[openssl-users] How to debug SSLV3_ALERT_BAD_RECORD_MAC

2017-04-25 Thread craig_we...@trendmicro.com 
We have recently upgraded our product to 1.0.2k.  We are getting this error on 
a packet sent to us from our browser-based user interface.  I really need some 
suggestions as to how to debug this problem.  I know it is in our code rather 
than OpenSSL but I have no idea how to dig into what is happening.

[Image]


Craig Weeks | Sr. Software Developer, Support Response Team (SRT), Trend Micro 
Inc.

11305 Alterra Parkway, Austin, TX  78758


Securing Your Journey to the Cloud
www.trendmicro.com





TREND MICRO EMAIL NOTICE
The information contained in this email and any attachments is confidential
and may be subject to copyright or other intellectual property protection.
If you are not the intended recipient, you are not authorized to use or
disclose this information, and we request that you notify us by reply mail or
telephone and delete the original message from your mail system.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] What does this error mean? sslv3 alert certificate unknown:state 23

2017-04-25 Thread Blumenthal, Uri - 0553 - MITLL 
  > Thank you!  So it is the *client* that breaks the connection,
  > and it is unhappy either about MiTM, or the encoding. I will
  > check for both (though not much I can do about either).

Presumably you've added that cert to some trust store on the system in 
question.

Yes I did (though reluctantly :).

The support staff for the product should be able to tell you how to 
configure
trusted TLS CAs, if these are configurable.

Yes, I’m bringing this to them, in hope that they’d resolve it.

If the product is not using OpenSSL, this question really is off topic for
this list.  If it is using OpenSSL, there may be some place where it looks
for its CAfile or some CApath directory.

Frankly, I don’t know – to me it’s an executable black-box. I’ll try to dig. 
But I think you’ve provided me with all I need to point our support at the root 
cause.

Thanks!! 


smime.p7s
Description: S/MIME cryptographic signature
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] What does this error mean? sslv3 alert certificate unknown:state 23

2017-04-25 Thread Viktor Dukhovni 

> On Apr 25, 2017, at 4:41 PM, Blumenthal, Uri - 0553 - MITLL  
> wrote:
> 
>Client objects to the server chain.  Either does not trust the MiTM root 
> CA, or
>is unhappy about its encoding (assuming tshark is not generating an FP 
> warning).
> 
> Thank you!  So it is the *client* that breaks the connection, and it is 
> unhappy either about MiTM, or the encoding. I will check for both (though not 
> much I can do about either).

Well, if there is not facility to configure the client's trusted root CAs,
then of course it won't trust the MiTM root cert.  Presumably you've added
that cert to some trust store on the system in question.

The support staff for the product should be able to tell you how to configure
trusted TLS CAs, if these are configurable.

If the product is not using OpenSSL, this question really is off topic for
this list.  If it is using OpenSSL, there may be some place where it looks
for its CAfile or some CApath directory.

-- 
Viktor.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] What does this error mean? sslv3 alert certificate unknown:state 23

2017-04-25 Thread Blumenthal, Uri - 0553 - MITLL 
> extensions: 4 items
> Extension (ns_cert_exts.comment)
> Extension Id: 2.16.840.1.113730.1.13 
(ns_cert_exts.comment)
> BER Error: String with tag=22 expected 
but class:UNIVERSAL(0)
>   primitive 
tag:12 was unexpected
> [Expert Info (Warn/Malformed): BER 
Error: String expected]
> [BER Error: String expected]
> [Severity level: Warn]
> [Group: Malformed]

This is odd, is tshark buggy, too picky, or is the issuer cert actually 
malformed?

I don’t know off-hand, will check, and bring to the attention of those who run 
the proxy.


> algorithmIdentifier (shaWithRSAEncryption)
> Algorithm Id: 1.2.840.113549.1.1.5 
(shaWithRSAEncryption)
> Padding: 0
> encrypted: 
408fc9a991e6cebbec05fa6b2463d89bcb8b2dc888c1a1b6...

Issuer cert is an MiTM proxy, and possibly has encoding errors.
   
Got it, thanks.



> Secure Sockets Layer
> TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Certificate 
Unknown)
> Content Type: Alert (21)
> Version: TLS 1.2 (0x0303)
> Length: 2
> Alert Message
> Level: Fatal (2)
> Description: Certificate Unknown (46)

Client objects to the server chain.  Either does not trust the MiTM root 
CA, or
is unhappy about its encoding (assuming tshark is not generating an FP 
warning).

Thank you!  So it is the *client* that breaks the connection, and it is unhappy 
either about MiTM, or the encoding. I will check for both (though not much I 
can do about either).

Thanks! (At least I have an idea now what’s going on.) 


smime.p7s
Description: S/MIME cryptographic signature
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] What does this error mean? sslv3 alert certificate unknown:state 23

2017-04-25 Thread Viktor Dukhovni 

> On Apr 25, 2017, at 3:17 PM, Blumenthal, Uri - 0553 - MITLL  
> wrote:

> Secure Sockets Layer
> SSL Record Layer: Handshake Protocol: Client Hello
> Content Type: Handshake (22)
> Version: TLS 1.2 (0x0303)
> Length: 228
> Handshake Protocol: Client Hello
> Handshake Type: Client Hello (1)
> Length: 224
> Version: TLS 1.2 (0x0303)
> ... vanilla client hello ...
> 
> Secure Sockets Layer
> TLSv1.2 Record Layer: Handshake Protocol: Server Hello
> Content Type: Handshake (22)
> Version: TLS 1.2 (0x0303)
> Length: 89
> Handshake Protocol: Server Hello
> Handshake Type: Server Hello (2)
> Length: 85
> Version: TLS 1.2 (0x0303)
> Random
> GMT Unix Time: Jan 12, 2043 21:01:43.0 EST
> Random Bytes: 
> 74befd6060b40803a1f281de721667ea45ac751fb7cd...
> Session ID Length: 32
> Session ID: c07a259d71e9906c44632f6f9e885d40a647d514ef5deb8b...
> Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
> ... vanilla server hello ...
> 
> Secure Sockets Layer
> TLSv1.2 Record Layer: Handshake Protocol: Certificate
> Content Type: Handshake (22)
> Version: TLS 1.2 (0x0303)
> Length: 2017
> Handshake Protocol: Certificate
> Handshake Type: Certificate (11)
> Length: 2013
> Certificates Length: 2010
> Certificates (2010 bytes)
> Certificate Length: 1038
> Certificate (id-at-commonName=cs.visual-paradigm.com)
> signedCertificate
> version: v3 (2)
> serialNumber : 
> 0x1c3d07eea2d576e83c60613e5f3c2a18e518b8a0
> signature (sha256WithRSAEncryption)
> Algorithm Id: 1.2.840.113549.1.1.11 
> (sha256WithRSAEncryption)

EE cert sigalg is normal

> issuer: rdnSequence (0)
> rdnSequence: 6 items (id-at-commonName=McAfee Web 
> Gateway,id-at-countryName=US,...
> RDNSequence item: 1 item 
> (id-at-organizationName=MIT Lincoln Laboratory)
> RelativeDistinguishedName item 
> (id-at-organizationName=MIT Lincoln Laboratory)
> Id: 2.5.4.10 (id-at-organizationName)
> DirectoryString: uTF8String (4)
> uTF8String: MIT Lincoln Laboratory
> . . . . .
> RDNSequence item: 1 item 
> (id-at-commonName=McAfee Web Gateway)
> RelativeDistinguishedName item 
> (id-at-commonName=McAfee Web Gateway)
> Id: 2.5.4.3 (id-at-commonName)
> DirectoryString: uTF8String (4)
> uTF8String: McAfee Web Gateway

EE cert issuer looks OK.

> validity
> notBefore: utcTime (0)
> utcTime: 17-04-24 18:35:25 (UTC)
> notAfter: utcTime (0)
> utcTime: 18-04-24 18:35:25 (UTC)


EE cert validity is one year, looks OK.

> subject: rdnSequence (0)
> rdnSequence: 1 item 
> (id-at-commonName=cs.visual-paradigm.com)
> RDNSequence item: 1 item 
> (id-at-commonName=cs.visual-paradigm.com)
> RelativeDistinguishedName item 
> (id-at-commonName=cs.visual-paradigm.com)
> Id: 2.5.4.3 (id-at-commonName)
> DirectoryString: uTF8String (4)
> uTF8String: cs.visual-paradigm.com

EE cert Subject looks OK.

> subjectPublicKeyInfo
> algorithm (rsaEncryption)
> Algorithm Id: 1.2.840.113549.1.1.1 
> (rsaEncryption)
> Padding: 0
> subjectPublicKey: 
> 3082010a02820101009a686b8a742ec2e4341a6f43e20f71...

The EE public key is 256 octets or 2048 bits, looks OK.

> extensions: 5 items
> Extension (id-ce-basicConstraints)
> Extension Id: 2.5.29.19 
> (id-ce-basicConstraints)
> BasicConstraintsSyntax [0 length]

EE empty basicConstraints defaults to CA:FALSE, OK

> Extension (id-ce-subjectKeyIdentifier)
> Extension Id: 2.5.29.14 
> (id-ce-subjectKeyIdentifier)
>

Re: [openssl-users] What does this error mean? sslv3 alert certificate unknown:state 23

2017-04-25 Thread Blumenthal, Uri - 0553 - MITLL 
On 4/24/17, 7:26 PM, "openssl-users on behalf of Viktor Dukhovni" 
 
wrote:

I get slightly annoyed when I take the time to help, but my response is
skimmed over and not read carefully.  Upthread I said:

See my recent post: 
https://www.spinics.net/lists/openssl-users/msg05623.html
for instructions on how to extract SSL info from PCAP files in a way that
mostly trims away endpoint details...

My apologies. Please find attached the tshark-processed (as instructed) PCAPNG 
file. I’d love to learn what one can glean from it.


If the alert is from the application to the proxy, then most likely the
application does not trust the proxy MiTM root CA.

Thanks!  

Secure Sockets Layer
SSL Record Layer: Handshake Protocol: Client Hello
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 228
Handshake Protocol: Client Hello
Handshake Type: Client Hello (1)
Length: 224
Version: TLS 1.2 (0x0303)
Random
GMT Unix Time: Apr 24, 2017 17:59:40.0 EDT
Random Bytes: 
010124d7b6a3fcc51f5495bfaeb11c0be284472c54217e63...
Session ID Length: 0
Cipher Suites Length: 58
Cipher Suites (29 suites)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 (0xc025)
Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 (0xc029)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (0x0040)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004)
Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02d)
Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 (0xc031)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 (0x00a2)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008)
Cipher Suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012)
Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
Cipher Suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc003)
Cipher Suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA (0xc00d)
Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)
Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
Compression Methods Length: 1
Compression Methods (1 method)
Compression Method: null (0)
Extensions Length: 125
Extension: elliptic_curves
Type: elliptic_curves (0x000a)
Length: 52
Elliptic Curves Length: 50
Elliptic curves (25 curves)
Elliptic curve: secp256r1 (0x0017)
Elliptic curve: sect163k1 (0x0001)
Elliptic curve: sect163r2 (0x0003)
Elliptic curve: secp192r1 (0x0013)
Elliptic curve: secp224r1 (0x0015)
Elliptic curve: sect233k1 (0x0006)
Elliptic curve: sect233r1 (0x0007)
Elliptic curve: sect283k1 (0x0009)
Elliptic curve: sect283r1 (0x000a)
Elliptic curve: secp384r1 (0x0018)
Elliptic curve: sect409k1 (0x000b)
Elliptic curve: sect409r1 (0x000c)
Elliptic curve: secp521r1 (0x0019)
Elliptic curve: sect571k1 (0x000d)
Elliptic curve: sect571r1 (0x000e)
Elliptic curve: secp160k1 (0x000f)
Elliptic curve: secp160r1 (0x0010)
Elliptic curve: secp160r2 (0x0011)
Elliptic curve: sect163r1 (0x0002)
Elliptic curve: secp192k1 (0x0012)