DTLSv1 SSL_renegotiate

[David Isaac Wolinsky]

Hi all,

I am implementing a project that uses OpenSSL DTLSv1.  I noticed that 
even after sending approximately 1 GB of data, the cipher spec did not 
change.  So I implemented a manual renegotiate and I attempted to verify 
that it worked.  It didn't.  For some reason, after the server receives 
the renegotiate message from the client, it gets stuck at SSLv3 read 
client hello B.  I then tried the exact same code but switched the 
SSL_method to SSLv3 and TLSv1 and it worked just fine.  The peers 
renegotiated a new cipher spec.  Any thoughts?


Regards,
David
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

CA rekeying / CA rollover

[Yildirim Zaynal]

Hi all,

Can anybody give me a quick and dirty guide on CA rekeying / CA rollover
steps? I couldnt find it anywhere..

Thanks

RE: openssl s_client and FTPS

[Saju Paul]

FTP SSL operates in two modes.  Explicit SSL - where the FTP Client issues
the AUTH command on the clear command channel which results in the server
and client performing the SSL handshake to secure the channel.  The other
mode Implicit SSL - the SSL handshake is done soon as the Client to Server
connection is established.  Explicit FTP SSL usually defaults to Port 21
whereas Implicit FTP SSL defaults to Port 990.

With the Curl FTP Client you should be able to connect to the server either
in Explicit or Implicit SSL mode.  Assuming the server supports both modes.

With OpenSSL s_client you maybe limited to only Implicit SSL; in which case
you will need to specify the 990 port at the command line.

- sp panikulam
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of oh...@cox.net
Sent: Sunday, November 01, 2009 9:47 PM
To: openssl-users@openssl.org
Subject: Re: openssl s_client and FTPS


 oh...@cox.net wrote: 
 Hi,
 
 We're having problems connecting to an FTP server using FTPS (not sftp),
and to diagnose the problem, we've been using cURL with openssl.  The server
is IBM Z/OS FTP server. 
 
 When we test with cURL, we are getting:
 
 Info SSLV3, TLS handshake, Client hello (1) Send SSL Data, 95 bytes (0x5f)
=hex data===
 Info: SSLV?, Unknown (2)
 Send SSL data, 2 bytes
 : 02 46
 Info: error: 1408F10B: SSL routine:SSL3_GET_RECORD:wrong version number
 
 From various searches, I've gathered that this kind of problem is not
uncommon (but I've not found a solution), but I'm also gathering that what
is happening is that openssl is returing some error to cURL.
 
 So, I've been trying to see if I use openssl s_client by itself, and if
openssl might provide more info on what he actual problem might be.
 
 From what I understand, openssl s_client -starttls ftp should work, but
when we tried it on our system (RHEL) we got a segfault.  We checked the
openssl version, and it's 0.9.7a, which I understand is a really old
version, so we're going to try to get a newer openssl version on the system.

 
 In the meantime, I wanted to elicit some feedback as to whether, in the
experience of others here, if we can get openssl s_client -starttls ftp
working, will that yield more info that might help us figure out what the
problem might be?
 
 Thanks in advance!
 
 Jim
 


Hi,

We're kind of guessing that what might be happening is that some firewall or
network device between our client machine the the Z/OS FTP machine is
causing the server response to the client HELLO to not be returned.

Does anyone know, if that is what might be happening, if that would cause
openssl to output what we're seeing, i.e. if openssl doesn't receive a
response to the client HELLO, will it display:

Info: error: 1408F10B: SSL routine:SSL3_GET_RECORD:wrong version number 

??

Thanks,
Jim
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

No virus found in this incoming message.
Checked by AVG - www.avg.com 
Version: 8.5.423 / Virus Database: 270.14.43/2474 - Release Date: 11/01/09
07:38:00

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: DTLSv1 SSL_renegotiate

[Robin Seggelmann]

Hi David,

Which version of OpenSSL are you using? The current 0.9.8 stable is  
*very* buggy and also in 1.0.0 beta 3 are still several known bugs.  
You should either use the development version in the CVS repository or  
apply our patches from sctp.fh-muenster.de to have them fixed. You can  
also find some DTLS example code there. If you still experience any  
problems, please supply a detailed description so that I can try to  
reproduce it.


Regards,
Robin


On Nov 2, 2009, at 6:46 AM, David Isaac Wolinsky wrote:


Hi all,

I am implementing a project that uses OpenSSL DTLSv1.  I noticed  
that even after sending approximately 1 GB of data, the cipher spec  
did not change.  So I implemented a manual renegotiate and I  
attempted to verify that it worked.  It didn't.  For some reason,  
after the server receives the renegotiate message from the client,  
it gets stuck at SSLv3 read client hello B.  I then tried the  
exact same code but switched the SSL_method to SSLv3 and TLSv1 and  
it worked just fine.  The peers renegotiated a new cipher spec.  Any  
thoughts?


Regards,
David
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

RE: Is full-duplex socket use possible with OpenSSL?

[Mark]

Hi Darrel, 

Thanks for the very useful and clear explanation.

 Mark wrote:
  There is one added complication in that the protocol is a datagram
  protocol at a
  higher level (although it uses TCP).  I am concerned that the whole
  protocol could
  block if there is not enough data to encrypt a whole 
 outgoing message
  but the peer cannot
  continue until it gets the message.
 
 What is not allowed is for the stack to 
 hold onto the 
 data (possibly forever) in the hope that the user will make 
 an API call to write more data.

In this case my concerns are unfounded.
 
 Now there is another issue which isn't really a blocking one, 
 it is more 
 a deadlock.  This is where due to your IO pump design and the 
 interaction between the upper levels of your application and the 
 datagram/SSL levels you ended up designing your application such that 
 the same thread is used to both service the IO pump and the 
 upper levels 
 of the application (the data processing).  This is possible 
 but requires 
 careful design.  For whatever reason the upper levels stalled/blocked 
 waiting for IO, and this means your thread of execution lost 
 control and 
 starved the IO pump part from doing its work (because its the 
 same thread).

The IO pump thread would definitely be independent of all other layers
of
the protocol.  I don't like mixing layers.

Regards, Mark.

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

RE: Is full-duplex socket use possible with OpenSSL?

[Mark]

Hi Ger, 

  There is one added complication in that the protocol is a datagram
  protocol at a
  higher level (although it uses TCP).  I am concerned that the whole
  protocol could
  block if there is not enough data to encrypt a whole 
 outgoing message
  but the peer cannot
  continue until it gets the message.
 
 If you mean that the upper layer protocol is message-oriented rather
 than stream-oriented ('datagram' is a Rorschach blot for me that says:
 UDP  sorry) and the protocol is constructed such that outgoing
 message REQ(A) must have produced [a complete] answer message ANS(A)
 before the next outgoing message REQ(B) is sent over the wire, then
 you're in fancy land anyway, as that is not a class 101 scenario for
 TCP, which is by design stream-oriented.

Yes,  the higher layers are message oriented.  The protocol is not so
restricted as 1:1 request/response though.  Several messages can be
sent without any response (dependent on message type).  However 
only whole messages can be sent and only whole messages can be decoded
by the receiver.  Messages must also arrive in the order they were sent.

Thanks for your helpful post.

Regards, Mark.

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: CA rekeying / CA rollover

[Patrick Patterson]

On November 2, 2009 05:08:20 am Yildirim Zaynal wrote:
 Hi all,

 Can anybody give me a quick and dirty guide on CA rekeying / CA rollover
 steps? I couldnt find it anywhere..

Well, the Sanctioned method is found in RFC 4210 (Certificate Management 
Protocol). You want to look at section 4.4

Have fun.

-- 
Patrick Patterson
President and Chief PKI Architect,
Carillon Information Security Inc.
http://www.carillon.ca
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: openssl s_client and FTPS

[Victor Duchovni]

On Mon, Nov 02, 2009 at 05:07:10AM -0500, Saju Paul wrote:

 FTP SSL operates in two modes.  Explicit SSL - where the FTP Client issues
 the AUTH command on the clear command channel which results in the server
 and client performing the SSL handshake to secure the channel.  The other
 mode Implicit SSL - the SSL handshake is done soon as the Client to Server
 connection is established.  Explicit FTP SSL usually defaults to Port 21
 whereas Implicit FTP SSL defaults to Port 990.
 
 With the Curl FTP Client you should be able to connect to the server either
 in Explicit or Implicit SSL mode.  Assuming the server supports both modes.
 
 With OpenSSL s_client you maybe limited to only Implicit SSL; in which case
 you will need to specify the 990 port at the command line.

With -starttls ftp' (sufficiently recent OpenSSL) explicit mode is
supported. Still, s_client is not an FTP client, so you only get a
control channel, no data channels will be built by s_client for the
FTP commands that use these.

-- 
Viktor.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Enabling Session Caching

[Paul Suhler]

Hi, everyone.

I'm trying to enable session caching, but my server doesn't seem to send
a session ID.

According to
http://www.openssl.org/docs/ssl/SSL_CTX_set_session_id_context.html, all
I have to do is invoke SSL_CTX_set_session_id_context() with a pointer
to a string (or binary data) and the length of that string.  I've done
this and the desired session ID and length are correct in both the
SSL_CTX structure and (during SSL_accept) in the SSL structure.
However, in the Server Hello message, the session ID length is always
zero.  The client that connects shows a zero-length session ID, which
would seem to be consistent with not sendig an ID.  I'm using anonymous
TLS, so there are no certificates in the server context.

