Re: SSL shutdown
On 12/2/2010 2:36 AM, Aarno Syvänen wrote: Hi List, I have problem with SSL_shutdown. Advice seems to be to call it again, if the return value is 0. However, this means that shutdown can hang forever. Can I just call SSL_shutdown and go on ? You can go do other things and try to shut the connection down again later. Here is the relevant documentation (assuming a non-blocking socket BIO): If the underlying BIO is non-blocking, SSL_shutdown() will also return when the underlying BIO could not satisfy the needs of SSL_shutdown() to continue the handshake. In this case a call to SSL_get_error() with the return value of SSL_shutdown() will yield SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE. The calling process then must repeat the call after taking appropriate action to satisfy the needs of SSL_shutdown(). DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL 1.0.0c released
On Thu, Dec 02, 2010 at 03:03:02PM -0500, Erik Tkal wrote: > Can someone point to details on CVE-2010-4180 and CVE-2010-4252? > CVE-2010-3864 was the reason 1.0.0b was released, but I cannot find any > references to the other two. 1.0.0c contains important non-security bug fixes for 1.0.0b, so you should deploy 1.0.0c anyway. - 4252 is only of interest if enabled the experimental JPAKE support. It is off by default. - 4180 resolves a ciphersuite downgrade attack for applications that use SSL_OP_ALL and thereby enable a work-around for Netscape 2.01 which is disabled in the 1.0.0c release as it creates the cipher downgrade risk. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL 1.0.0c released
http://www.openssl.org/news/secadv_20101202.txt -- Mounir IDRASSI IDRIX http://www.idrix.fr On 12/2/2010 9:03 PM, Erik Tkal wrote: Can someone point to details on CVE-2010-4180 and CVE-2010-4252? CVE-2010-3864 was the reason 1.0.0b was released, but I cannot find any references to the other two. Erik Tkal Juniper OAC/UAC/Pulse Development -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of OpenSSL Sent: Thursday, December 02, 2010 2:17 PM To: openssl-annou...@master.openssl.org; openssl-...@master.openssl.org; openssl-us...@master.openssl.org Subject: OpenSSL 1.0.0c released -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL version 1.0.0c released === OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 1.0.0c of our open source toolkit for SSL/TLS. This new OpenSSL version is a security and bugfix release. For a complete list of changes, please see http://www.openssl.org/source/exp/CHANGES. The most significant changes are: o Fix for security issue CVE-2010-4180 o Fix for CVE-2010-4252 o Fix mishandling of absent EC point format extension. o Fix various platform compilation issues. o Corrected fix for security issue CVE-2010-3864. We consider OpenSSL 1.0.0c to be the best version of OpenSSL available and we strongly recommend that users of older versions upgrade as soon as possible. OpenSSL 1.0.0c is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html): * http://www.openssl.org/source/ * ftp://ftp.openssl.org/source/ The distribution file name is: o openssl-1.0.0c.tar.gz Size: 4023056 MD5 checksum: ff8fb85610aef328315a9decbb2712e4 SHA1 checksum: 5a2d74fa7fe90c80915332404b9700044ef676a1 The checksums were calculated using the following commands: openssl md5 openssl-1.0.0c.tar.gz openssl sha1 openssl-1.0.0c.tar.gz Yours, The OpenSSL Project Team... Mark J. Cox Nils Larsch Ulf Möller Ralf S. Engelschall Ben Laurie Andy Polyakov Dr. Stephen Henson Richard Levitte Geoff Thorpe Lutz JänickeBodo Möller -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEVAwUBTPfvOKLSm3vylcdZAQK5YQf/Tt5WULaVRNZJZiukBVsASX3qyZm7ksst VAC59VbpQAO2dA2XdSSy21JoGlevIboneEXhDVC/33wEETIucs8S19XEcrQGPDG5 Wfyek79CKxJe2K4yTaWtw8JbSz2XDyMD5yYBdgAaHl81et2F/0Vpd3FS4UWKkFSO 6ezgELdIwC45PWq70cQ2FJDV4U3xs7cVOQdObjcKTAZ5m5uj/qpUs2Zw69tfOpOp xf+TlOMXdIgBNBY9QN//wsUcLwplVUF0J30S4Wej1Or9tTi2npiJ7Wbpq5HH3ho0 g+IuVqXVVvyYyfUgLFka2f1ZGLvBIIFVF7T56nSaVMMdX0/+D/4QZg== =yMGM -END PGP SIGNATURE- __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL 1.0.0c released
On Thu, Dec 02, 2010, Erik Tkal wrote: > Can someone point to details on CVE-2010-4180 and CVE-2010-4252? > CVE-2010-3864 was the reason 1.0.0b was released, but I cannot find any > references to the other two. > > http://www.openssl.org/news/secadv_20101202.txt Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: OpenSSL 1.0.0c released
Can someone point to details on CVE-2010-4180 and CVE-2010-4252? CVE-2010-3864 was the reason 1.0.0b was released, but I cannot find any references to the other two. Erik Tkal Juniper OAC/UAC/Pulse Development -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of OpenSSL Sent: Thursday, December 02, 2010 2:17 PM To: openssl-annou...@master.openssl.org; openssl-...@master.openssl.org; openssl-us...@master.openssl.org Subject: OpenSSL 1.0.0c released -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL version 1.0.0c released === OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 1.0.0c of our open source toolkit for SSL/TLS. This new OpenSSL version is a security and bugfix release. For a complete list of changes, please see http://www.openssl.org/source/exp/CHANGES. The most significant changes are: o Fix for security issue CVE-2010-4180 o Fix for CVE-2010-4252 o Fix mishandling of absent EC point format extension. o Fix various platform compilation issues. o Corrected fix for security issue CVE-2010-3864. We consider OpenSSL 1.0.0c to be the best version of OpenSSL available and we strongly recommend that users of older versions upgrade as soon as possible. OpenSSL 1.0.0c is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html): * http://www.openssl.org/source/ * ftp://ftp.openssl.org/source/ The distribution file name is: o openssl-1.0.0c.tar.gz Size: 4023056 MD5 checksum: ff8fb85610aef328315a9decbb2712e4 SHA1 checksum: 5a2d74fa7fe90c80915332404b9700044ef676a1 The checksums were calculated using the following commands: openssl md5 openssl-1.0.0c.tar.gz openssl sha1 openssl-1.0.0c.tar.gz Yours, The OpenSSL Project Team... Mark J. Cox Nils Larsch Ulf Möller Ralf S. Engelschall Ben Laurie Andy Polyakov Dr. Stephen Henson Richard Levitte Geoff Thorpe Lutz JänickeBodo Möller -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEVAwUBTPfvOKLSm3vylcdZAQK5YQf/Tt5WULaVRNZJZiukBVsASX3qyZm7ksst VAC59VbpQAO2dA2XdSSy21JoGlevIboneEXhDVC/33wEETIucs8S19XEcrQGPDG5 Wfyek79CKxJe2K4yTaWtw8JbSz2XDyMD5yYBdgAaHl81et2F/0Vpd3FS4UWKkFSO 6ezgELdIwC45PWq70cQ2FJDV4U3xs7cVOQdObjcKTAZ5m5uj/qpUs2Zw69tfOpOp xf+TlOMXdIgBNBY9QN//wsUcLwplVUF0J30S4Wej1Or9tTi2npiJ7Wbpq5HH3ho0 g+IuVqXVVvyYyfUgLFka2f1ZGLvBIIFVF7T56nSaVMMdX0/+D/4QZg== =yMGM -END PGP SIGNATURE- __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
OpenSSL 0.9.8q released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL version 0.9.8q released === OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 0.9.8q of our open source toolkit for SSL/TLS. This new OpenSSL version is a security and bugfix release. For a complete list of changes, please see http://www.openssl.org/source/exp/CHANGES. The most significant changes are: o Fix for security issue CVE-2010-4180 o Fix for CVE-2010-4252 We consider OpenSSL 0.9.8q to be the best version of OpenSSL available and we strongly recommend that users of older versions upgrade as soon as possible. OpenSSL 0.9.8q is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html): * http://www.openssl.org/source/ * ftp://ftp.openssl.org/source/ The distribution file name is: o openssl-0.9.8q.tar.gz Size: 3773961 MD5 checksum: 80e67291bec9230f03eefb5cfe858998 SHA1 checksum: 12b6859698ca299fa0cba594686c25d5c01e410d The checksums were calculated using the following commands: openssl md5 openssl-0.9.*.tar.gz openssl sha1 openssl-0.9.*.tar.gz Yours, The OpenSSL Project Team... Mark J. Cox Nils Larsch Ulf Möller Ralf S. Engelschall Ben Laurie Andy Polyakov Dr. Stephen Henson Richard Levitte Geoff Thorpe Lutz JänickeBodo Möller -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEVAwUBTPfvTKLSm3vylcdZAQLHAwf+JYhEMSrAuzj4Eq+cBk1tF0Hmx42/5cMC PlatQwPSOLUKe0pQ1+f06MxRJEjWp/AHtd+YozAIezmjPGPdr+oawSxpb0qSMFlk /RYHjndKcroiwoPKdXXBN3U+lMlV4HGwAsndx8fdo40pNKtWZvqIjKGt33Nv+uvO KnXFpObbOeh40GzLCEL756B4aGI652L5q3WmeGOty0R7YlIvK5bBZx6A8jstdAhw O04qe2nZECfD+2upEAnDFTBKPTq6WrsI+UwOx9SOYYKdtb97oANhxB3hlxPgTk4b 2EEuE4SZK0s4ih7jj05ZlNUbrEd1ZDXXPVFIA+mSW1TDu0Gsma/nSQ== =751Y -END PGP SIGNATURE- __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
OpenSSL security advisory
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [2 December 2010]
OpenSSL Ciphersuite Downgrade Attack
=
A flaw has been found in the OpenSSL SSL/TLS server code where an old bug
workaround allows malicous clients to modify the stored session cache
ciphersuite. In some cases the ciphersuite can be downgraded to a weaker one
on subsequent connections.
The OpenSSL security team would like to thank Martin Rex for reporting this
issue.
This vulnerability is tracked as CVE-2010-4180
OpenSSL JPAKE validation error
===
Sebastian Martini found an error in OpenSSL's J-PAKE implementation
which could lead to successful validation by someone with no knowledge
of the shared secret. This error is fixed in 1.0.0c. Details of the
problem can be found here:
http://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdf
Note that the OpenSSL Team still consider our implementation of J-PAKE
to be experimental and is not compiled by default.
This issue is tracked as CVE-2010-4252
Who is affected?
=
All versions of OpenSSL contain the ciphersuite downgrade vulnerability.
Any OpenSSL based SSL/TLS server is vulnerable if it uses
OpenSSL's internal caching mechanisms and the
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG flag (many applications enable this
by using the SSL_OP_ALL option).
Users of OpenSSL 0.9.8j or later who do not enable weak ciphersuites are
still vulnerable but the bug has no security implications as the attacker can
only change from one strong ciphersuite to another.
All users of OpenSSL's experimental J-PAKE implementation are vulnerable
to the J-PAKE validation error.
Recommendations for users of OpenSSL
=
Users of all OpenSSL 0.9.8 releases including 0.9.8p should update
to the OpenSSL 0.9.8q release which contains a patch to correct this issue.
Alternatively do not set the SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
and/or SSL_OP_ALL flags.
Users of OpenSSL 1.0.0 releases should update to the OpenSSL 1.0.0c release
which contains a patch to correct this issue and also contains a corrected
version of the CVE-2010-3864 vulnerability fix.
If upgrading is not immediately possible, the relevant source code patch
provided in this advisory should be applied.
Any user of OpenSSL's J-PAKE implementaion (which is not compiled in by
default) should upgrade to OpenSSL 1.0.0c.
Patch
=
Index: ssl/s3_clnt.c
===
RCS file: /v/openssl/cvs/openssl/ssl/s3_clnt.c,v
retrieving revision 1.129.2.16
diff -u -r1.129.2.16 s3_clnt.c
- --- ssl/s3_clnt.c 10 Oct 2010 12:33:10 - 1.129.2.16
+++ ssl/s3_clnt.c 24 Nov 2010 14:32:37 -
@@ -866,8 +866,11 @@
s->session->cipher_id = s->session->cipher->id;
if (s->hit && (s->session->cipher_id != c->id))
{
+/* Workaround is now obsolete */
+#if 0
if (!(s->options &
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG))
+#endif
{
al=SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
Index: ssl/s3_srvr.c
===
RCS file: /v/openssl/cvs/openssl/ssl/s3_srvr.c,v
retrieving revision 1.171.2.22
diff -u -r1.171.2.22 s3_srvr.c
- --- ssl/s3_srvr.c 14 Nov 2010 13:50:29 - 1.171.2.22
+++ ssl/s3_srvr.c 24 Nov 2010 14:34:28 -
@@ -985,6 +985,10 @@
break;
}
}
+/* Disabled because it can be used in a ciphersuite downgrade
+ * attack: CVE-2010-4180.
