From mime at gmx.de Mon Feb 15 11:35:57 2010 From: mime at gmx.de (Michael Meyer) Date: Mon, 15 Feb 2010 11:35:57 +0100 Subject: Oracle Weblogic 10.3 + gnutls-cli = A TLS fatal... Message-ID: <20100215103557.GA2980@komma-nix.de> Hello, Default installation of a Oracle Weblogic 10.3. NodeManager is listen at port 5556. mime at openvas-qa:~> gnutls-cli --port 5556 GFDGFDGSFD Resolving 'GFDGFDGSFD'... Connecting to '192.168.2.6:5556'... *** Fatal error: A TLS fatal alert has been received. *** Received alert [70]: Error in protocol version *** Handshake has failed GNUTLS ERROR: A TLS fatal alert has been received. gnutls-cli-debug -p 5556 GFDGFDGSFD -V http://pastebin.com/m2de5dfaa gnutls-cli --port 5556 GFDGFDGSFD -d 4711 -V http://pastebin.com/f27633473 openssl s_client -host 192.168.2.6 -port 5556 http://pastebin.com/m61a8b468 Why i can't connect to the Weblogic Server with gnutls-cli? Is there anything i can do to make it work? I did not really know a lot about ssl and certs and so on... ;) Thanks Micha From simon at josefsson.org Mon Feb 15 11:54:39 2010 From: simon at josefsson.org (Simon Josefsson) Date: Mon, 15 Feb 2010 11:54:39 +0100 Subject: Oracle Weblogic 10.3 + gnutls-cli = A TLS fatal... In-Reply-To: <20100215103557.GA2980@komma-nix.de> (Michael Meyer's message of "Mon, 15 Feb 2010 11:35:57 +0100") References: <20100215103557.GA2980@komma-nix.de> Message-ID: <873a1293bk.fsf@mocca.josefsson.org> Michael Meyer writes: > Hello, > > Default installation of a Oracle Weblogic 10.3. NodeManager is listen > at port 5556. > > mime at openvas-qa:~> gnutls-cli --port 5556 GFDGFDGSFD > Resolving 'GFDGFDGSFD'... > Connecting to '192.168.2.6:5556'... > *** Fatal error: A TLS fatal alert has been received. > *** Received alert [70]: Error in protocol version > *** Handshake has failed > GNUTLS ERROR: A TLS fatal alert has been received. > > gnutls-cli-debug -p 5556 GFDGFDGSFD -V > http://pastebin.com/m2de5dfaa > > gnutls-cli --port 5556 GFDGFDGSFD -d 4711 -V > http://pastebin.com/f27633473 > > openssl s_client -host 192.168.2.6 -port 5556 > http://pastebin.com/m61a8b468 > > Why i can't connect to the Weblogic Server with gnutls-cli? Is there > anything i can do to make it work? Try disabling TLS versions > 1.0 or TLS extensions. /Simon From mime at gmx.de Mon Feb 15 12:21:59 2010 From: mime at gmx.de (Michael Meyer) Date: Mon, 15 Feb 2010 12:21:59 +0100 Subject: Oracle Weblogic 10.3 + gnutls-cli = A TLS fatal... In-Reply-To: <873a1293bk.fsf@mocca.josefsson.org> References: <20100215103557.GA2980@komma-nix.de> <873a1293bk.fsf@mocca.josefsson.org> Message-ID: <20100215112159.GA3630@komma-nix.de> Hello, *** Simon Josefsson wrote: > Michael Meyer writes: > > > > Why i can't connect to the Weblogic Server with gnutls-cli? Is there > > anything i can do to make it work? > > Try disabling TLS versions > 1.0 or TLS extensions. Don't work. I hope I make it right. ;) http://pastebin.com/f56a825f6 Thanks Micha From nmav at gnutls.org Mon Feb 15 15:58:20 2010 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Mon, 15 Feb 2010 15:58:20 +0100 Subject: Oracle Weblogic 10.3 + gnutls-cli = A TLS fatal... In-Reply-To: <20100215112159.GA3630@komma-nix.de> References: <20100215103557.GA2980@komma-nix.de> <873a1293bk.fsf@mocca.josefsson.org> <20100215112159.GA3630@komma-nix.de> Message-ID: As far as I understand from the logs this server only supports RC4-40. (ARCFOUR-40 in gnutls) and does not want to see anything over TLS 1.0. On Mon, Feb 15, 2010 at 12:21 PM, Michael Meyer wrote: > Hello, > > *** Simon Josefsson wrote: >> Michael Meyer writes: >> > >> > Why i can't connect to the Weblogic Server with gnutls-cli? Is there >> > anything i can do to make it work? >> >> Try disabling TLS versions > 1.0 or TLS extensions. > > Don't work. I hope I make it right. ;) > > http://pastebin.com/f56a825f6 > > Thanks > > Micha > > > _______________________________________________ > Help-gnutls mailing list > Help-gnutls at gnu.org > http://lists.gnu.org/mailman/listinfo/help-gnutls > From simon at josefsson.org Mon Feb 15 20:34:14 2010 From: simon at josefsson.org (Simon Josefsson) Date: Mon, 15 Feb 2010 20:34:14 +0100 Subject: Oracle Weblogic 10.3 + gnutls-cli = A TLS fatal... In-Reply-To: <20100215112159.GA3630@komma-nix.de> (Michael Meyer's message of "Mon, 15 Feb 2010 12:21:59 +0100") References: <20100215103557.GA2980@komma-nix.de> <873a1293bk.fsf@mocca.josefsson.org> <20100215112159.GA3630@komma-nix.de> Message-ID: <877hqe2szt.fsf@mocca.josefsson.org> Michael Meyer writes: > Hello, > > *** Simon Josefsson wrote: >> Michael Meyer writes: >> > >> > Why i can't connect to the Weblogic Server with gnutls-cli? Is there >> > anything i can do to make it work? >> >> Try disabling TLS versions > 1.0 or TLS extensions. > > Don't work. I hope I make it right. ;) > > http://pastebin.com/f56a825f6 Try gnutls-cli --disable-extensions -p 5556 GFDGFDGSFD -d 4711 -V --priority "NORMAL:%COMPAT:-VERS-TLS1.1:-CTYPE-OPENPGP" /Simon From mime at gmx.de Mon Feb 15 21:17:15 2010 From: mime at gmx.de (Michael Meyer) Date: Mon, 15 Feb 2010 21:17:15 +0100 Subject: Oracle Weblogic 10.3 + gnutls-cli = A TLS fatal... In-Reply-To: <877hqe2szt.fsf@mocca.josefsson.org> References: <20100215103557.GA2980@komma-nix.de> <873a1293bk.fsf@mocca.josefsson.org> <20100215112159.GA3630@komma-nix.de> <877hqe2szt.fsf@mocca.josefsson.org> Message-ID: <20100215201715.GA10302@komma-nix.de> *** Simon Josefsson wrote: > Michael Meyer writes: > > http://pastebin.com/f56a825f6 > > gnutls-cli --disable-extensions -p 5556 GFDGFDGSFD -d 4711 -V --priority "NORMAL:%COMPAT:-VERS-TLS1.1:-CTYPE-OPENPGP" No, doesn't work either. http://pastebin.com/m60914e97 It *seems* that this behavior can be reproduced by doing: ,---| | mime at kira:~ % openssl s_server -accept 5556 \ | -key /home/mime/ca/serverkey.pem \ | -cert /home/mime/ca/servercert.pem \ | -cipher EXP-RC4-MD5 `---| http://pastebin.com/m5471d160 Thanks again for your help. Micha From nmav at gnutls.org Mon Feb 15 21:40:31 2010 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Mon, 15 Feb 2010 21:40:31 +0100 Subject: Oracle Weblogic 10.3 + gnutls-cli = A TLS fatal... In-Reply-To: <20100215201715.GA10302@komma-nix.de> References: <20100215103557.GA2980@komma-nix.de> <873a1293bk.fsf@mocca.josefsson.org> <20100215112159.GA3630@komma-nix.de> <877hqe2szt.fsf@mocca.josefsson.org> <20100215201715.GA10302@komma-nix.de> Message-ID: <4B79B13F.9050400@gnutls.org> Michael Meyer wrote: > *** Simon Josefsson wrote: >> Michael Meyer writes: > >>> http://pastebin.com/f56a825f6 >> gnutls-cli --disable-extensions -p 5556 GFDGFDGSFD -d 4711 -V --priority "NORMAL:%COMPAT:-VERS-TLS1.1:-CTYPE-OPENPGP" He needs to add +ARCFOUR-40 and +RSA-EXPORT as well. They are not enabled by default. regards, Nikos From simon at josefsson.org Mon Feb 15 21:49:30 2010 From: simon at josefsson.org (Simon Josefsson) Date: Mon, 15 Feb 2010 21:49:30 +0100 Subject: Oracle Weblogic 10.3 + gnutls-cli = A TLS fatal... In-Reply-To: <4B79B13F.9050400@gnutls.org> (Nikos Mavrogiannopoulos's message of "Mon, 15 Feb 2010 21:40:31 +0100") References: <20100215103557.GA2980@komma-nix.de> <873a1293bk.fsf@mocca.josefsson.org> <20100215112159.GA3630@komma-nix.de> <877hqe2szt.fsf@mocca.josefsson.org> <20100215201715.GA10302@komma-nix.de> <4B79B13F.9050400@gnutls.org> Message-ID: <87k4ue1axx.fsf@mocca.josefsson.org> Nikos Mavrogiannopoulos writes: > Michael Meyer wrote: >> *** Simon Josefsson wrote: >>> Michael Meyer writes: >> >>>> http://pastebin.com/f56a825f6 >>> gnutls-cli --disable-extensions -p 5556 GFDGFDGSFD -d 4711 -V --priority "NORMAL:%COMPAT:-VERS-TLS1.1:-CTYPE-OPENPGP" > > He needs to add +ARCFOUR-40 and +RSA-EXPORT as well. They are not > enabled by default. Michael can you try that? Also try %SSL3_RECORD_VERSION. /Simon From mime at gmx.de Tue Feb 16 10:29:40 2010 From: mime at gmx.de (Michael Meyer) Date: Tue, 16 Feb 2010 10:29:40 +0100 Subject: Oracle Weblogic 10.3 + gnutls-cli = A TLS fatal... In-Reply-To: <87k4ue1axx.fsf@mocca.josefsson.org> References: <20100215103557.GA2980@komma-nix.de> <873a1293bk.fsf@mocca.josefsson.org> <20100215112159.GA3630@komma-nix.de> <877hqe2szt.fsf@mocca.josefsson.org> <20100215201715.GA10302@komma-nix.de> <4B79B13F.9050400@gnutls.org> <87k4ue1axx.fsf@mocca.josefsson.org> Message-ID: <20100216092940.GA2868@komma-nix.de> *** Simon Josefsson wrote: > Nikos Mavrogiannopoulos writes: > > Michael Meyer wrote: > >>>> http://pastebin.com/f56a825f6 > >>> gnutls-cli --disable-extensions -p 5556 GFDGFDGSFD -d 4711 -V --priority "NORMAL:%COMPAT:-VERS-TLS1.1:-CTYPE-OPENPGP" > > > > He needs to add +ARCFOUR-40 and +RSA-EXPORT as well. They are not > > enabled by default. I've tried with +ARCFOUR-40 but never with +RSA-EXPORT. > Michael can you try that? Also try %SSL3_RECORD_VERSION. gnutls-cli -p 5556 GFDGFDGSFD --priority "NORMAL:%COMPAT:-VERS-TLS1.1:+ARCFOUR-40:+RSA-EXPORT" That's it. It works. http://pastebin.com/m357f13b2 Any hints how to make this work also with C-code? :) One of our C-Developers ask me that. We are looking for the best way to *always* get a connection in C? Even if there is something "strange" on the remote side. Many thanks to you both. Micha From simon at josefsson.org Tue Feb 16 14:22:00 2010 From: simon at josefsson.org (Simon Josefsson) Date: Tue, 16 Feb 2010 14:22:00 +0100 Subject: Oracle Weblogic 10.3 + gnutls-cli = A TLS fatal... In-Reply-To: <20100216092940.GA2868@komma-nix.de> (Michael Meyer's message of "Tue, 16 Feb 2010 10:29:40 +0100") References: <20100215103557.GA2980@komma-nix.de> <873a1293bk.fsf@mocca.josefsson.org> <20100215112159.GA3630@komma-nix.de> <877hqe2szt.fsf@mocca.josefsson.org> <20100215201715.GA10302@komma-nix.de> <4B79B13F.9050400@gnutls.org> <87k4ue1axx.fsf@mocca.josefsson.org> <20100216092940.GA2868@komma-nix.de> Message-ID: <87tythwc1z.fsf@mocca.josefsson.org> Michael Meyer writes: > *** Simon Josefsson wrote: >> Nikos Mavrogiannopoulos writes: >> > Michael Meyer wrote: > >> >>>> http://pastebin.com/f56a825f6 >> >>> gnutls-cli --disable-extensions -p 5556 GFDGFDGSFD -d 4711 -V --priority "NORMAL:%COMPAT:-VERS-TLS1.1:-CTYPE-OPENPGP" >> > >> > He needs to add +ARCFOUR-40 and +RSA-EXPORT as well. They are not >> > enabled by default. > > I've tried with +ARCFOUR-40 but never with +RSA-EXPORT. > >> Michael can you try that? Also try %SSL3_RECORD_VERSION. > > gnutls-cli -p 5556 GFDGFDGSFD --priority "NORMAL:%COMPAT:-VERS-TLS1.1:+ARCFOUR-40:+RSA-EXPORT" > > That's it. It works. http://pastebin.com/m357f13b2 Do you need all of them? Try removing each of them until it breaks, and until you have tried removing all items. > Any hints how to make this work also with C-code? :) One of our > C-Developers ask me that. We are looking for the best way to > *always* get a connection in C? Even if there is something > "strange" on the remote side. Call something like this: rc = gnutls_priority_set_direct (session, "NORMAL:%COMPAT....", NULL); http://www.gnu.org/software/gnutls/reference/gnutls-gnutls.html#gnutls-priority-set-direct http://www.gnu.org/software/gnutls/reference/gnutls-gnutls.html#gnutls-priority-init /Simon From mime at gmx.de Tue Feb 16 15:34:03 2010 From: mime at gmx.de (Michael Meyer) Date: Tue, 16 Feb 2010 15:34:03 +0100 Subject: Oracle Weblogic 10.3 + gnutls-cli = A TLS fatal... In-Reply-To: <87tythwc1z.fsf@mocca.josefsson.org> References: <20100215103557.GA2980@komma-nix.de> <873a1293bk.fsf@mocca.josefsson.org> <20100215112159.GA3630@komma-nix.de> <877hqe2szt.fsf@mocca.josefsson.org> <20100215201715.GA10302@komma-nix.de> <4B79B13F.9050400@gnutls.org> <87k4ue1axx.fsf@mocca.josefsson.org> <20100216092940.GA2868@komma-nix.de> <87tythwc1z.fsf@mocca.josefsson.org> Message-ID: <20100216143403.GA5626@komma-nix.de> *** Simon Josefsson wrote: > Michael Meyer writes: > >> Michael can you try that? Also try %SSL3_RECORD_VERSION. > > > > gnutls-cli -p 5556 GFDGFDGSFD --priority "NORMAL:%COMPAT:-VERS-TLS1.1:+ARCFOUR-40:+RSA-EXPORT" > > > > That's it. It works. http://pastebin.com/m357f13b2 > > Do you need all of them? Yes. > Try removing each of them until it breaks, and > until you have tried removing all items. I did. ;) If even