[openssl-users] Question regarding TLS renegotiation and configuration of Openssl ssl context

Thu, 09 Nov 2017 12:29:10 -0800 

Dear Openssl Gurus,

I am facing the following problem, I am required to create an SSL client that 
talks (TLSv1.2, TLSv1.1 and TLSv1.0) against 3 different types of servers, one 
talks  TLSv1.2 only (server_12) , one TLSv1.1 only (server_11) and one TLSv1.0 
only (server_10)

The way I am configuring my tls context is as following

Note: I am using Openssl v1.0.2l

SSL_CTX *ctx;
ctx = SSL_CTX_new( SSLv23_method() )
SSL_CTX_set_options(ctx,SSL_OP_NO_SSLv3 | SSL_OP_NO_TICKET);

Now...

When I try to connect to server_10 I see the trace below, the negotiation fails 
with:
Alert Message
            Level: Fatal (2)
            Description: Protocol Version (70)

It makes sense, since the decription for this failure is:

70

protocol_version

The protocol version the client attempted to negotiate is recognized, but not 
supported. For example, old protocol versions might be avoided for security 
reasons. This message is always fatal.


Now my question is:


How do I configure my SSL_CTX options so that I can talk to server_10 whilst 
being able to connect to server_12 and server_11 and at the same time 
maintaining security and not becoming vulnerable to RFC7507 ( TLS Fallback 
Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks)


Thank you in advance for your help!!! :)
-Ariel Silverman



Wireshark Trace of TLS negotiation:
===================================


No.     Time           Source                Destination           Protocol 
Length Info
    517 35.593453      192.168.0.70          192.168.0.102         TLSv1    249 
   Client Hello

Frame 517: 249 bytes on wire (1992 bits), 249 bytes captured (1992 bits) on 
interface 0
Ethernet II, Src: Vmware_e4:ae:09 (00:0c:29:e4:ae:09), Dst: Dell_c0:9a:2e 
(b8:ca:3a:c0:9a:2e)
Internet Protocol Version 4, Src: 192.168.0.70, Dst: 192.168.0.102
Transmission Control Protocol, Src Port: 63441, Dst Port: 16993, Seq: 1, Ack: 
1, Len: 195
Secure Sockets Layer
    TLSv1 Record Layer: Handshake Protocol: Client Hello
        Content Type: Handshake (22)
        Version: TLS 1.0 (0x0301)
        Length: 190
        Handshake Protocol: Client Hello
            Handshake Type: Client Hello (1)
            Length: 186
            Version: TLS 1.1 (0x0302)
            Random: cdf0b0cb59d22675e6f840363eed6481674ce6e8714eeb45...
            Session ID Length: 0
            Cipher Suites Length: 100
            Cipher Suites (50 suites)
            Compression Methods Length: 1
            Compression Methods (1 method)
            Extensions Length: 45
            Extension: ec_point_formats (len=4)
            Extension: supported_groups (len=28)
            Extension: heartbeat (len=1)

No.     Time           Source                Destination           Protocol 
Length Info
    519 35.595600      192.168.0.102         192.168.0.70          TLSv1    
1063   Server Hello, Certificate, Certificate Request, Server Hello Done

Frame 519: 1063 bytes on wire (8504 bits), 1063 bytes captured (8504 bits) on 
interface 0
Ethernet II, Src: Dell_c0:9a:2e (b8:ca:3a:c0:9a:2e), Dst: Vmware_e4:ae:09 
(00:0c:29:e4:ae:09)
Internet Protocol Version 4, Src: 192.168.0.102, Dst: 192.168.0.70
Transmission Control Protocol, Src Port: 16993, Dst Port: 63441, Seq: 1, Ack: 
196, Len: 1009
Secure Sockets Layer
    TLSv1 Record Layer: Handshake Protocol: Server Hello
        Content Type: Handshake (22)
        Version: TLS 1.0 (0x0301)
        Length: 46
        Handshake Protocol: Server Hello
            Handshake Type: Server Hello (2)
            Length: 42
            Version: TLS 1.0 (0x0301)
            Random: a0cb439203175bf9bb313ad516e0722288bd8d2b0ceb14f6...
            Session ID Length: 4
            Session ID: 79010000
            Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
            Compression Method: null (0)
    TLSv1 Record Layer: Handshake Protocol: Certificate
        Content Type: Handshake (22)
        Version: TLS 1.0 (0x0301)
        Length: 931
        Handshake Protocol: Certificate
            Handshake Type: Certificate (11)
            Length: 927
            Certificates Length: 924
            Certificates (924 bytes)
    TLSv1 Record Layer: Handshake Protocol: Certificate Request
        Content Type: Handshake (22)
        Version: TLS 1.0 (0x0301)
        Length: 8
        Handshake Protocol: Certificate Request
            Handshake Type: Certificate Request (13)
            Length: 4
            Certificate types count: 1
            Certificate types (1 type)
            Distinguished Names Length: 0
    TLSv1 Record Layer: Handshake Protocol: Server Hello Done
        Content Type: Handshake (22)
        Version: TLS 1.0 (0x0301)
        Length: 4
        Handshake Protocol: Server Hello Done
            Handshake Type: Server Hello Done (14)
            Length: 0

No.     Time           Source                Destination           Protocol 
Length Info
    520 35.595660      192.168.0.70          192.168.0.102         TLSv1    61  
   Alert (Level: Fatal, Description: Protocol Version)

Frame 520: 61 bytes on wire (488 bits), 61 bytes captured (488 bits) on 
interface 0
Ethernet II, Src: Vmware_e4:ae:09 (00:0c:29:e4:ae:09), Dst: Dell_c0:9a:2e 
(b8:ca:3a:c0:9a:2e)
Internet Protocol Version 4, Src: 192.168.0.70, Dst: 192.168.0.102
Transmission Control Protocol, Src Port: 63441, Dst Port: 16993, Seq: 196, Ack: 
1010, Len: 7
Secure Sockets Layer
    TLSv1 Record Layer: Alert (Level: Fatal, Description: Protocol Version)
        Content Type: Alert (21)
        Version: TLS 1.0 (0x0301)
        Length: 2
        Alert Message
            Level: Fatal (2)
            Description: Protocol Version (70)





-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Reply via email to