Skip Menu |
 
Ticket metadata
The Basics
Id: 2771
Status: resolved
Priority: 0/
Queue: OpenSSL-Bugs

Custom Fields
Milestone: (no value)
Subsystem: (no value)
Severity: (no value)
Broken in: (no value)

People
Owner: Nobody in particular
Requestors: Steven Allen
Halassy Zoltán
Cc:
AdminCc:

More about the requestors

Steven Allen

Comments about this user: No comment entered about this user
Groups this user belongs to
  • Unprivileged
  • Everyone

Halassy Zoltán

Comments about this user: No comment entered about this user
Groups this user belongs to
  • Unprivileged
  • Everyone

New reminder:
Subject:
Owner:
Due:

Dates
Created: Fri Mar 23 18:21:39 2012
Starts: Not set
Started: Not set
Last Contact: Tue Apr 29 13:57:32 2014
Due: Not set
Closed: Tue Apr 29 13:57:32 2014
Updated: Wed Jul 30 23:54:29 2014 by Rich Salz



Subject: [BUG] Openssl 1.0.1 times out when connecting to Outlook Exchange 2007
Date: Fri, 23 Mar 2012 10:43:49 -0400
To: rt@openssl.org
From: Steven Allen <steven@stebalien.com>
Download (untitled) / with headers
text/plain 433b
OpenSSL negotiation times out when connecting to Outlook Exchange 2007
both through Outlook Web Access (webmail) and IMAP (POP untested). This
bug appeared between version 1.0.0h and 1.0.1-beta1.

OS: Arch Linux
Applications tested: Offlineimap (IMAP), elinks (webmail), wget (webmail).
Version: 1.0.1, 1.0.1-beta{3,2,1}.
Versions-not-affected: 1.0.0h

To reproduce, run `wget https://owa.mit.edu/`.

--
Steven Allen
MIT 2014, EECS
Download (untitled)
application/pgp-signature 198b

Message body not shown because it is not plain text.

Download (untitled) / with headers
text/plain 851b
Show quoted text
> [steven@stebalien.com - Fri Mar 23 18:21:39 2012]:
>
> OpenSSL negotiation times out when connecting to Outlook Exchange 2007
> both through Outlook Web Access (webmail) and IMAP (POP untested). This
> bug appeared between version 1.0.0h and 1.0.1-beta1.
>
> OS: Arch Linux
> Applications tested: Offlineimap (IMAP), elinks (webmail), wget (webmail).
> Version: 1.0.1, 1.0.1-beta{3,2,1}.
> Versions-not-affected: 1.0.0h
>
> To reproduce, run `wget https://owa.mit.edu/`.
>

It isn't clear that this is a problem with OpenSSL. The server doesn't
seem to be responding to the OpenSSL client hello. If you disable
TLSv1.2 (with -no_tls1_2) or disable AES or ECDH ciphersuites or various
other things it responds OK.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
CC: steven@stebalien.com
Subject: Re: [openssl.org #2771] [BUG] Openssl 1.0.1 times out when connecting to Outlook Exchange 2007
Date: Sun, 25 Mar 2012 04:51:30 +0200
To: rt@openssl.org
From: Kurt Roeckx <kurt@roeckx.be>
On Fri, Mar 23, 2012 at 06:49:43PM +0100, Stephen Henson via RT wrote:
Show quoted text
> > [steven@stebalien.com - Fri Mar 23 18:21:39 2012]:
> >
> > OpenSSL negotiation times out when connecting to Outlook Exchange 2007
> > both through Outlook Web Access (webmail) and IMAP (POP untested). This
> > bug appeared between version 1.0.0h and 1.0.1-beta1.
> >
> > OS: Arch Linux
> > Applications tested: Offlineimap (IMAP), elinks (webmail), wget (webmail).
> > Version: 1.0.1, 1.0.1-beta{3,2,1}.
> > Versions-not-affected: 1.0.0h
> >
> > To reproduce, run `wget https://owa.mit.edu/`.
> >
>
> It isn't clear that this is a problem with OpenSSL. The server doesn't
> seem to be responding to the OpenSSL client hello. If you disable
> TLSv1.2 (with -no_tls1_2) or disable AES or ECDH ciphersuites or various
> other things it responds OK.

-no_tls1_2 and -no_tls1_1 doesn't work for me, I need to use -tls1
(or -ssl3) to be able to get a connection.

gnutls-cli which also supports TLS 1.1 and 1.2 works with that
site without problem.

https://sourceforge.net/ has the same problem, both report BigIP
as the server.