one option is away, it no longer works. > > Any hints how to make this work also with C-code? :) One of our > > C-Developers ask me that. We are looking for the best way to > > *always* get a connection in C? Even if there is something > > "strange" on the remote side. > > Call something like this: > > rc = gnutls_priority_set_direct (session, "NORMAL:%COMPAT....", NULL); > > http://www.gnu.org/software/gnutls/reference/gnutls-gnutls.html#gnutls-priority-set-direct > http://www.gnu.org/software/gnutls/reference/gnutls-gnutls.html#gnutls-priority-init Ok. I'll pass the information to our C-developers. It seems that we need some deeper knowledge about GnuTLS in our project (http://openvas.org). Anybody interested to help? ;) Micha From sdecugis at nict.go.jp Wed Feb 17 08:36:41 2010 From: sdecugis at nict.go.jp (Sebastien Decugis) Date: Wed, 17 Feb 2010 16:36:41 +0900 Subject: Problem with session resuming Message-ID: <4B7B9C89.7020801@nict.go.jp> Hello, I am running in a problem with session resuming, I hope someone can understand the source of the issue ^^. Please excuse the long mail... I am setting multiple communication channels between two peers C (client) and S (server) -- implemented using 3 SCTP streams s0,s1,s2. I am doing a full handshake on the first channel, then I verify the credentials. Once this is done, I would like to use session resuming facility to handshake the other channels more quickly, and in parallel (using multithreads). Unfortunately, the session resuming fails and it ends doing a full handshake on all channels. My understanding of the issue is that the server tries to resume a session with a different ID than what was stored. Here is exactly the sequence of events, I hope it clarifies. C connects to S C->S, s0: Client Hello, Session Id [0] (as reported by Wireshark) S->C, s0: Server Hello, Session Id [F3CC1208 6C1657DF ... (32 bytes)] The exchange continues and handshake succeeds. On S: db_store_func is called with session id: [2E313400 6C1657DF ... (32 bytes)] Then, the resumed handshake is attempted on other streams: C->S, s1: Client Hello, Session Id [F3CC1208 6C1657DF ... (32 bytes)] C->S, s2: Client Hello, Session Id [F3CC1208 6C1657DF ... (32 bytes)] on server: db_store_retrieve is called for session with id [2E313900 6C1657DF ... (32 bytes)] twice. Since the Session Id is different between the store and retrieve operations, my callback does not return the data and the server falls back to full handshake. It is working, but less efficient than resuming (especially when the number of streams increases...) I would like to know: - if it is normal that the first 32bits of the session Id is different on the wire (captured with Wireshark) and in the db_func callbacks (dumped from my callback). I suspect this is not the case, since except for the first 4 bytes, the Id is exactly the same (not copied in the mail for simplification). - if you know what could cause these 4 bytes to change in the server between what is received from the wire, the store, and retrieve operations ? I can provide the wireshark capture and the logs from my daemons if it helps. By the way, I am using GNUTLS versions from my distributions : 2.8.3-2 on the client (Ubuntu) and 2.4.2-6+lenny2 on the server (debian). Please let me know and pardon me if this is a known bug that has already been fixed for a long time -- or if this bug is introduced by one of these distributions. I could not find any "corrupted session id" bug anywhere, and I am not too sure what else I can look for... Thank you for any help you can provide, and sorry for the long mail! Best regards, Sebastien. -- Sebastien Decugis Research fellow Network Architecture Group NICT (nict.go.jp) From nmav at gnutls.org Wed Feb 17 10:24:11 2010 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Wed, 17 Feb 2010 10:24:11 +0100 Subject: Problem with session resuming In-Reply-To: <4B7B9C89.7020801@nict.go.jp> References: <4B7B9C89.7020801@nict.go.jp> Message-ID: On Wed, Feb 17, 2010 at 8:36 AM, Sebastien Decugis wrote: > Hello, > > I am running in a problem with session resuming, I hope someone can > understand the source of the issue ^^. Please excuse the long mail... [...] > My understanding of the issue is that the server tries to resume a > session with a different ID than what was stored. Here is exactly the > sequence of events, I hope it clarifies. As far as I understand from your description this is not normal, something is weird on the server side. Could you try with a more recent server version? (i just tried with 2.8.5 version and seems to work ok). There are some fixes in the session resumption code, but nothing similar to what you describe here. This looks like a memory corruption. If the problem insists with 2.8.5 please try running the server with valgrind on the same hardware. regards, Nikos From simon at josefsson.org Wed Feb 17 15:46:27 2010 From: simon at josefsson.org (Simon Josefsson) Date: Wed, 17 Feb 2010 15:46:27 +0100 Subject: Oracle Weblogic 10.3 + gnutls-cli = A TLS fatal... In-Reply-To: <20100216143403.GA5626@komma-nix.de> (Michael Meyer's message of "Tue, 16 Feb 2010 15:34:03 +0100") References: <20100215103557.GA2980@komma-nix.de> <873a1293bk.fsf@mocca.josefsson.org> <20100215112159.GA3630@komma-nix.de> <877hqe2szt.fsf@mocca.josefsson.org> <20100215201715.GA10302@komma-nix.de> <4B79B13F.9050400@gnutls.org> <87k4ue1axx.fsf@mocca.josefsson.org> <20100216092940.GA2868@komma-nix.de> <87tythwc1z.fsf@mocca.josefsson.org> <20100216143403.GA5626@komma-nix.de> Message-ID: <873a0zq5rw.fsf@mocca.josefsson.org> Michael Meyer writes: > *** Simon Josefsson wrote: >> Michael Meyer writes: > >> >> Michael can you try that? Also try %SSL3_RECORD_VERSION. >> > >> > gnutls-cli -p 5556 GFDGFDGSFD --priority "NORMAL:%COMPAT:-VERS-TLS1.1:+ARCFOUR-40:+RSA-EXPORT" >> > >> > That's it. It works. http://pastebin.com/m357f13b2 >> >> Do you need all of them? > > Yes. > >> Try removing each of them until it breaks, and >> until you have tried removing all items. > > I did. ;) If even one option is away, it no longer works. Wow. Then it is the most broken TLS server I've heard of so far. I wonder what TLS stack that is... >> > Any hints how to make this work also with C-code? :) One of our >> > C-Developers ask me that. We are looking for the best way to >> > *always* get a connection in C? Even if there is something >> > "strange" on the remote side. >> >> Call something like this: >> >> rc = gnutls_priority_set_direct (session, "NORMAL:%COMPAT....", NULL); >> >> http://www.gnu.org/software/gnutls/reference/gnutls-gnutls.html#gnutls-priority-set-direct >> http://www.gnu.org/software/gnutls/reference/gnutls-gnutls.html#gnutls-priority-init > > Ok. I'll pass the information to our C-developers. It seems that we > need some deeper knowledge about GnuTLS in our project (http://openvas.org). > Anybody interested to help? ;) I'll certainly try to help by answering questions. Anything in particular you need help with? /Simon From mime at gmx.de Wed Feb 17 17:12:14 2010 From: mime at gmx.de (Michael Meyer) Date: Wed, 17 Feb 2010 17:12:14 +0100 Subject: Oracle Weblogic 10.3 + gnutls-cli = A TLS fatal... In-Reply-To: <873a0zq5rw.fsf@mocca.josefsson.org> References: <873a1293bk.fsf@mocca.josefsson.org> <20100215112159.GA3630@komma-nix.de> <877hqe2szt.fsf@mocca.josefsson.org> <20100215201715.GA10302@komma-nix.de> <4B79B13F.9050400@gnutls.org> <87k4ue1axx.fsf@mocca.josefsson.org> <20100216092940.GA2868@komma-nix.de> <87tythwc1z.fsf@mocca.josefsson.org> <20100216143403.GA5626@komma-nix.de> <873a0zq5rw.fsf@mocca.josefsson.org> Message-ID: <20100217161214.GA6516@komma-nix.de> *** Simon Josefsson wrote: > Michael Meyer writes: > > I did. ;) If even one option is away, it no longer works. > > Wow. Then it is the most broken TLS server I've heard of so far. I > wonder what TLS stack that is... No Idea. I can do any test you suggested. > > Anybody interested to help? ;) > > I'll certainly try to help by answering questions. Anything in > particular you need help with? I'm not a C-developer, just a plugin-writer. But you can see my Bug-Report at http://wald.intevation.org/tracker/index.php?func=detail&aid=1278&group_id=29&atid=220 I think that one of our developers will subscribe to this list and can provide more specific questions. I can't, i have only less knowledge in C. Micha From simon at josefsson.org Wed Feb 17 18:16:41 2010 From: simon at josefsson.org (Simon Josefsson) Date: Wed, 17 Feb 2010 18:16:41 +0100 Subject: Oracle Weblogic 10.3 + gnutls-cli = A TLS fatal... In-Reply-To: <20100217161214.GA6516@komma-nix.de> (Michael Meyer's message of "Wed, 17 Feb 2010 17:12:14 +0100") References: <873a1293bk.fsf@mocca.josefsson.org> <20100215112159.GA3630@komma-nix.de> <877hqe2szt.fsf@mocca.josefsson.org> <20100215201715.GA10302@komma-nix.de> <4B79B13F.9050400@gnutls.org> <87k4ue1axx.fsf@mocca.josefsson.org> <20100216092940.GA2868@komma-nix.de> <87tythwc1z.fsf@mocca.josefsson.org> <20100216143403.GA5626@komma-nix.de> <873a0zq5rw.fsf@mocca.josefsson.org> <20100217161214.GA6516@komma-nix.de> Message-ID: <87635vok92.fsf@mocca.josefsson.org> Michael Meyer writes: > *** Simon Josefsson wrote: >> Michael Meyer writes: > >> > I did. ;) If even one option is away, it no longer works. >> >> Wow. Then it is the most broken TLS server I've heard of so far. I >> wonder what TLS stack that is... > > No Idea. I can do any test you suggested. Identifying that with confidence requires access to the server to look at the actual server system. Looking at logs and/or the binaries may help. >> > Anybody interested to help? ;) >> >> I'll certainly try to help by answering questions. Anything in >> particular you need help with? > > I'm not a C-developer, just a plugin-writer. But you can see my > Bug-Report at > > http://wald.intevation.org/tracker/index.php?func=detail&aid=1278&group_id=29&atid=220 > > I think that one of our developers will subscribe to this list and can > provide more specific questions. I can't, i have only less knowledge in C. I don't think defaulting to insecure mode is a good idea. What we recommend is to use the default, and expose the "priority string" interface to configuration. Then administrators can chose to add priority strings that may be necessary to talk to some broken server. The proper solution is always to fix the broken server, but meanwhile that happens, having a configuration option to work around is useful. Using GnuTLS in known insecure modes just because there are broken servers out there doesn't seem like a good idea. Then you might as well not use TLS at all, and just use TCP? Anyway, in general it is not possible to configure GnuTLS to *always* get a connection up, since some bugs in other components may be severe enough that it simply isn't possible. I suspect something in your design needs to reflect these ideas, but I don't know OpenVAS enough to say what. /Simon From mime at gmx.de Wed Feb 17 20:51:12 2010 From: mime at gmx.de (Michael Meyer) Date: Wed, 17 Feb 2010 20:51:12 +0100 Subject: Oracle Weblogic 10.3 + gnutls-cli = A TLS fatal... In-Reply-To: <87635vok92.fsf@mocca.josefsson.org> References: <877hqe2szt.fsf@mocca.josefsson.org> <20100215201715.GA10302@komma-nix.de> <4B79B13F.9050400@gnutls.org> <87k4ue1axx.fsf@mocca.josefsson.org> <20100216092940.GA2868@komma-nix.de> <87tythwc1z.fsf@mocca.josefsson.org> <20100216143403.GA5626@komma-nix.de> <873a0zq5rw.fsf@mocca.josefsson.org> <20100217161214.GA6516@komma-nix.de> <87635vok92.fsf@mocca.josefsson.org> Message-ID: <20100217195112.GA11529@komma-nix.de> *** Simon Josefsson wrote: > Michael Meyer writes: > Identifying that with confidence requires access to the server to look > at the actual server system. Looking at logs and/or the binaries may > help. There is a trial version available at http://www.oracle.com/technology/software/products/ias/htdocs/wls_main.html I have Oracle WebLogic Server 10.3 (also the trial version) running under a Microsoft Windows XP. > I don't think defaulting to insecure mode is a good idea. [...] > Using GnuTLS in known insecure modes just because there are broken > servers out there