Re: Schanner secu
Where can we found the RFC about this cipher ? This blog page contain information about cipher order in Windows and the bug http://blog.ittoby.com/2014/11/microsoft-kb-2992611-winshock-more.html 2014-11-19 10:16 GMT+01:00 Mounir IDRASSI : > Hi, > > The latest Windows update that corrected the "WinShock" SChannel > vulnerability brought many changes to the way TLS is performed and among > the changes is the fact that the Supported Point Formats Extension is not > sent anymore in the ServerHello during the TLS handshake. > > In version of OpenSSL prior to 1.0.0c, the Supported Point Formats > Extension was expected to be present all the time which ofcourse is not > correct. I have sent a patch for that in 2010 (https://rt.openssl.org/ > Ticket/Display.html?id=2240&user=guest&pass=guest#txn-26841) and the > correction was subsequently included in 1.0.0c. > > This explains why you are starting to receive TLS handshake errors with > curl client linked with OpenSSL 1.0.0a and 1.0.0b after the SChannel update > from Microsoft. > > If you are not able to upgrade your clients, then the only solution is to > ask Microsoft how to force the inclusion of the Supported Point Formats > Extension in the TLS handshake as it was the case before. > Their SChannel update brought new issues anyway and most certainly > Microsoft will publish another update to SChannel in order to solve them, > so there is a possibility for them to restore the old TLS handshake > behavior unless it causes security issues for them (but I can't imagine > how). > > Cheers, > -- > Mounir IDRASSI > IDRIX > http://www.idrix.fr > > > On 11/14/2014 10:02 PM, Gilles Vollant wrote: > >> >> Microsoft just published a patch on their SChannel component (KB 2992611 ) >> >> >> https://technet.microsoft.com/library/security/MS14-066 >> >> >> But with this fix, Web server IIS 7.5/8.0 on Windows server 2008R2 or >> Windows server 2012 did not accept download from curl + OpenSSL 1.0.0a / >> 1.0.0b ! >> >> >> If you compile curl with OpenSSL 1.0.0a or 1.0.0b, curl cannot download >> anything from IIS 7.5/8.0 webserver using https after patching ! >> >> OpenSSL 1.0.0c has no problem. But somes clients cannot be updated >> magically! >> >> >> Curl says: >> curl: (35) error:1411809D:SSL routines:SSL_CHECK_SERVERHELLO_TLSEXT:tls >> invalid ecpointformat list >> >> I made a report here: >> >> http://www.winimage.com/demo_report_openssl_windows/ >> >> I hope Microsoft can (and will) update their fix to allow curl + >> openssl1.0.0(a or b) connect ! >> >> regards >> Gilles Vollant >> > > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager majord...@openssl.org >
Re: Schanner secu
On 19/11/2014 22:37, Gilles Vollant wrote: On https://support.microsoft.com/kb/2992611 we can read Some customers have reported an issue that is related to the changes in this release. These changes added the following new cipher suites to Windows Server 2008 R2 and Windows Server 2012. In order to give customers more control over whether these cipher suites are used in the short term, we are removing them from the default cipher suite priority list in the registry. TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_RSA_WITH_AES_128_GCM_SHA256 In other words, they disabled the stronger suites rather than fixingthe actual compatibility issue (which was the removal of anunnecessary "supported points format" extension, which was sentinprevious versions). So if Mr. Idrassi was right AND if OpenSSL 1.0.0/1.0.0a/1.0.0b were the only affected clients, then this is not the best possiblefix. On the other hand, if some other SSL library would fail if presented withthe 3 "new" suites (the GCM suites without ECDSA certs), then their fix is correct and just helps the old OpenSSL versions by chance. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Schanner secu
On https://support.microsoft.com/kb/2992611 we can read Some customers have reported an issue that is related to the changes in this release. These changes added the following new cipher suites to Windows Server 2008 R2 and Windows Server 2012. In order to give customers more control over whether these cipher suites are used in the short term, we are removing them from the default cipher suite priority list in the registry. TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_RSA_WITH_AES_128_GCM_SHA256
Re: Schanner secu
