On Tuesday, 26 July 2016 12:08:33 CEST Viktor Dukhovni wrote: > On Tue, Jul 26, 2016 at 01:09:04PM +0300, Ilari Liusvaara wrote: > > > Failure: > > > openssl s_client -connect regmedia.co.uk:443 -cipher > > > ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305> > > If you swap the order of these two ciphersuites, does it suceed or fail? > > > > I.e. > > > > openssl s_client -connect regmedia.co.uk:443 -cipher > > ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256 > I can reproduce the reported failure in the original order, and at > least for me the swapped variant succeeds. > > > Well, your test results certainly blow basic "negotiation accidentially > > blows off all valid candidates and then fails" hypothesis out of the > > water. So it has to be soemthing more complicated. > > > > Succeeding with the ciphersuites swapped would suggest (as somebody > > else in this thread already said) that it only considers Chacha in > > the first place, not noticing that it may be the only choice after > > certificate selection. > > Perhaps that's the issue.
if you send the AES-GCM then Chacha but do NOT include signature algorithms, it allows you to connect (other extensions are irrelevant). If you send AES-GCM then Chacha in ciphers but in signatures algorithms don't include the SHA256/ecdsa pair, it works too. in other words, this connects: openssl s_client -connect regmedia.co.uk:443 -cipher ECDHE-RSA-AES128-GCM- SHA256:ECDHE-ECDSA-CHACHA20-POLY1305 -sigalgs ECDSA+SHA512:RSA+SHA256 and this connects: openssl s_client -connect regmedia.co.uk:443 -cipher ECDHE-RSA-AES128-GCM- SHA256:ECDHE-ECDSA-CHACHA20-POLY1305 -sigalgs ECDSA+SHA512:RSA+SHA512 but this doesn't: openssl s_client -connect regmedia.co.uk:443 -cipher ECDHE-RSA-AES128-GCM- SHA256:ECDHE-ECDSA-CHACHA20-POLY1305 -sigalgs ECDSA+SHA256:RSA+SHA256 (using openssl-1.1.0-pre5) -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
