SSL_connect() failing on SSL3_MT_NEWSESSION_TICKET on Raspberry Pi

Matt Caswell matt at openssl.org
Wed Mar 23 11:55:23 UTC 2022



On 23/03/2022 07:39, Helde, Paavo via openssl-users wrote:
> Hi,
> 
> We are in a process of porting our software to aarch64 (Raspberry Pi). 
> One problem what we have is with openssl, it appears that our build of 
> it always fails in SSL_connect(). I have debugged it a bit and it seems 
> the problem appears in the function 
> ossl_statem_client13_read_transition(), where after receiving 
> SSL3_MT_SERVER_HELLO and SSL3_MT_ENCRYPTED_EXTENSIONS it receives 
> SSL3_MT_NEWSESSION_TICKET, but there is no handling of 
>   SSL3_MT_NEWSESSION_TICKET in ’case TLS_ST_CR_ENCRYPTED_EXTENSIONS’ in 
> statem_clnt.c around line 121.

That is quite odd. It appears you are in a TLSv1.3 handshake and have 
received a NewSessionTicket message. But NewSessionTicket messages 
should only be sent post handshake in TLSv1.3. So, if that's really what 
has been received, then that is a protocol violation.

It would be interesting to see what output you get from s_client when 
you use the "-trace" argument.

Also, is this TLSv1.3 specific? If you add the argument "-no_tls1_3" to 
s_client does it start working?

Matt

> 
> I am no expert in SSL, so not sure where the problem might be, most 
> probably we build the openssl somehow in the wrong way. We also have 
> corporate firewall protected by ZScaler, but other tools like wget work 
> fine with external URL-s, so it ought to be possible to get it working.
> 
> We build openssl like that:
> 
>      # EGD needed for libIce
> 
>      ./config -d no-shared enable-egd --prefix=$INSTALL_ROOT/$PROJECT
> 
>      # Hide the symbols to avoid that undesired .so-s will find them 
> (there is a zoo of binary incompatible openssl versions out there).
> 
>      make CFLAGS="-g -O0 -fvisibility=hidden" CXXFLAGS="-g -O0 
> -fvisibility=hidden"
> 
>      make install
> 
> bin> ./openssl version
> 
> OpenSSL 3.1.0-dev  (Library: OpenSSL 3.1.0-dev )
> 
> The error (unexpected message) is visible also with the openssl command 
> line. In our code SSL_connect() fails.
> 
> bin> ./openssl s_client www.google.com:443 <http://www.google.com:443>
> 
> Connecting to 172.217.169.36
> 
> CONNECTED(00000003)
> 
> 4080C5B57F000000:error:0A0000F4:SSL 
> routines:ossl_statem_client_read_transition:unexpected 
> message:ssl/statem/statem_clnt.c:399:
> 
> ---
> 
> no peer certificate available
> 
> ---
> 
> No client certificate CA names sent
> 
> Server Temp Key: X25519, 253 bits
> 
> ---
> 
> SSL handshake has read 4296 bytes and written 333 bytes
> 
> Verification: OK
> 
> ---
> 
> New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
> 
> This TLS version forbids renegotiation.
> 
> Compression: NONE
> 
> Expansion: NONE
> 
> No ALPN negotiated
> 
> Early data was not sent
> 
> Verify return code: 0 (ok)
> 
> ---
> 
> Any advice appreciated
> 
> TIA
> 
> Paavo
> 


More information about the openssl-users mailing list