On 09/12/12 13:37, Jan Stary wrote:
> On Jul 28 15:28:48, Antoine Jacoutot wrote:
>> On Sat, Jul 28, 2012 at 02:14:41PM +0100, Stuart Henderson wrote:
>>> On 2012/07/28 13:48, Jan Stary wrote:
>>>>
>>>> gnutls_handshake failed -110 fatal 1 GNUTLS version is too old
>>>> to provide human readable error.
>>>>
>>>> I am not very proficient in the ways of TLS, so please bare with me.
>>>> Is this one error (namely, that my GNUTLS is too old to make a handshake),
>>>> or two separate errors (namely, that the handshake failed, and moreover,
>>>> it cannot provide a readable error)?
>>>
>>> I think you should forget about debugging in the browser and move to the
>>> simpler tools,
>>>
>>> $ gnutls-cli --x509cafile /etc/ssl/cert.pem cz.mbank.eu
>>> Processed 36 CA certificate(s).
>>> Resolving 'cz.mbank.eu'...
>>> Connecting to '193.41.230.85:443'...
>>> *** Fatal error: The TLS connection was non-properly terminated.
>>> No certificates found!
>>> *** Handshake has failed
>>> GnuTLS error: The TLS connection was non-properly terminated.
>>>
>>> So, as this basic gnutls tool also fails, there's no point trying to
>>> debug via a browser.
>>>
>>> If you turn on debugging in gnutls-cli you see that gnutls writes
>>> some data and then tries to read from the server but gets zero bytes
>>> back, I imagine the remote side didn't like something sent to it
>>> and dropped the connection.. Trying with --disable-extensions, same.
>>> Might be worth playing with different --priorities strings perhaps.
>>>
>>> Do you have another OS handy with a recent gnutls 3.x you can test
>>> to identify whether the problem is specific to OpenBSD or the port,
>>> or whether it's a general gnutls problem?
>>>
>>> If it affects other OS too, you're probably better off reporting
>>> it upstream.
>>
>>
>> ### gnutls 2.12.18 on OpenBSD
>> $ gnutls-cli --x509cafile /etc/ssl/cert.pem cz.mbank.eu
>> Processed 36 CA certificate(s).
>> Resolving 'cz.mbank.eu'...
>> Connecting to '193.41.230.85:443'...
>> *** Fatal error: A TLS packet with unexpected length was received.
>> *** Handshake has failed
>> GnuTLS error: A TLS packet with unexpected length was received.
>>
>> So it's not a regression.
>>
>> ### gnutls 3.0.21 on Arch Linux
>> $ gnutls-cli --x509cafile /etc/ssl/cert.pem cz.mbank.eu
>> Error setting the x509 trust file
>> Resolving 'cz.mbank.eu'...
>> Connecting to '193.41.230.85:443'...
>> *** Fatal error: The TLS connection was non-properly terminated.
>> No certificates found!
>> *** Handshake has failed
>> GnuTLS error: The TLS connection was non-properly terminated
>
>
> # gnutls 2.8.6 on Debian
> $ gnutls-cli --x509cafile /etc/ssl/cert.pem cz.mbank.eu
> Error setting the x509 trust file
> Resolving 'cz.mbank.eu'...
> Connecting to '193.41.230.85:443'...
> *** Fatal error: A TLS packet with unexpected length was received.
> *** Handshake has failed
> GnuTLS error: A TLS packet with unexpected length was received.
>
>
> # gnutls 3.0.23 on OpenBSD
> ~$ gnutls-cli --x509cafile /etc/ssl/cert.pem cz.mbank.eu
> Processed 36 CA certificate(s).
> Resolving 'cz.mbank.eu'...
> Connecting to '193.41.230.85:443'...
> *** Fatal error: The TLS connection was non-properly terminated.
> No certificates found!
> *** Handshake has failed
> GnuTLS error: The TLS connection was non-properly terminated.
>
>
> # gnutls 3.1.1 on OpenBSD
> ~$ gnutls-cli --x509cafile /etc/ssl/cert.pem cz.mbank.eu
> Processed 36 CA certificate(s).
> Resolving 'cz.mbank.eu'...
> Connecting to '193.41.230.85:443'...
> *** Fatal error: Error in the pull function.
> No certificates found!
> *** Handshake has failed
> GnuTLS error: Error in the pull function.
>
>
> That's three different error messages.
> Does anyone please have a clue about what this means?
>
>
$ openssl s_client -connect cz.mbank.eu:443
CONNECTED(00000003)
.....
New, TLSv1/SSLv3, Cipher is DES-CBC3-SHA
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : SSLv3
Cipher : DES-CBC3-SHA
Session-ID: 6D8CE0C64F2658574C1406DF76B570E2FC13D2B07563CC4C7E7D290CD775E836
Session-ID-ctx:
Master-Key:
19B3853E76C28A3BB66728384D3D857889D5B09D4EFD5E4441D7D027442C9245C178CE53ED86896FF06E09D6EE76FBE5
Key-Arg : None
PSK identity: None
PSK identity hint: None
Start Time: 1347455833
Timeout : 7200 (sec)
Verify return code: 20 (unable to get local issuer certificate)
---
GET / HTTP/1.0
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 15495
Content-Type: text/html; charset=iso-8859-2
Expires: -1
Set-Cookie: mBank1=TEMPDE29483A0A32D9D15C8FD701C2F73387; path=/; secure;
HttpOnly
Set-Cookie: mBankLang1140=P; expires=Tue, 09-Jun-2015 13:17:21 GMT; path=/;
secure
Server: mBank Web Server
Date: Wed, 12 Sep 2012 13:17:21 GMT
Connection: close
Doesn't help much - except openssl works.
$ gnutls-cli-debug cz.mbank.eu
Resolving 'cz.mbank.eu'...
Connecting to '193.41.230.85:443'...
Checking for SSL 3.0 support... yes
Checking whether %COMPAT is required... no
Checking for TLS 1.0 support... no
Checking for TLS 1.1 support... no
Checking fallback from TLS 1.1 to... failed
Checking for TLS 1.2 support... no
Checking whether we need to disable TLS 1.2... yes
Checking whether we need to disable TLS 1.1... yes
Checking whether we need to disable TLS 1.0... N/A
Checking for Safe renegotiation support... no
Checking for Safe renegotiation support (SCSV)... no
Checking for HTTPS server name... not checked
Checking for version rollback bug in RSA PMS... yes
Checking for version rollback bug in Client Hello... yes
Checking whether the server ignores the RSA PMS version... no
Checking whether the server can accept Hello Extensions... no
Checking whether the server can accept small records (512 bytes)... no
Checking whether the server can accept cipher suites not in SSL 3.0 spec... no
Checking whether the server can accept a bogus TLS record version in the client
hello... no
Checking for certificate information... N/A
Checking for trusted CAs... N/A
Checking whether the server understands TLS closure alerts... no
Checking whether the server supports session resumption... yes
Checking for export-grade ciphersuite support... no
Checking RSA-export ciphersuite info... N/A
Checking for anonymous authentication support... no
Checking anonymous Diffie-Hellman group info... N/A
Checking for ephemeral Diffie-Hellman support... no
Checking ephemeral Diffie-Hellman group info... N/A
Checking for ephemeral EC Diffie-Hellman support... no
Checking ephemeral EC Diffie-Hellman group info... N/A
Checking for AES-GCM cipher support... no
Checking for AES-CBC cipher support... no
Checking for CAMELLIA cipher support... no
Checking for 3DES-CBC cipher support... no
Checking for ARCFOUR 128 cipher support... yes
Checking for ARCFOUR 40 cipher support... no
Checking for MD5 MAC support... yes
Checking for SHA1 MAC support... no
Checking for SHA256 MAC support... no
Checking for ZLIB compression support... no
Checking for max record size... no
Checking for OpenPGP authentication support... no
$ gnutls-cli-debug cz.mbank.eu
Resolving 'cz.mbank.eu'...
Connecting to '193.41.230.85:443'...
Checking for SSL 3.0 support... yes
Checking whether %COMPAT is required... yes
Checking for TLS 1.0 support... yes
Checking for TLS 1.1 support... no
Checking fallback from TLS 1.1 to... failed
Checking for TLS 1.2 support... no
Checking whether we need to disable TLS 1.2... yes
Checking whether we need to disable TLS 1.1... no
Checking whether we need to disable TLS 1.0... N/A
Checking for Safe renegotiation support... no
Checking for Safe renegotiation support (SCSV)... no
Checking for HTTPS server name... not checked
Checking for version rollback bug in RSA PMS... no
Checking for version rollback bug in Client Hello... no
Checking whether the server ignores the RSA PMS version... no
Checking whether the server can accept Hello Extensions... yes
Checking whether the server can accept small records (512 bytes)... yes
Checking whether the server can accept cipher suites not in SSL 3.0 spec... yes
Checking whether the server can accept a bogus TLS record version in the client
hello... yes
Checking for certificate information... N/A
Checking for trusted CAs... N/A
Checking whether the server understands TLS closure alerts... yes
Checking whether the server supports session resumption... no
Checking for export-grade ciphersuite support... no
Checking RSA-export ciphersuite info... N/A
Checking for anonymous authentication support... no
Checking anonymous Diffie-Hellman group info... N/A
Checking for ephemeral Diffie-Hellman support... no
Checking ephemeral Diffie-Hellman group info... N/A
Checking for ephemeral EC Diffie-Hellman support... no
Checking ephemeral EC Diffie-Hellman group info... N/A
Checking for AES-GCM cipher support... no
Checking for AES-CBC cipher support... no
Checking for CAMELLIA cipher support... no
Checking for 3DES-CBC cipher support... yes
Checking for ARCFOUR 128 cipher support... yes
Checking for ARCFOUR 40 cipher support... no
Checking for MD5 MAC support... yes
Checking for SHA1 MAC support... yes
Checking for SHA256 MAC support... no
Checking for ZLIB compression support... no
Checking for max record size... no
Checking for OpenPGP authentication support... no
Note 3DES-CBC on first attempt was no, second attempt is yes.
Looks like a server farm with mismatched SSL configurations.
RC4 - suggests windows based servers. That shouldn't be a problem for browsers.
So openssl and firefox (nss), chromium (nss) work suggests the error is with
gnutls.
xombrero possibly should not be using gnutls, wireshark only enables gnutls
<3.0. When gnutls
switched from 2.x to 3.x the licence changed to LGPLv3 - GPLv3 which meant
wireshark would
also have to switch their licence to LGPLv3+, they are considering using nss
instead, till
then SSL is disabled.
https://wireshark.org/lists/wireshark-dev/201203/msg00169.html
http://www.wireshark.org/lists/wireshark-dev/201203/msg00171.html
These do connect using gnutls-cli on OpenbSD current amd64 ....
$ gnutls-cli --priority
NORMAL:-VERS-TLS-ALL:+VERS-SSL3.0:-CIPHER-ALL:+ARCFOUR-128 cz.mbank.eu
Processed 36 CA certificate(s).
Resolving 'cz.mbank.eu'...
Connecting to '193.41.230.85:443'...
- Peer's certificate is trusted
- The hostname in the certificate matches 'cz.mbank.eu'.
- Session ID:
E5:C7:4D:3C:53:D6:AF:A0:B4:66:2B:04:42:CF:22:D3:47:31:B7:0E:77:30:74:87:EA:7C:CA:CD:02:DA:2F:26
- Certificate type: X.509
- Got a certificate list of 3 certificates.
- Certificate[0] info:
- subject `jurisdictionOfIncorporationCountryName=PL,businessCategory=Private
Organization,serialNumber=0000025237,C=PL,postalCode=00-950,ST=Mazowieckie,L=Warszawa,STREET=Senatorska
18,O=BRE Bank SA,OU=mBank,CN=cz.mbank.eu', issuer `C=US,O=VeriSign\,
Inc.,OU=VeriSign Trust Network,OU=Terms of use at https://www.verisign.com/rpa
(c)06,CN=VeriSign Class 3 Extended Validation SSL CA', RSA key 2048 bits,
signed using RSA-SHA1, activated `2011-10-12 00:00:00 UTC', expires `2013-10-20
23:59:59 UTC', SHA-1 fingerprint `9a9739e78f57f0bb3b94406a19961d1e22676b0c'
Public Key Id:
bc479883c53deda20f95f8bf84d1092f68980ca5
Public key's random art:
+--[ RSA 2048]----+
| . |
| o . . . |
| E o + . |
| o * = B . |
| = S B = |
| . B = |
| + + . |
| + o |
| . o. |
+-----------------+
- Certificate[1] info:
- subject `C=US,O=VeriSign\, Inc.,OU=VeriSign Trust Network,OU=Terms of use at
https://www.verisign.com/rpa (c)06,CN=VeriSign Class 3 Extended Validation SSL
CA', issuer `C=US,O=VeriSign\, Inc.,OU=VeriSign Trust Network,OU=(c) 2006
VeriSign\, Inc. - For authorized use only,CN=VeriSign Class 3 Public Primary
Certification Authority - G5', RSA key 2048 bits, signed using RSA-SHA1,
activated `2006-11-08 00:00:00 UTC', expires `2016-11-07 23:59:59 UTC', SHA-1
fingerprint `2bac956c4ee47f9d5c1e05ae8ed7f95d47c21f80'
- Certificate[2] info:
- subject `C=US,O=VeriSign\, Inc.,OU=VeriSign Trust Network,OU=(c) 2006
VeriSign\, Inc. - For authorized use only,CN=VeriSign Class 3 Public Primary
Certification Authority - G5', issuer `C=US,O=VeriSign\, Inc.,OU=Class 3 Public
Primary Certification Authority', RSA key 2048 bits, signed using RSA-SHA1,
activated `2006-11-08 00:00:00 UTC', expires `2021-11-07 23:59:59 UTC', SHA-1
fingerprint `32f30882622b87cf8856c63db873df0853b4dd27'
- Version: SSL3.0
- Key Exchange: RSA
- Cipher: ARCFOUR-128
- MAC: SHA1
- Compression: NULL
- Handshake was completed
- Simple Client Mode:
$ gnutls-cli --priority NORMAL:-VERS-TLS-ALL:+VERS-SSL3.0:-CIPHER-ALL:+3DES_CBC
cz.mbank.eu
Processed 36 CA certificate(s).
