Eric Rescorla wrote:
>
> "Dave Stafford" <[EMAIL PROTECTED]> writes:
>
> > > IE. 56k browsers can not read our ssl (Global 128) websites (I wish we
> > > could
> > > get rid of these buggy IE browsers). Searching the web I found that
> > > versions
> > > of openssl 0.9.5a and higher have this problem. Has anyone ran into
> > > this or
> > > heard of an opeenssl fix for this ?
> >
> > Although I am no great fan of Msoft, this is hardly a bug.
> >
> > Openssl cannot fix this (unless you issue certs using 56 bit keys).
> > Easiest is to download the 128bit upgrade for ie 4 & 5 from Microsoft.
> I wouldn't be so sure. The issue is that there are two variants of
> "Global 128". The Netscape version (Step-Up) is slower but is
> SSL-compliant. The Microsoft version (SGC) is faster and cleverer but
> actually violates the SSL spec. Different certificate extensions are
> used to mark which variant your server supports. For obvious reasons,
> there are only two classes of such certificates Step-Up only and
> Step-Up + SGC.
>
> Anyway, you've probably got a Step-Up + SGC certificate, in which case
> IE will attempt SGC. Since this is a violation of the SSL spec,
> OpenSSL naturally rejects this and had to be taught to understand
> it. From the changelog, it looks to me like change was made in OpenSSL
> 0.9.6, so if you install 0.9.6 you should be OK. You could also maybe
> get a Step-Up only certificate in which case IE will do Step-Up. This
> seems like more work and lamer anyway :)
>
Just to clarify a few points. The SGC support was added in OpenSSL
0.9.5. 56 bit ciphersuites were also enabled at that time.
It is my understanding that this problem occurs both with step up and
SGC.
This is caused by a bug in IE and it is documented in the MS knowledge
base, I don't have the precise reference handy though.
When export IE uses SGC or step up it initiates the connection using a
normal weak cipher, this will be the strongest weak ciphersuite
supported by both client and server. Once it is satisfied that SGC or
step up is allowed it will then use a strong cipher.
Now the problem is triggered when the two ciphersuites use different
message digests. Apparently IE doesn't recognise the change. Broken IIS
implementations do things in the same way so the two are broken in a
compatible way. Its tricky for OpenSSL to handle this without breaking
clients that get it right.
Now the reason the problem arises is that prior to OpenSSL 0.9.5 the two
ciphersuites negotiated would have the same digest. However different
digests typically occur with the new 56 bit ciphersuites.
A fix that has been reported to work is to either disable the 56 bit
ciphersuites or use only one digest. So setting the ciphersuite to one
of these may work:
DEFAULT:!EXPORT56:@STRENGTH
SHA1:@STRENGTH
MD5:@STRENGTH
The best solution is to get clients to upgrade to 128 bit encryption
then you avoid this entirely.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
