>From: owner-openssl-us...@openssl.org On Behalf Of Bogdan Harjoc
>Sent: Wednesday, 26 September, 2012 12:23
>I'm looking for the reason a server closes a SSL connection unless
>I overwrite this cipher id from the ClientHello cipher list:
(more exactly, improperly closes during handshake; "close[] SSL"
usually means the graceful close with alert.shutdown)
>TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012)
>with a cipher that the server [accepts from browser]
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
> ... and resend the ClientHello with netcat.
>The command I used to get this behavior was:
>openssl s_client -connect owa.unige.ch:443
>(as well as variations like -ssl3, -tls1, -cipher SSLv3, -cipher
SSLv3+MEDIUM,etc)
What version of openssl, and was it built with any options?
0.9.8 shouldn't offer ECC at all by default. 1.0.0 should,
but also several other suites prior to ECDHE-RSA-3DES.
And 1.0.1 even more unless you turn off TLS1.2.
>If I put the 0x0033 cipher anywhere in front of 0xc012,
>I get the ServerHello back.
>Why should a server abort the handshake depending on the cipher order ?
>If the cipher is lower in the list the handshake continues.
It probably has bug(s) or misconfiguration. A server *should*
skip any cipher suites it can not support (or understand)
and select one -- usually the first one -- it can support,
and give an alert if there is none. In addition to having
code for the algorithms, support requires having a suitable
key+cert available (except for aNULL suites, which OpenSSL
won't do by default and browsers won't do at all), and for
ECC suites having both code and cert for one of the curves,
and one of the pointformats, offered by the client. (OpenSSL
client offers all standard curves and pointformats.)
On some quick tests with 1.0.0i, owa.unige.ch apparently aborts
for any ECDH, or EDH-DSS, *or* AES256, only accepting EDH-RSA
or akRSA with DES3 or AES128, and *sometimes* it will skip
an unsupported suite and get a supported one as it should.
>Would disabling that cipher like below be an appropriate workaround ?
>My application has to handle "any webserver out there".
>SSL_CTX_set_cipher_list(ctx, "DEFAULT:!ECDHE-RSA-DES-CBC3-SHA")
If "any webserver" is defined as "anything that answers HTTPS",
be prepared to lower your standards quite a bit. Many of the things
people put on the internet, and the web, and even more so on some
private (business, organization, or home) nets, aren't real servers
at all, just quick&dirty interfaces stuck on the side of other things.
I suspect some of them are written in Perl, or even Visual Basic.
On the other hand, if you want "servers we find on the internet
that might be useful", you can probably disable all ECC (in 1.0.0+)
and DSS. There are various people doing research on usage of SSL
mostly HTTPS on the public net, and the published results I have
seen consistently say something like 0.0001% DSS and zero ECC.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