The code that I'm using to set up the context is:

   netSSLServerContextPtr = SSL_CTX_new(TLSv1_server_method());
   SSL_CTX_set_options(netSSLServerContextPtr, SSL_OP_ALL |
SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
   SSL_CTX_set_session_cache_mode(netSSLServerContextPtr,
SSL_SESS_CACHE_BOTH);
   SSL_CTX_set_session_id_context(netSSLServerContextPtr,
netSslSessionIdContext, sizeof(netSslSessionIdContext));
   SSL_CTX_set_mode(netSSLServerContextPtr, SSL_MODE_AUTO_RETRY);

I've tried this with netSslSessionIdContext indicating both 17- and
ten-byte-long strings; neither work, so it seems not to be a string
length mismatch issue.

What have I missed?

Thanks very much,

Paul
___
Paul A. Suhler | Firmware Engineer | Quantum Corporation | Office:
949.856.7748 | paul.suh...@quantum.com 
___
Disregard the Quantum Corporation confidentiality notice below.  The
information contained in this transmission is not confidential.
Permission is hereby explicitly granted to disclose, copy, and further
distribute to any individuals or organizations, without restriction.

Re: openssl cipher suite query

[achint dudhwala]

1. How can we configure it using configuration files. Which configuration file 
and which field to modify ? Some example usage would greatly help.
2. Can it be done using Openssl API instead of configuration files.
 
Thanks.
 
--- On Fri, 30/10/09, Victor Duchovni victor.ducho...@morganstanley.com wrote:


From: Victor Duchovni victor.ducho...@morganstanley.com
Subject: Re: openssl cipher suite query
To: openssl-users@openssl.org
Date: Friday, 30 October, 2009, 9:16 PM


On Fri, Oct 30, 2009 at 02:50:55PM +0530, achint dudhwala wrote:

 3. How can we configure the application for not using the export
 cipher suites.

If the application supports a configurable cipher list, use:

    DEFAULT:!EXPORT:!LOW:!SSLv2

unless you need to support pre-historic SSL peers that only support SSLv2,
in which case:

    DEFAULT:!EXPORT:!LOW

will work with OpenSSL versions that include SSLv2 ciphers in DEFAULT,
otherwise (the most release of 0.9.8 and 1.0 or later), you need to use:

    ALL:!aNULL:!EXPORT:!LOW:@STRENGTH

the @STRENGTH is not needed with 1.0 or later, as ALL is already
sensibly sorted, starting with 1.0.0 (currently in beta).

-- 
    Viktor.
__
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org



  Try the new Yahoo! India Homepage. Click here. http://in.yahoo.com/trynew

Re: openssl cipher suite query

[Victor Duchovni]

On Tue, Nov 03, 2009 at 10:31:27AM +0530, achint dudhwala wrote:

 1. How can we configure it using configuration files. Which
 configuration file and which field to modify?

OpenSSL is a development toolkit, not a product. Configuration settings
are an application issue: not an OpenSSL issue. Ask your application
provider. OpenSSL provides mechanisms for applications to specify a
preferred cipherlist, how applications decide which settings to apply
is up to them.

 2. Can it be done using Openssl API instead of configuration files?

If you are writing your own application, see the documentation for:

SSL_CTX_set_cipher_list(3)

-- 
Viktor.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Static libraries with fPIC on 32bit system

[john blair]

I have built openssl-0.9.8k and am trying to link libcrypto.a statically with 
my project. I think libcrypto.a contains contains non-relocatable functions
For example, consider the following:
#include openssl/des.h
void foo(void) {
DES_encrypt3(NULL, NULL, NULL, NULL);
AES_encrypt(NULL, NULL);
}

$ gcc -fPIC -o libfoo.so -shared foo.c /usr/lib/libcrypto.a
$ eu-findtextrel libfoo.so 
the file containing the function 'DES_encrypt3' is not compiled with -fpic/-fPIC
the file containing the function 'DES_decrypt3' is not compiled with -fpic/-fPIC
the file containing the function 'DES_ncbc_encrypt' is not compiled with 
-fpic/-fPIC
the file containing the function 'DES_ede3_cbc_encrypt' is not compiled with 
-fpic/-fPIC

This does not happen on 64bit system and eu-findtextrel reports on text 
relocations. I think this is the default behavior on 32 bit systems. 

Can someone point me to why building static libs on 32 bit system with fPIC is 
a bad idea?
Also, if I want to build the static lib with fPIC, how do I go about it? All 
the .o files are built with fPIC.


  
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org