handshake failure(40) and TLS_EMPTY_RENEGOTIATION_INFO_SCSV - ssl

A client installed on jBOSS is trying to access a secured website configured on DataPower xi50v6.0.0.2 appliance. The connection is getting failed at SSL handshake.
I have taken a packet capture at DataPower and observed that SSL Handshake is failing with the Description:Handshake failure(40).
However, at the Client Hello step, I have observed that, only one Cipher Suite is specified which is : TLS_EMPTY_RENEGOTIATION_INFO_SCSV.
The TLS protocol used ( as per packet capture) is TLS1.1. Can this Cipher Suite be a problem?
In the DataPower system logs I can see below error:
Request processing failed: Connection terminated before request headers read because of the connection error occurs
Update:
The client application is running on jBOSS7.I have asked our jBOSS administrator to check the configuration at jBOSS end. I somehow got the access to server where jBOSS instance is installed and checked domain.xml where the ssl is configured. Where exactly in domain.xml, ths configuration related to cipher suites can be found?

I have observed that, only one Cipher Suite is specified which is : TLS_EMPTY_RENEGOTIATION_INFO_SCSV
This is no real cipher. If no other ciphers are specified then the client does not offer any ciphers at all which means that no shared ciphers can be found and thus the handshake will fail. It looks like the client is buggy. Reason might be a failed attempt to fight POODLE attack by disabling all SSL3.0 ciphers, which in effect disables all ciphers for TLS1 1.0 and TLS 1.1.

Related

Difference in List of cipher suites in FIPS mode vs NON-FIPS mode

I am hoping to get some guidance on collecting list of cipher suite in tls 1.2 version in both FIPS mode vs NON-FIPS mode. So I wrote ssl client and ssl server example similar to ssl example.
The source code does the following
CLIENT:
//Opens a AF_INET socket
SSL_library_init() to create a new SSL conn state
SSL_new() after SSL_CTX_new() with method "TLSv1_2_client_method"
//attach SSL connection state with the opened socket.
//Send some XML request and expects output accordingly.
SERVER:
OpenSSL_add_all_algorithms() to load algorithms in memory table context.
SSL_new() after SSL_CTX_new() with method "TLSv1_2_client_method"
Set self generated certificate/private-key in the ssl context
open a socket to listen incoming request and reply to the incoming message.
I compiled this code with openSSL 1.0.2e libcrypto/libssl and ran it locally. After capturing
the tcpdump, I see there are almost 86 ciphersuites negotiated by client. Now to list ciphersuites when client is running FIPS mode, I added FIPS_mode_set in "client code" after SSL_library_init() and OpenSSL_add_all_algorithms() (I hope this sequence is fine). Now when I captured the tcpdump, I see no changes in ciphersuite negotiated by client.
By now, I know that there are lot of capabilities changes in algorithms in fips mode but are there no changes observed in ciphersuite negotiated when client is running in fips/non-fips mode. ?

sending xmlhttprequest to javame securesocketserver

I've written a MIDlet server that handle tcp inputstream. I send xmlhttprequest with an http:// url from a html web page and it works fine. I want to do the same with an https url.
with my secureserverconnection instancied by a connector.open the accecptandopen() method return an exception.
handshake client send
As you can see the xmlhttprequest send an handshake hello but I've notices tls1.2 protocol then tls1.0 protocol and finally tls1.2.
Is it normal having 2 different protocol sent by the client. It is the first phase of the handshake protocol.
My Midlet java server respond with an Alert and a a "ssl3_get_client_hello:no shared cipher" error (IOException)
IOexception capture
I've specified the connector options like this : cipher : TLS_RSA_WITH_AES_128_GCM_SHA256 and TLSv1.2 protocol
tlsv1.2 server response
Have someone ever done it or can explain me why the cipher handshake is in error?
Yes it is normal for the client to try both protocols. The most likely scenario is that your device simply lacks any valid certificates, since J2ME devices are so old.
See:
"ssl3_get_client_hello:no shared cipher" in server depending on server certificate and key

After enabling TLSv1.2 in hostapd(an Integrated EAP RADIUS server),"fatal alert:decode error" is received from client(wpa_supplicant) during EAP-TLS

I am in a big issue regarding TLSv1.2 and unable to resolve this.
Scenario:
Hostapd should act as an integrated EAP server.I have an openwrt device on which hostapdv2.6-devel is running.
2.Wpa_Supplicant is acting as a client and should talk to hostapd for successful authentication.wpa_supplicantv2.6-devel is running on a different openwrt device.
3.Two way SSL handshake(EAP-TLS) should happen successfully and hostapd should authenticate the client device without any issue.
4.Requirement is that this communication should take place on TLSv1.2 i.e. server (hostapd)is bound to send TLSv1.2.
Configuration:
EAP server(hostapd configuration):
1.Since by default server is sending TLSv1.0 to the client so I made it to send TLSv1.2 forcefully by recompiling the package for TLSv12 and install again on the router.
2.Created a configuration file, which has all the server certificate, ca certificate chain eap_server=1 etc.
3.Started the hostapd process on the device successfully.
client configuration(wpa_supplicant):
1.Created a configuration file, which has all client certificate, CA chain, identity, SSID etc.
2.Started the wpa_supplicant on the device successfully.
SSL transactions:
1.client send client hello message and TLSv1.2 in it.
2.Server responds with server hello message and TLSv1.2
3.Server sends its certificate, serverkeyexchange, certificate request message.
4.Afterward a fatal alert occurs "decode_error" and no more transaction are seen and authentication gets failed.
Please see the wireshark capture below.
ClientHello
ServerHello
Alert Message
Kindly help me to resolve this issue as its making my life difficult.
Please let me know if any other information is required.
Thanks.

OpenSSL connection: alert internal error

I have 100 HTTPS services running on a single server using SNI. (Actually, I don't have access to them. It's an assignment. All I know are their domain names N.xxx.yy where N is in range from 00 to 99.) The goal of the assignment is to evaluate security of every single connection to each of these servers. So some of the servers contain expired certificates, certificates with wrong CN, etc.
My problem is that I cannot get past the handshake on some of the servers. I have written my own application in C++ using OpenSSL, but I've also tried it with openssl s_client. This is how I connect to the server:
openssl s_client -host N.xxx.yy -port 443 -verify 1 -servername N.xxx.yy -CAfile assignment-ca.pem
And this is what I get:
139625941858168:error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error:s3_pkt.c:1493:SSL alert number 80
139625941858168:error:140790E5:SSL routines:ssl23_write:ssl handshake failure:s23_lib.c:177:
In Wireshark, I see that client sent ClientHello, server responded with ServerHello (choosing TLSv1.2 and ECDHE-RSA-AES256-GCM-SHA384) followed by Certificate and then it sent me Alert message containing Internal Error (80).
After trying different thing I have found out that if I run s_client with -tls1 or -tls1_1 I can successfully get past the handshake. -tls1_2 does not work. What is even stranger is that connection through Chrome/Firefox/any other browser succeeds even if TLSv1.2 is negotiated. From what I see, Chrome is sending a different cipher list than me or s_client but even after modifying the cipher list to match the one in Chrome (and making sure that server chooses ECDHE-RSA-AES128-GCM-SHA256), it does not work either. Chrome is sending these TLS extensions, which I don't but most of them seem empty:
Unknown 47802
renegotiation_info
Extended Master Secret
signed_certificate_timestamp
status_request
Application Layer Protocol Negotiation
channel_id
Unknown 6682
Can anybody explain me what is happening here? Unfortunately, I have no way to debug it on the server side so this is all I know.
UPDATE:
After playing around with forged ClientHello messages I managed to track it down to signature_algorithms extension. My app and s_client provide SHA384 + {RSA,DSA,ECDSA} but if I remove these and keep just SHA256 + {RSA,DSA,ECDSA}, as Chrome does, it works and I receive Server Key Exchange message successfully. Could it be that server somehow does not support it, but instead of providing meaningful error message, it just ends unexpectedly and gives me this internal error?
UPDATE 2:
I found answer to why it works with TLS versions prior to 1.2 in RFC5246. Question from the previous UPDATE still holds.
Note: this extension is not meaningful for TLS versions prior to 1.2.
Clients MUST NOT offer it if they are offering prior versions.
However, even if clients do offer it, the rules specified in [TLSEXT]
require servers to ignore extensions they do not understand.
Since you wrote that -tls1_2 does not work I assume either you and/or the server uses an older openssl library. The current version while writing this is 1.1.0e
There were quite some fixes since 0.9.8, which could often be seen on older systems.
For Version 1.0.1 there was this fix, which sounds like your problem:
`Some servers which support TLS 1.0 can choke if we initially indicate
support for TLS 1.2 and later renegotiate using TLS 1.0 in the RSA
encrypted premaster secret. As a workaround use the maximum permitted
client version in client hello, this should keep such servers happy
and still work with previous versions of OpenSSL.`
Maybe also notable:
Don't allow TLS 1.2 SHA-256 ciphersuites in TLS 1.0, 1.1 connections.
So I would suggest to update your openssl-Version and in case of the servers out of your control I would stick to the settings you already found.

Weak ethereal DH key Activemq

I'm trying a set up a secure websocket in activemq using CA certs, but I keep getting this message in the browser:
SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key)
I believe this is related to the cipher suite, but I'm A) not finding using the right cipher suite or B) configuring it in the wrong area of Apache Activemq. Currently, I've been adjusting the configuration of ssl in transport connector in activemq.xml( http://activemq.apache.org/ssl-transport-reference.html). However, I know that activemq uses a jetty server and i'm wondering if I should be configuring the suite in jetty.xml a la How to config local Jetty ssl to avoid weak phermeral DH key error?.
So, my questions are, is this the right approach? If so, what's the correct cipher suite for activemq?
The Java JDK version 1.7.0_79
Alright, I was able to create a work around by reading the activemq-apollo guide and then matching it to closed JIRA's in activemq:
http://activemq.apache.org/apollo/documentation/user-manual.html#Working_Around_Java_7_SSL_Bugs
https://issues.apache.org/jira/browse/AMQ-4520