Bug#680137: [Pkg-openssl-devel] Bug#680137: libssl1.0.0: handshake failure (wrong cipher) since 1.0.1 (1.0.0h works)
On 08/10/2013 19:13, Kurt Roeckx wrote: > > Yes, disabling TLS 1.2 seems to fix your issue, but I really have > no idea why. I also don't think this is a good idea. > > You say that the other side is using OpenSSL 1.0.1, but it looks > like a really weird version to me. It doesn't seem to support > TLS 1.2 but does 1.1 while there never was a version released > that only didn't do 1.2 but did 1.1. > > It seems to be a snapshot from cvs/git since it says "1.0.1-stable > 05 Jun 2011" and doesn't actually have any real version in it. > Looking at the release history and git repository, it seems to be > in the middle of a development cycle. Please note that 1.0.1 was > released on 19 Apr 2012. > > So I suggest you upgrade it to a released version like 1.0.1e or > the current 1.0.1-stable version. The server admin fixed the issue by importing this commit in the 1.0.1c NetBSD version : http://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff;f=ssl/s3_pkt.c;h=dca345865a10a5fae10741e009676731181fc60d;hp=2d569cc1cedc5aa2bb0d0e7f876a22468e77950e;hb=c3b130338760a7e52656fd217d1d4c846e85cdff;hpb=5762f7778da56b9502534fd236007b9a1b0244d9 I think the issue is in the client as well, but fixing it on the server side is enough for it to work. Cheers, -- Clement Hermann (nodens) - "L'air pur ? c'est pas en RL, ça ? c'est pas hors charte ?" Jean in L'Histoire des Pingouins, http://tnemeth.free.fr/fmbl/linuxsf/ Vous trouverez ma clef publique sur le serveur public pgp.mit.edu. Please find my public key on the public keyserver pgp.mit.edu. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#680137: [Pkg-openssl-devel] Bug#680137: libssl1.0.0: handshake failure (wrong cipher) since 1.0.1 (1.0.0h works)
On Tue, Oct 08, 2013 at 11:54:07AM +0200, Clement Hermann (nodens) wrote: > Hello Kurt, > > Is there any news on this issue ? I have reports of the same problem > from other debian users, and only debian users. > > After upgrade of the remote (netbsd) box, the problem still occurs. > The issue is also still present in current sid version. > > We need to apply the ubuntu patch to connect (attached), wich seem to > disable TLS_1.2 client altogether. I think this is enough, the second > part of the patch may not be needed. Yes, disabling TLS 1.2 seems to fix your issue, but I really have no idea why. I also don't think this is a good idea. You say that the other side is using OpenSSL 1.0.1, but it looks like a really weird version to me. It doesn't seem to support TLS 1.2 but does 1.1 while there never was a version released that only didn't do 1.2 but did 1.1. It seems to be a snapshot from cvs/git since it says "1.0.1-stable 05 Jun 2011" and doesn't actually have any real version in it. Looking at the release history and git repository, it seems to be in the middle of a development cycle. Please note that 1.0.1 was released on 19 Apr 2012. So I suggest you upgrade it to a released version like 1.0.1e or the current 1.0.1-stable version. Kurt -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#680137: [Pkg-openssl-devel] Bug#680137: libssl1.0.0: handshake failure (wrong cipher) since 1.0.1 (1.0.0h works)
