[openssl-users] Question regarding TLS renegotiation and configuration of Openssl ssl context

Silverman, Ariel ariel.silverman at intel.com
Thu Nov 9 20:17:18 UTC 2017 

Dear Openssl Gurus,

I am facing the following problem, I am required to create an SSL client that talks (TLSv1.2, TLSv1.1 and TLSv1.0) against 3 different types of servers, one talks  TLSv1.2 only (server_12) , one TLSv1.1 only (server_11) and one TLSv1.0 only (server_10)

The way I am configuring my tls context is as following

Note: I am using Openssl v1.0.2l

SSL_CTX *ctx;
ctx = SSL_CTX_new( SSLv23_method() )
SSL_CTX_set_options(ctx,SSL_OP_NO_SSLv3 | SSL_OP_NO_TICKET);

Now...

When I try to connect to server_10 I see the trace below, the negotiation fails with:
Alert Message
            Level: Fatal (2)
            Description: Protocol Version (70)

It makes sense, since the decription for this failure is:

70

protocol_version

The protocol version the client attempted to negotiate is recognized, but not supported. For example, old protocol versions might be avoided for security reasons. This message is always fatal.


Now my question is:


How do I configure my SSL_CTX options so that I can talk to server_10 whilst being able to connect to server_12 and server_11 and at the same time maintaining security and not becoming vulnerable to RFC7507 ( TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks)


Thank you in advance for your help!!! :)
-Ariel Silverman



Wireshark Trace of TLS negotiation:
===================================


No.     Time           Source                Destination           Protocol Length Info
    517 35.593453      192.168.0.70          192.168.0.102         TLSv1    249    Client Hello

Frame 517: 249 bytes on wire (1992 bits), 249 bytes captured (1992 bits) on interface 0
Ethernet II, Src: Vmware_e4:ae:09 (00:0c:29:e4:ae:09), Dst: Dell_c0:9a:2e (b8:ca:3a:c0:9a:2e)
Internet Protocol Version 4, Src: 192.168.0.70, Dst: 192.168.0.102
Transmission Control Protocol, Src Port: 63441, Dst Port: 16993, Seq: 1, Ack: 1, Len: 195
Secure Sockets Layer
    TLSv1 Record Layer: Handshake Protocol: Client Hello
        Content Type: Handshake (22)
        Version: TLS 1.0 (0x0301)
        Length: 190
        Handshake Protocol: Client Hello
            Handshake Type: Client Hello (1)
            Length: 186
            Version: TLS 1.1 (0x0302)
            Random: cdf0b0cb59d22675e6f840363eed6481674ce6e8714eeb45...
            Session ID Length: 0
            Cipher Suites Length: 100
            Cipher Suites (50 suites)
            Compression Methods Length: 1
            Compression Methods (1 method)
            Extensions Length: 45
            Extension: ec_point_formats (len=4)
            Extension: supported_groups (len=28)
            Extension: heartbeat (len=1)

No.     Time           Source                Destination           Protocol Length Info
    519 35.595600      192.168.0.102         192.168.0.70          TLSv1    1063   Server Hello, Certificate, Certificate Request, Server Hello Done

Frame 519: 1063 bytes on wire (8504 bits), 1063 bytes captured (8504 bits) on interface 0
Ethernet II, Src: Dell_c0:9a:2e (b8:ca:3a:c0:9a:2e), Dst: Vmware_e4:ae:09 (00:0c:29:e4:ae:09)
Internet Protocol Version 4, Src: 192.168.0.102, Dst: 192.168.0.70
Transmission Control Protocol, Src Port: 16993, Dst Port: 63441, Seq: 1, Ack: 196, Len: 1009
Secure Sockets Layer
    TLSv1 Record Layer: Handshake Protocol: Server Hello
        Content Type: Handshake (22)
        Version: TLS 1.0 (0x0301)
        Length: 46
        Handshake Protocol: Server Hello
            Handshake Type: Server Hello (2)
            Length: 42
            Version: TLS 1.0 (0x0301)
            Random: a0cb439203175bf9bb313ad516e0722288bd8d2b0ceb14f6...
            Session ID Length: 4
            Session ID: 79010000
            Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
            Compression Method: null (0)
    TLSv1 Record Layer: Handshake Protocol: Certificate
        Content Type: Handshake (22)
        Version: TLS 1.0 (0x0301)
        Length: 931
        Handshake Protocol: Certificate
            Handshake Type: Certificate (11)
            Length: 927
            Certificates Length: 924
            Certificates (924 bytes)
    TLSv1 Record Layer: Handshake Protocol: Certificate Request
        Content Type: Handshake (22)
        Version: TLS 1.0 (0x0301)
        Length: 8
        Handshake Protocol: Certificate Request
            Handshake Type: Certificate Request (13)
            Length: 4
            Certificate types count: 1
            Certificate types (1 type)
            Distinguished Names Length: 0
    TLSv1 Record Layer: Handshake Protocol: Server Hello Done
        Content Type: Handshake (22)
        Version: TLS 1.0 (0x0301)
        Length: 4
        Handshake Protocol: Server Hello Done
            Handshake Type: Server Hello Done (14)
            Length: 0

No.     Time           Source                Destination           Protocol Length Info
    520 35.595660      192.168.0.70          192.168.0.102         TLSv1    61     Alert (Level: Fatal, Description: Protocol Version)

Frame 520: 61 bytes on wire (488 bits), 61 bytes captured (488 bits) on interface 0
Ethernet II, Src: Vmware_e4:ae:09 (00:0c:29:e4:ae:09), Dst: Dell_c0:9a:2e (b8:ca:3a:c0:9a:2e)
Internet Protocol Version 4, Src: 192.168.0.70, Dst: 192.168.0.102
Transmission Control Protocol, Src Port: 63441, Dst Port: 16993, Seq: 196, Ack: 1010, Len: 7
Secure Sockets Layer
    TLSv1 Record Layer: Alert (Level: Fatal, Description: Protocol Version)
        Content Type: Alert (21)
        Version: TLS 1.0 (0x0301)
        Length: 2
        Alert Message
            Level: Fatal (2)
            Description: Protocol Version (70)




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20171109/6b71c385/attachment-0001.html>

More information about the openssl-users mailing list