SSL Alert Warning treated Fatal without Explicit SSL/TLS Version

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

SSL Alert Warning treated Fatal without Explicit SSL/TLS Version

Fabian Hugelshofer-3
Hi all,

When setting a Server Name Indicator in a client hello message, the
server might set an Unrecognized Name alert in the server hello if it
does not know the requested server name. This alert can have level
Warning or Fatal.

If a server sends an Unrecognized Name alert with severity level
Warning, s_client fails to complete the SSL handshake if TSL1 or SSL3
have not been explicitly requested. Disallowing SSL2 does not help.

# No protocol specification
$ openssl s_client -connect www.goeldi.ch:443 -servername www.goeldi.ch
CONNECTED(00000003)
12219:error:14077458:SSL
routines:SSL23_GET_SERVER_HELLO:reason(1112):s23_clnt.c:602:

# Disallow SSL2
$ openssl s_client -connect www.goeldi.ch:443 -servername www.goeldi.ch
-no_ssl2
CONNECTED(00000003)
22897:error:14077458:SSL
routines:SSL23_GET_SERVER_HELLO:reason(1112):s23_clnt.c:602:

# Force SSL3
$ openssl s_client -connect www.goeldi.ch:443 -servername www.goeldi.ch
-ssl3
OK

# Force TLS1
$ openssl s_client -connect www.goeldi.ch:443 -servername www.goeldi.ch
-tls1
OK

Without explicitly enforcing a SSL/TLS version, "SSL23 mode" seems to be
used even though the SSL version in both client and server hellos is
TLS1 (verified with tcpdump). This mode does not seem to handle the
SSL3/TLS1 warning properly.

It could be that this has to do with the server sending the Alert before
the Server Hello. The SSL23 mode is probably used until the server SSL
version is read from the server hello (after processing the Alert).

Is the server allowed to send the Alert before the Server Hello?

Should OpenSSL not treat the warning as non-fatal as it does when SSL3
or TLS1 is enforced?

Should SSL_OP_NO_SSLv2 not cause that the SSL23 mode is not used?

Thanks for your help.

Regards,

Fabian


--
$ openssl version -a
OpenSSL 0.9.8r 8 Feb 2011
built on: Mon Aug  8 02:16:00 MEST 2011
platform: linux-elf
options:  bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long)
blowfish(idx)
compiler: gcc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT
-pthread -DDSO_DLFCN -DHAVE_DLFCN_H
-DPK11_LIB_LOCATION="/usr/lib/pkcs11/PKCS11_API.so" -DSSL_FORBID_ENULL
-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
-DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DMD5_ASM
-DRMD160_ASM -DAES_ASM
OPENSSLDIR: "/etc/ssl"
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]