Kurt
Show quoted text
> [kurt@roeckx.be - Sun Mar 25 04:51:32 2012]:
>
> On Fri, Mar 23, 2012 at 06:49:43PM +0100, Stephen Henson via RT wrote:
> > > [steven@stebalien.com - Fri Mar 23 18:21:39 2012]:
> > >
> > > OpenSSL negotiation times out when connecting to Outlook Exchange
> 2007
> > > both through Outlook Web Access (webmail) and IMAP (POP untested).
> This
> > > bug appeared between version 1.0.0h and 1.0.1-beta1.
> > >
> > > OS: Arch Linux
> > > Applications tested: Offlineimap (IMAP), elinks (webmail), wget
> (webmail).
> > > Version: 1.0.1, 1.0.1-beta{3,2,1}.
> > > Versions-not-affected: 1.0.0h
> > >
> > > To reproduce, run `wget https://owa.mit.edu/`.
> > >
> >
> > It isn't clear that this is a problem with OpenSSL. The server
> doesn't
> > seem to be responding to the OpenSSL client hello. If you disable
> > TLSv1.2 (with -no_tls1_2) or disable AES or ECDH ciphersuites or
> various
> > other things it responds OK.
>
> -no_tls1_2 and -no_tls1_1 doesn't work for me, I need to use -tls1
> (or -ssl3) to be able to get a connection.
>
> gnutls-cli which also supports TLS 1.1 and 1.2 works with that
> site without problem.
>
> https://sourceforge.net/ has the same problem, both report BigIP
> as the server.
>

Disabling TLSv1.2 will eliminate some ciphersuites and the signature
algorithm extension. Due to a bug it still sends that extension in
OpenSSL 1.0.1 if you specify -no_tls1_2. This fixes it:

http://cvs.openssl.org/chngview?cn=22286

It should then also work with -no_tls1_2. Without that option some
arguments also allow a connection. For example -cipher 'DEFAULT:!ECDH'
or -cipher 'DEFAULT:!AES'.

I've done some more tests and it seems that the size of the client hello
message is significant: all the options that work reduce the size of
client hello. If you use the -debug option and check out the first
message bytes 4 and 5 it seems those servers hang if the length exceeds
0xFF (using two bytes instead of one).

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
Download (untitled) / with headers
text/plain 725b
Show quoted text
> [steve - Sun Mar 25 13:11:30 2012]:
>
> I've done some more tests and it seems that the size of the client hello
> message is significant: all the options that work reduce the size of
> client hello. If you use the -debug option and check out the first
> message bytes 4 and 5 it seems those servers hang if the length exceeds
> 0xFF (using two bytes instead of one).
>

If you use the option "-servername <very long string>" you can precisely
control the size of the client hello. If you use that to make client
hello long enough you get the hang with OpenSSL 1.0.0h and earlier as well.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
Download (untitled) / with headers
text/plain 448b
A temporary workaround for this is to apply these two patches to OpenSSL
1.0.1:

http://cvs.openssl.org/chngview?cn=22286
http://cvs.openssl.org/chngview?cn=22306

And recompile OpenSSL with -DOPENSSL_NO_TLS1_2_CLIENT (e.g. supplied as
a command line option to config or Configure). I'm working on something
better.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
Subject: Re: [openssl.org #2771] [BUG] Openssl 1.0.1 times out when connecting to Outlook Exchange 2007
Date: Thu, 19 Apr 2012 15:49:49 -0700
To: rt@openssl.org
From: Derek Poon <derekp+openssl@ece.ubc.ca>
Download (untitled) / with headers
text/plain 1.2k
We run a site that uses the F5 Networks BIG-IP load balancer, and OpenSSL 1.0.1 triggers this bug on the load balancer. When it occurs, the load balancer neither forwards the request to a pool member, nor does it respond to the OpenSSL client. There are warning messages in the load balancer's /var/log/ltm file:

warning tmm[5313]: 012f0002:4: WARN at ../modules/hudproxy/bigproto/pva/pva_frames.c:1234:Received illegal header padding 100 versus 2ff

Working with F5 Networks tech support, we have determined that this is a known issue, which they track as Bug 376483. It is fixed in the recently released BIG-IP LTM 10.2.4 software, though it is not mentioned in their release notes, and I confirm that TLS 1.2 connections no longer hang after upgrading to 10.2.4.

Derek Poon
University of British Columbia


Begin forwarded message:

Show quoted text
> From: F5 Support - Emailclerk <C.Emailclerk@F5.com>
> Date: April 18, 2012 4:14:42 PM PDT
>
> Derek -
>
> Thanks for the data. After some pretty extensive research, it appears that while SOL 13037 was resolved as part of your update, you encounted a second known issue where the SSL connection hangs after OpenSSL v.1.0.1's Client Hello because it offered 80 ciphers.
>
> [...] This has been listed as Bug 376483, and is reported as having been fixed as of Version 10.2.4.
Subject: openssl hang
Date: Mon, 18 Mar 2013 17:40:29 +0100
To: rt@openssl.org
From: Halassy Zoltán <zhalassy@loginet.hu>
Hello!

I'm using OpenSSL 1.0.1c on a 64bit Gentoo Linux, and there is a server
which hangs after sending the first packet. The server does not support
TLS 1.1 or 1.2, only 1.0. Opera with TLS 1.2 enabled, and Internet
Explorer with TLS 1.2 enabled does not hang.

Test code:

$ echo -en 'GET /scripts/zanox.js HTTP/1.0\r\nHost:
static.zanox.com\r\n\r\n' | openssl s_client -debug -tlsextdebug -tls1_2
-connect static.zanox.com:https -ign_eof

CONNECTED(00000003)
write to 0x41192a07730 [0x41192a11263] (322 bytes => 322 (0x142))
0000 - 16 03 01 01 3d 01 00 01-39 03 03 51 47 41 4b e7 ....=...9..QGAK.
0010 - 3c 72 9c 22 37 9a 34 5b-be 06 71 35 6d ee b5 68 <r."7.4[..q5m..h
0020 - 7c 3a 47 25 dd 49 82 25-2e a6 17 00 00 a0 c0 30 |:G%.I.%.......0
0030 - c0 2c c0 28 c0 24 c0 14-c0 0a c0 22 c0 21 00 a3 .,.(.$.....".!..
0040 - 00 9f 00 6b 00 6a 00 39-00 38 00 88 00 87 c0 32 ...k.j.9.8.....2
0050 - c0 2e c0 2a c0 26 c0 0f-c0 05 00 9d 00 3d 00 35 ...*.&.......=.5
0060 - 00 84 c0 12 c0 08 c0 1c-c0 1b 00 16 00 13 c0 0d ................
0070 - c0 03 00 0a c0 2f c0 2b-c0 27 c0 23 c0 13 c0 09 ...../.+.'.#....
0080 - c0 1f c0 1e 00 a2 00 9e-00 67 00 40 00 33 00 32 .........g.@.3.2
0090 - 00 9a 00 99 00 45 00 44-c0 31 c0 2d c0 29 c0 25 .....E.D.1.-.).%
00a0 - c0 0e c0 04 00 9c 00 3c-00 2f 00 96 00 41 00 07 .......<./...A..
00b0 - c0 11 c0 07 c0 0c c0 02-00 05 00 04 00 15 00 12 ................
00c0 - 00 09 00 14 00 11 00 08-00 06 00 03 00 ff 02 01 ................
00d0 - 00 00 6f 00 0b 00 04 03-00 01 02 00 0a 00 34 00 ..o...........4.
00e0 - 32 00 0e 00 0d 00 19 00-0b 00 0c 00 18 00 09 00 2...............
00f0 - 0a 00 16 00 17 00 08 00-06 00 07 00 14 00 15 00 ................
0100 - 04 00 05 00 12 00 13 00-01 00 02 00 03 00 0f 00 ................
0110 - 10 00 11 00 23 00 00 00-0d 00 22 00 20 06 01 06 ....#.....". ...
0120 - 02 06 03 05 01 05 02 05-03 04 01 04 02 04 03 03 ................
0130 - 01 03 02 03 03 02 01 02-02 02 03 01 01 00 0f 00 ................
0140 - 01 01 ..

<connection hangs at this point>
Download smime.p7s
application/pkcs7-signature 4.3k

Message body not shown because it is not plain text.

On Mon Mar 18 20:37:23 2013, zhalassy@loginet.hu wrote:
Show quoted text
> Hello!
>
> I'm using OpenSSL 1.0.1c on a 64bit Gentoo Linux, and there is a server
> which hangs after sending the first packet. The server does not support
> TLS 1.1 or 1.2, only 1.0. Opera with TLS 1.2 enabled, and Internet
> Explorer with TLS 1.2 enabled does not hang.
>

This is a known bug in some servers, see PR#2771.

Steve.
-- 
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
Subject: Re: [openssl.org #2771] [BUG] Openssl 1.0.1 times out when connecting to Outlook Exchange 2007
Date: Fri, 22 Mar 2013 00:59:42 +0000
To: "rt@openssl.org" <rt@openssl.org>
From: Amy Wilhelm <A.Wilhelm@f5.com>
Download (untitled) / with headers
text/plain 206b
Per F5 Product Development, the log message quoted in the previous note is not related to ID 376483. It is a cosmetic issue which may be safely ignored.

Amy Wilhelm
Enterprise Network Engineer
F5 Networks
On Thu Mar 29 21:17:31 2012, steve wrote:
Show quoted text
> A temporary workaround for this is to apply these two patches to OpenSSL
> 1.0.1:
>
> http://cvs.openssl.org/chngview?cn=22286
> http://cvs.openssl.org/chngview?cn=22306
>
> And recompile OpenSSL with -DOPENSSL_NO_TLS1_2_CLIENT (e.g. supplied as
> a command line option to config or Configure). I'm working on something
> better.
>

A new experimental workaround has been added to the master branch. See:

http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=0467ea686244

This is less disruptive as it doesn't disable TLS 1.2 or chop the cipher list.

Steve.
-- 
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
On Wed Nov 06 22:15:45 2013, steve wrote:
Show quoted text
> On Thu Mar 29 21:17:31 2012, steve wrote:
> > A temporary workaround for this is to apply these two patches to OpenSSL

Closing issue as resolved. Multiple work arounds are in the tree.
SteveH commited across all relevant branches.

https://github.com/openssl/openssl/commit/89bd25eb26bbc2ebceb4cd892e7453337804820c
https://github.com/openssl/openssl/commit/4a1cf50187659e60c5867ecbbc36e37b2605d2c3

Tim.