s_client version 1.1 fails to handshake to s_server when -nocert option

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

s_client version 1.1 fails to handshake to s_server when -nocert option

Michel

Hi,

 

s_client version 1.0.2e handshakes successfully to s_server when option -nocert is used :

 

openssl s_server -nocert -cipher "ALL:eNULL:@STRENGTH"

openssl s_client  -cipher "ALL:eNULL:@STRENGTH"

result : TLS 1.2, AECDH-AES256-SHA

 

openssl s_server -nocert -cipher "ALL:eNULL:!ECDH:@STRENGTH"

openssl s_client -cipher "ALL:eNULL:@STRENGTH"

result : TLS 1.2, ADH-AES256-GCM-SHA384

 

but NOT with version 1.1-pre :

openssl s_server -nocert -cipher "ALL:eNULL:@STRENGTH"

openssl s_client  -cipher "ALL:eNULL:@STRENGTH"

 

server :

Using default temp DH parameters

ACCEPT

ERROR

6952:error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher:.\ssl\statem\statem_srvr.c:1528:

shutting down SSL

CONNECTION CLOSED

 

client:

CONNECTED(00000304)

11432:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:.\ssl\record\rec_layer_s3.c:1355:SSL alert number 40

 

As I do not see any reason for that, I believe it is a bug but I was not able to diagnose/fix it.

(traces are attached to this mail).

 

Regards,

 

Michel.


_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

client_err_out.txt (700K) Download Attachment
client_out.txt (11K) Download Attachment
server_err_out.txt (724K) Download Attachment
server_out.txt (11K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: s_client version 1.1 fails to handshake to s_server when -nocert option

Viktor Dukhovni

> On Jan 10, 2016, at 8:39 AM, Michel <[hidden email]> wrote:
>
> but NOT with version 1.1-pre :
> openssl s_server -nocert -cipher "ALL:eNULL:@STRENGTH"
> openssl s_client  -cipher "ALL:eNULL:@STRENGTH"
>  

Try:

        -cipher "ALL:eNULL:@STRENGTH:@SECLEVEL=0"

The default security level 1 disables aNULL ciphers.

Perhaps disabling aNULL via @SECLEVEL is not the right thing to do.
The semantics of SECLEVEL are not yet set in stone, and authentication
is quite separate from crypto security, so perhaps if you enable aNULL
ciphers you should get them.  After all, even if certificates are used,
nothing forces you to verify them.

--
        Viktor.



_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Reply | Threaded
Open this post in threaded view
|

Re: s_client version 1.1 fails to handshake to s_server when -nocert option

Michel
Thank you very much for your answer Viktor !
It works, using :
openssl s_server -nocert -cipher "ALL:@STRENGTH:@SECLEVEL=0"
openssl s_client -cipher "ALL:@STRENGTH:@SECLEVEL=0"
I was able to handshake a "AECDH-AES256-SHA" cipher.
:-)
I will try to investigate deeper around the SECLEVEL=... keyword that I
completely missed.

Regards,

Michel.

-----Message d'origine-----
De : openssl-dev [mailto:[hidden email]] De la part de
Viktor Dukhovni
Envoyé : lundi 25 janvier 2016 15:55
À : [hidden email]
Objet : Re: [openssl-dev] s_client version 1.1 fails to handshake to
s_server when -nocert option


> On Jan 10, 2016, at 8:39 AM, Michel <[hidden email]> wrote:
>
> but NOT with version 1.1-pre :
> openssl s_server -nocert -cipher "ALL:eNULL:@STRENGTH"
> openssl s_client  -cipher "ALL:eNULL:@STRENGTH"
>  

Try:

        -cipher "ALL:eNULL:@STRENGTH:@SECLEVEL=0"

The default security level 1 disables aNULL ciphers.

Perhaps disabling aNULL via @SECLEVEL is not the right thing to do.
The semantics of SECLEVEL are not yet set in stone, and authentication is
quite separate from crypto security, so perhaps if you enable aNULL ciphers
you should get them.  After all, even if certificates are used, nothing
forces you to verify them.

--
        Viktor.



_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Reply | Threaded
Open this post in threaded view
|

Re: s_client version 1.1 fails to handshake to s_server when -nocert option

Viktor Dukhovni

> On Jan 25, 2016, at 11:36 AM, Michel <[hidden email]> wrote:
>
> Thank you very much for your answer Viktor !
> It works, using :
> openssl s_server -nocert -cipher "ALL:@STRENGTH:@SECLEVEL=0"
> openssl s_client -cipher "ALL:@STRENGTH:@SECLEVEL=0"
> I was able to handshake a "AECDH-AES256-SHA" cipher.
> :-)
> I will try to investigate deeper around the SECLEVEL=... keyword that I
> completely missed.

It is a very new feature and easy to miss amidst all other other new
features.  I am currently working on fixing some corner cases in this
very code, so this is a good time to discuss whether @SECLEVEL should
have any bearing on aNULL support.  My instinct is that it should not,
and I'm going to submit code that allows one to set a floor on the
various crypto primitives allowed even for aNULL connections (which
may be authenticated by other means).

--
        Viktor.



_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Reply | Threaded
Open this post in threaded view
|

Re: s_client version 1.1 fails to handshake to s_server when -nocert option

Michel
I just found the man about setting the security level which is very helpful.
May I suggest that a link be added to the 'see also' paragraph of the
ciphers documentation ?

From https://www.openssl.org/docs/manmaster/apps/ciphers.html
To https://www.openssl.org/docs/manmaster/ssl/SSL_set_security_level.html

> this is a good time to discuss whether @SECLEVEL should have any bearing
on aNULL support.

Unfortunatly, I have no valuable opinion, but I would be pleased to read
about arguments that will be discussed on this list.

Thanks again,

Michel.

-----Message d'origine-----
De : openssl-dev [mailto:[hidden email]] De la part de
Viktor Dukhovni
Envoyé : lundi 25 janvier 2016 18:48
À : [hidden email]
Objet : Re: [openssl-dev] s_client version 1.1 fails to handshake to
s_server when -nocert option


> On Jan 25, 2016, at 11:36 AM, Michel <[hidden email]> wrote:
>
> Thank you very much for your answer Viktor !
> It works, using :
> openssl s_server -nocert -cipher "ALL:@STRENGTH:@SECLEVEL=0"
> openssl s_client -cipher "ALL:@STRENGTH:@SECLEVEL=0"
> I was able to handshake a "AECDH-AES256-SHA" cipher.
> :-)
> I will try to investigate deeper around the SECLEVEL=... keyword that I
> completely missed.

It is a very new feature and easy to miss amidst all other other new
features.  I am currently working on fixing some corner cases in this
very code, so this is a good time to discuss whether @SECLEVEL should
have any bearing on aNULL support.  My instinct is that it should not,
and I'm going to submit code that allows one to set a floor on the
various crypto primitives allowed even for aNULL connections (which
may be authenticated by other means).

--
        Viktor.

_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev