Welcome! Log In Create A New Profile

Advanced

Re: [PATCH 2 of 4] SSL: logging levels of various errors reported with tlsfuzzer

Maxim Dounin
March 07, 2023 05:08PM
Hello!

On Tue, Mar 07, 2023 at 06:46:12PM +0400, Roman Arutyunyan wrote:

> Hi,
>
> On Wed, Mar 01, 2023 at 05:56:03PM +0300, Maxim Dounin wrote:
> > # HG changeset patch
> > # User Maxim Dounin <mdounin@mdounin.ru>
> > # Date 1677682421 -10800
> > # Wed Mar 01 17:53:41 2023 +0300
> > # Node ID c76e163105f1eac7727ce4e6d955fecb38d93e49
> > # Parent 4d0a265c1d20f22f196680dfcc9d044f9e711865
> > SSL: logging levels of various errors reported with tlsfuzzer.
> >
> > To further differentiate client-related errors and adjust logging levels
> > of various SSL errors, nginx was tested with tlsfuzzer with multiple
> > OpenSSL versions (3.1.0-beta1, 3.0.8, 1.1.1t, 1.1.0l, 1.0.2u, 1.0.1u,
> > 1.0.0s, 0.9.8zh).
>
> While mentioned here, OpenSSL 3.1.0-beta1 is not referenced anywhere in the
> text below. It should be added to the list of versions not adding new client
> errors compared to other versions.

Thanks for noting. I've generally not considered OpenSSL
3.1.0-beta1, since it is mostly identical to OpenSSL 3.0.8 in
terms of errors and not really a release, but decided to add it to
the list of tested versions for completeness.

Updated the last paragraph as well:

: No additional client-related errors were observed while testing with
: OpenSSL 3.1.0-beta1, OpenSSL 1.1.0l, OpenSSL 1.0.1u, OpenSSL 1.0.0s,
: and OpenSSL 0.9.8zh.

> > The following errors were observed during tlsfuzzer runs with OpenSSL 3.0.8,
> > and are clearly client-related:
> >
> > SSL_do_handshake() failed (SSL: error:0A000092:SSL routines::data length too long)
> > SSL_do_handshake() failed (SSL: error:0A0000A0:SSL routines::length too short)
> > SSL_do_handshake() failed (SSL: error:0A000124:SSL routines::bad legacy version)
> > SSL_do_handshake() failed (SSL: error:0A000178:SSL routines::no shared signature algorithms)
> >
> > Accordingly, the SSL_R_DATA_LENGTH_TOO_LONG ("data length too long"),
> > SSL_R_LENGTH_TOO_SHORT ("length too short"), SSL_R_BAD_LEGACY_VERSION
> > ("bad legacy version"), and SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS
> > ("no shared signature algorithms", misspelled as "sigature" in OpenSSL 1.0.2)
> > errors are now logged at the "info" level.
> >
> > Additionally, the following errors were observed with OpenSSL 3.0.8 and
> > with TLSv1.3 enabled:
> >
> > SSL_do_handshake() failed (SSL: error:02800066:Diffie-Hellman routines::invalid public key error:0A000132:SSL routines::bad ecpoint)
> > SSL_do_handshake() failed (SSL: error:08000066:elliptic curve routines::invalid encoding error:0A000132:SSL routines::bad ecpoint)
> > SSL_do_handshake() failed (SSL: error:0800006B:elliptic curve routines::point is not on curve error:0A000132:SSL routines::bad ecpoint)
> > SSL_do_handshake() failed (SSL: error:0A00006F:SSL routines::bad digest length)
> > SSL_do_handshake() failed (SSL: error:0A000070:SSL routines::missing sigalgs extension)
> > SSL_do_handshake() failed (SSL: error:0A000096:SSL routines::encrypted length too long)
> > SSL_do_handshake() failed (SSL: error:0A00010F:SSL routines::bad length)
> > SSL_read() failed (SSL: error:0A00007A:SSL routines::bad key update)
> > SSL_read() failed (SSL: error:0A000125:SSL routines::mixed handshake and non handshake data)
> >
> > Accordingly, the SSL_R_BAD_ECPOINT ("bad ecpoint"),
>
> SSL_R_BAD_ECPOINT is already logged at the "info" level, added by you in
> cac164d0807e. This text is probably a leftover from testing this without the
> previous patch applied, in which case a crypto error was analyzed and ignored.

Indeed, thanks for catching. Removed this from the commit log (as
well as the relevant error messages above).

