On Wed, Mar 08, 2023 at 01:07:45AM +0300, Maxim Dounin wrote:
> Hello!
>
> On Tue, Mar 07, 2023 at 06:46:12PM +0400, Roman Arutyunyan wrote:
>
> > Hi,
> >
> > On Wed, Mar 01, 2023 at 05:56:03PM +0300, Maxim Dounin wrote:
> > > # HG changeset patch
> > > # User Maxim Dounin <mdou...@mdounin.ru>
> > > # Date 1677682421 -10800
> > > # Wed Mar 01 17:53:41 2023 +0300
> > > # Node ID c76e163105f1eac7727ce4e6d955fecb38d93e49
> > > # Parent 4d0a265c1d20f22f196680dfcc9d044f9e711865
> > > SSL: logging levels of various errors reported with tlsfuzzer.
> > >
> > > To further differentiate client-related errors and adjust logging levels
> > > of various SSL errors, nginx was tested with tlsfuzzer with multiple
> > > OpenSSL versions (3.1.0-beta1, 3.0.8, 1.1.1t, 1.1.0l, 1.0.2u, 1.0.1u,
> > > 1.0.0s, 0.9.8zh).
> >
> > While mentioned here, OpenSSL 3.1.0-beta1 is not referenced anywhere in the
> > text below. It should be added to the list of versions not adding new
> > client
> > errors compared to other versions.
>
> Thanks for noting. I've generally not considered OpenSSL
> 3.1.0-beta1, since it is mostly identical to OpenSSL 3.0.8 in
> terms of errors and not really a release, but decided to add it to
> the list of tested versions for completeness.
>
> Updated the last paragraph as well:
>
> : No additional client-related errors were observed while testing with
>
> : OpenSSL 3.1.0-beta1, OpenSSL 1.1.0l, OpenSSL 1.0.1u, OpenSSL 1.0.0s,
>
> : and OpenSSL 0.9.8zh.
>
>
> > > The following errors were observed during tlsfuzzer runs with OpenSSL
> > > 3.0.8,
> > > and are clearly client-related:
> > >
> > > SSL_do_handshake() failed (SSL: error:0A000092:SSL routines::data length
> > > too long)
> > > SSL_do_handshake() failed (SSL: error:0A0000A0:SSL routines::length too
> > > short)
> > > SSL_do_handshake() failed (SSL: error:0A000124:SSL routines::bad legacy
> > > version)
> > > SSL_do_handshake() failed (SSL: error:0A000178:SSL routines::no shared
> > > signature algorithms)
> > >
> > > Accordingly, the SSL_R_DATA_LENGTH_TOO_LONG ("data length too long"),
> > > SSL_R_LENGTH_TOO_SHORT ("length too short"), SSL_R_BAD_LEGACY_VERSION
> > > ("bad legacy version"), and SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS
> > > ("no shared signature algorithms", misspelled as "sigature" in OpenSSL
> > > 1.0.2)
> > > errors are now logged at the "info" level.
> > >
> > > Additionally, the following errors were observed with OpenSSL 3.0.8 and
> > > with TLSv1.3 enabled:
> > >
> > > SSL_do_handshake() failed (SSL: error:02800066:Diffie-Hellman
> > > routines::invalid public key error:0A000132:SSL routines::bad ecpoint)
> > > SSL_do_handshake() failed (SSL: error:08000066:elliptic curve
> > > routines::invalid encoding error:0A000132:SSL routines::bad ecpoint)
> > > SSL_do_handshake() failed (SSL: error:0800006B:elliptic curve
> > > routines::point is not on curve error:0A000132:SSL routines::bad ecpoint)
> > > SSL_do_handshake() failed (SSL: error:0A00006F:SSL routines::bad digest
> > > length)
> > > SSL_do_handshake() failed (SSL: error:0A000070:SSL routines::missing
> > > sigalgs extension)
> > > SSL_do_handshake() failed (SSL: error:0A000096:SSL routines::encrypted
> > > length too long)
> > > SSL_do_handshake() failed (SSL: error:0A00010F:SSL routines::bad length)
> > > SSL_read() failed (SSL: error:0A00007A:SSL routines::bad key update)
> > > SSL_read() failed (SSL: error:0A000125:SSL routines::mixed handshake and
> > > non handshake data)
> > >
> > > Accordingly, the SSL_R_BAD_ECPOINT ("bad ecpoint"),
> >
> > SSL_R_BAD_ECPOINT is already logged at the "info" level, added by you in
> > cac164d0807e. This text is probably a leftover from testing this without
> > the
> > previous patch applied, in which case a crypto error was analyzed and
> > ignored.
