Re: DTLS server implementation experiences and documentation
On Sat, 2009-01-24 at 23:03 +0100, Georges Le grand wrote: > So it is alike SSL VPN with data encapsulated into HTTP Packets, but I > don't get how does HTTP run over UDP. Probably best explained by the code... it just uses HTTP for the initial setup -- a CONNECT request with an HTTP cookie for authentication, and you get IP address etc. in the headers of the response. Then you're connected with an SSL connection, you can forget HTTP, and run IP packets over that connection. In the headers of the initial exchange you _also_ set up parameters for a DTLS connection, over which you can pass packets. -- dwmw2 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: DTLS server implementation experiences and documentation
Dear David, Thanks for the reply. So it is alike SSL VPN with data encapsulated into HTTP Packets, but I don't get how does HTTP run over UDP. Kind regards GLG 2009/1/24 David Woodhouse > On Sat, 2009-01-24 at 00:13 +0100, Georges Le grand wrote: > > I wonder if you could give out a reference on how to establish a VPN > > using DTLS or to tell how to do so. > > We are just using Cisco's "AnyConnect" VPN, which runs over an HTTPS > 'CONNECT' and will use DTLS for subsequent data transfer if it can. The > client code is at git://git.infradead.org/users/dwmw2/openconnect.git > (viewable in gitweb by changing git:// to http:// in that URL). > > That code works on Linux and MacOS, and if anyone wants to provide a > patch to make it work on other BSD systems that would be much > appreciated. > > Since Cisco use an old version of OpenSSL on the server side, you'll > need to patch OpenSSL to make it compatible with its own pre-RFC version > of DTLS -- see http://rt.openssl.org/Ticket/Display.html?id=1751 for the > patch. > > The VPN will work over HTTPS if you don't patch OpenSSL, but VPN over > TCP is a very suboptimal solution. > > I haven't done server-side code yet; the point of this was to > interoperate with the existing servers, and I have no immediate need to > _replace_ them. It really wouldn't be hard though -- it's all fairly > trivial stuff. > > You might also be interested in http://campagnol.sourceforge.net/ > > -- > dwmw2 > >
OpenSSL pseudo-psk usage
Hello all, I'm wanting to use openssl to provide a psk-like authentication and encryption. While I see that openssl cvs has some TLS-PSK functionality, this does not seem to exist in any of the released tarballs. I run gentoo and I don't see any psk related options when I run openssl s_client --help either. In my quest to develop and distribute an application that relies on psk-like functionality without requiring people to build and install cvs revisions of openssl, I have decided that this functionality isn't a reasonable route. So I've tried to think of ways to have a psk-like functionality with openssl. My project does not require high enough security to need both client and server to be able to trace certs up the CA chain to a common root CA, so I am relying on the server side having a self- created CA that every cert is signed with. From there, here is the process: - A server private key and server cert signed with self-created CA cert are created - A client private key protected by a passphrase and a client cert signed with the self-created CA cert are created - When the client first connects to the server, the client downloads the client private key and client cert along with the CA cert it was signed with. - The client then attempts to create an ssl connection to the server. The client can only do this if the client public key can be decrypted with the correct passphrase used when the private key was created. Both the client and server certs are verified by the self-created CA cert that both sides now have. The one weakness in all this is the initial connection where the client downloads the client key and cert and shared CA cert. If the server isn't the intended server, the client won't know. I plan on providing for the user to confirm or reject the server based on whether the CA cert matches what the user thinks it should (would it be safe enough to just MD5sum hash the CA cert and present that sum to the user?). From then on, the client stores the CA cert and if a subsequent man in the middle attack is attempted, the server cert won't match the CA cert the client possesses. Does this design work as I am intending, with only one set of server and client certs needed per server implementation? Thanks, Chase Douglas __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: One certificate for both hostname and IP
On Sat, Jan 24, 2009, Marco De Vitis wrote: > Hi, > running my own CA on a Debian Etch machine (openssl 0.9.8c) I need to > create a certificate for a private mailserver, which must be reachable both > using its hostname and its IP address. So the certificate needs to contain > both, to prevent warnings at the client side. The mail clients used will > be, among others, Outlook Express and Outlook 2007 (I cannot avoid this). > > I tried various solutions, to no avail. > > I first generated a certificate containing two Common Names, and it was ok > for Oulook Express, but not for Outlook, which shows a security warning > when using the second name. > > I then tried various subjectAltName configurations, but none of these seems > to be supported by either OE or Outlook, they both always show a security > warning for one of the names. Here are some configurations I tried: > > subjectAltName = IP: > > subjectAltName = otherName:1.2.3.4;UTF8: > > subjectAltName = dirName:dir_sect > [dir_sect] > C = IT > O = bla bla > OU = bla bla > CN = > > subjectAltName = @alt_names > [alt_names] > IP.1 = > > All other needed parameters in openssl.cnf are correctly in place, AFAICT, > because the subjectAltName values are correctly visible in the generated > certificate. > I can post the full openssl.cnf if needed. > > Any clues? > Thanks. > You don't say which give a warning. If you use the IP version in subjectAltname do you get a warning for the hostname or the IP address? If the hostname but not IP address try adding a second value, DNS:whatever.com Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
certificate verification (with all data in memory)
Hi all, I've already asked here about similar thing before, but as things got a little clearer now (I've read through a load of docs and code...), I guess I can formulate my question a little better now. My problem is, roughly, this: - I got some CA certificates loaded in the memory (say, in STACK_OF(X509)) - I also have some CRLs loaded in the memory (similarly in STACK_OF(X509_CRL)) - I have a SSL_CTX (which is supposed to create SSLs to handle connections) - I want the incoming certificate to be verified so: a] it's signed by one of CA's from my CA stack (main problem) b] it's not CRL'ed by any of CRLs loaded. After a week of googling I've not been able to find a simple solution to do that, nor a similar code which would do. Could anyone point out a simple set of functions or correct openSSL API layer to do this? Thanks in advance, Mirek Kratochvil __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Make test failed for Fips Capable openssl 9.8J
Is it neccessary to use same compiler to build opensslfips 1.2 and openssl 9.8J . if i am using different compiler ,does it create problem . Please Reply as this issue is become a problem for me for generating the shared library of fips capable openssl 9.8j Opensslfips 1.2 # ./config -t Operating system: 00C3E1AD4C00-ibm-aix Configuring for aix-gcc /usr/bin/perl ./Configure aix-gcc Openssl 9.8j # ./config -t Operating system: 00C3E1AD4C00-ibm-aix WARNING! If you wish to build 64-bit kit, then you have to invoke './Configure aix64-cc' *manually*. Configuring for aix-cc /usr/bin/perl ./Configure aix-cc Will this a problem. Please reply . Thanks Joshi On Sat, Jan 24, 2009 at 12:53 PM, rajan chittil wrote: > I have used aix64-cc compiler to build openssl fips 1.2 But since we have > GPFS problem , we have to use xlc_r compiler to build openssl 9.8J .Since > i am using xlc_r compiler it is not created validated module. Can you please > tell me what all changes i need to do to build the openssl 9.8J by using > xlc_r compiler . I have seen some are using some patch on Makefile.shared > file etc. Can you please guide me . > > Thanks > > Rajan > > > On Sat, Jan 24, 2009 at 3:47 AM, wrote: > >> >> "Dr. Stephen Henson" wrote: >> > On Fri, Jan 23, 2009, rajan chittil wrote: >> > >> > > Hi , >> > > >> > > I have gone through security policy ( >> > > http://www.openssl.org/docs/fips/SecurityPolicy-1.2.pdf) and user >> guide.( >> > > http://www.openssl.org/docs/fips/UserGuide-1.2.pdf). >> > > >> > > I have changed the configuration option to >> > > >> > > 1. opensslfips1.2 >> > > ./config fipscanisterbuild >> > > make >> > > >> > > 2. openssl 9.8j >> > > ./Configure -DSSL_ALLOW_ADH --prefix=/usr --openssldir=/var/ssl >> > > >> --with-fipslibdir=/home/rajan/openssl/opensslfips1.2/fips64/openssl-fips-1.2/fips >> > > fips no-idea no-rc5 no-ec no-symlinks shared threads aix64-xlc_r >> > > make >> > > make test >> > > >> > > But still i am getting the same error >> > > >> > > test SSL protocol >> > > test ssl3 is forbidden in FIPS mode >> > > 508008:error:2D06906E:FIPS >> > > routines:FIPS_CHECK_INCORE_FINGERPRINT:fingerprint does not >> > > match:fips.c:238: >> > > test ssl2 is forbidden in FIPS mode >> > > 508010:error:2D06906E:FIPS >> > > routines:FIPS_CHECK_INCORE_FINGERPRINT:fingerprint does not >> > > match:fips.c:238: >> > > test tls1 >> > > 508012:error:2D06906E:FIPS >> > > routines:FIPS_CHECK_INCORE_FINGERPRINT:fingerprint does not >> > > match:fips.c:238: >> > > make: The error code from the last command is 1. >> > > >> > > >> > > Stop. >> > > make: The error code from the last command is 2. >> > > >> > > >> > > Stop. >> > > >> > > But