[Bug 1305175] Re: openssl 1.0.1f 'ssl handshake failure' connection failure
I've also slammed headlong into this one. The clue is "SSL handshake has read 0 bytes and written 317 bytes" What the openssl v1.0.1f client side is doing is sending a clienthello packet larger than 255 bytes to a broken SSL implementation, which slams the phone down on you, thus "read 0 bytes". The openssl client side errors handling is currently broken, and does not clearly indicate that the connection was dropped, just the vague message that a handshake failure occurred (I've logged this bug here: https://github.com/openssl/openssl/issues/4706) The suggestion to limit the list of ciphers to just two works around the problem because the clienthello is vastly reduced in size. Obviously this works where your chosen ciphers are accepted by the server, but won't work with the same confusingly identical error message when the ciphers are not supported by the server. The tangent about MD5 above, while true, has nothing whatsoever to do with this bug. It looks like the default cipher list on the client side has grown way too long, and when an application offers no control over the cipher list this breaks connections to buggy SSL servers. Turns out one such buggy SSL server implementation is openssl v1.0.1f as supplied by Ubuntu Xenial, that is covered here: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1612711 As to this client side bug, we need to figure out how to ensure the default cipher list stays well below the 255 byte limit, especially since the SNI header has to fit inside 255 bytes too. ** Bug watch added: github.com/openssl/openssl/issues #4706 https://github.com/openssl/openssl/issues/4706 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1305175 Title: openssl 1.0.1f 'ssl handshake failure' connection failure To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1305175/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1305175] Re: openssl 1.0.1f 'ssl handshake failure' connection failure
Warning: Both RC4 and MD5 are INSECURE. They are susceptible to practical attacks. Do not use them. MD5 is already disabled by default. Real collisions have been produced, and used to forge certificates in the wild; its use as an HMAC is also strongly discouraged. It must never be used. RC4 (both RC4-MD5, RC4-SHA and other RC4 ciphers) is a very old stream cipher. It is thought some adversaries can already break it in real- time; in the public literature, several serious weaknesses have already been found (and at the time of writing, another one is on the way). An RFC will shortly be published - see https://tools.ietf.org/html/draft- popov-tls-prohibiting-rc4-02 - entirely prohibiting the use of all RC4 ciphersuites in all circumstances. Some browsers are already in the process of turning it off. Please see the results at: - https://www.ssllabs.com/ssltest/analyze.html?d=centinel1000.cardinalcommerce.com - https://www.ssllabs.com/ssltest/analyze.html?d=inaturalist.org which indicate that these sites have deep problems with their encryption. centinel1000.cardinalcommerce.com seems to be run from an outdated Windows Server 2003 using IIS/6.0 (which hits end-of-life in about a year). It only offers insecure ciphersuites RC4-MD5 RC4-SHA, and only over SSLv3 (it is intolerant of modern TLS 1.2 connections). You will see from the results that current versions of all mainstream browsers already refuse to connect to it, and in particular I must be clear it is NOT A BUG that curl and wget also refuse to do so - that is correct behaviour and should be regarded as bad as if it offered only 'export' ciphers. Its encryption is exploitably bad: I would consider it in breach of PCI requirements. inaturalist.com does not support TLS 1.2, uses RC4 (insecure) in preference to other ciphersuites, and offers 1024-bit DHE which is insecure. IE11 does the best it can there and connects with TLS_RSA_WITH_AES_128_CBC_SHA (0x2f); this is susceptible to BEAST, but not as bad as the above. The problem being reported by curl is that inaturalist.com is intolerant of TLS 1.2. This is also NOT A BUG with the client, but is a bug with the server. Some browsers retry with lower protocol versions automatically (and should use the downgrade SCSV to indicate this, as this is otherwise behaviour exploitable by an attacker); curl and wget do not. It is strongly likely that future versions of TLS libraries will completely ignore requests to use these ciphersuites: libReSSL disables it, and I think BoringSSL might too. At best, this is a stop-gap measure, but you should be aware the problem does not lie with you here. I suggest you contact the respective sites' security departments to inform them their encryption is weak. As this does not seem to be a bug in the client, I suggest closing this one. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1305175 Title: openssl 1.0.1f 'ssl handshake failure' connection failure To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1305175/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1305175] Re: openssl 1.0.1f 'ssl handshake failure' connection failure
