>From: owner-openssl-users On Behalf Of Kiran G >Sent: Wednesday, October 30, 2013 00:13
>This is the openssl client output from my desktop: >$ openssl s_client -connect 192.168.3.152:443 -debug >CONNECTED(00000003) >write [v3format ClientHello with record and max ver 0300 and no extensions] What openssl build (and version) is this on your desktop? In official releases only >=1.0.0 does v3 format by default and they do either TLS1 (0301) or TLS1.2 (0303) by default, with several extensions. Or do you have an alias or such which alters the invocation of the actual openssl program? >read [ServerHello agrees C011=ECDHE-RSA-RC4, and RI] >read [Cert] >[verify error 18 for self signed because no truststore specified, okay] >read [ServerKX with curve=0017, a point, and a signature] >write [alert fatal 40=handshake_err] >3078801560:error:04091068:rsa routines:INT_RSA_VERIFY:bad signature:rsa_sign.c:189: >3078801560:error:1408D07B:SSL routines:SSL3_GET_KEY_EXCHANGE:bad signature:s3_clnt.c:1574: <snip rest> Okay, that's consistent. This s_client agrees your server is signing ServerKX wrong. And those line numbers match official source for about 1.0.0c-i. >When I tested this command on a working HTTPS server, it prompted me for the HTTP commands >and the commands I typed returned some hex values. That was either s_client echoing the request data in hex (because of -debug) or displaying the (HTTP) response in hex *as well as* text (ditto). >But not in the above case. Here command retuned rightway after the above output. Right. The handshake failed because of the bad signature so there is no connection on which to send anything. Like your Firefox connections failed. >I am not very familiar with the SSL stuff. When I was trying to setup lighttpd ssl, I was hoping >that it would work out of the box without much config. So I did not make any changes. >I was using the SSL libs which came with the filesystem/toolchain. (Nit- you mean operating system. File system is something different.) Well, it looks like the openssl that "came with" is broken to at least some extent. There are two generic approaches: - debug that build. That could range from middling easy to lots of work, and your posts so far don't indicate much debugging experience. FWIW both my manual check, and the errorstack above, indicate that the signature from your bad openssl is a good RSA PKCS#1 value but not on the correct hashes. So either that openssl is just doing SHA1 and MD5 wrong (which seems unlikely, but is easy to test standalone) or it is feeding the wrong data from the handshake into to-be-signed. - do your own build, see if that works (if so just use it), if not you have a better starting point to debug (known build, known tools, symbols, etc). On standard Linux this is maybe an hour work, I have no clue if Arago changes that. One possible workaround you might try first: use suite(s) that don't use ServerKX. In practice that means akRSA. For quick tests you can: - run s_client with -cipher RSA (or a specific one like AES128-SHA) against either lighttpd or s_server (with RSA key&cert) - run Firefox against s_server with -no_dhe and no_ecdhe (and -www and RSA key&cert) If that works then find out how to configure lighttpd to not do dhe or ecdhe. This approach would not give your users forward security, i.e. if your server privatekey is compromised an adversary can go back and decrypt previously-recorded sessions. But that's still better than no SSL at all. <snip earlier> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
