I build both the 0.9.8k and 0.9.8r from the source. They are configured the same way, ./Configure solaris-sparcv9-cc no-shared no-ecdh
It is installed in /usr/local/ssl. I am linking in the static libraries into the InterNetNews executable. The server it is installed on has 0.9.8o installed in /usr/local/ssl. On a successful connection it uses TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA. I'm not sure what it uses on the failed connections. I used s_client -msg, but it didn't say(output below). I'll try and get a network trace, but I'm not very familiar with doing that, but will look into it. Thanks for the help. Here is what I get on a successful connection with the 0.9.8k version, the output when I use 0.9.8r is also below: **Result with 0.9.8k** # /usr/local/ssl/bin/openssl s_client -connect vbnews:563 -msg -state CONNECTED(00000004) SSL_connect:before/connect initialization >>> SSL 2.0 [length 007d], CLIENT-HELLO 01 03 01 00 54 00 00 00 20 00 00 39 00 00 38 00 ... c6 64 75 0e 44 19 e1 5b 71 98 65 e1 1a SSL_connect:SSLv2/v3 write client hello A <<< TLS 1.0 Handshake [length 004a], ServerHello 02 00 00 46 03 01 4e b2 ff 92 c8 ee 39 0a 00 e1 ... 9a 5e 07 8b e9 da 24 00 39 00 SSL_connect:SSLv3 read server hello A <<< TLS 1.0 Handshake [length 0530], Certificate 0b 00 05 2c 00 05 29 00 05 26 30 82 05 22 30 82 ... 75 98 5a 5f d3 5b 1e 42 f5 5e af 73 e7 42 12 e8 depth=0 /C=US/O=U.S. Government/OU=DoD/OU=PKI/OU=DISA/CN=vbnews.vb.c2fse.northgrum.com verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 /C=US/O=U.S. Government/OU=DoD/OU=PKI/OU=DISA/CN=vbnews.vb.c2fse.northgrum.com verify error:num=27:certificate not trusted verify return:1 depth=0 /C=US/O=U.S. Government/OU=DoD/OU=PKI/OU=DISA/CN=vbnews.vb.c2fse.northgrum.com verify error:num=21:unable to verify the first certificate verify return:1 SSL_connect:SSLv3 read server certificate A <<< TLS 1.0 Handshake [length 020d], ServerKeyExchange 0c 00 02 09 00 80 f4 88 fd 58 4e 49 db cd 20 b4 ... f1 1e 8b 7c c4 a5 bc 0c 95 71 f6 81 b7 SSL_connect:SSLv3 read server key exchange A <<< TLS 1.0 Handshake [length 0004], ServerHelloDone 0e 00 00 00 SSL_connect:SSLv3 read server done A >>> TLS 1.0 Handshake [length 0086], ClientKeyExchange 10 00 00 82 00 80 0a db 41 9f 78 fb 76 56 20 22 ... f5 5b 97 25 a8 43 SSL_connect:SSLv3 write client key exchange A >>> TLS 1.0 ChangeCipherSpec [length 0001] 01 SSL_connect:SSLv3 write change cipher spec A >>> TLS 1.0 Handshake [length 0010], Finished 14 00 00 0c d9 22 c9 31 80 2a fb 03 94 db ac f5 SSL_connect:SSLv3 write finished A SSL_connect:SSLv3 flush data <<< TLS 1.0 ChangeCipherSpec [length 0001] 01 <<< TLS 1.0 Handshake [length 0010], Finished 14 00 00 0c 40 d5 7b 58 19 7f 69 c2 98 77 d3 97 SSL_connect:SSLv3 read finished A --- Certificate chain 0 s:/C=US/O=U.S. Government/OU=DoD/OU=PKI/OU=DISA/CN=vbnews.vb.c2fse.northgrum.com i:/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD JITC CA-21 --- Server certificate -----BEGIN CERTIFICATE----- MIIFIjCCBAqgAwIBAgIDAI6zMA0GCSqGSIb3DQEBBQUAMFwxCzAJBgNVBAYTAlVT ... W/bq5BtIdZhaX9NbHkL1Xq9z50IS6A== -----END CERTIFICATE----- subject=/C=US/O=U.S. Government/OU=DoD/OU=PKI/OU=DISA/CN=vbnews.vb.c2fse.northgrum.com issuer=/C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD JITC CA-21 --- No client certificate CA names sent --- SSL handshake has read 2010 bytes and written 325 bytes --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 2048 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : DHE-RSA-AES256-SHA Session-ID: C6650DDF5A724A9CF89C1DCDDE6C5075063C0AAE13989F5BA69A5E078BE9DA24 Session-ID-ctx: Master-Key: 