Hi ALL, I have also tested the latest snap shot of openssl . I can also experience the same problem. It seems like now neither the normal handshake nor renegotiation is working .
I have used to s_server and s_client to communicate the server and client 1. ./openssl s_server -accept 443 -key $HOME/server_req/server_priv_key.pem -cert $HOME/exampleca/certs/01.pem -state -msg Server wait for the client connection request 2. ./openssl s_client -connect hostname:443 -CAfile $HOME/exampleca/cacert.pem -showcerts -prexit -state -msg when i issue this command ,client session is ended and i can see the following error message in server . SSL3 alert read:fatal:illegal parameter SSL_accept:failed in SSLv3 read client certificate A ERROR 2703612:error:14094417:SSL routines:SSL3_READ_BYTES:sslv3 alert illegal parameter:s3_pkt.c:1069:SSL alert number 47 shutting down SSL CONNECTION CLOSED >From my understanding , here i have not tried renegotiation . I have tried to connect the server to client but the handshake fails with illegal parameter .( i think in the latest snapshot some thing is messed up). I have another query regarding the CVE-2009-3555 . when ever the client tries to renegotiate connection with the server , will connection should be dropped or should it send the warning message to the client "No renegotiation possible" ? As per the openssl patch released to deal with the security vulnerability mention in the CVE-2009-3555 , it drops the connection if renegotiation is attempted . This is the patch got from the cvs http://cvs.openssl.org/chngview?cn=18791 http://cvs.openssl.org/chngview?cn=18794 Comments for the patch is " Use existing code to disable renegotiation. Die if we see a client hello." so it probabaly mention that it drops the connection rather than sending warning. Any one can confirm whether this is the intended behaviour with connection renegotiation ? Thanks in advance Rajan >>I think it's pretty well understood at this point that 0.9.8l does >>the wrong thing when a client asks for a renegotiation (hangs the >>negotiation, basically). But it looks to me like 0.9.8-stable also >>gets it wrong. >>AFAICT by code inspection 0.9.8-stable (yesterday's snapshot) sends >>a Fatal INVALID PARAMETER alert and ends the session. That seems >>wrong. >>I believe a Warning NO RENEGOTIATION alert should be sent, and if the >>client then wants to close, it can do so -- or not. The code now seems >>to disconnect clients in violation of the standard; is there really a >>security reason to do this? >>I started to implement this but then discovered that there's other code >>which suppresses any attempt to send the NO RENEGOTIATION alert (commented >>with "don't send :-)") -- what's with that? >>It seems like, though the quick implementation of the new renegotiation >>extension was very impressive, the handling of clients which try to do >>unsafe renegotiations is either still quite broken, or I am suffering >>from a serious misunderstanding of either the spec or the code. >>Could someone from the OpenSSL team please comment on this?
