[openssl-users] Version negotiation failure failure?
Jordan Brown
openssl at jordan.maileater.net
Sat Sep 1 01:14:25 UTC 2018
We're trying to nail down error reporting for TLS version mismatches,
and we're seeing a couple of puzzling behaviors.
First, and most puzzling... assume these two command lines:
$ openssl s_server -cert 2018.08.31.a.pem -key 2018.08.31.a.key -no_tls1
$ openssl s_client -connect zel.us.oracle.com:4433 -tls1
That is, I have a server that won't accept TLSv1.0, and a client that
will only accept TLSv1.0.
On the server side I see
1:error:14076102:SSL routines:SSL23_GET_CLIENT_HELLO:unsupported
protocol:s23_srvr.c:605:
which makes perfect sense. On the client side I see
4294956672:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl
handshake failure:s3_pkt.c:659:
which isn't as good, but is still sort of sensible. But when I look at
the packets exchanged, I see that the client sends a Client Hello, and
the server responds with an ACK and then a FIN-ACK, with no data. It
just hangs up the phone. This seems to violate RFC 5246 section E.1:
"If server supports (or is willing to use) only versions greater than
client_version, it MUST send a "protocol_version" alert message and
close the connection.". Where's my protocol version alert?
Of course my real case does not involve the sample client and server -
it involves my own clients and servers - but I seem to see the same
behavior with several servers (notably including the Apache httpd).
This looks like it's the same as
https://rt.openssl.org/Ticket/Display.html?id=2777 . I'm using 1.0.2o.
(But I don't see anything relevant-looking in the 1.0.2p changes.) I've
seen similar behavior from 1.0.2o-fips.
Am I missing something here, or is this a server-side bug?
And then, on the client side...
SSL_connect returns zero. Exactly how that failure differs from a
less-than-zero error is not clear, but OK. The docs say to call
SSL_get_error(). SSL_get_error() returns 5, SSL_ERROR_SYSCALL. (That
seems a little strange, since I don't think there's any system call
errors here.) The docs say to consult the error queue and errno.
ERR_peek_last_error( ) returns zero. Errno is zero. It failed, but
nobody will tell me why.
Am I missing something here, or is this a client library bug?
(I have not tracked down exactly how the s_client tool ends up with a
message. It seems to use a more intricate mechanism than SSL_connect.)
--
Jordan Brown, Oracle Solaris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180831/93407485/attachment-0001.html>
More information about the openssl-users
mailing list