> > SSL_R_BAD_DIGEST_LENGTH
> > ("bad digest length"), SSL_R_MISSING_SIGALGS_EXTENSION ("missing sigalgs
> > extension"), SSL_R_ENCRYPTED_LENGTH_TOO_LONG ("encrypted length too long"),
> > SSL_R_BAD_LENGTH ("bad length"), SSL_R_BAD_KEY_UPDATE ("bad key update"),
> > and SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA ("mixed handshake and non
> > handshake data") errors are now logged at the "info" level.
> >
> > Additionally, the following errors were observed with OpenSSL 1.1.1t:
> >
> > SSL_do_handshake() failed (SSL: error:14094091:SSL routines:ssl3_read_bytes:data between ccs and finished)
> > SSL_do_handshake() failed (SSL: error:14094199:SSL routines:ssl3_read_bytes:too many warn alerts)
> > SSL_read() failed (SSL: error:1408F0C6:SSL routines:ssl3_get_record:packet length too long)
> > SSL_read() failed (SSL: error:14094085:SSL routines:ssl3_read_bytes:ccs received early)
> >
> > Accordingly, the SSL_R_CCS_RECEIVED_EARLY ("ccs received early"),
> > SSL_R_DATA_BETWEEN_CCS_AND_FINISHED ("data between ccs and finished"),
> > SSL_R_PACKET_LENGTH_TOO_LONG ("packet length too long"), and
> > SSL_R_TOO_MANY_WARN_ALERTS ("too many warn alerts") errors are now logged
> > at the "info" level.
> >
> > Additionally, the following errors were observed with OpenSSL 1.0.2u:
> >
> > SSL_do_handshake() failed (SSL: error:1407612A:SSL routines:SSL23_GET_CLIENT_HELLO:record too small)
> > SSL_do_handshake() failed (SSL: error:1408C09A:SSL routines:ssl3_get_finished:got a fin before a ccs)
> >
> > Accordingly, the SSL_R_RECORD_TOO_SMALL ("record too small") and
> > SSL_R_GOT_A_FIN_BEFORE_A_CCS ("got a fin before a ccs") errors are now
> > logged at the "info" level.
> >
> > No additional client-related errors were observed while testing with
> > OpenSSL 1.1.0l, OpenSSL 1.0.1u, OpenSSL 1.0.0s, and OpenSSL 0.9.8zh.

Full updated commit log:

# HG changeset patch
# User Maxim Dounin <mdounin@mdounin.ru>
# Date 1678226771 -10800
# Wed Mar 08 01:06:11 2023 +0300
# Node ID a48cbbec723b1a6d4943e877deb21e719c19d09a
# Parent c011fae23865f04518f9279fb98a312ef8f7a29c
SSL: logging levels of various errors reported with tlsfuzzer.

To further differentiate client-related errors and adjust logging levels
of various SSL errors, nginx was tested with tlsfuzzer with multiple
OpenSSL versions (3.1.0-beta1, 3.0.8, 1.1.1t, 1.1.0l, 1.0.2u, 1.0.1u,
1.0.0s, 0.9.8zh).

The following errors were observed during tlsfuzzer runs with OpenSSL 3.0.8,
and are clearly client-related:

SSL_do_handshake() failed (SSL: error:0A000092:SSL routines::data length too long)
SSL_do_handshake() failed (SSL: error:0A0000A0:SSL routines::length too short)
SSL_do_handshake() failed (SSL: error:0A000124:SSL routines::bad legacy version)
SSL_do_handshake() failed (SSL: error:0A000178:SSL routines::no shared signature algorithms)

Accordingly, the SSL_R_DATA_LENGTH_TOO_LONG ("data length too long"),
SSL_R_LENGTH_TOO_SHORT ("length too short"), SSL_R_BAD_LEGACY_VERSION
("bad legacy version"), and SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS
("no shared signature algorithms", misspelled as "sigature" in OpenSSL 1.0.2)
errors are now logged at the "info" level.