i have tested ./fips_test_suite it work fine >> > > >> > > $ ./fips_test_suite >> > > FIPS-mode test application >> > > >> > > 1. Non-Approved cryptographic operation test... >> > > a. Included algorithm (D-H)...successful >> > > 2. Automatic power-up self test...successful >> > > 3. AES encryption/decryption...successful >> > > 4. RSA key generation and encryption/decryption...successful >> > > 5. DES-ECB encryption/decryption...successful >> > > 6. DSA key generation and signature validation...successful >> > > 7a. SHA-1 hash...successful >> > > 7b. SHA-256 hash...successful >> > > 7c. SHA-512 hash...successful >> > > 7d. HMAC-SHA-1 hash...successful >> > > 7e. HMAC-SHA-224 hash...successful >> > > 7f. HMAC-SHA-256 hash...successful >> > > 7g. HMAC-SHA-384 hash...successful >> > > 7h. HMAC-SHA-512 hash...successful >> > > 8. Non-Approved cryptographic operation test... >> > > a. Included algorithm (D-H)...successful as expected >> > > 9. Zero-ization... >> > > Generated 128 byte RSA private key >> > > BN key before overwriting: >> > > >> 77eed34099e0d0dc56d316727fd2217c3bc0f6409bc1cd12ffdb427101218787e5bcc0013f58d1633b3f8934c1cf65a05744701fefc80dd92ac7ac4e88ff91ae18c5dda39e77257e3be162cda8f252dfca19dc3998af38b6de90c766295dfd74db93ea66333f3c91c35d8958292f205a6d89d4332f913f21fb6756179008ef29 >> > > BN key after overwriting: >> > > >> 5171b0a563d968222705431c1abf13bef9780e38a28817d7a36c953d18179e2330ee87d363b8154e2d268eb5aed447bd6419da455d390ce70891bf0512360721e0be0e44c32489e1c975436fa752460397a8e921a0ad64eee7200abe57c2807925edc105a5233da59dd7b4a26a675a2683d5cbee2d87f02fefbfaab5c355e264 >> > > char buffer key before overwriting: >> > > 4850f0a33aedd3af6e477f8302b10968 >> > > char buffer key after overwriting: >> > > 96a916306b46b3d4189fa6d1b04a4ed9 >> > > successful as expected >> > > >> > > All tests completed with 0 errors >> > > >> > > $ ./fips_test_suite aes >> > > FIPS-mode test application >> > > >> > > AES encryption/decryption with corrupted KAT... >> > > >> ERROR:2d06e065:lib=45,func=110,reason=101:file=fips_aes_selftest.c:line=98: >> > > Power-up self test failed >> > > $ ./fips_test_suite sha1 >> > > FIPS-mode test application >> > > >> > > SHA-1 hash with corrupted KAT... >> > > >> ERROR:2d073065:lib=45,func=115,reason=101:file=fips_sha1_selftest.c
One certificate for both hostname and IP
Hi, running my own CA on a Debian Etch machine (openssl 0.9.8c) I need to create a certificate for a private mailserver, which must be reachable both using its hostname and its IP address. So the certificate needs to contain both, to prevent warnings at the client side. The mail clients used will be, among others, Outlook Express and Outlook 2007 (I cannot avoid this). I tried various solutions, to no avail. I first generated a certificate containing two Common Names, and it was ok for Oulook Express, but not for Outlook, which shows a security warning when using the second name. I then tried various subjectAltName configurations, but none of these seems to be supported by either OE or Outlook, they both always show a security warning for one of the names. Here are some configurations I tried: subjectAltName = IP: subjectAltName = otherName:1.2.3.4;UTF8: subjectAltName = dirName:dir_sect [dir_sect] C = IT O = bla bla OU = bla bla CN = subjectAltName = @alt_names [alt_names] IP.1 = All other needed parameters in openssl.cnf are correctly in place, AFAICT, because the subjectAltName values are correctly visible in the generated certificate. I can post the full openssl.cnf if needed. Any clues? Thanks. -- Ciao, Marco. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: DTLS server implementation experiences and documentation
On Sat, 2009-01-24 at 00:13 +0100, Georges Le grand wrote: > I wonder if you could give out a reference on how to establish a VPN > using DTLS or to tell how to do so. We are just using Cisco's "AnyConnect" VPN, which runs over an HTTPS 'CONNECT' and will use DTLS for subsequent data transfer if it can. The client code is at git://git.infradead.org/users/dwmw2/openconnect.git (viewable in gitweb by changing git:// to http:// in that URL). That code works on Linux and MacOS, and if anyone wants to provide a patch to make it work on other BSD systems that would be much appreciated. Since Cisco use an old version of OpenSSL on the server side, you'll need to patch OpenSSL to make it compatible with its own pre-RFC version of DTLS -- see http://rt.openssl.org/Ticket/Display.html?id=1751 for the patch. The VPN will work over HTTPS if you don't patch OpenSSL, but VPN over TCP is a very suboptimal solution. I haven't done server-side code yet; the point of this was to interoperate with the existing servers, and I have no immediate need to _replace_ them. It really wouldn't be hard though -- it's all fairly trivial stuff. You might also be interested in http://campagnol.sourceforge.net/ -- dwmw2 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
