[openssl.org #2702] TLS bad_mac_record with IIS 7 and client authentication
> [stkap...@cisco.com - Fri Feb 10 16:40:08 2012]: > > I have verified with a new build that I was able to connect WITHOUT > forcing the TLS version. So the changes worked in my tests. > OK, thanks for the update, ticket resolved. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
RE: [openssl.org #2702] TLS bad_mac_record with IIS 7 and client authentication
I have verified with a new build that I was able to connect WITHOUT forcing the TLS version. So the changes worked in my tests. Thanks for the quick turnaround! -Steve -Original Message- From: Stephen Henson via RT [mailto:r...@openssl.org] Sent: Thursday, February 09, 2012 10:47 AM To: Steve Kapinos (stkapino) Cc: openssl-dev@openssl.org Subject: [openssl.org #2702] TLS bad_mac_record with IIS 7 and client authentication > [stkap...@cisco.com - Wed Feb 08 00:12:25 2012]: > > Results using prexit are attached. > Openssl v1.0.1 beta 2 compiled on > powerppc/linux > Vs > Win2008 R2 64bit IIS7 set to require client auth Command issued: > openssl s_client -connect stk-tms.a51.lab:443 -cert > /config/lighttpd/ssl.pem -CAfile /user/http_calist.pem -prexit -state > Output attached > I've developed this workaround: http://cvs.openssl.org/chngview?cn=22087 It seems OK on my test server. Let me know of any problems. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org
RE: [openssl.org #2702] TLS bad_mac_record with IIS 7 and client authentication
I have verified with a new build that I was able to connect WITHOUT forcing the TLS version. So the changes worked in my tests. Thanks for the quick turnaround! -Steve -Original Message- From: Stephen Henson via RT [mailto:r...@openssl.org] Sent: Thursday, February 09, 2012 10:47 AM To: Steve Kapinos (stkapino) Cc: openssl-dev@openssl.org Subject: [openssl.org #2702] TLS bad_mac_record with IIS 7 and client authentication > [stkap...@cisco.com - Wed Feb 08 00:12:25 2012]: > > Results using prexit are attached. > Openssl v1.0.1 beta 2 compiled on > powerppc/linux > Vs > Win2008 R2 64bit IIS7 set to require client auth Command issued: > openssl s_client -connect stk-tms.a51.lab:443 -cert > /config/lighttpd/ssl.pem -CAfile /user/http_calist.pem -prexit -state > Output attached > I've developed this workaround: http://cvs.openssl.org/chngview?cn=22087 It seems OK on my test server. Let me know of any problems. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #2702] TLS bad_mac_record with IIS 7 and client authentication
>> Results using prexit are attached. >> Openssl v1.0.1 beta 2 compiled on >> powerppc/linux >> Vs >> Win2008 R2 64bit IIS7 set to require client auth >> Command issued: >> openssl s_client -connect stk-tms.a51.lab:443 -cert >> /config/lighttpd/ssl.pem -CAfile /user/http_calist.pem -prexit -state >> Output attached >> > > I've developed this workaround: > > http://cvs.openssl.org/chngview?cn=22087 > > It seems OK on my test server. Let me know of any problems. It's probably appropriate to clarify for public reference that you managed to trace the problem down to "client_version" field in RSA premaster secret. Quoting RFC 2246, 7.4.7.1. RSA encrypted premaster secret message. "client_version The latest (newest) version supported by the client. This is used to detect version roll-back attacks. Upon receiving the premaster secret, the server should check that this value matches the value transmitted by the client in the client hello message." Formulation arguably leaves room for interpretation whether "hello message" refers to initial one or last one from renegotiation. I mean I can imagine it to be interpreted as "last" one in which case [provided that "matches" means "equality"] it should fail. Maybe using TLS 1.2 hello even in renegotiation would be more fool-proof... __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #2702] TLS bad_mac_record with IIS 7 and client authentication
