<div dir="ltr"><div dir="ltr">Hi Matt,<div><br></div><div>Thanks for your response.</div><div> My client is built with openssl 1.0.0e and server with openssl 1.1.1. </div><div> I have tried to collect information with wireshark, but I think as my server and client are running on same machine , it is not capturing anything. I have also tried with tshark on linux and got no traces again. </div><div><br></div><div>I have this trouble both on nt64and linuxx86_64. Do we have any other mechanism to capture the traces ?<br></div><div><br></div><div>We have internal tracing enabled and I can see following information in our tracing. </div><div>**********************************************************************************</div><div><div>[Mon Oct 22 02:53:58 2018] INTERNAL STATE OPERATION --- SSL State: 16 before SSL initialization</div><div>[Mon Oct 22 02:53:58 2018] ID-0x024545f0 CTX-0x02458750 BIO-0x00000000 BIO --- ctrl to 00000000 [02457660] (6 bytes => 0 (0x0))</div><div><br></div><div>[Mon Oct 22 02:53:58 2018] ID-0x024545f0 CTX-0x02458750 BIO-0x00000000 BIO --- contents of a BIO dump:</div><div>[Mon Oct 22 02:53:58 2018] INTERNAL STATE OPERATION --- SSL_accept:before SSL initialization</div><div>[Mon Oct 22 02:53:58 2018] ID-0x024545f0 CTX-0x02458750 BIO-0x00000000 BIO --- read to 00000000 [02463953] (5 bytes => 5 (0x5))</div><div><br></div><div>[Mon Oct 22 02:53:58 2018] ID-0x024545f0 CTX-0x02458750 BIO-0x00000000 BIO --- contents of a BIO dump:</div><div>0000 - 16 03 01 00 b2 .....</div><div>[Mon Oct 22 02:53:58 2018] ID-0x024545f0 CTX-0x02458750 BIO-0x00000000 BIO --- read to 00000000 [02463958] (178 bytes => 178 (0xB2))</div><div><br></div><div>[Mon Oct 22 02:53:58 2018] ID-0x024545f0 CTX-0x02458750 BIO-0x00000000 BIO --- contents of a BIO dump:</div><div>0000 - 01 00 00 ae 03 03 10 b1-1e 8f f0 07 d6 28 d9 02 .............(..</div><div>0010 - b7 91 b4 3d 14 5a af 3e-09 96 2a cf ee 8b ca 30 ...=.Z.>..*....0</div><div>0020 - cc 68 9f 2c 2e 6e 00 00-62 00 a5 00 a3 00 a1 00 .h.,.n..b.......</div><div>0030 - 9f 00 6b 00 6a 00 69 00-68 00 39 00 38 00 37 00 ..k.j.i.h.9.8.7.</div><div>0040 - 36 00 9d 00 3d 00 35 00-a4 00 a2 00 a0 00 9e 00 6...=.5.........</div><div>0050 - 67 00 40 00 3f 00 3e 00-33 00 32 00 31 00 30 00 g.@.?.>.3.2.1.0.</div><div>0060 - 9a 00 99 00 98 00 97 00-9c 00 3c 00 2f 00 96 00 ..........<./...</div><div>0070 - 05 00 04 00 16 00 13 00-10 00 0d 00 0a 00 15 00 ................</div><div>0080 - 12 00 0f 00 0c 00 09 00-ff <b>56 00</b> 01 00 00 23 00 .........V....#.</div><div>0090 - 23 00 00 00 0d 00 16 00-14 06 01 06 02 05 01 05 #...............</div><div>00a0 - 02 04 01 04 02 03 01 03-02 02 01 02 02 00 0f 00 ................</div><div>00b0 - 01 01 ..</div><div>[Mon Oct 22 02:53:58 2018] INTERNAL STATE OPERATION --- SSL_accept:before SSL initialization</div><div>[Mon Oct 22 02:53:58 2018] ID-0x024545f0 CTX-0x02458750 BIO-0x00000000 BIO --- write to 00000000 [024725E0] (7 bytes => 7 (0x7))</div><div><br></div><div>[Mon Oct 22 02:53:58 2018] ID-0x024545f0 CTX-0x02458750 BIO-0x00000000 BIO --- contents of a BIO dump:</div><div>0000 - 15 03 03 00 02 02 56 ......V</div><div>[Mon Oct 22 02:53:58 2018] INTERNAL STATE OPERATION --- write:fatal:unknown</div><div>[Mon Oct 22 02:53:58 2018] INTERNAL STATE OPERATION --- SSL_accept:error in error</div></div><div>********************</div><div>In the above dump , "56 00 " is present in the cipher suites sent in client hello. </div><div>So, I think client have set TLS_FALLBACK_SCSV in cipher suite list in client hello. </div><div>However there is no earlier failure to this handshake. </div><div><br></div><div>As per your comment, client should only send it if it witnessed some earlier failure. </div><div>In that case, I have following additional doubt. </div><div><br></div><div>-- this set up is working when server is running with TLSv1.2 and only failing when server has both TLSv1,2 and TLSv1.3 ( i.e with openssl1.1.1). So are there any changes in openssl1.1.1 which will effect this behavior when compared to openssl1.0.0e version ?</div><div><br></div><div><br></div><div>Thanks and Regards,</div><div>Ram Krushna</div><div><br><br><div class="gmail_quote"><div dir="ltr">On Mon, Oct 22, 2018 at 11:21 PM <<a href="mailto:openssl-users-request@openssl.org">openssl-users-request@openssl.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Send openssl-users mailing list submissions to<br>
<a href="mailto:openssl-users@openssl.org" target="_blank">openssl-users@openssl.org</a><br>
<br>
To subscribe or unsubscribe via the World Wide Web, visit<br>
<a href="https://mta.openssl.org/mailman/listinfo/openssl-users" rel="noreferrer" target="_blank">https://mta.openssl.org/mailman/listinfo/openssl-users</a><br>
or, via email, send a message with subject or body 'help' to<br>
<a href="mailto:openssl-users-request@openssl.org" target="_blank">openssl-users-request@openssl.org</a><br>
<br>
You can reach the person managing the list at<br>
<a href="mailto:openssl-users-owner@openssl.org" target="_blank">openssl-users-owner@openssl.org</a><br>
<br>
When replying, please edit your Subject line so it is more specific<br>
than "Re: Contents of openssl-users digest..."<br>
<br>
<br>
Today's Topics:<br>
<br>
1. Re: What to do with deprecation errors (Salz, Rich)<br>
2. Re: What to do with deprecation errors (Matt Caswell)<br>
3. Re: To disable CBC ciphers (Jakob Bohm)<br>
4. Reg issue in alert message (ramakrushna mishra)<br>
5. Re: Reg issue in alert message (Matt Caswell)<br>
6. Re: What to do with deprecation errors (Skip Carter)<br>
<br>
<br>
----------------------------------------------------------------------<br>
<br>
Message: 1<br>
Date: Mon, 22 Oct 2018 02:08:23 +0000<br>
From: "Salz, Rich" <<a href="mailto:rsalz@akamai.com" target="_blank">rsalz@akamai.com</a>><br>
To: Skip Carter <<a href="mailto:skip@taygeta.com" target="_blank">skip@taygeta.com</a>>, "<a href="mailto:openssl-users@openssl.org" target="_blank">openssl-users@openssl.org</a>"<br>
<<a href="mailto:openssl-users@openssl.org" target="_blank">openssl-users@openssl.org</a>><br>
Subject: Re: [openssl-users] What to do with deprecation errors<br>
Message-ID: <<a href="mailto:8260BB64-B12E-4779-B9DF-903D23E47FD3@akamai.com" target="_blank">8260BB64-B12E-4779-B9DF-903D23E47FD3@akamai.com</a>><br>
Content-Type: text/plain; charset="utf-8"<br>
<br>
> DEPRECATEDIN_1_2_0(int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, <br>
<br>
That is "proof" that the pre-processor doesn?t have the right -I flags. Try running with the -v option or something.<br>
<br>
<br>
------------------------------<br>
<br>
Message: 2<br>
Date: Mon, 22 Oct 2018 08:55:28 +0100<br>
From: Matt Caswell <<a href="mailto:matt@openssl.org" target="_blank">matt@openssl.org</a>><br>
To: <a href="mailto:openssl-users@openssl.org" target="_blank">openssl-users@openssl.org</a><br>
Subject: Re: [openssl-users] What to do with deprecation errors<br>
Message-ID: <<a href="mailto:7513a526-2840-6a4e-cf9a-99666ffc1330@openssl.org" target="_blank">7513a526-2840-6a4e-cf9a-99666ffc1330@openssl.org</a>><br>
Content-Type: text/plain; charset=utf-8<br>
<br>
<br>
<br>
On 21/10/2018 20:01, Skip Carter wrote:<br>
> Thats what I originally thought.<br>
> <br>
> I experimented with manually invoking the pre-compiler (cpp) and this<br>
> is what I get:<br>
> <br>
> <br>
> DEPRECATEDIN_1_2_0(int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, <br>
> ? <br>
> BIGNUM *p,<br>
> ???????????????????????????????????????????????BIGNUM *a, BIGNUM *b,<br>
> ???????????????????????????????????????????????BN_CTX *ctx))<br>
> the macro is not firing, shouldn't I get:<br>
> <br>
> extern int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, <br>
> ? BIGNUM *p,<br>
> ???????????????????????????????????????????????BIGNUM *a, BIGNUM *b,<br>
> ???<br>
> ????????????????????????????????????????????BN_CTX *ctx);<br>
> <br>
> <br>
> On Sun, 2018-10-21 at 18:28 +0000, Salz, Rich via openssl-users wrote:<br>
>>> ???And I still have the problem with those macros.<br>
>><br>
>> ??<br>
>> The problem is almost definitely this:??the files that you are<br>
>> compiling (not openssl) are picking up the wrong header files from<br>
>> openssl.<br>
>><br>
<br>
Does your opensslconf.h have the DEPRECATEDIN_1_2_0 macro defined in it?<br>
<br>
Matt<br>
<br>
<br>
------------------------------<br>
<br>
Message: 3<br>
Date: Mon, 22 Oct 2018 15:34:20 +0200<br>
From: Jakob Bohm <<a href="mailto:jb-openssl@wisemo.com" target="_blank">jb-openssl@wisemo.com</a>><br>
To: <a href="mailto:openssl-users@openssl.org" target="_blank">openssl-users@openssl.org</a><br>
Subject: Re: [openssl-users] To disable CBC ciphers<br>
Message-ID: <<a href="mailto:d91267e8-4681-9a77-23fa-d790200e2259@wisemo.com" target="_blank">d91267e8-4681-9a77-23fa-d790200e2259@wisemo.com</a>><br>
Content-Type: text/plain; charset=utf-8; format=flowed<br>
<br>
On 20/10/2018 15:59, Kaushal Shriyan wrote:<br>
><br>
><br>
> On Wed, Oct 17, 2018 at 7:00 PM murugesh pitchaiah <br>
> <<a href="mailto:murugesh.pitchaiah@gmail.com" target="_blank">murugesh.pitchaiah@gmail.com</a> <mailto:<a href="mailto:murugesh.pitchaiah@gmail.com" target="_blank">murugesh.pitchaiah@gmail.com</a>>> <br>
> wrote:<br>
><br>
> Hi,<br>
><br>
> You may list down what ciphers configured : "openssl ciphers"<br>
> Choose CBC ciphers and add them to the list of 'ssl_ciphers' with "!"<br>
> prefix appended to current ssl_ciphers.<br>
><br>
> > ssl_ciphers HIGH:!aNULL:!MD5:!DH+3DES:!kEDH:!AAA_CBC_BBB:<br>
><br>
> Ref:<br>
> <a href="https://serverfault.com/questions/692119/meaning-of-ssl-ciphers-line-on-nginx-conf" rel="noreferrer" target="_blank">https://serverfault.com/questions/692119/meaning-of-ssl-ciphers-line-on-nginx-conf</a><br>
><br>
> Thanks,<br>
> Murugesh P.<br>
><br>
><br>
> On 10/17/18, Kaushal Shriyan <<a href="mailto:kaushalshriyan@gmail.com" target="_blank">kaushalshriyan@gmail.com</a><br>
> <mailto:<a href="mailto:kaushalshriyan@gmail.com" target="_blank">kaushalshriyan@gmail.com</a>>> wrote:<br>
> > Hi,<br>
> ><br>
> > I have the below ssl settings in nginx.conf file and VAPT test<br>
> has reported<br>
> > us to disable CBC ciphers<br>
> ><br>
> > ssl_ciphers HIGH:!aNULL:!MD5:!DH+3DES:!kEDH;<br>
> >> ssl_protocols TLSv1 TLSv1.1 TLSv1.2;<br>
> ><br>
> ><br>
> > openssl version on the box is OpenSSL 1.0.2k-fips 26 Jan 2017 on<br>
> CentOS<br>
> > Linux release 7.3.1611 (Core)<br>
> ><br>
> > I will appreciate if someone can pitch in to help me understand<br>
> to disable<br>
> > CBC ciphers<br>
> ><br>
><br>
><br>
> Thanks Murugesh. I did checked openssl ciphers <br>
> <a href="https://www.openssl.org/docs/man1.0.2/apps/ciphers.html" rel="noreferrer" target="_blank">https://www.openssl.org/docs/man1.0.2/apps/ciphers.html</a> and could not see<br>
> !AAA_CBC_BBB as mentioned in your email.<br>
><br>
> ssl_ciphers HIGH:!aNULL:!MD5:!DH+3DES:!kEDH:!AAA_CBC_BBB:<br>
><br>
><br>
> Correct me if i am understanding it wrong. Basically i want to disable <br>
> Cipher Block Chaining (CBC) mode cipher encryption. Openssl and OS <br>
> version are as below :-<br>
><br>
> openssl version on the box is OpenSSL 1.0.2k-fips 26 Jan 2017 on<br>
> CentOS<br>
> Linux release 7.3.1611 (Core)<br>
><br>
><br>
> Any tools which i can run to find out vulnerabilities in the above <br>
> openssl and OS version? Please guide and i look forward to hearing <br>
> from you. Thanks in Advance.<br>
You need to replace AAA and BBB with actual strings corresponding to<br>
each of the unwanted cipher suites.<br>
<br>
The advisor that tells you to disable "CBC ciphers" is mostly wrong.<br>
There is nothing inherently bad about correctly using ciphers in CBC<br>
mode, however some TLS protocol versions happen to use CBC cipher<br>
suites in a problematic way, while having no secure non-CBC cipher<br>
suites.? More recent TLS versions (such as TLS 1.2) have less<br>
problematic (but not perfect) CBC usage and also offers some<br>
overhyped US government ciphers such as the AES_GCM family.<br>
<br>
Enjoy<br>
<br>
Jakob<br>
-- <br>
Jakob Bohm, CIO, Partner, WiseMo A/S. <a href="https://www.wisemo.com" rel="noreferrer" target="_blank">https://www.wisemo.com</a><br>
Transformervej 29, 2860 S?borg, Denmark. Direct +45 31 13 16 10<br>
This public discussion message is non-binding and may contain errors.<br>
WiseMo - Remote Service Management for PCs, Phones and Embedded<br>
<br>
<br>
<br>
------------------------------<br>
<br>
Message: 4<br>
Date: Mon, 22 Oct 2018 19:26:55 +0530<br>
From: ramakrushna mishra <<a href="mailto:rama.krushna7@gmail.com" target="_blank">rama.krushna7@gmail.com</a>><br>
To: <a href="mailto:openssl-users@openssl.org" target="_blank">openssl-users@openssl.org</a><br>
Subject: [openssl-users] Reg issue in alert message<br>
Message-ID:<br>
<CAHgr=kJyCXVY9QssB2CO3hY=<a href="mailto:GsEwiEcvzwQ-Pyd3VKqSm51XLA@mail.gmail.com" target="_blank">GsEwiEcvzwQ-Pyd3VKqSm51XLA@mail.gmail.com</a>><br>
Content-Type: text/plain; charset="utf-8"<br>
<br>
Hi,<br>
<br>
I am facing an issue after openssl upgrade to 1.1.1.<br>
I have a odbc client with maximum version support up to TLSv1.2 and my<br>
database is running with TLSv1.2,TLsv1.3.<br>
<br>
The handhake is failing and I am getting following contents on my BIO dump.<br>
"15 03 03 00 02 02 56" .<br>
If i have understood correctly this is for alert message and But I could<br>
not find any reference to alert description at (<br>
<a href="https://tools.ietf.org/id/draft-ietf-tls-tls13-25.html#alert-protocol" rel="noreferrer" target="_blank">https://tools.ietf.org/id/draft-ietf-tls-tls13-25.html#alert-protocol</a> )<br>
corresponding to 56.<br>
<br>
So, Could you please help me figure out what does this correspond to ?<br>
<br>
Moreover I have following doubt.<br>
<br>
-- If my TLSv1.2 client does not handle the "downgrade sentinel " present<br>
in server hello ( TLSv1.3 , will it create any problem ?<br>
-- In the above example client is receving error such as "SSL Handshake<br>
Failure reason [error:1407743E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1<br>
alert inappropriate fallback]." ? Could you please help me to hint me about<br>
how to debug this ?<br>
<br>
Thanks and Regards,<br>
Ram Krushna<br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <<a href="http://mta.openssl.org/pipermail/openssl-users/attachments/20181022/cb04af81/attachment-0001.html" rel="noreferrer" target="_blank">http://mta.openssl.org/pipermail/openssl-users/attachments/20181022/cb04af81/attachment-0001.html</a>><br>
<br>
------------------------------<br>
<br>
Message: 5<br>
Date: Mon, 22 Oct 2018 15:10:55 +0100<br>
From: Matt Caswell <<a href="mailto:matt@openssl.org" target="_blank">matt@openssl.org</a>><br>
To: <a href="mailto:openssl-users@openssl.org" target="_blank">openssl-users@openssl.org</a><br>
Subject: Re: [openssl-users] Reg issue in alert message<br>
Message-ID: <<a href="mailto:3c26e4ec-32e4-f3df-c1ae-0ed1cdeb5848@openssl.org" target="_blank">3c26e4ec-32e4-f3df-c1ae-0ed1cdeb5848@openssl.org</a>><br>
Content-Type: text/plain; charset=utf-8<br>
<br>
<br>
<br>
On 22/10/2018 14:56, ramakrushna mishra wrote:<br>
> Hi,<br>
> <br>
> I am facing an issue after openssl upgrade to 1.1.1.?<br>
> I have a odbc client with maximum version support up to TLSv1.2 and? my<br>
> database is running with TLSv1.2,TLsv1.3.?<br>
> <br>
> The handhake is failing and I am getting following contents on my BIO dump.?<br>
> "15 03 03 00 02 02 56" .?<br>
> If i have understood correctly this is for alert message and But I could<br>
> not find any reference to alert description at (<br>
> <a href="https://tools.ietf.org/id/draft-ietf-tls-tls13-25.html#alert-protocol" rel="noreferrer" target="_blank">https://tools.ietf.org/id/draft-ietf-tls-tls13-25.html#alert-protocol</a> )?<br>
> corresponding to 56. <br>
<br>
56 hex == 86 decimal == inappropriate_fallback<br>
<br>
i.e. this doesn't tell you any further information than you have below.<br>
<br>
> <br>
> So, Could you please help me figure out what does this correspond to ??<br>
> <br>
> Moreover I have following doubt.?<br>
> <br>
> -- If my TLSv1.2 client does not handle the? "downgrade sentinel "<br>
> present in server hello ( TLSv1.3 , will it create any problem ? <br>
<br>
No, this should not be a problem.<br>
<br>
> -- In the above example client is receving error such as "SSL Handshake<br>
> Failure reason [error:1407743E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1<br>
> alert inappropriate fallback]." ? Could you please help me to hint me<br>
> about how to debug this ?<br>
<br>
What version of OpenSSL are you using for the client?<br>
<br>
Is it possible for you to send me a wireshark trace of the failing<br>
handshake?<br>
<br>
In particular I am interested to see if the TLS_FALLBACK_SCSV<br>
ciphersuite is present in the ClientHello (RFC 7507). The<br>
TLS_FALLBACK_SCSV is only supposed to be sent if the client has already<br>
attempted an earlier handshake that failed, and it is now trying a<br>
downgraded protocol version. So, does the wireshark trace reveal the<br>
client attempting an initial handshake that is failing for some other<br>
reason, followed by a second attempt that fails with the inappropriate<br>
fallback error?<br>
<br>
<br>
Matt<br>
<br>
<br>
------------------------------<br>
<br>
Message: 6<br>
Date: Mon, 22 Oct 2018 10:50:31 -0700<br>
From: Skip Carter <<a href="mailto:skip@taygeta.com" target="_blank">skip@taygeta.com</a>><br>
To: <a href="mailto:openssl-users@openssl.org" target="_blank">openssl-users@openssl.org</a><br>
Subject: Re: [openssl-users] What to do with deprecation errors<br>
Message-ID: <<a href="mailto:1540230631.4886.20.camel@taygeta.com" target="_blank">1540230631.4886.20.camel@taygeta.com</a>><br>
Content-Type: text/plain; charset="UTF-8"<br>
<br>
Yes the macro is there, its just not being expanded by the pre-<br>
compiler.<br>
<br>
<br>
On Mon, 2018-10-22 at 08:55 +0100, Matt Caswell wrote:<br>
> <br>
> On 21/10/2018 20:01, Skip Carter wrote:<br>
> <br>
> Does your opensslconf.h have the DEPRECATEDIN_1_2_0 macro defined in<br>
> it?<br>
> <br>
> Matt<br>
-- <br>
Skip Carter<br>
Taygeta Scientific Inc.<br>
<br>
<br>
<br>
------------------------------<br>
<br>
Subject: Digest Footer<br>
<br>
_______________________________________________<br>
openssl-users mailing list<br>
<a href="mailto:openssl-users@openssl.org" target="_blank">openssl-users@openssl.org</a><br>
<a href="https://mta.openssl.org/mailman/listinfo/openssl-users" rel="noreferrer" target="_blank">https://mta.openssl.org/mailman/listinfo/openssl-users</a><br>
<br>
<br>
------------------------------<br>
<br>
End of openssl-users Digest, Vol 47, Issue 35<br>
*********************************************<br>
</blockquote></div></div></div></div>