I've only recently started looking at mod_ssl (much easier to work with than
when I last had a brief look at Apache + SSL quite a while ago - thank you
to those who've made such improvements!) and while trying different logging
options decided to try each of the SSL encryption schemes offered by
Netscape 4.7 (LINUX, export version upgraded to strong encryption using
Fortify) to see what was reported in the logs.
The server is Apache 1.3.12 on Solaris 2.6 (SPARC), fulls details
"Apache/1.3.12 (Unix) PHP/4.0.0 mod_ssl/2.6.2 OpenSSL/0.9.5a mod_perl/1.24".
While in general it all "just worked", I found that there was a problem with
DES encryption (but not triple-DES, which seems superficially odd to me as a
non-expert). I haven't managed to find anything about this in the bug
database, but it could be my fault or the expected behaviour...
Comments/pointers welcome.
The details:
Netscape 4.7's "About" menu item reports "This version supports U.S.
security with RSA Public Key Cryptography, MD2, MD5, RC2-CBC, RC4, DES-CBC,
DES-EDE3-CBC.", though the strong encryption was backdoor-enabled using
Fortify (which I'm half expecting to be related to the problem...).
mod_ssl's config does not specify SSLCipherSuite, leaving it to use the
default (which looks like it should enable the cipher suites that hit
problems).
What I see in the cases that fail differs between SSLv2 and v3.
If in Netscape I enable only SSLv2 and allow only "DES encryption with a
56-bit key", attempting to reload the SSL server's home page gets an error
popup "SSL has received a record with an incorrect Message Authentication
Code. This could indicate a network error, a bad server implementation, or a
security violation." Nothing is reported in the various Apache logs (no
connection details, no description of the error and no core dump). The other
Netscape SSLv2 options work.
If instead I enable only SSLv3 and try each in turn (updating cipher
selection then reload-ing), the ones that fail are:
* FIPS 140-1 compliant DES encryption and SHA-1 MAC
* DES encryption with a 56-bit key and a SHA-1 MAC
* DES encryption in CBC mode with a 56-bit key and a SHA-1 MAC
All the others (except no encryption, which is rejected cleanly...) work,
including the triple-DES options. For these failures, an error log entry is
written reporting
mod_ssl: SSL handshake failed (server ...) (OpenSSL library error follows)
OpenSSL: error:14086081:SSL routines:SSL3_ENC:block cipher pad is wrong
which suggests a bug at one end or the other, rather than simply that DES is
not supported by mod_ssl/OpenSSL. While the descriptions in Netscape's
security configuration and the output of "openssl ciphers -v" are expressed
differently, it looks like at least the non-FIPS choices should work and I'd
guess that the failing FIPS option is probably there under another name.
So: configuration/installation error on my part? bug in Netscape 4.7 (or due
to Fortify-ing it)? bug in OpenSSL? bug in mod_ssl? ...?
John Line
--
University of Cambridge WWW manager account (usually John Line)
Send general WWW-related enquiries to [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
