I'm not sure what argument do I have to pass to switch -id_prefix for openssl s_server.
What I am trying to do is to run openssl s_server on one side, and openssl s_client on the other, and verify that Session-ID and Master-Key matches on both sides.
The problem is, that I only get to see the Session-ID and Master-Key on the client side. I'm not sure how to obtain them on the server side as well, so I can compare them.
id_prefix seems to be one option, but I don't see the prefix in the Session-ID on the client side.
Any ideas?
I can see how you can check the Master-Key using openssl s_server and openssl s_client, but not the Session-ID; I'm not sure why.
Here's what I did. First, I started a server running locally:
$ openssl s_server -accept 4433 -cert ./server.pem -tls1_2
Then, in a different terminal/window, I connected to that server:
$ openssl s_client -connect 127.0.0.1:4433 -debug
In the server terminal, I saw the SSL session started:
Using default temp DH parameters
ACCEPT
-----BEGIN SSL SESSION PARAMETERS-----
MFUCAQECAgMDBALAMAQABDDAOWXb47pESLXfWW1DYfaccOPGQcfgeaHW4sFP/avj
ejwVgvWNXGXy1vn6U3uLOeWhBgIEVqrm26IEAgIcIKQGBAQBAAAA
-----END SSL SESSION PARAMETERS-----
...
CIPHER is ECDHE-RSA-AES256-GCM-SHA384
Secure Renegotiation IS supported
The key thing thing to notice here is that base64-encoded data for the SSL session parameters. I copy and pasted that data into a separate file, e.g. sess.pem.
Then, I used openssl sess_id to decode that sess.pem file:
$ openssl sess_id -noout -text < ./sess.pem
SSL-Session:
Protocol : TLSv1.2
Cipher : C030
Session-ID:
Session-ID-ctx: 01000000
Master-Key: 9C921511052D3F212FF718704518FC526474D69FC26BC1165DBD203C6E221BB3A84686BC5D15A7BD9FA7BB72201A7276
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1454040610
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Compare that Master-Key value with the one that the openssl s_client terminal shows (note that it's important to use the -debug command-line option for openssl s_client to see this):
...
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 417D443BFD5702BEA974C5758FD65A0FC217B0FD9750C4CECF0915895C4E616D
Session-ID-ctx:
Master-Key: 9C921511052D3F212FF718704518FC526474D69FC26BC1165DBD203C6E221BB3A84686BC5D15A7BD9FA7BB72201A7276
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
....
So I'm not sure why the server output doesn't show the session ID generated, but you can at least use the above to compare the Master-Key values. I experimented with using both the -context and -id_prefix command-line options for openssl s_server, e.g.:
$ openssl s_server -accept 4433 -context FOO -id_prefix BAR ...
but it did not substantially change the data, nor did it cause the Session-ID to be displayed by openssl s_server.
Hope this helps!
Related
My SSL handshake (using the openssl s_client -connect host:port) show this output:
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1631731107
Timeout : 300 (sec)
Verify return code: 0 (ok)
It is showing return code 0 (ok), start time etc. Does this mean a SSL session is established here? Why does it not show other things like cipher, session-id etc which I normally see with other SSL sessions?
This output means that the handshake was not successful at all. There is usually an error somewhere in the output preceding this, like here:
$ openssl s_client -connect example.com:80
CONNECTED(00000003)
140501726137216:error:1400410B:SSL routines:CONNECT_CR_SRVR_HELLO:wrong version number:ssl_pkt.c:386:
....
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
...
Verify return code: 0 (ok)
In this example a TLS connection was attempted to a server which does not speak TLS at all but instead speaks only plain HTTP (since I've connected to the plain HTTP port). There is a clear error showing some kind of TLS problem, which in this case is caused by trying to interpret a plain HTTP response as TLS.
From https://www.virtuesecurity.com/kb/null-ciphers-supported/:
Cipher Name (IANA) Cipher Name (OpenSSL) Value
TLS_NULL_WITH_NULL_NULL N/A 0x00,0x00
See also https://en.wikipedia.org/wiki/Null_cipher.
Just don't use it,there's no encryption.
I am trying to connect to using openssl s_client api, command:
openssl s_client -connect <server1>:443
I am getting following output:
---------------------------------Start---------------------------
CONNECTED(00000003)
Certificate chain
Server certificate
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
SSL handshake has read 5540 bytes and written 302 bytes
Verification error: self signed certificate in certificate chain
New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
Session-ID:
Session-ID-ctx:
Master-Key:
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1553089057
Timeout: 7200 (sec)
Verify return code: 19 (self signed certificate in certificate chain)
Extended master secret: no
GET <path_to_api> HTTP/1.1
HOST: <server1>
Content-Type: application/soap+xml; charset=utf-8
Content-Length:0
HTTP/1.1 408 REQUEST_TIMEOUT
Content-Length:0
Connection: Close
closed
--------------------------------End-------------------------------
It results in request time out.
If I use curl command it is successful.
What is the cause for the request timeout ?
-crlf option resolved the issue.
Thanks #SteffenUllrich
command:
openssl s_client -connect <server1>:443 -crlf
I'm working on an application where Key Server (K) generates a symmetrical key and shares it with Server(A) and Client(B). A and B connects via UDP.
I'm using Memory BIOs, and was trying to use Cipher "PSK-AES128-CBC-SHA".
I have few questions related to this:
When we have a symmetrical key should we still call SSL_do_handshake ?
When I set the Cipher with this call SSL_CTX_set_cipher_list(context, "PSK-AES128-CBC-SHA"); I get an error SSL routines:ssl_cipher_list_to_bytes:no ciphers available
I tried using TLSV1_2_server_method, TLSV1_2_server_method, DTLS_server_method, DTLS_client_method but every method failed with the above error.
Is there any example code available for TLS-PSK encryption ? I couldn't find any good tutorial or example online.
I was referring to this article while doing this, but instead i'm using Memory BIOs
https://bitbucket.org/tiebingzhang/tls-psk-server-client-example/src/783092f802383421cfa1088b0e7b804b39d3cf7c/psk_server.c?at=default&fileviewer=file-view-default
I can't tell you why the cipher doesn't exist. I can only assume that it doesn't exist in the version of openssl that you have or it has to be added to openssl to begin with.
Did you know that PSK support is build into tls1.3? If you use openssl 1.1.1 you can do PSK from the openssl command line.
Server:
# use a 48 byte PSK
$ PSK=63ef2024b1de6417f856fab7005d38f6df70b6c5e97c220060e2ea122c4fdd054555827ab229457c366b2dd4817ff38b
$ openssl s_server -psk $PSK -cipher TLS13-AES-256-GCM-SHA384 -nocert -accept 2020
Client:
$ openssl s_client -psk $PSK -connect localhost:2020
CONNECTED(00000003)
---
no peer certificate available
---
No client certificate CA names sent
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 195 bytes and written 475 bytes
Verification: OK
---
Reused, TLSv1.3, Cipher is TLS13-AES-256-GCM-SHA384
…
So I would recommend that you look up the source code for openssl 1.1.1 s_server and s_client commands to see a example of how to use PSK in tls1.3.
I have an Android app that has some trouble with a site's certificate when connecting via https. As I'm experiencing trouble even when using a custom keystore with the certificates ("No peer certificate") I'm trying to get more information about the connection, handshake and certificates actually given by the server.
The version of openssl is follows:
$ openssl version
OpenSSL 1.0.1e 11 Feb 2013
When I just try to get info about the certificates I get this response:
$ openssl s_client -showcerts -connect [hostname]:443 </dev/null
CONNECTED(00000003)
3069977808:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:749:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 308 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
This is how Chrome describes the connection (sorry for the Norwegian text, but you get an idea of the connection and encryption type:
Based on the info from Chrome I've tried different commands to get the certificates, but they all seem to fail. My top candidate was this one:
$ openssl s_client -showcerts -connect [hostname]:443 -tls1_2 -cipher RC4-MD5
CONNECTED(00000003)
3069396176:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1258:SSL alert number 40
3069396176:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:596:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1414399499
Timeout : 7200 (sec)
Verify return code: 0 (ok)
---
Anyone got any hints based on the info given?
This might be an SNI issue, where the server has no default certificate defined for non-SNI clients. Android included a version of Apaches httpclient which is known to not support SNI and your openssl s_client command also does not use SNI.
Please try openssl s_client -servername hostname -connect ... to use SNI and see if this helps.
My production app uses ActiveMerchant and is unable to process credit cards over https with a single gateway, Moneris. All other gateways Authorize.net, Paypal, Beanstream, etc) experience no errors. The error I receive is:
OpenSSL::SSL::SSLError (SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed):
The people at Moneris have told me that they have updated their SSL certificate
to 2048bit SSL encryption (from the current 1024 SSL encryption) and that the upgraded certificate will be issued by VeriSign. Our wildcard SSL uses 2432--more than the Moneris 2047 requirement.
So, they suggested that in addition to the files I normally upload for my SSL bundle, I have to add their Verisign certs. My Heroku command looks like this:
$ heroku certs:upgrade --app myapp AddTrustExternalCARoot.crt ComodoUTNSGCCA.crt EssentialSSLCA_2.crt STAR_myapp_com.crt UTNAddTrustSGCCA.crt Verisign_chain_Gr.cer Verisign_G5.cer server.key
I have tried virtually everything including the fix_ssl.rb suggestion here (OpenSSL::SSL::SSLError on Heroku) where I call the ca-certificates.crt from my /usr/lib/ssl/certs directory from Heroku.
require 'open-uri'
require 'net/https'
module Net
class HTTP
alias_method :original_use_ssl=, :use_ssl=
def use_ssl=(flag)
self.ca_path = Rails.root.join('/usr/lib/ssl/certs/ca-certificates.crt').to_s
self.verify_mode = OpenSSL::SSL::VERIFY_PEER
self.original_use_ssl = flag
end
end
end
I've tried everything: placing the Heroku bundle in my /lib directory, adding the 'certified' gem, etc, etc. and spent hours on the phone with Moneris to no avail. Does anyone know what more I can do to allow this one gateway to process credit cards?
My guess is that the trusted list of CA certificates that openssl is using to verify Moneris' server certificate is out-dated. So try getting the cacert.pem extracted from Mozilla's ca-bundle (http://curl.haxx.se/docs/caextract.html does this for you). This is more necessary these days as far as openssl is concerned as openssl is no longer bundled with CA certs which is why I'm suspecting whatever ca-certs you're using might be out of date.
First I tried to reproduce your problem with the command:
openssl s_client -connect www3.moneris.com:443
and got ...
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : RC4-MD5
Session-ID: 73178D4019035AE86399D0E6D2FFB904A1412D0F5D3F83370E52F50E9E26B73C
Session-ID-ctx:
Master-Key: 0BB841912F11185B7CBAFA524571765DD7372990819EBC44E311DE4EF0C70E480501D6F87C8AA439C4F827B0908123F7
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1380816775
Timeout : 300 (sec)
Verify return code: 20 (unable to get local issuer certificate)
---
Then I used the cacert.pem extracted from Mozilla thanks to http://curl.haxx.se/docs/caextract.html
and re-issued the openssl command like so:
openssl s_client -connect www3.moneris.com:443 -CAfile cacert.pem
and got ...
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : RC4-MD5
Session-ID: 73178D401902F7EB6399D0E6D2FFB804CE0F7219344405EA0E52F50E9E26B4DB
Session-ID-ctx:
Master-Key: C0B32810FB7E0158A156E7D05DBB35F3CE8935284F165C3FB636700EEEC8BCE991BCE8850D39020E298F337B6E58132A
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1380816992
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
So in your code snippet, above, try replacing:
self.ca_path = Rails.root.join('/usr/lib/ssl/certs/ca-certificates.crt').to_s
with:
self.ca_file = <full path name>/cacert.pem
where cacert.pem is extracted from the Mozilla ca-bundle