[gnutls-devel] GnuTLS | TLS handshake used by openconnect/anyconnect fails after 3.5.18 (#677)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Sun Jan 20 17:10:29 CET 2019
New Issue was created.
Issue 677: https://gitlab.com/gnutls/gnutls/issues/677
Author: Alfred Feldmeyer
Assignee:
## Description of problem:
After I upgraded Fedora 29 I am not able to connect to anyconnect VPN any more. The error is:
> SSL connection failure: A TLS fatal alert has been received.
After further investigation I installed gnutls 3.5.18 from source and did a test via
```
gnutls-cli -V -p 443 vpn.gateway.url --debug=2
```
<details>
<summary>Success with version 3.8.15</summary>
<pre>
<code>
Processed 156 CA certificate(s).
Resolving 'vpn.gateway.url:443'...
Connecting to '123.123.123.123:443'...
|<2>| HSK[0xddd6e0]: sent server name: 'vpn.gateway.url'
- Certificate type: X.509
- Got a certificate list of 3 certificates.
- Certificate[0] info:
- X.509 Certificate Information:
Version: 3
Serial Number (hex): 18a8ff230001000017a5
Issuer: CN=COMPANY Issuing CA,OU=IT,O=COMPANY,C=DE
Validity:
Not Before: Wed Sep 20 07:56:36 UTC 2017
Not After: Fri Sep 20 08:06:36 UTC 2019
Subject: CN=vpn.gateway.url,1.2.840.113549.1.9.2=#131166772d6d75632d30312e6d7765612e6465
Subject Public Key Algorithm: RSA
Algorithm Security Level: Medium (2048 bits)
Modulus (bits 2048):
00:a9:[stripped for sec reasons]:0a:a8
0f
Exponent (bits 24):
01:00:01
Extensions:
Key Usage (critical):
Digital signature.
Key encipherment.
Subject Alternative Name (not critical):
DNSname: vpn.gateway.url
DNSname: ...
DNSname: ...
Subject Key Identifier (not critical):
01cd57c534e1189f9b3153c85a4fa12dff375ed4
Authority Key Identifier (not critical):
4ac2d8fb3959d083555f0579f1f1bf4541b2ce4c
CRL Distribution points (not critical):
URI: ldap:///CN=Company,CN=CERT-HQ-02,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=Company,DC=de?certificateRevocationList?base?objectClass=cRLDistributionPoint
URI: http://ca.company.de/cert.crl
Authority Information Access (not critical):
Access Method: 1.3.6.1.5.5.7.48.2 (id-ad-caIssuers)
Access Location URI: ldap:///CN=Company%20Issuing%20CA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=Company,DC=de?cACertificate?base?objectClass=certificationAuthority
Access Method: 1.3.6.1.5.5.7.48.2 (id-ad-caIssuers)
Access Location URI: http://ca.Company.de/cert.crt
Unknown extension 1.3.6.1.4.1.311.21.7 (not critical):
ASCII: 0..&+.....7.....(...Q...........v........k..d...
Hexdump: 302e06262b060104018237150886c7fe288195915186d99b0484d2c81f82ff87761287eb901084f0f96b020164020103
Key Purpose (not critical):
TLS WWW Server.
Unknown extension 1.3.6.1.4.1.311.21.10 (not critical):
ASCII: 0.0...+.......
