Closed drwetter closed 9 years ago
drwetter
commented
9 years ago Update: here's another IIS6 which has the same problem with the difference that openssl provided doesn't work either: mercernet.fr
But still I am wondering about the difference above
PeterMosmans
commented
9 years ago Hi @drwetter , Question: which build (commit) of 1.0.2-chacha do you use ? This was an issue quite some commits (and time) ago. If I check I get the correct result:
echo Q| openssl s_client -connect rechnung.dsl .o2online.de:443 -servername rechnung.dsl.o2online.de && echo $? CONNECTED(00000003) depth=2 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 200 6 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 3 Public Primar y Certification Authority - G5 verify error:num=20:unable to get local issuer certificate verify return:0
[snip] New, TLSv1/SSLv3, Cipher is RC4-MD5 Server public key is 2048 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : RC4-MD5 Session-ID: EF1D000085FBD2A41F1361307D2A5E616BD59C1338AE7F9D00D9BDD5B49894F8 Session-ID-ctx: Master-Key: 0114FDC02A3A779947866E549ADB0E944B534806AB90F19E89A1B4716E1CDFA67941FEBD33BCBE46DBBDEE5AEC2EB545 Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1430975831 Timeout : 300 (sec)
DONE 0
Cheers,
Peter
drwetter
commented
9 years ago Hi Peter,
Am 7. Mai 2015 07:18:13 MESZ, schrieb Peter Mosmans notifications@github.com:
Hi @drwetter , Question: which build (commit) of 1.0.2-chacha do you use ? This was an issue quite some commits (and time) ago. If I check I get the correct result:
echo Q| openssl s_client -connect rechnung.dsl .o2online.de:443 -servername rechnung.dsl.o2online.de && echo $? CONNECTED(00000003) depth=2 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 200 6 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 3 Public Primar y Certification Authority - G5 verify error:num=20:unable to get local issuer certificate verify return:0
[snip] New, TLSv1/SSLv3, Cipher is RC4-MD5 Server public key is 2048 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : RC4-MD5 Session-ID: EF1D000085FBD2A41F1361307D2A5E616BD59C1338AE7F9D00D9BDD5B49894F8 Session-ID-ctx: Master-Key: 0114FDC02A3A779947866E549ADB0E944B534806AB90F19E89A1B4716E1CDFA67941FEBD33BCBE46DBBDEE5AEC2EB545 Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1430975831 Timeout : 300 (sec)
Verify return code: 20 (unable to get local issuer certificate)
DONE 0
Oh, ok! Sorry I missed that. Need to make new binaries then. Thx!
How is the other IIS6 server doing with your release?
The stupid thing is that testssl.sh needs a lot of workarounds -- only for broken IIS6/SChannel.
Cheers, Dirk
PeterMosmans
commented
9 years ago Dirk,
This seems like an issue with the server. My guess is a Cisco ASA SSL offloader of some kind.
openssl version -a
OpenSSL 1.0.1e 11 Feb 2013
built on: Thu Mar 19 18:31:36 UTC 2015
platform: debian-amd64
options: bn(64,64) rc4(16x,int) des(idx,cisc,16,int) blowfish(idx)
compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -Wl,-z,relro -Wa,--noexecstack -Wall -DMD32_REG_T=int -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
OPENSSLDIR: "/usr/lib/ssl"
echo Q| openssl s_client -connect mercernet.fr:443 -servername mercernet.fr ; echo $?
CONNECTED(00000003)
140413874202280:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 319 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
1And with openssl-1.0.2-chacha:
OpenSSL 1.0.2-chacha (1.0.2b-dev)
built on: reproducible build, date unspecified
platform: linux-x86_64
options: bn(64,64) md2(int) rc4(16x,int) des(idx,cisc,16,int) idea(int) blowfish(idx)
compiler: gcc -I. -I.. -I../include -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -static-libgcc -m64 -DL_ENDIAN -O3 -Wall -DOPENSSL_EXPERIMENTAL_JPAKE -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
OPENSSLDIR: "/usr/lib/ssl"
echo Q| ./openssl s_client -connect mercernet.fr:443 -servername mercernet.fr ; echo $?
CONNECTED(00000003)
140399680612008:error:140790E5:SSL routines:ssl23_write:ssl handshake failure:s23_lib.c:177:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 421 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
---
1
Ha! Same line number! :)
drwetter
commented
9 years ago :)
The guess with the ASA I'll like to research later (shodan). It would save me the workarounds -- did already some last night.
PeterMosmans
commented
9 years ago It's more of a non-friendly way of the openssl binary to tell you that the handshake failed, as in: I think that an application should be able to handle this. You can always 2>/dev/null and check the result value ($?)
"Handy" (cough) oneliner to test multiple openssl binaries and sites:
bins="/usr/bin/openssl /var/git/openssl/apps/openssl"; fqdns="rechnung.dsl.o2online.de mercernet.fr"
for os in $osbins; do for fqdn in $fqdns; do $os version; echo Q| $os s_client -connect $fqdn:443 -servername $fqdn ;echo $? ; done; doneHi Peter,
Am 05/07/2015 um 11:44 AM schrieb Peter Mosmans:
It's more of a non-friendly way of the openssl binary to tell you that the handshake failed, as in: I think that an application should be able to handle this. You can always 2>/dev/null and check the result value ($?)
"Handy" (cough) oneliner to test multiple openssl binaries and sites:
bins="/usr/bin/openssl /var/git/openssl/apps/openssl"; fqdns="rechnung.dsl.o2online.de mercernet.fr" for os in $osbins; do for fqdn in $fqdns; do $os version; echo Q $os s_client -connect $fqdn:443 -servername $fqdn ;echo $? ; done; done
nah, it's not that easy.
1) s_client -connect mercernet.fr seems to not work at all without specifying a protocol, independent of the binary. Not sure yet whether it should be treated like "exception, don't care"
2) two binaries is a mess to recode and also I am afraid on side effects. I have currently over 100 instances in testssl.sh where $OPENSSL is being used. Not KISS.
3) I am relying in numerous places that s_client -connect always succeeds. I put last night some logic in there (patch is not public yet) for freaking old farts (like IIS6 which normally belong on the junk yard). The logic tests whether it needs a protocol for a successful connect. If so, it does call some other instances of OPENSSL with an additional parameter. If not, it is supposed not to supply a protocol. This already is a bit shaky, as for the dying species of IIS6 it is a big workaround which needs to be tested thoroughly so that on EVERY CIRCUMSTANCES it doesn't break the majority of other servers. Not KISS either...
Plan is to update the binaries to the recent ones and then see (previous was 0611a8416a2dfd04dc343e0d3754ff6e89bdccb3 from Sat Mar 28)
Cheers, Dirk
drwetter
commented
9 years ago HI Peter,
compiled new binaries but it's still the same:
First the one from the system:
prompt% echo Q| /usr/bin/openssl s_client -connect rechnung.dsl.o2online.de:443 -servername rechnung.dsl.o2online.de &>/dev/null ; echo $?
0
prompt% openssl64-1.0.2pm-static.chacha+poly version -a
OpenSSL 1.0.2-chacha (1.0.2b-dev)
built on: reproducible build, date unspecified
platform: linux-x86_64
options: bn(64,64) md2(int) rc4(16x,int) des(idx,cisc,16,int) idea(int) blowfish(idx)
compiler: gcc -I. -I.. -I../include -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -static -Wa,--noexecstack -m64 -DL_ENDIAN -O3 -Wall -DOPENSSL_EXPERIMENTAL_JPAKE -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
OPENSSLDIR: "/etc/ssl"System:
prompt% echo Q| openssl64-1.0.2pm-static.chacha+poly s_client -connect rechnung.dsl.o2online.de:443 -servername rechnung.dsl.o2online.de &>/dev/null ; echo $?
1
prompt% /usr/bin/openssl version -a
OpenSSL 1.0.1k 8 Jan 2015
built on: Thu Mar 19 15:25:09 2015
platform: linux-x86_64
options: bn(64,64) rc4(16x,int) des(idx,cisc,16,int) blowfish(idx)
compiler: -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -O3 -Wall -fmessage-length=0 -grecord-gcc-switches -fstack-protector -O2 -Wall -D_FORTIFY_SOURCE=2 -funwind-tables -fasynchronous-unwind-tables -g -std=gnu99 -Wa,--noexecstack -fomit-frame-pointer -DTERMIO -DPURIFY -DSSL_FORBID_ENULL -D_GNU_SOURCE -Wall -fstack-protector -Wa,--noexecstack -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
OPENSSLDIR: "/etc/ssl"Any clues?
Cheers, Dirk
PeterMosmans
commented
9 years ago Hi Dirk, Have you checked the output of a vanilla 1.0.2 build versus 1.0.1, to make sure it's not version (1.0.1 versus 1.0.2) related ? If not, please let me know, then I'll do this myself.
Cheers,
Peter
drwetter
commented
9 years ago Hi Peter,
thx, I have a script which configures and provides in the end a tested binary.
Here's the result:
me@myhost:~/openssl echo Q| openssl-1.0.1m/apps/openssl s_client -connect rechnung.dsl.o2online.de:443 -servername rechnung.dsl.o2online.de &>/dev/null ; echo $?
0
me@myhost:~/openssl echo Q| openssl-1.0.2/apps/openssl s_client -connect rechnung.dsl.o2online.de:443 -servername rechnung.dsl.o2online.de &>/dev/null ; echo $?
1
me@myhost:~/openssl F.. :-/ I guess you were right. ;-) How come that this changed?
Cheers, Dirk
PeterMosmans
commented
9 years ago I'm glad that the 1.0.2-chacha code shows the same result as the vanilla build :) It could be a number of reasons, eg. the increase in ciphers. In the next week or so I will be doing some tests with my test_ssl_handshake script, to see if I can find the culprit. However, I'm going to close this issue if you don't mind, as it is not 1.0.2-chacha related.
drwetter
commented
9 years ago Sure. Still I am scratching my head because of this change, any clues?
Hi Peter,
a problem which bites my testssl.sh (first example is openssl from a Linux distro, second yours:
now the one from you:
For some reason it fails here. Providing -tls1 would work.
That seems a showstopper for the next release of testssl.sh ;-/
Cheer, Dirk