Hello Kurt, Is there any news on this issue ? I have reports of the same problem from other debian users, and only debian users. After upgrade of the remote (netbsd) box, the problem still occurs. The issue is also still present in current sid version. We need to apply the ubuntu patch to connect (attached), wich seem to disable TLS_1.2 client altogether. I think this is enough, the second part of the patch may not be needed. Is there any way I can help fix this ? Cheers, -- Clement Hermann (nodens) - "L'air pur ? c'est pas en RL, ça ? c'est pas hors charte ?" Jean in L'Histoire des Pingouins, http://tnemeth.free.fr/fmbl/linuxsf/ Vous trouverez ma clef publique sur le serveur public pgp.mit.edu. Please find my public key on the public keyserver pgp.mit.edu. Description: Work around TLS 1.2 failures for some broken servers that "hang" if a client hello record length exceeds 255 bytes. . 1. Set OPENSSL_MAX_TLS1_2_CIPHER_LENGTH=50. This will truncate the number of ciphers sent in the client hello. 2. Set OPENSSL_NO_TLS1_2_CLIENT to disable TLS 1.2 client support entirely. Also, check TLS_get_client_version() rather than TLS1_get_versions() to avoid improper truncation of client hello cipher lists. This change has been forwarded upstream in rt #2881. Bug-Ubuntu: https://bugs.launchpad.net/bugs/965371 Bug-Debian: http://bugs.debian.org/665452 Bug: http://rt.openssl.org/Ticket/Display.html?id=2771 Bug: http://rt.openssl.org/Ticket/Display.html?id=2881 Forwarded: not-needed Last-Update: 2012-10-04 Index: openssl-1.0.1c/Configure === --- openssl-1.0.1c.orig/Configure 2012-10-03 23:59:05.235548667 -0700 +++ openssl-1.0.1c/Configure 2012-10-04 10:34:23.076454592 -0700 @@ -106,7 +106,7 @@ my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED"; # There are no separate CFLAGS/CPPFLAGS/LDFLAGS, set everything in CFLAGS -my $debian_cflags = `dpkg-buildflags --get CFLAGS` . `dpkg-buildflags --get CPPFLAGS` . `dpkg-buildflags --get LDFLAGS` . "-Wa,--noexecstack -Wall"; +my $debian_cflags = `dpkg-buildflags --get CFLAGS` . `dpkg-buildflags --get CPPFLAGS` . `dpkg-buildflags --get LDFLAGS` . "-Wa,--noexecstack -Wall -DOPENSSL_NO_TLS1_2_CLIENT -DOPENSSL_MAX_TLS1_2_CIPHER_LENGTH=50"; $debian_cflags =~ s/\n/ /g; my $strict_warnings = 0; Index: openssl-1.0.1c/ssl/s23_clnt.c === --- openssl-1.0.1c.orig/ssl/s23_clnt.c 2012-10-03 23:46:22.967530550 -0700 +++ openssl-1.0.1c/ssl/s23_clnt.c 2012-10-04 10:33:13.820452946 -0700 @@ -491,7 +491,7 @@ * as hack workaround chop number of supported ciphers * to keep it well below this if we use TLS v1.2 */ - if (TLS1_get_version(s) >= TLS1_2_VERSION + if (TLS1_get_client_version(s) >= TLS1_2_VERSION && i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH) i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1; #endif
Bug#680137: [Pkg-openssl-devel] Bug#680137: libssl1.0.0: handshake failure (wrong cipher) since 1.0.1 (1.0.0h works)
Le 04/07/2012 04:47, Kurt Roeckx a écrit : On Wed, Jul 04, 2012 at 12:34:54AM +0200, Clement Hermann (nodens) wrote: Le 04/07/2012 00:21, Kurt Roeckx a écrit : The server is running on netbsd 6. I asked the admin, and openssl version returns : OpenSSL 1.0.1-stable 05 Jun 2011 a ldd on ircd returns -lssl.9 => /usr/lib/libssl.so.9 though. Can you try: strings /usr/lib/libssl.so.9 |grep OpenSSL Here : OpenSSLDie DTLSv1 part of OpenSSL 1.0.1-stable 05 Jun 2011 OpenSSL 1.0.1-stable 05 Jun 2011 TLSv1 part of OpenSSL 1.0.1-stable 05 Jun 2011 SSLv3 part of OpenSSL 1.0.1-stable 05 Jun 2011 SSLv2 part of OpenSSL 1.0.1-stable 05 Jun 2011 So it fails to talk to itself? That makes little sense to me. Kurt I don't have the issue with 1.0.1 from ubuntu, only from Debian sid with SSLv3 (works with TLS1.1, tested on different boxes), so it looks like a Debian-specific issue. -- Clément -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#680137: [Pkg-openssl-devel] Bug#680137: libssl1.0.0: handshake failure (wrong cipher) since 1.0.1 (1.0.0h works)
