Re: [openssl-users] DSA with OpenSSL-1.1
Well, since we will never go to 1.1, I guess we don't have to worry about it. From: openssl-users on behalf of Kurt Roeckx Sent: Saturday, July 2, 2016 5:53:20 AM To: openssl-users@openssl.org Subject: Re: [openssl-users] DSA with OpenSSL-1.1 On Fri, Jul 01, 2016 at 05:17:35PM +0100, Matt Caswell wrote: > > "ALL:!COMPLEMENTOFDEFAULT:!eNULL" Maybe we should use "-" instead of "!"? Kurt -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users [E-Banner]<http://www.mrv.com/products/os-v> MRV Communications is a global supplier of packet and optical solutions that power the world's largest networks. Our products combine innovative hardware with intelligent software to make networks smarter, faster and more efficient. The contents of this message, together with any attachments, are intended only for the use of the person(s) to whom they are addressed and may contain confidential and/or privileged information. If you are not the intended recipient, immediately advise the sender, delete this message and any attachments and note that any distribution, or copying of this message, or any attachment, is prohibited. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] DSA with OpenSSL-1.1
On Fri, Jul 01, 2016 at 05:17:35PM +0100, Matt Caswell wrote: > > "ALL:!COMPLEMENTOFDEFAULT:!eNULL" Maybe we should use "-" instead of "!"? Kurt -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] DSA with OpenSSL-1.1
On Fri, Jul 01, 2016 at 03:54:45PM +, Salz, Rich wrote: > > > In short: Removing support for DSA in OpenSSL would prevent some of our > > products from updating to 1.1.x for a significant length of time, probably > > years. > > We have no plans to do that. But we do change defaults, and it no longer works by default. Kurt -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] DSA with OpenSSL-1.1
On 01/07/16 16:57, pepone.onrez wrote: > On 1 July 2016 at 16:51, pepone.onrez wrote: >> On 1 July 2016 at 16:40, Matt Caswell wrote: >>> >>> >>> On 01/07/16 15:22, pepone.onrez wrote: On 1 July 2016 at 15:39, Matt Caswell wrote: > > > On 01/07/16 14:29, pepone.onrez wrote: >> Hi, >> >> After upgrade my software to use OpenSSL-1.1 one of the test is >> failing, the test in question client and server are configured to use >> DSA certificates. The server is configured to request a client >> certificate. >> >>SSL error occurred for new outgoing connection: >>remote address = 127.0.0.1:47812 >>error # = 336151568 >>message = error:14094410:SSL routines:ssl3_read_bytes:reason(1040) >>location = ssl/record/rec_layer_s3.c, 1467 >>data = SSL alert number 40 > > Is this the error you get on the server or the client? The above > indicates the connection was aborted because a HandshakeFailure alert > was received from the peer. Therefore you need to look at the other end > of the communication and see if there is some error message that > indicates why the alert was sent. > > Matt That was on the client, looking at the server I see it reports there is no shared cipher SSL error occurred for new incoming connection: remote address = 127.0.0.1:36951 error # = 337092801 message = error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher I have try to enable all ciphers with ALL:@SECLEVEL=0, but still get the same error, it is not clear why server client don't find a common cipher here. > > I was not correctly setting the ciphers, Adding DHE to my ciphers and things > work fine. > > With 1.0.0 I only have DEFAULT:DSS, I guess DHE is not longer in the DEFAULT > set There are DHE ciphersuites in the default set, but there are no DSS ciphersuites. "DEFAULT" is treated as a special case when processing a cipher string - and works completely differently to other keywords that you might use. Most keywords are aliases for a set of ciphersuites, so "DHE" is the set of all ciphersuites that use DHE; "DSS" is the set of all ciphersuites that use DSS; "AES" is the set of all ciphersuites that use AES and so on. "DEFAULT" on the other hand must appear first in a cipher string and is just shorthand for saying: "ALL:!COMPLEMENTOFDEFAULT:!eNULL" COMPLEMENTOFDEFAULT is the set of ciphersuites that we don't switch on by default (excluding eNULL based ciphersuites), and the "!" means permanently switch off. So in other words DEFAULT is shorthand for saying take ALL ciphersuites, and then permanently remove all of those in the COMPLEMENTOFDEFAULT set, and permanently remove all of those in the eNULL set. All DSS based ciphersuites are in COMPLEMENTOFDEFAULT. Therefore "DEFAULT:DSS" is permanently removing DSS (because its in COMPLEMENTOFDEFAULT), and then attempting to add it back in again (which it won't do because its been permanently removed). Matt -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] DSA with OpenSSL-1.1
On 1 July 2016 at 16:51, pepone.onrez wrote: > On 1 July 2016 at 16:40, Matt Caswell wrote: >> >> >> On 01/07/16 15:22, pepone.onrez wrote: >>> On 1 July 2016 at 15:39, Matt Caswell wrote: On 01/07/16 14:29, pepone.onrez wrote: > Hi, > > After upgrade my software to use OpenSSL-1.1 one of the test is > failing, the test in question client and server are configured to use > DSA certificates. The server is configured to request a client > certificate. > >SSL error occurred for new outgoing connection: >remote address = 127.0.0.1:47812 >error # = 336151568 >message = error:14094410:SSL routines:ssl3_read_bytes:reason(1040) >location = ssl/record/rec_layer_s3.c, 1467 >data = SSL alert number 40 Is this the error you get on the server or the client? The above indicates the connection was aborted because a HandshakeFailure alert was received from the peer. Therefore you need to look at the other end of the communication and see if there is some error message that indicates why the alert was sent. Matt >>> That was on the client, looking at the server I see it reports there >>> is no shared >>> cipher >>> >>>SSL error occurred for new incoming connection: >>>remote address = 127.0.0.1:36951 >>>error # = 337092801 >>>message = error:1417A0C1:SSL >>> routines:tls_post_process_client_hello:no shared cipher >>> >>> I have try to enable all ciphers with ALL:@SECLEVEL=0, but still get >>> the same error, >>> it is not clear why server client don't find a common cipher here. I was not correctly setting the ciphers, Adding DHE to my ciphers and things work fine. With 1.0.0 I only have DEFAULT:DSS, I guess DHE is not longer in the DEFAULT set >> >> Did you successfully load a DSA certificate and key into the server? If >> the server doesn't like the cert/key for some reason then it won't make >> any DSS ciphersuites available. >> > > Yes I using SSL_CTX_use_certificate and SSL_CTX_use_PrivateKey and > reading the pkcs12 cert with PKCS12_parse, that works fine with the rest > of my test suite. > >> Also, I see you are trying to use a DHE based ciphersuite. Did you set >> DH parameters to be used? If so how did you do it? >> > > I'm using a DH callback to set the DH parameters > > DH* > IceSSL_opensslDHCallback(SSL* ssl, int /*isExport*/, int keyLength) > { > # if OPENSSL_VERSION_NUMBER >= 0x1010L > SSL_CTX* ctx = SSL_get_SSL_CTX(ssl); > # else > SSL_CTX* ctx = ssl->ctx; > # endif > OpenSSLEngine* p = > reinterpret_cast(SSL_CTX_get_ex_data(ctx, 0)); > return p->dhParams(keyLength); > } > # endif > } > > SSL_CTX_set_options(_ctx, SSL_OP_SINGLE_DH_USE); > SSL_CTX_set_tmp_dh_callback(_ctx, IceSSL_opensslDHCallback); > > And for default parameters I'm using d2i_DHparams to restore the DH > parameters I previously > saved with i2d_DHparams > > >> Matt >> >> >>> >>> Regards, >>> José > > When using OpenSSL 1.0.1 the connection success > >cipher = DHE-DSS-AES256-GCM-SHA384 >bits = 256 >remote address = 127.0.0.1:43629 >protocol = TLSv1.2 > > > I try to set security level to 0 for 1.1 but that doesn't make any > difference here, any ideas what could be the issue? > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users >> -- >> openssl-users mailing list >> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] DSA with OpenSSL-1.1
> In short: Removing support for DSA in OpenSSL would prevent some of our > products from updating to 1.1.x for a significant length of time, probably > years. We have no plans to do that. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] DSA with OpenSSL-1.1