>
> Indeed, thanks for catching. Removed this from the commit log (as
> well as the relevant error messages above).
>
> > > SSL_R_BAD_DIGEST_LENGTH
> > > ("bad digest length"), SSL_R_MISSING_SIGALGS_EXTENSION ("missing sigalgs
> > > extension"), SSL_R_ENCRYPTED_LENGTH_TOO_LONG ("encrypted length too
> > > long"),
> > > SSL_R_BAD_LENGTH ("bad length"), SSL_R_BAD_KEY_UPDATE ("bad key update"),
> > > and SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA ("mixed handshake and non
> > > handshake data") errors are now logged at the "info" level.
> > >
> > > Additionally, the following errors were observed with OpenSSL 1.1.1t:
> > >
> > > SSL_do_handshake() failed (SSL: error:14094091:SSL
> > > routines:ssl3_read_bytes:data between ccs and finished)
> > > SSL_do_handshake() failed (SSL: error:14094199:SSL
> > > routines:ssl3_read_bytes:too many warn alerts)
> > > SSL_read() failed (SSL: error:1408F0C6:SSL
> > > routines:ssl3_get_record:packet length too long)
> > > SSL_read() failed (SSL: error:14094085:SSL routines:ssl3_read_bytes:ccs
> > > received early)
> > >
> > > Accordingly, the SSL_R_CCS_RECEIVED_EARLY ("ccs received early"),
> > > SSL_R_DATA_BETWEEN_CCS_AND_FINISHED ("data between ccs and finished"),
> > > SSL_R_PACKET_LENGTH_TOO_LONG ("packet length too long"), and
> > > SSL_R_TOO_MANY_WARN_ALERTS ("too many warn alerts") errors are now logged
> > > at the "info" level.
> > >
> > > Additionally, the following errors were observed with OpenSSL 1.0.2u:
> > >
> > > SSL_do_handshake() failed (SSL: error:1407612A:SSL
> > > routines:SSL23_GET_CLIENT_HELLO:record too small)
> > > SSL_do_handshake() failed (SSL: error:1408C09A:SSL
> > > routines:ssl3_get_finished:got a fin before a ccs)
> > >
> > > Accordingly, the SSL_R_RECORD_TOO_SMALL ("record too small") and
> > > SSL_R_GOT_A_FIN_BEFORE_A_CCS ("got a fin before a ccs") errors are now
> > > logged at the "info" level.
> > >
> > > No additional client-related errors were observed while testing with
> > > OpenSSL 1.1.0l, OpenSSL 1.0.1u, OpenSSL 1.0.0s, and OpenSSL 0.9.8zh.
>
> Full updated commit log:
>
> # HG changeset patch
> # User Maxim Dounin <mdou...@mdounin.ru>
> # Date 1678226771 -10800
> # Wed Mar 08 01:06:11 2023 +0300
> # Node ID a48cbbec723b1a6d4943e877deb21e719c19d09a
> # Parent c011fae23865f04518f9279fb98a312ef8f7a29c
> SSL: logging levels of various errors reported with tlsfuzzer.
>
> To further differentiate client-related errors and adjust logging levels
> of various SSL errors, nginx was tested with tlsfuzzer with multiple
> OpenSSL versions (3.1.0-beta1, 3.0.8, 1.1.1t, 1.1.0l, 1.0.2u, 1.0.1u,
> 1.0.0s, 0.9.8zh).
>
> The following errors were observed during tlsfuzzer runs with OpenSSL 3.0.8,
> and are clearly client-related:
>
> SSL_do_handshake() failed (SSL: error:0A000092:SSL routines::data length too
> long)
> SSL_do_handshake() failed (SSL: error:0A0000A0:SSL routines::length too short)
> SSL_do_handshake() failed (SSL: error:0A000124:SSL routines::bad legacy
> version)
> SSL_do_handshake() failed (SSL: error:0A000178:SSL routines::no shared
> signature algorithms)
>
> Accordingly, the SSL_R_DATA_LENGTH_TOO_LONG ("data length too long"),
> SSL_R_LENGTH_TOO_SHORT ("length too short"), SSL_R_BAD_LEGACY_VERSION
> ("bad legacy version"), and SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS
> ("no shared signature algorithms", misspelled as "sigature" in OpenSSL 1.0.2)
> errors are now logged at the "info" level.
>
> Additionally, the following errors were observed with OpenSSL 3.0.8 and
> with TLSv1.3 enabled:
>
> SSL_do_handshake() failed (SSL: error:0A00006F:SSL routines::bad digest
> length)
> SSL_do_handshake() failed (SSL: error:0A000070:SSL routines::missing sigalgs
> extension)
> SSL_do_handshake() failed (SSL: error:0A000096:SSL routines::encrypted length
> too long)
> SSL_do_handshake() failed (SSL: error:0A00010F:SSL routines::bad length)
> SSL_read() failed (SSL: error:0A00007A:SSL routines::bad key update)
> SSL_read() failed (SSL: error:0A000125:SSL routines::mixed handshake and non
> handshake data)
>
> Accordingly, the SSL_R_BAD_DIGEST_LENGTH ("bad digest length"),
> SSL_R_MISSING_SIGALGS_EXTENSION ("missing sigalgs extension"),
> SSL_R_ENCRYPTED_LENGTH_TOO_LONG ("encrypted length too long"),
> SSL_R_BAD_LENGTH ("bad length"), SSL_R_BAD_KEY_UPDATE ("bad key update"),
> and SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA ("mixed handshake and non
> handshake data") errors are now logged at the "info" level.
>
> Additionally, the following errors were observed with OpenSSL 1.1.1t:
>
> SSL_do_handshake() failed (SSL: error:14094091:SSL
> routines:ssl3_read_bytes:data between ccs and finished)
> SSL_do_handshake() failed (SSL: error:14094199:SSL
> routines:ssl3_read_bytes:too many warn alerts)
> SSL_read() failed (SSL: error:1408F0C6:SSL routines:ssl3_get_record:packet
> length too long)
> SSL_read() failed (SSL: error:14094085:SSL routines:ssl3_read_bytes:ccs
> received early)
>
> Accordingly, the SSL_R_CCS_RECEIVED_EARLY ("ccs received early"),
> SSL_R_DATA_BETWEEN_CCS_AND_FINISHED ("data between ccs and finished"),
> SSL_R_PACKET_LENGTH_TOO_LONG ("packet length too long"), and
> SSL_R_TOO_MANY_WARN_ALERTS ("too many warn alerts") errors are now logged
> at the "info" level.
>
> Additionally, the following errors were observed with OpenSSL 1.0.2u:
>
> SSL_do_handshake() failed (SSL: error:1407612A:SSL
> routines:SSL23_GET_CLIENT_HELLO:record too small)
> SSL_do_handshake() failed (SSL: error:1408C09A:SSL
> routines:ssl3_get_finished:got a fin before a ccs)
>
> Accordingly, the SSL_R_RECORD_TOO_SMALL ("record too small") and
> SSL_R_GOT_A_FIN_BEFORE_A_CCS ("got a fin before a ccs") errors are now
> logged at the "info" level.
>
> No additional client-related errors were observed while testing with
> OpenSSL 3.1.0-beta1, OpenSSL 1.1.0l, OpenSSL 1.0.1u, OpenSSL 1.0.0s,
> and OpenSSL 0.9.8zh.
Looks ok
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel
