Regarding OpenSSL communication

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

Regarding OpenSSL communication

Suchindra Chandrahas
Hi all,
               I am using the following client hello message format for an SSL V3 Server:

<snip>

unsigned char buf[BUFSIZE] =
                "\x01"                  /* client hello msg */

                "\x03\x00"              /* client version */
                "\x00\x18"              /* cipher specs length */
                "\x00\x00"              /* session id length */
                "\x00\x10"              /* challenge length */

                "\x07\x00\xc0\x05\x00\x80\x03\x00"      /* cipher specs data */
                "\x80\x01\x00\x80\x08\x00\x80\x06"
                "\x00\x40\x04\x00\x80\x02\x00\x80"

                "";                                                     /* session id data */


</snip>

The message i am getting at server end is:

<snip>

error:1408A0B6:SSL routines:SSL3_GET_CLIENT_HELLO:no ciphers passed

</snip>

Can you please tell me where the error is?

I have sent ciphers actually

Thanks and Regards,
Suchindra Chandrahas


Fussy? Opinionated? Impossible to please? Perfect. Join Yahoo!'s user panel and lay it on us.
Reply | Threaded
Open this post in threaded view
|

Re: Regarding OpenSSL communication

Lutz Jänicke
Suchindra Chandrahas wrote:

> Hi all,
>                I am using the following client hello message format
> for an SSL V3 Server:
>
> <snip>
>
> unsigned char buf[BUFSIZE] =
>                 "\x01"                  /* client hello msg */
>
>                 "\x03\x00"              /* client version */
>                 "\x00\x18"              /* cipher specs length */
>                 "\x00\x00"              /* session id length */
>                 "\x00\x10"              /* challenge length */
>
>                 "\x07\x00\xc0\x05\x00\x80\x03\x00"      /* cipher
> specs data */
>                 "\x80\x01\x00\x80\x08\x00\x80\x06"
>                 "\x00\x40\x04\x00\x80\x02\x00\x80"
>
>                
> "";                                                     /* session id
> data */
>
>
> </snip>
>
> The message i am getting at server end is:
>
> <snip>
>
> error:1408A0B6:SSL routines:SSL3_GET_CLIENT_HELLO:no ciphers passed
>
> </snip>
>
> Can you please tell me where the error is?
>
> I have sent ciphers actually
Have you tried ssldump? It should give you its interpretation of your
data.

Best regards,
    Lutz
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Regarding OpenSSL communication

Suchindra Chandrahas
Hi Lutz,
                  I am using the following handshake for communication in ssl v2:

<snip>

CLIENT                                                                          SERVER
------ ------

client hello = {session id + challenge } sent -------------------------->

<-------------------------- server hello = { conn_id + certificate } sent

process server hello and identify conn_id

generate master key

generate key material

generate session keys using key material

{master key}pks sent --------------------------->
(master key encrypted by public key of server)

client finished = { conn_id } sent --------------------------->

<--------------------------- server finished received

data transfer

</snip>

However, i guess ssl3 handshake handler at server expects changecipherspec from client side

Please let me know if i am wrong!

Thanks and Regards,
Suchindra Chandrahas


Lutz Jaenicke <[hidden email]> wrote:
Suchindra Chandrahas wrote:

> Hi all,
> I am using the following client hello message format
> for an SSL V3 Server:
>
>
>
> unsigned char buf[BUFSIZE] =
> "\x01" /* client hello msg */
>
> "\x03\x00" /* client version */
> "\x00\x18" /* cipher specs length */
> "\x00\x00" /* session id length */
> "\x00\x10" /* challenge length */
>
> "\x07\x00\xc0\x05\x00\x80\x03\x00" /* cipher
> specs data */
> "\x80\x01\x00\x80\x08\x00\x80\x06"
> "\x00\x40\x04\x00\x80\x02\x00\x80"
>
>
> ""; /* session id
> data */
>
>
>

>
> The message i am getting at server end is:
>
>
>
> error:1408A0B6:SSL routines:SSL3_GET_CLIENT_HELLO:no ciphers passed
>
>

>
> Can you please tell me where the error is?
>
> I have sent ciphers actually
Have you tried ssldump? It should give you its interpretation of your
data.

Best regards,
Lutz
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [hidden email]
Automated List Manager [hidden email]


Luggage? GPS? Comic books?
Check out fitting gifts for grads at Yahoo! Search.
Reply | Threaded
Open this post in threaded view
|

Re: Regarding OpenSSL communication

Marek.Marcola
In reply to this post by Suchindra Chandrahas
Hello,

>                I am using the following client hello message format for an SSL V3 Server:
>
> <snip>
>
> unsigned char buf[BUFSIZE] =
>                 "\x01"                  /* client hello msg */
>
>                 "\x03\x00"              /* client version */
>                 "\x00\x18"              /* cipher specs length */
>                 "\x00\x00"              /* session id length */
>                 "\x00\x10"              /* challenge length */
>
>                 "\x07\x00\xc0\x05\x00\x80\x03\x00"      /* cipher specs data */
>                 "\x80\x01\x00\x80\x08\x00\x80\x06"
>                 "\x00\x40\x04\x00\x80\x02\x00\x80"
>
>                 "";                                                     /* session id data */
>
>
> </snip>
>
> The message i am getting at server end is:
>
> <snip>
>
> error:1408A0B6:SSL routines:SSL3_GET_CLIENT_HELLO:no ciphers passed
This looks like SSL2 client_hello.
For that to work you must add SSL2 record header, in this case
two bytes {0x80, len} where len in length of handshake data.
You cannot use here SSL3/TLS1 record header.
And if you specified 16 bytes of chalenge/random data, you must add this
data to packet too.

Best regards,
--
Marek Marcola <[hidden email]>

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Regarding OpenSSL communication

Suchindra Chandrahas
Hi Marek,
                      I request you to please have mercy on me. I have to communicate to SSL v3 Server using SSL v3 Client Hello Message. The following is my client hello message:

<snip>

         "\x01"
         "\x03\x01"              /* SSL Version */
         "\x40\x7b\xab\xc0"      /* GMT */
         "\x32\x41\x52\xd3\x46\x63\xea\x22"
         "\x37\x22\x33\x70\x2e\xfe\x80\x08"
         "\xeb\x82\xe9\xcd\xba\x97\x84\xbd"
         "\xd4\x8a\x9d\xe2"      /* Random Value */
         "\x00\x18"              /* cipher specs length */
         "\x00\x00"              /* Session ID Length */
         "\x00\x00\x33\x00\x00\x32\x00\x00"      /* cipher specs data */
         "\x35\x01\x00\x80\x08\x00\x80\x06"
         "\x00\x40\x04\x00\x80\x02\x00\x80"
         "\x02\x01\x00"              /* Compression Method */

</snip>

I am somehow not getting GMT and random value details in ethereal. Is the above stuff the right SSL v3 Client Hello?

Please help me out as i have to finish my project tomorrow morning!

Thanks and Regards,
Suchindra Chandrahas

Marek Marcola <[hidden email]> wrote:
Hello,

> I am using the following client hello message format for an SSL V3 Server:
>
>
>
> unsigned char buf[BUFSIZE] =
> "\x01" /* client hello msg */
>
> "\x03\x00" /* client version */
> "\x00\x18" /* cipher specs length */
> "\x00\x00" /* session id length */
> "\x00\x10" /* challenge length */
>
> "\x07\x00\xc0\x05\x00\x80\x03\x00" /* cipher specs data */
> "\x80\x01\x00\x80\x08\x00\x80\x06"
> "\x00\x40\x04\x00\x80\x02\x00\x80"
>
> ""; /* session id data */
>
>
>

>
> The message i am getting at server end is:
>
>
>
> error:1408A0B6:SSL routines:SSL3_GET_CLIENT_HELLO:no ciphers passed
This looks like SSL2 client_hello.
For that to work you must add SSL2 record header, in this case
two bytes {0x80, len} where len in length of handshake data.
You cannot use here SSL3/TLS1 record header.
And if you specified 16 bytes of chalenge/random data, you must add this
data to packet too.

Best regards,
--
Marek Marcola

______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [hidden email]
Automated List Manager [hidden email]


Choose the right car based on your needs. Check out Yahoo! Autos new Car Finder tool.
Reply | Threaded
Open this post in threaded view
|

Re: Regarding OpenSSL communication

Marek.Marcola
Hello,

>                       I request you to please have mercy on me. I have
> to communicate to SSL v3 Server using SSL v3 Client Hello Message. The
> following is my client hello message:
>
> <snip>
>
>          "\x01"
>          "\x03\x01"              /* SSL Version */
>          "\x40\x7b\xab\xc0"      /* GMT */
>          "\x32\x41\x52\xd3\x46\x63\xea\x22"
>          "\x37\x22\x33\x70\x2e\xfe\x80\x08"
>          "\xeb\x82\xe9\xcd\xba\x97\x84\xbd"
>          "\xd4\x8a\x9d\xe2"      /* Random Value */
>          "\x00\x18"              /* cipher specs length */
>          "\x00\x00"              /* Session ID Length */
>          "\x00\x00\x33\x00\x00\x32\x00\x00"      /* cipher specs data
> */
>          "\x35\x01\x00\x80\x08\x00\x80\x06"
>          "\x00\x40\x04\x00\x80\x02\x00\x80"
>          "\x02\x01\x00"              /* Compression Method */
>
> </snip>
>
> I am somehow not getting GMT and random value details in ethereal. Is
> the above stuff the right SSL v3 Client Hello?
>
> Please help me out as i have to finish my project tomorrow morning!
If you really want SSL2 client_hello here is example:

80 2f 01 03 01 00 06 00 00 00 20 00 00 35 00 00
2f 21 fc e5 6d 1e b9 49 78 55 ca fc 83 75 a4 75
82 5a 05 8a d2 51 8c bf dc 96 d2 fe 77 c1 60 8b
26

and this means:

80 - SSL2 handshake
2f - length of packet data (47 bytes)
01 - SSL2 client_hello packet
03 00 - SSL3 proposition
00 06 - cipher suite len
00 00 - session id len
00 20 - client_random/chalenge len (32 bytes)
00 00 35 - first cipher suite (rsa_aes256_sha1)
00 00 2f - second cipher suite (rsa_aes128_sha1)
21 fc e5 6d 1e b9 49-78 55 ca fc 83 75 a4 75 82 - client_random/challenge (to end)
5a 05 8a d2 51 8c bf-dc 96 d2 fe 77 c1 60 8b 26

This data send to server after will be properly understood.
This packet is build with SSL Record Header (2 bytes) and with
SSL Handshake client_hello packet (rest of data).

SSL3 form of this packet will be:

16 03 00 00 2f 01 00 00-2b 03 00 46 cd dd 9e ab
47 d3 b4 6a e6 3a 00 0d-c1 3f e3 9c 17 a6 c3 3d
8d 89 63 10 6b 55 bf bd-05 4c fa 00 00 04 00 35
00 2f 01 00

which means:

16 - SSL3/TLS1 handshake packet
03 00 - SSL3 proposition in Record Layer
00 2f - length of handshake data
01 - client_hello packet
00 00-2b length of client_hello data
03 00 - SSL3 proposition in Handshake layer
46 cd dd 9e ab 47 d3 b4 6a e6 3a 00 0d-c1 3f e3 - client_random (32 bytes)
9c 17 a6 c3 3d 8d 89 63 10 6b 55 bf bd-05 4c fa
00 - session id len
00 04 - cipher suite len
00 35 - first cipher suite (rsa_aes256_sha1)
00 2f - second cipher suite (rsa_aes128_sha1)
01 - "compression suite length"
00 - no compression

Here first 5 bytes are SSL Record and rest are SSL handshake.

Best regards,
--
Marek Marcola <[hidden email]>

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Regarding OpenSSL communication

Suchindra Chandrahas
Thanks a lot Marek!

I was making mistake at:

16 - SSL3/TLS1 handshake packet (was not including this)

Now i understood the whole process completely, thanks to your guidance!. If there is any document or any such thing that has such details, it would be great if you could forward it to me. Thanks a lot again, it helped me a lot!

Thanks and Regards,
Suchindra Chandrahas

Marek Marcola <[hidden email]> wrote:
Hello,

> I request you to please have mercy on me. I have
> to communicate to SSL v3 Server using SSL v3 Client Hello Message. The
> following is my client hello message:
>
>
>
> "\x01"
> "\x03\x01" /* SSL Version */
> "\x40\x7b\xab\xc0" /* GMT */
> "\x32\x41\x52\xd3\x46\x63\xea\x22"
> "\x37\x22\x33\x70\x2e\xfe\x80\x08"
> "\xeb\x82\xe9\xcd\xba\x97\x84\xbd"
> "\xd4\x8a\x9d\xe2" /* Random Value */
> "\x00\x18" /* cipher specs length */
> "\x00\x00" /* Session ID Length */
> "\x00\x00\x33\x00\x00\x32\x00\x00" /* cipher specs data
> */
> "\x35\x01\x00\x80\x08\x00\x80\x06"
> "\x00\x40\x04\x00\x80\x02\x00\x80"
> "\x02\x01\x00" /* Compression Method */
>
>

>
> I am somehow not getting GMT and random value details in ethereal. Is
> the above stuff the right SSL v3 Client Hello?
>
> Please help me out as i have to finish my project tomorrow morning!
If you really want SSL2 client_hello here is example:

80 2f 01 03 01 00 06 00 00 00 20 00 00 35 00 00
2f 21 fc e5 6d 1e b9 49 78 55 ca fc 83 75 a4 75
82 5a 05 8a d2 51 8c bf dc 96 d2 fe 77 c1 60 8b
26

and this means:

80 - SSL2 handshake
2f - length of packet data (47 bytes)
01 - SSL2 client_hello packet
03 00 - SSL3 proposition
00 06 - cipher suite len
00 00 - session id len
00 20 - client_random/chalenge len (32 bytes)
00 00 35 - first cipher suite (rsa_aes256_sha1)
00 00 2f - second cipher suite (rsa_aes128_sha1)
21 fc e5 6d 1e b9 49-78 55 ca fc 83 75 a4 75 82 - client_random/challenge (to end)
5a 05 8a d2 51 8c bf-dc 96 d2 fe 77 c1 60 8b 26

This data send to server after will be properly understood.
This packet is build with SSL Record Header (2 bytes) and with
SSL Handshake client_hello packet (rest of data).

SSL3 form of this packet will be:

16 03 00 00 2f 01 00 00-2b 03 00 46 cd dd 9e ab
47 d3 b4 6a e6 3a 00 0d-c1 3f e3 9c 17 a6 c3 3d
8d 89 63 10 6b 55 bf bd-05 4c fa 00 00 04 00 35
00 2f 01 00

which means:

16 - SSL3/TLS1 handshake packet
03 00 - SSL3 proposition in Record Layer
00 2f - length of handshake data
01 - client_hello packet
00 00-2b length of client_hello data
03 00 - SSL3 proposition in Handshake layer
46 cd dd 9e ab 47 d3 b4 6a e6 3a 00 0d-c1 3f e3 - client_random (32 bytes)
9c 17 a6 c3 3d 8d 89 63 10 6b 55 bf bd-05 4c fa
00 - session id len
00 04 - cipher suite len
00 35 - first cipher suite (rsa_aes256_sha1)
00 2f - second cipher suite (rsa_aes128_sha1)
01 - "compression suite length"
00 - no compression

Here first 5 bytes are SSL Record and rest are SSL handshake.

Best regards,
--
Marek Marcola

______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [hidden email]
Automated List Manager [hidden email]


Building a website is a piece of cake.
Yahoo! Small Business gives you all the tools to get online.
Reply | Threaded
Open this post in threaded view
|

Re: Regarding OpenSSL communication

jimmy bahuleyan
Suchindra Chandrahas wrote:
> Thanks a lot Marek!
>
> I was making mistake at:
>
> 16 - SSL3/TLS1 handshake packet (was not including this)
>
> Now i understood the whole process completely, thanks to your guidance!.
> If there is any document or any such thing that has such details,
> it would be great if you could forward it to me.

I'm not sure how you missed the document "RFC 2246", oh well..

You could also read the fine book by Eric Rescorla - "SSL and TLS:
Designing and Building Secure Systems".

-jb
--
Baruch's Observation:
        If all you have is a hammer, everything looks like a nail.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]