Re: [Openvpn-devel] Progress on Version negotiation

Wed, 23 Apr 2014 16:38:26 +0000 

Hi,

On Wed, Apr 23, 2014 at 11:36:28AM -0400, Timothe Litt wrote:
> Just to confirm that the issue is 1.2, not the negotiation:
> 
> I added an unconditional
>       sslopt |= SSL_OP_NO_TLSv1_2;
>  in tls_ctx_set_options.
> 
> With this (and the context initialized to SSL_v23_*_method, so we 
> negotiate), the tunnel comes up.
> Without it, the tunnel does not come up.
> 
> So it is the use of 1.2 that is the issue, not how it is selected.

Thinking through this, while cycling home from $paidwork, I remembered
something I saw when debugging something similar ("if I enable TLS1.2,
things explode") last time.

From Perl's IO::Socket::SSL:

    # older versions of F5 BIG-IP hang when getting SSL client hello >255 bytes
    # http://support.f5.com/kb/en-us/solutions/public/13000/000/sol13037.html
    # http://guest:gu...@rt.openssl.org/Ticket/Display.html?id=2771
    # Debian works around this by disabling TLSv12 on the client side
    # Chrome and IE11 use TLSv12 but use only a few ciphers, so that packet
    # stays small enough
    # The following list is taken from IE11, except that we don't do RC4-MD5,
    # RC4-SHA is already bad enough. Also, we have a different sort order
    # compared to IE11, because we put ciphers supporting forward secrecy on top

now - does that sound like it could be the problem?  The initial handshake
packet "under some conditions" (like: the local OpenSSL build having
more available ciphers, depending on how it was built) being too big,
causing "surprises"?

(This question is more geared towards James, Arne and Steffan :-) )

Timothe, on your failing setup, could you try putting some variations of
"--tls-cipher" in your openvpn.conf?  I'm not really sure I understand
the variants, but "openvpn --show-tls" suggests that some of these might
work

  tls-cipher AES128-SHA
  tls-cipher DHE-RSA-AES256-SHA

what does "openvpn --tls-cipher DEFAULT --show-tls" list on your systems
(or, phrased differently, if you have a system that does *not* fail on
TLS 1.2, does it show a shorter list)?

gert
-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             g...@greenie.muc.de
fax: +49-89-35655025                        g...@net.informatik.tu-muenchen.de

Attachment: pgpntZEnGLiV3.pgp
Description: PGP signature

Reply via email to