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf > Of Hanno Böck > Sent: Friday, July 01, 2016 08:40 > To: openssl-users@openssl.org > Subject: Re: [openssl-users] DSA with OpenSSL-1.1 > > I can't answer your question, but I have one to you: Why do you use DSA? > > There was a discussion in the TLS working group a while ago about DSA > support and there was overwhelming support to remove it in TLS 1.3. > The rationale was basically that DSA in TLS is rarely used at all, is > often used with insecure key sizes (1024 bit) and has a severe weakness > when it comes to bad random numbers. On top of that it has basically no > advantage over the much more widely used RSA. The original reason > (in the early 90s) to use DSA over RSA were patent issues, but those are > long expired. > > So my (and I think most others) impression is that DSA in TLS is as > dead as it can be and probably the most sane move for OpenSSL would be > to just remove it. Given that I'd like to know why you seem to have > chosen to still use DSA. We have US Federal customers who require DSA. They have existing DSA certificates, their certificate process generates DSA certificates, and they're not showing any inclination to change, regardless of what crypto experts think. Of course, this being the US Federal Government, it's entirely possible that tomorrow someone will issue a directive forbidding further use of DSA. But then it's also very likely that any such directive would be delayed for years. The wheels of US government cryptography grind slowly. In short: Removing support for DSA in OpenSSL would prevent some of our products from updating to 1.1.x for a significant length of time, probably years. -- Michael Wojcik Technology Specialist, Micro Focus -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] DSA with OpenSSL-1.1
On 1 July 2016 at 16:40, Hanno Böck wrote: > Hi, > > On Fri, 1 Jul 2016 15:29:53 +0200 > "pepone.onrez" wrote: > >> After upgrade my software to use OpenSSL-1.1 one of the test is >> failing, the test in question client and server are configured to use >> DSA certificates. The server is configured to request a client >> certificate. > > I can't answer your question, but I have one to you: Why do you use DSA? > > There was a discussion in the TLS working group a while ago about DSA > support and there was overwhelming support to remove it in TLS 1.3. > The rationale was basically that DSA in TLS is rarely used at all, is > often used with insecure key sizes (1024 bit) and has a severe weakness > when it comes to bad random numbers. On top of that it has basically no > advantage over the much more widely used RSA. The original reason > (in the early 90s) to use DSA over RSA were patent issues, but those are > long expired. > > So my (and I think most others) impression is that DSA in TLS is as > dead as it can be and probably the most sane move for OpenSSL would be > to just remove it. Given that I'd like to know why you seem to have > chosen to still use DSA. That is part of a large test suite for a library, just trying to ensure that everithg still works with OpenSSL 1.1.0 > > -- > Hanno Böck > https://hboeck.de/ > > mail/jabber: ha...@hboeck.de > GPG: BBB51E42 > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] DSA with OpenSSL-1.1
On 1 July 2016 at 16:40, Matt Caswell wrote: > > > On 01/07/16 15:22, pepone.onrez wrote: >> On 1 July 2016 at 15:39, Matt Caswell wrote: >>> >>> >>> On 01/07/16 14:29, pepone.onrez wrote: Hi, After upgrade my software to use OpenSSL-1.1 one of the test is failing, the test in question client and server are configured to use DSA certificates. The server is configured to request a client certificate. SSL error occurred for new outgoing connection: remote address = 127.0.0.1:47812 error # = 336151568 message = error:14094410:SSL routines:ssl3_read_bytes:reason(1040) location = ssl/record/rec_layer_s3.c, 1467 data = SSL alert number 40 >>> >>> Is this the error you get on the server or the client? The above >>> indicates the connection was aborted because a HandshakeFailure alert >>> was received from the peer. Therefore you need to look at the other end >>> of the communication and see if there is some error message that >>> indicates why the alert was sent. >>> >>> Matt >> That was on the client, looking at the server I see it reports there >> is no shared >> cipher >> >>SSL error occurred for new incoming connection: >>remote address = 127.0.0.1:36951 >>error # = 337092801 >>message = error:1417A0C1:SSL >> routines:tls_post_process_client_hello:no shared cipher >> >> I have try to enable all ciphers with ALL:@SECLEVEL=0, but still get >> the same error, >> it is not clear why server client don't find a common cipher here. > > Did you successfully load a DSA certificate and key into the server? If > the server doesn't like the cert/key for some reason then it won't make > any DSS ciphersuites available. > Yes I using SSL_CTX_use_certificate and SSL_CTX_use_PrivateKey and reading the pkcs12 cert with PKCS12_parse, that works fine with the rest of my test suite. > Also, I see you are trying to use a DHE based ciphersuite. Did you set > DH parameters to be used? If so how did you do it? > I'm using a DH callback to set the DH parameters DH* IceSSL_opensslDHCallback(SSL* ssl, int /*isExport*/, int keyLength) { # if OPENSSL_VERSION_NUMBER >= 0x1010L SSL_CTX* ctx = SSL_get_SSL_CTX(ssl); # else SSL_CTX* ctx = ssl->ctx; # endif OpenSSLEngine* p = reinterpret_cast(SSL_CTX_get_ex_data(ctx, 0)); return p->dhParams(keyLength); } # endif } SSL_CTX_set_options(_ctx, SSL_OP_SINGLE_DH_USE); SSL_CTX_set_tmp_dh_callback(_ctx, IceSSL_opensslDHCallback); And for default parameters I'm using d2i_DHparams to restore the DH parameters I previously saved with i2d_DHparams > Matt > > >> >> Regards, >> José >>> >>> >>> >>> When using OpenSSL 1.0.1 the connection success cipher = DHE-DSS-AES256-GCM-SHA384 bits = 256 remote address = 127.0.0.1:43629 protocol = TLSv1.2 I try to set security level to 0 for 1.1 but that doesn't make any difference here, any ideas what could be the issue? >>> -- >>> openssl-users mailing list >>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] DSA with OpenSSL-1.1
Hi, On Fri, 1 Jul 2016 15:29:53 +0200 "pepone.onrez" wrote: > After upgrade my software to use OpenSSL-1.1 one of the test is > failing, the test in question client and server are configured to use > DSA certificates. The server is configured to request a client > certificate. I can't answer your question, but I have one to you: Why do you use DSA? There was a discussion in the TLS working group a while ago about DSA support and there was overwhelming support to remove it in TLS 1.3. The rationale was basically that DSA in TLS is rarely used at all, is often used with insecure key sizes (1024 bit) and has a severe weakness when it comes to bad random numbers. On top of that it has basically no advantage over the much more widely used RSA. The original reason (in the early 90s) to use DSA over RSA were patent issues, but those are long expired. So my (and I think most others) impression is that DSA in TLS is as dead as it can be and probably the most sane move for OpenSSL would be to just remove it. Given that I'd like to know why you seem to have chosen to still use DSA. -- Hanno Böck https://hboeck.de/ mail/jabber: ha...@hboeck.de GPG: BBB51E42 pgppWLrwbnI5W.pgp Description: OpenPGP digital signature -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] DSA with OpenSSL-1.1
On 01/07/16 15:22, pepone.onrez wrote: > On 1 July 2016 at 15:39, Matt Caswell wrote: >> >> >> On 01/07/16 14:29, pepone.onrez wrote: >>> Hi, >>> >>> After upgrade my software to use OpenSSL-1.1 one of the test is >>> failing, the test in question client and server are configured to use >>> DSA certificates. The server is configured to request a client >>> certificate. >>> >>>SSL error occurred for new outgoing connection: >>>remote address = 127.0.0.1:47812 >>>error # = 336151568 >>>message = error:14094410:SSL routines:ssl3_read_bytes:reason(1040) >>>location = ssl/record/rec_layer_s3.c, 1467 >>>data = SSL alert number 40 >> >> Is this the error you get on the server or the client? The above >> indicates the connection was aborted because a HandshakeFailure alert >> was received from the peer. Therefore you need to look at the other end >> of the communication and see if there is some error message that >> indicates why the alert was sent. >> >> Matt > That was on the client, looking at the server I see it reports there > is no shared > cipher > >SSL error occurred for new incoming connection: >remote address = 127.0.0.1:36951 >error # = 337092801 >message = error:1417A0C1:SSL > routines:tls_post_process_client_hello:no shared cipher > > I have try to enable all ciphers with ALL:@SECLEVEL=0, but still get > the same error, > it is not clear why server client don't find a common cipher here. Did you successfully load a DSA certificate and key into the server? If the server doesn't like the cert/key for some reason then it won't make any DSS ciphersuites available. Also, I see you are trying to use a DHE based ciphersuite. Did you set DH parameters to be used? If so how did you do it? Matt > > Regards, > José >> >> >> >> >>> >>> When using OpenSSL 1.0.1 the connection success >>> >>>cipher = DHE-DSS-AES256-GCM-SHA384 >>>bits = 256 >>>remote address = 127.0.0.1:43629 >>>protocol = TLSv1.2 >>> >>> >>> I try to set security level to 0 for 1.1 but that doesn't make any >>> difference here, any ideas what could be the issue? >>> >> -- >> openssl-users mailing list >> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] DSA with OpenSSL-1.1
On 1 July 2016 at 15:39, Matt Caswell wrote: > > > On 01/07/16 14:29, pepone.onrez wrote: >> Hi, >> >> After upgrade my software to use OpenSSL-1.1 one of the test is >> failing, the test in question client and server are configured to use >> DSA certificates. The server is configured to request a client >> certificate. >> >>SSL error occurred for new outgoing connection: >>remote address = 127.0.0.1:47812 >>error # = 336151568 >>message = error:14094410:SSL routines:ssl3_read_bytes:reason(1040) >>location = ssl/record/rec_layer_s3.c, 1467 >>data = SSL alert number 40 > > Is this the error you get on the server or the client? The above > indicates the connection was aborted because a HandshakeFailure alert > was received from the peer. Therefore you need to look at the other end > of the communication and see if there is some error message that > indicates why the alert was sent. > > Matt That was on the client, looking at the server I see it reports there is no shared cipher SSL error occurred for new incoming connection: remote address = 127.0.0.1:36951 error # = 337092801 message = error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher I have try to enable all ciphers with ALL:@SECLEVEL=0, but still get the same error, it is not clear why server client don't find a common cipher here. Regards, José > > > > >> >> When using OpenSSL 1.0.1 the connection success >> >>cipher = DHE-DSS-AES256-GCM-SHA384 >>bits = 256 >>remote address = 127.0.0.1:43629 >>protocol = TLSv1.2 >> >> >> I try to set security level to 0 for 1.1 but that doesn't make any >> difference here, any ideas what could be the issue? >> > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] DSA with OpenSSL-1.1
On 01/07/16 14:29, pepone.onrez wrote: > Hi, > > After upgrade my software to use OpenSSL-1.1 one of the test is > failing, the test in question client and server are configured to use > DSA certificates. The server is configured to request a client > certificate. > >SSL error occurred for new outgoing connection: >remote address = 127.0.0.1:47812 >error # = 336151568 >message = error:14094410:SSL routines:ssl3_read_bytes:reason(1040) >location = ssl/record/rec_layer_s3.c, 1467 >data = SSL alert number 40 Is this the error you get on the server or the client? The above indicates the connection was aborted because a HandshakeFailure alert was received from the peer. Therefore you need to look at the other end of the communication and see if there is some error message that indicates why the alert was sent. Matt > > When using OpenSSL 1.0.1 the connection success > >cipher = DHE-DSS-AES256-GCM-SHA384 >bits = 256 >remote address = 127.0.0.1:43629 >protocol = TLSv1.2 > > > I try to set security level to 0 for 1.1 but that doesn't make any > difference here, any ideas what could be the issue? > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] DSA with OpenSSL-1.1
Hi, After upgrade my software to use OpenSSL-1.1 one of the test is failing, the test in question client and server are configured to use DSA certificates. The server is configured to request a client certificate. SSL error occurred for new outgoing connection: remote address = 127.0.0.1:47812 error # = 336151568 message = error:14094410:SSL routines:ssl3_read_bytes:reason(1040) location = ssl/record/rec_layer_s3.c, 1467 data = SSL alert number 40 When using OpenSSL 1.0.1 the connection success cipher = DHE-DSS-AES256-GCM-SHA384 bits = 256 remote address = 127.0.0.1:43629 protocol = TLSv1.2 I try to set security level to 0 for 1.1 but that doesn't make any difference here, any ideas what could be the issue? -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users