[openssl-users] Call for testing TLS 1.3
Dennis Clarke
dclarke at blastwave.org
Mon Apr 30 22:16:36 UTC 2018
On 30/04/18 05:41 PM, Matt Caswell wrote:
>
>
> On 30/04/18 21:55, Dennis Clarke wrote:
>> On 30/04/18 03:48 PM, Salz, Rich via openssl-users wrote:
>>> I think that makes a very strong argument that TLS 1.3 should be
>>> enabled by default if it all possible.
>>
>>
>> Question would be "why would it not be?"
>
> TLSv1.3 behaves differently to TLSv1.2. Applications written with
> TLSv1.2 in mind might not work as expected when TLSv1.3 is negotiated.
>
> Some of the issues that might be encountered are here:
>
> https://wiki.openssl.org/index.php/TLS1.3
>
> We have already seen a handful of issues. For example in this one an
> application has implemented a PSK callback. Due to the way PSK works in
> TLSv1.3 the callback can get called earlier in the process than in
> TLSv1.2. Suddenly in the presence of TLSv1.3 this particular application
> callback has started to crash (we don't know why yet):
>
> https://github.com/openssl/openssl/issues/6110
>
I'm having no joy with apache 2.4.33 which just tossed a sigILL :
Reading mod_ssl.so
t at 1 (l at 1) program terminated by signal ILL (illegal opcode)
0xffffffff70d97320: TLSv1_2_enc_data : .word 0xffffffff
Current function is ssl_init_ctx_protocol
613 ctx = SSL_CTX_new(method);
(dbx) where
current thread: t at 1
[1] 0xffffffff70d97320(0x1002dc9d0, 0x0, 0x0, 0xfffffffffffffff8,
0x0, 0x1002dccf8), at 0xffffffff70d97320
[2] SSL_CTX_new(0xffffffff70d942b8, 0x1002dc9d0, 0x3b40, 0x2,
0xffffffff742619fc, 0xffffffff74367460), at 0xffffffff7424bc00
=>[3] ssl_init_ctx_protocol(s = 0x10026ddc0, p = 0x1001f8a68, ptemp =
0x100228c68, mctx = 0x1002be698), line 613 in "ssl_engine_init.c"
[4] ssl_init_ctx(s = 0x10026ddc0, p = 0x1001f8a68, ptemp =
0x100228c68, mctx = 0x1002be698), line 1076 in "ssl_engine_init.c"
[5] ssl_init_server_ctx(s = 0x10026ddc0, p = 0x1001f8a68, ptemp =
0x100228c68, sc = 0x1002be658, pphrases = 0x1002b51a0), line 1740 in
"ssl_engine_init.c"
[6] ssl_init_ConfigureServer(s = 0x10026ddc0, p = 0x1001f8a68, ptemp
= 0x100228c68, sc = 0x1002be658, pphrases = 0x1002b51a0), line 1842 in
"ssl_engine_init.c"
[7] ssl_init_Module(p = 0x1001f8a68, plog = 0x100226c58, ptemp =
0x100228c68, base_server = 0x10022ac78), line 369 in "ssl_engine_init.c"
[8] ap_run_post_config(pconf = 0x1001f8a68, plog = 0x100226c58, ptemp
= 0x100228c68, s = 0x10022ac78), at 0x10007d094
[9] main(argc = 3, argv = 0xffffffff7ffff6d8), line 739 in "main.c"
(dbx) list
613 ctx = SSL_CTX_new(method);
614
615 mctx->ssl_ctx = ctx;
616
617 SSL_CTX_set_options(ctx, SSL_OP_ALL);
618
619 #if OPENSSL_VERSION_NUMBER < 0x10100000L
620 /* always disable SSLv2, as per RFC 6176 */
621 SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
622
(dbx)
I'm digging around in there now ...
(dbx) listi 612, 613
612 #endif
613 ctx = SSL_CTX_new(method);
0xffffffff6e689b60: ssl_init_ctx_protocol+0x0330: ldx [%fp +
1991], %o0
0xffffffff6e689b64: ssl_init_ctx_protocol+0x0334: call
_PROCEDURE_LINKAGE_TABLE_+0x1160 [PLT] ! 0xffffffff6e9afa60
0xffffffff6e689b68: ssl_init_ctx_protocol+0x0338: nop
0xffffffff6e689b6c: ssl_init_ctx_protocol+0x033c: mov %o0, %o1
0xffffffff6e689b70: ssl_init_ctx_protocol+0x0340: stx %o1,
[%fp + 1999]
(dbx) print method
method = 0xffffffff70d942b8
(dbx) x 0xffffffff70d942b8/8x
0xffffffff70d942b8: DTLSv1_2_enc_data+0x0400: 0x0001 0x0000 0x0000
0x0000 0x0000 0x0000 0x0000 0x0000
(dbx)
(dbx) x 0xffffffff6e9afa60/16x
0xffffffff6e9afa60: _PROCEDURE_LINKAGE_TABLE_+0x1160 [PLT]: 0x0100
0x0000 0x0b22 0xf6d1 0x8239 0x60bf 0x81c0 0x6000
0xffffffff6e9afa70: _PROCEDURE_LINKAGE_TABLE_+0x1170 [PLT]: 0x0100
0x0000 0x0100 0x0000 0x0100 0x0000 0x0100 0x0000
(dbx)
no idea why an illegal opcode slipped into the mix here but I may revert
back to 1.1.0h and do a sanity check, run httpd inside the debugger or
at least the foregorund and then try 1.1.1-pre5 again. I don't want to
have to unwind frames here and try to figure out why that call was sick.
oodles of fun.
dc
More information about the openssl-users
mailing list