We're experiencing the same problem, but the fix listed above does not help. ---Initial error: greatnature-qa:~$ openssl s_client -msg -connect inaturalist.org:443CONNECTED(0003) TLS 1.2 Handshake [length 013b], ClientHello 01 00 01 37 03 03 53 cd 1d 0f 75 28 af 21 9d 17 62 73 2d 03 70 69 5a d0 27 4d 3f bd f7 bc 55 4f e6 76 e7 6f e5 2e 00 00 9e c0 30 c0 2c c0 28 c0 24 c0 14 c0 0a c0 22 c0 21 00 a3 00 9f 00 6b 00 6a 00 39 00 38 00 88 00 87 c0 32 c0 2e c0 2a c0 26 c0 0f c0 05 00 9d 00 3d 00 35 00 84 c0 12 c0 08 c0 1c c0 1b 00 16 00 13 c0 0d c0 03 00 0a c0 2f c0 2b c0 27 c0 23 c0 13 c0 09 c0 1f c0 1e 00 a2 00 9e 00 67 00 40 00 33 00 32 00 9a 00 99 00 45 00 44 c0 31 c0 2d c0 29 c0 25 c0 0e c0 04 00 9c 00 3c 00 2f 00 96 00 41 c0 11 c0 07 c0 0c c0 02 00 05 00 04 00 15 00 12 00 09 00 14 00 11 00 08 00 06 00 03 00 ff 02 01 00 00 6f 00 0b 00 04 03 00 01 02 00 0a 00 34 00 32 00 0e 00 0d 00 19 00 0b 00 0c 00 18 00 09 00 0a 00 16 00 17 00 08 00 06 00 07 00 14 00 15 00 04 00 05 00 12 00 13 00 01 00 02 00 03 00 0f 00 10 00 11 00 23 00 00 00 0d 00 22 00 20 06 01 06 02 06 03 05 01 05 02 05 03 04 01 04 02 04 03 03 01 03 02 03 03 02 01 02 02 02 03 01 01 00 0f 00 01 01 139705995765408:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 320 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE --- greatnature-qa:~$ ---Attempted connect with workaround listed above: greatnature-qa:~$ curl --ciphers RC4-SHA:RC4-MD5 https://inaturalist.org curl: (35) Unknown SSL protocol error in connection to inaturalist.org:443 greatnature-qa:~$ rhuffman@greatnature-qa:~$ uname -a Linux greatnature-qa 3.2.0-67-generic #101-Ubuntu SMP Tue Jul 15 17:46:11 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux rhuffman@greatnature-qa:~$ rhuffman@greatnature-qa:~$ cat /etc/debian_version wheezy/sid rhuffman@greatnature-qa:~$ MOTD welcome info: Welcome to Ubuntu 12.04.4 LTS (GNU/Linux 3.2.0-67-generic x86_64) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1305175 Title: openssl 1.0.1f 'ssl handshake failure' connection failure To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1305175/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1305175] Re: openssl 1.0.1f 'ssl handshake failure' connection failure
Richard, it would be best to open a new bug if you're still experiencing this issue. Thanks! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1305175 Title: openssl 1.0.1f 'ssl handshake failure' connection failure To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1305175/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1305175] Re: openssl 1.0.1f 'ssl handshake failure' connection failure
@alex.muntada Yes, as my frist reply mentioned, the problem is missing RC4-MD5 cipher. There are innumerable ways to call into curl as a library, all of which SHOULD have some way to add that cipher. (PHP/HHVM is where I noticed the bug first) I do not believe this is a bug in curl, as much as poor/aggressive defaults in openssl lib. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1305175 Title: openssl 1.0.1f 'ssl handshake failure' connection failure To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1305175/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1305175] Re: openssl 1.0.1f 'ssl handshake failure' connection failure
I'm affected too, my 2x servers and local PC behave exactly the same. Alex thank you for this workaround! It's WORKING :) curl --ciphers RC4-SHA:RC4-MD5 https://... -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1305175 Title: openssl 1.0.1f 'ssl handshake failure' connection failure To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1305175/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1305175] Re: openssl 1.0.1f 'ssl handshake failure' connection failure
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: openssl (Ubuntu) Status: New = Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1305175 Title: openssl 1.0.1f 'ssl handshake failure' connection failure To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1305175/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1305175] Re: openssl 1.0.1f 'ssl handshake failure' connection failure
@jared-n This work-around should work: curl --ciphers RC4-SHA:RC4-MD5 https://... -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1305175 Title: openssl 1.0.1f 'ssl handshake failure' connection failure To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1305175/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1305175] Re: openssl 1.0.1f 'ssl handshake failure' connection failure
Looks like the problem is that 'RC4-MD5' cipher is disabled by default. I cannot figure out how to enable it by default, but instead just set the curl opt for it and everything is fine. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1305175 Title: openssl 1.0.1f 'ssl handshake failure' connection failure To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1305175/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1305175] Re: openssl 1.0.1f 'ssl handshake failure' connection failure
EDIT: And by disabled, I mean it doesn't auto-negotiate to it. Wether or not that is 'disabled' or just a bug, it is hard to tell. (I'm no curl or openssl expert for sure) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1305175 Title: openssl 1.0.1f 'ssl handshake failure' connection failure To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1305175/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs