[openssl-users] Reg issue in alert message

Matt Caswell matt at openssl.org
Wed Oct 24 12:57:04 UTC 2018



On 24/10/2018 13:25, ramakrushna mishra wrote:
> Hi All,
> 
> Thank you for all for providing the information.
> I suspect we are using " SSL_MODE_SEND_FALLBACK_SCSV  " and that might
> be causing the issue.  The team is looking into this issue now with the
> provided information. 
> 
>  One doubt that came during  our investigation is :
> " If client has highest version of TLS1.3 and server has support for
> TLS1.2 and SLV3 only.   How the handshake will  proceed ? " 

The protocol will negotiate the highest commonly supported protocol
version. So if the server supports TLS1.3 and the client only supports
TLS1.2 then TLS1.2 will be used. Don't use SSLv3. That is disabled by
default in current OpenSSL versions.

Matt

> I am not sure if this question should go to a new thread ?
> 
> Thanks and Regards,
> Ram Krushna
> 
> On Wed, Oct 24, 2018 at 11:47 AM <openssl-users-request at openssl.org
> <mailto:openssl-users-request at openssl.org>> wrote:
> 
>     Send openssl-users mailing list submissions to
>             openssl-users at openssl.org <mailto:openssl-users at openssl.org>
> 
>     To subscribe or unsubscribe via the World Wide Web, visit
>             https://mta.openssl.org/mailman/listinfo/openssl-users
>     or, via email, send a message with subject or body 'help' to
>             openssl-users-request at openssl.org
>     <mailto:openssl-users-request at openssl.org>
> 
>     You can reach the person managing the list at
>             openssl-users-owner at openssl.org
>     <mailto:openssl-users-owner at openssl.org>
> 
>     When replying, please edit your Subject line so it is more specific
>     than "Re: Contents of openssl-users digest..."
> 
> 
>     Today's Topics:
> 
>        1. Re: CAPI-Engine doc (Selva Nair)
>        2. Re: CAPI-Engine doc (Michael Wojcik)
>        3. Re: Reg issue in alert message (Michael Wojcik)
>        4. Re: CAPI-Engine doc (Jakob Bohm)
>        5. Re: Openssl Build Error- module unsafe for SAFESEH
>           image/Unable to generate SAFESEH image (sakdev)
> 
> 
>     ----------------------------------------------------------------------
> 
>     Message: 1
>     Date: Tue, 23 Oct 2018 11:22:04 -0400
>     From: Selva Nair <selva.nair at gmail.com <mailto:selva.nair at gmail.com>>
>     To: richard.oehlinger at adbsafegate.com
>     <mailto:richard.oehlinger at adbsafegate.com>,
>     openssl-users at openssl.org <mailto:openssl-users at openssl.org>
>     Subject: Re: [openssl-users] CAPI-Engine doc
>     Message-ID:
>            
>     <CAKuzo_iqEBP-QG19Hsg5dFVoUG+2q-5O=vfg_NTzAJsQj+D3Jw at mail.gmail.com
>     <mailto:vfg_NTzAJsQj%2BD3Jw at mail.gmail.com>>
>     Content-Type: text/plain; charset="UTF-8"
> 
>     On Tue, Oct 23, 2018 at 10:38 AM Richard Oehlinger via openssl-users
>     <openssl-users at openssl.org <mailto:openssl-users at openssl.org>> wrote:
>     >
>     > Hi!
>     >
>     > I'm trying to get a handle on the CAPI engine, because I need to
>     have a
>     > secure Keystore on Windows. Furthermore I need it to work with Qt's
>     > QSslKey, which fortunately can be constructed by EVP_PKEY *.
>     >
>     > So far so good. The key is found, but when I try to use it in a SSL
>     > connection i get following error:
>     >
>     > error:80070063:lib(128):CAPI_RSA_SIGN:cant create hash object,
>     > error:1409B006:SSL routines:ssl3_send_server_key_exchange:EVP lib
> 
>     Which version of OpenSSL?
> 
>     > Trace Output is:
>     >
>     > Setting debug file to C:\Users\user\AppData\Local\Temp\engine.txt
>     > Opening certificate store MY
>     > capi_get_key, contname={4EBA52A8-AB4B-47DB-B777-2B26351F324C},
>     > provname=Microsoft Enhanced Cryptographic Provider v1.0, type=1
>     > Called CAPI_rsa_sign()
> 
>     This CSP cannot do SHA2 hashes so won't work unless you restrict
>     signature algorithms or set TLS version to 1.1. I believe OpenSSL
>     1.1.0 will try to load The ".. Enhanced RSA AES .. Provider" which
>     can handle SHA2 and may work. I say "may" because, if the key store is
>     a legacy hardware token, it also depends on signature algorithms
>     supported
>     by the token and may be necessary to downgrade to TLS 1.1.
> 
>     Selva
> 
> 
>     ------------------------------
> 
>     Message: 2
>     Date: Tue, 23 Oct 2018 15:37:24 +0000
>     From: Michael Wojcik <Michael.Wojcik at microfocus.com
>     <mailto:Michael.Wojcik at microfocus.com>>
>     To: "openssl-users at openssl.org <mailto:openssl-users at openssl.org>"
>     <openssl-users at openssl.org <mailto:openssl-users at openssl.org>>
>     Subject: Re: [openssl-users] CAPI-Engine doc
>     Message-ID:
>            
>     <DM5PR18MB1324455050CC00BD3A2DD70FF9F50 at DM5PR18MB1324.namprd18.prod.outlook.com
>     <mailto:DM5PR18MB1324455050CC00BD3A2DD70FF9F50 at DM5PR18MB1324.namprd18.prod.outlook.com>>
> 
>     Content-Type: text/plain; charset="Windows-1252"
> 
>     > From: openssl-users [mailto:openssl-users-bounces at openssl.org
>     <mailto:openssl-users-bounces at openssl.org>] On Behalf
>     > Of Richard Oehlinger via openssl-users
>     > Sent: Tuesday, October 23, 2018 10:38
>     >
>     > I'm trying to get a handle on the CAPI engine, because I need to
>     have a
>     > secure Keystore on Windows. Furthermore I need it to work with Qt's
>     > QSslKey, which fortunately can be constructed by EVP_PKEY *.
> 
>     What OpenSSL version are you using? Please remember to include this
>     informtion in every question. (And, normally, we'd ask for the
>     platform as well, but since CAPI is Windows-specific, we know that
>     in this case.)
> 
>     > So far so good. The key is found, but when I try to use it in a SSL
>     > connection i get following error:
>     >
>     > error:80070063:lib(128):CAPI_RSA_SIGN:cant create hash object,
>     > error:1409B006:SSL routines:ssl3_send_server_key_exchange:EVP lib
>     >
>     > I use a current Windows 10. Do I need to use a different Algorithm in
>     > order to work? Some googeling is indicating the provider might be
>     wrong.
> 
>     I haven't looked at the CAPI engine code since 1.0.1j. At that time,
>     I needed CAPI support and discovered there were various issues with
>     the extant CAPI code, so I forked and rewrote it. That was some time
>     back, obviously, and I'm afraid I never got around to pushing the
>     changes back to openssl.org <http://openssl.org>. (In fact, it was
>     sufficiently long ago that I believe the organization was still
>     reluctant to take contributions from people in the US at the time.)
> 
>     The biggest issue was with provider handling. CAPI is something of a
>     braindead API in many ways - Microsoft's replacement, CNG, is
>     somewhat better - and the provider stuff is one of them. When a key
>     (including a "key" which is actually just a reference to a key
>     contained in an HSM) is imported into one of the Windows key stores,
>     it has to be associated with a provider, and that provider has to
>     accommodate that type and size of key; otherwise the key is
>     unusable. Then, when you try to use the key in CAPI, you have to
>     specify the same provider - CAPI isn't smart enough to figure it out
>     on its own.
> 
>     So my version of the CAPI engine has code to look up the key's
>     provider and silently correct the provider type information in the
>     engine's context structure if it's a mismatch.
> 
>     Beyond that, it appears that my changes included:
> 
>     - Support for building all the necessary functionality when using
>     Microsoft Windows SDK 6.0A, which was one of my requirements at the
>     time.
> 
>     - Supporting hashes other than SHA-1 for DSA. We have US Federal
>     customers who needed fairly comprehensive DSA support. For most
>     people this is likely a non-issue.
> 
>     - Forcing stack probes on for the callback functions, because my
>     engine was being built outside the OpenSSL build process, but needed
>     to match the calling convention of OpenSSL, which (at least in
>     1.0.1j) included stack-probe support.
> 
>     - A fix suggested by Steven Henson years ago on the mailing list to
>     capi_get_key, but never (at least by 1.0.1j) picked up in the source
>     code: If CryptGetUserKey returns NTE_NO_KEY, xor keyspec with 3 to
>     flip the key type and try CryptGetUesrKey again.
> 
>     I think that's it, though it's possible I tweaked some other things
>     and didn't call them out in the comments.
> 
>     I suppose I should check what the CAPI engine source looks like in
>     1.1.1, merge my changes in if feasible, and submit a PR. One of
>     these days...
> 
>     Really, though, what we need is a new engine written to use CNG
>     rather than CAPI. Though that would have the disadvantage of not
>     supporting ancient Windows OS and SDK versions which, while
>     unsupported by Microsoft, are still used in far too many places.
> 
>     --
>     Michael Wojcik
>     Distinguished Engineer, Micro Focus
> 
> 
> 
> 
>     ------------------------------
> 
>     Message: 3
>     Date: Tue, 23 Oct 2018 15:37:25 +0000
>     From: Michael Wojcik <Michael.Wojcik at microfocus.com
>     <mailto:Michael.Wojcik at microfocus.com>>
>     To: "openssl-users at openssl.org <mailto:openssl-users at openssl.org>"
>     <openssl-users at openssl.org <mailto:openssl-users at openssl.org>>
>     Subject: Re: [openssl-users] Reg issue in alert message
>     Message-ID:
>            
>     <DM5PR18MB13246F528FB866508D8E9267F9F50 at DM5PR18MB1324.namprd18.prod.outlook.com
>     <mailto:DM5PR18MB13246F528FB866508D8E9267F9F50 at DM5PR18MB1324.namprd18.prod.outlook.com>>
> 
>     Content-Type: text/plain; charset="Windows-1252"
> 
>     > From: openssl-users [mailto:openssl-users-bounces at openssl.org
>     <mailto:openssl-users-bounces at openssl.org>] On Behalf
>     > Of Viktor Dukhovni
>     > Sent: Tuesday, October 23, 2018 10:02
>     >
>     > On Tue, Oct 23, 2018 at 01:29:27PM +0100, Matt Caswell wrote:
>     >
>     > > > So, I think client have set TLS_FALLBACK_SCSV in cipher suite
>     list in
>     > > > client hello.
>     > >
>     > > This suggests there is a bug in the client application. This can
>     only
>     > > happen if the client application calls SSL_CTX_set_mode() or
>     > > SSL_set_mode() to set the SSL_MODE_SEND_FALLBACK_SCSV mode.
>     >
>     > I have a somewhat plausible, if dicey hunch:
>     >
>     >     Perhaps some application developers got confused between
>     >     the similar functions SSL_CTX_set_session_cache_mode(3)
>     >     and SSL_CTX_set_mode(3) and called the wrong one?
> 
>     Certainly possible, but I wouldn't discount the possibility that
>     someone simply thought setting SSL_MODE_SEND_FALLBACK_SCSV was the
>     Right Thing. There was a fair bit of confusion around the Fallback
>     SCSV when it first appeared (we had questions from customers that
>     indicated they didn't understand it, and I had to read the ID to
>     make sure I did). And, of course, TLS is mightly confusing in general.
> 
>     It is interesting to note that those two options happen to have the
>     same value, though, particularly given the similarity of the two
>     function names.
> 
>     This is one of those cases where C's weak type system is a problem.
>     Though it would be nice if OpenSSL used enums rather than macros for
>     these things.
> 
>     --
>     Michael Wojcik
>     Distinguished Engineer, Micro Focus
> 
> 
> 
> 
> 
>     ------------------------------
> 
>     Message: 4
>     Date: Tue, 23 Oct 2018 17:42:56 +0200
>     From: Jakob Bohm <jb-openssl at wisemo.com <mailto:jb-openssl at wisemo.com>>
>     To: openssl-users at openssl.org <mailto:openssl-users at openssl.org>
>     Subject: Re: [openssl-users] CAPI-Engine doc
>     Message-ID: <fc161e84-bf5f-f61b-0f1d-3bfa5641edd8 at wisemo.com
>     <mailto:fc161e84-bf5f-f61b-0f1d-3bfa5641edd8 at wisemo.com>>
>     Content-Type: text/plain; charset=utf-8; format=flowed
> 
>     On 23/10/2018 17:22, Selva Nair wrote:
>     > On Tue, Oct 23, 2018 at 10:38 AM Richard Oehlinger via openssl-users
>     > <openssl-users at openssl.org <mailto:openssl-users at openssl.org>> wrote:
>     >> Hi!
>     >>
>     >> I'm trying to get a handle on the CAPI engine, because I need to
>     have a
>     >> secure Keystore on Windows. Furthermore I need it to work with Qt's
>     >> QSslKey, which fortunately can be constructed by EVP_PKEY *.
>     >>
>     >> So far so good. The key is found, but when I try to use it in a SSL
>     >> connection i get following error:
>     >>
>     >> error:80070063:lib(128):CAPI_RSA_SIGN:cant create hash object,
>     >> error:1409B006:SSL routines:ssl3_send_server_key_exchange:EVP lib
>     > Which version of OpenSSL?
>     >
>     >> Trace Output is:
>     >>
>     >> Setting debug file to C:\Users\user\AppData\Local\Temp\engine.txt
>     >> Opening certificate store MY
>     >> capi_get_key, contname={4EBA52A8-AB4B-47DB-B777-2B26351F324C},
>     >> provname=Microsoft Enhanced Cryptographic Provider v1.0, type=1
>     >> Called CAPI_rsa_sign()
>     > This CSP cannot do SHA2 hashes so won't work unless you restrict
>     > signature algorithms or set TLS version to 1.1. I believe OpenSSL
>     > 1.1.0 will try to load The ".. Enhanced RSA AES .. Provider" which
>     > can handle SHA2 and may work. I say "may" because, if the key store is
>     > a legacy hardware token, it also depends on signature algorithms
>     supported
>     > by the token and may be necessary to downgrade to TLS 1.1.
>     >
>     The above limitations are less severe in CNG ("CryptoAPI Next
>     Generation")
>     on Windows 6.00 and later, where the old API and CSP names are actually
>     emulations on top of a new structure with much smaller "KSP" providers.
>     At the same time, the CNG emulation of the classic CryptoAPI functions
>     are limited to what was available in Windows 5.01 SP2 and 5.02 SP2, thus
>     much of the SHA-2 functionality is available only by calling the CNG
>     APIs directly on Windows >= 6.00, but the older APIs with a reference
>     to newer enum values introduced in Windows 5.01 SP3 or 5.02 SP2+Hotfix.
> 
>     Put another way, Microsoft forked their crypto source tree sometime in
>     2004 or 2005, and anything added later was implemented differently in
>     the 5.0x and 6.0x code bases.
> 
>     Enjoy
> 
>     Jakob
>     -- 
>     Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
>     Transformervej 29, 2860 S?borg, Denmark.  Direct +45 31 13 16 10
>     This public discussion message is non-binding and may contain errors.
>     WiseMo - Remote Service Management for PCs, Phones and Embedded
> 
> 
> 
>     ------------------------------
> 
>     Message: 5
>     Date: Tue, 23 Oct 2018 23:16:13 -0700 (MST)
>     From: sakdev <best.sakthi3 at gmail.com <mailto:best.sakthi3 at gmail.com>>
>     To: openssl-users at openssl.org <mailto:openssl-users at openssl.org>
>     Subject: Re: [openssl-users] Openssl Build Error- module unsafe for
>             SAFESEH image/Unable to generate SAFESEH image
>     Message-ID: <1540361773425-0.post at n7.nabble.com
>     <mailto:1540361773425-0.post at n7.nabble.com>>
>     Content-Type: text/plain; charset=us-ascii
> 
>     Added "/safeseh" in assembler flags and problem got solved. Thank
>     you very
>     much.
> 
> 
> 
>     --
>     Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html
> 
> 
>     ------------------------------
> 
>     Subject: Digest Footer
> 
>     _______________________________________________
>     openssl-users mailing list
>     openssl-users at openssl.org <mailto:openssl-users at openssl.org>
>     https://mta.openssl.org/mailman/listinfo/openssl-users
> 
> 
>     ------------------------------
> 
>     End of openssl-users Digest, Vol 47, Issue 45
>     *********************************************
> 
> 


More information about the openssl-users mailing list