> From: owner-openssl-us...@openssl.org On Behalf Of Moisés Barba Pérez > Sent: Monday, 02 May, 2011 06:35
> I need to create a cert with SHA1 hash. I have a problem with > AES256-SHA because of my versión of openssl related in the bug > https://bugzilla.redhat.com/show_bug.cgi?id=676384. Normally the cert > is created with TinyCA2, and I thought it was created with SHA1 > not sure. When I exec "openssl ciphers -v" shows 3 ciphers with > sha = 256 and I don't know why. This doesn't follow. That bug is described as involving AES256-SHA but apparently is actually only SHA2 (which is a generic name for SHA224, SHA256, SHA384, SHA512, and now some variants). Maybe a server coincidentally used both a new ciphersuite and a new cert(&key) (someone upgrading security could well do both). Note the symptom was 0D0C50A1 (ASN1_item_verify unknown digest) and connection i.e. handshake did NOT succeed. *That* error can be caused by a disabled certificate hash. > Have you got any suggestion about how to create the cert, > or why are listed those 3 Ciphers with sha=256, or how to solve this??? > > openssl ciphers -v > DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1 > DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) Mac=SHA1 > AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 (were bold in HTML) These are SHA1 NOT "sha=256"; read what you posted. There are some new TLS1.2 ciphersuites that do use mac=SHA256, not yet supported by OpenSSL. But the hash used in a ciphersuite for data HMAC has no connection at all with the hash used to sign a cert. OpenSSL can do SHA2 certs (RSA/SHA2 for some time, DSA/SHA224,256 only 1.0 I think, ECDSA I'm not sure). openssl x509 -in certfile [-inform der] -noout -text in Signature Algorithm: indicates the hash for a cert. But the symptom you posted "SSL peer reports incorrect Message Authentication Code" is almost certainly NOT a problem with ANY certificate -- unless openldap is working very hard to deceive you, and I don't believe that for a moment. It does appear to give you only partial information about the handshake result; it may have been coded back when there were fewer options and this information was sufficient. Does the server log any (better) info at the same time? Are there more tracing/logging options you can enable? I see you tried openssl s_client, but defaulted cipher so it allowed AES256-SHA while you say your client is set to MEDIUM. Try s_client with -cipher MEDIUM to see exactly what is being negotiated by your client(s). (Or get a good network trace e.g. wireshark.) Try your client with specific suites RC4-SHA and RC4-MD5 to see if it makes any difference (though it shouldn't). If the server allows eNULL (OpenSSL doesn't by default) try NULL-SHA and NULL-MD5 to make sure this is really MAC error and not something else reported misleadingly. (Or again get a good network trace.) If both ends of any SSL connection are implemented correctly and handshake succeeds, you should NOT get data MAC errors (or data decrypt), unless something is tampering with the socket data or memory -- hopefully accidentally. Is the client program only an ldap client or does it do other things? Multithread and/or using nonblocking I/O? Ditto the server (I'd guess it is as least one of those, but I'd expect it to be quite well debugged by now)? Do you have other SSL client(s) to the same server? Other SSL server(s) for this client? Are other apps using same OpenSSL on same systems OK? You indicate a centos-patched version of 0.9.8e. Personally I don't know about centos patches, but if that's relevant someone else might. Or you could try with build from vanilla source (and if so you might get more current also). Is there any firewalling or proxying going on that might alter data (though it shouldn't)? Can you get network traces that show the same data arriving at the server as leaving your client? (This will be very tedious unless you have eNULL.) ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
