[Bug] OpenSSL does not send short messages

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[Bug] OpenSSL does not send short messages

Alex Hultman
Hi,

I've found a very central bug that affects all my OpenSSL applications including the official server example code, the vanilla Node.js HTTPs server and my (arguably non-correct) own server project.


SSL_write followed by SSL_shutdown does not actually send the data passed to SSL_write if the total data size sent is less than (on my system) 7-8 bytes.

If you consider the official example: https://wiki.openssl.org/index.php/Simple_TLS_Server

(Note: I removed "SSL_CTX_set_ecdh_auto(ctx, 1);" to make it compile)

It responds Chrome with ERR_RESPONSE_HEADERS_TRUNCATED, while changing the text sent to "Hello there" works and shows "Hello there" in Chrome. Same goes for Curl. I've tested self-signed certs and one "half-signed" (crap signer).

This is on Linux (Fedora 24) and I have OpenSSL 1.1.0 but I'm pretty sure Node.js 5.x uses OpenSSL 1.0.2g.

Is this known behavior?

--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Reply | Threaded
Open this post in threaded view
|

Re: [Bug] OpenSSL does not send short messages

Viktor Dukhovni
[ This question belongs on openssl-users, not openssl-dev.  Please
  reply only to openssl-users. ]

On Tue, Apr 26, 2016 at 05:17:46AM +0200, Alex Hultman wrote:

> SSL_write followed by SSL_shutdown does not actually send the data passed
> to SSL_write if the total data size sent is less than (on my system) 7-8
> bytes.

This does not happen in "openssl s_client".  You're likely doing
something wrong.

In one window I start an openssl server:

    $ cipher=ADH-DES-CBC3-SHA
    $ seclev= # Make that seclev=":@SECLEVEL=0" with OpenSSL 1.1.0 or later
    $ openssl s_server -quiet -cipher "$cipher$seclev" -nocert -accept 12345

I another window I start a client:

    $ cipher=ADH-DES-CBC3-SHA
    $ seclev= # Make that seclev=":@SECLEVEL=0" with OpenSSL 1.1.0 or later
    echo XXX | openssl s_client -debug -no_ign_eof -cipher "$cipher$seclev" -connect localhost:12345

On the server side I see the expected output:

    XXX

On the client side after lots of handshake messages:

    >>> ??? [length 0005]
        17 03 03 00 24
    write to 0x7f7f8bd003d0 [0x7f7f8c80b203] (41 bytes => 41 (0x29))
    0000 - 17 03 03 00 24 c2 19 ea-c6 f1 a8 c7 74 31 50 3d   ....$.......t1P=
    0010 - a1 2f fb f0 d5 4d 2e 85-e0 6a 18 86 27 6a 09 1d   ./...M...j..'j..
    0020 - de 98 4e 69 05 57 0f 4c-93                        ..Ni.W.L.
    DONE
    >>> ??? [length 0005]
        15 03 03 00 24
    write to 0x7f7f8bd003d0 [0x7f7f8c80b203] (41 bytes => 41 (0x29))
    0000 - 15 03 03 00 24 d2 94 f8-11 dd 69 81 f7 ab cc 8c   ....$.....i.....
    0010 - c4 13 4c 80 24 d7 50 10-b9 62 74 d7 21 86 16 78   ..L.$.P..bt.!..x
    0020 - b4 83 87 da 5e 2f d9 5d-34                        ....^/.]4
    >>> TLS 1.2Alert [length 0002], warning close_notify
        01 00

The first of these is the "XXX" encrypted to 16 bytes, and padded
with a 20-byte SHA1 MAC (the server and client negotiated TLS 1.2
with Encrypt-then-Mac).  The second is the encrypted shutdown alert.

> Is this known behavior?

No.

--
        Viktor.
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev