Wrong signature type error trying to connect to gibs.earthdata.nasa.gov on Ubuntu 20.04

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Wrong signature type error trying to connect to gibs.earthdata.nasa.gov on Ubuntu 20.04

OpenSSL - User mailing list
Hi all,
on Ubuntu 20.04 LTS 64 bit, with OpenSSL version 1.1.1f, it is not
possible to connect to a popular GIS OGC server at
gibs.earthdata.nasa.gov:443 using OpenSSL or cUrl or Wget default
parameters. The OpenSSL 1.1.1f package available for Ubuntu 20.04 is
build with the "-DOPENSSL_TLS_SECURITY_LEVEL=2" option.

The relevant errors are: "SSL routines:tls12_check_peer_sigalg:wrong
signature type:../ssl/t1_lib.c:1145" and "SSL3 alert
write:fatal:handshake failure".

On the same machine it is possible to connect to that server using
Firefox version 79.0 (the reported connection security properties are
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 256 bit keys, TLS 1.2") or
gnutls-cli version 3.6.13 (the reported connection security properties
are "(TLS1.2-X.509)-(ECDHE-SECP384R1)-(RSA-SHA1)-(AES-256-GCM)").
The connection is also possible on Ubuntu 18.04 (OpenSSL 1.1.1 without
the "-DOPENSSL_TLS_SECURITY_LEVEL=2" build option).

I already know the source of the issue (the server uses SHA1 as peer
signing digest which is not allowed at SECURITY LEVEL = 2) and how to
workaround it (setting SECLEVEL=1 as a cli option or in openssl.cnf),
but I'd like to know if it is due to a misconfigured / non compliant
server or to a bug in OpenSSL.

In the former case, I'd like to know some technical specifications to
refer to in order to submit the issue to the gibs.earthdata.nasa.gov
system administrators so that they can understand the problem and
configure the server correctly.

Best regards.

Andrea Giudiceandrea

Note:

see the following excerpts from the connection logs:

**************
$ openssl s_client -state -connect gibs.earthdata.nasa.gov:443
CONNECTED(00000003)
SSL_connect:before SSL initialization
SSL_connect:SSLv3/TLS write client hello
SSL_connect:SSLv3/TLS write client hello
SSL_connect:SSLv3/TLS read server hello
depth=2 C = US, O = "Entrust, Inc.", OU = See
www.entrust.net/legal-terms, OU = "(c) 2009 Entrust, Inc. - for
authorized use only", CN = Entrust Root Certification Authority - G2
verify return:1
depth=1 C = US, O = "Entrust, Inc.", OU = See
www.entrust.net/legal-terms, OU = "(c) 2012 Entrust, Inc. - for
authorized use only", CN = Entrust Certification Authority - L1K
verify return:1
depth=0 C = US, ST = Maryland, L = Greenbelt, O = NASA (National
Aeronautics and Space Administration), CN = gibs.earthdata.nasa.gov
verify return:1
SSL_connect:SSLv3/TLS read server certificate
SSL3 alert write:fatal:handshake failure
SSL_connect:error in error
139920655459648:error:1414D172:SSL
routines:tls12_check_peer_sigalg:wrong signature type:../ssl/t1_lib.c:1145:
[...]
---
No client certificate CA names sent
Server Temp Key: ECDH, P-384, 384 bits
---
SSL handshake has read 5443 bytes and written 322 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID:
12B3427E761029EDED05CB26B3DD854ADE7B0D68061C2515A60A8A297AC968DB
    Session-ID-ctx:
    Master-Key:
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1597339233
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
---
**************

**************
$ openssl s_client -connect gibs.earthdata.nasa.gov:443 -cipher
DEFAULT@SECLEVEL=1
CONNECTED(00000003)
depth=2 C = US, O = "Entrust, Inc.", OU = See
www.entrust.net/legal-terms, OU = "(c) 2009 Entrust, Inc. - for
authorized use only", CN = Entrust Root Certification Authority - G2
verify return:1
depth=1 C = US, O = "Entrust, Inc.", OU = See
www.entrust.net/legal-terms, OU = "(c) 2012 Entrust, Inc. - for
authorized use only", CN = Entrust Certification Authority - L1K
verify return:1
depth=0 C = US, ST = Maryland, L = Greenbelt, O = NASA (National
Aeronautics and Space Administration), CN = gibs.earthdata.nasa.gov
verify return:1
[...]
---
No client certificate CA names sent
Peer signing digest: SHA1
Peer signature type: RSA
Server Temp Key: ECDH, P-384, 384 bits
---
SSL handshake has read 5503 bytes and written 483 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID:
A48C668A8154E1A81137873D8D7D6CCF77B4C31729074C8C37A67B4A1CE9B155
    Session-ID-ctx:
    Master-Key:
D0147A71395D3336D998B1499630E4D4BA965F1BC9D8E526EF232A7D15ECC7989AE3A8844693D628C47B76A7BA8BFC4B
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1597384544
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
---
**************

Reply | Threaded
Open this post in threaded view
|

Re: Wrong signature type error trying to connect to gibs.earthdata.nasa.gov on Ubuntu 20.04

Tomas Mraz
It is not a bug in OpenSSL and it is not a misconfiguration or non-compliance on the server side either. Basically to enhance security the default seclevel on Debian and Ubuntu was raised to 2 which doesn't allow SHA1 signatures which are weak. The server apparently doesn't support them which indicates that it is some older implementation but that doesn't necessarily mean it is non-compliant. It is just less capable.

However the SHA1 signatures are regarded as seriously weakened currently, so it would be certainly a very good idea to upgrade/fix the server to support SHA2 based signatures.

⁣Tomáš​ Mráz

14. 8. 2020 8:00, 8:00, Andrea Giudiceandrea via openssl-users <[hidden email]> napsal/a:

>Hi all,
>on Ubuntu 20.04 LTS 64 bit, with OpenSSL version 1.1.1f, it is not
>possible to connect to a popular GIS OGC server at
>gibs.earthdata.nasa.gov:443 using OpenSSL or cUrl or Wget default
>parameters. The OpenSSL 1.1.1f package available for Ubuntu 20.04 is
>build with the "-DOPENSSL_TLS_SECURITY_LEVEL=2" option.
>
>The relevant errors are: "SSL routines:tls12_check_peer_sigalg:wrong
>signature type:../ssl/t1_lib.c:1145" and "SSL3 alert
>write:fatal:handshake failure".
>
>On the same machine it is possible to connect to that server using
>Firefox version 79.0 (the reported connection security properties are
>"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 256 bit keys, TLS 1.2") or
>gnutls-cli version 3.6.13 (the reported connection security properties
>are "(TLS1.2-X.509)-(ECDHE-SECP384R1)-(RSA-SHA1)-(AES-256-GCM)").
>The connection is also possible on Ubuntu 18.04 (OpenSSL 1.1.1 without
>the "-DOPENSSL_TLS_SECURITY_LEVEL=2" build option).
>
>I already know the source of the issue (the server uses SHA1 as peer
>signing digest which is not allowed at SECURITY LEVEL = 2) and how to
>workaround it (setting SECLEVEL=1 as a cli option or in openssl.cnf),
>but I'd like to know if it is due to a misconfigured / non compliant
>server or to a bug in OpenSSL.
>
>In the former case, I'd like to know some technical specifications to
>refer to in order to submit the issue to the gibs.earthdata.nasa.gov
>system administrators so that they can understand the problem and
>configure the server correctly.
>
>Best regards.
>
>Andrea Giudiceandrea
>
>Note:
>
>see the following excerpts from the connection logs:
>
>**************
>$ openssl s_client -state -connect gibs.earthdata.nasa.gov:443
>CONNECTED(00000003)
>SSL_connect:before SSL initialization
>SSL_connect:SSLv3/TLS write client hello
>SSL_connect:SSLv3/TLS write client hello
>SSL_connect:SSLv3/TLS read server hello
>depth=2 C = US, O = "Entrust, Inc.", OU = See
>www.entrust.net/legal-terms, OU = "(c) 2009 Entrust, Inc. - for
>authorized use only", CN = Entrust Root Certification Authority - G2
>verify return:1
>depth=1 C = US, O = "Entrust, Inc.", OU = See
>www.entrust.net/legal-terms, OU = "(c) 2012 Entrust, Inc. - for
>authorized use only", CN = Entrust Certification Authority - L1K
>verify return:1
>depth=0 C = US, ST = Maryland, L = Greenbelt, O = NASA (National
>Aeronautics and Space Administration), CN = gibs.earthdata.nasa.gov
>verify return:1
>SSL_connect:SSLv3/TLS read server certificate
>SSL3 alert write:fatal:handshake failure
>SSL_connect:error in error
>139920655459648:error:1414D172:SSL
>routines:tls12_check_peer_sigalg:wrong signature
>type:../ssl/t1_lib.c:1145:
>[...]
>---
>No client certificate CA names sent
>Server Temp Key: ECDH, P-384, 384 bits
>---
>SSL handshake has read 5443 bytes and written 322 bytes
>Verification: OK
>---
>New, (NONE), Cipher is (NONE)
>Server public key is 2048 bit
>Secure Renegotiation IS supported
>Compression: NONE
>Expansion: NONE
>No ALPN negotiated
>SSL-Session:
>    Protocol  : TLSv1.2
>    Cipher    : 0000
>    Session-ID:
>12B3427E761029EDED05CB26B3DD854ADE7B0D68061C2515A60A8A297AC968DB
>    Session-ID-ctx:
>    Master-Key:
>    PSK identity: None
>    PSK identity hint: None
>    SRP username: None
>    Start Time: 1597339233
>    Timeout   : 7200 (sec)
>    Verify return code: 0 (ok)
>    Extended master secret: no
>---
>**************
>
>**************
>$ openssl s_client -connect gibs.earthdata.nasa.gov:443 -cipher
>DEFAULT@SECLEVEL=1
>CONNECTED(00000003)
>depth=2 C = US, O = "Entrust, Inc.", OU = See
>www.entrust.net/legal-terms, OU = "(c) 2009 Entrust, Inc. - for
>authorized use only", CN = Entrust Root Certification Authority - G2
>verify return:1
>depth=1 C = US, O = "Entrust, Inc.", OU = See
>www.entrust.net/legal-terms, OU = "(c) 2012 Entrust, Inc. - for
>authorized use only", CN = Entrust Certification Authority - L1K
>verify return:1
>depth=0 C = US, ST = Maryland, L = Greenbelt, O = NASA (National
>Aeronautics and Space Administration), CN = gibs.earthdata.nasa.gov
>verify return:1
>[...]
>---
>No client certificate CA names sent
>Peer signing digest: SHA1
>Peer signature type: RSA
>Server Temp Key: ECDH, P-384, 384 bits
>---
>SSL handshake has read 5503 bytes and written 483 bytes
>Verification: OK
>---
>New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
>Server public key is 2048 bit
>Secure Renegotiation IS supported
>Compression: NONE
>Expansion: NONE
>No ALPN negotiated
>SSL-Session:
>    Protocol  : TLSv1.2
>    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
>    Session-ID:
>A48C668A8154E1A81137873D8D7D6CCF77B4C31729074C8C37A67B4A1CE9B155
>    Session-ID-ctx:
>    Master-Key:
>D0147A71395D3336D998B1499630E4D4BA965F1BC9D8E526EF232A7D15ECC7989AE3A8844693D628C47B76A7BA8BFC4B
>    PSK identity: None
>    PSK identity hint: None
>    SRP username: None
>    Start Time: 1597384544
>    Timeout   : 7200 (sec)
>    Verify return code: 0 (ok)
>    Extended master secret: no
>---
>**************

Reply | Threaded
Open this post in threaded view
|

Re: Wrong signature type error trying to connect to gibs.earthdata.nasa.gov on Ubuntu 20.04

OpenSSL - User mailing list
Hi ⁣Tomáš​,
thank you very much for the clarification.

Best regards.

Andrea

Il 14/08/2020 08:41, Tomas Mraz ha scritto:
> The server apparently doesn't support them which indicates that it is
> some older implementation but that doesn't necessarily mean it is
> non-compliant. It is just less capable.