Re: SSL connection fails on the server with SSL_ERROR_HANDSHAKE_FAILURE_ALERT
All right, everything is working now. We found a mistake in our code - setting for ECC suites were inside of #ifdef NSS_ENABLE_ECC which was not defined. We define this symbol now and disable all ECC suites for all prototypes of socket we use (client and server too). I used Wireshark to watch the traffic and found a very strange behavior (the reason of the connection failure): - ClientHello packet contains (among others) suite 0xC014 (TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA). - ServerHello packet contains this suite as negotiated to be used for the ssl session - Client answers with fatal alert: Handshake Failure (40) I did not investigate the reason deeply, but it might be potentialy a bug in NSS 3.11 (?). Code in mozilla\security\nss\lib\ssl\ssl3con.c line 4488 doesn't consider the suite as suitable for the session and breaks the negotiation with fatal alert. This is strange, because the client socket sent this suite in the list of suits as available for the session. ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: SSL connection fails on the server with SSL_ERROR_HANDSHAKE_FAILURE_ALERT
Julien Pierre napsal: NSS only supports RSA ECDHE cipher suites on the client side at this time, so this is expected. If you are using NSS on the server side, you need to enable alternate cipher suites - and of course you need to enable them on the client side as well. Thanks for advise, unfortunatelly this invokes another problem. I enabled for client and sever another 4 suites: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Server closes the connection with error number -12227 (SSL_ERROR_WRONG_CERTIFICATE) described as Client authentication failed: private key in key database does not correspond to public key in certificate database. I am 100% sure the private key (RSA) is corresponding to the public key provided in the cert. I am not sure in this point, but it seems that NSS needs the certificates by signed by ECC. Maybe I am wrong. And yet another question: why do you restrict usage to just the ECC cryptography? Means this to stop using classic DH and RSA? ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: SSL connection fails on the server with SSL_ERROR_HANDSHAKE_FAILURE_ALERT
Honzab, Honzab wrote: Julien Pierre napsal: NSS only supports RSA ECDHE cipher suites on the client side at this time, so this is expected. If you are using NSS on the server side, you need to enable alternate cipher suites - and of course you need to enable them on the client side as well. Thanks for advise, unfortunatelly this invokes another problem. I enabled for client and sever another 4 suites: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA These cipher suites all require a certificate with an EC public key. I believe for the first 2, the certificate must be signed by ECDSA, for the last 2, by RSA. And yet another question: why do you restrict usage to just the ECC cryptography? Means this to stop using classic DH and RSA? I'm sorry, I made a mistake earlier. All the EC cipher suites are supported on both sides. Only the DHE/RSA cipher suites are supported on the client-side only. The list of client-side only cipher suites is : SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA SSL_DHE_DSS_WITH_DES_CBC_SHA SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA SSL_DHE_RSA_WITH_DES_CBC_SHA SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA All other cipher suites are supported for both client and server sides. ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto