configuring OpenSSL to split handshake messages

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

configuring OpenSSL to split handshake messages

Eugène Adell
Hello,

I am looking for a way to configure OpenSSL then it will send handshake records one by one in their respective TCP packet, instead of sending one big message containing several records. Typically, in my network captures I see the server sending one message containing Server Hello + Certificate + Server Hello Done records, and I would like to know how to send 3 messages, each one containing only one record. I checked OpenSSL options and the user mailing-list archives without finding the answer, and I am not sure this is even possible (by configuration only).

thanks in advance
E.A.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: configuring OpenSSL to split handshake messages

Matt Caswell-2


On 15/11/2018 10:53, Eugène Adell wrote:

> Hello,
>
> I am looking for a way to configure OpenSSL then it will send handshake records
> one by one in their respective TCP packet, instead of sending one big message
> containing several records. Typically, in my network captures I see the server
> sending one message containing Server Hello + Certificate + Server Hello Done
> records, and I would like to know how to send 3 messages, each one containing
> only one record. I checked OpenSSL options and the user mailing-list archives
> without finding the answer, and I am not sure this is even possible (by
> configuration only).

I'm intrigued to know why you would want to do that. Anyway, I don't believe
this is currently possible without modifying the OpenSSL source code.

Matt

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: configuring OpenSSL to split handshake messages

Eugène Adell
This is mainly for experimental reason (client compliance checking, performance measurement). As the SSL/TLS protocol allows it, why not to test ?
If no other solution than modifying the source code, where should I look ?

Le jeu. 15 nov. 2018 à 12:12, Matt Caswell <[hidden email]> a écrit :


On 15/11/2018 10:53, Eugène Adell wrote:
> Hello,
>
> I am looking for a way to configure OpenSSL then it will send handshake records
> one by one in their respective TCP packet, instead of sending one big message
> containing several records. Typically, in my network captures I see the server
> sending one message containing Server Hello + Certificate + Server Hello Done
> records, and I would like to know how to send 3 messages, each one containing
> only one record. I checked OpenSSL options and the user mailing-list archives
> without finding the answer, and I am not sure this is even possible (by
> configuration only).

I'm intrigued to know why you would want to do that. Anyway, I don't believe
this is currently possible without modifying the OpenSSL source code.

Matt

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: configuring OpenSSL to split handshake messages

Matt Caswell-2


On 15/11/2018 11:17, Eugène Adell wrote:
> This is mainly for experimental reason (client compliance checking, performance
> measurement). As the SSL/TLS protocol allows it, why not to test ?
> If no other solution than modifying the source code, where should I look ?

That involves messing with the TLS state machine. Not something to be done
lightly. It also depends on what version of OpenSSL you are using. Assuming
1.1.0 or 1.1.1 then you would need to modify ossl_statem_server_post_work() to
call statem_flush(s) for all messages that you want to immediately flush:

https://github.com/openssl/openssl/blob/ac48fba036e1764dfa98ed0f0aa932491aa1c4ef/ssl/statem/statem_srvr.c#L787-L979

Possibly something like this might be sufficient as a quick hack...totally
untested and without warranty of any kind:

diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index e7c11c4bea..c0e613ad47 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -790,6 +790,9 @@ WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst)

     s->init_num = 0;

+    if (statem_flush(s) != 1)
+        return WORK_MORE_A;
+
     switch (st->hand_state) {
     default:
         /* No post work to be done */

Matt


>
> Le jeu. 15 nov. 2018 à 12:12, Matt Caswell <[hidden email]
> <mailto:[hidden email]>> a écrit :
>
>
>
>     On 15/11/2018 10:53, Eugène Adell wrote:
>     > Hello,
>     >
>     > I am looking for a way to configure OpenSSL then it will send handshake
>     records
>     > one by one in their respective TCP packet, instead of sending one big message
>     > containing several records. Typically, in my network captures I see the server
>     > sending one message containing Server Hello + Certificate + Server Hello Done
>     > records, and I would like to know how to send 3 messages, each one containing
>     > only one record. I checked OpenSSL options and the user mailing-list archives
>     > without finding the answer, and I am not sure this is even possible (by
>     > configuration only).
>
>     I'm intrigued to know why you would want to do that. Anyway, I don't believe
>     this is currently possible without modifying the OpenSSL source code.
>
>     Matt
>
>     --
>     openssl-users mailing list
>     To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: configuring OpenSSL to split handshake messages

OpenSSL - User mailing list
In reply to this post by Eugène Adell

You can do this by writing your own BIO (probably based on memory) that then dribbles data out to its own internal socket.


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: configuring OpenSSL to split handshake messages

Michael Wojcik
In reply to this post by Matt Caswell-2
> From: openssl-users [mailto:[hidden email]] On Behalf
> Of Matt Caswell
> Sent: Thursday, November 15, 2018 06:12
>
> On 15/11/2018 10:53, Eugène Adell wrote:
> > I am looking for a way to configure OpenSSL then it will send handshake records
> > one by one in their respective TCP packet, instead of sending one big message
> > containing several records.
>
> I'm intrigued to know why you would want to do that. Anyway, I don't believe
> this is currently possible without modifying the OpenSSL source code.

Even then, it can't be guaranteed at the application level. TCP is a byte-stream service; the stack is permitted to accumulate application sends and split them into TCP segments any way it likes. (And then there's the possibility of IP fragmentation on top of that, though that shouldn't happen on a local network and is unlikely these days in any case, thanks to Path MTU.)

Networking APIs such as sockets may let the application attempt to flush output, but the stack can ignore that.

Similarly, on the receiving side, the stack can accumulate data or deliver it to the receiving application piecemeal. As long as it's not reordered, TCP makes no guarantees about how it's broken up. (There's the TCP PSH [Push] flag, but that's merely advistory to the receiving stack; the stack can ignore it.)

Applications (which includes OpenSSL in this context) should not try to control how messages appear on the wire, aside from attempting to avoid small sends when there is additional data available to send.

--
Michael Wojcik
Distinguished Engineer, Micro Focus


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: configuring OpenSSL to split handshake messages

Viktor Dukhovni
In reply to this post by Eugène Adell
> On Nov 15, 2018, at 5:53 AM, Eugène Adell <[hidden email]> wrote:
>
> I am looking for a way to configure OpenSSL then it will send handshake
> records one by one in their respective TCP packet, instead of sending one
> big message containing several records. Typically, in my network captures
> I see the server sending one message containing Server Hello + Certificate
> + Server Hello Done records, and I would like to know how to send 3
> messages, each one containing only one record. I checked OpenSSL options
> and the user mailing-list archives without finding the answer, and I am
> not sure this is even possible (by configuration only).

Not possible "by configuration only", but if you put a biopair between
OpenSSL and the network, you can read TLS records from the output side
of the biopair (by reading the record header, and then reading the
corresponding number of payload bytes), and then attempt to transmit
each record separately by performing a separate write to the TCP
socket (with Nagle delays disabled).

Of course you'll then also need to read from the network socket and
write the data to the input side of the biopair.  There are examples
of biopair use you can find.

--
        Viktor.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: configuring OpenSSL to split handshake messages

Eugène Adell
Thanks for all of your answers.

I tried Matt's quick hack, and I confirm it's quick and efficient. I compiled and ran an Apache server, locally (but I'll make more tests) I see what I wanted to see, with the server handshake records being sent one by one.
Here is the capture info :

No.     Time           Source                Destination           Window size value Protocol Length Server Name Info
4 0.243570       127.0.0.1             127.0.0.1             43690             TCP      74                 46706 → 7989 [SYN] Seq=0 Win=43690 Len=0 MSS=65495 SACK_PERM=1 TSval=1203506813 TSecr=0 WS=128
5 0.243722       127.0.0.1             127.0.0.1             43690             TCP      74                 7989 → 46706 [SYN, ACK] Seq=0 Ack=1 Win=43690 Len=0 MSS=65495 SACK_PERM=1 TSval=1203506813 TSecr=1203506813 WS=128
6 0.243877       127.0.0.1             127.0.0.1             342               TCP      66                 46706 → 7989 [ACK] Seq=1 Ack=1 Win=43776 Len=0 TSval=1203506814 TSecr=1203506813
7 0.455007       127.0.0.1             127.0.0.1             342               TLSv1.2  239    localhost   Client Hello
8 0.455119       127.0.0.1             127.0.0.1             350               TCP      66                 7989 → 46706 [ACK] Seq=1 Ack=174 Win=44800 Len=0 TSval=1203507025 TSecr=1203507025
9 0.457130       127.0.0.1             127.0.0.1             350               TLSv1.2  160                Server Hello
10 0.457156       127.0.0.1             127.0.0.1             342               TCP      66                 46706 → 7989 [ACK] Seq=174 Ack=95 Win=43776 Len=0 TSval=1203507027 TSecr=1203507027
11 0.457384       127.0.0.1             127.0.0.1             350               TLSv1.2  905                Certificate
12 0.457413       127.0.0.1             127.0.0.1             355               TCP      66                 46706 → 7989 [ACK] Seq=174 Ack=934 Win=45440 Len=0 TSval=1203507027 TSecr=1203507027
13 0.464522       127.0.0.1             127.0.0.1             350               TLSv1.2  404                Server Key Exchange
14 0.464551       127.0.0.1             127.0.0.1             368               TCP      66                 46706 → 7989 [ACK] Seq=174 Ack=1272 Win=47104 Len=0 TSval=1203507034 TSecr=1203507034
15 0.464682       127.0.0.1             127.0.0.1             350               TLSv1.2  75                 Server Hello Done
16 0.464706       127.0.0.1             127.0.0.1             368               TCP      66                 46706 → 7989 [ACK] Seq=174 Ack=1281 Win=47104 Len=0 TSval=1203507035 TSecr=1203507034
17 0.472451       127.0.0.1             127.0.0.1             368               TLSv1.2  192                Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
18 0.474058       127.0.0.1             127.0.0.1             350               TLSv1.2  72                 Change Cipher Spec
19 0.474291       127.0.0.1             127.0.0.1             350               TLSv1.2  111                Encrypted Handshake Message
20 0.474425       127.0.0.1             127.0.0.1             368               TCP      66                 46706 → 7989 [ACK] Seq=300 Ack=1332 Win=47104 Len=0 TSval=1203507044 TSecr=1203507044
21 0.475191       127.0.0.1             127.0.0.1             368               TLSv1.2  173                Application Data
22 0.476450       127.0.0.1             127.0.0.1             350               TLSv1.2  379                Application Data
23 0.477625       127.0.0.1             127.0.0.1             381               TLSv1.2  97                 Encrypted Alert
24 0.477949       127.0.0.1             127.0.0.1             381               TCP      66                 46706 → 7989 [FIN, ACK] Seq=438 Ack=1645 Win=48768 Len=0 TSval=1203507048 TSecr=1203507046
25 0.478294       127.0.0.1             127.0.0.1             350               TLSv1.2  97                 Encrypted Alert
26 0.478356       127.0.0.1             127.0.0.1             0                 TCP      54                 46706 → 7989 [RST] Seq=439 Win=0 Len=0

Eugene.

Le jeu. 15 nov. 2018 à 21:12, Viktor Dukhovni <[hidden email]> a écrit :
> On Nov 15, 2018, at 5:53 AM, Eugène Adell <[hidden email]> wrote:
>
> I am looking for a way to configure OpenSSL then it will send handshake
> records one by one in their respective TCP packet, instead of sending one
> big message containing several records. Typically, in my network captures
> I see the server sending one message containing Server Hello + Certificate
> + Server Hello Done records, and I would like to know how to send 3
> messages, each one containing only one record. I checked OpenSSL options
> and the user mailing-list archives without finding the answer, and I am
> not sure this is even possible (by configuration only).

Not possible "by configuration only", but if you put a biopair between
OpenSSL and the network, you can read TLS records from the output side
of the biopair (by reading the record header, and then reading the
corresponding number of payload bytes), and then attempt to transmit
each record separately by performing a separate write to the TCP
socket (with Nagle delays disabled).

Of course you'll then also need to read from the network socket and
write the data to the input side of the biopair.  There are examples
of biopair use you can find.

--
        Viktor.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: configuring OpenSSL to split handshake messages

Hubert Kario
In reply to this post by Eugène Adell
On Thursday, 15 November 2018 12:17:41 CET Eugène Adell wrote:
> This is mainly for experimental reason (client compliance checking,
> performance measurement). As the SSL/TLS protocol allows it, why not to
> test ?
> If no other solution than modifying the source code, where should I look ?

beating my own drum: there's https://github.com/tomato42/tlsfuzzer aimed
specifically for doing that (testing and full control over handshake)

--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00  Brno, Czech Republic
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

signature.asc (849 bytes) Download Attachment