| Subject: | TLSv1.1+ renegotiation broken |
| Date: | Thu, 10 May 2012 19:49:33 -0400 |
| To: | openssl-dev@openssl.org |
| From: | Phil Pennock <openssl-dev@spodhuis.org> |
This is a problem reproducible with s_client / s_server.
This was raised in my thread "OpenSSL 1.0.1b: TLS disabling,
renegotiation, etc" on openssl-users, together with a couple of other
points, but I didn't see a response to this part, so I'm re-raising here
on the assumption that my reply was skimmed and this was missed. (It
was the last part, I understand busy people skimming right over it, I
would probably have done the same).
OpenSSL 1.0.1b and just reconfirmed present in 1.0.1c.
Server:
openssl s_server -cert spodhuis-smtpmx.crt.pem -key spodhuis-smtpmx.key.pem
Client:
openssl s_client -CApath /etc/ssl/certs
TLSv1.2 is negotiated.
In client, type "R":
----------------------------8< cut here >8------------------------------
R
RENEGOTIATING
34373260488:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:340:
----------------------------8< cut here >8------------------------------
Add "-msg" to client invocation, see:
----------------------------8< cut here >8------------------------------
R
RENEGOTIATING
Show quoted text
8c 88 2e 09 e3 15 f1 d3 f6 fd fb a2 55 ac 38 12
82 4c 2b 34 08 65 00 00 9e c0 30 c0 2c c0 28 c0
24 c0 14 c0 0a c0 22 c0 21 00 a3 00 9f 00 6b 00
6a 00 39 00 38 00 88 00 87 c0 32 c0 2e c0 2a c0
26 c0 0f c0 05 00 9d 00 3d 00 35 00 84 c0 12 c0
08 c0 1c c0 1b 00 16 00 13 c0 0d c0 03 00 0a c0
2f c0 2b c0 27 c0 23 c0 13 c0 09 c0 1f c0 1e 00
a2 00 9e 00 67 00 40 00 33 00 32 00 9a 00 99 00
45 00 44 c0 31 c0 2d c0 29 c0 25 c0 0e c0 04 00
9c 00 3c 00 2f 00 96 00 41 00 07 c0 11 c0 07 c0
0c c0 02 00 05 00 04 00 15 00 12 00 09 00 14 00
11 00 08 00 06 00 03 02 01 00 00 80 ff 01 00 0d
0c d8 d9 7c 54 8c 19 84 5e f7 5c 81 94 00 0b 00
04 03 00 01 02 00 0a 00 34 00 32 00 0e 00 0d 00
19 00 0b 00 0c 00 18 00 09 00 0a 00 16 00 17 00
08 00 06 00 07 00 14 00 15 00 04 00 05 00 12 00
13 00 01 00 02 00 03 00 0f 00 10 00 11 00 23 00
00 00 0d 00 22 00 20 06 01 06 02 06 03 05 01 05
02 05 03 04 01 04 02 04 03 03 01 03 02 03 03 02
01 02 02 02 03 01 01 00 0f 00 01 01
Show quoted text
34373260488:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:340:
----------------------------8< cut here >8------------------------------
Since the client is here replying with the version received from the
server, and doing so before the routing which would -msg log the message
received from the server, the server is therefore replying with a
TLSv1.0 handshake within a TLSv1.2 session.
Regards,
-Phil
Show quoted text
This was raised in my thread "OpenSSL 1.0.1b: TLS disabling,
renegotiation, etc" on openssl-users, together with a couple of other
points, but I didn't see a response to this part, so I'm re-raising here
on the assumption that my reply was skimmed and this was missed. (It
was the last part, I understand busy people skimming right over it, I
would probably have done the same).
OpenSSL 1.0.1b and just reconfirmed present in 1.0.1c.
Server:
openssl s_server -cert spodhuis-smtpmx.crt.pem -key spodhuis-smtpmx.key.pem
Client:
openssl s_client -CApath /etc/ssl/certs
TLSv1.2 is negotiated.
In client, type "R":
----------------------------8< cut here >8------------------------------
R
RENEGOTIATING
34373260488:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:340:
----------------------------8< cut here >8------------------------------
Add "-msg" to client invocation, see:
----------------------------8< cut here >8------------------------------
R
RENEGOTIATING
Show quoted text
>>> TLS 1.2 [length 014c]
01 00 01 48 03 03 4f ac 52 f8 87 e8 d4 fb ef 058c 88 2e 09 e3 15 f1 d3 f6 fd fb a2 55 ac 38 12
82 4c 2b 34 08 65 00 00 9e c0 30 c0 2c c0 28 c0
24 c0 14 c0 0a c0 22 c0 21 00 a3 00 9f 00 6b 00
6a 00 39 00 38 00 88 00 87 c0 32 c0 2e c0 2a c0
26 c0 0f c0 05 00 9d 00 3d 00 35 00 84 c0 12 c0
08 c0 1c c0 1b 00 16 00 13 c0 0d c0 03 00 0a c0
2f c0 2b c0 27 c0 23 c0 13 c0 09 c0 1f c0 1e 00
a2 00 9e 00 67 00 40 00 33 00 32 00 9a 00 99 00
45 00 44 c0 31 c0 2d c0 29 c0 25 c0 0e c0 04 00
9c 00 3c 00 2f 00 96 00 41 00 07 c0 11 c0 07 c0
0c c0 02 00 05 00 04 00 15 00 12 00 09 00 14 00
11 00 08 00 06 00 03 02 01 00 00 80 ff 01 00 0d
0c d8 d9 7c 54 8c 19 84 5e f7 5c 81 94 00 0b 00
04 03 00 01 02 00 0a 00 34 00 32 00 0e 00 0d 00
19 00 0b 00 0c 00 18 00 09 00 0a 00 16 00 17 00
08 00 06 00 07 00 14 00 15 00 04 00 05 00 12 00
13 00 01 00 02 00 03 00 0f 00 10 00 11 00 23 00
00 00 0d 00 22 00 20 06 01 06 02 06 03 05 01 05
02 05 03 04 01 04 02 04 03 03 01 03 02 03 03 02
01 02 02 02 03 01 01 00 0f 00 01 01
Show quoted text
>>> TLS 1.0 Alert [length 0002], fatal protocol_version
02 4634373260488:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:340:
----------------------------8< cut here >8------------------------------
Since the client is here replying with the version received from the
server, and doing so before the routing which would -msg log the message
received from the server, the server is therefore replying with a
TLSv1.0 handshake within a TLSv1.2 session.
Regards,
-Phil
Show quoted text
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org