DTLSv1 SSL_renegotiate
Hi all, I am implementing a project that uses OpenSSL DTLSv1. I noticed that even after sending approximately 1 GB of data, the cipher spec did not change. So I implemented a manual renegotiate and I attempted to verify that it worked. It didn't. For some reason, after the server receives the renegotiate message from the client, it gets stuck at SSLv3 read client hello B. I then tried the exact same code but switched the SSL_method to SSLv3 and TLSv1 and it worked just fine. The peers renegotiated a new cipher spec. Any thoughts? Regards, David __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
CA rekeying / CA rollover
Hi all, Can anybody give me a quick and dirty guide on CA rekeying / CA rollover steps? I couldnt find it anywhere.. Thanks
RE: openssl s_client and FTPS
FTP SSL operates in two modes. Explicit SSL - where the FTP Client issues the AUTH command on the clear command channel which results in the server and client performing the SSL handshake to secure the channel. The other mode Implicit SSL - the SSL handshake is done soon as the Client to Server connection is established. Explicit FTP SSL usually defaults to Port 21 whereas Implicit FTP SSL defaults to Port 990. With the Curl FTP Client you should be able to connect to the server either in Explicit or Implicit SSL mode. Assuming the server supports both modes. With OpenSSL s_client you maybe limited to only Implicit SSL; in which case you will need to specify the 990 port at the command line. - sp panikulam -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of oh...@cox.net Sent: Sunday, November 01, 2009 9:47 PM To: openssl-users@openssl.org Subject: Re: openssl s_client and FTPS oh...@cox.net wrote: Hi, We're having problems connecting to an FTP server using FTPS (not sftp), and to diagnose the problem, we've been using cURL with openssl. The server is IBM Z/OS FTP server. When we test with cURL, we are getting: Info SSLV3, TLS handshake, Client hello (1) Send SSL Data, 95 bytes (0x5f) =hex data=== Info: SSLV?, Unknown (2) Send SSL data, 2 bytes : 02 46 Info: error: 1408F10B: SSL routine:SSL3_GET_RECORD:wrong version number From various searches, I've gathered that this kind of problem is not uncommon (but I've not found a solution), but I'm also gathering that what is happening is that openssl is returing some error to cURL. So, I've been trying to see if I use openssl s_client by itself, and if openssl might provide more info on what he actual problem might be. From what I understand, openssl s_client -starttls ftp should work, but when we tried it on our system (RHEL) we got a segfault. We checked the openssl version, and it's 0.9.7a, which I understand is a really old version, so we're going to try to get a newer openssl version on the system. In the meantime, I wanted to elicit some feedback as to whether, in the experience of others here, if we can get openssl s_client -starttls ftp working, will that yield more info that might help us figure out what the problem might be? Thanks in advance! Jim Hi, We're kind of guessing that what might be happening is that some firewall or network device between our client machine the the Z/OS FTP machine is causing the server response to the client HELLO to not be returned. Does anyone know, if that is what might be happening, if that would cause openssl to output what we're seeing, i.e. if openssl doesn't receive a response to the client HELLO, will it display: Info: error: 1408F10B: SSL routine:SSL3_GET_RECORD:wrong version number ?? Thanks, Jim __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.423 / Virus Database: 270.14.43/2474 - Release Date: 11/01/09 07:38:00 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: DTLSv1 SSL_renegotiate
Hi David, Which version of OpenSSL are you using? The current 0.9.8 stable is *very* buggy and also in 1.0.0 beta 3 are still several known bugs. You should either use the development version in the CVS repository or apply our patches from sctp.fh-muenster.de to have them fixed. You can also find some DTLS example code there. If you still experience any problems, please supply a detailed description so that I can try to reproduce it. Regards, Robin On Nov 2, 2009, at 6:46 AM, David Isaac Wolinsky wrote: Hi all, I am implementing a project that uses OpenSSL DTLSv1. I noticed that even after sending approximately 1 GB of data, the cipher spec did not change. So I implemented a manual renegotiate and I attempted to verify that it worked. It didn't. For some reason, after the server receives the renegotiate message from the client, it gets stuck at SSLv3 read client hello B. I then tried the exact same code but switched the SSL_method to SSLv3 and TLSv1 and it worked just fine. The peers renegotiated a new cipher spec. Any thoughts? Regards, David __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Is full-duplex socket use possible with OpenSSL?
Hi Darrel, Thanks for the very useful and clear explanation. Mark wrote: There is one added complication in that the protocol is a datagram protocol at a higher level (although it uses TCP). I am concerned that the whole protocol could block if there is not enough data to encrypt a whole outgoing message but the peer cannot continue until it gets the message. What is not allowed is for the stack to hold onto the data (possibly forever) in the hope that the user will make an API call to write more data. In this case my concerns are unfounded. Now there is another issue which isn't really a blocking one, it is more a deadlock. This is where due to your IO pump design and the interaction between the upper levels of your application and the datagram/SSL levels you ended up designing your application such that the same thread is used to both service the IO pump and the upper levels of the application (the data processing). This is possible but requires careful design. For whatever reason the upper levels stalled/blocked waiting for IO, and this means your thread of execution lost control and starved the IO pump part from doing its work (because its the same thread). The IO pump thread would definitely be independent of all other layers of the protocol. I don't like mixing layers. Regards, Mark. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Is full-duplex socket use possible with OpenSSL?
Hi Ger, There is one added complication in that the protocol is a datagram protocol at a higher level (although it uses TCP). I am concerned that the whole protocol could block if there is not enough data to encrypt a whole outgoing message but the peer cannot continue until it gets the message. If you mean that the upper layer protocol is message-oriented rather than stream-oriented ('datagram' is a Rorschach blot for me that says: UDP sorry) and the protocol is constructed such that outgoing message REQ(A) must have produced [a complete] answer message ANS(A) before the next outgoing message REQ(B) is sent over the wire, then you're in fancy land anyway, as that is not a class 101 scenario for TCP, which is by design stream-oriented. Yes, the higher layers are message oriented. The protocol is not so restricted as 1:1 request/response though. Several messages can be sent without any response (dependent on message type). However only whole messages can be sent and only whole messages can be decoded by the receiver. Messages must also arrive in the order they were sent. Thanks for your helpful post. Regards, Mark. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: CA rekeying / CA rollover
On November 2, 2009 05:08:20 am Yildirim Zaynal wrote: Hi all, Can anybody give me a quick and dirty guide on CA rekeying / CA rollover steps? I couldnt find it anywhere.. Well, the Sanctioned method is found in RFC 4210 (Certificate Management Protocol). You want to look at section 4.4 Have fun. -- Patrick Patterson President and Chief PKI Architect, Carillon Information Security Inc. http://www.carillon.ca __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: openssl s_client and FTPS
On Mon, Nov 02, 2009 at 05:07:10AM -0500, Saju Paul wrote: FTP SSL operates in two modes. Explicit SSL - where the FTP Client issues the AUTH command on the clear command channel which results in the server and client performing the SSL handshake to secure the channel. The other mode Implicit SSL - the SSL handshake is done soon as the Client to Server connection is established. Explicit FTP SSL usually defaults to Port 21 whereas Implicit FTP SSL defaults to Port 990. With the Curl FTP Client you should be able to connect to the server either in Explicit or Implicit SSL mode. Assuming the server supports both modes. With OpenSSL s_client you maybe limited to only Implicit SSL; in which case you will need to specify the 990 port at the command line. With -starttls ftp' (sufficiently recent OpenSSL) explicit mode is supported. Still, s_client is not an FTP client, so you only get a control channel, no data channels will be built by s_client for the FTP commands that use these. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Enabling Session Caching
Hi, everyone. I'm trying to enable session caching, but my server doesn't seem to send a session ID. According to http://www.openssl.org/docs/ssl/SSL_CTX_set_session_id_context.html, all I have to do is invoke SSL_CTX_set_session_id_context() with a pointer to a string (or binary data) and the length of that string. I've done this and the desired session ID and length are correct in both the SSL_CTX structure and (during SSL_accept) in the SSL structure. However, in the Server Hello message, the session ID length is always zero. The client that connects shows a zero-length session ID, which would seem to be consistent with not sendig an ID. I'm using anonymous TLS, so there are no certificates in the server context. The code that I'm using to set up the context is: netSSLServerContextPtr = SSL_CTX_new(TLSv1_server_method()); SSL_CTX_set_options(netSSLServerContextPtr, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); SSL_CTX_set_session_cache_mode(netSSLServerContextPtr, SSL_SESS_CACHE_BOTH); SSL_CTX_set_session_id_context(netSSLServerContextPtr, netSslSessionIdContext, sizeof(netSslSessionIdContext)); SSL_CTX_set_mode(netSSLServerContextPtr, SSL_MODE_AUTO_RETRY); I've tried this with netSslSessionIdContext indicating both 17- and ten-byte-long strings; neither work, so it seems not to be a string length mismatch issue. What have I missed? Thanks very much, Paul ___ Paul A. Suhler | Firmware Engineer | Quantum Corporation | Office: 949.856.7748 | paul.suh...@quantum.com ___ Disregard the Quantum Corporation confidentiality notice below. The information contained in this transmission is not confidential. Permission is hereby explicitly granted to disclose, copy, and further distribute to any individuals or organizations, without restriction.
