Hello,
On 26 June 2013 16:41, Viktor Dukhovni <[email protected]> wrote:
> On Wed, Jun 26, 2013 at 02:57:15PM +0200, Marios Makassikis wrote:
>
>> By enabling debug information in the program, I was able to obtain
>> these error messages:
>>
>> pppd[2236]: EAP-TLS SSL error stack:
>> pppd[2236]: error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP
>> lib
>>
>> and
>>
>> err: 7 (certificate signature failure)
>
> Since you provide very little additional information, a wild guess:
>
Sorry for that, I didn't know what additional information was expected.
The error message is the one returned by SSL_CTX_set_verify(3), I couldn' t
get additional information regarding this.
> OpenSSL 1.0.1e support TLSv1.2, while 0.9.8 only TLSv1.
>
TLSv1 Record Layer: Handshake Protocol: Server Hello
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
^
Same version for all exchanged messages.
> With TLSv1.2 SHA-2 digests may have been negotiated, and if
> your RSA key size is too small (e.g. 512-bit RSA keys, which
> you should not use by the way, too easy to crack) the key may
> be too small to encrypt a SHA-384 digest.
>
> If you capture the handshake and decode it with wireshark, you'll have
> a lot more detail available. And do make sure your key sizes are all
> reasonable.
>
Here's some detail on the CA and certs:
CA:
$ openssl x509 -text -noout -in cacert.pem
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15591382118858604766 (0xd85fb76e2ff1c0de)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=FR, ST= , O=testca, CN=ca
Validity
Not Before: Jun 21 13:46:43 2013 GMT
Not After : Jun 20 13:46:43 2016 GMT
Subject: C=FR, ST= , O=testca, CN=ca
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:ca:02:f4:ea:56:d0:8d:fb:dd:dd:ba:53:52:60:
38:c0:14:cd:d1:cc:26:2e:67:a3:6e:57:e2:f8:8e:
40:ac:9a:67:b3:8f:21:f7:10:d1:9b:1a:4b:7e:2f:
36:38:ee:40:fb:f1:2a:5f:9d:c0:0d:59:d0:91:43:
6d:9f:5e:7d:ff:99:f7:25:1b:de:c3:e1:df:e3:ca:
8a:7d:bb:66:70:8e:3a:bd:c0:0a:c0:4e:b6:d0:1e:
77:84:a5:3f:49:eb:22:ae:97:fd:53:34:aa:62:5e:
23:ad:ea:8c:4b:43:65:d7:7a:57:1c:d7:50:44:9d:
62:2b:7e:b1:ed:8c:20:3f:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
68:02:2C:46:4B:5D:05:B6:F2:DA:9F:D5:11:2D:C0:07:F6:4A:84:1A
X509v3 Authority Key Identifier:
keyid:68:02:2C:46:4B:5D:05:B6:F2:DA:9F:D5:11:2D:C0:07:F6:4A:84:1A
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha1WithRSAEncryption
28:0b:de:9c:84:0b:3a:c9:1f:eb:80:8e:4c:92:c1:92:a0:ae:
2f:a6:dd:c8:0c:3b:d1:67:e5:fe:47:6f:93:72:85:67:d0:83:
cc:e9:28:f9:02:25:1b:18:45:ca:2f:19:45:36:67:35:81:b1:
26:db:8f:4e:ba:b0:3a:14:03:7e:4a:be:aa:66:f5:35:79:aa:
0f:2a:dd:ef:c6:de:36:58:95:e3:74:86:c5:4b:b1:3b:b8:27:
93:ba:42:71:d9:7d:b7:68:d9:ef:41:a1:c7:84:28:b0:b6:ae:
b9:fc:62:1f:67:8b:8d:8a:f3:3c:92:48:ce:db:81:67:0c:98:
29:76
Server cert:
$ openssl x509 -text -noout -in server.pem
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15591382118858604776 (0xd85fb76e2ff1c0e8)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=FR, ST= , O=testca, CN=ca
Validity
Not Before: Jun 26 14:58:47 2013 GMT
Not After : Jun 26 14:58:47 2014 GMT
Subject: C=FR, ST= , O=Internet Widgits Pty Ltd, CN=server
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c9:dd:7b:41:a3:af:2d:4c:83:4f:6e:ff:42:85:
c4:2c:7a:6e:90:dc:09:52:b4:8e:20:4c:48:b5:21:
73:6d:00:e7:5b:1b:7f:0e:25:0a:ca:5f:42:45:39:
2b:e5:f7:1c:4e:f6:5e:f4:8a:e0:66:03:f7:83:02:
d6:0f:40:09:2e:40:2e:60:49:f3:dd:05:df:06:0b:
67:88:89:98:24:3d:f5:01:07:3c:a3:aa:ae:e7:4e:
70:d0:88:36:19:14:da:b7:2e:b5:a1:4b:8b:fa:0c:
28:f2:70:8c:46:fc:59:ff:cb:1a:ec:c8:24:8d:e9:
c2:21:08:fd:e0:e6:8e:e8:57:9d:49:c9:70:4a:20:
7d:c2:9f:91:2d:ba:b9:cf:4f:29:29:1c:48:f6:b3:
f0:97:7b:5e:87:ec:dc:68:51:c9:f1:e9:c4:71:10:
b2:cd:ea:8a:09:52:1d:51:06:9a:86:91:e3:fd:2f:
c0:43:e4:e2:5b:b4:d3:27:f6:2a:66:60:1f:9b:d5:
53:06:0c:14:6c:cb:b0:79:c4:41:ae:80:0e:1c:5b:
a4:7d:20:7f:0f:33:97:85:59:02:5a:18:8e:8c:be:
8a:fb:af:51:9f:52:28:a0:14:6e:c6:32:5a:44:14:
09:65:c0:1b:bb:ef:22:1a:16:90:62:4b:f4:0e:93:
79:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
22:DA:D1:B6:C2:EB:F1:05:1B:EF:BB:1D:BA:17:21:16:6E:BC:1B:F0
X509v3 Authority Key Identifier:
keyid:68:02:2C:46:4B:5D:05:B6:F2:DA:9F:D5:11:2D:C0:07:F6:4A:84:1A
Signature Algorithm: sha1WithRSAEncryption
39:80:6c:76:5d:61:36:a9:d3:73:ce:b6:fc:75:db:34:97:17:
4c:5a:f2:66:c9:d3:a2:59:c1:85:be:f7:20:1c:95:72:c1:fa:
9b:a8:2e:9e:af:37:f6:18:6b:85:d0:67:56:ae:b8:e7:91:23:
a3:5e:1e:57:b8:4e:2b:0c:e9:b9:46:81:47:74:85:61:bb:9a:
68:78:40:b1:59:48:4a:d4:3a:0f:6b:a8:76:05:52:66:4d:3a:
dd:fe:2b:c9:b4:ba:fc:21:bc:d3:f3:9d:ee:fe:38:ea:12:10:
3b:94:ad:14:7b:7c:c1:56:ea:0d:67:11:9c:c3:74:03:01:7d:
b4:c1
The client cert was generated with the same settings:
$ openssl x509 -text -noout -in newcert.pem
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15591382118858604777 (0xd85fb76e2ff1c0e9)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=FR, ST= , O=testca, CN=ca
Validity
Not Before: Jun 26 15:00:13 2013 GMT
Not After : Jun 26 15:00:13 2014 GMT
Subject: C=FR, ST= , O=Internet Widgits Pty Ltd, CN=client
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:d6:f7:5b:93:e6:87:5b:52:5e:d6:76:da:2b:df:
97:18:9c:c2:dc:eb:b4:fa:47:89:55:c7:5c:63:e1:
21:16:38:a4:44:1b:a0:8a:7a:d8:fd:0e:5f:ea:5d:
e6:07:f1:28:60:e9:e5:d8:24:16:70:f9:2f:02:0e:
60:fe:3f:cd:bc:e6:3f:e5:8e:18:ec:e5:f2:46:a2:
36:6a:d7:97:a6:26:73:0a:8f:96:bd:6f:46:7b:ce:
16:ea:f9:71:16:5d:b1:ea:ec:a5:ae:3c:44:fb:8e:
aa:bb:f0:68:75:74:0d:51:1c:73:8e:6b:dc:7d:4d:
e0:a8:dd:ea:68:59:79:5b:ea:3e:a2:56:ad:56:d7:
ad:d0:e9:f9:27:9f:9f:32:20:85:cd:50:88:20:03:
58:45:e1:3d:32:89:b0:24:47:99:5a:7d:05:a9:e9:
ee:8f:b3:10:36:c5:d9:de:b5:7e:09:c8:78:0f:e8:
e4:27:c6:f2:be:25:e6:9e:ed:cd:0b:c7:a4:31:f3:
e2:48:8d:d1:2c:46:8f:fa:2d:c8:93:3c:d8:73:b6:
9e:a2:de:98:ba:21:6e:fe:f7:76:27:bc:e7:37:c8:
f7:72:51:d9:0a:c9:07:f4:73:a5:3d:b7:bd:58:cf:
17:42:dc:f6:13:81:71:31:10:fe:a2:ea:2e:0c:cc:
02:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
26:FA:54:1B:07:E1:2C:A5:5A:02:78:BD:9F:B4:D6:D1:C1:3D:44:74
X509v3 Authority Key Identifier:
keyid:68:02:2C:46:4B:5D:05:B6:F2:DA:9F:D5:11:2D:C0:07:F6:4A:84:1A
Signature Algorithm: sha1WithRSAEncryption
71:7c:05:17:a0:40:35:ce:86:26:1b:1e:55:5c:46:30:84:1a:
f9:25:2a:fa:72:45:29:7d:50:b5:88:54:49:e0:8e:fb:9a:db:
f5:52:c5:f3:0e:cb:f7:42:ec:a6:cd:da:d2:72:68:bc:07:3f:
a9:9e:3a:4b:6e:f3:54:0e:6f:7d:14:7a:5b:e6:41:28:a2:a0:
9c:11:4c:59:b9:9d:7d:45:9e:2f:03:9a:4b:dc:73:bb:3a:75:
c1:4c:c1:22:e4:c9:ae:50:b6:64:72:7a:68:2c:99:8b:2f:9a:
20:86:90:d6:38:00:7f:7b:b5:6b:af:33:25:ee:12:26:af:ff:
73:63
>From my understanding, the keys are 2048 bits for the server and
client certificates, while the CA
certificate key is 1024 bits.
Are cipher suites the same as the digests you are referring to ?
The ClientHello message contains these :
Cipher Suites (51 suites)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
Cipher Suite: TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA (0xc022)
Cipher Suite: TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA (0xc021)
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)
Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0088)
Cipher Suite: TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA (0x0087)
Cipher Suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA (0xc00f)
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA (0xc005)
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
Cipher Suite: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0084)
Cipher Suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008)
Cipher Suite: TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA (0xc01c)
Cipher Suite: TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA (0xc01b)
Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)
Cipher Suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA (0xc00d)
Cipher Suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc003)
Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
Cipher Suite: TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA (0xc01f)
Cipher Suite: TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA (0xc01e)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
Cipher Suite: TLS_DHE_RSA_WITH_SEED_CBC_SHA (0x009a)
Cipher Suite: TLS_DHE_DSS_WITH_SEED_CBC_SHA (0x0099)
Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0045)
Cipher Suite: TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA (0x0044)
Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e)
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
Cipher Suite: TLS_RSA_WITH_SEED_CBC_SHA (0x0096)
Cipher Suite: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0041)
Cipher Suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA (0xc007)
Cipher Suite: TLS_ECDH_RSA_WITH_RC4_128_SHA (0xc00c)
Cipher Suite: TLS_ECDH_ECDSA_WITH_RC4_128_SHA (0xc002)
Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005)
Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004)
Cipher Suite: TLS_DHE_RSA_WITH_DES_CBC_SHA (0x0015)
Cipher Suite: TLS_DHE_DSS_WITH_DES_CBC_SHA (0x0012)
Cipher Suite: TLS_RSA_WITH_DES_CBC_SHA (0x0009)
Cipher Suite: TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA (0x0014)
Cipher Suite: TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA (0x0011)
Cipher Suite: TLS_RSA_EXPORT_WITH_DES40_CBC_SHA (0x0008)
Cipher Suite: TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (0x0006)
Cipher Suite: TLS_RSA_EXPORT_WITH_RC4_40_MD5 (0x0003)
Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
In the case of a successful auth (i.e. with openssl0.9.8), the cipher
suite list in the ClientHello
message is much shorter:
Cipher Suites (20 suites)
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)
Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005)
Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004)
Cipher Suite: TLS_DHE_RSA_WITH_DES_CBC_SHA (0x0015)
Cipher Suite: TLS_DHE_DSS_WITH_DES_CBC_SHA (0x0012)
Cipher Suite: TLS_RSA_WITH_DES_CBC_SHA (0x0009)
Cipher Suite: TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA (0x0014)
Cipher Suite: TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA (0x0011)
Cipher Suite: TLS_RSA_EXPORT_WITH_DES40_CBC_SHA (0x0008)
Cipher Suite: TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (0x0006)
Cipher Suite: TLS_RSA_EXPORT_WITH_RC4_40_MD5 (0x0003)
Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
In both cases though, the server picks the same cipher suite:
with 0.9.8:
Secure Sockets Layer
TLSv1 Record Layer: Handshake Protocol: Server Hello
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 53
Handshake Protocol: Server Hello
Handshake Type: Server Hello (2)
Length: 49
Version: TLS 1.0 (0x0301)
Random
gmt_unix_time: Jun 26, 2013 16:11:24.000000000 CEST
random_bytes:
6ffa59101d19546b6ddb35b989bceab0d367b2bcc4e47187...
Session ID Length: 0
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
with 1.0.1:
Extensible Authentication Protocol
Code: Request (1)
Id: 151
Length: 1429
Type: EAP-TLS [RFC5216] [Aboba] (13)
Flags(0x0):
Secure Sockets Layer
TLSv1 Record Layer: Handshake Protocol: Server Hello
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 58
Handshake Protocol: Server Hello
Handshake Type: Server Hello (2)
Length: 54
Version: TLS 1.0 (0x0301)
Random
gmt_unix_time: Jun 24, 2013 15:56:10.000000000 CEST
random_bytes:
6c0e4985c6d7e3f6313d4ab96a4634c5ee3f42f63d02b665...
Session ID Length: 0
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
Compression Method: DEFLATE (1)
Extensions Length: 14
Extension: renegotiation_info
Type: renegotiation_info (0xff01)
Length: 1
Data (1 byte)
Extension: SessionTicket TLS
Type: SessionTicket TLS (0x0023)
Length: 0
Data (0 bytes)
Extension: Unknown 15
Type: Unknown (0x000f)
Length: 1
Data (1 byte)
Marios
> --
> Viktor.
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [email protected]
> Automated List Manager [email protected]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
