On Thu, Mar 19, 2015, Steve Linsell wrote: > > I am trying to use ECDH-RSA-AES256-SHA with ssl3 with s_client and s_server on > the master branch. (cloned at commit > f7683aaf36341dc65672ac2ccdbfd4a232e3626d) and then retested ?with a more > recent clone: (commit da27006df06853a33b132133699a7aa9d4277920). Following further testing I see identical failures in the master branch using the following cipher/protocol combinations: ECDH-ECDSA-AES128-SHA ssl3 ECDH-ECDSA-AES256-SHA ssl3 ECDH-ECDSA-DES-CBC3-SHA ssl3 ECDH-ECDSA-RC4-SHA ssl3 ECDH-RSA-AES128-SHA ssl3 ECDH-RSA-AES256-SHA ssl3 ECDH-RSA-DES-CBC3-SHA ssl3 ECDH-RSA-RC4-SHA ssl3 ECDHE-ECDSA-AES128-SHA ssl3 ECDHE-ECDSA-AES256-SHA ssl3 ECDHE-ECDSA-DES-CBC3-SHA ssl3 ECDHE-ECDSA-RC4-SHA ssl3 The issue appears to be anywhere an elliptical curve certificate (whether signed with rsa or ecdsa) is used with ssl3. The error produced looks very similar to that produced when you generate a certificate without the OPENSSL_EC_NAMED_CURVE flag as described on the OpenSSL wiki, but as you can see from the dump of the certificate below in this case the ASN1 OID: prime256v1 line is present. The certificates also function fine with tls1, tls1.1 and tls1.2. Is there anyone that can confirm that they see the same behaviour, to rule out my setup and certificate generation? > Here is a dump of the certificate: > ./openssl x509 -in prime256v1-rsaTestServer.cert.pem -text -noout > Certificate: > Data: > Version: 1 (0x0) > Serial Number: 16838786626002069798 (0xe9af63387b73a926) > Signature Algorithm: sha256WithRSAEncryption > Issuer: C=US, ST=CA, L=Mountain View, O=Sun Microsystems, Inc., OU=Sun > Microsystems Laboratories, CN=Test CA (2048 bit RSA) > Validity > Not Before: Mar 13 11:38:21 2015 GMT > Not After : Apr 21 11:38:21 2019 GMT > Subject: C=US, ST=CA, L=Mountain View, O=Sun Microsystems, Inc., > OU=Sun Microsystems Laboratories, CN=Test Server (prime256v1 key signed > with RSA) > Subject Public Key Info: > Public Key Algorithm: id-ecPublicKey > Public-Key: (256 bit) > pub: > 04:0d:a6:16:d8:43:25:dc:83:6d:18:fb:f0:b7:41: > bc:05:88:a2:f2:56:8a:76:7a:d0:2b:7f:de:0a:44: > 33:4b:de:5b:30:44:ff:34:0e:17:c6:38:77:d7:53: > b2:c2:fa:9f:7f:d5:e3:a4:b5:de:ce:29:9d:74:e6: > 59:76:9f:e6:eb > ASN1 OID: prime256v1 > NIST CURVE: P-256 > Signature Algorithm: sha256WithRSAEncryption > d0:1c:97:60:b9:14:cf:5a:c8:ea:8d:65:63:75:50:f2:63:68: > 82:06:0c:47:f5:52:13:a5:61:4b:cd:99:ab:d0:56:81:a7:92: > 21:c7:07:e3:12:25:4a:a8:c7:83:7a:bd:57:11:c7:55:88:28: > 74:f1:37:bb:cd:0b:5b:7b:6f:45:e6:8d:1a:be:1a:fd:e0:d2: > 5b:e5:ee:39:2e:73:c8:d6:03:5c:f6:f9:37:4a:81:e4:41:5a: > 87:d5:0d:da:48:67:14:bb:75:3b:ae:68:b9:c4:25:2d:19:a7: > 05:90:a2:fb:b4:d3:00:4f:40:19:e9:2d:83:75:db:3c:53:fe: > 08:ae:ca:ba:3d:a5:4d:6e:f6:14:af:ee:7e:6d:dc:45:96:91: > 92:6d:37:52:b6:b7:ad:70:02:d0:11:0d:84:1b:f1:3b:82:be: > 66:af:a6:3c:17:33:d0:98:c3:cb:d3:22:39:d1:66:6e:94:ce: > 7e:70:3c:02:29:6a:b6:87:e9:c4:e9:44:b4:9b:f1:8e:47:82: > 2d:20:79:0e:f6:91:b1:e9:cf:83:66:8f:ff:e1:4f:2f:a1:ab: > ca:2d:81:53:7d:7f:69:b5:11:59:7e:9a:47:1c:6a:c8:83:54: > 83:0a:7d:46:ec:2e:e9:82:f3:b4:d4:f6:04:57:bc:a5:b2:c5: > 0c:ed:a6:fa > > Single stepping through the code I can see the failure is occurring in > tls1_check_ec_key when it is called from tls1_check_cert_param. > It appears to go around a for loop (j) twice. The first time through it correctly > matches the curve it is looking for. The second time round the list is empty and 0 > is returned. This failure causes the Elliptical curve cert not to be declared as valid > and consequently the handshake fails with the no shared cipher message. > I don't have a good understanding of how the certificate code works so I > haven't managed to debug any further than that in order to determine why the > second time round the loop the list is empty. > > -- > Steve Linsell Intel Shannon DCG/CID Software Development > Team > Stevenx.Linsell at intel.com > Steve Linsell Intel Shannon DCG/CID Software Development Team Stevenx.Linsell at intel.com -------------------------------------------------------------- Intel Shannon Limited Registered in Ireland Registered Office: Collinstown Industrial Park, Leixlip, County Kildare Registered Number: 308263 Business address: Dromore House, East Park, Shannon, Co. Clare This e-mail and any attachments may contain confidential material for the sole use of the intended recipient(s). Any review or distribution by others is strictly prohibited. If you are not the intended recipient, please contact the sender and delete all copies.
