[Bug 795355] Re: Intermittent SSL connection faults

James M. Leddy 795355 at bugs.launchpad.net
Wed Jan 18 17:01:19 UTC 2012 

Okay, hexr is acting up again. Here is some verbose gnutls-client output
:

$ gnutls-cli -d 5 hexr.canonical.com
Resolving 'hexr.canonical.com'...
Connecting to '91.189.89.67:443'...
|<3>| HSK[0x10e1b30]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA256
|<3>| HSK[0x10e1b30]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA1
|<3>| HSK[0x10e1b30]: Keeping ciphersuite: DHE_RSA_CAMELLIA_128_CBC_SHA1
|<3>| HSK[0x10e1b30]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA256
|<3>| HSK[0x10e1b30]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA1
|<3>| HSK[0x10e1b30]: Keeping ciphersuite: DHE_RSA_CAMELLIA_256_CBC_SHA1
|<3>| HSK[0x10e1b30]: Keeping ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[0x10e1b30]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA256
|<3>| HSK[0x10e1b30]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA1
|<3>| HSK[0x10e1b30]: Keeping ciphersuite: DHE_DSS_CAMELLIA_128_CBC_SHA1
|<3>| HSK[0x10e1b30]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA256
|<3>| HSK[0x10e1b30]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA1
|<3>| HSK[0x10e1b30]: Keeping ciphersuite: DHE_DSS_CAMELLIA_256_CBC_SHA1
|<3>| HSK[0x10e1b30]: Keeping ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1
|<3>| HSK[0x10e1b30]: Keeping ciphersuite: DHE_DSS_ARCFOUR_SHA1
|<3>| HSK[0x10e1b30]: Keeping ciphersuite: DHE_PSK_SHA_AES_128_CBC_SHA1
|<3>| HSK[0x10e1b30]: Keeping ciphersuite: DHE_PSK_SHA_AES_256_CBC_SHA1
|<3>| HSK[0x10e1b30]: Keeping ciphersuite: DHE_PSK_SHA_3DES_EDE_CBC_SHA1
|<3>| HSK[0x10e1b30]: Keeping ciphersuite: DHE_PSK_SHA_ARCFOUR_SHA1
|<3>| HSK[0x10e1b30]: Removing ciphersuite: SRP_SHA_RSA_AES_128_CBC_SHA1
|<3>| HSK[0x10e1b30]: Removing ciphersuite: SRP_SHA_RSA_AES_256_CBC_SHA1
|<3>| HSK[0x10e1b30]: Removing ciphersuite: SRP_SHA_RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[0x10e1b30]: Removing ciphersuite: SRP_SHA_DSS_AES_128_CBC_SHA1
|<3>| HSK[0x10e1b30]: Removing ciphersuite: SRP_SHA_DSS_AES_256_CBC_SHA1
|<3>| HSK[0x10e1b30]: Removing ciphersuite: SRP_SHA_DSS_3DES_EDE_CBC_SHA1
|<3>| HSK[0x10e1b30]: Keeping ciphersuite: RSA_AES_128_CBC_SHA256
|<3>| HSK[0x10e1b30]: Keeping ciphersuite: RSA_AES_128_CBC_SHA1
|<3>| HSK[0x10e1b30]: Keeping ciphersuite: RSA_CAMELLIA_128_CBC_SHA1
|<3>| HSK[0x10e1b30]: Keeping ciphersuite: RSA_AES_256_CBC_SHA256
|<3>| HSK[0x10e1b30]: Keeping ciphersuite: RSA_AES_256_CBC_SHA1
|<3>| HSK[0x10e1b30]: Keeping ciphersuite: RSA_CAMELLIA_256_CBC_SHA1
|<3>| HSK[0x10e1b30]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[0x10e1b30]: Keeping ciphersuite: RSA_ARCFOUR_SHA1
|<3>| HSK[0x10e1b30]: Keeping ciphersuite: RSA_ARCFOUR_MD5
|<3>| HSK[0x10e1b30]: Keeping ciphersuite: PSK_SHA_AES_128_CBC_SHA1
|<3>| HSK[0x10e1b30]: Keeping ciphersuite: PSK_SHA_AES_256_CBC_SHA1
|<3>| HSK[0x10e1b30]: Keeping ciphersuite: PSK_SHA_3DES_EDE_CBC_SHA1
|<3>| HSK[0x10e1b30]: Keeping ciphersuite: PSK_SHA_ARCFOUR_SHA1
|<3>| HSK[0x10e1b30]: Removing ciphersuite: SRP_SHA_AES_128_CBC_SHA1
|<3>| HSK[0x10e1b30]: Removing ciphersuite: SRP_SHA_AES_256_CBC_SHA1
|<3>| HSK[0x10e1b30]: Removing ciphersuite: SRP_SHA_3DES_EDE_CBC_SHA1
|<2>| EXT[0x10e1b30]: Sending extension CERT_TYPE
|<2>| EXT[0x10e1b30]: Sending extension SERVER_NAME
|<2>| EXT[0x10e1b30]: Sending extension SAFE_RENEGOTIATION
|<2>| EXT[0x10e1b30]: Sending extension SESSION_TICKET
|<2>| EXT[0x10e1b30]: Sending extension SIGNATURE_ALGORITHMS
|<3>| HSK[0x10e1b30]: CLIENT HELLO was sent [168 bytes]
|<4>| REC[0x10e1b30]: Sending Packet[0] Handshake(22) with length: 168
|<4>| REC[0x10e1b30]: Sent Packet[1] Handshake(22) with length: 173
|<4>| REC[0x10e1b30]: Expected Packet[0] Handshake(22) with length: 1
|<4>| REC[0x10e1b30]: Received Packet[0] Handshake(22) with length: 57
|<4>| REC[0x10e1b30]: Decrypted Packet[0] Handshake(22) with length: 57
|<3>| HSK[0x10e1b30]: SERVER HELLO was received [57 bytes]
|<3>| HSK[0x10e1b30]: Server's version: 3.1
|<3>| HSK[0x10e1b30]: SessionID length: 0
|<3>| HSK[0x10e1b30]: SessionID: 
|<3>| HSK[0x10e1b30]: Selected cipher suite: DHE_RSA_AES_128_CBC_SHA1
|<2>| EXT[0x10e1b30]: Found extension 'SERVER_NAME/0'
|<2>| EXT[0x10e1b30]: Found extension 'SAFE_RENEGOTIATION/65281'
|<2>| EXT[0x10e1b30]: Found extension 'SESSION_TICKET/35'
|<3>| HSK[0x10e1b30]: Safe renegotiation succeeded
|<4>| REC[0x10e1b30]: Expected Packet[1] Handshake(22) with length: 1
|<4>| REC[0x10e1b30]: Received Packet[1] Handshake(22) with length: 4688
|<4>| REC[0x10e1b30]: Decrypted Packet[1] Handshake(22) with length: 4688
|<3>| HSK[0x10e1b30]: CERTIFICATE was received [4688 bytes]
|<4>| REC[0x10e1b30]: Expected Packet[2] Handshake(22) with length: 1
|<4>| REC[0x10e1b30]: Received Packet[2] Handshake(22) with length: 525
|<4>| REC[0x10e1b30]: Decrypted Packet[2] Handshake(22) with length: 525
|<3>| HSK[0x10e1b30]: SERVER KEY EXCHANGE was received [525 bytes]
|<2>| ASSERT: gnutls_pk.c:266
|<2>| ASSERT: gnutls_pk.c:336
|<2>| ASSERT: gnutls_sig.c:354
|<2>| ASSERT: gnutls_sig.c:475
|<2>| ASSERT: auth_dhe.c:272
|<2>| ASSERT: gnutls_kx.c:423
|<2>| ASSERT: gnutls_handshake.c:2811
*** Fatal error: Decryption has failed.
|<4>| REC: Sending Alert[2|20] - Bad record MAC
|<4>| REC[0x10e1b30]: Sending Packet[1] Alert(21) with length: 2
|<4>| REC[0x10e1b30]: Sent Packet[2] Alert(21) with length: 7
*** Handshake has failed
GnuTLS error: Decryption has failed.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/795355

Title:
  Intermittent SSL connection faults

Status in OEM Priority Project:
  Confirmed
Status in OEM Priority Project lucid series:
  New
Status in “apache” package in Ubuntu:
  Confirmed
Status in “openssl” package in Ubuntu:
  Confirmed

Bug description:
  Binary package hint: openssl

  Reported intermittent SSL connection issue on some apache mod_ssl
  vhosts.

  Platform:  Ubuntu 10.04.2 LTS
  Tested: Apache2-2.2.14-5ubuntu8.4 and backported 2.2.17-1ubuntu1 from Natty

  Firefox client will intermittently report:
  Secure Connection Failed
  An error occurred during a connection to oem-ibs.canonical.com.
  Peer's certificate has an invalid signature.
  (Error code: sec_error_bad_signature)

  Condition will clear on reload.

  Occassionally the server will alternately serve a good page followed
  by an SSL error until Apache is restarted. I am unable to reproduce
  the condition on demand, but have output from when the fault occurs.
  When the fault condition occurs it can be reproduced with any SSL
  client.

  The fault presents on multiple distinct servers.

  Initially suspected to be a bug with mod_ssl
  https://issues.apache.org/bugzilla/show_bug.cgi?id=46952, backport has
  eliminated this as has anecdotal reports of this same error presented
  from Dovecot.

  Tested with SSL certs from different CAs.

  Example:

  $ openssl s_client -connect oem-ibs.canonical.com:443
  CONNECTED(00000003)
  depth=2 /C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA
  verify error:num=20:unable to get local issuer certificate
  verify return:0
  14563:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01:rsa_pk1.c:100:
  14563:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay.c:697:
  14563:error:1408D07B:SSL routines:SSL3_GET_KEY_EXCHANGE:bad signature:s3_clnt.c:1449:

To manage notifications about this bug go to:
https://bugs.launchpad.net/oem-priority/+bug/795355/+subscriptions

More information about the foundations-bugs mailing list