[Bug 1612711] Re: TLS negation fails
Graham Leggett
minfrin at sharp.fm
Thu Nov 9 12:53:54 UTC 2017
More details.
The ClientHello packet in this case is larger than 255 bytes, and is
triggering the handshake failure in one of two ways.
When psql linked to openssl v1.0.1f attempts to connect to postgresql
linked to openssl v1.0.1f, the client side sends 8 bytes, then 1 byte,
then 305 bytes in my case:
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
11:51:45.113996 IP 172.29.231.43.40454 > 172.29.228.240.5432: Flags [S], seq 3580373978, win 26883, options [mss 8961,sackOK,TS val 12226525 ecr 0,nop,wscale 7], length 0
11:51:45.114035 IP 172.29.228.240.5432 > 172.29.231.43.40454: Flags [S.], seq 3310545722, ack 3580373979, win 26847, options [mss 8961,sackOK,TS val 12327573 ecr 12226525,nop,wscale 7], length 0
11:51:45.114243 IP 172.29.231.43.40454 > 172.29.228.240.5432: Flags [.], ack 1, win 211, options [nop,nop,TS val 12226525 ecr 12327573], length 0
11:51:45.114271 IP 172.29.231.43.40454 > 172.29.228.240.5432: Flags [P.], seq 1:9, ack 1, win 211, options [nop,nop,TS val 12226525 ecr 12327573], length 8
11:51:45.114277 IP 172.29.228.240.5432 > 172.29.231.43.40454: Flags [.], ack 9, win 210, options [nop,nop,TS val 12327573 ecr 12226525], length 0
11:51:45.114934 IP 172.29.228.240.5432 > 172.29.231.43.40454: Flags [P.], seq 1:2, ack 9, win 210, options [nop,nop,TS val 12327574 ecr 12226525], length 1
11:51:45.115132 IP 172.29.231.43.40454 > 172.29.228.240.5432: Flags [.], ack 2, win 211, options [nop,nop,TS val 12226525 ecr 12327574], length 0
11:51:45.117703 IP 172.29.231.43.40454 > 172.29.228.240.5432: Flags [P.], seq 9:314, ack 2, win 211, options [nop,nop,TS val 12226526 ecr 12327574], length 305
11:51:45.119459 IP 172.29.228.240.5432 > 172.29.231.43.40454: Flags [P.], seq 2:3941, ack 314, win 219, options [nop,nop,TS val 12327575 ecr 12226526], length 3939
11:51:45.120234 IP 172.29.231.43.40454 > 172.29.228.240.5432: Flags [P.], seq 314:321, ack 3941, win 350, options [nop,nop,TS val 12226526 ecr 12327575], length 7
11:51:45.120324 IP 172.29.231.43.40454 > 172.29.228.240.5432: Flags [R.], seq 321, ack 3941, win 350, options [nop,nop,TS val 12226526 ecr 12327575], length 0
The openssl v1.0.1f server side responds with a ServerHello, however the
client side rejects the ServerHello saying "unknown ca", even though
this same set of certificates works fine in Ubuntu Trusty.
In a second test, if I use openssl v1.0.2m compiled from source to
connect to the same server, the client side sends 308 bytes in one go:
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
11:53:02.032126 IP 172.29.228.7.54912 > 172.29.228.240.5432: Flags [S], seq 1471313029, win 26883, options [mss 8961,sackOK,TS val 645036074 ecr 0,nop,wscale 7], length 0
11:53:02.032165 IP 172.29.228.240.5432 > 172.29.228.7.54912: Flags [S.], seq 126514461, ack 1471313030, win 26847, options [mss 8961,sackOK,TS val 12346803 ecr 645036074,nop,wscale 7], length 0
11:53:02.032490 IP 172.29.228.7.54912 > 172.29.228.240.5432: Flags [.], ack 1, win 211, options [nop,nop,TS val 645036074 ecr 12346803], length 0
11:53:02.039507 IP 172.29.228.7.54912 > 172.29.228.240.5432: Flags [P.], seq 1:309, ack 1, win 211, options [nop,nop,TS val 645036076 ecr 12346803], length 308
11:53:02.039521 IP 172.29.228.240.5432 > 172.29.228.7.54912: Flags [.], ack 309, win 219, options [nop,nop,TS val 12346805 ecr 645036076], length 0
11:53:02.040625 IP 172.29.228.240.5432 > 172.29.228.7.54912: Flags [F.], seq 1, ack 309, win 219, options [nop,nop,TS val 12346805 ecr 645036076], length 0
11:53:02.041682 IP 172.29.228.7.54912 > 172.29.228.240.5432: Flags [.], ack 2, win 211, options [nop,nop,TS val 645036077 ecr 12346805], length 0
11:53:02.049476 IP 172.29.228.7.54912 > 172.29.228.240.5432: Flags [F.], seq 309, ack 2, win 211, options [nop,nop,TS val 645036078 ecr 12346805], length 0
11:53:02.049492 IP 172.29.228.240.5432 > 172.29.228.7.54912: Flags [.], ack 310, win 219, options [nop,nop,TS val 12346807 ecr 645036078], length 0
In this case the postgresql linked to openssl v1.0.1f immediately slams
the phone down after the initial ClientHello, leading to the "SSL
handshake has read 0 bytes" in the openssl client side.
It appears openssl v1.0.1f has a bug where ClientHello greater than 255
bytes causes the handshake to fail without accurately logging the cause.
In my case this is a regression from Ubuntu Trusty, where the identical
setup and certificates work fine.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1612711
Title:
TLS negation fails
Status in openssl package in Ubuntu:
Confirmed
Bug description:
This seems like a duplicate of #965371, however that is marked fixed,
so I don't know.
I'm running 16.04.1. I'm setting up OpenLDAP with TLS. I've followed
the instructions at https://help.ubuntu.com/lts/serverguide/openldap-
server.html#openldap-tls, and test with the command openssl s_client
-connect my.server.com:389 -showcerts and I get the error:
140668035487384:error:140790E5:SSL routines:ssl23_write:ssl handshake
failure:s23_lib.c:177
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1612711/+subscriptions
More information about the foundations-bugs
mailing list