmann < > seggelm...@fh-muenster.de> wrote: > > Hi Erwin, > > > > Thanks for the report. I found the bug and submitted a patch (#2628). You > can also download it from our website at > http://sctp.fh-muenster.de/dtls-patches.html and it would be very helpful > if you can confirm that the patch fixes your issue. > > > > Robin > > > > > > On Oct 12, 2011, at 11:33 PM, Erwin Himawan wrote: > > > > > Hi, > > > > > > Does anybody know whether openssl s_client and s_server support the use > of -dtls1 option while the server uses ECC key? > > > The issuing CA and root CA use ECC keypair. > > > > > > These are my openssl s_server and s_client options: > > > openssl s_server -accept 12000 -cert server.pem -certform pem -key > server_key.pem -keyform pem -CApath . -CAfile CAECCRoot.pem -dtls1 -cipher > ALL -debug -msg -state > > > openssl s_client -connect:10.8.122.106:12000 -CApath . -CAfile > CAECCRoot.pem -dtls1 -cipher ALL -debug -msg -state > > > > > > When I attempted to do this, the s_client gives error: > > > > > > SSL3 alert write:fatal:decrypt error > > > SSL_connect:error in SSLv3 read server key exchange B > > > 5551756:error:1408D07B:SSL routines:SSL3_GET_KEY_EXCHANGE:bad > signature:s3_clnt.c:1610 > > > > > > further down, I notice that the Verify return code: 0 (ok). > > > > > > I also use openssl verify to verify the server certificate using the > issuing CA and root CA. The result agrees with the result shown by the > s_client debug message. > > > > > > On the second note, I also try the s_server with RSA keypair, issued by > the same issuing CA; the server certificate has RSA public key with > signature algorithm is ecdsa-with-SHA256. > > > In this scenario, the s_client was able to establish tls connection > with the s-server. > > > > > > Does this mean that the openssl s_client and s_server does not support > ECC keypair? > > > > > > Any pointer or idea how further troubleshoot this? > > > > > > Thanks, > > > Erwin > > > > > > > > Viele Grüße > Robin > > > > > >
