expected: change cipher when communicating with persona servers

[snoyberg]

A user reported this to me as an issue with haskellers.com. I can reproduce this with tls-simpleclient. When I run:

tls-simpleclient verifier.login.persona.org 443

I get the result:

tls-simpleclient: HandshakeFailed (Error_Packet_unexpected "Alert [(AlertLevel_Fatal,BadRecordMac)]" " expected: change cipher")

Connecting with curl produces no problem.

Sorry for two reports in as many hours, hopefully this one isn't a garbage report ;).

[vincenthz]

Don't worry, report as much as needed. I'ld rather fix problem and be confident that it's working than not hearing about them.

It seems to work for me at the moment with the command above. If you can reproduce can you run it with --debug ?

[snoyberg]

--debug output is available at: https://gist.github.com/snoyberg/10962603

I'm building with GHC 7.4.2 on Ubuntu 12.04 64-bit. I'll try running with 7.6 as well.

[snoyberg]

Building on GHC 7.6 seems to fix the problem, so this is somehow specific to 7.4.

[vincenthz]

OK that a very bad bug and I don't have a clue or a starting point with this (the issue could be litteraly anywhere in the whole stack). Do it works generally on 7.4, with others website (facebook,twitter, etc..) ?

[snoyberg]

I just checked from Haskellers, and logging in via Facebook and Google works correctly. So this appears to be isolated to just Persona for now.

[vincenthz]

Just to be sure, can you confirm that you're using the latest tls and dependencies with 7.4 too ?

[snoyberg]

$ ghc-pkg describe tls
name: tls
version: 1.2.6
id: tls-1.2.6-c93cde98df93a10030db1f6d130442b6
license: BSD3
copyright: Vincent Hanquez <vincent@snarc.org>
maintainer: Vincent Hanquez <vincent@snarc.org>
stability: experimental
homepage: http://github.com/vincenthz/hs-tls
package-url:
synopsis: TLS/SSL protocol native implementation (Server and Client)
description: Native Haskell TLS and SSL protocol implementation for server and client.
             .
             This provides a high-level implementation of a sensitive security protocol,
             eliminating a common set of security issues through the use of the advanced
             type system, high level constructions and common Haskell features.
             .
             Currently implement the SSL3.0, TLS1.0, TLS1.1 and TLS1.2 protocol,
             and support RSA and Ephemeral Diffie Hellman key exchanges,
             and many extensions.
             .
             Some debug tools linked with tls, are available through the
             <http://hackage.haskell.org/package/tls-debug/>.
category: Network
author: Vincent Hanquez <vincent@snarc.org>
exposed: True
exposed-modules: Network.TLS Network.TLS.Cipher
                 Network.TLS.Compression Network.TLS.Internal Network.TLS.Extra
                 Network.TLS.Extra.Cipher
hidden-modules: Network.TLS.Cap Network.TLS.Struct Network.TLS.Core
                Network.TLS.Context Network.TLS.Context.Internal
                Network.TLS.Credentials Network.TLS.Backend Network.TLS.Crypto
                Network.TLS.Crypto.DH Network.TLS.Extension Network.TLS.Handshake
                Network.TLS.Handshake.Common Network.TLS.Handshake.Certificate
                Network.TLS.Handshake.Key Network.TLS.Handshake.Client
                Network.TLS.Handshake.Server Network.TLS.Handshake.Process
                Network.TLS.Handshake.Signature Network.TLS.Handshake.State
                Network.TLS.Hooks Network.TLS.IO Network.TLS.MAC
                Network.TLS.Measurement Network.TLS.Packet Network.TLS.Parameters
                Network.TLS.Record Network.TLS.Record.Types
                Network.TLS.Record.Engage Network.TLS.Record.Disengage
                Network.TLS.Record.State Network.TLS.RNG Network.TLS.State
                Network.TLS.Session Network.TLS.Sending Network.TLS.Receiving
                Network.TLS.Util Network.TLS.Util.ASN1
                Network.TLS.Util.Serialization Network.TLS.Types Network.TLS.Wire
                Network.TLS.X509
trusted: False
import-dirs: /home/ubuntu/.cabal/lib/tls-1.2.6/ghc-7.4.2
library-dirs: /home/ubuntu/.cabal/lib/tls-1.2.6/ghc-7.4.2
hs-libraries: HStls-1.2.6
extra-libraries:
extra-ghci-libraries:
include-dirs:
includes:
depends: asn1-encoding-0.8.1.3-f549363a531f2d81e652f00adfbc2273
         asn1-types-0.2.3-7eb0a2e7c29b41519db3f51a0a04c93a
         base-4.5.1.0-66f22db3dfcd87541c9c7e50e7095d26
         byteable-0.1.1-74a7222f9b3be3334508ff25f64acf75
         bytestring-0.10.2.0-dd65ce94c4becc62ba5b14685a741374
         cereal-0.4.0.1-148535de688b36ba0186d001f9b9e0ee
         cipher-aes-0.2.7-a024d5b798adc3a4f8df8bc34a7c1da0
         cipher-rc4-0.1.4-d9cadb86d1bed6ded79a98b2cf10d1ef
         crypto-numbers-0.2.3-463b7ad02e73a8a99d2f4a9de028f9da
         crypto-pubkey-0.2.4-0c33f2679c3627031a7c82983d4e98ea
         crypto-pubkey-types-0.4.2.2-712b515f568693430772993f42d8171a
         crypto-random-0.0.7-198c14afe761106330e5e4d5f234f178
         cryptohash-0.11.4-8aa3899b247d9a63398e648df55ba34b
         data-default-class-0.0.1-404a773a22035774580c2f5f2b6deb99
         mtl-2.1.3.1-f2389a308539c49011ee0c35fcb11a6e
         network-2.5.0.0-7fc82b2e8cecd4cc045cc750204fb08f
         x509-1.4.11-87a60577ee183cd3dc6cf38dd3ec7798
         x509-store-1.4.4-8dbb73de11830e800faf7cb9da47d068
         x509-validation-1.5.0-c87f189f9dd5097888a2c8c9ce9f761e
hugs-options:
cc-options:
ld-options:
framework-dirs:
frameworks:
haddock-interfaces: /home/ubuntu/.cabal/share/doc/tls-1.2.6/html/tls.haddock
haddock-html: /home/ubuntu/.cabal/share/doc/tls-1.2.6/html
pkgroot: "/home/ubuntu/.ghc/x86_64-linux-7.4.2"

[snoyberg]

FYI, I've worked around this for haskellers.com by upgrading to GHC 7.6.

[vincenthz]

hopefully no one uses < 7.6 anymore