Nelson,
I'd seen the references in ssl3con.c but wasn't sure why they were being called. Your analysis at least made me think of the workaround; I disabled all the DHE_* ciphers from the SSL server, and now TBird/PSM works. So I at least have a workaround.
I would like to help with the ssltap idea, but would need some help with that. At least with ethereal, I was seeing the client hello going out, server hello coming back, and then nothing (TBird would then give the error). I think it's because the server was saying that some DHE ciphers were okay to use; and TBird/PSM was trying to see if it could comply, but was unable to generate any DH keypairs. It has no key material to work with nor any DH parameters for the keypairs. I could get more network detail from an ssltap, but I'd need to know where to get a pre-built binary for MS windows (I have never built Mozilla for windows, and don't have the bandwidth just now to learn). But I think it's not going to tell you anything new; I think we'd have to figure out in PSM how to disable trying DH ciphers if there are no DH keys present in the cert store.
Let me know how I can help further pinpoint the problem.
Nelson B wrote:
Finder wrote:
> I'm trying to migrate from Mozilla MailNews 1.4 to Thunderbird 0.7.1. We > use IMAP over SSL, and the PKCS#12 certificate/key I use in Moz 1.4 > works (of course). Using the same cert/key combo, TBird craps out in the > SSL negotation with "Error establishing an encrypted connection to > {server}: Error code -8092".
SSL questions are better asked in n.p.m.crypto. I'm redirecting followups there.
According to http://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslerr.html#1038056
error code -8092 is "SEC_ERROR_KEYGEN_FAIL" which means "Unable to generate public-private key pair."
http://lxr.mozilla.org/mozilla/search?string=SEC_ERROR_KEYGEN_FAIL tells us that this error is produced in any of 4 places, all in ssl3con.c. They are in functions: sendDHClientKeyExchange (clients only) sendECDHClientKeyExchange (clients only, when compiled for ECC) ssl3_CreateRSAStepDownKeys (servers only) ssl3_CreateECDHEphemeralKeys (servers only, when compiled for ECC)
You're not running a server, and AFAIK, the client products do not compile the Elliptic Curve Cryptography code at this time, so you probably got this error from sendDHClientKeyExchange. That in turn implies that the server negotiated one of the Diffie-Hellman ciphersuites.
I'd guess that the newer Tbird supports some of these, and the older mozilla does not.
> Ethereal seems to show the server sending > the same stuff back for TBird as Moz (simply the Server Hello with its > cert chain, after the Client Hello from the mail client), but TBird > choosing not to continue the conversation by sending its certs back to > the server at that point.
I'll bet that it shows another difference, a different SSL3/TLS ciphersuite has probably been chosen by the server.
> Can it not find the right cert/key combo to use?
It attempted to generate an ephemeral Diffie-Hellman key pair, which is rather trivial, and that failed for some reason.
> How can I make it prompt for that, or trace what's going on? I'm > pretty sure the cert is well formed, since TBird successfully uses it to > S/MIME sign outgoing messages (and they're received as good messages).
There's no indication of a cert problem in what's reported thus far. As for a way to trace it. Use the NSS program named ssltap. ssltap acts like a proxy, between client and server. it logs what passes through. It doesn't decrypt anything, but usually the relevant bits for diaglnosis aren't encrypted anyway.
> Any ideas? This is a show stopper, unfortunately; we use client certs to > control access to the SSL server. If it's any help: I'm pretty sure we > noticed this problem first with Moz 1.5 (but I can't reproduce that), > which is why we're still on version 1.4. Maybe something changed in PSM > around that time?
I think the Diffie-Hellman Ephemeral cipher suites were introduced about then. but I don't recall exactly.
> I'm currently testing TBird 0.7.1 prebuilt binaries on Windows 2000, > same with the Moz 1.4 binaries. > > When I set the IMAP logging up, I don't really get much more > information. The layer reporting the information just gets told the > socket read fails (-1) for some reason (-8092); I think the underlying > reason is not being traced.
Things that would help would be: - a trace from ssltap, - copies of the server certs (which will be output to files by ssltap), - a copy of your secmod.db file (which doesn't contain any secrets, so don't worry). - and if you're willing, the hostname and port number of your IMAPS server. You can email that into to me (after demunging my email address), or you can create a bug in bugzilla.mozilla.org and attach the info there.
Do you use any hardware or third party software crypto devices? Have you configured your browser to work with any of them?
If Tbird has UI for disabling individual cipher suites, you might try disabling any that use Diffic-Hellman ephemeral ciphersuites. But if that works, it's only a workaround, and we should still find and fix the cause.
_______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
