server key exchange signature behavior

Tue Jun 23 18:57:25 UTC 2020

Hi,

see comments/questions inline

On 23/06/20 14:03, Bruce Cloutier wrote:
> Hello,
>
> We administer a server (Windows) with a Bitnami stack for a Wordpress
> implementation and that uses Apache Httpd and OpenSSL. Separately I am
> developing the TLS ECC aspect of a controller device implementation and
> note a problematic behavior with the server_key_exchange for ECDHE_RSA.
> The developed device ECDHE_RSA suite works properly and as expected with
> all of the other servers thus far tested. There is likely a
> configuration issue with this Apache installation and I am fishing for a
> hint.
you mention TLS ECC, suggesting Elliptic Curve Crypto, which might 
indicate EC-encoded certificates as well, yet talk about ECDHE_RSA which 
is Elliptic-curve Diffie-Hellman Exchange with RSA  (for which you'd 
normally use RSA-encoded certificates.

Now you can use both with httpd+openssl but you do need to specify the 
right certificate (or certificates) when configuring mod_ssl - you can 
even concatenate the RSA-signed certificate and the EC-signed 
certificate in a single hostcert.pem and mod_ssl will pick up both , 
simply using

#   Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate.  If
# the certificate is encrypted, then you will be prompted for a
# pass phrase.  Note that a kill -HUP will prompt again.  A new
# certificate can be generated using the genkey(1) command.
SSLCertificateFile /etc/httpd/certs/hostcert.pem

#    Server Private Key:
#   If the key is not combined with the certificate, use this
#   directive to point at the key file.  Keep in mind that if
#   you've both a RSA and a DSA private key you can configure
#   both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile /etc/httpd/certs/hostkey.pem

I'd recommend to take your test cert+key and see if you can run it using
   openssl s_server  <parms>
against
   openssl s_client <parms>

(use 'openssl s_server -help' and 'openssl s_client -help' for the 
parameter list).

If *that* works and apache+mod_ssl does not then you're looking at an 
mod_ssl configuration issue.

HTH,

JJK

> The issue is that the RSA signature as part of the server_key_exchange
> does not decrypt with the supplied certificate public RSA key. It does
> indicate an rsa_pkcs1_sha256 signature.
>
> With a fresh Bitnami install that still uses the default key and
> certificate files, the protocol provides a valid digital signature. When
> we change the server's certificate (and confirm this with the browser)
> the server_key_exchange signature no longer validates. It is as if the
> server continues to use the default key for the signature. I have not
> tried to confirm that specific point.
>
> My immediate question for someone close to the code is where does
> Apache/OpenSSL look for the key file for this signature at this point in
> the protocol?
>
> I am hoping that there is just some additional configuration location
> that needs to be given our new key file and/or certificate. Can anyone
> confirm?
>
> We noted this concern on a production server. We then installed the
> stack on a different machine to confirm the fresh install operation. In
> adding different key and certificate files we confirm that the signature
> then fails. If I ignore the bad signature the secure communications
> succeed.
>
> I have been searching the net for this issue for weeks. That has been
> fruitless. So I am turning to this list.
>
>