Re: openssl cipher suite query
1. How can we configure it using configuration files. Which configuration file and which field to modify ? Some example usage would greatly help. 2. Can it be done using Openssl API instead of configuration files. Thanks. --- On Fri, 30/10/09, Victor Duchovni victor.ducho...@morganstanley.com wrote: From: Victor Duchovni victor.ducho...@morganstanley.com Subject: Re: openssl cipher suite query To: openssl-users@openssl.org Date: Friday, 30 October, 2009, 9:16 PM On Fri, Oct 30, 2009 at 02:50:55PM +0530, achint dudhwala wrote: 3. How can we configure the application for not using the export cipher suites. If the application supports a configurable cipher list, use: DEFAULT:!EXPORT:!LOW:!SSLv2 unless you need to support pre-historic SSL peers that only support SSLv2, in which case: DEFAULT:!EXPORT:!LOW will work with OpenSSL versions that include SSLv2 ciphers in DEFAULT, otherwise (the most release of 0.9.8 and 1.0 or later), you need to use: ALL:!aNULL:!EXPORT:!LOW:@STRENGTH the @STRENGTH is not needed with 1.0 or later, as ALL is already sensibly sorted, starting with 1.0.0 (currently in beta). -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org Try the new Yahoo! India Homepage. Click here. http://in.yahoo.com/trynew
Re: openssl cipher suite query
On Tue, Nov 03, 2009 at 10:31:27AM +0530, achint dudhwala wrote: 1. How can we configure it using configuration files. Which configuration file and which field to modify? OpenSSL is a development toolkit, not a product. Configuration settings are an application issue: not an OpenSSL issue. Ask your application provider. OpenSSL provides mechanisms for applications to specify a preferred cipherlist, how applications decide which settings to apply is up to them. 2. Can it be done using Openssl API instead of configuration files? If you are writing your own application, see the documentation for: SSL_CTX_set_cipher_list(3) -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Static libraries with fPIC on 32bit system
I have built openssl-0.9.8k and am trying to link libcrypto.a statically with my project. I think libcrypto.a contains contains non-relocatable functions For example, consider the following: #include openssl/des.h void foo(void) { DES_encrypt3(NULL, NULL, NULL, NULL); AES_encrypt(NULL, NULL); } $ gcc -fPIC -o libfoo.so -shared foo.c /usr/lib/libcrypto.a $ eu-findtextrel libfoo.so the file containing the function 'DES_encrypt3' is not compiled with -fpic/-fPIC the file containing the function 'DES_decrypt3' is not compiled with -fpic/-fPIC the file containing the function 'DES_ncbc_encrypt' is not compiled with -fpic/-fPIC the file containing the function 'DES_ede3_cbc_encrypt' is not compiled with -fpic/-fPIC This does not happen on 64bit system and eu-findtextrel reports on text relocations. I think this is the default behavior on 32 bit systems. Can someone point me to why building static libs on 32 bit system with fPIC is a bad idea? Also, if I want to build the static lib with fPIC, how do I go about it? All the .o files are built with fPIC. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org