+ */
+#if 0
if (j == 0 && (s->options &
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_SSL_CIPHER_num(ciphers) == 1))
{
/* Special case as client bug workaround: the
previously used cipher may
@@ -999,6 +1003,7 @@
j = 1;
}
}
+#endif
if (j == 0)
{
/* we need to have the cipher in the cipher
References
===
URL for this Security Advisory:
http://www.openssl.org/news/secadv_20101202.txt
URL for updated CVS-2010-3864 Security Advisory:
http://www.openssl.org/news/secadv_20101116-2.txt
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
iQEVAwUBTPfvZ6LSm3vylcdZAQI9Lwf+JT3pzOySPkeMKS+OY19d/teHObhwxeI/
z/gS303F+CUmhQhmi0ueYno6gYfmpzYG/xNA+7dLwVinOjKpwTHNqZVHtLhFgwQm
wZS+vqiPBjzakjTGz0YXrA1uPQG/1ASbVV3C0a9s7nKCsDzYiWJkzFrZiVTzkVat
Y39Z5hTBCwUxssCyJU4VSRGNF4kcHzvbuDeNJDnK0shdz+hgNx2mNb8EFgYDRqbx
ahIMGAKEtpVIn3WgeHL0r6VjG2RFaV1QLPyehAPvU/YjBnbph++PyXqnsTmEbtgn
ma3aqbxbSLI0+WobVXabDlB4PD6H57Uwt2R57vZs2yNCSX8sSkMBqg==
=vUwE
-END PGP SIGNAT
OpenSSL 1.0.0c released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL version 1.0.0c released === OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 1.0.0c of our open source toolkit for SSL/TLS. This new OpenSSL version is a security and bugfix release. For a complete list of changes, please see http://www.openssl.org/source/exp/CHANGES. The most significant changes are: o Fix for security issue CVE-2010-4180 o Fix for CVE-2010-4252 o Fix mishandling of absent EC point format extension. o Fix various platform compilation issues. o Corrected fix for security issue CVE-2010-3864. We consider OpenSSL 1.0.0c to be the best version of OpenSSL available and we strongly recommend that users of older versions upgrade as soon as possible. OpenSSL 1.0.0c is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html): * http://www.openssl.org/source/ * ftp://ftp.openssl.org/source/ The distribution file name is: o openssl-1.0.0c.tar.gz Size: 4023056 MD5 checksum: ff8fb85610aef328315a9decbb2712e4 SHA1 checksum: 5a2d74fa7fe90c80915332404b9700044ef676a1 The checksums were calculated using the following commands: openssl md5 openssl-1.0.0c.tar.gz openssl sha1 openssl-1.0.0c.tar.gz Yours, The OpenSSL Project Team... Mark J. Cox Nils Larsch Ulf Möller Ralf S. Engelschall Ben Laurie Andy Polyakov Dr. Stephen Henson Richard Levitte Geoff Thorpe Lutz JänickeBodo Möller -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEVAwUBTPfvOKLSm3vylcdZAQK5YQf/Tt5WULaVRNZJZiukBVsASX3qyZm7ksst VAC59VbpQAO2dA2XdSSy21JoGlevIboneEXhDVC/33wEETIucs8S19XEcrQGPDG5 Wfyek79CKxJe2K4yTaWtw8JbSz2XDyMD5yYBdgAaHl81et2F/0Vpd3FS4UWKkFSO 6ezgELdIwC45PWq70cQ2FJDV4U3xs7cVOQdObjcKTAZ5m5uj/qpUs2Zw69tfOpOp xf+TlOMXdIgBNBY9QN//wsUcLwplVUF0J30S4Wej1Or9tTi2npiJ7Wbpq5HH3ho0 g+IuVqXVVvyYyfUgLFka2f1ZGLvBIIFVF7T56nSaVMMdX0/+D/4QZg== =yMGM -END PGP SIGNATURE- __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
SSL shutdown
Hi List, I have problem with SSL_shutdown. Advice seems to be to call it again, if the return value is 0. However, this means that shutdown can hang forever. Can I just call SSL_shutdown and go on ? regards aarno __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: TLS unknown_ca alert number 48
> According to that, your client cert isn't self-signed. > It is apparently signed by the same company, which isn't > the same thing; in X.509 and SSL, self-signed means that > the cert Subject and Issuer,and specifically the subject > KEY and the issuing/signing KEY, are EXACTLY the same. > What you appear to have is your own 'private' or 'in-house' > CA, which you used to sign a cert for your client. > (Which OpenSSL can do, in several slightly different ways.) > Either way, the server must trust the issuer of the client cert > -- for a self-signed cert this is the client itself, and in your > case it is an entity visibly CLOSE to the client. > commbank.com.au sounds like a bank, and if so I wouldn't be > very optimistic they will trust you to be a CA. If not, > you'll have to get a client cert from a CA they do trust. Thanks Dave for all the advice. You are correct it is a bank and they did say they will trust one CA. At the end of the day apparently what the F5 server guys did was to check the Advertise CA function on the F5 and it started to work. Then they said it was against their security policy, so what they did was to turn it off and the certs still worked. The F5 server guys are still finding the reason for that. Thanks once again for all the explanation. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- View this message in context: http://old.nabble.com/TLS-unknown_ca-alert-number-48-tp30303596p30355320.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
