[Bug 1636124] Re: openssl lacks support for TLSv1 and TLSv1.1

Jan Henke 1636124 at bugs.launchpad.net
Mon Oct 24 16:12:04 UTC 2016 

Your comment above omits the interesting parts, since the core problem
is that for TLSv1 and TLSv1.1 the server and client cannot negotiate any
ciphers, thus while connected, the TLS handshake actually fails.

openssl s_client -connect www.taujhe.de:443 -tls1                                                                                                
CONNECTED(00000003)
140332462585552:error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version:s3_pkt.c:1487:SSL alert number 70
140332462585552:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure:s3_pkt.c:656:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1
    Cipher    : 0000
    Session-ID: 
    Session-ID-ctx: 
    Master-Key: 
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1477324805
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
---

openssl s_client -connect www.taujhe.de:443 -tls1_1
CONNECTED(00000003)
140505464448720:error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version:s3_pkt.c:1487:SSL alert number 70
140505464448720:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure:s3_pkt.c:656:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.1
    Cipher    : 0000
    Session-ID: 
    Session-ID-ctx: 
    Master-Key: 
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1477324781
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
---

A working example with TLSv1.2:
openssl s_client -connect www.taujhe.de:443 -tls1_2                                                                                              
CONNECTED(00000003)
depth=2 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Certification Authority
verify return:1
depth=1 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Domain Validation Secure Server CA
verify return:1
depth=0 OU = Domain Control Validated, OU = PositiveSSL, CN = www.taujhe.de
verify return:1
---
Certificate chain
 0 s:/OU=Domain Control Validated/OU=PositiveSSL/CN=www.taujhe.de
   i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
 1 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
   i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
 2 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
   i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
<removed>
-----END CERTIFICATE-----
subject=/OU=Domain Control Validated/OU=PositiveSSL/CN=www.taujhe.de
issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 5096 bytes and written 434 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: <removed>
    Session-ID-ctx: 
    Master-Key: <removed>
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - 35 71 e2 eb 80 2a 22 97-1b ea 75 54 b1 af ab 06   5q...*"...uT....
    0010 - 7b bc ac 7b ac 12 6a 74-28 56 36 49 6c 92 24 73   {..{..jt(V6Il.$s
    0020 - bb 66 1d 4e 50 58 a7 eb-98 5f e5 59 e7 78 32 72   .f.NPX..._.Y.x2r
    0030 - 40 ff 30 13 33 ef e9 88-ad 1b 83 1a 1c 66 28 b7   @.0.3........f(.
    0040 - ca ed 1a 3f 8f d0 15 65-3e 7d de 86 c1 c2 af 11   ...?...e>}......
    0050 - ef fd aa 7d 5f 0e 53 ad-2e 5f 1c 1a 51 27 ca 67   ...}_.S.._..Q'.g
    0060 - e1 b7 28 a5 4c 47 d8 f3-87 dc e7 f9 cb 9d ae f8   ..(.LG..........
    0070 - 5e 19 60 5f ec e2 ab a5-98 a9 7f 59 1f e9 24 8d   ^.`_.......Y..$.
    0080 - f5 08 26 37 63 05 3d 19-2a cc a5 96 94 c1 66 b4   ..&7c.=.*.....f.
    0090 - 41 5a 2c be 97 e1 9e dd-78 7d 08 ed 7f 82 4d 2f   AZ,.....x}....M/
    00a0 - b5 05 76 d6 41 eb 14 58-1c 9d 67 c9 c4 39 a5 fe   ..v.A..X..g..9..
    00b0 - 0b 72 8b f9 3b b8 83 f8-96 a3 11 c4 0e 03 16 ac   .r..;...........

    Start Time: 1477324808
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
---

Apache2 with mod_ssl is actually configured to support TLSv1+ with several cipher suites to fit that:
SSLProtocol             all -SSLv3
SSLCipherSuite          ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
SSLHonorCipherOrder     on
SSLCompression          off
SSLSessionTickets       off

So from my point of view clearly the problem is the lack of ciphers in
the Ubuntu build OpenSSL.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1636124

Title:
  openssl lacks support for TLSv1 and TLSv1.1

Status in openssl package in Ubuntu:
  New

Bug description:
  OpenSSL in xenial (16.04) apparently lacks ciphers for both TLSv1 and
  TLSv1.1. This is causing problems, as my wife's mobile phone with an
  older version of Android does not support TLSv1.2 and thus cannot
  connect to my server running on 16.04 (Apache with mod_ssl).

  Can you please rebuild OpenSSL with the secure ciphers from TLSv1 and
  TLSv1.1 enabled?

  For reference, this list should also include TLSv1 and TLSv1.1: 
  openssl ciphers -v | awk '{print $2}' | sort | uniq
  SSLv3
  TLSv1.2

  ProblemType: Bug
  DistroRelease: Ubuntu 16.04
  Package: openssl 1.0.2g-1ubuntu4.5
  ProcVersionSignature: Ubuntu 4.4.0-45.66-generic 4.4.21
  Uname: Linux 4.4.0-45-generic x86_64
  ApportVersion: 2.20.1-0ubuntu2.1
  Architecture: amd64
  Date: Mon Oct 24 10:27:58 2016
  InstallationDate: Installed on 2014-04-18 (919 days ago)
  InstallationMedia: Ubuntu-Server 14.04 LTS "Trusty Tahr" - Release amd64 (20140416.2)
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=<set>
   LANG=de_DE.UTF-8
   SHELL=/bin/bash
  SourcePackage: openssl
  UpgradeStatus: Upgraded to xenial on 2016-07-30 (86 days ago)
  modified.conffile..etc.ssl.openssl.cnf: [modified]
  mtime.conffile..etc.ssl.openssl.cnf: 2015-06-05T16:54:36.431443

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1636124/+subscriptions

More information about the foundations-bugs mailing list