Hi Joel, Brent,
Thanks for the clarification!
Joel: You're not seeing me doing an s_server -ssl3 as I was assuming
that was not available, I was using OpenSSL 1.0.1j from FreeBSD 10.1
base to run the sslv3-only server.
Just tested and indeed it is still possible to create an SSLv3 server
with LibreSSL 2.1.1
$ /usr/local/bin/openssl s_server -ssl3 -accept 4443
Using default temp DH parameters
Using default temp ECDH parameters
ACCEPT
-----BEGIN SSL SESSION PARAMETERS-----
MHUCAQECAgMABALAFAQgQIMFttih6H+d/qjB8ckEsiZiM+YbpJaXh9bCrKoNVWwE
MIrKGaJqgQagkKufuctMdtzWf6Yj6LYgoJwDF/csnIERa8M6S78SIhUn4enymt3Z
gaEGAgRUdKPOogQCAhwgpAYEBAEAAAA=
-----END SSL SESSION PARAMETERS-----
Shared
ciphers:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-SHA:IDEA-CBC-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA
CIPHER is ECDHE-RSA-AES256-SHA
Secure Renegotiation IS supported
ERROR
shutting down SSL
CONNECTION CLOSED
ACCEPT
again, /usr/local/bin/openssl is LibreSSL 2.1.1
(/usr/bin/)openssl is "OpenSSL 1.0.1j-freebsd 15 Oct 2014" from FreeBSD
10.1-RELEASE
Kind regards,
Bernard Spil.
On 2014-11-25 15:40, Joel Sing wrote:
On Tue, 25 Nov 2014, Bernard Spil wrote:
Hi,
Running LibreSSL portable 2.1.1 from FreeBSD ports on FreeBSD 10.1
$ /usr/local/bin/openssl version
LibreSSL 2.1
$ uname -a
FreeBSD meterkast3.example.org 10.1-RELEASE FreeBSD 10.1-RELEASE #0
r264324M: Tue Nov 11 13:46:58 CET 2014
r...@meterkast3.example.org:/usr/obj/usr/src/sys/BEASTIE101 amd64
To my surprise, the LibreSSL openssl binary does not see the -sslv3
option as an error. (examples and captures with google.com server)
$ /usr/local/bin/openssl s_client -connect 173.194.65.147:443 -ssl3
CONNECTED(00000003)
where I would expect the same behaviour as e.g. openssl 0.9.8 when
calling it with the -tls1_2 option.
Next to that I see that it succefully negotiates a connection using an
ssl3-capable server.
Client Hello and Server Hello both have 0x0300 as can be seen in
attached capture and at end of this mail.
Is this expected behaviour?
Yes.
I.e. has LibreSSL only removed the sslv3 server capability?
SSLv3 has only been disabled by default - if you explicitly ask for it
then
you still get it. In the case of s_client, the -ssl3 option explicitly
switches to the SSLv3 client method, hence it will *only* negotiate
SSLv3.
When I setup an SSL server with OpenSSL 1.0.1j from base, I can not
connect to it straight away but I can connect when I use -ssl3 (both
in
log below)
Are you saying that running 'openssl s_client' fails to connect to
'openssl
s_server'? I do not see any example where you are not specifying -ssl3
with
s_server - by doing that you can only ever connect to it with SSLv3
(-ssl3
does not enable the negotiation of SSLv3, it makes it SSLv3 *only*).
$ openssl version
OpenSSL 1.0.1j-freebsd 15 Oct 2014
$ openssl s_server -ssl3 -accept 4443
Using default temp DH parameters
Using default temp ECDH parameters
ACCEPT
ERROR
shutting down SSL
CONNECTION CLOSED
ACCEPT
-----BEGIN SSL SESSION PARAMETERS-----
<snip>
-----END SSL SESSION PARAMETERS-----
<snip>CIPHER is ECDHE-RSA-AES256-SHA
Secure Renegotiation IS supported
DONE
shutting down SSL
CONNECTION CLOSED
ACCEPT
$ /usr/local/bin/openssl s_client -connect localhost:4443
CONNECTED(00000003)
34378806536:error:14077102:SSL
routines:SSL23_GET_SERVER_HELLO:unsupported protocol:s23_clnt.c:497:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 280 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
$ /usr/local/bin/openssl s_client -connect localhost:4443 -ssl3
<snip>
---
SSL handshake has read 1524 bytes and written 262 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : SSLv3
Cipher : ECDHE-RSA-AES256-SHA
Session-ID:
468B5F3CE1CF1CDA9F49312EE9424BD985B22FC1A9EA92692C9C6EB818F0C725
Session-ID-ctx:
Master-Key:
78D830C15F518C6FC9C5D9760B8B3F09D58F516944E72C9F2A89D3B3E6DD6D78189B1B0A702
D4FBB8CDDEBF83B19A433 Start Time: 1416914867
Timeout : 7200 (sec)
Verify return code: 21 (unable to verify the first certificate)
---
Thanks!
Bernard (Barnerd) Spil.
depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/C=US/ST=California/L=Mountain View/O=Google
Inc/CN=www.google.com
i:/C=US/O=Google Inc/CN=Google Internet Authority G2
1 s:/C=US/O=Google Inc/CN=Google Internet Authority G2
i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
<snip>
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Mountain View/O=Google
Inc/CN=www.google.com
issuer=/C=US/O=Google Inc/CN=Google Internet Authority G2
---
No client certificate CA names sent
---
SSL handshake has read 3578 bytes and written 258 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-RC4-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : SSLv3
Cipher : ECDHE-RSA-RC4-SHA
Session-ID:
D807A5102140A0D0F5DF4562E961C485F7C0D506572FF7852D61207576F3C5A5
Session-ID-ctx:
Master-Key:
175DDE1E866E41DC8F9D64779B0BBB5F4AA663F2DBF1EB1C312036CFE9E580997653A73CB6C
7AEB2310B6D5793F13C55 Start Time: 1416913094
Timeout : 7200 (sec)
Verify return code: 20 (unable to get local issuer certificate)
---
