Re: Version negotiation failure failure?

Jordan Brown <openssl@xxxxxxxxxxxxxxxxxxxx> · Wed, 5 Sep 2018 08:19:26 -0700



    Any thoughts here?

      
      On 8/31/2018 6:14 PM, Jordan Brown wrote:

    
      We're trying to nail down error reporting for TLS version
        mismatches, and we're seeing a couple of puzzling behaviors.
      First, and most puzzling... assume these two command lines:
      
        $ openssl s_server -cert 2018.08.31.a.pem -key
          2018.08.31.a.key -no_tls1
        $ openssl s_client -connect zel.us.oracle.com:4433 -tls1
      
      That is, I have a server that won't accept TLSv1.0, and a
        client that will only accept TLSv1.0.
      On the server side I see
      
         1:error:14076102:SSL
          routines:SSL23_GET_CLIENT_HELLO:unsupported
          protocol:s23_srvr.c:605:
      
      which makes perfect sense.  On the client side I see
      
         4294956672:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl
          handshake failure:s3_pkt.c:659:
      
      which isn't as good, but is still sort of sensible.  But when I
        look at the packets exchanged, I see that the client sends a
        Client Hello, and the server responds with an ACK and then a
        FIN-ACK, with no data.  It just hangs up the phone.  This seems
        to violate RFC 5246 section E.1:  "If server supports (or is
        willing to use) only versions greater than client_version, it
        MUST send a "protocol_version" alert message and close the
        connection.".  Where's my protocol version alert?
      Of course my real case does not involve the sample client and
        server - it involves my own clients and servers - but I seem to
        see the same behavior with several servers (notably including
        the Apache httpd).
      This looks like it's the same as https://rt.openssl.org/Ticket/Display.html?id=2777
        .  I'm using 1.0.2o.  (But I don't see anything relevant-looking
        in the 1.0.2p changes.)  I've seen similar behavior from
        1.0.2o-fips.
      Am I missing something here, or is this a server-side bug?
      

      And then, on the client side...
      SSL_connect returns zero.  Exactly how that failure differs
        from a less-than-zero error is not clear, but OK.  The docs say
        to call SSL_get_error().  SSL_get_error() returns 5,
        SSL_ERROR_SYSCALL.  (That seems a little strange, since I don't
        think there's any system call errors here.)  The docs say to
        consult the error queue and errno.  ERR_peek_last_error( )
        returns zero.  Errno is zero.  It failed, but nobody will tell
        me why.
      Am I missing something here, or is this a client library bug?
      

      (I have not tracked down exactly how the s_client tool ends up
        with a message.  It seems to use a more intricate mechanism than
        SSL_connect.)
      

      -- 
Jordan Brown, Oracle Solaris
      

    -- 
Jordan Brown, Oracle Solaris
  

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users