[openssl-dev] 1.0.2 regression with Cisco DTLS_BAD_VER
David Woodhouse
dwmw2 at infradead.org
Tue Feb 17 16:35:24 UTC 2015
(A more complete response than my initial mobile reply yesterday)
On Mon, 2015-02-16 at 08:39 -0500, John Foley wrote:
> Which Cisco product are you using, the ASA? What version of software
> do you have on the product? While I can't speak for all Cisco
> products, I can confirm that many Cisco products are using OpenSSL
> 1.0.1, which implies support for DTLS 1.0. If you care to share more
> details, I can try to engage the product team to better understand
> this.
The so-called DTLS1_BAD_VER that AnyConnect still uses is actually a
snapshot of the DTLS protocol from around OpenSSL 0.9.8e before it was
standardised — with *some* but not all of the later modifications
backported.
Even new versions of OpenSSL still support it, to a certain extent. So
just because you've updated to OpenSSL 1.0.1, that doesn't necessarily
mean you've updated to DTLS 1.0. You *could*, but as far I can tell you
haven't.
I really wish you *would*, because the old protocol has a tendency to
break when people don't really account for it while "cleaning up" the
code. Hence RT#2984 when it broke in various previous releases of
OpenSSL, and the three patches I've just sent to fix 1.0.2 and HEAD:
https://mta.openssl.org/pipermail/openssl-dev/2015-February/000698.html
https://mta.openssl.org/pipermail/openssl-dev/2015-February/000710.html
https://mta.openssl.org/pipermail/openssl-dev/2015-February/000707.html
It would be really nice to be able to use the real DTLS protocol, and
for the client not to suffer such frequent breakage with new versions of
OpenSSL. I'm sure your VPN client team must also find similar issues,
since they do use OpenSSL. Although they don't seem to be very visible
around here — it was *me* who made OpenSSL support DTLS1_BAD_VER as a
client again, when that support had been dropped. And it was me who
submitted all the above fixes. So maybe they don't find issues because
I've fixed them all by the time they update? :)
(I also wish you'd support AES-GCM, FWIW. With ocserv that goes nice and
fast on modern hardware. AES-SHA is all we get with the ASA, and it's a
lot more cpu-intensive.)
--
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5745 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150217/a6f90639/attachment-0001.bin>
More information about the openssl-dev
mailing list