On Wed, Jul 04, 2012 at 12:34:54AM +0200, Clement Hermann (nodens) wrote: > Le 04/07/2012 00:21, Kurt Roeckx a écrit : > >>The server is running on netbsd 6. I asked the admin, and openssl > >>version returns : > >>OpenSSL 1.0.1-stable 05 Jun 2011 > >> > >>a ldd on ircd returns -lssl.9 => /usr/lib/libssl.so.9 though. > >Can you try: > >strings /usr/lib/libssl.so.9 |grep OpenSSL > > > > Here : > > OpenSSLDie > DTLSv1 part of OpenSSL 1.0.1-stable 05 Jun 2011 > OpenSSL 1.0.1-stable 05 Jun 2011 > TLSv1 part of OpenSSL 1.0.1-stable 05 Jun 2011 > SSLv3 part of OpenSSL 1.0.1-stable 05 Jun 2011 > SSLv2 part of OpenSSL 1.0.1-stable 05 Jun 2011 So it fails to talk to itself? That makes little sense to me. Kurt -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#680137: [Pkg-openssl-devel] Bug#680137: libssl1.0.0: handshake failure (wrong cipher) since 1.0.1 (1.0.0h works)
Le 04/07/2012 00:21, Kurt Roeckx a écrit : The server is running on netbsd 6. I asked the admin, and openssl version returns : OpenSSL 1.0.1-stable 05 Jun 2011 a ldd on ircd returns -lssl.9 => /usr/lib/libssl.so.9 though. Can you try: strings /usr/lib/libssl.so.9 |grep OpenSSL Here : OpenSSLDie DTLSv1 part of OpenSSL 1.0.1-stable 05 Jun 2011 OpenSSL 1.0.1-stable 05 Jun 2011 TLSv1 part of OpenSSL 1.0.1-stable 05 Jun 2011 SSLv3 part of OpenSSL 1.0.1-stable 05 Jun 2011 SSLv2 part of OpenSSL 1.0.1-stable 05 Jun 2011 -- Clement Hermann (nodens) - "L'air pur ? c'est pas en RL, ça ? c'est pas hors charte ?" Jean in L'Histoire des Pingouins, http://tnemeth.free.fr/fmbl/linuxsf/ Vous trouverez ma clef publique sur le serveur public pgp.mit.edu. Please find my public key on the public keyserver pgp.mit.edu. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#680137: [Pkg-openssl-devel] Bug#680137: libssl1.0.0: handshake failure (wrong cipher) since 1.0.1 (1.0.0h works)
Le 04/07/2012 00:14, Clement Hermann (nodens) a écrit : The server is running on netbsd 6. I asked the admin, and openssl version returns : OpenSSL 1.0.1-stable 05 Jun 2011 a ldd on ircd returns -lssl.9 => /usr/lib/libssl.so.9 though. I made a few more tests, and it seems to sometimes work with openssl s_client -tls1_1. But when it works, I need to stop trying for 10s or so, or it will never work again. The same thing happens with -cipher AES256 (but it could be some kind of entropy issue on the server). However, it never works without specifying either the protocol or the cipher. I let irssi try for 2 days before trying to downgrade libssl (several minutes between tries). Hope that helps, -- Clement Hermann (nodens) - "L'air pur ? c'est pas en RL, ça ? c'est pas hors charte ?" Jean in L'Histoire des Pingouins, http://tnemeth.free.fr/fmbl/linuxsf/ Vous trouverez ma clef publique sur le serveur public pgp.mit.edu. Please find my public key on the public keyserver pgp.mit.edu. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#680137: [Pkg-openssl-devel] Bug#680137: libssl1.0.0: handshake failure (wrong cipher) since 1.0.1 (1.0.0h works)
On Wed, Jul 04, 2012 at 12:14:18AM +0200, Clement Hermann (nodens) wrote: > Le 03/07/2012 23:54, Kurt Roeckx a écrit : > >On Tue, Jul 03, 2012 at 11:29:26PM +0200, Clement Hermann (nodens) wrote: > >>Package: libssl1.0.0 > >>Version: 1.0.1c-3 > >>Severity: normal > >> > >>Hi, > >> > >>I've been having trouble connecting to a SSL-enabled ircd > >>(ircd-hybrid-7.2.3nb3 > >>IRC server with many options, on netbsd 6.0_beta2). I use irssi, but did > >>all my > >>tests with openssl s_client to be sure. > >> > >>The connexion works with libssl1.0.0h, but every later version fails with > >>the > >>error "wrong cipher". What's funny is that if I force the cipher that would > >>have been chosen with 1.0.0h when using 1.0.1, I can connect. > >> > >>Also, FWIW, it is working on ubuntu 12.4 (openssl 1.0.1). > >Do you know what ssl implementation and version is running on the > >other side? Is there some firewall or ssl accelerator in between > >or something? > > > >I'm not sure what hybrid supports for ssl libraries, and the > >Debian package doesn't seem to be build with ssl enabled. > > > The server is running on netbsd 6. I asked the admin, and openssl > version returns : > OpenSSL 1.0.1-stable 05 Jun 2011 > > a ldd on ircd returns -lssl.9 => /usr/lib/libssl.so.9 though. Can you try: strings /usr/lib/libssl.so.9 |grep OpenSSL Kurt -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#680137: [Pkg-openssl-devel] Bug#680137: libssl1.0.0: handshake failure (wrong cipher) since 1.0.1 (1.0.0h works)
Le 03/07/2012 23:54, Kurt Roeckx a écrit : On Tue, Jul 03, 2012 at 11:29:26PM +0200, Clement Hermann (nodens) wrote: Package: libssl1.0.0 Version: 1.0.1c-3 Severity: normal Hi, I've been having trouble connecting to a SSL-enabled ircd (ircd-hybrid-7.2.3nb3 IRC server with many options, on netbsd 6.0_beta2). I use irssi, but did all my tests with openssl s_client to be sure. The connexion works with libssl1.0.0h, but every later version fails with the error "wrong cipher". What's funny is that if I force the cipher that would have been chosen with 1.0.0h when using 1.0.1, I can connect. Also, FWIW, it is working on ubuntu 12.4 (openssl 1.0.1). Do you know what ssl implementation and version is running on the other side? Is there some firewall or ssl accelerator in between or something? I'm not sure what hybrid supports for ssl libraries, and the Debian package doesn't seem to be build with ssl enabled. The server is running on netbsd 6. I asked the admin, and openssl version returns : OpenSSL 1.0.1-stable 05 Jun 2011 a ldd on ircd returns -lssl.9 => /usr/lib/libssl.so.9 though. -- Clement Hermann (nodens) - "L'air pur ? c'est pas en RL, ça ? c'est pas hors charte ?" Jean in L'Histoire des Pingouins, http://tnemeth.free.fr/fmbl/linuxsf/ Vous trouverez ma clef publique sur le serveur public pgp.mit.edu. Please find my public key on the public keyserver pgp.mit.edu. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#680137: [Pkg-openssl-devel] Bug#680137: libssl1.0.0: handshake failure (wrong cipher) since 1.0.1 (1.0.0h works)
On Tue, Jul 03, 2012 at 11:29:26PM +0200, Clement Hermann (nodens) wrote: > Package: libssl1.0.0 > Version: 1.0.1c-3 > Severity: normal > > Hi, > > I've been having trouble connecting to a SSL-enabled ircd > (ircd-hybrid-7.2.3nb3 > IRC server with many options, on netbsd 6.0_beta2). I use irssi, but did all > my > tests with openssl s_client to be sure. > > The connexion works with libssl1.0.0h, but every later version fails with the > error "wrong cipher". What's funny is that if I force the cipher that would > have been chosen with 1.0.0h when using 1.0.1, I can connect. > > Also, FWIW, it is working on ubuntu 12.4 (openssl 1.0.1). Do you know what ssl implementation and version is running on the other side? Is there some firewall or ssl accelerator in between or something? I'm not sure what hybrid supports for ssl libraries, and the Debian package doesn't seem to be build with ssl enabled. Kurt -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#680137: libssl1.0.0: handshake failure (wrong cipher) since 1.0.1 (1.0.0h works)
Package: libssl1.0.0 Version: 1.0.1c-3 Severity: normal Hi, I've been having trouble connecting to a SSL-enabled ircd (ircd-hybrid-7.2.3nb3 IRC server with many options, on netbsd 6.0_beta2). I use irssi, but did all my tests with openssl s_client to be sure. The connexion works with libssl1.0.0h, but every later version fails with the error "wrong cipher". What's funny is that if I force the cipher that would have been chosen with 1.0.0h when using 1.0.1, I can connect. Also, FWIW, it is working on ubuntu 12.4 (openssl 1.0.1). Here are some logs. They are anonymized, as this is a private IRC server. ** *** working : 1.0.0h (from snapshot.debian.org) ** ** openssl s_client -connect irc.example.net:994 CONNECTED(0003) depth=0 C = DE, ST = Example State, L = Example City, O = Example, OU = Administration, CN = irc.example.net, emailAddress = r...@example.net verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 C = DE, ST = Example State, L = Example City, O = Example, OU = Administration, CN = irc.example.net, emailAddress = r...@example.net verify error:num=27:certificate not trusted verify return:1 depth=0 C = DE, ST = Example State, L = Example City, O = Example, OU = Administration, CN = irc.example.net, emailAddress = r...@example.net verify error:num=21:unable to verify the first certificate verify return:1 --- Certificate chain 0 s:/C=DE/ST=Example State/L=Example City/O=Example/OU=Administration/CN=irc.example.net/emailAddress=r...@example.net i:/C=DE/ST=Example State/L=Example City/O=Example/OU=Administration/CN=Example Root CA/emailAddress=r...@example.net --- Server certificate -BEGIN CERTIFICATE- -END CERTIFICATE- subject=/C=DE/ST=Example State/L=Example City/O=Example/OU=Administration/CN=irc.example.net/emailAddress=r...@example.net issuer=/C=DE/ST=Example State/L=Example City/O=Example/OU=Administration/CN=Example Root CA/emailAddress=r...@example.net --- No client certificate CA names sent --- SSL handshake has read 1205 bytes and written 351 bytes --- New, TLSv1/SSLv3, Cipher is AES256-SHA Server public key is 1024 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : SSLv3 Cipher: AES256-SHA Session-ID: EA1227FD3AF94737B103C92D43B0B2C6E290374FECEAC0A8B268C9CD7EBFC22E Session-ID-ctx: Master-Key: BB7067003E1899F894A3979EBE0704F9F82F240E560339BE136CFF3DCDC204FCFA716D34B4B2996C4E9A63AE623BEB67 Key-Arg : None PSK identity: None PSK identity hint: None Start Time: 1341348684 Timeout : 7200 (sec) Verify return code: 21 (unable to verify the first certificate) --- :irc.example.net NOTICE AUTH :*** Looking up your hostname... :irc.example.net NOTICE AUTH :*** Checking Ident :irc.example.net NOTICE AUTH :*** Found your hostname :irc.example.net NOTICE AUTH :*** No Ident response ** *** NOT working : starting with 1.0.1 (debian) *** ** ~$ openssl s_client -connect irc.example.net:994 CONNECTED(0003) 140721299515048:error:14092105:SSL routines:SSL3_GET_SERVER_HELLO:wrong cipher returned:s3_clnt.c:952: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 58 bytes and written 7 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1.1 Cipher: Session-ID: Session-ID-ctx: Master-Key: Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1341349387 Timeout : 300 (sec) Verify return code: 0 (ok) --- ** *** working : 1.0.1c-3 whith cipher forced ** ** ~$ openssl s_client -cipher AES256-SHA -connect irc.example.net:994CONNECTED(0003) depth=0 C = DE, ST = Example State, L = Example City, O = Example, OU = Administration, CN = irc.example.net, emailAddress = r...@example.net verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 C = DE, ST = Example State, L = Example City, O = Example, OU = Administration, CN = irc.example.net, emailAddress = r...@example.net verify error:num=27:certificate not trusted verify return:1 depth=0 C = DE, ST = Example State, L = Example City, O = Example, OU = Administration, CN = irc.example.net, emailAddress = r...@example.net verify error:num=21:unable to verify the first certificate verify return:1 -