Search squid archive

Re: FW: squid tproxy ssl-bump and Protocol error (TLS code: SQUID_ERR_SSL_HANDSHAKE)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

----- Original Message -----
> From: Amos Jeffries <squid3@xxxxxxxxxxxxx>
>
> Squid mimics the client details when contacting the server. So you would

> get the same problem (though maybe different description) if going

> directly without the proxy.


If I try connecting to https://www.google.com with this client and going directly without proxy then I have no problem whatsoever. I'm sure any Windows XP user still out there with IE8 can confirm that a direct connection to https://www.google.com still works fine. I hit the issue only when using Squid.


So from the squid server I ran:

# nmap --script ssl-enum-ciphers google.com
[...]
| ssl-enum-ciphers:
|   TLSv1.0:
|     ciphers:
|       TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - strong
|       TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - strong
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong
|       TLS_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_RSA_WITH_AES_256_CBC_SHA - strong
|     compressors:
|
|   TLSv1.1:
|     ciphers:
|       TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - strong
|       TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - strong
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong
|       TLS_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_RSA_WITH_AES_256_CBC_SHA - strong
|     compressors:
|
|   TLSv1.2:
|     ciphers:
|       TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - strong
|       TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - strong
|       TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - strong
|       TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - strong
|       TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 - strong
|       TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - strong
|       TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - strong
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - strong
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - strong
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - strong
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - strong
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - strong
|       TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - strong
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong
|       TLS_RSA_WITH_AES_128_CBC_SHA - strong
|       TLS_RSA_WITH_AES_128_CBC_SHA256 - strong
|       TLS_RSA_WITH_AES_128_GCM_SHA256 - strong
|       TLS_RSA_WITH_AES_256_CBC_SHA - strong
|       TLS_RSA_WITH_AES_256_CBC_SHA256 - strong
|       TLS_RSA_WITH_AES_256_GCM_SHA384 - strong
|     compressors:
|
|_  least strength: strong


So if TLS 1.0 is supported by Google then the Windows XP clients should be able to connect.


Can a cipher issue trigger the error message "Handshake with SSL server failed: error:1409F07F:SSL routines:ssl3_write_pending:bad write retry"?

I ran:

# openssl ciphers
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:SRP-AES-256-CBC-SHA:DH-DSS-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DH-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DH-RSA-AES256-SHA256:DH-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DH-RSA-AES256-SHA:DH-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:DH-RSA-CAMELLIA256-SHA:DH-DSS-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:PSK-AES256-CBC-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:SRP-DSS-AES-128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:SRP-AES-128-CBC-SHA:DH-DSS-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:DH-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DH-RSA-AES128-SHA256:DH-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DH-RSA-AES128-SHA:DH-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DH-RSA-SEED-SHA:DH-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:DH-RSA-CAMELLIA128-SHA:DH-DSS-CAMELLIA128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:IDEA-CBC-SHA:PSK-AES128-CBC-SHA:KRB5-IDEA-CBC-SHA:KRB5-IDEA-CBC-MD5:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:PSK-RC4-SHA:KRB5-RC4-SHA:KRB5-RC4-MD5:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:SRP-DSS-3DES-EDE-CBC-SHA:SRP-RSA-3DES-EDE-CBC-SHA:SRP-3DES-EDE-CBC-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DH-RSA-DES-CBC3-SHA:DH-DSS-DES-CBC3
-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:PSK-3DES-EDE-CBC-SHA:KRB5-DES-CBC3-SHA:KRB5-DES-CBC3-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DH-RSA-DES-CBC-SHA:DH-DSS-DES-CBC-SHA:DES-CBC-SHA:KRB5-DES-CBC-SHA:KRB5-DES-CBC-MD5


# openssl s_client -connect google.com:443 -tls1
[...]
SSL-Session:
Protocol  : TLSv1
Cipher    : ECDHE-RSA-AES128-SHA

[...]

I also tried the following on the Squid server:

# curl --tlsv1.0 --trace trace.log https://www.google.com && grep "SSL connection using" trace.log[...]
== Info: SSL connection using TLSv1.0 / ECDHE-RSA-AES128-SHA
[...]

>From the Windows XP IE8 client I connected to this web site to quickly see all the supported protocols and ciphers:
https://www.ssllabs.com/ssltest/viewMyClient.html
I can see TLS 1.0 support and the following cipher list:

TLS_RSA_WITH_RC4_128_MD5 (0x4)   INSECURE 128 
TLS_RSA_WITH_RC4_128_SHA (0x5)   INSECURE 128 
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)  112 
TLS_RSA_WITH_DES_CBC_SHA (0x9)   WEAK 56 
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA (0x64)   INSECURE 56 
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA (0x62)   WEAK 56 
TLS_RSA_EXPORT_WITH_RC4_40_MD5 (0x3)   INSECURE 40 
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (0x6)   INSECURE 40 
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x13)   Forward Secrecy2  112 
TLS_DHE_DSS_WITH_DES_CBC_SHA (0x12)   WEAK 56 
TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA (0x63)   WEAK 56 


On a Windows 7 IE8 client with no Squid proxy issues I can see the following list of ciphers:

TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c)  128 
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)  128 
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d)  256 
TLS_RSA_WITH_AES_256_CBC_SHA (0x35)  256 
TLS_RSA_WITH_RC4_128_SHA (0x5)   INSECURE 128 
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)  112 
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)   Forward Secrecy  128 
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)   Forward Secrecy  128 
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   Forward Secrecy  256 
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)   Forward Secrecy  128 
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)   Forward Secrecy  128 
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)   Forward Secrecy  256 
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024)   Forward Secrecy  256 
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)   Forward Secrecy  128 
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)   Forward Secrecy  256 
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (0x40)   Forward Secrecy2  128 
TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x32)   Forward Secrecy2  128 
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (0x6a)   Forward Secrecy2  256 
TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x38)   Forward Secrecy2  256 
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x13)   Forward Secrecy2  112 
TLS_RSA_WITH_RC4_128_MD5 (0x4)   INSECURE 128 


I suppose that the Windows XP client successfully connects to https://www.google.com because it uses TLS_RSA_WITH_3DES_EDE_CBC_SHA (when NOT using Squid). Am I right? Is there a way I can confirm that?


So, back on the squid server I checked the openssl ciphers for one that is supported by the Windows XP system. I searched for the oepnssl cipher name from the RFC cipher name at https://testssl.sh/openssl-rfc.mappping.html.

I found the following:
TLS_RSA_WITH_3DES_EDE_CBC_SHA = DES-CBC3-SHA
The other "strong" cipher supported by Windows XP seems to be:
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = EDH-DSS-DES-CBC3-SHA


# curl --tlsv1.0 --ciphers SRP-RSA-3DES-EDE-CBC-SHA --trace trace.log https://www.google.com
curl: (35) error:140740B5:SSL routines:SSL23_CLIENT_HELLO:no ciphers available


So I tried these commands on the Squid server:

# openssl s_client -connect google.com:443 -tls1 -cipher DES-CBC3-SHA
[...]
SSL-Session:
Protocol  : TLSv1
Cipher    : DES-CBC3-SHA

[...]
(that went well)


# openssl s_client -connect google.com:443 -tls1 -cipher EDH-DSS-DES-CBC3-SHA

CONNECTED(00000003)
3072018108:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:s3_pkt.c:1472:SSL alert number 40
3072018108:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure:s3_pkt.c:656:


So this failed. Why?
Is google wrongly advertising the supported cipher (I doubt it)?

I have OpenSSL 1.0.2d 9 Jul 2015 and Squid 3.5.14.

How do I know if Squid is also trying to use the same cipher EDH-DSS-DES-CBC3-SHA instead of DES-CBC3-SHA?

I tried setting debug_options rotate=1 ALL,5 but found nothing related to the cipher in the log:

# tail -n 1000000 /var/log/squid/cache.log | grep "10.215.144.47" | grep -i cipher

> To get around this you require the latest Squid version (with> peek-and-splice feature) doing the "bump" action on these clients

> traffic so that it can upgrade the TLS/SSL handshake and use some
> ciphers etc the server will accept on their connections.

I'm already using sslbump with squid 3.5. As posted in my first message I have:
https_port 3130 tproxy ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=16MB cert=/etc/ssl/squid/proxyserver.pem

How can I tell which TLS/cipher versions Squid is using? What exactly should I search for in the log?

I tried this while connecting from the Windows XP client:
# watch -n 1 "tail -n 10000 /var/log/squid/cache.log | grep clientNegotiateSSL"
2016/09/30 13:19:06.633 kid1| 83,2| client_side.cc(3796) clientNegotiateSSL: clientNegotiateSSL: New session 0x870088d8 on FD 151 (10.215.144.47:1649)
2016/09/30 13:19:06.633 kid1| 83,3| client_side.cc(3800) clientNegotiateSSL: clientNegotiateSSL: FD 151 negotiated cipher RC4-MD5
2016/09/30 13:19:06.633 kid1| 83,5| client_side.cc(3816) clientNegotiateSSL: clientNegotiateSSL: FD 151 has no certificate.


Why is Squid negotiating cipher RC4-MD5 which is reported "insecure" and unsupported by the google web site?


I finally tried this on the Squid server:

# openssl s_client -connect google.com:443 -tls1 -cipher RC4-MD5
CONNECTED(00000003)
3071960764:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:s3_pkt.c:1472:SSL alert number 40
3071960764:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure:s3_pkt.c:656:


If I watch the Squid log when performing a connection to google from a Windows 7 IE8 with no issues, I get this:
2016/09/30 13:30:55.266 kid1| 83,2| client_side.cc(3764) clientNegotiateSSL: clientNegotiateSSL: Session 0x8331ee98 reused on FD 40 (10.215.144.48:21962)
2016/09/30 13:30:55.266 kid1| 83,3| client_side.cc(3800) clientNegotiateSSL: clientNegotiateSSL: FD 40 negotiated cipher AES256-GCM-SHA384
2016/09/30 13:30:55.267 kid1| 83,5| client_side.cc(3816) clientNegotiateSSL: clientNegotiateSSL: FD 40 has no certificate.


Any more ideas?

Vieri
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux