How to handle TLS alerts
Hi, I'm trying to understand how to handle TLS alerts, I have set up a callback with SSL_CTX_set_info_callback(_ctx, ssl_info_callback); And I can see alerts sent by the peer, does the application need to call SSL_shutdown upon receiving a fatal alert, or is this done automatically by the OpenSSL library? With my testing, I see my client gets "read SSL3 alert fatal unknown CA" after the call to SSL_connect finishes without error Cheers, Jose
Re: OpenSSL 3.0 password prompt errors
Tested on a separate machine (Ubuntu Jammy Jellyfish) that comes with
OpenSSL 3.x installed and things worked as expected.
Probably something was screwed with my own build or the machine that has
several OpenSSL versions.
Thanks for the help, and sorry for the inconvenience.
Cheers,
Jose
On Tue, 30 Nov 2021 at 15:09, Matt Caswell wrote:
>
>
> On 30/11/2021 13:16, pepone.onrez wrote:
> > Getting some problems with OpenSSL 3.0, I have passwordError function,
> > to check if the last error was due to an invalid password and allow the
> > user to retry.
> >
> >
> > bool
> > passwordError()
> > {
> > unsigned long error = ERR_peek_error();
> > unsigned long lib = ERR_GET_LIB(error);
> > unsigned long reason = ERR_GET_REASON(error);
> > cerr << "error: " << error << endl;
> > cerr << "lib: " << lib << endl;
> > cerr << "reason: " << reason << endl;
> > ERR_print_errors_fp(stdout);
> > return (reason == PEM_R_BAD_BASE64_DECODE ||
> > reason == PEM_R_BAD_DECRYPT ||
> > reason == PEM_R_BAD_PASSWORD_READ ||
> > reason == PEM_R_PROBLEMS_GETTING_PASSWORD ||
> > reason == PKCS12_R_MAC_VERIFY_FAILURE);
> > }
> >
> > When I test with an invalid password I get
> >
> > error: 587686001
> > lib: 70
> > reason: 483441
> > error:23076071:PKCS12 routines:PKCS12_parse:mac verify failure
>
> That is really screwy output. Something is getting corrupted somewhere.
> "70" is not a valid error library and a reason code of 483441 is clearly
> wrong (reason codes are typically fairly small). Error 587686001 does
> correspond to the hex value 23076071 - but this is not an error value I
> would expect to see OpenSSL emitting.
>
> Could there be memory corruption occurring?? Perhaps run this through
> valgrind or similar and see if there are any hints.
>
> Matt
>
>
>
> >
> >
> > the description seems to match PKCS12_R_MAC_VERIFY_FAILURE but the
> > reason value doesn't
> >
> > include/openssl/pkcs12err.h
> > 39:# define PKCS12_R_MAC_VERIFY_FAILURE 113
> >
> > Any ideas what I might be doing wrong here? this worked fine with 1.1.1
> > before
> >
> > Cheers,
> > Jose
>
OpenSSL 3.0 password prompt errors
Getting some problems with OpenSSL 3.0, I have passwordError function, to
check if the last error was due to an invalid password and allow the user
to retry.
bool
passwordError()
{
unsigned long error = ERR_peek_error();
unsigned long lib = ERR_GET_LIB(error);
unsigned long reason = ERR_GET_REASON(error);
cerr << "error: " << error << endl;
cerr << "lib: " << lib << endl;
cerr << "reason: " << reason << endl;
ERR_print_errors_fp(stdout);
return (reason == PEM_R_BAD_BASE64_DECODE ||
reason == PEM_R_BAD_DECRYPT ||
reason == PEM_R_BAD_PASSWORD_READ ||
reason == PEM_R_PROBLEMS_GETTING_PASSWORD ||
reason == PKCS12_R_MAC_VERIFY_FAILURE);
}
When I test with an invalid password I get
error: 587686001
lib: 70
reason: 483441
error:23076071:PKCS12 routines:PKCS12_parse:mac verify failure
the description seems to match PKCS12_R_MAC_VERIFY_FAILURE but the reason
value doesn't
include/openssl/pkcs12err.h
39:# define PKCS12_R_MAC_VERIFY_FAILURE 113
Any ideas what I might be doing wrong here? this worked fine with 1.1.1
before
Cheers,
Jose
[openssl-users] Visual Studio 2015 build failure
I trying to build openssl 1.0.2 from OpenSSL_1_0_2-stable branch and keep getting this error perl Configure VC-WIN32 no-asm enable-static-engine ms\do_ms nmake -f ms\ntdll.mak link /nologo /subsystem:console /opt:ref /debug /dll /out:out32dll\libeay32.dll /def:ms/LIBEAY32.def @C:\Users\ppgut\AppData\Local\Temp\nmE41E.tmp Creating library out32dll\libeay32.lib and object out32dll\libeay32.exp bss_fd.obj : error LNK2001: unresolved external symbol OPENSSL_UplinkTable [D:\3.7\openssl\msbuild\openssl.build.targets] bss_file.obj : error LNK2001: unresolved external symbol OPENSSL_UplinkTable [D:\3.7\openssl\msbuild\openssl.build.targets] b_dump.obj : error LNK2001: unresolved external symbol OPENSSL_UplinkTable [D:\3.7\openssl\msbuild\openssl.build.targets] out32dll\libeay32.dll : fatal error LNK1120: 1 unresolved externals [D:\3.7\openssl\msbuild\openssl.build.targets] NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\BIN\amd64\link.EXE"' : return code '0x460' [D:\3.7\openssl\msbuild\openssl.build.targets] Stop. D:\3.7\openssl\msbuild\openssl.build.targets(20,3): error MSB3073: The command "nmake -f ms\ntdll.mak" exited with code 2. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] DSA with OpenSSL-1.1
On 1 July 2016 at 16:51, pepone.onrez <pepone.on...@gmail.com> wrote:
> On 1 July 2016 at 16:40, Matt Caswell <m...@openssl.org> wrote:
>>
>>
>> On 01/07/16 15:22, pepone.onrez wrote:
>>> On 1 July 2016 at 15:39, Matt Caswell <m...@openssl.org> wrote:
>>>>
>>>>
>>>> On 01/07/16 14:29, pepone.onrez wrote:
>>>>> Hi,
>>>>>
>>>>> After upgrade my software to use OpenSSL-1.1 one of the test is
>>>>> failing, the test in question client and server are configured to use
>>>>> DSA certificates. The server is configured to request a client
>>>>> certificate.
>>>>>
>>>>>SSL error occurred for new outgoing connection:
>>>>>remote address = 127.0.0.1:47812
>>>>>error # = 336151568
>>>>>message = error:14094410:SSL routines:ssl3_read_bytes:reason(1040)
>>>>>location = ssl/record/rec_layer_s3.c, 1467
>>>>>data = SSL alert number 40
>>>>
>>>> Is this the error you get on the server or the client? The above
>>>> indicates the connection was aborted because a HandshakeFailure alert
>>>> was received from the peer. Therefore you need to look at the other end
>>>> of the communication and see if there is some error message that
>>>> indicates why the alert was sent.
>>>>
>>>> Matt
>>> That was on the client, looking at the server I see it reports there
>>> is no shared
>>> cipher
>>>
>>>SSL error occurred for new incoming connection:
>>>remote address = 127.0.0.1:36951
>>>error # = 337092801
>>>message = error:1417A0C1:SSL
>>> routines:tls_post_process_client_hello:no shared cipher
>>>
>>> I have try to enable all ciphers with ALL:@SECLEVEL=0, but still get
>>> the same error,
>>> it is not clear why server client don't find a common cipher here.
I was not correctly setting the ciphers, Adding DHE to my ciphers and things
work fine.
With 1.0.0 I only have DEFAULT:DSS, I guess DHE is not longer in the DEFAULT
set
>>
>> Did you successfully load a DSA certificate and key into the server? If
>> the server doesn't like the cert/key for some reason then it won't make
>> any DSS ciphersuites available.
>>
>
> Yes I using SSL_CTX_use_certificate and SSL_CTX_use_PrivateKey and
> reading the pkcs12 cert with PKCS12_parse, that works fine with the rest
> of my test suite.
>
>> Also, I see you are trying to use a DHE based ciphersuite. Did you set
>> DH parameters to be used? If so how did you do it?
>>
>
> I'm using a DH callback to set the DH parameters
>
> DH*
> IceSSL_opensslDHCallback(SSL* ssl, int /*isExport*/, int keyLength)
> {
> # if OPENSSL_VERSION_NUMBER >= 0x1010L
> SSL_CTX* ctx = SSL_get_SSL_CTX(ssl);
> # else
> SSL_CTX* ctx = ssl->ctx;
> # endif
> OpenSSLEngine* p =
> reinterpret_cast<OpenSSLEngine*>(SSL_CTX_get_ex_data(ctx, 0));
> return p->dhParams(keyLength);
> }
> # endif
> }
>
> SSL_CTX_set_options(_ctx, SSL_OP_SINGLE_DH_USE);
> SSL_CTX_set_tmp_dh_callback(_ctx, IceSSL_opensslDHCallback);
>
> And for default parameters I'm using d2i_DHparams to restore the DH
> parameters I previously
> saved with i2d_DHparams
>
>
>> Matt
>>
>>
>>>
>>> Regards,
>>> José
>>>>
>>>>
>>>>
>>>>
>>>>>
>>>>> When using OpenSSL 1.0.1 the connection success
>>>>>
>>>>>cipher = DHE-DSS-AES256-GCM-SHA384
>>>>>bits = 256
>>>>>remote address = 127.0.0.1:43629
>>>>>protocol = TLSv1.2
>>>>>
>>>>>
>>>>> I try to set security level to 0 for 1.1 but that doesn't make any
>>>>> difference here, any ideas what could be the issue?
>>>>>
>>>> --
>>>> openssl-users mailing list
>>>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>> --
>> openssl-users mailing list
>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] DSA with OpenSSL-1.1
On 1 July 2016 at 16:40, Hanno Böck <ha...@hboeck.de> wrote: > Hi, > > On Fri, 1 Jul 2016 15:29:53 +0200 > "pepone.onrez" <pepone.on...@gmail.com> wrote: > >> After upgrade my software to use OpenSSL-1.1 one of the test is >> failing, the test in question client and server are configured to use >> DSA certificates. The server is configured to request a client >> certificate. > > I can't answer your question, but I have one to you: Why do you use DSA? > > There was a discussion in the TLS working group a while ago about DSA > support and there was overwhelming support to remove it in TLS 1.3. > The rationale was basically that DSA in TLS is rarely used at all, is > often used with insecure key sizes (1024 bit) and has a severe weakness > when it comes to bad random numbers. On top of that it has basically no > advantage over the much more widely used RSA. The original reason > (in the early 90s) to use DSA over RSA were patent issues, but those are > long expired. > > So my (and I think most others) impression is that DSA in TLS is as > dead as it can be and probably the most sane move for OpenSSL would be > to just remove it. Given that I'd like to know why you seem to have > chosen to still use DSA. That is part of a large test suite for a library, just trying to ensure that everithg still works with OpenSSL 1.1.0 > > -- > Hanno Böck > https://hboeck.de/ > > mail/jabber: ha...@hboeck.de > GPG: BBB51E42 > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] DSA with OpenSSL-1.1
On 1 July 2016 at 16:40, Matt Caswell <m...@openssl.org> wrote:
>
>
> On 01/07/16 15:22, pepone.onrez wrote:
>> On 1 July 2016 at 15:39, Matt Caswell <m...@openssl.org> wrote:
>>>
>>>
>>> On 01/07/16 14:29, pepone.onrez wrote:
>>>> Hi,
>>>>
>>>> After upgrade my software to use OpenSSL-1.1 one of the test is
>>>> failing, the test in question client and server are configured to use
>>>> DSA certificates. The server is configured to request a client
>>>> certificate.
>>>>
>>>>SSL error occurred for new outgoing connection:
>>>>remote address = 127.0.0.1:47812
>>>>error # = 336151568
>>>>message = error:14094410:SSL routines:ssl3_read_bytes:reason(1040)
>>>>location = ssl/record/rec_layer_s3.c, 1467
>>>>data = SSL alert number 40
>>>
>>> Is this the error you get on the server or the client? The above
>>> indicates the connection was aborted because a HandshakeFailure alert
>>> was received from the peer. Therefore you need to look at the other end
>>> of the communication and see if there is some error message that
>>> indicates why the alert was sent.
>>>
>>> Matt
>> That was on the client, looking at the server I see it reports there
>> is no shared
>> cipher
>>
>>SSL error occurred for new incoming connection:
>>remote address = 127.0.0.1:36951
>>error # = 337092801
>>message = error:1417A0C1:SSL
>> routines:tls_post_process_client_hello:no shared cipher
>>
>> I have try to enable all ciphers with ALL:@SECLEVEL=0, but still get
>> the same error,
>> it is not clear why server client don't find a common cipher here.
>
> Did you successfully load a DSA certificate and key into the server? If
> the server doesn't like the cert/key for some reason then it won't make
> any DSS ciphersuites available.
>
Yes I using SSL_CTX_use_certificate and SSL_CTX_use_PrivateKey and
reading the pkcs12 cert with PKCS12_parse, that works fine with the rest
of my test suite.
> Also, I see you are trying to use a DHE based ciphersuite. Did you set
> DH parameters to be used? If so how did you do it?
>
I'm using a DH callback to set the DH parameters
DH*
IceSSL_opensslDHCallback(SSL* ssl, int /*isExport*/, int keyLength)
{
# if OPENSSL_VERSION_NUMBER >= 0x1010L
SSL_CTX* ctx = SSL_get_SSL_CTX(ssl);
# else
SSL_CTX* ctx = ssl->ctx;
# endif
OpenSSLEngine* p =
reinterpret_cast<OpenSSLEngine*>(SSL_CTX_get_ex_data(ctx, 0));
return p->dhParams(keyLength);
}
# endif
}
SSL_CTX_set_options(_ctx, SSL_OP_SINGLE_DH_USE);
SSL_CTX_set_tmp_dh_callback(_ctx, IceSSL_opensslDHCallback);
And for default parameters I'm using d2i_DHparams to restore the DH
parameters I previously
saved with i2d_DHparams
> Matt
>
>
>>
>> Regards,
>> José
>>>
>>>
>>>
>>>
>>>>
>>>> When using OpenSSL 1.0.1 the connection success
>>>>
>>>>cipher = DHE-DSS-AES256-GCM-SHA384
>>>>bits = 256
>>>>remote address = 127.0.0.1:43629
>>>>protocol = TLSv1.2
>>>>
>>>>
>>>> I try to set security level to 0 for 1.1 but that doesn't make any
>>>> difference here, any ideas what could be the issue?
>>>>
>>> --
>>> openssl-users mailing list
>>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] DSA with OpenSSL-1.1
On 1 July 2016 at 15:39, Matt Caswell <m...@openssl.org> wrote: > > > On 01/07/16 14:29, pepone.onrez wrote: >> Hi, >> >> After upgrade my software to use OpenSSL-1.1 one of the test is >> failing, the test in question client and server are configured to use >> DSA certificates. The server is configured to request a client >> certificate. >> >>SSL error occurred for new outgoing connection: >>remote address = 127.0.0.1:47812 >>error # = 336151568 >>message = error:14094410:SSL routines:ssl3_read_bytes:reason(1040) >>location = ssl/record/rec_layer_s3.c, 1467 >>data = SSL alert number 40 > > Is this the error you get on the server or the client? The above > indicates the connection was aborted because a HandshakeFailure alert > was received from the peer. Therefore you need to look at the other end > of the communication and see if there is some error message that > indicates why the alert was sent. > > Matt That was on the client, looking at the server I see it reports there is no shared cipher SSL error occurred for new incoming connection: remote address = 127.0.0.1:36951 error # = 337092801 message = error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher I have try to enable all ciphers with ALL:@SECLEVEL=0, but still get the same error, it is not clear why server client don't find a common cipher here. Regards, José > > > > >> >> When using OpenSSL 1.0.1 the connection success >> >>cipher = DHE-DSS-AES256-GCM-SHA384 >>bits = 256 >>remote address = 127.0.0.1:43629 >>protocol = TLSv1.2 >> >> >> I try to set security level to 0 for 1.1 but that doesn't make any >> difference here, any ideas what could be the issue? >> > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] DSA with OpenSSL-1.1