> [stkap...@cisco.com - Wed Feb 08 00:12:25 2012]: > > Results using prexit are attached. > Openssl v1.0.1 beta 2 compiled on > powerppc/linux > Vs > Win2008 R2 64bit IIS7 set to require client auth > Command issued: > openssl s_client -connect stk-tms.a51.lab:443 -cert > /config/lighttpd/ssl.pem -CAfile /user/http_calist.pem -prexit -state > Output attached > I've developed this workaround: http://cvs.openssl.org/chngview?cn=22087 It seems OK on my test server. Let me know of any problems. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
RE: [openssl.org #2702] TLS bad_mac_record with IIS 7 and client authentication
Results using prexit are attached. Openssl v1.0.1 beta 2 compiled on powerppc/linux Vs Win2008 R2 64bit IIS7 set to require client auth Command issued: openssl s_client -connect stk-tms.a51.lab:443 -cert /config/lighttpd/ssl.pem -CAfile /user/http_calist.pem -prexit -state Output attached -Steve -Original Message- From: Stephen Henson via RT [mailto:r...@openssl.org] Sent: Tuesday, February 07, 2012 5:59 PM To: Steve Kapinos (stkapino) Cc: openssl-dev@openssl.org Subject: [openssl.org #2702] TLS bad_mac_record with IIS 7 and client authentication > [stkap...@cisco.com - Tue Feb 07 21:13:11 2012]: > > FYI - I have now tested with 1.0.1 beta 2 of openssl (again complied >on powerppc/linux) as well and found the same behavior. I also >tested against IIS on Windows 7 64bit as the server with the same >behavior. Maybe that will help with the search for a suitable test >server. > > Test used > $ openssl s_client -connect stk- >pc.a51.lab:443 -cert /config/lighttpd/ssl.pem -CAfile >/user/http_calist.pem -no_tls1_2 -no_tls1_1 > Works > > But > [C90- >A:~] $ openssl s_client -connect stk-pc.a51.lab:443 -cert >/config/lighttpd/ssl.pem -CAfile /user/http_calist.pem > Does not >and fails with a error 104 - which is IIS doing a hard reset on the >connection and reports bad_mac_record in window's schannel >provider. > One more thing to try first. Please use the -prexit option to s_client (without any -no_* options) and include the result. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org [C90-A:~] $ openssl s_client -connect stk-tms.a51.lab:443 -cert /config/lighttpd/ /ssl.pem -CAfile /user/http_calist.pem -prexit -state CONNECTED(0003) SSL_connect:before/connect initialization SSL_connect:SSLv2/v3 write client hello A SSL_connect:SSLv3 read server hello A depth=1 C = US, ST = Virgina, O = CiscoLab, CN = rooter.a51.lab verify return:1 depth=0 C = US, ST = Virgina, L = Reston, O = CiscoLab, CN = stk-tms.a51.lab verify return:1 SSL_connect:SSLv3 read server certificate A SSL_connect:SSLv3 read server done A SSL_connect:SSLv3 write client key exchange A SSL_connect:SSLv3 write change cipher spec A SSL_connect:SSLv3 write finished A SSL_connect:SSLv3 flush data SSL_connect:SSLv3 read finished A --- Certificate chain 0 s:/C=US/ST=Virgina/L=Reston/O=CiscoLab/CN=stk-tms.a51.lab i:/C=US/ST=Virgina/O=CiscoLab/CN=rooter.a51.lab --- Server certificate -BEGIN CERTIFICATE- MIICoTCCAgqgAwIBAgIJAOpHomoOHHApMA0GCSqGSIb3DQEBBQUAMEsxCzAJBgNV BAYTAlVTMRAwDgYDVQQIDAdWaXJnaW5hMREwDwYDVQQKDAhDaXNjb0xhYjEXMBUG A1UEAwwOcm9vdGVyLmE1MS5sYWIwHhcNMTIwMTIwMTk0OTM0WhcNMjIwMTE3MTk0 OTM0WjBdMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHVmlyZ2luYTEPMA0GA1UEBwwG UmVzdG9uMREwDwYDVQQKDAhDaXNjb0xhYjEYMBYGA1UEAwwPc3RrLXRtcy5hNTEu bGFiMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDfENS3awfDKZ0X9SE+9Zo5 +LQG1PBXKoi+DokW6uGrvOuPalJlEDrw23k3KR9I3mu2lmyAWYYe8R8aqygKqDE8 awaHKhd4MHeHL6PJpnXwia1yB2J4jyDZ6dbmq+6iLk9FfILadB/iv17pqcrHFMXI FIUG3tQx0lQQO+qIm1xLqQIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIB DQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUYFJv bGODLRfBWkXfYE9qA6FReTUwHwYDVR0jBBgwFoAUZpAjSf4is/zhZRn9Vis5+6qQ 7ykwDQYJKoZIhvcNAQEFBQADgYEAoRhavg3lr+KsPY693xMN7fY02uJuctW9penQ ny3DSgmUkR7o4vuAmwqLrLOWdFjmFOZAd92M+dJKL0Ju0uWvL/lc7bqQOQauuVxq tsTB8yEo71BifYKihckUAmvzCoB0GkdWyNZmU+b1uI9L8QrJTqRUhvKxL0MsJ8E5 1DfVDBY= -END CERTIFICATE- subject=/C=US/ST=Virgina/L=Reston/O=CiscoLab/CN=stk-tms.a51.lab issuer=/C=US/ST=Virgina/O=CiscoLab/CN=rooter.a51.lab --- No client certificate CA names sent --- SSL handshake has read 836 bytes and written 519 bytes --- New, TLSv1/SSLv3, Cipher is AES128-SHA Server public key is 1024 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher: AES128-SHA Session-ID: CB1EFD29D748AF244F4F40F5870915387C11B69B3FD6412D6DA10B3F1E3A Session-ID-ctx: Master-Key: C24B8AD4B3E83EAE206613239CD3F5CC0B81CA166AE08B18DF48CFCA16881BE8A4479D27A89B5680A68B07178929F298 Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1328656180 Timeout : 300 (sec) Verify return code: 0 (ok) --- GET /default.aspx SSL_connect:SSL renegotiate ciphers SSL_connect:SSLv3 write client hello A SSL_connect:SSLv3 read server hello A depth=1 C = US, ST = Virgina, O = CiscoLab, CN = rooter.a51.lab verify return:1 depth=0 C = US, ST = Virgina, L = Reston, O = CiscoLab, CN = stk-tms.a51.lab verify return:1 SSL_connect:SSLv3 read server certificate A SSL_connect:SSLv3 read server certificate request A SSL_connect:SSLv3 read server done A SSL_connect:SSLv3 write client certificate A SSL_connect:SSLv3 write client key exchange A SSL_connect:SSLv3 write certificate verify A SSL_connect:SSLv3 write chang
RE: [openssl.org #2702] TLS bad_mac_record with IIS 7 and client authentication
Results using prexit are attached. Openssl v1.0.1 beta 2 compiled on powerppc/linux Vs Win2008 R2 64bit IIS7 set to require client auth Command issued: openssl s_client -connect stk-tms.a51.lab:443 -cert /config/lighttpd/ssl.pem -CAfile /user/http_calist.pem -prexit -state Output attached -Steve -Original Message- From: Stephen Henson via RT [mailto:r...@openssl.org] Sent: Tuesday, February 07, 2012 5:59 PM To: Steve Kapinos (stkapino) Cc: openssl-dev@openssl.org Subject: [openssl.org #2702] TLS bad_mac_record with IIS 7 and client authentication > [stkap...@cisco.com - Tue Feb 07 21:13:11 2012]: > > FYI - I have now tested with 1.0.1 beta 2 of openssl (again complied >on powerppc/linux) as well and found the same behavior. I also >tested against IIS on Windows 7 64bit as the server with the same >behavior. Maybe that will help with the search for a suitable test >server. > > Test used > $ openssl s_client -connect stk- >pc.a51.lab:443 -cert /config/lighttpd/ssl.pem -CAfile >/user/http_calist.pem -no_tls1_2 -no_tls1_1 > Works > > But > [C90- >A:~] $ openssl s_client -connect stk-pc.a51.lab:443 -cert >/config/lighttpd/ssl.pem -CAfile /user/http_calist.pem > Does not >and fails with a error 104 - which is IIS doing a hard reset on the >connection and reports bad_mac_record in window's schannel >provider. > One more thing to try first. Please use the -prexit option to s_client (without any -no_* options) and include the result. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org [C90-A:~] $ openssl s_client -connect stk-tms.a51.lab:443 -cert /config/lighttpd/ /ssl.pem -CAfile /user/http_calist.pem -prexit -state CONNECTED(0003) SSL_connect:before/connect initialization SSL_connect:SSLv2/v3 write client hello A SSL_connect:SSLv3 read server hello A depth=1 C = US, ST = Virgina, O = CiscoLab, CN = rooter.a51.lab verify return:1 depth=0 C = US, ST = Virgina, L = Reston, O = CiscoLab, CN = stk-tms.a51.lab verify return:1 SSL_connect:SSLv3 read server certificate A SSL_connect:SSLv3 read server done A SSL_connect:SSLv3 write client key exchange A SSL_connect:SSLv3 write change cipher spec A SSL_connect:SSLv3 write finished A SSL_connect:SSLv3 flush data SSL_connect:SSLv3 read finished A --- Certificate chain 0 s:/C=US/ST=Virgina/L=Reston/O=CiscoLab/CN=stk-tms.a51.lab i:/C=US/ST=Virgina/O=CiscoLab/CN=rooter.a51.lab --- Server certificate -BEGIN CERTIFICATE- MIICoTCCAgqgAwIBAgIJAOpHomoOHHApMA0GCSqGSIb3DQEBBQUAMEsxCzAJBgNV BAYTAlVTMRAwDgYDVQQIDAdWaXJnaW5hMREwDwYDVQQKDAhDaXNjb0xhYjEXMBUG A1UEAwwOcm9vdGVyLmE1MS5sYWIwHhcNMTIwMTIwMTk0OTM0WhcNMjIwMTE3MTk0 OTM0WjBdMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHVmlyZ2luYTEPMA0GA1UEBwwG UmVzdG9uMREwDwYDVQQKDAhDaXNjb0xhYjEYMBYGA1UEAwwPc3RrLXRtcy5hNTEu bGFiMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDfENS3awfDKZ0X9SE+9Zo5 +LQG1PBXKoi+DokW6uGrvOuPalJlEDrw23k3KR9I3mu2lmyAWYYe8R8aqygKqDE8 awaHKhd4MHeHL6PJpnXwia1yB2J4jyDZ6dbmq+6iLk9FfILadB/iv17pqcrHFMXI FIUG3tQx0lQQO+qIm1xLqQIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIB DQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUYFJv bGODLRfBWkXfYE9qA6FReTUwHwYDVR0jBBgwFoAUZpAjSf4is/zhZRn9Vis5+6qQ 7ykwDQYJKoZIhvcNAQEFBQADgYEAoRhavg3lr+KsPY693xMN7fY02uJuctW9penQ ny3DSgmUkR7o4vuAmwqLrLOWdFjmFOZAd92M+dJKL0Ju0uWvL/lc7bqQOQauuVxq tsTB8yEo71BifYKihckUAmvzCoB0GkdWyNZmU+b1uI9L8QrJTqRUhvKxL0MsJ8E5 1DfVDBY= -END CERTIFICATE- subject=/C=US/ST=Virgina/L=Reston/O=CiscoLab/CN=stk-tms.a51.lab issuer=/C=US/ST=Virgina/O=CiscoLab/CN=rooter.a51.lab --- No client certificate CA names sent --- SSL handshake has read 836 bytes and written 519 bytes --- New, TLSv1/SSLv3, Cipher is AES128-SHA Server public key is 1024 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher: AES128-SHA Session-ID: CB1EFD29D748AF244F4F40F5870915387C11B69B3FD6412D6DA10B3F1E3A Session-ID-ctx: Master-Key: C24B8AD4B3E83EAE206613239CD3F5CC0B81CA166AE08B18DF48CFCA16881BE8A4479D27A89B5680A68B07178929F298 Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1328656180 Timeout : 300 (sec) Verify return code: 0 (ok) --- GET /default.aspx SSL_connect:SSL renegotiate ciphers SSL_connect:SSLv3 write client hello A SSL_connect:SSLv3 read server hello A depth=1 C = US, ST = Virgina, O = CiscoLab, CN = rooter.a51.lab verify return:1 depth=0 C = US, ST = Virgina, L = Reston, O = CiscoLab, CN = stk-tms.a51.lab verify return:1 SSL_connect:SSLv3 read server certificate A SSL_connect:SSLv3 read server certificate request A SSL_connect:SSLv3 read server done A SSL_connect:SSLv3 write client certi
[openssl.org #2702] TLS bad_mac_record with IIS 7 and client authentication
> [stkap...@cisco.com - Tue Feb 07 21:13:11 2012]: > > FYI - I have now tested with 1.0.1 beta 2 of openssl (again complied >on powerppc/linux) as well and found the same behavior. I also >tested against IIS on Windows 7 64bit as the server with the same >behavior. Maybe that will help with the search for a suitable test >server. > > Test used > $ openssl s_client -connect stk- >pc.a51.lab:443 -cert /config/lighttpd/ssl.pem -CAfile >/user/http_calist.pem -no_tls1_2 -no_tls1_1 > Works > > But > [C90- >A:~] $ openssl s_client -connect stk-pc.a51.lab:443 -cert >/config/lighttpd/ssl.pem -CAfile /user/http_calist.pem > Does not >and fails with a error 104 - which is IIS doing a hard reset on the >connection and reports bad_mac_record in window's schannel >provider. > One more thing to try first. Please use the -prexit option to s_client (without any -no_* options) and include the result. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
RE: [openssl.org #2702] TLS bad_mac_record with IIS 7 and client authentication
FYI - I have now tested with 1.0.1 beta 2 of openssl (again complied on powerppc/linux) as well and found the same behavior. I also tested against IIS on Windows 7 64bit as the server with the same behavior. Maybe that will help with the search for a suitable test server. Test used $ openssl s_client -connect stk-pc.a51.lab:443 -cert /config/lighttpd/ssl.pem -CAfile /user/http_calist.pem -no_tls1_2 -no_tls1_1 Works But [C90-A:~] $ openssl s_client -connect stk-pc.a51.lab:443 -cert /config/lighttpd/ssl.pem -CAfile /user/http_calist.pem Does not and fails with a error 104 - which is IIS doing a hard reset on the connection and reports bad_mac_record in window's schannel provider. If you still can not find a suitable test server, I may be able to arrange one on a public IP, but that would have to be something done as a coordinated test and I would have to take that off-list to discuss. Thx -Steve -Original Message- From: Stephen Henson via RT [mailto:r...@openssl.org] Sent: Tuesday, February 07, 2012 2:44 PM To: Steve Kapinos (stkapino) Cc: openssl-dev@openssl.org Subject: [openssl.org #2702] TLS bad_mac_record with IIS 7 and client authentication > [stkap...@cisco.com - Mon Feb 06 23:58:36 2012]: > > Hrm.. zip checks out in the sent mail. Opens with 7zip ok. Here is >an alt download location - >http://dl.dropbox.com/u/43502643/ssldebug.zip > Thanks, that seems OK. > I would like to >test with the newer versions, but that is difficult for me due to >getting new builds on the platform. Was hoping since IIS is such a >common webserver the openssl team would have experience or access >to one to confirm the behavior or say its not reproducible so I can >push harder on the platform guys. > The public test server I normally access is down atm. Does anyone know of a public IIS test server requiring client authentication? Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org
RE: [openssl.org #2702] TLS bad_mac_record with IIS 7 and client authentication
FYI - I have now tested with 1.0.1 beta 2 of openssl (again complied on powerppc/linux) as well and found the same behavior. I also tested against IIS on Windows 7 64bit as the server with the same behavior. Maybe that will help with the search for a suitable test server. Test used $ openssl s_client -connect stk-pc.a51.lab:443 -cert /config/lighttpd/ssl.pem -CAfile /user/http_calist.pem -no_tls1_2 -no_tls1_1 Works But [C90-A:~] $ openssl s_client -connect stk-pc.a51.lab:443 -cert /config/lighttpd/ssl.pem -CAfile /user/http_calist.pem Does not and fails with a error 104 - which is IIS doing a hard reset on the connection and reports bad_mac_record in window's schannel provider. If you still can not find a suitable test server, I may be able to arrange one on a public IP, but that would have to be something done as a coordinated test and I would have to take that off-list to discuss. Thx -Steve -Original Message- From: Stephen Henson via RT [mailto:r...@openssl.org] Sent: Tuesday, February 07, 2012 2:44 PM To: Steve Kapinos (stkapino) Cc: openssl-dev@openssl.org Subject: [openssl.org #2702] TLS bad_mac_record with IIS 7 and client authentication > [stkap...@cisco.com - Mon Feb 06 23:58:36 2012]: > > Hrm.. zip checks out in the sent mail. Opens with 7zip ok. Here is >an alt download location - >http://dl.dropbox.com/u/43502643/ssldebug.zip > Thanks, that seems OK. > I would like to >test with the newer versions, but that is difficult for me due to >getting new builds on the platform. Was hoping since IIS is such a >common webserver the openssl team would have experience or access >to one to confirm the behavior or say its not reproducible so I can >push harder on the platform guys. > The public test server I normally access is down atm. Does anyone know of a public IIS test server requiring client authentication? Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #2702] TLS bad_mac_record with IIS 7 and client authentication
> [stkap...@cisco.com - Mon Feb 06 23:58:36 2012]: > > Hrm.. zip checks out in the sent mail. Opens with 7zip ok. Here is >an alt download location - >http://dl.dropbox.com/u/43502643/ssldebug.zip > Thanks, that seems OK. > I would like to >test with the newer versions, but that is difficult for me due to >getting new builds on the platform. Was hoping since IIS is such a >common webserver the openssl team would have experience or access >to one to confirm the behavior or say its not reproducible so I can >push harder on the platform guys. > The public test server I normally access is down atm. Does anyone know of a public IIS test server requiring client authentication? Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
RE: [openssl.org #2702] TLS bad_mac_record with IIS 7 and client authentication
Hrm.. zip checks out in the sent mail. Opens with 7zip ok. Here is an alt download location - http://dl.dropbox.com/u/43502643/ssldebug.zip I would like to test with the newer versions, but that is difficult for me due to getting new builds on the platform. Was hoping since IIS is such a common webserver the openssl team would have experience or access to one to confirm the behavior or say its not reproducible so I can push harder on the platform guys. -Original Message- From: Stephen Henson via RT [mailto:r...@openssl.org] Sent: Monday, February 06, 2012 5:42 PM To: Steve Kapinos (stkapino) Cc: openssl-dev@openssl.org Subject: [openssl.org #2702] TLS bad_mac_record with IIS 7 and client authentication > [stkap...@cisco.com - Mon Feb 06 18:27:26 2012]: > > Files attached.. > The .zip file seems corrupted. Also please try a more recent version of OpenSSL. Quite a bit has changed since November. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #2702] TLS bad_mac_record with IIS 7 and client authentication
> [stkap...@cisco.com - Mon Feb 06 18:27:26 2012]: > > Files attached.. > The .zip file seems corrupted. Also please try a more recent version of OpenSSL. Quite a bit has changed since November. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
RE: [openssl.org #2702] TLS bad_mac_record with IIS 7 and client authentication
Replicated same behavior with s_client. Attached is a zip with all of the relevant data - openssl.log - log file showing cli output using s_client in both the failure and successful cases - http_calist.pem (trusted ca) and ssl.pem (cert + key for client) - tmscert.pem tmskey-nopass.pem (server key/cert) - associated packet captures This is with a snapshot from early 1.0.1 openssl (Nov). I would like to run with a newer build, but I need to rely on the platform being updated by some others first. -Steve -Original Message- From: Stephen Henson via RT [mailto:r...@openssl.org] Sent: Sunday, February 05, 2012 3:52 PM To: Steve Kapinos (stkapino) Cc: openssl-dev@openssl.org Subject: [openssl.org #2702] TLS bad_mac_record with IIS 7 and client authentication > [stkap...@cisco.com - Sun Feb 05 17:33:28 2012]: > > Hi Stephen I will try to test with the client and get back to you. > This is in an internal lab so it is not reachable. I can provide > packet sniff along with the certs /keys if that would be useful? > Yes. Also please try it with the -no_tls1_2 option and both -no_tls1_2 and -no_tls1_1 to see if that helps. The output with -state too would be useful on a failing connection. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org
RE: [openssl.org #2702] TLS bad_mac_record with IIS 7 and client authentication
Replicated same behavior with s_client. Attached is a zip with all of the relevant data - openssl.log - log file showing cli output using s_client in both the failure and successful cases - http_calist.pem (trusted ca) and ssl.pem (cert + key for client) - tmscert.pem tmskey-nopass.pem (server key/cert) - associated packet captures This is with a snapshot from early 1.0.1 openssl (Nov). I would like to run with a newer build, but I need to rely on the platform being updated by some others first. -Steve -Original Message- From: Stephen Henson via RT [mailto:r...@openssl.org] Sent: Sunday, February 05, 2012 3:52 PM To: Steve Kapinos (stkapino) Cc: openssl-dev@openssl.org Subject: [openssl.org #2702] TLS bad_mac_record with IIS 7 and client authentication > [stkap...@cisco.com - Sun Feb 05 17:33:28 2012]: > > Hi Stephen I will try to test with the client and get back to you. > This is in an internal lab so it is not reachable. I can provide > packet sniff along with the certs /keys if that would be useful? > Yes. Also please try it with the -no_tls1_2 option and both -no_tls1_2 and -no_tls1_1 to see if that helps. The output with -state too would be useful on a failing connection. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #2702] TLS bad_mac_record with IIS 7 and client authentication
> [stkap...@cisco.com - Sun Feb 05 17:33:28 2012]: > > Hi Stephen I will try to test with the client and get back to you. > This is in an internal lab so it is not reachable. I can provide > packet sniff along with the certs /keys if that would be useful? > Yes. Also please try it with the -no_tls1_2 option and both -no_tls1_2 and -no_tls1_1 to see if that helps. The output with -state too would be useful on a failing connection. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #2702] TLS bad_mac_record with IIS 7 and client authentication
Hi Stephen I will try to test with the client and get back to you. This is in an internal lab so it is not reachable. I can provide packet sniff along with the certs /keys if that would be useful? Sent from my mobile On Feb 5, 2012, at 8:21 AM, "Stephen Henson via RT" wrote: >> [stkap...@cisco.com - Sat Feb 04 21:00:23 2012]: >> >> Setup: >> Client: Curl/libcurl 7.21.7 OpenSSL 1.0.1 on powerpc linux >> Server: Win2008 R2 IIS 7. Virtual directory with Client Authentication >> set to Accept or Require >> Local network, IPV4 addressing >> I do not have the specific build of openssl 1.0.1 yet, will get that >> from the other dev. >> >> Symptom: openssl starts with TLS v1.2, gets TLS v1.0 back from IIS, and >> client authentication fails with bad_record_mac . If TLS v1.0 is >> forced in curl, TLS v1.0 is used in the initial CLIENT HELLO and the >> full connection handshakes successfully. >> > > Does the OpenSSL s_client utility also exhibit this behaviour? If so can > you send me a URL I can test this againts? > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #2702] TLS bad_mac_record with IIS 7 and client authentication
Hi Stephen I will try to test with the client and get back to you. This is in an internal lab so it is not reachable. I can provide packet sniff along with the certs /keys if that would be useful? Sent from my mobile On Feb 5, 2012, at 8:21 AM, "Stephen Henson via RT" wrote: >> [stkap...@cisco.com - Sat Feb 04 21:00:23 2012]: >> >> Setup: >> Client: Curl/libcurl 7.21.7 OpenSSL 1.0.1 on powerpc linux >> Server: Win2008 R2 IIS 7. Virtual directory with Client Authentication >> set to Accept or Require >> Local network, IPV4 addressing >> I do not have the specific build of openssl 1.0.1 yet, will get that >> from the other dev. >> >> Symptom: openssl starts with TLS v1.2, gets TLS v1.0 back from IIS, and >> client authentication fails with bad_record_mac . If TLS v1.0 is >> forced in curl, TLS v1.0 is used in the initial CLIENT HELLO and the >> full connection handshakes successfully. >> > > Does the OpenSSL s_client utility also exhibit this behaviour? If so can > you send me a URL I can test this againts? > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #2702] TLS bad_mac_record with IIS 7 and client authentication
> [stkap...@cisco.com - Sat Feb 04 21:00:23 2012]: > > Setup: > Client: Curl/libcurl 7.21.7 OpenSSL 1.0.1 on powerpc linux > Server: Win2008 R2 IIS 7. Virtual directory with Client Authentication > set to Accept or Require > Local network, IPV4 addressing > I do not have the specific build of openssl 1.0.1 yet, will get that > from the other dev. > > Symptom: openssl starts with TLS v1.2, gets TLS v1.0 back from IIS, and > client authentication fails with bad_record_mac . If TLS v1.0 is > forced in curl, TLS v1.0 is used in the initial CLIENT HELLO and the > full connection handshakes successfully. > Does the OpenSSL s_client utility also exhibit this behaviour? If so can you send me a URL I can test this againts? Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #2702] TLS bad_mac_record with IIS 7 and client authentication
Setup: Client: Curl/libcurl 7.21.7 OpenSSL 1.0.1 on powerpc linux Server: Win2008 R2 IIS 7. Virtual directory with Client Authentication set to Accept or Require Local network, IPV4 addressing I do not have the specific build of openssl 1.0.1 yet, will get that from the other dev. Symptom: openssl starts with TLS v1.2, gets TLS v1.0 back from IIS, and client authentication fails with bad_record_mac . If TLS v1.0 is forced in curl, TLS v1.0 is used in the initial CLIENT HELLO and the full connection handshakes successfully. More detail: When client authentication is enabled on the IIS 7 virtual directory, connections from curl are getting hard reset by the server after the client provides the certificate, CLIENT KEY EXCHANGE and CERITIFICATE VERIFY messages. Windows schannel provider reports event ID 36888 fatal alert 20. This maps to TLS definition of BAD_RECORD_MAC The client is showing TLS v1.2 in the initial CLIENT HELLO, but SERVER HELLO uses TLS v1.0 moving the rest of the conversation down to v1.0. The negotiated cipher used is TLS_RSA_WITH_AES_128_CBC_SHA (0x002f) The connection establishes at first without client auth until the client does its HTTP post and IIS sees that client auth is required on that site. IIS starts a renegotiation using the existing session and proceeds to send it's CERTIFICATE and the CERTIFICATE REQUEST. Client replies with CERTIFICATE, CLIENT KEY EXCHANGE, CERTIFICATE VERIFY, CHANGE CIPHER SPEC and FINISHED, but IIS never sends the CHANGE CIPHER SPEC and just hard resets the connection. This behavior is consistent and happens everytime. But if through curl I force TLS v1.0 (with it's -1 parameter), initial CLIENT HELLO is sent with TLS v1.0, server responds v1.0 - and connection establishes correctly - no errors. So issue is why when the initial hello is v1.2 and steps down to v1.0, the CERTIFICATE VERIFY message appears to be rejected by IIS as having a bad MAC... but if v1.0 is forced, all is good. -Steve __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org