Skip Menu |
 
Ticket metadata
The Basics
Id: 2240
Status: resolved
Priority: 0/
Queue: OpenSSL-Bugs

Custom Fields
Milestone: (no value)
Subsystem: (no value)
Severity: (no value)
Broken in: (no value)

People
Owner: Stephen Henson
Requestors: Jack Lloyd
Cc:
AdminCc:

New reminder:
Subject:
Owner:
Due:

Dates
Created: Tue Apr 20 09:30:41 2010
Starts: Not set
Started: Not set
Last Contact: Thu Nov 25 13:33:06 2010
Due: Not set
Closed: Fri Feb 18 13:30:07 2011
Updated: Fri Feb 18 13:30:08 2011 by Stephen Henson



Subject: Missing Supported Point Formats Extension in ServerHello should be ignored
Date: Mon, 19 Apr 2010 20:22:22 -0400
To: rt@openssl.org
From: Jack Lloyd <lloyd@randombit.net>

RFC 4492 says:

A client that receives a ServerHello message containing a Supported
Point Formats Extension MUST respect the server's choice of point
formats during the handshake (cf. Sections 5.6 and 5.7). If no
Supported Point Formats Extension is received with the ServerHello,
this is equivalent to an extension allowing only the uncompressed
point format.

OpenSSL 1.0.0 rejects such a negotiation, always requiring the
extension to exist in the ServerHello:

CONNECTED(00000003)
Show quoted text
>>> TLS 1.0 Handshake [length 00cd], ClientHello
01 00 00 c9 03 01 4b cc f2 87 fc 1d 05 2d 0c 1f
4a 74 8b 8c 6f 20 c3 56 fb 35 4a 73 b0 9c e0 c1
6f 34 1b 10 f9 9f 00 00 5c c0 14 c0 0a 00 39 00
38 00 88 00 87 c0 0f c0 05 00 35 00 84 c0 12 c0
08 00 16 00 13 c0 0d c0 03 00 0a c0 13 c0 09 00
33 00 32 00 9a 00 99 00 45 00 44 c0 0e c0 04 00
2f 00 96 00 41 00 07 c0 11 c0 07 c0 0c c0 02 00
05 00 04 00 15 00 12 00 09 00 14 00 11 00 08 00
06 00 03 00 ff 01 00 00 44 00 0b 00 04 03 00 01
02 00 0a 00 34 00 32 00 01 00 02 00 03 00 04 00
05 00 06 00 07 00 08 00 09 00 0a 00 0b 00 0c 00
0d 00 0e 00 0f 00 10 00 11 00 12 00 13 00 14 00
15 00 16 00 17 00 18 00 19 00 23 00 00
<<< TLS 1.0 Handshake [length 002a], ServerHello
02 00 00 26 03 01 20 3f 72 c5 29 9f 22 b1 a6 af
4b 81 31 eb 4c 85 bf bb 3a a5 8b b8 21 86 16 c5
7c 84 5c 73 4a 4a 00 c0 08 00
139742562498200:error:1411809D:SSL routines:SSL_CHECK_SERVERHELLO_TLSEXT:tls invalid ecpointformat list:t1_lib.c:1440:
139742562498200:error:14092113:SSL routines:SSL3_GET_SERVER_HELLO:serverhello tlsext:s3_clnt.c:942:

OpenSSL 1.0.0 29 Mar 2010
built on: Mon Apr 19 19:52:35 EDT 2010
platform: linux-x86_64
options: bn(64,64) rc4(1x,char) des(idx,cisc,16,int) idea(int) blowfish(idx)
compiler: gcc -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DWHIRLPOOL_ASM
OPENSSLDIR: "/usr/local/ssl"
Subject: Re: [openssl.org #2240] Missing Supported Point Formats Extension in ServerHello should be ignored
Date: Sun, 25 Apr 2010 07:04:58 +0200 (CEST)
To: openssl-dev@openssl.org, rt@openssl.org
From: "Mounir IDRASSI" <mounir.idrassi@idrix.net>
Hi,

I'm attaching a simple patch that should correct this behavior.
Can you test it and tell us the results?
Thanks,

