Re: [openssl-users] How can I compile nginx with openssl to support 0-rtt TLS1.3
Thanks for your advice.I get early data when I configure nginx ssl_early_data on.But I only get early data for get method.When using post method, the server terminate connection. Is it related with openssl? If so, how can I do to allow post method? Sent from my Samsung Galaxy smartphone. Original message From: Michael Wojcik Date: 29/12/2018 12:46 a.m. (GMT+06:30) To: openssl-users@openssl.org Subject: Re: [openssl-users] How can I compile nginx with openssl to support 0-rtt TLS1.3 > From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of > > Sent: Friday, December 28, 2018 00:25 > I have an nginx web server compiled with openssl that support TLS 1.3. What version of OpenSSL? Is it 1.1.1? The final version or an early release? Or 1.1.0, and if so, which letter release? > But when I test with firefox Nightly browser, it does not send early data > together with > client hello packet. This sounds like an nginx or Firefox question. I haven't experimented with 0-RTT, which I think was a bad idea in TLSv1.3 and have no interest in enabling in my applications; but as I understand it, you have to set some options in the SSL structure (or the SSL_CTX you use to create it) in order to enable 0-RTT. That means nginx will have to make the necessary OpenSSL API calls. It may not have support for that yet, or in whatever version of nginx you're running. It's also possible that there's some issue with the Firefox build you're running and its 0-RTT support. My suspicion though is that nginx is not enabling 0-RTT in nginx. -- Michael Wojcik Distinguished Engineer, Micro Focus -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Build target architecture
> After some searching and check, I've realized that openssl is not configured > for different target architectures? > I develop an application for Android using NDK(Native Development Kit). > There is Configurations/15-android.conf inside openssl git repo, but could > not be sure. > Could someone advise for the right usage. There is also opensslconf.h, and I > was thinking adding macros and use it. > I use Ubuntu16 and Mac-HighSierra as development OS. Thanks If it's your first time you try compiling OpenSSL, I'd recommend you start with reading the INSTALL instructions and the platform specific NOTES.ANDROID instructions first. There you will hopefully find the answers to your questions. You find those two text files in the root of your OpenSSL source directory. You can also view them directly on GitHub at https://github.com/openssl/openssl/blob/OpenSSL_1_1_1-stable/INSTALL https://github.com/openssl/openssl/blob/OpenSSL_1_1_1-stable/NOTES.ANDROID The `opensslconf.h` file is not intended to be edited. It is created by the .\Configure script from the `opensslconf.h.in` template. Also the `Configurations/*.conf` files which are part of the tarball are normally not intended to be edited, unless you intend to get you changes merged upstream. But you are free to add your own configuration file if it really turns out to be necessary. The config files also support inheritance, so you can derive from an existing configuration and apply incremental changes. HTH, Matthias -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] How can I compile nginx with openssl to support 0-rtt TLS1.3
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of > > Sent: Friday, December 28, 2018 00:25 > I have an nginx web server compiled with openssl that support TLS 1.3. What version of OpenSSL? Is it 1.1.1? The final version or an early release? Or 1.1.0, and if so, which letter release? > But when I test with firefox Nightly browser, it does not send early data > together with > client hello packet. This sounds like an nginx or Firefox question. I haven't experimented with 0-RTT, which I think was a bad idea in TLSv1.3 and have no interest in enabling in my applications; but as I understand it, you have to set some options in the SSL structure (or the SSL_CTX you use to create it) in order to enable 0-RTT. That means nginx will have to make the necessary OpenSSL API calls. It may not have support for that yet, or in whatever version of nginx you're running. It's also possible that there's some issue with the Firefox build you're running and its 0-RTT support. My suspicion though is that nginx is not enabling 0-RTT in nginx. -- Michael Wojcik Distinguished Engineer, Micro Focus -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Decrypting an OpenSSL encrypt AES256-CBC data
