RE: openSSL client has problem to connect with JSSE based serveron TLS?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

RE: openSSL client has problem to connect with JSSE based serveron TLS?

Xia David You -X (xiyou - Varite Inc. at Cisco)
Thanks Merek,
I will try your suggestion.

BTW, Is DHE-RSA-AES256-SHA part of TLS cipher suite, I thought TLS
cipher always named TLS_something. Why this is named different?

Thanks
David
 

-----Original Message-----
From: [hidden email]
[mailto:[hidden email]] On Behalf Of Marek Marcola
Sent: Saturday, April 01, 2006 8:37 AM
To: [hidden email]
Subject: Re: openSSL client has problem to connect with JSSE based
serveron TLS?

Hello,

> I have an openSSL/Stunnel based client. and we are trying to connect
> to a JSSE based server on TLS.
> The ssldump simply say that "handshake_failure". and from successful
> connection log of other JSSE based connection it appears they are
> using different cipher.
>  
> Does " Unknown value 0x39" cipher need special setup on either side?
Value 0x39 means  DHE-RSA-AES256-SHA.
>From command "openssl ciphers -v | grep AES" we will get:
DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
DHE-DSS-AES256-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(256)  Mac=SHA1
AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
DHE-DSS-AES128-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(128)  Mac=SHA1
AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1

this means that DH will be used for key_echange and RSA will be used for
certificate_verify (aes256 for encription, sha1 for mac).

Error in this situation may come from verifiying ClientKeyExchange or
CertificateVerify message (ChangeCipherSpec is VERY simple :-).
Because all 3 messages are sent in one TCP segment (or one write()) we
can not tell witch packet has "error".
My proposition is to remove DH by setting (for testing) cipher to
AES256-SHA. This will give more information from ssldump like RSA
decrypted pre_master_secret value.
You may change this with -cipher option in "openssl s_client"
or using function SSL_CTX_set_cipher_list() if you writing your own
application using OpenSSL.

Best regards,
--
Marek Marcola <[hidden email]>

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: openSSL client has problem to connect with JSSE based serveron TLS?

Marek.Marcola
Hello,

> BTW, Is DHE-RSA-AES256-SHA part of TLS cipher suite,
Yes, you can check this in RFC3268:
   CipherSuite TLS_RSA_WITH_AES_128_CBC_SHA      = { 0x00, 0x2F };
   CipherSuite TLS_DH_DSS_WITH_AES_128_CBC_SHA   = { 0x00, 0x30 };
   CipherSuite TLS_DH_RSA_WITH_AES_128_CBC_SHA   = { 0x00, 0x31 };
   CipherSuite TLS_DHE_DSS_WITH_AES_128_CBC_SHA  = { 0x00, 0x32 };
   CipherSuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA  = { 0x00, 0x33 };
   CipherSuite TLS_DH_anon_WITH_AES_128_CBC_SHA  = { 0x00, 0x34 };

   CipherSuite TLS_RSA_WITH_AES_256_CBC_SHA      = { 0x00, 0x35 };
   CipherSuite TLS_DH_DSS_WITH_AES_256_CBC_SHA   = { 0x00, 0x36 };
   CipherSuite TLS_DH_RSA_WITH_AES_256_CBC_SHA   = { 0x00, 0x37 };
   CipherSuite TLS_DHE_DSS_WITH_AES_256_CBC_SHA  = { 0x00, 0x38 };
   CipherSuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA  = { 0x00, 0x39 };
   CipherSuite TLS_DH_anon_WITH_AES_256_CBC_SHA  = { 0x00, 0x3A };

> I thought TLS
> cipher always named TLS_something. Why this is named different?
>From file ssl/tls1.h we can read:
/* Additional TLS ciphersuites from
draft-ietf-tls-56-bit-ciphersuites-00.txt
 * (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see
 * s3_lib.c).  We actually treat them like SSL 3.0 ciphers, which we
probably
 * shouldn't. */
#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5     0x03000060
#define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 0x03000061
#define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA    0x03000062
#define TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA   0x03000063
#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA     0x03000064
#define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x03000065
#define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA     0x03000066

/* AES ciphersuites from RFC3268 */

#define TLS1_CK_RSA_WITH_AES_128_SHA         0x0300002F
#define TLS1_CK_DH_DSS_WITH_AES_128_SHA         0x03000030
#define TLS1_CK_DH_RSA_WITH_AES_128_SHA         0x03000031
#define TLS1_CK_DHE_DSS_WITH_AES_128_SHA     0x03000032
#define TLS1_CK_DHE_RSA_WITH_AES_128_SHA     0x03000033
#define TLS1_CK_ADH_WITH_AES_128_SHA         0x03000034

#define TLS1_CK_RSA_WITH_AES_256_SHA         0x03000035
#define TLS1_CK_DH_DSS_WITH_AES_256_SHA         0x03000036
#define TLS1_CK_DH_RSA_WITH_AES_256_SHA         0x03000037
#define TLS1_CK_DHE_DSS_WITH_AES_256_SHA     0x03000038
#define TLS1_CK_DHE_RSA_WITH_AES_256_SHA     0x03000039
#define TLS1_CK_ADH_WITH_AES_256_SHA         0x0300003A

SSL3 and TLS1 are very similar protocols so I think this is ok.

Best regards,
--
Marek Marcola <[hidden email]>

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]