--
Mounir IDRASSI
IDRIX
http://www.idrix.fr


Show quoted text
> Dear openssl support,
>
> I investigated the following web servers.
> But all of them failed with the same error.
>
> 1) apache-tomcat-6.0.26 + bcprov-ext-jdk16-145 + jdk1.6.0_17 (centos 5)
> 2) jboss-4.2.3.GA + bcprov-jdk15 + jdk1.6.0_17 (centos 5)
> 3) IIS 7 (windows 7)
>
> On the other hand, many browsers except for opera successfully connect to
> the servers.
> Something wrong?
>
> Regards,
> Koichi Sugimoto.
>
> 2010/4/20 Jack Lloyd via RT <rt@openssl.org>
>
>>
>> RFC 4492 says:
>>
>> A client that receives a ServerHello message containing a Supported
>> Point Formats Extension MUST respect the server's choice of point
>> formats during the handshake (cf. Sections 5.6 and 5.7). If no
>> Supported Point Formats Extension is received with the ServerHello,
>> this is equivalent to an extension allowing only the uncompressed
>> point format.
>>
>> OpenSSL 1.0.0 rejects such a negotiation, always requiring the
>> extension to exist in the ServerHello:
>>
>> CONNECTED(00000003)
>> >>> TLS 1.0 Handshake [length 00cd], ClientHello
>> 01 00 00 c9 03 01 4b cc f2 87 fc 1d 05 2d 0c 1f
>> 4a 74 8b 8c 6f 20 c3 56 fb 35 4a 73 b0 9c e0 c1
>> 6f 34 1b 10 f9 9f 00 00 5c c0 14 c0 0a 00 39 00
>> 38 00 88 00 87 c0 0f c0 05 00 35 00 84 c0 12 c0
>> 08 00 16 00 13 c0 0d c0 03 00 0a c0 13 c0 09 00
>> 33 00 32 00 9a 00 99 00 45 00 44 c0 0e c0 04 00
>> 2f 00 96 00 41 00 07 c0 11 c0 07 c0 0c c0 02 00
>> 05 00 04 00 15 00 12 00 09 00 14 00 11 00 08 00
>> 06 00 03 00 ff 01 00 00 44 00 0b 00 04 03 00 01
>> 02 00 0a 00 34 00 32 00 01 00 02 00 03 00 04 00
>> 05 00 06 00 07 00 08 00 09 00 0a 00 0b 00 0c 00
>> 0d 00 0e 00 0f 00 10 00 11 00 12 00 13 00 14 00
>> 15 00 16 00 17 00 18 00 19 00 23 00 00
>> <<< TLS 1.0 Handshake [length 002a], ServerHello
>> 02 00 00 26 03 01 20 3f 72 c5 29 9f 22 b1 a6 af
>> 4b 81 31 eb 4c 85 bf bb 3a a5 8b b8 21 86 16 c5
>> 7c 84 5c 73 4a 4a 00 c0 08 00
>> 139742562498200:error:1411809D:SSL
>> routines:SSL_CHECK_SERVERHELLO_TLSEXT:tls invalid ecpointformat
>> list:t1_lib.c:1440:
>> 139742562498200:error:14092113:SSL
>> routines:SSL3_GET_SERVER_HELLO:serverhello tlsext:s3_clnt.c:942:
>>
>> OpenSSL 1.0.0 29 Mar 2010
>> built on: Mon Apr 19 19:52:35 EDT 2010
>> platform: linux-x86_64
>> options: bn(64,64) rc4(1x,char) des(idx,cisc,16,int) idea(int)
>> blowfish(idx)
>> compiler: gcc -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H
>> -m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int -DOPENSSL_IA32_SSE2
>> -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM
>> -DAES_ASM -DWHIRLPOOL_ASM
>> OPENSSLDIR: "/usr/local/ssl"
>>
>> ______________________________________________________________________
>> OpenSSL Project http://www.openssl.org
>> Development Mailing List openssl-dev@openssl.org
>> Automated List Manager majordomo@openssl.org
>>
>
Download t1_lib.c.diff
application/octet-stream 1.3k

Message body not shown because it is not plain text.

Subject: Re: [openssl.org #2240] Missing Supported Point Formats Extension in ServerHello should be ignored
Date: Thu, 30 Sep 2010 15:55:11 -0700
To: Mounir IDRASSI <mounir.idrassi@idrix.net>, rt@openssl.org, openssl-dev@openssl.org
From: Steven Noonan <steven@uplinklabs.net>
Download (untitled) / with headers
text/plain 355b
Hi Mounir,

The patch you attached to PR 2240 works perfectly here. Was having
difficulty connecting to an OpenFire Jabber server via Gajim, Psi, and
Kopete, but now I'm not.

Another fix I discovered for the Psi/Kopete issue was to use
SSLv3_server_method() instead of SSLv23_server_method() in qca-ossl.
Any idea why this makes a difference?

- Steven
CC: steven@uplinklabs.net
Subject: Re: [openssl.org #2240] Missing Supported Point Formats Extension in ServerHello should be ignored
Date: Sat, 02 Oct 2010 02:40:01 +0200
To: rt@openssl.org
From: Mounir IDRASSI <mounir.idrassi@idrix.net>
Download (untitled) / with headers
text/plain 1.1k
Hi Steven,

Can you please check the protocol and the cipher used for each case
(SSLv3_server_method vs SSLv23_server_method) using the same client?
The only explanation for the difference you are seeing is that when you
use SSLv3_server_method, TLS extension ECPointFormats is sent with
ServerHello message whereas it is not sent when SSLv23_server_method is
used.

--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

On 10/1/2010 12:59 AM, Steven Noonan via RT wrote:
Show quoted text
> Hi Mounir,
>
> The patch you attached to PR 2240 works perfectly here. Was having
> difficulty connecting to an OpenFire Jabber server via Gajim, Psi, and
> Kopete, but now I'm not.
>
> Another fix I discovered for the Psi/Kopete issue was to use
> SSLv3_server_method() instead of SSLv23_server_method() in qca-ossl.
> Any idea why this makes a difference?
>
> - Steven
>
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> Development Mailing List openssl-dev@openssl.org
> Automated List Manager majordomo@openssl.org
Download (untitled) / with headers
text/plain 690b
Show quoted text
> [steven@uplinklabs.net - Fri Oct 01 00:59:01 2010]:
>
>
> The patch you attached to PR 2240 works perfectly here. Was having
> difficulty connecting to an OpenFire Jabber server via Gajim, Psi, and
> Kopete, but now I'm not.
>

I've now committed an equivalent patch which should resolve this issue.

Show quoted text
> Another fix I discovered for the Psi/Kopete issue was to use
> SSLv3_server_method() instead of SSLv23_server_method() in qca-ossl.
> Any idea why this makes a difference?
>

That would work because the point format extension is not sent for SSLv3.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org