61C99DC8F9A5DF8199EC86F6683A9B7C4470E3B4B2D211362BD32736EB9F091E1EF9EFFD64F834E4FB27052F9040ED79 Key-Arg : None Start Time: 1320353683 Timeout : 300 (sec) Verify return code: 21 (unable to verify the first certificate) --- 200 vbnews.vb.c2fse.northgrum.com InterNetNews NNRP server INN 2.5.1 ready (no posting) <<< TLS 1.0 Alert [length 0002], warning close_notify 01 00 SSL3 alert read:warning:close notify closed >>> TLS 1.0 Alert [length 0002], warning close_notify 01 00 SSL3 alert write:warning:close notify **Result with 0.9.8r** # /usr/local/ssl/bin/openssl s_client -connect vbnews:563 -msg -state CONNECTED(00000004) SSL_connect:before/connect initialization >>> SSL 2.0 [length 007d], CLIENT-HELLO 01 03 01 00 54 00 00 00 20 00 00 39 00 00 38 00 ... e9 c9 4a 08 fa 26 c4 c0 f5 c0 67 d1 06 SSL_connect:SSLv2/v3 write client hello A <<< TLS 1.0 Handshake [length 0051], ServerHello 02 00 00 4d 03 01 4e b2 fe 5d a2 da 84 cd cb f6 ... f6 40 85 d5 82 68 2f 00 39 00 00 05 ff 01 00 01 00 SSL_connect:SSLv3 read server hello A <<< TLS 1.0 Handshake [length 0530], Certificate 0b 00 05 2c 00 05 29 00 05 26 30 82 05 22 30 82 04 0a a0 03 02 01 02 02 03 00 8e b3 30 0d 06 09 ... ed a9 89 39 46 62 42 01 a8 8a 5b f6 ea e4 1b 48 75 98 5a 5f d3 5b 1e 42 f5 5e af 73 e7 42 12 e8 depth=0 /C=US/O=U.S. Government/OU=DoD/OU=PKI/OU=DISA/CN=vbnews.vb.c2fse.northgrum.com verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 /C=US/O=U.S. Government/OU=DoD/OU=PKI/OU=DISA/CN=vbnews.vb.c2fse.northgrum.com verify error:num=27:certificate not trusted verify return:1 depth=0 /C=US/O=U.S. Government/OU=DoD/OU=PKI/OU=DISA/CN=vbnews.vb.c2fse.northgrum.com verify error:num=21:unable to verify the first certificate verify return:1 SSL_connect:SSLv3 read server certificate A <<< TLS 1.0 Handshake [length 020d], ServerKeyExchange 0c 00 02 09 00 80 f4 88 fd 58 4e 49 db cd 20 b4 9d e4 91 07 36 6b 33 6c 38 0d 45 1d 0f 7c 88 b3 ... ea d6 79 1c a7 eb ff 9c 9d 1d a1 91 ea 56 fc 5d 81 4f a6 ad 44 e0 95 84 ab 33 af 4e 05 19 45 d0 73 9a b9 d1 c7 dd 64 92 c5 b3 4a 8a 34 SSL_connect:SSLv3 read server key exchange A <<< TLS 1.0 Handshake [length 0004], ServerHelloDone 0e 00 00 00 SSL_connect:SSLv3 read server done A >>> TLS 1.0 Handshake [length 0086], ClientKeyExchange 10 00 00 82 00 80 67 6b 6c 20 e9 ae 96 c2 f6 91 ... fb 27 25 98 7f 37 SSL_connect:SSLv3 write client key exchange A >>> TLS 1.0 ChangeCipherSpec [length 0001] 01 SSL_connect:SSLv3 write change cipher spec A >>> TLS 1.0 Handshake [length 0010], Finished 14 00 00 0c 0c ef ac 10 ff c9 37 79 42 d1 f6 1e SSL_connect:SSLv3 write finished A SSL_connect:SSLv3 flush data <<< TLS 1.0 Alert [length 0002], fatal bad_record_mac 02 14 SSL3 alert read:fatal:bad record mac SSL_connect:failed in SSLv3 read finished A 29173:error:140943FC:SSL routines:SSL3_READ_BYTES:sslv3 alert bad record mac:s3_pkt.c:1102:SSL alert number 20 29173:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188: -----Original Message----- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson Sent: Wednesday, November 02, 2011 6:43 PM To: openssl-users@openssl.org Subject: EXT :RE: Using OpenSSL 0.9.8 issue between version k and r with Application > From: owner-openssl-us...@openssl.org On Behalf Of evansda > Sent: Tuesday, 01 November, 2011 11:43 > My customer(Government) wants to block use of SSLv2 with the > INN server due > to security vulnerabilities. I recompiled the INNews source Good for them (and you), although several years late. > and specify the > SSL option of no SSLv2. I had tried just compiling OpenSSL > without SSLv2, > but that caused problems as well. The issue I am having is > that it works > with OpenSSL 0.9.8k, but not with 0.9.8r. It gets the > following error with > a SSL alert number 20, alert bad record mac. > > Using the openssl on the server I was able to get the > following info as > well: > > # /usr/local/ssl/bin/openssl s_client -connect vbnews:563 > > CONNECTED(00000004) > depth=0 /C=US/O=U.S. Government/<snip> > verify error:num=20:unable to get local issuer certificate > verify return:1 > depth=0 /C=US/O=U.S. Government/<snip> > verify error:num=27:certificate not trusted > verify return:1 > depth=0 /C=US/O=U.S. Government/<snip> > verify error:num=21:unable to verify the first certificate > verify return:1 > 22555:error:140943FC:SSL routines:SSL3_READ_BYTES:sslv3 alert > bad record mac:s3_pkt.c:1102:SSL alert number 20 > 22555:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake > failure:s23_lib.c:188: > > I have checked all of the obvious issues with certificates > (It is issued > from a real CA and the trusts and CAcerts are all in place). Are they in the RIGHT place? You say you "tried ... compiling OpenSSL ... but that caused problems"; does that mean you are NOT using a version you built (did not install it, or removed it)? Are both the 0.9.8k and the 0.9.8r you are trying built/packaged by the same supplier, in the same way? To see where they look, /each/ver/openssl version -d (or -a) . Or specify -CAfile and/or -CApath explicitly to s_client . But an untrusted server cert doesn't cause bad_record_mac. In s_client it is overridden; in an app like INN it likely causes the connection attempt (handshake) to fail; but it should never cause bad_record_mac. (OpenSSL verify_error=20 and SSL alertnum=20 are entirely different and unrelated, they just happen to be the same number.) Also note that a different alertnum=21 was assigned for decryption_failure but this distinction turned out to aid some attacks so most implementations including OpenSSL now use 20 for both causes -- but NEITHER should be happening. Do you have other (server) apps that are using, or could use, the same 0.9.8r? With what result(s)? How about a different build of 0.9.8r (on different machine type, or from source)? What ciphersuite is selected when it fails (for s_client, or for other clients which I assume you have some of)? (Use s_client -msg and decode the ServerHello, or usually easier get a network trace. I find wireshark most convenient but it's only Windows and Mac so you need one of those on the same LAN segment, or capture with tcpdump or similar and download the file to wireshark.) When it succeeds? Try forcing other ciphersuite(s) especially the data cipher and perhaps MAC (easy with s_client if there are any allowed and supported by the server, other clients I can't say)? > The server is > in DNS correctly. My development network does not have outside > connectivity, but is a VLAN (You can get in, but not out). Everything DNS or connectivity problems would cause different errors. (I'd normally expect a netnews server to use and have outgoing access, but that's not an SSL issue and not relevant here.) > worked fine with INN 2.5.1 and openssl-0.9.8k, but I decided > to use the > newer version for updates and bug fixes. > > Has anyone seen any problems with INN 2.5.1 or another > application and the > newer openssl versions? Is 0.9.8r doing more strict > verification? <snip> I don't know about (any version of) INN. The only major protocol change I recall is that since about 0.9.8m (and 1.0.0a IIRC) the secure-renegotiation feature is implemented. You could go through the CHANGES file, but any new check or restriction should fail the handshake with a specific error, not bad_record_mac. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