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of > Ertan Küçükoglu > Sent: Thursday, December 27, 2018 16:03 > A- I tried to directly decrypt (no padding applied) and I get my plain text > plus > some additional invisible characters at the end. I am told it maybe a > "padding" > issue, my problem, during decryption. How does the Windows program know how long the decrypted data is? It sounds to me like the problem is simply that your Windows code is decrypting the data correctly, then reading past it into garbage left at the end of the buffer. If the messages are of fixed length, only use that many bytes from the decryption output. If they're of variable length, then the sender will have to tell the receiver how long they are. There are many ways of doing that; you haven't told us enough about your protocol to know which would be appropriate in your case. -- Michael Wojcik Distinguished Engineer, Micro Focus -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Authentication over ECDHE
> On Dec 28, 2018, at 6:17 AM, Christian wrote: > > BIO_set_fd with 4|1 #Socket 4, BIO_CLOSE > SSL_set_accept_state > SSL_accept > SSL_accept failed, SSL_get_error: 1 #SSL_ERROR_SSL > 140059505588032:error:1408F119:SSL routines:ssl3_get_record:decryption failed > or bad record mac:../ssl/record/ssl3_record.c:375: > SSL_shutdown > SSL_clear 1. Don't call SSL_shutdown(), rather just call SSL_free() and close the socket using close(), IIRC SSL_set_fd() (you should not need to use BIO_set_fd) leaves you as the owner of the socket to close or not. 2. DO NOT reuse the same SSL handle for multiple connections, create a new one for subsequent connections, but you can and generally should reuse the SSL_CTX. -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Authentication over ECDHE
On 28/12/2018 10:22, Christian wrote: > Thank you for the suggestions thus far. I've been working on a simple SSL > client/server system in the last couple days. Unfortunately the SSL > documentation is a right mess, so I don't know what is allowed and what is > not, > which leads to some problems that I don't know exactly how to tackle on. > > First of all, I opted out for the cipher "ECDHE-PSK-AES128-CBC-SHA256". As > Matt > suggested, using PSKs does reduce a lot of complexity in this scenario - if > I've > been understanding him correctly, this cipher should give us forward secrecy > while still relying on a pre-shared key, which also authenticates both sides > to > each other. Yes, this is correct. > When I run my server, and then run my client, it receives the data > the server sends without any problems. > > However, things start to get messy once the keys mismatch, as would in any > attacker scenario. The client initiates the handshake, but on the server side > SSL_accept() returns -1, the client receives no data (as should). Then I start > the client *again*. On the server side SSL_accept() returns -1 again, but this > time the client blocks in SSL_read() (I haven't not implemented timeout > handling > yet, as this still all runs on my testing environments). It's almost as if > SSL_shutdown on the server side does not notify the client that the connection > is to be closed. Which version of OpenSSL is this? (I don't remember if you said this already). Note that SSL_shutdown is intended for orderly shutdown of a successful, active SSL/TLS connection. It is not supposed to be called if the connection has failed for some reason. If the server decides to abort the connection it should have already sent a fatal alert. >> LABEL_NEXT_CLIENT: >> fprintf(stderr,"SSL_shutdown\n"); >> SSL_shutdown(ssl); >> fprintf(stderr,"SSL_clear\n"); >> SSL_clear(ssl); Please check the return code of this SSL_clear function. It can fail, and if it does it means the SSL object has not been cleared properly, and that will cause all sorts of weird, difficult to debug failures later on. Matt -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] openssl 1.1.1 manuals
Great idea; https://github.com/openssl/web/issues/101 On 12/28/18, 12:39 AM, "Jakob Bohm via openssl-users" wrote: Consider at least including the one-line manpage summaries on the index pages (the ones displayed by the apropos command on POSIX systems). -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Build target architecture
After some searching and check, I've realized that openssl is not configured for different target architectures? I develop an application for Android using NDK(Native Development Kit). There is *Configurations/15-android.conf *inside openssl git repo, but could not be sure. Could someone advise for the right usage. There is also opensslconf.h, and I was thinking adding macros and use it. I use Ubuntu16 and Mac-HighSierra as development OS. Thanks -- BW, Taner -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Authentication over ECDHE
I should also add that printing the error stack doesn't yield much info other than "you dun goof'd": === First connection, client closes connection as excepted. === BIO_set_fd with 4|1 #Socket 4, BIO_CLOSE SSL_set_accept_state SSL_accept SSL_accept failed, SSL_get_error: 1 #SSL_ERROR_SSL 140059505588032:error:1408F119:SSL routines:ssl3_get_record:decryption failed or bad record mac:../ssl/record/ssl3_record.c:375: SSL_shutdown SSL_clear === Second connection, client suddenly blocks, has to be interrupted with CTRL + C. === BIO_set_fd with 5|1 #Socket 5, BIO_CLOSE SSL_set_accept_state SSL_accept SSL_accept failed, SSL_get_error: 1 #SSL_ERROR_SSL 140059505588032:error:140A4044:SSL routines:SSL_clear:internal error:../ssl/ssl_lib.c:559: SSL_shutdown SSL_clear === Third connection, client blocks again, has to be interrupted again. === BIO_set_fd with 4|1 #Socket 4, BIO_CLOSE SSL_set_accept_state SSL_accept SSL_accept failed, SSL_get_error: 1 #SSL_ERROR_SSL 140059505588032:error:140A4044:SSL routines:SSL_clear:internal error:../ssl/ssl_lib.c:559: SSL_shutdown SSL_clear The error messages are being generated by ERR_print_errors_fp(stderr); -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Authentication over ECDHE
Thank you for the suggestions thus far. I've been working on a simple SSL client/server system in the last couple days. Unfortunately the SSL documentation is a right mess, so I don't know what is allowed and what is not, which leads to some problems that I don't know exactly how to tackle on. First of all, I opted out for the cipher "ECDHE-PSK-AES128-CBC-SHA256". As Matt suggested, using PSKs does reduce a lot of complexity in this scenario - if I've been understanding him correctly, this cipher should give us forward secrecy while still relying on a pre-shared key, which also authenticates both sides to each other. When I run my server, and then run my client, it receives the data the server sends without any problems. However, things start to get messy once the keys mismatch, as would in any attacker scenario. The client initiates the handshake, but on the server side SSL_accept() returns -1, the client receives no data (as should). Then I start the client *again*. On the server side SSL_accept() returns -1 again, but this time the client blocks in SSL_read() (I haven't not implemented timeout handling yet, as this still all runs on my testing environments). It's almost as if SSL_shutdown on the server side does not notify the client that the connection is to be closed. For the BIO object on the server side I'm using a permanent BIO object which I just call BIO_set_fd() upon to set the socket I receive from accept(). The call chain looks like this: === First connection, client closes connection as excepted. === BIO_set_fd with 4|1 #Socket 4, BIO_CLOSE SSL_set_accept_state SSL_accept SSL_accept returned with -1 SSL_shutdown SSL_clear === Second connection, client suddenly blocks, has to be interrupted with CTRL + C. === BIO_set_fd with 5|1 #Socket 5, BIO_CLOSE SSL_set_accept_state SSL_accept SSL_accept returned with -1 SSL_shutdown SSL_clear === Third connection, client blocks again, has to be interrupted again. === BIO_set_fd with 4|1 SSL_set_accept_state SSL_accept SSL_accept returned with -1 SSL_shutdown SSL_clear What am I doing wrong on the server side? I assume it's the server; the client process ends right after the connection attempt, and it's the server that keeps running. And once I reset the server the first connection closes properly again. Am I supposed to use a new BIO object for each incoming connection? If so, that's pretty dumb. You usually want to have your accept() loop to be free of as much code as possible, and setting up everything in advance during server startup. The current server code for setting up the SSL object and using it looks like this: > if(NULL == (bio = BIO_new_socket(0,BIO_NOCLOSE))) /*Socket doesn't really matter, we're gonna reset this soon enough.*/ > { > goto LABEL_END_NO_BIO; > } > > if(NULL == (ssl = SSL_new(ssl_ctx))) > { > BIO_free(bio); > goto LABEL_END_NO_SSL; > } > > SSL_clear(ssl); > SSL_set_bio(ssl,bio,bio); > > tmp = 1; > setsockopt > ( > socket_server, > SOL_SOCKET, > SO_REUSEADDR, > , > sizeof(tmp) > ); > > if(-1 == bind > ( > socket_server, > (struct sockaddr*)_server, > sizeof(sin_server) > )) > { > fprintf(stderr,"Can't bind socket.\n"); > goto LABEL_END; > } > > if(-1 == listen(socket_server,1)) > goto LABEL_END; > > while(0 <= (socket_client = accept > ( > socket_server, > (struct sockaddr*)_client, > _client_length > ))) > { > fprintf(stderr,"BIO_set_fd with %u|%u\n",socket_client,BIO_CLOSE); > BIO_set_fd(bio,socket_client,BIO_CLOSE); > fprintf(stderr,"SSL_set_accept_state\n"); > SSL_set_accept_state(ssl); > fprintf(stderr,"SSL_accept\n"); > tmp = SSL_accept(ssl); > if(tmp != 1) > { > fprintf(stderr,"SSL_accept returned with %i\n",tmp); > goto LABEL_NEXT_CLIENT; > } > > fprintf(stderr,"SSL_write\n"); > SSL_write(ssl,"That is my string",sizeof("That is my string") - 1); > > LABEL_NEXT_CLIENT: > fprintf(stderr,"SSL_shutdown\n"); > SSL_shutdown(ssl); > fprintf(stderr,"SSL_clear\n"); > SSL_clear(ssl); > } > > /*Rest of cleanup, doesn't matter, this is hopefully never reached.*/ Thank you for your continued help. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users