Hexdump: 300c300a06082b06010505070301
Signature Algorithm: RSA-SHA256
Signature:
8d:2b:[stripped for sec reasons]:59:0e
Other Information:
Fingerprint:
sha1:623479822c783d2bda8f1d4074e15711ad3eb860
sha256:535ec4065ec807977c40334570280165de7957ac29ddc7197ead9e55110ec565
Public Key ID:
sha1:d7261b3e3fc8cc08479a3f3243c39d66b340fe38
sha256:c1b2249cdc672832c56b099a6a1c11a59cfdf2500f112334c3dda20d8d77d8d3
Public Key PIN:
pin-sha256:wbIknNxnKDLFawmaahwRpZz98lAPESM0w92iDY132NM=
Public key's random art:
+--[ RSA 2048]----+
| |
| |
| |
| . . . |
| + =S.+ o |
| X Bo = |
| . @ B+. |
| E * =o. |
| = . .. |
+-----------------+
-----BEGIN CERTIFICATE-----
[stripped for sec reasons]
-----END CERTIFICATE-----
- Certificate[1] info:
- X.509 Certificate Information:
Version: 3
Serial Number (hex): 6131b673000100000006
Issuer: CN=Company Root CA,OU=IT,O=Company,C=DE
Validity:
Not Before: Tue Jan 31 14:50:55 UTC 2017
Not After: Sun Jan 31 15:00:55 UTC 2027
Subject: CN=Company Issuing CA,OU=IT,O=Company,C=DE
Subject Public Key Algorithm: RSA
Algorithm Security Level: Medium (2048 bits)
Modulus (bits 2048):
00:b9:[stripped for sec reasons]:a4:98:5d
07
Exponent (bits 24):
01:00:01
Extensions:
Unknown extension 1.3.6.1.4.1.311.21.1 (not critical):
ASCII: .....
Hexdump: 0203010001
Unknown extension 1.3.6.1.4.1.311.21.2 (not critical):
ASCII: ..?.m.*...o.bH.8m.....
Hexdump: 04143fb56dde2af40a886fd96248c8386dc32e13beb9
Subject Key Identifier (not critical):
4ac2d8fb3959d083555f0579f1f1bf4541b2ce4c
Unknown extension 1.3.6.1.4.1.311.20.2 (not critical):
ASCII: ...S.u.b.C.A
Hexdump: 1e0a00530075006200430041
Key Usage (not critical):
Digital signature.
Certificate signing.
CRL signing.
Basic Constraints (critical):
Certificate Authority (CA): TRUE
Authority Key Identifier (not critical):
231242231296a321184327fea42e6c9744bd2acd
CRL Distribution points (not critical):
URI: http://ca.Company.de/cert.crl
Authority Information Access (not critical):
Access Method: 1.3.6.1.5.5.7.48.2 (id-ad-caIssuers)
Access Location URI: http://ca.Company.de/cert.crt
Signature Algorithm: RSA-SHA256
Signature:
1b:da:[stripped for sec reasons]:f5:58
Other Information:
Fingerprint:
sha1:...
sha256:...
Public Key ID:
sha1:...
sha256:...
Public Key PIN:
pin-sha256:...
Public key's random art:
+--[ RSA 2048]----+
| |
| |
| . . |
| . o . |
| o S . . .|
| . .+.o+|
| .. o..+*o|
| ...+ .=.o*|
| ..+=..o.oE=|
+-----------------+
-----BEGIN CERTIFICATE-----
[stripped for sec reasons]
-----END CERTIFICATE-----
- Certificate[2] info:
- X.509 Certificate Information:
Version: 3
Serial Number (hex): 65c4668ec11c90b94561d2c7a8304140
Issuer: CN=Company Root CA,OU=IT,O=Company,C=DE
Validity:
Not Before: Tue Jan 31 12:33:52 UTC 2017
Not After: Sat Jan 31 12:43:52 UTC 2032
Subject: CN=Company Root CA,OU=IT,O=Company,C=DE
Subject Public Key Algorithm: RSA
Algorithm Security Level: High (4096 bits)
Modulus (bits 4096):
00:b8:e1:2e:[stripped for sec reasons]:70:fe
c7
Exponent (bits 24):
01:00:01
Extensions:
Key Usage (not critical):
Digital signature.
Certificate signing.
CRL signing.
Basic Constraints (critical):
Certificate Authority (CA): TRUE
Subject Key Identifier (not critical):
231242231296a321184327fea42e6c9744bd2acd
Unknown extension 1.3.6.1.4.1.311.21.1 (not critical):
ASCII: .....