doesn't seem like a good idea. Then you might as well > not use TLS at all, and just use TCP? Let me explain. OpenVAS stands for Open Vulnerability Assessment System and is a network security scanner. OpenVAS is a GPL fork of Nessus. I try to write a plugin for http://www.securityfocus.com/bid/37926 Normaly this is very simple. See http://intevydis.blogspot.com/2010/01/oracle-weblogic-1032-node-manager-fun.html For that a SSL connection is required. in NASL (Nessus Attack Scripting Language) it would look like (simplified): ,---| | port = 5556; | soc = open_sock_tcp(port, transport: ENCAPS_SSLv3); # or ENCAPS_SSLv23, ENCAPS_TLSv1 | | if(!soc) { | display("NO SOCKET\n\n"); | } else { | display("SOCKET OK\n\n"); | send(socket:soc, data: string("HELLO asdf\r\n")); | buf = recv(socket:soc, length: 512); | display("\n",buf,"\n\n"); | close(soc); | } `---| Result should be "+OK Node manager v10.3 started". I got always "NO SOCKET". With any kind of "transport". GnuTLS error at this point is: "A TLS fatal alert has been received". At this point, it's a problem, if GnuTLS (rather the NASL function open_sock_tcp() which is using GnuTLS) cant't connect to the remote service because of some problems (e.g. broken certificate, insecure cipher, ...) on the remote side. It means that I can not recognize the vulnerability. That's bad. ;) That's why i need - whenever humanly possible - a succesfull connection. In this case I'm not interested whether the connection is really secure. Micha From sdecugis at nict.go.jp Thu Feb 18 08:00:57 2010 From: sdecugis at nict.go.jp (Sebastien Decugis) Date: Thu, 18 Feb 2010 16:00:57 +0900 Subject: Problem with session resuming In-Reply-To: References: <4B7B9C89.7020801@nict.go.jp> Message-ID: <4B7CE5A9.6050605@nict.go.jp> Hello Nikos, all, Thank you for your feedback! I just tried with 2.8.5 and got exactly the same issue. Before going further, let me report a few glintches I got with the 2.8.5 (retrieved from the tag in git), if it is of interest: - it did not compile "out of the box". There was a warning preventing the compilation in gnutls_compress.c line 402 about unused label. I worked around this one by installing libz-dev (maybe worth adding inside the README-alpha list of packages? or adding #ifdef's around the label?) - Once I tried to use this new version, I got a "Ohhhh jeeee: operation is not possible without initialized secure memory" or something similar from my software. After googling a little bit, I added "gcry_control (GCRYCTL_DISABLE_SECMEM, NULL, 0);" in my code before calling the gnutls_global_init(), along with my other initializers for gcry (that I need because of multithreading). Maybe this should be written in the GNUTLS manual where examples for multithreading are given (7.2 Multi-Threaded Applications) ? Ok, now to my issue. Can you help me with valgrind? I never used it, and I am not sure how I can proceed... If possible I'd like to avoid spending 1 week learning about this tool. Thank you in advance :) BTW: about the hardware I am using, it is two virtualbox virtual machines (maybe not relevant but anyway). The client is 64bits Ubuntu Karmic. The server is 32 bits Debian (with 2.8.5 "fresh" GNUTLS). For reference, here is the sequence of calls I am doing in gnutls: [initialization] gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread) gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0) gcry_control (GCRYCTL_DISABLE_SECMEM, NULL, 0) gnutls_global_init() gnutls_certificate_allocate_credentials (...) gnutls_dh_params_init (...) gnutls_certificate_set_x509_key_file( ... ) gnutls_certificate_set_x509_trust_file( ... ) gnutls_priority_init( ..., GNUTLS_DEFAULT_PRIORITY, ...) gnutls_dh_params_generate2( ..., GNUTLS_DEFAULT_DHBITS) [connection of the client : first, full handshake on stream 0] gnutls_init (..., GNUTLS_SERVER) gnutls_priority_set( ... ) gnutls_credentials_set (..., GNUTLS_CRD_CERTIFICATE, ...) gnutls_transport_set_ptr(...) gnutls_transport_set_lowat( ..., 0 ) gnutls_transport_set_pull_function(...) gnutls_transport_set_push_function(...) gnutls_db_set_retrieve_function(..., sr_fetch) gnutls_db_set_remove_function (..., sr_remove) gnutls_db_set_store_function ( ..., sr_store) gnutls_db_set_ptr ( ...) gnutls_handshake(...) * at this point, data is exchanged with the client. S: sent, R: received. number of bytes follows: R:81 S:79 S:2333 S:44 S:9 R:2333 R:139 R:6 R:69 S:6 S:85 Gnutls callback: sr_store, key id: [key 2e303600c0e985f29a780d6814e0b76ee6e318dc7d0360e7c8f704b570dbdf34] This is the detail of the session when I verify the credentials: - Key Exchange: RSA - Protocol: TLS1.1 - Certificate Type: X.509 - Compression: NULL - Cipher: AES-128-CBC - MAC: SHA1 [now, I want to start a resumed handshake on other 2 streams.] [the following happens in paralel in two threads. There are 3 different gnutls_session_t in total.] gnutls_init (..., GNUTLS_SERVER) gnutls_priority_set( ... ) gnutls_credentials_set (..., GNUTLS_CRD_CERTIFICATE, ...) gnutls_db_set_retrieve_function(..., sr_fetch) gnutls_db_set_remove_function (..., sr_remove) gnutls_db_set_store_function ( ..., sr_store) gnutls_db_set_ptr ( ...) gnutls_transport_set_ptr(...) gnutls_transport_set_lowat( ..., 0 ) gnutls_transport_set_pull_function(...) gnutls_transport_set_push_function(...) gnutls_handshake(...) R:113 Gnutls callback: sr_fetch [key 2e313300c0e985f29a780d6814e0b76ee6e318dc7d0360e7c8f704b570dbdf34] This callback fails because the id is different... Can you see something obviously wrong in this sequence of calls? Thank you in advance! Best regards, Sebastien. Le 17/02/2010 18:24, Nikos Mavrogiannopoulos a ?crit : > On Wed, Feb 17, 2010 at 8:36 AM, Sebastien Decugis wrote: > >> Hello, >> >> I am running in a problem with session resuming, I hope someone can >> understand the source of the issue ^^. Please excuse the long mail... >> > [...] > >> My understanding of the issue is that the server tries to resume a >> session with a different ID than what was stored. Here is exactly the >> sequence of events, I hope it clarifies. >> > As far