Error from src bufferevent

[luzik]

I found such error

Error from src bufferevent: 0:- 337092801:193:no shared cipher:20:SSL routines:378:tls_post_process_client_hello
Additional SSL error: 1:1:(null):0:(null):0:(null)

Is this a bug ? or I just not configured something right?

Full log

sudo sslsplit -D -k ca.key -c ca.crt -l connect.log -S ./ https 0.0.0.0 10443

SSLsplit 0.5.5 (built 2020-11-16)
Copyright (c) 2009-2019, Daniel Roethlisberger <daniel@roe.ch>
https://www.roe.ch/SSLsplit
Build info: OSX:11.0.1 XNU:4903.241.1:fallback:7195.50.7 V:DIR N:83c4edf
Features: -DHAVE_PF
NAT engines: pf*
Local process info support: no
compiled against OpenSSL 1.1.1h  22 Sep 2020 (1010108f)
rtlinked against OpenSSL 1.1.1j  16 Feb 2021 (101010af)
OpenSSL has support for TLS extensions
TLS Server Name Indication (SNI) supported
OpenSSL is thread-safe with THREADID
OpenSSL has engine support
Using SSL_MODE_RELEASE_BUFFERS
SSL/TLS protocol availability: tls10 tls11 tls12
SSL/TLS algorithm availability: !SHA0 RSA DSA ECDSA DH ECDH EC
OpenSSL option availability: SSL_OP_NO_COMPRESSION SSL_OP_NO_TICKET SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION SSL_OP_TLS_ROLLBACK_BUG
compiled against libevent 2.1.12-stable
rtlinked against libevent 2.1.12-stable
compiled against libnet 1.2
rtlinked against libnet 1.2
compiled against libpcap n/a
rtlinked against libpcap 1.10.0
8 CPU cores detected
Generated 2048 bit RSA key for leaf certs.
SSL/TLS protocol: negotiate
proxyspecs:
- [0.0.0.0]:10443 ssl|http pf
Loaded CA: '/O=Connect2MyHome/CN=Connect2MyHome'
SSL/TLS leaf certificates taken from:
- Generated on the fly
NAT engine preinit 'pf'
Privsep fastpath enabled
Created self-pipe [r=6,w=7]
Created chld-pipe [r=8,w=9]
Created socketpair 0 [p=10,c=11]
Created socketpair 1 [p=12,c=13]
Created socketpair 2 [p=14,c=15]
Created socketpair 3 [p=16,c=17]
Created socketpair 4 [p=18,c=19]
Created socketpair 5 [p=20,c=21]
Privsep parent pid 54145
NAT engine fini 'pf'
Privsep child pid 54146
Using libevent backend 'kqueue'
Event base supports: edge yes, O(1) yes, anyfd yes
Received privsep req type 00 sz 1 on srvsock 10
Dropped privs to user - group - chroot -
Received privsep req type 00 sz 1 on srvsock 12
Received privsep req type 00 sz 1 on srvsock 18
Received privsep req type 00 sz 1 on srvsock 20
NAT engine init 'pf'
Inserted events:
  0x7fe016606ae8 [fd  7] Read Persist
  0x7fe016607c30 [sig 1] Signal Persist
  0x7fe016607cb0 [sig 2] Signal Persist
  0x7fe016606f70 [sig 3] Signal Persist
  0x7fe016607d30 [sig 13] Signal Persist
  0x7fe016607160 [sig 15] Signal Persist
  0x7fe016607db0 [sig 30] Signal Persist
  0x7fe016607600 [fd  -1] Persist Timeout=1625159179.110975
Active events:
Initialized 16 connection handling threads
Started 16 connection handling threads
Starting main event loop.

SNI peek: [n/a] [complete]
Connecting to [52.28.213.164]:443
===> Original server certificate:
Subject DN: /C=NL/L=EU/O=iQontrol /CN=*.iqloud.eu
Common Names: *.iqloud.eu
Fingerprint: 2D:DA:F6:62:08:59:1F:8A:3A:6C:FF:79:CC:64:91:99:C2:82:2D:19
Certificate cache: MISS
===> Forged server certificate:
Subject DN: /C=NL/L=EU/O=iQontrol /CN=*.iqloud.eu
Common Names: *.iqloud.eu
Fingerprint: 14:BF:07:83:20:90:CF:02:C0:A5:F0:47:33:D2:63:96:A8:56:2A:AF
SSL connected to [52.28.213.164]:443 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
CLIENT_RANDOM 75D1228CF39AC782C0918C6DD33DDB9A1852B8710D0D087C729174FD0D3B4885 311017DEF441396FA8FCCE27311C14808F1DBA39A3D494A34C42844FB8F3C1AE5F7A50A0B04DD4811997074497A9AA6D
Error from src bufferevent: 0:- 337092801:193:no shared cipher:20:SSL routines:378:tls_post_process_client_hello
Additional SSL error: 1:1:(null):0:(null):0:(null)
SSL_free() in state 00000001 = 0001 = SSLOK  (SSL negotiation finished successfully) [connect socket]
SSL disconnected to [52.28.213.164]:443
SSL disconnected from [192.168.2.2]:55838
SSL_free() in state 00000014 = 0014 = SSLERR (error) [accept socket]
SNI peek: [n/a] [complete]
Attempt reuse dst SSL session

[sonertari]

Note first that your compiled and rtlinked OpenSSL versions do not match. You should have the same version for both.

I think the error says that the client and sslsplit could not agree on a cipher. sslsplit does not write an "SSL connected from" log for the client.

But, I wonder what the client application is here, which web browser?

[luzik]

I've installed it via "brew install sslsplit" Client is embedded on ARM M3

Server side is free to test

Can it be related to wrong CA cert ?

[sonertari]

OpenSSL 1.1.0+ versions have removed weak (e.g. export grade) ciphers. See this link and search for the word removed. I think the ciphers on OpenSSL 1.1.1h/j are stronger than the ones the embedded device supports, hence they cannot agree on it.

I doubt you can upgrade the ssl engine on the embedded device (now I wonder what its ssl engine is). Can you downgrade the OpenSSL on your mac? (I don't think weak ciphers can be enabled on OpenSSL 1.1.0+.)

Btw, it always amazes me to hear compiled and rtlinked version issues with openssl on osx.

[sonertari]

Perhaps you can rebuild OpenSSL 1.1.1 with the enable-weak-ssl-ciphers option.

[luzik]

Great Idea. I will try and let you know. Maybe sslsplit can improve warning messages in such cases.

[luzik]

I sniffed working communication and negotiated params was TLS 1.2 Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)

/usr/local/Cellar/openssl@1.1/1.1.1j/bin/openssl ciphers -V |grep 0xC0.0x23 0xC0,0x23 - ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256 So I believe it is quite decent

How sslsplit will behave when client do not accept CA ?

[sonertari]

The openssl alert must be something like "bad certificate", "unknown CA", or "certificate unknown", if the client complains about the CA cert used for forging by sslsplit. See the OpenSSL docs.