No shared cipher error using ECDSA

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

No shared cipher error using ECDSA

Mike Bell-7
Hi,
 
I’m trying to create a VPN using OpenVPN over OpenSSL encrypted with AES and using an elliptical curve DSA.
 
However I keep getting a “no shared cipher” error.
 
The full error log is :-
MULTI: multi_create_instance called
Re-using SSL/TLS context
Control Channel MTU parms [ L:1557 D:138 EF:38 EB:0 ET:0 EL:0 ]                                                                                           
Data Channel MTU parms [ L:1557 D:1450 EF:57 EB:4 ET:0 EL:0 ]                                                                                            
Local Options String: 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-server'          
Expected Remote Options String: 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Local Options hash (VER=V4): 'b7f67de4'                                                                                                                  
Expected Remote Options hash (VER=V4): '8326dbaa'                                                                                                         
TLS: Initial packet from xxx.xxx.xxx.xxx:3077, sid=1725da0c f1237109
TLS_ERROR: BIO read tls_read_plaintext error: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher                                         
TLS Error: TLS object -> incoming plaintext read error                                                                                                   
TLS Error: TLS handshake failed                                                                                                                           
SIGUSR1[soft,tls-error] received, client-instance restarting
 
In order to use ECDSA I’m using the following commands to create the keys :-
 
For CA :-
openssl ecparam -name secp160k1 -out %HOME%\ecparameters
 
openssl req -days 3650 -newkey ec:%HOME%\ecparameters -sha1 -nodes -x509 -keyout %KEY_DIR%\ca.key -out %KEY_DIR%\ca.crt -config %HOME%\openssl.cnf -verbose –text
 
For SERVER :- 
openssl ecparam -name secp160k1 -out %HOME%\ecparameters
 
openssl req -days 3650 -nodes -newkey ec:%HOME%\ecparameters -sha1 -keyout %KEY_DIR%\%1.key -out %KEY_DIR%\%1.csr -config %HOME%\openssl.cnf -verbose
 
openssl x509 -req -in %KEY_DIR%\server.csr -CA %KEY_DIR%\ca.crt -CAkey %KEY_DIR%\ca.key -extensions server -CAcreateserial -out %KEY_DIR%\server.crt -text -extfile %HOME%\openssl.cnf
 
For CLIENT :-
openssl ecparam -name secp160k1 -out %HOME%\ecparameters
 
openssl req -days 3650 -nodes -newkey ec:%HOME%\ecparameters -sha1 -keyout %KEY_DIR%\%1.key -out %KEY_DIR%\%1.csr -config %HOME%\openssl.cnf -verbose
 
openssl x509 -req -in %KEY_DIR%\%1.csr -out %KEY_DIR%\%1.crt -CA %KEY_DIR%\ca.crt -CAkey %KEY_DIR%\ca.key -extensions v3_req -extfile %HOME%\openssl.cnf –text
 
In my client & server openssl.cnf files I’ve specified
cipher AES-128-CBC
 
If I generate the certificates using the standard installed batch files (ie not using ECDSA) I can connect no problem, so I’m guessing there must be something wrong with the commands to generate the certificates.
I’ve tried several other ECPARAM curves but still get the error.
 
Can anyone tell me what I’m doing wrong, or point me to some commands to get ECDSA working please.
 
I’m using openssl version 1.0.0.d & OpenVPN version 2.2.0 on Windows XP
 
Thanks
 
Reply | Threaded
Open this post in threaded view
|

Re: No shared cipher error using ECDSA

Victor Duchovni
On Fri, May 13, 2011 at 05:41:52PM +0100, Mike Bell wrote:

> However I keep getting a "no shared cipher" error.
>
> In my client & server openssl.cnf files I've specified
> cipher AES-128-CBC

This is not an EC cipher, and if you configure an EC cert, but specify
a cipher that is one of the ones reported by "openssl ciphers -v aECDSA",
you get "no shared cipher" errors.

    ECDHE-ECDSA-AES256-SHA  SSLv3 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA1
    ECDHE-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH    Au=ECDSA Enc=3DES(168) Mac=SHA1
    ECDHE-ECDSA-AES128-SHA  SSLv3 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA1
    ECDHE-ECDSA-RC4-SHA     SSLv3 Kx=ECDH     Au=ECDSA Enc=RC4(128)  Mac=SHA1
    ECDHE-ECDSA-NULL-SHA    SSLv3 Kx=ECDH     Au=ECDSA Enc=None      Mac=SHA1

Don't explicitly specify the cipher, just the certificates are sufficient,
or specify a cipher "class"

        !eNULL:!SSLv2:aECDSA:@STRENGTH

which eliminates the NULL cipher:

    $ openssl ciphers -v '!eNULL:!SSLv2:aECDSA:@STRENGTH'
    ECDHE-ECDSA-AES256-SHA  SSLv3 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA1
    ECDHE-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH    Au=ECDSA Enc=3DES(168) Mac=SHA1
    ECDHE-ECDSA-AES128-SHA  SSLv3 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA1
    ECDHE-ECDSA-RC4-SHA     SSLv3 Kx=ECDH     Au=ECDSA Enc=RC4(128)  Mac=SHA1

--
        Viktor.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

No shared cipher error using ECDSA

Mike Bell-7
In reply to this post by Mike Bell-7
Hi,
 
I’m trying to create a VPN using OpenVPN over OpenSSL encrypted with AES and using an elliptical curve DSA.
 
However I keep getting a “no shared cipher” error.
 
The full error log is :-
MULTI: multi_create_instance called
Re-using SSL/TLS context
Control Channel MTU parms [ L:1557 D:138 EF:38 EB:0 ET:0 EL:0 ]                                                                                           
Data Channel MTU parms [ L:1557 D:1450 EF:57 EB:4 ET:0 EL:0 ]                                                                                            
Local Options String: 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-server'          
Expected Remote Options String: 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Local Options hash (VER=V4): 'b7f67de4'                                                                                                                  
Expected Remote Options hash (VER=V4): '8326dbaa'                                                                                                         
TLS: Initial packet from xxx.xxx.xxx.xxx:3077, sid=1725da0c f1237109
TLS_ERROR: BIO read tls_read_plaintext error: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher                                         
TLS Error: TLS object -> incoming plaintext read error                                                                                                   
TLS Error: TLS handshake failed                                                                                                                           
SIGUSR1[soft,tls-error] received, client-instance restarting
 
In order to use ECDSA I’m using the following commands to create the keys :-
 
For CA :-
openssl ecparam -name secp160k1 -out %HOME%\ecparameters
 
openssl req -days 3650 -newkey ec:%HOME%\ecparameters -sha1 -nodes -x509 -keyout %KEY_DIR%\ca.key -out %KEY_DIR%\ca.crt -config %HOME%\openssl.cnf -verbose –text
 
For SERVER :- 
openssl ecparam -name secp160k1 -out %HOME%\ecparameters
 
openssl req -days 3650 -nodes -newkey ec:%HOME%\ecparameters -sha1 -keyout %KEY_DIR%\%1.key -out %KEY_DIR%\%1.csr -config %HOME%\openssl.cnf -verbose
 
openssl x509 -req -in %KEY_DIR%\server.csr -CA %KEY_DIR%\ca.crt -CAkey %KEY_DIR%\ca.key -extensions server -CAcreateserial -out %KEY_DIR%\server.crt -text -extfile %HOME%\openssl.cnf
 
For CLIENT :-
openssl ecparam -name secp160k1 -out %HOME%\ecparameters
 
openssl req -days 3650 -nodes -newkey ec:%HOME%\ecparameters -sha1 -keyout %KEY_DIR%\%1.key -out %KEY_DIR%\%1.csr -config %HOME%\openssl.cnf -verbose
 
openssl x509 -req -in %KEY_DIR%\%1.csr -out %KEY_DIR%\%1.crt -CA %KEY_DIR%\ca.crt -CAkey %KEY_DIR%\ca.key -extensions v3_req -extfile %HOME%\openssl.cnf –text
 
In my client & server openssl.cnf files I’ve specified
cipher AES-128-CBC
 
If I generate the certificates using the standard installed batch files (ie not using ECDSA) I can connect no problem, so I’m guessing there must be something wrong with the commands to generate the certificates.
I’ve tried several other ECPARAM curves but still get the error.
 
Can anyone tell me what I’m doing wrong, or point me to some commands to get ECDSA working please.
 
I’m using openssl version 1.0.0.d & OpenVPN version 2.2.0 on Windows XP
 
Thanks
 


Reply | Threaded
Open this post in threaded view
|

Re: No shared cipher error using ECDSA

Mike Bell-7
In reply to this post by Victor Duchovni
Thanks very much for the fast response Victor.
 
I wonder if I've confused things here with a typo.
 
I had originally put
    cipher AES-128-CBC
in SERVER.OVPN & CLIENT.OVPN, not OPENSSL.CNF files (it's been a long week!)
 
I've tried removing the cipher statement from the OVPN files but I'm still getting the no cipher found error.
 
Can you explain a little more about using the cipher class method please, I'm not sure how to specify that in SERVER.OVPN
 
Taking a step back, is it valid to use an AES cipher suite and an EC DSA signature algorithm ? Our security people are insisting on AES and either EC DSA, DSA or RSA as the signature algorithm, but with a preference for ECDSA.
 
Thanks
 

From: Victor Duchovni <[hidden email]>
To: "[hidden email]" <[hidden email]>
Sent: Friday, 13 May 2011, 17:56
Subject: Re: No shared cipher error using ECDSA

On Fri, May 13, 2011 at 05:41:52PM +0100, Mike Bell wrote:

> However I keep getting a "no shared cipher" error.
>
> In my client & server openssl.cnf files I've specified
> cipher AES-128-CBC

This is not an EC cipher, and if you configure an EC cert, but specify
a cipher that is one of the ones reported by "openssl ciphers -v aECDSA",
you get "no shared cipher" errors.

    ECDHE-ECDSA-AES256-SHA  SSLv3 Kx=ECDH    Au=ECDSA Enc=AES(256)  Mac=SHA1
    ECDHE-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH    Au=ECDSA Enc=3DES(168) Mac=SHA1
    ECDHE-ECDSA-AES128-SHA  SSLv3 Kx=ECDH    Au=ECDSA Enc=AES(128)  Mac=SHA1
    ECDHE-ECDSA-RC4-SHA    SSLv3 Kx=ECDH    Au=ECDSA Enc=RC4(128)  Mac=SHA1
    ECDHE-ECDSA-NULL-SHA    SSLv3 Kx=ECDH    Au=ECDSA Enc=None      Mac=SHA1

Don't explicitly specify the cipher, just the certificates are sufficient,
or specify a cipher "class"

    !eNULL:!SSLv2:aECDSA:@STRENGTH

which eliminates the NULL cipher:

    $ openssl ciphers -v '!eNULL:!SSLv2:aECDSA:@STRENGTH'
    ECDHE-ECDSA-AES256-SHA  SSLv3 Kx=ECDH    Au=ECDSA Enc=AES(256)  Mac=SHA1
    ECDHE-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH    Au=ECDSA Enc=3DES(168) Mac=SHA1
    ECDHE-ECDSA-AES128-SHA  SSLv3 Kx=ECDH    Au=ECDSA Enc=AES(128)  Mac=SHA1
    ECDHE-ECDSA-RC4-SHA    SSLv3 Kx=ECDH    Au=ECDSA Enc=RC4(128)  Mac=SHA1

--
    Viktor.
______________________________________________________________________
OpenSSL Project                                http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                          [hidden email]


Reply | Threaded
Open this post in threaded view
|

Re: No shared cipher error using ECDSA

Victor Duchovni
On Fri, May 13, 2011 at 06:36:34PM +0100, Mike Bell wrote:

> I had originally put
> cipher AES-128-CBC
> in SERVER.OVPN & CLIENT.OVPN, not OPENSSL.CNF files (it's been a long week!)

I am not familiar with your VPN product, so you'll have to figure out
what configuration options are applicable. If the product uses SSL cipher
suites, then a cipher name is almost always a "cipherlist", whose syntax
is described in the ciphers(1) manpage. If on the other hand, as the
protocol in question is not TLS, cipher specification uses a different
syntax, then you need to figure out how to configure a cipher that is
compatible with ECDSA certificates.

Do not confuse a block algorithm e.g. (AES-128-CBC) with a cipher-suite,
which specifies also the authentication and message digest algorithms.
Generally, OpenSSL ciphersuites are defined for TLS. It is not clear
how these translate to your VPN device.

--
        Viktor.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: No shared cipher error using ECDSA

Mike Bell-7
In reply to this post by Victor Duchovni
Thanks Viktor,
 
I hadn't properly understood the relationship between the certificate and the cipher, so I'll look at that now. I think I'm also confusing the OpenVPN & OpenSSL relationship.
 
OpenVPN does appear to be using TLS according to the logs, so I had tried to specify
   tls-cipher ECDHE-ECDSA-AES256-SHA
in CLIENT.OVPN and SERVER.OVPN config files, but got the same error.
 
Thanks for your help, you've given new ideas to research.
 
 
 
On Fri, May 13, 2011 at 06:36:34PM +0100, Mike Bell wrote:

> I had originally put
> cipher AES-128-CBC
> in SERVER.OVPN & CLIENT.OVPN, not OPENSSL.CNF files (it's been a long week!)

I am not familiar with your VPN product, so you'll have to figure out
what configuration options are applicable. If the product uses SSL cipher
suites, then a cipher name is almost always a "cipherlist", whose syntax
is described in the ciphers(1) manpage. If on the other hand, as the
protocol in question is not TLS, cipher specification uses a different
syntax, then you need to figure out how to configure a cipher that is
compatible with ECDSA certificates.

Do not confuse a block algorithm e.g. (AES-128-CBC) with a cipher-suite,
which specifies also the authentication and message digest algorithms.
Generally, OpenSSL ciphersuites are defined for TLS. It is not clear
how these translate to your VPN device.

--
Viktor.

From: Victor Duchovni <[hidden email]>
To: "[hidden email]" <[hidden email]>
Sent: Friday, 13 May 2011, 17:56
Subject: Re: No shared cipher error using ECDSA

On Fri, May 13, 2011 at 05:41:52PM +0100, Mike Bell wrote:

> However I keep getting a "no shared cipher" error.
>
> In my client & server openssl.cnf files I've specified
> cipher AES-128-CBC

This is not an EC cipher, and if you configure an EC cert, but specify
a cipher that is one of the ones reported by "openssl ciphers -v aECDSA",
you get "no shared cipher" errors.

    ECDHE-ECDSA-AES256-SHA  SSLv3 Kx=ECDH    Au=ECDSA Enc=AES(256)  Mac=SHA1
    ECDHE-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH    Au=ECDSA Enc=3DES(168) Mac=SHA1
    ECDHE-ECDSA-AES128-SHA  SSLv3 Kx=ECDH    Au=ECDSA Enc=AES(128)  Mac=SHA1
    ECDHE-ECDSA-RC4-SHA    SSLv3 Kx=ECDH    Au=ECDSA Enc=RC4(128)  Mac=SHA1
    ECDHE-ECDSA-NULL-SHA    SSLv3 Kx=ECDH    Au=ECDSA Enc=None      Mac=SHA1

Don't explicitly specify the cipher, just the certificates are sufficient,
or specify a cipher "class"

    !eNULL:!SSLv2:aECDSA:@STRENGTH

which eliminates the NULL cipher:

    $ openssl ciphers -v '!eNULL:!SSLv2:aECDSA:@STRENGTH'
    ECDHE-ECDSA-AES256-SHA  SSLv3 Kx=ECDH    Au=ECDSA Enc=AES(256)  Mac=SHA1
    ECDHE-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH    Au=ECDSA Enc=3DES(168) Mac=SHA1
    ECDHE-ECDSA-AES128-SHA  SSLv3 Kx=ECDH    Au=ECDSA Enc=AES(128)  Mac=SHA1
    ECDHE-ECDSA-RC4-SHA    SSLv3 Kx=ECDH    Au=ECDSA Enc=RC4(128)  Mac=SHA1

--
    Viktor.
______________________________________________________________________
OpenSSL Project                                http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                          [hidden email]


Reply | Threaded
Open this post in threaded view
|

Re: No shared cipher error using ECDSA

Victor Duchovni
On Mon, May 16, 2011 at 11:56:41AM +0100, Mike Bell wrote:

> Thanks Viktor,
>
> I hadn't properly understood the relationship between the certificate
> and the cipher, so I'll look at that now. I think I'm also confusing
> the OpenVPN?& OpenSSL relationship.
>
> OpenVPN does appear to be using TLS according to the logs, so I had
> tried to specify
>
> tls-cipher ECDHE-ECDSA-AES256-SHA
>
> in CLIENT.OVPN and SERVER.OVPN config files, but got the same error.

Are you sure that the OpenSSL version used by OpenSSL supports EC
ciphersuites? Generally, you need OpenSSL 1.0.0 for that. Partial support
for EC was available in 0.9.8, and no EC support is present in 0.9.7.

To enable EECDH key-exchange, the server may need to specify a curve,
which OpenVPN may not be doing. I don't believe that the curve
from the certificate is used by default when no curve is specified
explicitly via SSL_CTX_set_tmp_ecdh() and no callback is specified via
SSL_CTX_set_tmp_ecdh_callback().

Thus code not explicitly designed to use ECDSA ciphers may not work
when configured to use only ECDSA. It will only use any non-ECDSA
ciphers allowed.

--
        Viktor.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]