as I understand from your description this is not normal, something is > weird on the server side. Could you try with a more recent server version? > (i just tried with 2.8.5 version and seems to work ok). There are some fixes > in the session resumption code, but nothing similar to what you describe here. > This looks like a memory corruption. If the problem insists with 2.8.5 > please try > running the server with valgrind on the same hardware. > > regards, > Nikos > > -- Sebastien Decugis Research fellow Network Architecture Group NICT (nict.go.jp) From sdecugis at nict.go.jp Thu Feb 18 08:13:11 2010 From: sdecugis at nict.go.jp (Sebastien Decugis) Date: Thu, 18 Feb 2010 16:13:11 +0900 Subject: Problem with session resuming In-Reply-To: <4B7CE5A9.6050605@nict.go.jp> References: <4B7B9C89.7020801@nict.go.jp> <4B7CE5A9.6050605@nict.go.jp> Message-ID: <4B7CE887.40506@nict.go.jp> Hello again, I just found that my debug routine was actually writing the current timestamp at the beginning of the key id!!! I am very sorry for all the noise because of my stupid mistake... I am going to check again with a fixed routine and let you know if everything is fine now. Best regards, Sebastien. Le 18/02/2010 16:00, Sebastien Decugis a ?crit : > Hello Nikos, all, > > Thank you for your feedback! I just tried with 2.8.5 and got exactly the > same issue. > > Before going further, let me report a few glintches I got with the 2.8.5 > (retrieved from the tag in git), if it is of interest: > - it did not compile "out of the box". There was a warning preventing > the compilation in gnutls_compress.c line 402 about unused label. I > worked around this one by installing libz-dev (maybe worth adding inside > the README-alpha list of packages? or adding #ifdef's around the label?) > - Once I tried to use this new version, I got a "Ohhhh jeeee: operation > is not possible without initialized secure memory" or something similar > from my software. After googling a little bit, I added "gcry_control > (GCRYCTL_DISABLE_SECMEM, NULL, 0);" in my code before calling the > gnutls_global_init(), along with my other initializers for gcry (that I > need because of multithreading). Maybe this should be written in the > GNUTLS manual where examples for multithreading are given (7.2 > Multi-Threaded Applications) ? > > Ok, now to my issue. > > Can you help me with valgrind? I never used it, and I am not sure how I > can proceed... If possible I'd like to avoid spending 1 week learning > about this tool. Thank you in advance :) > BTW: about the hardware I am using, it is two virtualbox virtual > machines (maybe not relevant but anyway). The client is 64bits Ubuntu > Karmic. The server is 32 bits Debian (with 2.8.5 "fresh" GNUTLS). > > For reference, here is the sequence of calls I am doing in gnutls: > > [initialization] > gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread) > gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0) > gcry_control (GCRYCTL_DISABLE_SECMEM, NULL, 0) > gnutls_global_init() > gnutls_certificate_allocate_credentials (...) > gnutls_dh_params_init (...) > gnutls_certificate_set_x509_key_file( ... ) > gnutls_certificate_set_x509_trust_file( ... ) > gnutls_priority_init( ..., GNUTLS_DEFAULT_PRIORITY, ...) > gnutls_dh_params_generate2( ..., GNUTLS_DEFAULT_DHBITS) > > [connection of the client : first, full handshake on stream 0] > gnutls_init (..., GNUTLS_SERVER) > gnutls_priority_set( ... ) > gnutls_credentials_set (..., GNUTLS_CRD_CERTIFICATE, ...) > gnutls_transport_set_ptr(...) > gnutls_transport_set_lowat( ..., 0 ) > gnutls_transport_set_pull_function(...) > gnutls_transport_set_push_function(...) > gnutls_db_set_retrieve_function(..., sr_fetch) > gnutls_db_set_remove_function (..., sr_remove) > gnutls_db_set_store_function ( ..., sr_store) > gnutls_db_set_ptr ( ...) > gnutls_handshake(...) > * at this point, data is exchanged with the client. S: sent, R: > received. number of bytes follows: > R:81 > S:79 > S:2333 > S:44 > S:9 > R:2333 > R:139 > R:6 > R:69 > S:6 > S:85 > Gnutls callback: sr_store, key id: [key > 2e303600c0e985f29a780d6814e0b76ee6e318dc7d0360e7c8f704b570dbdf34] > > This is the detail of the session when I verify the credentials: > - Key Exchange: RSA > - Protocol: TLS1.1 > - Certificate Type: X.509 > - Compression: NULL > - Cipher: AES-128-CBC > - MAC: SHA1 > > [now, I want to start a resumed handshake on other 2 streams.] > [the following happens in paralel in two threads. There are 3 different > gnutls_session_t in total.] > gnutls_init (..., GNUTLS_SERVER) > gnutls_priority_set( ... ) > gnutls_credentials_set (..., GNUTLS_CRD_CERTIFICATE, ...) > gnutls_db_set_retrieve_function(..., sr_fetch) > gnutls_db_set_remove_function (..., sr_remove) > gnutls_db_set_store_function ( ..., sr_store) > gnutls_db_set_ptr ( ...) > gnutls_transport_set_ptr(...) > gnutls_transport_set_lowat( ..., 0 ) > gnutls_transport_set_pull_function(...) > gnutls_transport_set_push_function(...) > gnutls_handshake(...) > R:113 > Gnutls callback: sr_fetch [key > 2e313300c0e985f29a780d6814e0b76ee6e318dc7d0360e7c8f704b570dbdf34] > This callback fails because the id is different... > > > Can you see something obviously wrong in this sequence of calls? > > Thank you in advance! > Best regards, > Sebastien. > > Le 17/02/2010 18:24, Nikos Mavrogiannopoulos a ?crit : > >> On Wed, Feb 17, 2010 at 8:36 AM, Sebastien Decugis wrote: >> >> >>> Hello, >>> >>> I am running in a problem with session resuming, I hope someone can >>> understand the source of the issue ^^. Please excuse the long mail... >>> >>> >> [...] >> >> >>> My understanding of the issue is that the server tries to resume a >>> session with a different ID than what was stored. Here is exactly the >>> sequence of events, I hope it clarifies. >>> >>> >> As far as I understand from your description this is not normal, something is >> weird on the server side. Could you try with a more recent server version? >> (i just tried with 2.8.5 version and seems to work ok). There are some fixes >> in the session resumption code, but nothing