server key exchange signature behavior

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,

We administer a server (Windows) with a Bitnami stack for a Wordpress
implementation and that uses Apache Httpd and OpenSSL. Separately I am
developing the TLS ECC aspect of a controller device implementation and
note a problematic behavior with the server_key_exchange for ECDHE_RSA.
The developed device ECDHE_RSA suite works properly and as expected with
all of the other servers thus far tested. There is likely a
configuration issue with this Apache installation and I am fishing for a
hint.

The issue is that the RSA signature as part of the server_key_exchange
does not decrypt with the supplied certificate public RSA key. It does
indicate an rsa_pkcs1_sha256 signature.

With a fresh Bitnami install that still uses the default key and
certificate files, the protocol provides a valid digital signature. When
we change the server's certificate (and confirm this with the browser)
the server_key_exchange signature no longer validates. It is as if the
server continues to use the default key for the signature. I have not
tried to confirm that specific point.

My immediate question for someone close to the code is where does
Apache/OpenSSL look for the key file for this signature at this point in
the protocol?

I am hoping that there is just some additional configuration location
that needs to be given our new key file and/or certificate. Can anyone
confirm?

We noted this concern on a production server. We then installed the
stack on a different machine to confirm the fresh install operation. In
adding different key and certificate files we confirm that the signature
then fails. If I ignore the bad signature the secure communications
succeed.

I have been searching the net for this issue for weeks. That has been
fruitless. So I am turning to this list.

Bruce



-- 
Sent using Thunderbird on Ubuntu 16.04LTS




Attachment: signature.asc
Description: OpenPGP digital signature


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux