Hello, On 26 June 2013 16:41, Viktor Dukhovni <openssl-us...@dukhovni.org> wrote: > On Wed, Jun 26, 2013 at 02:57:15PM +0200, Marios Makassikis wrote: > >> By enabling debug information in the program, I was able to obtain >> these error messages: >> >> pppd[2236]: EAP-TLS SSL error stack: >> pppd[2236]: error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP >> lib >> >> and >> >> err: 7 (certificate signature failure) > > Since you provide very little additional information, a wild guess: >
Sorry for that, I didn't know what additional information was expected. The error message is the one returned by SSL_CTX_set_verify(3), I couldn' t get additional information regarding this. > OpenSSL 1.0.1e support TLSv1.2, while 0.9.8 only TLSv1. > TLSv1 Record Layer: Handshake Protocol: Server Hello Content Type: Handshake (22) Version: TLS 1.0 (0x0301) ^ Same version for all exchanged messages. > With TLSv1.2 SHA-2 digests may have been negotiated, and if > your RSA key size is too small (e.g. 512-bit RSA keys, which > you should not use by the way, too easy to crack) the key may > be too small to encrypt a SHA-384 digest. > > If you capture the handshake and decode it with wireshark, you'll have > a lot more detail available. And do make sure your key sizes are all > reasonable. > Here's some detail on the CA and certs: CA: $ openssl x509 -text -noout -in cacert.pem Certificate: Data: Version: 3 (0x2) Serial Number: 15591382118858604766 (0xd85fb76e2ff1c0de) Signature Algorithm: sha1WithRSAEncryption Issuer: C=FR, ST= , O=testca, CN=ca Validity Not Before: Jun 21 13:46:43 2013 GMT Not After : Jun 20 13:46:43 2016 GMT Subject: C=FR, ST= , O=testca, CN=ca Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (1024 bit) Modulus: 00:ca:02:f4:ea:56:d0:8d:fb:dd:dd:ba:53:52:60: 38:c0:14:cd:d1:cc:26:2e:67:a3:6e:57:e2:f8:8e: 40:ac:9a:67:b3:8f:21:f7:10:d1:9b:1a:4b:7e:2f: 36:38:ee:40:fb:f1:2a:5f:9d:c0:0d:59:d0:91:43: 6d:9f:5e:7d:ff:99:f7:25:1b:de:c3:e1:df:e3:ca: 8a:7d:bb:66:70:8e:3a:bd:c0:0a:c0:4e:b6:d0:1e: 77:84:a5:3f:49:eb:22:ae:97:fd:53:34:aa:62:5e: 23:ad:ea:8c:4b:43:65:d7:7a:57:1c:d7:50:44:9d: 62:2b:7e:b1:ed:8c:20:3f:cb Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 68:02:2C:46:4B:5D:05:B6:F2:DA:9F:D5:11:2D:C0:07:F6:4A:84:1A X509v3 Authority Key Identifier: keyid:68:02:2C:46:4B:5D:05:B6:F2:DA:9F:D5:11:2D:C0:07:F6:4A:84:1A X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha1WithRSAEncryption 28:0b:de:9c:84:0b:3a:c9:1f:eb:80:8e:4c:92:c1:92:a0:ae: 2f:a6:dd:c8:0c:3b:d1:67:e5:fe:47:6f:93:72:85:67:d0:83: cc:e9:28:f9:02:25:1b:18:45:ca:2f:19:45:36:67:35:81:b1: 26:db:8f:4e:ba:b0:3a:14:03:7e:4a:be:aa:66:f5:35:79:aa: 0f:2a:dd:ef:c6:de:36:58:95:e3:74:86:c5:4b:b1:3b:b8:27: 93:ba:42:71:d9:7d:b7:68:d9:ef:41:a1:c7:84:28:b0:b6:ae: b9:fc:62:1f:67:8b:8d:8a:f3:3c:92:48:ce:db:81:67:0c:98: 29:76 Server cert: $ openssl x509 -text -noout -in server.pem Certificate: Data: Version: 3 (0x2) Serial Number: 15591382118858604776 (0xd85fb76e2ff1c0e8) Signature Algorithm: sha1WithRSAEncryption Issuer: C=FR, ST= , O=testca, CN=ca Validity Not Before: Jun 26 14:58:47 2013 GMT Not After : Jun 26 14:58:47 2014 GMT Subject: C=FR, ST= , O=Internet Widgits Pty Ltd, CN=server Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:c9:dd:7b:41:a3:af:2d:4c:83:4f:6e:ff:42:85: c4:2c:7a:6e:90:dc:09:52:b4:8e:20:4c:48:b5:21: 73:6d:00:e7:5b:1b:7f:0e:25:0a:ca:5f:42:45:39: 2b:e5:f7:1c:4e:f6:5e:f4:8a:e0:66:03:f7:83:02: d6:0f:40:09:2e:40:2e:60:49:f3:dd:05:df:06:0b: 67:88:89:98:24:3d:f5:01:07:3c:a3:aa:ae:e7:4e: 70:d0:88:36:19:14:da:b7:2e:b5:a1:4b:8b:fa:0c: 28:f2:70:8c:46:fc:59:ff:cb:1a:ec:c8:24:8d:e9: c2:21:08:fd:e0:e6:8e:e8:57:9d:49:c9:70:4a:20: 7d:c2:9f:91:2d:ba:b9:cf:4f:29:29:1c:48:f6:b3: f0:97:7b:5e:87:ec:dc:68:51:c9:f1:e9:c4:71:10: b2:cd:ea:8a:09:52:1d:51:06:9a:86:91:e3:fd:2f: c0:43:e4:e2:5b:b4:d3:27:f6:2a:66:60:1f:9b:d5: 53:06:0c:14:6c:cb:b0:79:c4:41:ae:80:0e:1c:5b: a4:7d:20:7f:0f:33:97:85:59:02:5a:18:8e:8c:be: 8a:fb:af:51:9f:52:28:a0:14:6e:c6:32:5a:44:14: 09:65:c0:1b:bb:ef:22:1a:16:90:62:4b:f4:0e:93: 79:3b Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: 22:DA:D1:B6:C2:EB:F1:05:1B:EF:BB:1D:BA:17:21:16:6E:BC:1B:F0 X509v3 Authority Key Identifier: keyid:68:02:2C:46:4B:5D:05:B6:F2:DA:9F:D5:11:2D:C0:07:F6:4A:84:1A Signature Algorithm: sha1WithRSAEncryption 39:80:6c:76:5d:61:36:a9:d3:73:ce:b6:fc:75:db:34:97:17: 4c:5a:f2:66:c9:d3:a2:59:c1:85:be:f7:20:1c:95:72:c1:fa: 9b:a8:2e:9e:af:37:f6:18:6b:85:d0:67:56:ae:b8:e7:91:23: a3:5e:1e:57:b8:4e:2b:0c:e9:b9:46:81:47:74:85:61:bb:9a: 68:78:40:b1:59:48:4a:d4:3a:0f:6b:a8:76:05:52:66:4d:3a: dd:fe:2b:c9:b4:ba:fc:21:bc:d3:f3:9d:ee:fe:38:ea:12:10: 3b:94:ad:14:7b:7c:c1:56:ea:0d:67:11:9c:c3:74:03:01:7d: b4:c1 The client cert was generated with the same settings: $ openssl x509 -text -noout -in newcert.pem Certificate: Data: Version: 3 (0x2) Serial Number: 15591382118858604777 (0xd85fb76e2ff1c0e9) Signature Algorithm: sha1WithRSAEncryption Issuer: C=FR, ST= , O=testca, CN=ca Validity Not Before: Jun 26 15:00:13 2013 GMT Not After : Jun 26 15:00:13 2014 GMT Subject: C=FR, ST= , O=Internet Widgits Pty Ltd, CN=client Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:d6:f7:5b:93:e6:87:5b:52:5e:d6:76:da:2b:df: 97:18:9c:c2:dc:eb:b4:fa:47:89:55:c7:5c:63:e1: 21:16:38:a4:44:1b:a0:8a:7a:d8:fd:0e:5f:ea:5d: e6:07:f1:28:60:e9:e5:d8:24:16:70:f9:2f:02:0e: 60:fe:3f:cd:bc:e6:3f:e5:8e:18:ec:e5:f2:46:a2: 36:6a:d7:97:a6:26:73:0a:8f:96:bd:6f:46:7b:ce: 16:ea:f9:71:16:5d:b1:ea:ec:a5:ae:3c:44:fb:8e: aa:bb:f0:68:75:74:0d:51:1c:73:8e:6b:dc:7d:4d: e0:a8:dd:ea:68:59:79:5b:ea:3e:a2:56:ad:56:d7: ad:d0:e9:f9:27:9f:9f:32:20:85:cd:50:88:20:03: 58:45:e1:3d:32:89:b0:24:47:99:5a:7d:05:a9:e9: ee:8f:b3:10:36:c5:d9:de:b5:7e:09:c8:78:0f:e8: e4:27:c6:f2:be:25:e6:9e:ed:cd:0b:c7:a4:31:f3: e2:48:8d:d1:2c:46:8f:fa:2d:c8:93:3c:d8:73:b6: 9e:a2:de:98:ba:21:6e:fe:f7:76:27:bc:e7:37:c8: f7:72:51:d9:0a:c9:07:f4:73:a5:3d:b7:bd:58:cf: 17:42:dc:f6:13:81:71:31:10:fe:a2:ea:2e:0c:cc: 02:23 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: 26:FA:54:1B:07:E1:2C:A5:5A:02:78:BD:9F:B4:D6:D1:C1:3D:44:74 X509v3 Authority Key Identifier: keyid:68:02:2C:46:4B:5D:05:B6:F2:DA:9F:D5:11:2D:C0:07:F6:4A:84:1A Signature Algorithm: sha1WithRSAEncryption 71:7c:05:17:a0:40:35:ce:86:26:1b:1e:55:5c:46:30:84:1a: f9:25:2a:fa:72:45:29:7d:50:b5:88:54:49:e0:8e:fb:9a:db: f5:52:c5:f3:0e:cb:f7:42:ec:a6:cd:da:d2:72:68:bc:07:3f: a9:9e:3a:4b:6e:f3:54:0e:6f:7d:14:7a:5b:e6:41:28:a2:a0: 9c:11:4c:59:b9:9d:7d:45:9e:2f:03:9a:4b:dc:73:bb:3a:75: c1:4c:c1:22:e4:c9:ae:50:b6:64:72:7a:68:2c:99:8b:2f:9a: 20:86:90:d6:38:00:7f:7b:b5:6b:af:33:25:ee:12:26:af:ff: 73:63 >From my understanding, the keys are 2048 bits for the server and client certificates, while the CA certificate key is 1024 bits. Are cipher suites the same as the digests you are referring to ? The ClientHello message contains these : Cipher Suites (51 suites) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a) Cipher Suite: TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA (0xc022) Cipher Suite: TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA (0xc021) Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039) Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038) Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0088) Cipher Suite: TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA (0x0087) Cipher Suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA (0xc00f) Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA (0xc005) Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035) Cipher Suite: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0084) Cipher Suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012) Cipher Suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008) Cipher Suite: TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA (0xc01c) Cipher Suite: TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA (0xc01b) Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016) Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013) Cipher Suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA (0xc00d) Cipher Suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc003) Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) Cipher Suite: TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA (0xc01f) Cipher Suite: TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA (0xc01e) Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033) Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032) Cipher Suite: TLS_DHE_RSA_WITH_SEED_CBC_SHA (0x009a) Cipher Suite: TLS_DHE_DSS_WITH_SEED_CBC_SHA (0x0099) Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0045) Cipher Suite: TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA (0x0044) Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e) Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004) Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f) Cipher Suite: TLS_RSA_WITH_SEED_CBC_SHA (0x0096) Cipher Suite: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0041) Cipher Suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011) Cipher Suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA (0xc007) Cipher Suite: TLS_ECDH_RSA_WITH_RC4_128_SHA (0xc00c) Cipher Suite: TLS_ECDH_ECDSA_WITH_RC4_128_SHA (0xc002) Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005) Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004) Cipher Suite: TLS_DHE_RSA_WITH_DES_CBC_SHA (0x0015) Cipher Suite: TLS_DHE_DSS_WITH_DES_CBC_SHA (0x0012) Cipher Suite: TLS_RSA_WITH_DES_CBC_SHA (0x0009) Cipher Suite: TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA (0x0014) Cipher Suite: TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA (0x0011) Cipher Suite: TLS_RSA_EXPORT_WITH_DES40_CBC_SHA (0x0008) Cipher Suite: TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (0x0006) Cipher Suite: TLS_RSA_EXPORT_WITH_RC4_40_MD5 (0x0003) Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff) In the case of a successful auth (i.e. with openssl0.9.8), the cipher suite list in the ClientHello message is much shorter: Cipher Suites (20 suites) Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039) Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038) Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035) Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016) Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013) Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a) Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033) Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032) Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f) Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005) Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004) Cipher Suite: TLS_DHE_RSA_WITH_DES_CBC_SHA (0x0015) Cipher Suite: TLS_DHE_DSS_WITH_DES_CBC_SHA (0x0012) Cipher Suite: TLS_RSA_WITH_DES_CBC_SHA (0x0009) Cipher Suite: TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA (0x0014) Cipher Suite: TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA (0x0011) Cipher Suite: TLS_RSA_EXPORT_WITH_DES40_CBC_SHA (0x0008) Cipher Suite: TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (0x0006) Cipher Suite: TLS_RSA_EXPORT_WITH_RC4_40_MD5 (0x0003) Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff) In both cases though, the server picks the same cipher suite: with 0.9.8: Secure Sockets Layer TLSv1 Record Layer: Handshake Protocol: Server Hello Content Type: Handshake (22) Version: TLS 1.0 (0x0301) Length: 53 Handshake Protocol: Server Hello Handshake Type: Server Hello (2) Length: 49 Version: TLS 1.0 (0x0301) Random gmt_unix_time: Jun 26, 2013 16:11:24.000000000 CEST random_bytes: 6ffa59101d19546b6ddb35b989bceab0d367b2bcc4e47187... Session ID Length: 0 Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035) with 1.0.1: Extensible Authentication Protocol Code: Request (1) Id: 151 Length: 1429 Type: EAP-TLS [RFC5216] [Aboba] (13) Flags(0x0): Secure Sockets Layer TLSv1 Record Layer: Handshake Protocol: Server Hello Content Type: Handshake (22) Version: TLS 1.0 (0x0301) Length: 58 Handshake Protocol: Server Hello Handshake Type: Server Hello (2) Length: 54 Version: TLS 1.0 (0x0301) Random gmt_unix_time: Jun 24, 2013 15:56:10.000000000 CEST random_bytes: 6c0e4985c6d7e3f6313d4ab96a4634c5ee3f42f63d02b665... Session ID Length: 0 Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035) Compression Method: DEFLATE (1) Extensions Length: 14 Extension: renegotiation_info Type: renegotiation_info (0xff01) Length: 1 Data (1 byte) Extension: SessionTicket TLS Type: SessionTicket TLS (0x0023) Length: 0 Data (0 bytes) Extension: Unknown 15 Type: Unknown (0x000f) Length: 1 Data (1 byte) Marios > -- > Viktor. > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org