similar to what you describe here. >> This looks like a memory corruption. If the problem insists with 2.8.5 >> please try >> running the server with valgrind on the same hardware. >> >> regards, >> Nikos >> >> >> > -- Sebastien Decugis Research fellow Network Architecture Group NICT (nict.go.jp) From sdecugis at nict.go.jp Thu Feb 18 08:29:25 2010 From: sdecugis at nict.go.jp (Sebastien Decugis) Date: Thu, 18 Feb 2010 16:29:25 +0900 Subject: Problem with session resuming In-Reply-To: <4B7CE887.40506@nict.go.jp> References: <4B7B9C89.7020801@nict.go.jp> <4B7CE5A9.6050605@nict.go.jp> <4B7CE887.40506@nict.go.jp> Message-ID: <4B7CEC55.5020702@nict.go.jp> I confirm, session resuming works fine now! Both on 2.8.5 and 2.4.2 (debian stable). Best regards, Sebastien. Le 18/02/2010 16:13, Sebastien Decugis a ?crit : > Hello again, > > I just found that my debug routine was actually writing the current > timestamp at the beginning of the key id!!! I am very sorry for all the > noise because of my stupid mistake... > I am going to check again with a fixed routine and let you know if > everything is fine now. > > Best regards, > Sebastien. > > Le 18/02/2010 16:00, Sebastien Decugis a ?crit : > >> Hello Nikos, all, >> >> Thank you for your feedback! I just tried with 2.8.5 and got exactly the >> same issue. >> >> Before going further, let me report a few glintches I got with the 2.8.5 >> (retrieved from the tag in git), if it is of interest: >> - it did not compile "out of the box". There was a warning preventing >> the compilation in gnutls_compress.c line 402 about unused label. I >> worked around this one by installing libz-dev (maybe worth adding inside >> the README-alpha list of packages? or adding #ifdef's around the label?) >> - Once I tried to use this new version, I got a "Ohhhh jeeee: operation >> is not possible without initialized secure memory" or something similar >> from my software. After googling a little bit, I added "gcry_control >> (GCRYCTL_DISABLE_SECMEM, NULL, 0);" in my code before calling the >> gnutls_global_init(), along with my other initializers for gcry (that I >> need because of multithreading). Maybe this should be written in the >> GNUTLS manual where examples for multithreading are given (7.2 >> Multi-Threaded Applications) ? >> >> Ok, now to my issue. >> >> Can you help me with valgrind? I never used it, and I am not sure how I >> can proceed... If possible I'd like to avoid spending 1 week learning >> about this tool. Thank you in advance :) >> BTW: about the hardware I am using, it is two virtualbox virtual >> machines (maybe not relevant but anyway). The client is 64bits Ubuntu >> Karmic. The server is 32 bits Debian (with 2.8.5 "fresh" GNUTLS). >> >> For reference, here is the sequence of calls I am doing in gnutls: >> >> [initialization] >> gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread) >> gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0) >> gcry_control (GCRYCTL_DISABLE_SECMEM, NULL, 0) >> gnutls_global_init() >> gnutls_certificate_allocate_credentials (...) >> gnutls_dh_params_init (...) >> gnutls_certificate_set_x509_key_file( ... ) >> gnutls_certificate_set_x509_trust_file( ... ) >> gnutls_priority_init( ..., GNUTLS_DEFAULT_PRIORITY, ...) >> gnutls_dh_params_generate2( ..., GNUTLS_DEFAULT_DHBITS) >> >> [connection of the client : first, full handshake on stream 0] >> gnutls_init (..., GNUTLS_SERVER) >> gnutls_priority_set( ... ) >> gnutls_credentials_set (..., GNUTLS_CRD_CERTIFICATE, ...) >> gnutls_transport_set_ptr(...) >> gnutls_transport_set_lowat( ..., 0 ) >> gnutls_transport_set_pull_function(...) >> gnutls_transport_set_push_function(...) >> gnutls_db_set_retrieve_function(..., sr_fetch) >> gnutls_db_set_remove_function (..., sr_remove) >> gnutls_db_set_store_function ( ..., sr_store) >> gnutls_db_set_ptr ( ...) >> gnutls_handshake(...) >> * at this point, data is exchanged with the client. S: sent, R: >> received. number of bytes follows: >> R:81 >> S:79 >> S:2333 >> S:44 >> S:9 >> R:2333 >> R:139 >> R:6 >> R:69 >> S:6 >> S:85 >> Gnutls callback: sr_store, key id: [key >> 2e303600c0e985f29a780d6814e0b76ee6e318dc7d0360e7c8f704b570dbdf34] >> >> This is the detail of the session when I verify the credentials: >> - Key Exchange: RSA >> - Protocol: TLS1.1 >> - Certificate Type: X.509 >> - Compression: NULL >> - Cipher: AES-128-CBC >> - MAC: SHA1 >> >> [now, I want to start a resumed handshake on other 2 streams.] >> [the following happens in paralel in two threads. There are 3 different >> gnutls_session_t in total.] >> gnutls_init (..., GNUTLS_SERVER) >> gnutls_priority_set( ... ) >> gnutls_credentials_set (..., GNUTLS_CRD_CERTIFICATE, ...) >> gnutls_db_set_retrieve_function(..., sr_fetch) >> gnutls_db_set_remove_function (..., sr_remove) >> gnutls_db_set_store_function ( ..., sr_store) >> gnutls_db_set_ptr ( ...) >> gnutls_transport_set_ptr(...) >> gnutls_transport_set_lowat( ..., 0 ) >> gnutls_transport_set_pull_function(...) >> gnutls_transport_set_push_function(...) >> gnutls_handshake(...) >> R:113 >> Gnutls callback: sr_fetch [key >> 2e313300c0e985f29a780d6814e0b76ee6e318dc7d0360e7c8f704b570dbdf34] >> This callback fails because the id is different... >> >> >> Can you see something obviously wrong in this sequence of calls? >> >> Thank you in advance! >> Best regards, >> Sebastien. >> >> Le 17/02/2010 18:24, Nikos Mavrogiannopoulos a ?crit : >> >> >>> On Wed, Feb 17, 2010 at 8:36 AM, Sebastien Decugis wrote: >>> >>> >>> >>>> Hello, >>>> >>>> I am running in a problem with session resuming, I hope someone can >>>> understand the source of the issue ^^. Please excuse the long mail... >>>> >>>> >>>> >>> [...] >>> >>> >>> >>>> My understanding of the issue is that the server tries to resume a >>>> session with a different ID than what was stored. Here is exactly the >>>> sequence of events, I hope it clarifies. >>>> >>>> >>>> >>> As far as I understand from your description this is not normal, something is >>> weird on the server side. Could you try with a more recent server version? >>> (i just tried with 2.8.5 version and seems to work ok). There are some fixes >>> in the session resumption code, but nothing similar to what you describe here. >>> This looks like a memory corruption. If the problem insists with 2.8.5 >>> please try >>> running the server with valgrind on the same hardware. >>> >>> regards, >>> Nikos >>> >>> >>> >>> >> >> > -- Sebastien Decugis Research fellow Network Architecture Group NICT (nict.go.jp) From nmav at gnutls.org Thu Feb 18 08:39:29 2010 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Thu, 18 Feb 2010 08:39:29 +0100 Subject: Problem with session resuming In-Reply-To: <4B7CE5A9.6050605@nict.go.jp> References: <4B7B9C89.7020801@nict.go.jp> <4B7CE5A9.6050605@nict.go.jp> Message-ID: <4B7CEEB1.6020408@gnutls.org> Sebastien Decugis wrote: > Hello Nikos, all, > > Thank you for your feedback! I just tried with 2.8.5 and got exactly the > same issue. > > Before going further, let me report a few glintches I got with the 2.8.5 > (retrieved from the tag in git), if it is of interest: > - it did not compile "out of the box". There was a warning preventing > the compilation in gnutls_compress.c line 402 about unused label. I > worked around this one by installing libz-dev (maybe worth adding inside > the README-alpha list of packages? or adding #ifdef's around the label?) > - Once I tried to use this new version, I got a "Ohhhh jeeee: operation > is not possible without initialized secure memory" or something similar > from my software. After googling a little bit, I added "gcry_control > (GCRYCTL_DISABLE_SECMEM, NULL, 0);" in my code before calling the > gnutls_global_init(), along with my other initializers for gcry (that I > need because of multithreading). Maybe this should be written in the > GNUTLS manual where examples for multithreading are given (7.2 > Multi-Threaded Applications) ? This shouldn't be needed unless you call GCRYCTL_INITIALIZATION_FINISHED in your program. gnutls_global_init() should take care of the functions you describe. Which version of libgcrypt do you use? (does it fix the issue if you use the latest?) regards, Nikos From sdecugis at nict.go.jp Thu Feb 18 11:58:54 2010 From: sdecugis at nict.go.jp (Sebastien Decugis) Date: Thu, 18 Feb 2010 19:58:54 +0900 Subject: Problem with session resuming In-Reply-To: <4B7CEEB1.6020408@gnutls.org> References: <4B7B9C89.7020801@nict.go.jp> <4B7CE5A9.6050605@nict.go.jp> <4B7CEEB1.6020408@gnutls.org> Message-ID: <4B7D1D6E.30607@nict.go.jp> > This shouldn't be needed unless you call GCRYCTL_INITIALIZATION_FINISHED > in your program. gnutls_global_init() should take care of the functions > you describe. Which version of libgcrypt do you use? (does it fix the > issue if you use the latest?) > I was using the Debian default version (1.4.1). I just tested with latest (1.4.5) and the issue is gone. I think I will leave the command in my code, so that it works even with the "bad" mix: gnutls 2.8.5 with gcrypt 1.4.1. Thank you for the tip! Best regards, Sebastien. -- Sebastien Decugis Research fellow Network Architecture Group NICT (nict.go.jp) From simon at josefsson.org Thu Feb 18 13:00:57 2010 From: simon at josefsson.org (Simon Josefsson) Date: Thu, 18 Feb 2010 13:00:57 +0100 Subject: Oracle Weblogic 10.3 + gnutls-cli = A TLS fatal... In-Reply-To: <20100217195112.GA11529@komma-nix.de> (Michael Meyer's message of "Wed, 17 Feb 2010 20:51:12 +0100") References: <877hqe2szt.fsf@mocca.josefsson.org> <20100215201715.GA10302@komma-nix.de> <4B79B13F.9050400@gnutls.org> <87k4ue1axx.fsf@mocca.josefsson.org> <20100216092940.GA2868@komma-nix.de> <87tythwc1z.fsf@mocca.josefsson.org> <20100216143403.GA5626@komma-nix.de> <873a0zq5rw.fsf@mocca.josefsson.org> <20100217161214.GA6516@komma-nix.de> <87635vok92.fsf@mocca.josefsson.org> <20100217195112.GA11529@komma-nix.de> Message-ID: <87ocjmhhxi.fsf@mocca.josefsson.org> Michael Meyer writes: >> Using GnuTLS in known insecure modes just because there are broken >> servers out there doesn't seem like a good idea. Then you might as well >> not use TLS at all, and just use TCP? > > Let me explain. > > OpenVAS stands for Open Vulnerability Assessment System and is a > network security scanner. OpenVAS is a GPL fork of Nessus. > > I try to write a plugin for > http://www.securityfocus.com/bid/37926 > > Normaly this is very simple. See > http://intevydis.blogspot.com/2010/01/oracle-weblogic-1032-node-manager-fun.html > > For that a SSL connection is required. > > in NASL (Nessus Attack Scripting Language) it would look like (simplified): > > ,---| > | port = 5556; > | soc = open_sock_tcp(port, transport: ENCAPS_SSLv3); # or ENCAPS_SSLv23, ENCAPS_TLSv1 > | > | if(!soc) { > | display("NO SOCKET\n\n"); > | } else { > | display("SOCKET OK\n\n"); > | send(socket:soc, data: string("HELLO asdf\r\n")); > | buf = recv(socket:soc, length: 512); > | display("\n",buf,"\n\n"); > | close(soc); > | } > `---| > > Result should be "+OK Node manager v10.3 started". I got always "NO > SOCKET". With any kind of "transport". GnuTLS error at this point is: > "A TLS fatal alert has been received". > > At this point, it's a problem, if GnuTLS (rather the NASL function > open_sock_tcp() which is using GnuTLS) cant't connect to the remote > service because of some problems (e.g. broken certificate, insecure > cipher, ...) on the remote side. It means that I can not recognize the > vulnerability. That's bad. ;) > > That's why i need - whenever humanly possible - a succesfull > connection. In this case I'm not interested whether the connection is > really secure. Thanks for explaining, I understand now. Using the priority string we came up with here seems reasonable if the code is only used for testing this particular vulnerability. In general it is not easy to predict what problem needs to be worked around like we did here, so I cannot give a general recommendation on what to disable/enable to make sure you can always talk to any server. You'll have to test it like you did here, but at least now you should have the information you need to work around several common TLS problems out there. /Simon