Hexdump: 0203010001
Unknown extension 1.3.6.1.4.1.311.21.2 (not critical):
ASCII: ......F.|7E.*...&..)mi
Hexdump: 0414819414f746907c3745bd2aa5cc9226eefb296d69
Signature Algorithm: RSA-SHA256
Signature:
10:04:[stripped for sec reasons]:68:3e
Other Information:
Fingerprint:
sha1:...
sha256:...
Public Key ID:
sha1:...
sha256:...
Public Key PIN:
pin-sha256:...
Public key's random art:
+--[ RSA 4096]----+
| o+o |
| =Eo.. |
| . B o . |
| o = + |
| . S + |
| * + . |
| o . o . |
| .o +o |
| oo*oo. |
+-----------------+
-----BEGIN CERTIFICATE-----
[stripped for sec reasons]
-----END CERTIFICATE-----
- Status: The certificate is trusted.
- Description: (TLS1.2)-(RSA)-(AES-256-CBC)-(SHA256)
- Session ID: 40:09:5D:29:44:EF:64:E2:F0:71:31:30:53:59:97:E3:21:56:AB:50:AA:04:08:29:EB:08:EB:01:8A:F0:FF:47
- Version: TLS1.2
- Key Exchange: RSA
- Cipher: AES-256-CBC
- MAC: SHA256
- Compression: NULL
- Options: safe renegotiation,
- Channel binding 'tls-unique': dc551fc134a28bbffc427b0f
- Handshake was completed
- Simple Client Mode:
<code>
</pre>
</details>
<details>
<summary>Handshake fails with version 3.6.5</summary>
<pre>
<code>
|<2>| Initializing needed PKCS #11 modules
|<2>| p11: Initializing module: p11-kit-trust
|<2>| p11: No login requested.
|<2>| p11: No login requested.
Processed 186 CA certificate(s).
Resolving 'vpn.gateway.url'...
Connecting to '123.123.123.123:443'...
|<2>| system priority /etc/crypto-policies/back-ends/gnutls.config has not changed
|<2>| resolved 'SYSTEM' to 'NONE:+MAC-ALL:-MD5:+GROUP-ALL:+SIGN-ALL:-SIGN-RSA-MD5:-SIGN-DSA-SHA1:-SIGN-DSA-SHA224:-SIGN-DSA-SHA256:-SIGN-DSA-SHA384:-SIGN-DSA-SHA512:+SIGN-RSA-SHA1:%VERIFY_ALLOW_SIGN_WITH_SHA1:+CIPHER-ALL:-CAMELLIA-256-GCM:-CAMELLIA-128-GCM:-CAMELLIA-256-CBC:-CAMELLIA-128-CBC:-3DES-CBC:-ARCFOUR-128:+ECDHE-RSA:+ECDHE-ECDSA:+RSA:+DHE-RSA:+VERS-ALL:-VERS-DTLS0.9:-VERS-SSL3.0:+COMP-NULL:%PROFILE_LOW', next ''
|<2>| selected priority string: NONE:+MAC-ALL:-MD5:+GROUP-ALL:+SIGN-ALL:-SIGN-RSA-MD5:-SIGN-DSA-SHA1:-SIGN-DSA-SHA224:-SIGN-DSA-SHA256:-SIGN-DSA-SHA384:-SIGN-DSA-SHA512:+SIGN-RSA-SHA1:%VERIFY_ALLOW_SIGN_WITH_SHA1:+CIPHER-ALL:-CAMELLIA-256-GCM:-CAMELLIA-128-GCM:-CAMELLIA-256-CBC:-CAMELLIA-128-CBC:-3DES-CBC:-ARCFOUR-128:+ECDHE-RSA:+ECDHE-ECDSA:+RSA:+DHE-RSA:+VERS-ALL:-VERS-DTLS0.9:-VERS-SSL3.0:+COMP-NULL:%PROFILE_LOW
|<2>| added 6 protocols, 29 ciphersuites, 18 sig algos and 9 groups into priority list
|<2>| Keeping ciphersuite 13.02 (GNUTLS_AES_256_GCM_SHA384)
|<2>| Keeping ciphersuite 13.03 (GNUTLS_CHACHA20_POLY1305_SHA256)
|<2>| Keeping ciphersuite 13.01 (GNUTLS_AES_128_GCM_SHA256)
|<2>| Keeping ciphersuite 13.04 (GNUTLS_AES_128_CCM_SHA256)
|<2>| Keeping ciphersuite c0.30 (GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384)
|<2>| Keeping ciphersuite cc.a8 (GNUTLS_ECDHE_RSA_CHACHA20_POLY1305)
|<2>| Keeping ciphersuite c0.14 (GNUTLS_ECDHE_RSA_AES_256_CBC_SHA1)
|<2>| Keeping ciphersuite c0.2f (GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256)
|<2>| Keeping ciphersuite c0.13 (GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1)
|<2>| Keeping ciphersuite c0.2c (GNUTLS_ECDHE_ECDSA_AES_256_GCM_SHA384)
|<2>| Keeping ciphersuite cc.a9 (GNUTLS_ECDHE_ECDSA_CHACHA20_POLY1305)
|<2>| Keeping ciphersuite c0.ad (GNUTLS_ECDHE_ECDSA_AES_256_CCM)
|<2>| Keeping ciphersuite c0.0a (GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA1)
|<2>| Keeping ciphersuite c0.2b (GNUTLS_ECDHE_ECDSA_AES_128_GCM_SHA256)
|<2>| Keeping ciphersuite c0.ac (GNUTLS_ECDHE_ECDSA_AES_128_CCM)
|<2>| Keeping ciphersuite c0.09 (GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA1)
|<2>| Keeping ciphersuite 00.9d (GNUTLS_RSA_AES_256_GCM_SHA384)
|<2>| Keeping ciphersuite c0.9d (GNUTLS_RSA_AES_256_CCM)
|<2>| Keeping ciphersuite 00.35 (GNUTLS_RSA_AES_256_CBC_SHA1)
|<2>| Keeping ciphersuite 00.9c (GNUTLS_RSA_AES_128_GCM_SHA256)
|<2>| Keeping ciphersuite c0.9c (GNUTLS_RSA_AES_128_CCM)
|<2>| Keeping ciphersuite 00.2f (GNUTLS_RSA_AES_128_CBC_SHA1)
|<2>| Keeping ciphersuite 00.9f (GNUTLS_DHE_RSA_AES_256_GCM_SHA384)
|<2>| Keeping ciphersuite cc.aa (GNUTLS_DHE_RSA_CHACHA20_POLY1305)
|<2>| Keeping ciphersuite c0.9f (GNUTLS_DHE_RSA_AES_256_CCM)
|<2>| Keeping ciphersuite 00.39 (GNUTLS_DHE_RSA_AES_256_CBC_SHA1)
|<2>| Keeping ciphersuite 00.9e (GNUTLS_DHE_RSA_AES_128_GCM_SHA256)
|<2>| Keeping ciphersuite c0.9e (GNUTLS_DHE_RSA_AES_128_CCM)
|<2>| Keeping ciphersuite 00.33 (GNUTLS_DHE_RSA_AES_128_CBC_SHA1)
|<2>| Advertizing version 3.4
|<2>| Advertizing version 3.3
|<2>| Advertizing version 3.2
|<2>| Advertizing version 3.1
|<2>| HSK[0x564ec2cf90b0]: sent server name: 'vpn.gateway.url'
*** Fatal error: A TLS fatal alert has been received.
*** Received alert [40]: Handshake failed
</code>
</pre>
## Version of gnutls used:
3.6.5 -> fails
3.5.18 -> success (but outdated in Fedora repos)
## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
Fedora 29
## How reproducible:
Steps to Reproduce:
* find an anyconnect vpn gateway v 4.6 that uses certs to user auth.
* run the above commands
## Actual results:
Handshake does not work
## Expected results:
Handshake does works
I am aware, that this seems to be a tricky one, so if you need anything from my side -> let me know
Thanks in advance
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/677
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190120/4a71425f/attachment-0001.html>
More information about the Gnutls-devel
mailing list