Resolving 'cz.mbank.eu'...
Connecting to '193.41.230.85:443'...
Syntax error at: +3DES_CBC
$ gnutls-cli --priority NORMAL:-VERS-TLS-ALL:+VERS-SSL3.0:-CIPHER-ALL:+3DES-CBC
cz.mbank.eu
Processed 36 CA certificate(s).
Resolving 'cz.mbank.eu'...
Connecting to '193.41.230.85:443'...
- Peer's certificate is trusted
- The hostname in the certificate matches 'cz.mbank.eu'.
- Session ID:
5C:5C:34:55:4E:2A:59:E2:5D:A5:14:05:17:DC:17:FC:95:20:42:94:06:9A:D3:9A:94:29:FE:3A:A9:55:F5:21
- Certificate type: X.509
- Got a certificate list of 3 certificates.
- Certificate[0] info:
- subject `jurisdictionOfIncorporationCountryName=PL,businessCategory=Private
Organization,serialNumber=0000025237,C=PL,postalCode=00-950,ST=Mazowieckie,L=Warszawa,STREET=Senatorska
18,O=BRE Bank SA,OU=mBank,CN=cz.mbank.eu', issuer `C=US,O=VeriSign\,
Inc.,OU=VeriSign Trust Network,OU=Terms of use at https://www.verisign.com/rpa
(c)06,CN=VeriSign Class 3 Extended Validation SSL CA', RSA key 2048 bits,
signed using RSA-SHA1, activated `2011-10-12 00:00:00 UTC', expires `2013-10-20
23:59:59 UTC', SHA-1 fingerprint `9a9739e78f57f0bb3b94406a19961d1e22676b0c'
Public Key Id:
bc479883c53deda20f95f8bf84d1092f68980ca5
Public key's random art:
+--[ RSA 2048]----+
| . |
| o . . . |
| E o + . |
| o * = B . |
| = S B = |
| . B = |
| + + . |
| + o |
| . o. |
+-----------------+
- Certificate[1] info:
- subject `C=US,O=VeriSign\, Inc.,OU=VeriSign Trust Network,OU=Terms of use at
https://www.verisign.com/rpa (c)06,CN=VeriSign Class 3 Extended Validation SSL
CA', issuer `C=US,O=VeriSign\, Inc.,OU=VeriSign Trust Network,OU=(c) 2006
VeriSign\, Inc. - For authorized use only,CN=VeriSign Class 3 Public Primary
Certification Authority - G5', RSA key 2048 bits, signed using RSA-SHA1,
activated `2006-11-08 00:00:00 UTC', expires `2016-11-07 23:59:59 UTC', SHA-1
fingerprint `2bac956c4ee47f9d5c1e05ae8ed7f95d47c21f80'
- Certificate[2] info:
- subject `C=US,O=VeriSign\, Inc.,OU=VeriSign Trust Network,OU=(c) 2006
VeriSign\, Inc. - For authorized use only,CN=VeriSign Class 3 Public Primary
Certification Authority - G5', issuer `C=US,O=VeriSign\, Inc.,OU=Class 3 Public
Primary Certification Authority', RSA key 2048 bits, signed using RSA-SHA1,
activated `2006-11-08 00:00:00 UTC', expires `2021-11-07 23:59:59 UTC', SHA-1
fingerprint `32f30882622b87cf8856c63db873df0853b4dd27'
- Version: SSL3.0
- Key Exchange: RSA
- Cipher: 3DES-CBC
- MAC: SHA1
- Compression: NULL
- Handshake was completed
- Simple Client Mode:
That suggests, ARCFOUR-128/3DES-CBC Ciphers aren't included by default...
I don't use xombrero, there might be some way to configure extra ciphers.
