[openssl-users] Failure using ECDH-RSA-AES256-SHA with ssl3 on Master Branch
stevenx.linsell at intel.com
Mon Mar 23 11:54:15 UTC 2015
On 20/0315 15:51, Matt Caswell wrote:
>On 20/03/15 12:44, Linsell, StevenX wrote:
>> On Thu, Mar 19, 2015, Steve Linsell wrote:
>> Following further testing I see identical failures in the master branch using the \
>> following cipher/protocol combinations:
>> ECDH-ECDSA-AES128-SHA ssl3
>> ECDH-ECDSA-AES256-SHA ssl3
>> ECDH-ECDSA-DES-CBC3-SHA ssl3
>> ECDH-ECDSA-RC4-SHA ssl3
>> ECDH-RSA-AES128-SHA ssl3
>> ECDH-RSA-AES256-SHA ssl3
>> ECDH-RSA-DES-CBC3-SHA ssl3
>> ECDH-RSA-RC4-SHA ssl3
>> ECDHE-ECDSA-AES128-SHA ssl3
>> ECDHE-ECDSA-AES256-SHA ssl3
>> ECDHE-ECDSA-DES-CBC3-SHA ssl3
>> ECDHE-ECDSA-RC4-SHA ssl3
>Looks like a bug. Try the attached patch. Let me know how you get on.
Thanks Matt that worked great.
I've retested all the above cipher/protocol combinations and all now pass with the fix in place.
Just to close out my understanding.
Within the tls1_check_ec_key function:
The first iteration round the loop is checking that the curve within the certificate matches one of the curves in the list of curves that this build of OpenSSL supports.
The second iteration round the loop is checking the curve within the certificate matches one of the curves in the list of curves sent from the peer via TLS extensions.
In the case of the cipher/protocol combinations above we are using ssl3 which does not support TLS extensions so the second list will always be empty.
As Viktor states RFC 4492 says if the client sends no TLS extension containing the curves supported then the server can choose any supported curve. So your fix is to continue when we reach the second iteration if there are no curves in the second list rather than flag an error.
Steve Linsell Intel Shannon DCG/CID Software Development Team
Stevenx.Linsell at intel.com
Intel Shannon Limited
Registered in Ireland
Registered Office: Collinstown Industrial Park, Leixlip, County Kildare
Registered Number: 308263
Business address: Dromore House, East Park, Shannon, Co. Clare
This e-mail and any attachments may contain confidential material for the sole use of the intended recipient(s). Any review or distribution by others is strictly prohibited. If you are not the intended recipient, please contact the sender and delete all copies.
More information about the openssl-users