Microsoft published today a new version of the KB 2992611 on the first patch, they modified the registry entry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CryptographyBeforce\Configuration\Local\SSL\00010002 , entry Functions original list, before 11 november, and after 19 november TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 TLS_DHE_DSS_WITH_AES_128_CBC_SHA TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 TLS_DHE_DSS_WITH_AES_256_CBC_SHA TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_RC4_128_MD5 SSL_CK_RC4_128_WITH_MD5 SSL_CK_DES_192_EDE3_CBC_WITH_MD5 TLS_RSA_WITH_NULL_SHA256 TLS_RSA_WITH_NULL_SHA The list between 11 november and 18 november TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P521 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P521 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P521 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P521 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P521 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P521 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P521 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P521 TLS_RSA_WITH_NULL_MD5 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384 TLS_RSA_WITH_AES_256_CBC_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384 TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 TLS_DHE_DSS_WITH_AES_256_CBC_SHA TLS_DHE_DSS_WITH_AES_128_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_RC4_128_MD5 TLS_RSA_WITH_NULL_SHA256 TLS_RSA_WITH_NULL_SHA SSL_CK_RC4_128_WITH_MD5 SSL_CK_DES_192_EDE3_CBC_WITH_MD5 and openssl 1.0.0b run well. The week whene TLS_ECDHE_* were in top of lists, OpenSSL 1.0.0b select it and we had the compatibility problem. Now, openssl 1.0.0b select again a TLS_RSA_WITH_AES_* cipher without problem 2014-11-14 22:02 GMT+01:00 Gilles Vollant : > > Microsoft just published a patch on their SChannel component (KB 2992611 ) > > > https://technet.microsoft.com/library/security/MS14-066 > > > But with this fix, Web server IIS 7.5/8.0 on Windows server 2008R2 or > Windows server 2012 did not accept download from curl + OpenSSL 1.0.0a / > 1.0.0b ! > > > If you compile curl with OpenSSL 1.0.0a or 1.0.0b, curl cannot download > anything from IIS 7.5/8.0 webserver using https after patching ! > > OpenSSL 1.0.0c has no problem. But somes clients cannot be updated > magically! > > > Curl says: > curl: (35) error:1411809D:SSL routines:SSL_CHECK_SERVERHELLO_TLSEXT:tls > invalid ecpointformat list > > I made a report here: > > http://www.winimage.com/demo_report_openssl_windows/ > > I hope Microsoft can (and will) update their fix to allow curl + > openssl1.0.0(a or b) connect ! > > regards > Gilles Vollant >
Re: Schanner secu
Hi, The latest Windows update that corrected the "WinShock" SChannel vulnerability brought many changes to the way TLS is performed and among the changes is the fact that the Supported Point Formats Extension is not sent anymore in the ServerHello during the TLS handshake. In version of OpenSSL prior to 1.0.0c, the Supported Point Formats Extension was expected to be present all the time which ofcourse is not correct. I have sent a patch for that in 2010 (https://rt.openssl.org/Ticket/Display.html?id=2240&user=guest&pass=guest#txn-26841) and the correction was subsequently included in 1.0.0c. This explains why you are starting to receive TLS handshake errors with curl client linked with OpenSSL 1.0.0a and 1.0.0b after the SChannel update from Microsoft. If you are not able to upgrade your clients, then the only solution is to ask Microsoft how to force the inclusion of the Supported Point Formats Extension in the TLS handshake as it was the case before. Their SChannel update brought new issues anyway and most certainly Microsoft will publish another update to SChannel in order to solve them, so there is a possibility for them to restore the old TLS handshake behavior unless it causes security issues for them (but I can't imagine how). Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 11/14/2014 10:02 PM, Gilles Vollant wrote: Microsoft just published a patch on their SChannel component (KB 2992611 ) https://technet.microsoft.com/library/security/MS14-066 But with this fix, Web server IIS 7.5/8.0 on Windows server 2008R2 or Windows server 2012 did not accept download from curl + OpenSSL 1.0.0a / 1.0.0b ! If you compile curl with OpenSSL 1.0.0a or 1.0.0b, curl cannot download anything from IIS 7.5/8.0 webserver using https after patching ! OpenSSL 1.0.0c has no problem. But somes clients cannot be updated magically! Curl says: curl: (35) error:1411809D:SSL routines:SSL_CHECK_SERVERHELLO_TLSEXT:tls invalid ecpointformat list I made a report here: http://www.winimage.com/demo_report_openssl_windows/ I hope Microsoft can (and will) update their fix to allow curl + openssl1.0.0(a or b) connect ! regards Gilles Vollant __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Schanner secu
Microsoft just published a patch on their SChannel component (KB 2992611 ) https://technet.microsoft.com/library/security/MS14-066 But with this fix, Web server IIS 7.5/8.0 on Windows server 2008R2 or Windows server 2012 did not accept download from curl + OpenSSL 1.0.0a / 1.0.0b ! If you compile curl with OpenSSL 1.0.0a or 1.0.0b, curl cannot download anything from IIS 7.5/8.0 webserver using https after patching ! OpenSSL 1.0.0c has no problem. But somes clients cannot be updated magically! Curl says: curl: (35) error:1411809D:SSL routines:SSL_CHECK_SERVERHELLO_TLSEXT:tls invalid ecpointformat list I made a report here: http://www.winimage.com/demo_report_openssl_windows/ I hope Microsoft can (and will) update their fix to allow curl + openssl1.0.0(a or b) connect ! regards Gilles Vollant
