I loaded a RapidSSL/GeoTrust certificate into my AppEngine application. The website loads into the browser with SSL perfectly.
However, when I verify the certificate from the command-line (Ubuntu 13.04), it fails. It's a general SSL failure, so all of my Python requests fail, too ("urllib3" fails, which incites "requests" to fail):
$ openssl s_client -connect www.XYZ.com:443
CONNECTED(00000003)
3073689800:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 225 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
I use the certificate for one of its ASs on another server running NGINX, and there are no problems verifying that, at all:
$ openssl s_client -connect XYZ.com:443
CONNECTED(00000003)
depth=1 C = US, O = "GeoTrust, Inc.", CN = RapidSSL CA
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/serialNumber=gQpQo/GwZhs9/JqYi8P8DsQNFmVC5VQB/OU=GT09052054/OU=See www.rapidssl.com/resources/cps (c)13/OU=Domain Control Validated - RapidSSL(R)/CN=www.XYZ.com
i:/C=US/O=GeoTrust, Inc./CN=RapidSSL CA
1 s:/C=US/O=GeoTrust, Inc./CN=RapidSSL CA
i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFRjCCBC6gAwIBAgIDDOW3MA0GCSqGSIb3DQEBBQUAMDwxCzAJBgNVBAYTAlVT
<truncated>
S6YumLnJrUVoCA==
-----END CERTIFICATE-----
subject=/serialNumber=gQpQo/GwZhs9/JqYi8P8DsQNFmVC5VQB/OU=GT09052054/OU=See www.rapidssl.com/resources/cps (c)13/OU=Domain Control Validated - RapidSSL(R)/CN=www.XYZ.com
issuer=/C=US/O=GeoTrust, Inc./CN=RapidSSL CA
---
No client certificate CA names sent
---
SSL handshake has read 3023 bytes and written 375 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.1
Cipher : ECDHE-RSA-AES256-SHA
Session-ID: A69E838824AF4F74228A82105A74D708A63CB5FDE042A04072A937A9A25DC1C7
Session-ID-ctx:
Master-Key: 35EACC6FCFA5F901AA355C0379289EE33FEB77334A95EC45A4A9D7CD22E4C944C76F998C2D9AAAF635FD88D02CDB7B08
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 5f 78 c7 0c da f1 7b ee-52 7a 4d 36 c0 28 b0 d7 _x....{.RzM6.(..
<truncated>
0090 - 5e fc 2c 37 d4 6f 20 0b-a6 aa 62 f4 df 90 1e 18 ^.,7.o ...b.....
Start Time: 1374291906
Timeout : 300 (sec)
Verify return code: 20 (unable to get local issuer certificate)
---
The site isn't complete yet, so I can't share the domain.
I'd appreciate any insights.
Dustin
Are you using SNI or VIP? If you're using SNI, you'll need to use -servername with openssl.
Related
Good day,
I have a WAS liberty server in Linux Redhat, and I enable the only TLSv1.2.
I type the following command to get the server info:
openssl s_client -connect 10.7.5.65:9443 -msg
Part of the result is as follow:
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: DH, 1024 bits
---
SSL handshake has read 1710 bytes and written 479 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
I saw the Server Temp Key value is DH, 1024 bits, but also saw the Server public key is 2048 bit, may I know my Diffie-Hellman MODP size (bits) is actually 1024 or 2048?
And also the part of the ServerKeyExchange
<<< TLS 1.2 Handshake [length 020f], ServerKeyExchange
0c 00 02 0b 00 80 ff ff ff ff ff ff ff ff c9 0f
00 80 convert to decimal is 128, so its means my Diffie-Hellman MODP size (bits) is 1024 bits?
And if its 1024 bits, how can I increase it to 2048 bits?
I am using Java 8 OpenJDK in this server.
Kindly advise.
In this case, it looks like it is 1024 bit for your dhparams. You can generate a new dhparams with openssl:
openssl dhparam -out dhparam.pem 2048
Then configure your server that is using the dhparams to use the new file, and restart. We did this a long time ago with nginx and apache. There is generally a dhparam file that is used for the system centrally located in /etc for RHEL/CentOS. Replacing that should be sufficient, but if you are using a non-centrally located file, you'll need to modify your configuration accordingly.
I have created Azure VM and installed my application on it.
Created JKS file and configured SSL in my application.
I have restricted my Azure VM to access from particular source IP.