Hi, After upgrade my software to use OpenSSL-1.1 one of the test is failing, the test in question client and server are configured to use DSA certificates. The server is configured to request a client certificate. SSL error occurred for new outgoing connection: remote address = 127.0.0.1:47812 error # = 336151568 message = error:14094410:SSL routines:ssl3_read_bytes:reason(1040) location = ssl/record/rec_layer_s3.c, 1467 data = SSL alert number 40 When using OpenSSL 1.0.1 the connection success cipher = DHE-DSS-AES256-GCM-SHA384 bits = 256 remote address = 127.0.0.1:43629 protocol = TLSv1.2 I try to set security level to 0 for 1.1 but that doesn't make any difference here, any ideas what could be the issue? -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] OpenSSL-1.1-pre5 SSL_CTX_set_tmp_dh_callback
On 1 July 2016 at 12:31, Matt Caswell <m...@openssl.org> wrote: > > > On 01/07/16 11:24, pepone.onrez wrote: >> Hi, >> >> I trying to update my software to use OpenSSL-1.1 and I having problems >> with DH callbacks >> >> When build with 1.1.0-pre5 the callback set with SSL_CTX_set_tmp_dh_callback >> is not being called, when using 1.0.x it is called as expected. >> >> I have build 1.1.0-pre5 from sources with default configuration, do I >> need any special build option for this to work? >> >> In my test the server and client enables only ADH ciphers, I see the >> following ciphers are enabled: > > 1.1.0 has the concept of security levels to stop you from accidentally > configuring bad things. The default security level is 1. ADH ciphers are > in security level 0 (because they are considered insecure) and are > therefore disabled by default, i.e. even if you configure them, if the > security level isn't right then they won't get used. > > To set the security level differently you can either append > "@SECLEVEL=0" to the end of the cipher string, or call > SSL_set_security_level()/SSL_CTX_set_security_level(). > > See: > https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_set_security_level.html > > and > > https://www.openssl.org/docs/manmaster/apps/ciphers.html > > Matt Thanks Matt that was it, setting SECLEVEL=0" make the test work > > >> >>ADH-AES256-GCM-SHA384 >>ADH-AES128-GCM-SHA256 >>ADH-AES256-SHA256 >>ADH-CAMELLIA256-SHA256 >>ADH-AES128-SHA256 >>ADH-CAMELLIA128-SHA256 >>ADH-AES256-SHA >>ADH-CAMELLIA256-SHA >>ADH-AES128-SHA >>ADH-SEED-SHA >>ADH-CAMELLIA128-SHA >>ADH-DES-CBC3-SHA >> >> >> The connection fails with >> >> error # = 337002677 >> message = error:141640B5:SSL routines:tls_construct_client_hello:no >> ciphers available >> >> I assume this is related to the DH callback not being called, and so >> ADH ciphers cannot be used? >> >> Any ideas why the DH callback is not being called, as I say the code >> works fine with all previous OpenSSL versions. >> >> Regards, >> José >> > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] OpenSSL-1.1-pre5 SSL_CTX_set_tmp_dh_callback
Hi, I trying to update my software to use OpenSSL-1.1 and I having problems with DH callbacks When build with 1.1.0-pre5 the callback set with SSL_CTX_set_tmp_dh_callback is not being called, when using 1.0.x it is called as expected. I have build 1.1.0-pre5 from sources with default configuration, do I need any special build option for this to work? In my test the server and client enables only ADH ciphers, I see the following ciphers are enabled: ADH-AES256-GCM-SHA384 ADH-AES128-GCM-SHA256 ADH-AES256-SHA256 ADH-CAMELLIA256-SHA256 ADH-AES128-SHA256 ADH-CAMELLIA128-SHA256 ADH-AES256-SHA ADH-CAMELLIA256-SHA ADH-AES128-SHA ADH-SEED-SHA ADH-CAMELLIA128-SHA ADH-DES-CBC3-SHA The connection fails with error # = 337002677 message = error:141640B5:SSL routines:tls_construct_client_hello:no ciphers available I assume this is related to the DH callback not being called, and so ADH ciphers cannot be used? Any ideas why the DH callback is not being called, as I say the code works fine with all previous OpenSSL versions. Regards, José -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
