1.0.1i breaks SRP

Norm Green Thu, 07 Aug 2014 16:57:40 -0700

I just upgraded our product to 1.0.1i and logins via SRP are nowbroken. Shown below are the SSL calls made from both the client andserver. Everything worked perfectly under 1.0.1h.Bot sides set the cipher list to 'SRP' via calls toSSL_CTX_set_cipher_list(), so the "no shared cipher" complaint afterline 31 on the server side is clearly bogus.


Any idea where to begin debugging this?  Any and all help is appreciated.


Norm Green





Server Side:

[   1] SSL call: SSL_load_error_strings with args: NONE (nothing returned)
[   2] SSL call: ERR_load_crypto_strings with args: NONE (nothing returned)
[   3] SSL call: OpenSSL_add_all_ciphers with args: NONE (nothing returned)
[   4] SSL call: OpenSSL_add_all_digests with args: NONE (nothing returned)
[   5] SSL call: SSL_library_init with args: NONE result=1
[   6] SSL call: RAND_status with args: NONE   result=1
[   7] SSL call: TLSv1_1_server_method with args: NONE result=0x7f1407999040
[   8] SSL call: SSL_CTX_new with args: 0x7f1407999040 result=0x1f8a8e0
[   9] SSL call: SSL_CTX_ctrl with args: 0x1f8a8e0 33 4 (NULL)   result=4

[ 10] SSL call: SSL_CTX_set_verify with args: 0x1f8a8e0 0 (NULL)(nothing returned)[ 11] SSL call: SSL_CTX_set_cipher_list with args: 0x1f8a8e0 'SRP'result=1[ 12] SSL call: SSL_CTX_set_srp_strength with args: 0x1f8a8e0 1024result=1

[  13] SSL call: BN_init with args: 0x7f14197a3a88 (nothing returned)
[  14] SSL call: BN_init with args: 0x7f14197a3aa0 (nothing returned)
[  15] SSL call: BN_init with args: 0x7f14197a3ab8 (nothing returned)
[  16] SSL call: BN_init with args: 0x7f14197a3ad0 (nothing returned)
[  17] SSL call: SRP_get_default_gN with args: '1024' result=0x7f14079adb50

[ 18] SSL call: BN_copy with args: 0x7f14197a3ab8 0x7f14079adaa0result=0x7f14197a3ab8[ 19] SSL call: BN_copy with args: 0x7f14197a3ad0 0x7f14079ad980result=0x7f14197a3ad0[ 20] SSL call: BN_bin2bn with args: 0x7fff686674c0 1280x7f14197a3aa0 result=0x7f14197a3aa0[ 21] SSL call: BN_bin2bn with args: 0x7fff686674c0 20 0x7f14197a3a88result=0x7f14197a3a88[ 22] SSL call: SSL_CTX_set_verify with args: 0x1f8a8e0 0 (NULL)(nothing returned)[ 23] SSL call: SSL_CTX_set_cipher_list with args: 0x1f8a8e0 'SRP'result=1[ 24] SSL call: SSL_CTX_set_srp_cb_arg with args: 0x1f8a8e00x7f14197a3a80 result=1[ 25] SSL call: SSL_CTX_set_srp_username_callback with args: 0x1f8a8e00x7f1418ab6d26 result=1

[  26] SSL call: SSL_new with args: 0x1f8a8e0 result=0x1f8b680
[  27] SSL call: SSL_set_fd with args: 0x1f8b680 5 result=1
[  28] SSL call: SSL_get_fd with args: 0x1f8b680   result=5
[  29] SSL call: ERR_clear_error with args: NONE   (nothing returned)
[  30] SSL call: SSL_accept with args: 0x1f8b680 result=-1
[  31] SSL call: SSL_get_error with args: 0x1f8b680 -1 result=1

error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no sharedcipher:s3_srvr.c:1358:


[  32] SSL call: ERR_clear_error with args: NONE   (nothing returned)
[  33] SSL call: SSL_accept with args: 0x1f8b680 result=-1
[  34] SSL call: ERR_clear_error with args: NONE   (nothing returned)
[  35] SSL call: SSL_accept with args: 0x1f8b680 result=-1
[  36] SSL call: ERR_clear_error with args: NONE   (nothing returned)
[  37] SSL call: SSL_accept with args: 0x1f8b680 result=-1
SSL_accept() failed after 4 tries
[  38] SSL call: SSL_free with args: 0x1f8b680   (nothing returned)
[  39] SSL call: SSL_CTX_free with args: 0x1f8a8e0 (nothing returned)


Client Side:

[   1] SSL call: SSL_load_error_strings with args: NONE (nothing returned)
[   2] SSL call: ERR_load_crypto_strings with args: NONE (nothing returned)
[   3] SSL call: OpenSSL_add_all_ciphers with args: NONE (nothing returned)
[   4] SSL call: OpenSSL_add_all_digests with args: NONE (nothing returned)
[   5] SSL call: SSL_library_init with args: NONE result=1
[   6] SSL call: RAND_status with args: NONE   result=1
[   7] SSL call: TLSv1_1_client_method with args: NONE result=0x7ffff6460a40
[   8] SSL call: SSL_CTX_new with args: 0x7ffff6460a40 result=0x62f150
[   9] SSL call: SSL_CTX_ctrl with args: 0x62f150 33 4 (NULL)   result=4

[ 10] SSL call: SSL_CTX_set_verify with args: 0x62f150 0 (NULL)(nothing returned)[ 11] SSL call: SSL_CTX_set_cipher_list with args: 0x62f150 'SRP'result=1[ 12] SSL call: SSL_CTX_set_srp_strength with args: 0x62f150 1024result=1[ 13] SSL call: SSL_CTX_set_srp_username with args: 0x62f150'SystemUser' result=1[ 14] SSL call: SSL_CTX_set_srp_password with args: 0x62f150'swordfish' result=1

[  15] SSL call: SSL_new with args: 0x62f150 result=0x62f990
[  16] SSL call: SSL_set_fd with args: 0x62f990 6 result=1
[  17] SSL call: SSL_get_fd with args: 0x62f990   result=6
[  18] SSL call: ERR_clear_error with args: NONE   (nothing returned)
[  19] SSL call: SSL_connect with args: 0x62f990   result=0
[  20] SSL call: SSL_get_error with args: 0x62f990 0 result=1

error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshakefailure:s3_pkt.c:1275:SSL alert number 40


[  21] SSL call: ERR_clear_error with args: NONE   (nothing returned)
[  22] SSL call: SSL_connect with args: 0x62f990   result=0
[  23] SSL call: ERR_clear_error with args: NONE   (nothing returned)
[  24] SSL call: SSL_connect with args: 0x62f990   result=0
[  25] SSL call: ERR_clear_error with args: NONE   (nothing returned)
[  26] SSL call: SSL_connect with args: 0x62f990   result=0
SSL_connect() failed after 4 tries
[  27] SSL call: SSL_free with args: 0x62f990   (nothing returned)
[  28] SSL call: SSL_CTX_free with args: 0x62f150 (nothing returned)
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

1.0.1i breaks SRP

Reply via email to