When I try to access from that source IP, I am not able to access my application from browser. It says "Site not found" error.
openssl s_client -connect 10.6.0.10:443
CONNECTED(00000003)
139868717622936:error:140790E5:SSL routines:ssl23_write:ssl handshake failure:s23_lib.c:177:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 305 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1510229915
Timeout : 300 (sec)
Verify return code: 0 (ok)
I'm running NodeJS with socket.io, all under SSL. I've recently moved servers and what used to work fine now stops working after a couple of minutes - Chrome says the connection is reset, and curl says there are SSL problems.
I've tried with and without express - neither with any success after a couple of minutes.
So - my minimal code is:
var fs = require('fs');
var https = require('https');
const options = {
key: fs.readFileSync('XXX.key'),
cert: fs.readFileSync('XXX.crt'),
ca: fs.readFileSync('XXX.ca')
};
var app = https.createServer(options, function(req, res) {
res.writeHead(200);
res.end('(not imporant)\n');
}).listen(3000);
var io = require('socket.io')(app);
If I comment out the last line, the server always accepts new connections (albeit without socket.io) and everything works. If I leave that last line in, it works for a minute, various SSL checking tools are all ok, including:
openssl s_client -connect REDACTED.com:3000
CONNECTED(00000003)
depth=3 /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
Certificate chain
0 s:/OU=Domain Control Validated/OU=Hosted by XILO Communications Ltd./OU=PositiveSSL Wildcard/CN=*.REDACTED.com
i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
1 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
2 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
3 s:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
---
Server certificate
-----BEGIN CERTIFICATE-----
REDACTED
-----END CERTIFICATE-----
subject=/OU=Domain Control Validated/OU=Hosted by XILO Communications Ltd./OU=PositiveSSL Wildcard/CN=*.REDACTED.com
issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
---
No client certificate CA names sent
---
SSL handshake has read 5650 bytes and written 456 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : AES256-SHA
Session-ID: 704A23D4B00B3A445A8C9097427FF26B724458F24B105C847B76E576FCA9C803
Session-ID-ctx:
Master-Key: 04FB6B5B06954516A073C65A456010C819B157A20F5F308EDCC88C8B0FDCD9A990D3A23AC117714363A92EB56BC98272
Key-Arg : None
Start Time: 1474318665
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
But shortly after (and probably a few hundred client connections from people using the site), the same command gives (from a Mac):
CONNECTED(00000003)
65931:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-59.60.1/src/ssl/s23_lib.c:185:
And from linux/vagrant:
CONNECTED(00000003)
140236360926880:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 295 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
curl https://REDACTED:3000 gives:
curl: (35) Unknown SSL protocol error in connection to REDACTED:3000
Does anyone have any ideas how to overcome this? The code works fine on our development machines, but as soon as it goes onto the live servers, it breaks pretty quickly.
Is it anything to do with the fact I'm using a wildcard certificate?
Thanks in advance.
Ed
I have read endless posts on certification error that basically say either turn off validation or fix you certificate. In our project however we really what to use the certificate, but we can't get it to work. The SA and 2 programmers have been try everything we can think of and nothing is working. So clearly we don't know what we are doing.
First, This is the error we get on a simple connection and get perl program. WEBHOSTNAME replace real web hostname.
perl -MIO::Socket::SSL=debug30 testerTut2.pl
DEBUG: .../IO/Socket/SSL.pm:1784: new ctx 46260896
DEBUG: .../IO/Socket/SSL.pm:446: socket not yet connected
DEBUG: .../IO/Socket/SSL.pm:448: socket connected
DEBUG: .../IO/Socket/SSL.pm:466: ssl handshake not started
DEBUG: .../IO/Socket/SSL.pm:501: using SNI with hostname WEBHOSTNAME
DEBUG: .../IO/Socket/SSL.pm:524: set socket to non-blocking to enforce timeout=10
DEBUG: .../IO/Socket/SSL.pm:537: Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:547: ssl handshake in progress
DEBUG: .../IO/Socket/SSL.pm:557: waiting for fd to become ready: SSL wants a read first
DEBUG: .../IO/Socket/SSL.pm:577: socket ready, retrying connect
DEBUG: .../IO/Socket/SSL.pm:1772: ok=0 cert=46303216
DEBUG: .../IO/Socket/SSL.pm:537: Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:1408: SSL connect attempt failed with unknown error
DEBUG: .../IO/Socket/SSL.pm:543: fatal SSL error: SSL connect attempt failed with unknown error error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
DEBUG: .../IO/Socket/SSL.pm:1821: free ctx 46260896 open=46260896
DEBUG: .../IO/Socket/SSL.pm:1826: free ctx 46260896 callback
DEBUG: .../IO/Socket/SSL.pm:1829: OK free ctx 46260896
500 Can't connect to WEBHOSTNAME:443 at testerTut2.pl line 34.
This is the perl program:
#!/bin/perl
require LWP::UserAgent;
use LWP::Protocol::https;
#note USERNAME is where the real account name goes
my $ua = LWP::UserAgent->new( ssl_opts => { verify_hostname => 1, SSL_ca_file => '/home/USERNAME/ca-bundle.crt'});
$ua->timeout(10);
$ua->env_proxy;
#note hostname is where the real web host name goes
my $response = $ua->get('https://hostname/tut/ops/data/newtut.dat');
if ($response->is_success)
{
print $response->content;
print $response->decoded_content; # or whatever
}
else
{
die $response->status_line;
}
The SA has made a signed certificate on the web server. Again webhostname would be replaced with real web hostname.
openssl s_client -connect lomweb01:443 -showcerts
WARNING: can't open config file: /usr/local/ssl/openssl.cnf
CONNECTED(00000003)
depth=0 C = US, ST = MD, L = Greenbelt, O = NASA, OU = MMS, CN = webhostname.edtfmmslinux.ecs.nasa.gov
verify error:num=18:self signed certificate
verify return:1
depth=0 C = US, ST = MD, L = Greenbelt, O = NASA, OU = MMS, CN = webhostname.edtfmmslinux.ecs.nasa.gov
verify return:1
---
Certificate chain
0 s:/C=US/ST=MD/L=Greenbelt/O=NASA/OU=MMS/CN=webhostname .edtfmmslinux.ecs.nasa.gov
i:/C=US/ST=MD/L=Greenbelt/O=NASA/OU=MMS/CN=webhostname .edtfmmslinux.ecs.nasa.gov
-----BEGIN CERTIFICATE-----
MIIDbDCCAlQC etc etc k7Pr1nRQG
3/NKQVqaSITGHGZBtlKjpw==
-----END CERTIFICATE-----
---
Server certificate
subject=/C=US/ST=MD/L=Greenbelt/O=NASA/OU=MMS/CN=webhostname .edtfmmslinux.ecs.nasa.gov
issuer=/C=US/ST=MD/L=Greenbelt/O=NASA/OU=MMS/CN=webhostname .edtfmmslinux.ecs.nasa.gov
---
No client certificate CA names sent
---
SSL handshake has read 1639 bytes and written 711 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 921941EFFB19FA3158C751D155C012D5A418425BFAE94FEA1D99231A3CEF5D3C
Session-ID-ctx:
Master-Key: 13BFF7BE2B8ED18056BA54415026FC1ED133F47BADE2683A5EB3A2FED15F34ABD3F837985A498404A948B7F5B1F4774B
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - d6 99 6e 28 8c 86 5e 9b-e2 e8 etc. etc.
00b0 - 20 96 ea 05 9
Start Time: 1466432096
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
On the client box I created a local ca-bundle.crt file in the USERNAME home directory. I "cp /etc/pki/tls/certs/WEBSERVER.crt ~/ca-bundle.crt" and had the perl script set the SSL_ca_file value to its path.
The Apache configuration file was update to use the /etc/pki/tls/cert/WEBSERVER.crt file and restarted.
And it still doesn't work. We have tried different web host name patterns but there is no change. We have no idea why the certificate is not working, but we think we are following the instructions correctly. Firefox is happy after we accept the certificate but perl is not. So what are we doing wrong?
After stracing the perl script it turned out to be sybase. The sybase client comes with an incompatible version of openssl. Net::SSLeay is an interface to openssl. IO::Socket::SSL uses Net::SSLLeay, LWP::UserAgent uses IO::Socket::SSL. When the perl script is run, the PATH has sybase directories in the front. sybase has its own CA files that are not compatible/out of date with the CA RHEL 7 and it reads the sybase CAs first messing everything up by the time it gets to ca.pem. To fix the problem we changed the perl script to strip out the sybase directories from PATH and then the SSL_ca_file option then works fine.
my $ua = LWP::UserAgent->new( ssl_opts => { verify_hostname => 1, SSL_ca_file => '/home/<server account>/certs/ca.pem'});
This is the second sybase side effect we have had since going to RHEL 7. The other one was sybase in increasing file descriptors limits to 4096 vs. the standard 1024 causing a boundary overflow in an array that was hard coded to 1024.
I am failing a server security scan on Windows 2008 R2, with
TLS Protocol Session Renegotiation Security Vulnerability TLS SSL Man In The Middle CVE-2009-3555
The scan results recommend an upgrade to openssl 0.9.8l or higher.
I am using the latest version of tcnative-1.dll (1.1.29 13/02/14) which, as I understand it is built using the native libraries and openssl libraries.
Is the only way I can resolve this is to build tcnative myself with the latest version of openssl?
Looking at the http://tomcat.apache.org/native-doc/ build section I need MS Visual Studio (which I don't have and have never used).
Has anybody else build it? If so I cannot find it.
This result is a false positive. I've performed various tests with various versions of Tomcat using the 1.1.29 APR/native connector and in none of those test did insecure renegotiation occur.
Note that Tomcat - depending on version, connector and configuration may support secure renegotiation.
The most definitive test was with OpenSSL 0.9.8.k (i.e. a version of OpenSSL that is vulnerable to CVE2009-3555 and will attempt an insecure renegotiation). When I try this, the connection blocks and eventually times out.
You need to find a better security scanner.
For completeness, the output of the test was:
$ ./openssl s_client -connect 192.168.23.9:8443
CONNECTED(00000003)
depth=1 /C=US/CN=ca-test.tomcat.apache.org
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
Certificate chain
0 s:/C=US/CN=localhost
i:/C=US/CN=ca-test.tomcat.apache.org
1 s:/C=US/CN=ca-test.tomcat.apache.org
i:/C=US/CN=ca-test.tomcat.apache.org
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDSTCCAjGgAwIBAgICEAMwDQYJKoZIhvcNAQEFBQAwMTELMAkGA1UEBhMCVVMx
IjAgBgNVBAMTGWNhLXRlc3QudG9tY2F0LmFwYWNoZS5vcmcwHhcNMTMwMjI4MDUy
ODQyWhcNMTUwMjI4MDUyODQyWjAhMQswCQYDVQQGEwJVUzESMBAGA1UEAxMJbG9j
YWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5295PxiHkd0n
mDQkeVhH+cJpK9hbwOC7SlfWALW7arBmhFy48BIKJycynIIqLw9pd6bpDd9kMVHA
QR7c1HRRnKO4URNYc+4hnPljghvCLEnDCXD/qfOvogwLYC9q26UBRT40kI5naetF
8zQphds5ipnCD3IVIf1UNaZ7pzDLHk09MiTGS4RPX2D/ZF5oytj63ph9QARgt65Q
7MiMrt2UgUEYWwNjDysCYwqVau1+aOa21VbpTmDqHZVYM76iElXLf5zElwvbwJQJ
KrOf4Wt4DWMaQdVr29hIWQSI0RHV50UoDnwbeHUgff9/4dbq5MVRd0FCMEv/KTM9
iViUaVtwJwIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVu
U1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUMNurcJQ0yv11RqvO
4kqpnnS8abswHwYDVR0jBBgwFoAUsDu8yfooXz4EH5tsx4to2AGw+D0wDQYJKoZI
hvcNAQEFBQADggEBAKvT5ys1022fhypkWPFhy1aohCJ5rA1oH1UN3RYWcsSpdSoO
+LFzaMnuQ9hc+gddP0H7FBe+ZCHYHiVnkrLFu0MdlrbTvRzhpMfu4zcLkhRWyq2o
dluAyUKMifFCboz7odeY1W1Jmf629sbzzI8GVG4C9Y9L8YasFJNsdCUmRHpbgjxX
1uUUbrcpU+RAei8QXf8of+XlVGw4+rknlyppYLpKWihlsYHgt6F01uYHgW24WcNF
vXyoF2cf/FIabJCHTaGYUYwpaoTZDSSohmpearf5J5tSN5a1/ZQRysTZbWmB+pY0
Yzp8SS0GSK6xFFkSKY5ZPQOZQpDmgt8Iz9d37AA=
-----END CERTIFICATE-----
subject=/C=US/CN=localhost
issuer=/C=US/CN=ca-test.tomcat.apache.org
---
No client certificate CA names sent
---
SSL handshake has read 2433 bytes and written 322 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: E98ED9D885D761C7B23AF93DC15C53D0680AF2D8345A37699549E48C9D4E18AE
Session-ID-ctx:
Master-Key: FA2C87FB24C68186D1CC63FEEF459B7DE4BA0F304D60F2293AB3C1C23DF03566F51DDB61A9576A1FE9C021CB3438B4C7
Key-Arg : None
Start Time: 1395309769
Timeout : 300 (sec)
Verify return code: 19 (self signed certificate in certificate chain)
---
GET / HTTP/1.0
R
RENEGOTIATING
7087:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:530: