This is the openssl client output from my desktop:
$ openssl s_client -connect 192.168.3.152:443 -debug
CONNECTED(00000003)
write to 0x8518108 [0x8522373] (139 bytes => 139 (0x8B))
0000 - 16 03 00 00 86 01 00 00-82 03 00 52 70 85 71 16 ...........Rp.q.
0010 - 49 b7 70 da 0b 4c b0 72-c1 a4 64 eb 3f 46 a6 27 I.p..L.r..d.?F.'
0020 - a0 3f d9 86 83 8c aa 4d-fe 43 4c 00 00 5a c0 14 .?.....M.CL..Z..
0030 - c0 0a 00 39 00 38 00 88-00 87 c0 0f c0 05 00 35 ...9.8.........5
0040 - 00 84 c0 12 c0 08 00 16-00 13 c0 0d c0 03 00 0a ................
0050 - c0 13 c0 09 00 33 00 32-00 9a 00 99 00 45 00 44 .....3.2.....E.D
0060 - c0 0e c0 04 00 2f 00 96-00 41 c0 11 c0 07 c0 0c ...../...A......
0070 - c0 02 00 05 00 04 00 15-00 12 00 09 00 14 00 11 ................
0080 - 00 08 00 06 00 03 00 ff-02 01 ..........
008b -<SPACES/NULS>
read from 0x8518108 [0x851de23] (5 bytes => 5 (0x5))
0000 - 16 03 00 00 51 ....Q
read from 0x8518108 [0x851de28] (81 bytes => 81 (0x51))
0000 - 02 00 00 4d 03 00 51 ca-24 2f d9 db 88 06 f8 54 ...M..Q.$/.....T
0010 - 63 ce b8 6a 53 a9 7b c5-85 ac 9b 48 c1 d2 66 7f c..jS.{....H..f.
0020 - 5f 6a 2e 22 a7 c5 20 db-dc 13 ee 35 76 da 81 93 _j.".. ....5v...
0030 - 59 41 b9 85 65 21 ec 24-62 5b a4 ab f4 14 26 a3 YA..e!.$b[....&.
0040 - b8 e4 c1 5a 9a 3d 06 c0-11 00 00 05 ff 01 00 01 ...Z.=..........
0051 -<SPACES/NULS>
read from 0x8518108 [0x851de23] (5 bytes => 5 (0x5))
0000 - 16 03 00 02 66 ....f
read from 0x8518108 [0x851de28] (614 bytes => 614 (0x266))
0000 - 0b 00 02 62 00 02 5f 00-02 5c 30 82 02 58 30 82 ...b.._..\0..X0.
0010 - 01 c1 a0 03 02 01 02 02-09 00 8c f2 4a 33 80 07 ............J3..
0020 - 9c 9d 30 0d 06 09 2a 86-48 86 f7 0d 01 01 05 05 ..0...*.H.......
0030 - 00 30 45 31 0b 30 09 06-03 55 04 06 13 02 41 55 .0E1.0...U....AU
0040 - 31 13 30 11 06 03 55 04-08 0c 0a 53 6f 6d 65 2d 1.0...U....Some-
0050 - 53 74 61 74 65 31 21 30-1f 06 03 55 04 0a 0c 18 State1!0...U....
0060 - 49 6e 74 65 72 6e 65 74-20 57 69 64 67 69 74 73 Internet Widgits
0070 - 20 50 74 79 20 4c 74 64-30 1e 17 0d 31 33 31 30 Pty Ltd0...1310
0080 - 32 36 30 38 33 39 31 38-5a 17 0d 31 34 31 30 32 26083918Z..14102
0090 - 36 30 38 33 39 31 38 5a-30 45 31 0b 30 09 06 03 6083918Z0E1.0...
00a0 - 55 04 06 13 02 41 55 31-13 30 11 06 03 55 04 08 U....AU1.0...U..
00b0 - 0c 0a 53 6f 6d 65 2d 53-74 61 74 65 31 21 30 1f ..Some-State1!0.
00c0 - 06 03 55 04 0a 0c 18 49-6e 74 65 72 6e 65 74 20 ..U....Internet
00d0 - 57 69 64 67 69 74 73 20-50 74 79 20 4c 74 64 30 Widgits Pty Ltd0
00e0 - 81 9f 30 0d 06 09 2a 86-48 86 f7 0d 01 01 01 05 ..0...*.H.......
00f0 - 00 03 81 8d 00 30 81 89-02 81 81 00 ba 24 7c cc .....0.......$|.
0100 - bd 8a a0 dd 9d 28 19 c3-e0 5a d2 a5 3d fc 20 57 .....(...Z..=. W
0110 - 0d 29 58 cb 7f 13 c5 ee-37 00 41 6a fd 9e 18 e4 .)X.....7.Aj....
0120 - 79 0b 67 76 cc 2d c1 23-16 b8 7f df 14 ce bf 4e y.gv.-.#.......N
0130 - 6d fc 1f 14 0f ca 83 c5-fe e9 13 69 cc 28 80 16 m..........i.(..
0140 - 5c 12 ac 21 fe f4 79 6e-00 c6 f6 ef 08 06 cd 50 \..!..yn.......P
0150 - 75 90 86 8e 8e 71 33 f2-56 df b0 c4 7e a9 74 1e u....q3.V...~.t.
0160 - 2e 7d e4 d9 91 d8 83 81-97 9d e9 86 0a 12 20 00 .}............ .
0170 - 2b f1 a4 cf d7 ca e9 6a-88 8a 3e 9b 02 03 01 00 +......j..>.....
0180 - 01 a3 50 30 4e 30 1d 06-03 55 1d 0e 04 16 04 14 ..P0N0...U......
0190 - aa b6 64 9e b7 06 15 7f-85 3d 80 1a 9e dd da d1 ..d......=......
01a0 - db 9c 93 71 30 1f 06 03-55 1d 23 04 18 30 16 80 ...q0...U.#..0..
01b0 - 14 aa b6 64 9e b7 06 15-7f 85 3d 80 1a 9e dd da ...d......=.....
01c0 - d1 db 9c 93 71 30 0c 06-03 55 1d 13 04 05 30 03 ....q0...U....0.
01d0 - 01 01 ff 30 0d 06 09 2a-86 48 86 f7 0d 01 01 05 ...0...*.H......
01e0 - 05 00 03 81 81 00 47 6b-49 ea af 31 2f fa 97 56 ......GkI..1/..V
01f0 - 93 92 f5 f6 d8 84 ef 02-d7 b2 7f 58 8c 09 46 5b ...........X..F[
0200 - 87 7f 0e 5a 07 37 cd a7-c0 f9 42 2f 8c c8 1f e7 ...Z.7....B/....
0210 - 5d 73 5e 72 21 fc 40 f9-ef 6f 21 df 50 fd 17 b3 ]s^r!.@..o!.P...
0220 - f4 67 c8 d9 1d c3 7d a6-f2 d9 94 95 b1 6c bf b8 .g....}......l..
0230 - aa 99 4c 43 aa d0 7e 5a-32 61 b3 cf f7 ba bd 80 ..LC..~Z2a......
0240 - 77 1e 45 d0 c7 d5 cb 9e-d0 20 87 46 5f d3 6c 31 w.E...... .F_.l1
0250 - 63 ae 40 6e a2 dd 17 1b-83 ab fc 91 fd bd a6 a4 c.@n............
0260 - 7a c7 7c 12 70 16 z.|.p.
depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd
verify error:num=18:self signed certificate
verify return:1
depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd
verify return:1
read from 0x8518108 [0x851de23] (5 bytes => 5 (0x5))
0000 - 16 03 00 00 cb .....
read from 0x8518108 [0x851de28] (203 bytes => 203 (0xCB))
0000 - 0c 00 00 c7 03 00 17 41-04 c3 9b 11 11 d7 ea 3d .......A.......=
0010 - 8e 8a 89 18 f2 e0 15 a8-ba 19 7a 8b 42 72 c6 6b ..........z.Br.k
0020 - f9 f8 7c b2 23 87 16 7b-9b 85 da 2f 97 ca 6a d9 ..|.#..{.../..j.
0030 - ce 3d 5d 54 7c 03 ca 17-66 ac df b7 7a 53 a4 ad .=]T|...f...zS..
0040 - 87 40 d1 3a 94 14 f6 c4-29 00 80 b0 f5 62 12 a9 .@.:....)....b..
0050 - 53 a1 fd 1a 3e a5 72 5e-be 38 c8 f1 37 e3 fa 7f S...>.r^.8..7...
0060 - 30 31 f2 59 42 29 14 cb-39 1e 17 f9 7e 0a 5a ab 01.YB)..9...~.Z.
0070 - 8c 9f 13 0a f6 29 13 f8-1f 98 f9 cb d5 e9 4b c8 .....)........K.
0080 - f2 eb 19 b2 f4 41 cb 08-bc 8c e1 8a 67 48 fe d0 .....A......gH..
0090 - 33 8c 0a 30 9b 4c 05 fd-c5 0b bd 63 6d d8 6a f1 3..0.L.....cm.j.
00a0 - cf 53 e6 0c f1 e5 3f 21-6f 94 67 69 38 c7 6e 63 .S....?!o.gi8.nc
00b0 - 37 a5 ac cb ff 6a b4 be-15 c8 43 8d 62 5a dc 5c 7....j....C.bZ.\
00c0 - a3 08 cc 01 a7 05 e3 1f-3b 97 e2 ........;..
write to 0x8518108 [0x8527830] (7 bytes => 7 (0x7))
0000 - 15 03 00 00 02 02 28 ......(
3078801560:error:04091068:rsa routines:INT_RSA_VERIFY:bad
signature:rsa_sign.c:189:
3078801560:error:1408D07B:SSL routines:SSL3_GET_KEY_EXCHANGE:bad
signature:s3_clnt.c:1574:
---
Certificate chain
0 s:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
i:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICWDCCAcGgAwIBAgIJAIzySjOAB5ydMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
aWRnaXRzIFB0eSBMdGQwHhcNMTMxMDI2MDgzOTE4WhcNMTQxMDI2MDgzOTE4WjBF
MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50
ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
gQC6JHzMvYqg3Z0oGcPgWtKlPfwgVw0pWMt/E8XuNwBBav2eGOR5C2d2zC3BIxa4
f98Uzr9ObfwfFA/Kg8X+6RNpzCiAFlwSrCH+9HluAMb27wgGzVB1kIaOjnEz8lbf
sMR+qXQeLn3k2ZHYg4GXnemGChIgACvxpM/XyulqiIo+mwIDAQABo1AwTjAdBgNV
HQ4EFgQUqrZknrcGFX+FPYAant3a0duck3EwHwYDVR0jBBgwFoAUqrZknrcGFX+F
PYAant3a0duck3EwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBHa0nq
rzEv+pdWk5L19tiE7wLXsn9YjAlGW4d/DloHN82nwPlCL4zIH+ddc15yIfxA+e9v
Id9Q/Rez9GfI2R3Dfaby2ZSVsWy/uKqZTEOq0H5aMmGzz/e6vYB3HkXQx9XLntAg
h0Zf02wxY65AbqLdFxuDq/yR/b2mpHrHfBJwFg==
-----END CERTIFICATE-----
subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
---
No client certificate CA names sent
---
SSL handshake has read 913 bytes and written 7 bytes
---
New, (NONE), Cipher is (NONE)
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : SSLv3
Cipher : 0000
Session-ID: DBDC13EE3576DA81935941B9856521EC24625BA4ABF41426A3B8E4C15A9A3D06
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
Start Time: 1383105905
Timeout : 7200 (sec)
Verify return code: 18 (self signed certificate)
---
$
When I tested this command on a working HTTPS server, it prompted me for
the HTTP commands and the commands I typed returned some hex values. But
not in the above case. Here command retuned rightway after the above output.
I am not very familiar with the SSL stuff. When I was trying to setup
lighttpd ssl, I was hoping that it would work out of the box without
much config. So I did not make any changes. I was using the SSL libs
which came with the filesystem/toolchain.
On 10/30/2013 02:37 AM, Dave Thompson wrote:
That's very weird. alert 51 = decrypt_error received by the servers --
in the lighttpd log
or s_server output -- is certainly consistent with Firefox thinking a
signature is bad.
And the signature on the cert in your capture looks right (although it
doesn't have
either subject.CN or SAN identifying the server, which makes it
invalid for HTTPS)
but the signature in the ServerKeyExchange appears to be wrong if I
didn't mess up
the by-hand check (which I very well may have).
What happens if you try s_client on another machine(s) (e.g. your
desktop)
to either s_server or lighttpd on the Beaglebone/Arago system?
Especially if you force selection of a suite observed so far to fail?
Note ECDHE-RSA-AES256 and DHE-RSA-Camellia256 in that order are among
Firefox's
most preferred ciphers out of the box. Given your RSA cert, s_server
should always
give the former and lighttpd should give the former if it is using a
curve Firefox supports
and the latter otherwise. The lighttpd doc google found me says it
defaults to prime256v1
which is okay; did you set ssl.ec-curve to something else?
*From:*owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] *On Behalf Of *Kiran G
*Sent:* Tuesday, October 29, 2013 06:32
*To:* openssl-users@openssl.org
*Subject:* key exchange error for lighttpd webserver ob beaglebone
black running arago file system
Hi,
I am trying enable ssl in lighttpd web server.
My OS is "Arago linux" running on "Beaglebone black".
I did the proper SSL configuration for the webserver . But When I
access the https page from browser (Firefox), I am getting the "This
Connection is Untrusted" message. But when I accept the certificate,
firefox throws the following error:
"Peer's certificate has an invalid signature.
(Error code: sec_error_bad_signature)"
I confirmed that the certificate file is valid by using it with
lighttpd running on my desktop.
I tested the same certificate using openssl command (as server) on
the embedded device("Beaglebone black".). This is the error I got:
openssl s_server -accept 12345 -cert /etc/lighttpd/ssl/ws
server.pem -WWWpe': openssl s_server -accept 12345 -cert /etc/lighttpd/ssl/w
Using default temp DH parameters
Using default temp ECDH parameters
ACCEPT
bad gethostbyaddr
1075078880:error:1409441B:SSL routines:SSL3_READ_BYTES:tlsv1 alert decrypt
error:s3_pkt.c:1195:SSL alert number 51
1075078880:error:140780E5:SSL routines:SSL23_READ:ssl handshake
failure:s23_lib.c:131:
ACCEPT
But this was working file for me before. See my forum post
<http://redmine.lighttpd.net/boards/2/topics/5816>.
And these are the errors found in the lighttpd logs:
root@am335x-evm:~# tail -f /www/logs/lighttpd.error.log
2013-06-26 00:14:12: (connections.c.305) SSL: 1 error:1409441B:SSL
routines:SSL3_READ_BYTES:tlsv1 alert decrypt error
2013-06-26 00:14:12: (connections.c.305) SSL: 1 error:1409441B:SSL
routines:SSL3_READ_BYTES:tlsv1 alert decrypt error
2013-06-26 00:14:12: (connections.c.305) SSL: 1 error:1409441B:SSL
routines:SSL3_READ_BYTES:tlsv1 alert decrypt error
I contacted lighttpd forum for support
<http://redmine.lighttpd.net/boards/2/topics/5816>and Stefan there
suggested that:
"Your|openssl s_server| test used a different ciphersuite
(|TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA|), the pcap
shows|TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA|;
the different cipher (Camellia-256-CBC instead of AES-256-CBC)
shouldn't matter in that stage of the connection, but I guess the
ECDHE-RSA key exchange could be the problem.
You could try to disable elliptic curves with|ssl.cipher-list|.
Also I don't think this is a bug in lighttpd; it probably is somewhere
in the compiler, standard library, openssl, custom patches by whoever is
involved or even the hardware."
I tried disabling elliptic curves by setting the following as the
only cipher:
ssl.cipher-list ="DHE-RSA-AES128-SHA"
But the issue still persists.
I tried analysing the traffic using wireshark
<http://wirewatcher.wordpress.com/2010/07/20/decrypting-ssl-traffic-with-wireshark-and-ways-to-prevent-it/>
even though I am bad at it. I got the "Follow SSL Stream" context
menu item enabled. But when I click on it, the windows says 0 bytes.
I attaching the wireshark capture file.
I am also attaching my private key(throwaway key for testing).
If anyone can shed some light on this, that would be great.
Kiran
