[openssl-users] Help with ssl error

Viktor Dukhovni openssl-users at dukhovni.org
Wed Apr 19 15:43:35 UTC 2017

On Tue, Apr 18, 2017 at 05:06:40PM +0000, Viktor Dukhovni wrote:

> The ClientHello decodes via tshark as:
> [...]
>                 Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
>                 Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
>                 Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
>                 Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
> [...]
> This is a modern ClientHello (OpenSSL 1.1.0 it seems) and should
> be broadly interoperable.  The DEFAULT cipherlist includes only
> AES, is there a chance that the server only supports RC4 and/or
> 3DES?
> Try:
>     $ openssl s_client -state -msg -cipher ALL \
>         -connect ftp.echannel.banksys.be:16370 -starttls ftp
> Capture a PCAP file of the traffic with
>     # tcpdump -s0 -w /some/file tcp port 16370
> and post the the decode from:
>     $ tshark -r /tmp/p2 -d tcp.port==16370,ssl -V |
>         sed -ne '/^Secure Sockets Layer/,/^$/p'
> Or just attach the PCAP file to your follow-up message.

On Wed, Apr 19, 2017 at 10:53:27AM -0400, Joseph Southwell wrote:

> Is there a way to enable one or both of those ciphers in OpenSSL?
> > On Apr 18, 2017, at 1:28 PM, Jason Schultz <jetson23 at hotmail.com> wrote:
> > 
> > RSA_With_AES_128_CBC_SHA and RSA_With_3DES_EDE_CBC_SHA

With so many different names for the underlying TLS ciphersuites
one can only guess which ones are the same.  That said, I'd say
that the first one on your list is enabled by default, and was used
in your TLS ClientHello (TLS_RSA_WITH_AES_128_CBC_SHA 0x002f).

It is possible that (despite any claims to the contrary) the server
only supports the 3DES ciphersuite above, in which case you need
either OpenSSL 1.0.2 or a build of OpenSSL 1.1.0 with the Configure
option "--enable-weak-ssl-ciphers".   The 3DES TLS ciphers are by
default disabled at compile-time in OpenSSL 1.1.0 and later.

I did suggest the "-cipher ALL" option as a first place to start to
find out what the server actually supports.  I'm puzzled as to why
you've not tried that yet.

A more exotic scenario is that the server is configured with a weak
DHE group and having chosen DHE decides that the group is too weak.
In that case you could try just the purported AES cipher:

	-cipher "AES128-SHA"

The name was obtained via:

    $ openssl ciphers -V ALL | grep 0x00,0x2F
      0x00,0x2F - AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1

Finally, you really should ask for help from the server administrator
they should have useful data in their logs.


More information about the openssl-users mailing list