[Bug 1917625] Re: OpenSSL TLS 1.1 handshake fails internal error

Fri Mar 12 13:55:44 UTC 2021

I feel that openssl upstream needs to add:

server_context.verify_consistent()

Because in the above example, even before trying to establish the
connection between the two context, the server context is already
internally inconsistent.

And upstream has changed the meaning of security levels in the past, and
will do so again in the future. Ditto distro customization which brought
the preview of such change earlier.

It does feel that until such API arrives upstream, one needs to do
something to the effect of:

1) if openssl version 3.x, and security level is greater than 0, assume no TLS1.1 is available
2) if openssl version 1.1.1+, and security level is greater than 1, assume no TLS1.1 is available
3) if ctx.get_min_proto_level returns TLS1.2 assume no TLS1.1 is available
4) else try setting min_proto_level and run tests
5) if min_proto_lvel is not available the build is against openssl 1.0.2x series, TLS1.1 is probably available.

Above logic should cover the next upstream openssl version; the current
deployments of ubuntu derivatives; the debian derivatives; and
fedora/rhel derivatives.

I think....

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1917625

Title:
  OpenSSL TLS 1.1 handshake fails internal error

Status in openssl package in Ubuntu:
  Confirmed
Status in openssl source package in Hirsute:
  Confirmed

Bug description:
  OpenSSL's SSL_do_handshake() method fails with
  TLSV1_ALERT_INTERNAL_ERROR when client side has TLS 1.0 to 1.2 enabled
  but server side has only TLS 1.0 and 1.1 enabled. The issue breaks
  Python's test suite for test_ssl. It looks like the problem is caused
  by an Ubuntu downstream patch. Vanilla OpenSSL, Debian, and Fedora are
  not affected.

  A simple reproducer is:

  import ssl
  import socket
  from test.test_ssl import testing_context, ThreadedEchoServer, HOST

  client_context, server_context, hostname = testing_context()
  # client 1.0 to 1.2, server 1.0 to 1.1
  client_context.minimum_version = ssl.TLSVersion.TLSv1
  client_context.maximum_version = ssl.TLSVersion.TLSv1_2
  server_context.minimum_version = ssl.TLSVersion.TLSv1
  server_context.maximum_version = ssl.TLSVersion.TLSv1_1

  with ThreadedEchoServer(context=server_context) as server:
      with client_context.wrap_socket(socket.socket(),
                                      server_hostname=hostname) as s:
          s.connect((HOST, server.port))
          assert s.version() == 'TLSv1.1'

  On Ubuntu 20.04 the code fails with:
  Traceback (most recent call last):
    File "/internalerror.py", line 15, in <module>
      s.connect((HOST, server.port))
    File "/usr/lib/python3.8/ssl.py", line 1342, in connect
      self._real_connect(addr, False)
    File "/usr/lib/python3.8/ssl.py", line 1333, in _real_connect
      self.do_handshake()
    File "/usr/lib/python3.8/ssl.py", line 1309, in do_handshake
      self._sslobj.do_handshake()
  ssl.SSLError: [SSL: TLSV1_ALERT_INTERNAL_ERROR] tlsv1 alert internal error (_ssl.c:1123)

  On Debian testing and Fedora 33 the same test passes with out:
   server:  new connection from ('127.0.0.1', 52346)
   server: connection cipher is now ('ECDHE-RSA-AES256-SHA', 'TLSv1.0', 256)
   server: selected protocol is now None

  You can find Dockerfiles with reproducers at https://github.com/tiran
  /distro-truststore/tree/main/tests/ubuntu-1899878

  Also see:
  * https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1899878
  * https://bugs.python.org/issue43382
  * https://bugs.python.org/issue41561

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1917625/+subscriptions