Closed drwetter closed 9 years ago
Hi Dirk @drwetter, thanks for reporting this issue. I can reproduce the error (unfortunately). Connecting succeeds when using the -ssl3 flag, so I'm guessing that it's a fallback/downgrade issue. I will look into it, although this probably will take me a while (think in weeks, not days). Hopefully that's not going to be a problem for you...
Cheers,
Peter
Hi Peter,
thx! If I'll can spare a few cycles next week I'll look what changed in t1_enc.c . Maybe that gives us a clue. Thx for all your work!
Cheers, Dirk
I just checked an older build (95b3228) from November 23rd 2014, and it has the same issue. So it seems that the bug isn't introduced in this version. Do you know which version of the 1.0.2-chacha branch has NOT got this bug ? That would help in tracking this issue down...
Thanks!
Peter
It's also in the build before July (OpenSSL 1.0.2-chacha (beta2-dev)), see https://github.com/drwetter/testssl.sh/issues/38
No real understanding about the sources. but...
In your tree tree the code with the hiccup (t1_enc.c:652) is some kind of an addon against the vanilla tree -- fucntion "int tls1_change_cipher_state()". See attached the side-by-side-view (vim -d, left: vanilla 1.0.2 stable, right: yours).
Thanks for the diffs. I'm on it...
See above referenced commit (https://github.com/PeterMosmans/openssl/commit/005d8364d789d5a8eef0e6c3eb2af7b06b4116e6) where the issue is fixed. Please note that the TLS handling still isn't completely merged with the official 1.0.2 branch. I'll do this in a later stage
Thx! Looked good so far. :) Will do more tests on 64 bit.
Thx a lot, Peter.
Hi Peter,
I thought this is a better place maybe others can contribute/help resolving:
See "SSL routines:tls1_change_cipher_state:internal error" . The return value 1 is affecting testssl.sh (https://github.com/drwetter/testssl.sh) as I test the return value. That happens with all my Linux builds (Ubuntu 12.04 64/32 Bit and Opensuse).