AES128 accepted when AES256 configured

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

AES128 accepted when AES256 configured

Roy Shamir

In 0.9.8a, it looks like AES 128 will be accepted by the server even if it is supposed to accept only AES 256.

 

To reproduce this behavior, on the server run:

openssl s_server -accept 4433 -cipher AES256-SHA –state

 

On the client, run:

openssl s_client -connect PISA_SERVER:4433 -cipher AES128-SHA -state

 

If the server is 0.9.8a, the negotiation will succeed. If it's 0.9.7a, it'll fail.

 

Reply | Threaded
Open this post in threaded view
|

Re: AES128 accepted when AES256 configured

Chris Clark
Hi Roy,

> In 0.9.8a, it looks like AES 128 will be accepted by the server even if it
> is supposed to accept only AES 256.

I reported this same bug on February 17th, and Dr. Steven Henson has
confirmed it is a bug so hopefully it will be fixed.

If you find any work around please let me know.

-Chris
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: AES128 accepted when AES256 configured

Roy Shamir
Sorry, I somehow overlooked that previous thread. Note that in my
scenario, a weaker cipher is implicitly added to the supported cipher
list, so the bug is somewhat more severe IMHO.

What I tried was to remove all the AES 128 options from ssl/s3_lib.c.
That seemed to do the trick. I do not know if it has any bad side
effects though.

Of course, this will only work if you don't need AES 128 at all.

Thanks,
Roy

On 4/14/06, Chris Clark <[hidden email]> wrote:

> Hi Roy,
>
> > In 0.9.8a, it looks like AES 128 will be accepted by the server even if it
> > is supposed to accept only AES 256.
>
> I reported this same bug on February 17th, and Dr. Steven Henson has
> confirmed it is a bug so hopefully it will be fixed.
>
> If you find any work around please let me know.
>
> -Chris
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
>
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: AES128 accepted when AES256 configured

Chris Clark
> What I tried was to remove all the AES 128 options from ssl/s3_lib.c.
> That seemed to do the trick. I do not know if it has any bad side
> effects though.
>
> Of course, this will only work if you don't need AES 128 at all.

In my case I have a configuration program which allows users to select
ciphers and the minimum/maximum strengths, so I have not found any
solution to the problem.

It's been close to two months now, so I'm currently considering
switching to an older version of OpenSSL which does not have the bug.

-Chris
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: AES128 accepted when AES256 configured

Dr. Stephen Henson
On Fri, Apr 14, 2006, Chris Clark wrote:

> > What I tried was to remove all the AES 128 options from ssl/s3_lib.c.
> > That seemed to do the trick. I do not know if it has any bad side
> > effects though.
> >
> > Of course, this will only work if you don't need AES 128 at all.
>
> In my case I have a configuration program which allows users to select
> ciphers and the minimum/maximum strengths, so I have not found any
> solution to the problem.
>
> It's been close to two months now, so I'm currently considering
> switching to an older version of OpenSSL which does not have the bug.
>

Try the next 0.9.8 snapshot.

The problem was that all cipher string matches were treated as category matches
(strength, algorithm etc) even if the string matched one explicit ciphersuite.

That's fine provided no two distinct ciphersuites have the same
classification.

The problem was triggered by the reclassification of the AES cipher suite
strengths in the latest versions of OpenSSL which resulted in some AES
ciphersuites having identical classifications.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: AES128 accepted when AES256 configured

Chris Clark
> Try the next 0.9.8 snapshot.

Thanks Dr. Steve!

-Chris
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]