Question regarding TLS renegotiation and configuration of Openssl ssl context

["Silverman, Ariel" <ariel.silverman@xxxxxxxxx>]

Dear Openssl Gurus,

 

I am facing the following problem, I am required to create an SSL client that talks (TLSv1.2, TLSv1.1 and TLSv1.0) against 3 different types of servers, one talks  TLSv1.2 only (server_12) , one TLSv1.1 only (server_11) and one TLSv1.0 only (server_10)

 

The way I am configuring my tls context is as following

 

Note: I am using Openssl v1.0.2l

 

SSL_CTX *ctx;

ctx = SSL_CTX_new( SSLv23_method() )

SSL_CTX_set_options(ctx,SSL_OP_NO_SSLv3 | SSL_OP_NO_TICKET);

 

Now…

 

When I try to connect to server_10 I see the trace below, the negotiation fails with:

Alert Message

            Level: Fatal (2)

            Description: Protocol Version (70)

 

It makes sense, since the decription for this failure is:

 

70

protocol_version

The protocol version the client attempted to negotiate is recognized, but not supported. For example, old protocol versions might be avoided for security reasons. This message is always fatal.

 

Now my question is:

 

How do I configure my SSL_CTX options so that I can talk to server_10 whilst being able to connect to server_12 and server_11 and at the same time maintaining security and not becoming vulnerable to RFC7507 ( TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks)

 

 

Thank you in advance for your help!!! J

-Ariel Silverman

 

 

 

Wireshark Trace of TLS negotiation:

===================================

 

 

No.     Time           Source                Destination           Protocol Length Info

    517 35.593453      192.168.0.70          192.168.0.102         TLSv1    249    Client Hello

 

Frame 517: 249 bytes on wire (1992 bits), 249 bytes captured (1992 bits) on interface 0

Ethernet II, Src: Vmware_e4:ae:09 (00:0c:29:e4:ae:09), Dst: Dell_c0:9a:2e (b8:ca:3a:c0:9a:2e)

Internet Protocol Version 4, Src: 192.168.0.70, Dst: 192.168.0.102

Transmission Control Protocol, Src Port: 63441, Dst Port: 16993, Seq: 1, Ack: 1, Len: 195

Secure Sockets Layer

    TLSv1 Record Layer: Handshake Protocol: Client Hello

        Content Type: Handshake (22)

        Version: TLS 1.0 (0x0301)

        Length: 190

        Handshake Protocol: Client Hello

            Handshake Type: Client Hello (1)

            Length: 186

            Version: TLS 1.1 (0x0302)

            Random: cdf0b0cb59d22675e6f840363eed6481674ce6e8714eeb45...

            Session ID Length: 0

            Cipher Suites Length: 100

            Cipher Suites (50 suites)

            Compression Methods Length: 1

            Compression Methods (1 method)

            Extensions Length: 45

            Extension: ec_point_formats (len=4)

            Extension: supported_groups (len=28)

            Extension: heartbeat (len=1)

 

No.     Time           Source                Destination           Protocol Length Info

    519 35.595600      192.168.0.102         192.168.0.70          TLSv1    1063   Server Hello, Certificate, Certificate Request, Server Hello Done

 

Frame 519: 1063 bytes on wire (8504 bits), 1063 bytes captured (8504 bits) on interface 0

Ethernet II, Src: Dell_c0:9a:2e (b8:ca:3a:c0:9a:2e), Dst: Vmware_e4:ae:09 (00:0c:29:e4:ae:09)

Internet Protocol Version 4, Src: 192.168.0.102, Dst: 192.168.0.70

Transmission Control Protocol, Src Port: 16993, Dst Port: 63441, Seq: 1, Ack: 196, Len: 1009

Secure Sockets Layer

    TLSv1 Record Layer: Handshake Protocol: Server Hello

        Content Type: Handshake (22)

        Version: TLS 1.0 (0x0301)

        Length: 46

        Handshake Protocol: Server Hello

            Handshake Type: Server Hello (2)

            Length: 42

            Version: TLS 1.0 (0x0301)

            Random: a0cb439203175bf9bb313ad516e0722288bd8d2b0ceb14f6...

            Session ID Length: 4

            Session ID: 79010000

            Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)

            Compression Method: null (0)

    TLSv1 Record Layer: Handshake Protocol: Certificate

        Content Type: Handshake (22)

        Version: TLS 1.0 (0x0301)

        Length: 931

        Handshake Protocol: Certificate

            Handshake Type: Certificate (11)

            Length: 927

            Certificates Length: 924

            Certificates (924 bytes)

    TLSv1 Record Layer: Handshake Protocol: Certificate Request

        Content Type: Handshake (22)

        Version: TLS 1.0 (0x0301)

        Length: 8

        Handshake Protocol: Certificate Request

            Handshake Type: Certificate Request (13)

            Length: 4

            Certificate types count: 1

            Certificate types (1 type)

            Distinguished Names Length: 0

    TLSv1 Record Layer: Handshake Protocol: Server Hello Done

        Content Type: Handshake (22)

        Version: TLS 1.0 (0x0301)

        Length: 4

        Handshake Protocol: Server Hello Done

            Handshake Type: Server Hello Done (14)

            Length: 0

 

No.     Time           Source                Destination           Protocol Length Info

    520 35.595660      192.168.0.70          192.168.0.102         TLSv1    61     Alert (Level: Fatal, Description: Protocol Version)

 

Frame 520: 61 bytes on wire (488 bits), 61 bytes captured (488 bits) on interface 0

Ethernet II, Src: Vmware_e4:ae:09 (00:0c:29:e4:ae:09), Dst: Dell_c0:9a:2e (b8:ca:3a:c0:9a:2e)

Internet Protocol Version 4, Src: 192.168.0.70, Dst: 192.168.0.102

Transmission Control Protocol, Src Port: 63441, Dst Port: 16993, Seq: 196, Ack: 1010, Len: 7

Secure Sockets Layer

    TLSv1 Record Layer: Alert (Level: Fatal, Description: Protocol Version)

        Content Type: Alert (21)

        Version: TLS 1.0 (0x0301)

        Length: 2

        Alert Message

            Level: Fatal (2)

            Description: Protocol Version (70)

 

 

 

 

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users