Additionally, the following errors were observed with OpenSSL 3.0.8 and
with TLSv1.3 enabled:

SSL_do_handshake() failed (SSL: error:0A00006F:SSL routines::bad digest length)
SSL_do_handshake() failed (SSL: error:0A000070:SSL routines::missing sigalgs extension)
SSL_do_handshake() failed (SSL: error:0A000096:SSL routines::encrypted length too long)
SSL_do_handshake() failed (SSL: error:0A00010F:SSL routines::bad length)
SSL_read() failed (SSL: error:0A00007A:SSL routines::bad key update)
SSL_read() failed (SSL: error:0A000125:SSL routines::mixed handshake and non handshake data)

Accordingly, the SSL_R_BAD_DIGEST_LENGTH ("bad digest length"),
SSL_R_MISSING_SIGALGS_EXTENSION ("missing sigalgs extension"),
SSL_R_ENCRYPTED_LENGTH_TOO_LONG ("encrypted length too long"),
SSL_R_BAD_LENGTH ("bad length"), SSL_R_BAD_KEY_UPDATE ("bad key update"),
and SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA ("mixed handshake and non
handshake data") errors are now logged at the "info" level.

Additionally, the following errors were observed with OpenSSL 1.1.1t:

SSL_do_handshake() failed (SSL: error:14094091:SSL routines:ssl3_read_bytes:data between ccs and finished)
SSL_do_handshake() failed (SSL: error:14094199:SSL routines:ssl3_read_bytes:too many warn alerts)
SSL_read() failed (SSL: error:1408F0C6:SSL routines:ssl3_get_record:packet length too long)
SSL_read() failed (SSL: error:14094085:SSL routines:ssl3_read_bytes:ccs received early)

Accordingly, the SSL_R_CCS_RECEIVED_EARLY ("ccs received early"),
SSL_R_DATA_BETWEEN_CCS_AND_FINISHED ("data between ccs and finished"),
SSL_R_PACKET_LENGTH_TOO_LONG ("packet length too long"), and
SSL_R_TOO_MANY_WARN_ALERTS ("too many warn alerts") errors are now logged
at the "info" level.

Additionally, the following errors were observed with OpenSSL 1.0.2u:

SSL_do_handshake() failed (SSL: error:1407612A:SSL routines:SSL23_GET_CLIENT_HELLO:record too small)
SSL_do_handshake() failed (SSL: error:1408C09A:SSL routines:ssl3_get_finished:got a fin before a ccs)

Accordingly, the SSL_R_RECORD_TOO_SMALL ("record too small") and
SSL_R_GOT_A_FIN_BEFORE_A_CCS ("got a fin before a ccs") errors are now
logged at the "info" level.

No additional client-related errors were observed while testing with
OpenSSL 3.1.0-beta1, OpenSSL 1.1.0l, OpenSSL 1.0.1u, OpenSSL 1.0.0s,
and OpenSSL 0.9.8zh.


--
Maxim Dounin
http://mdounin.ru/
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

[PATCH 0 of 4] logging levels of SSL errors observed with tlsfuzzer

Maxim Dounin 526 March 01, 2023 10:10AM

[PATCH 1 of 4] SSL: switched to detect log level based on the last error

Maxim Dounin 143 March 01, 2023 10:10AM

Re: [PATCH 1 of 4] SSL: switched to detect log level based on the last error

Roman Arutyunyan 143 March 07, 2023 09:42AM

Re: [PATCH 1 of 4] SSL: switched to detect log level based on the last error

Maxim Dounin 154 March 07, 2023 04:52PM

[PATCH 3 of 4] SSL: logging levels of errors observed with tlsfuzzer and LibreSSL

Maxim Dounin 144 March 01, 2023 10:10AM

Re: [PATCH 3 of 4] SSL: logging levels of errors observed with tlsfuzzer and LibreSSL

Roman Arutyunyan 148 March 07, 2023 09:48AM

Re: [PATCH 3 of 4] SSL: logging levels of errors observed with tlsfuzzer and LibreSSL

Maxim Dounin 262 March 07, 2023 05:26PM

Re: [PATCH 3 of 4] SSL: logging levels of errors observed with tlsfuzzer and LibreSSL

Roman Arutyunyan 147 March 08, 2023 09:24AM

Re: [PATCH 3 of 4] SSL: logging levels of errors observed with tlsfuzzer and LibreSSL

Maxim Dounin 197 March 08, 2023 02:50PM

[PATCH 4 of 4] SSL: logging levels of errors observed with BoringSSL

Maxim Dounin 143 March 01, 2023 10:10AM

Re: [PATCH 4 of 4] SSL: logging levels of errors observed with BoringSSL

Roman Arutyunyan 148 March 07, 2023 09:50AM

[PATCH 2 of 4] SSL: logging levels of various errors reported with tlsfuzzer

Maxim Dounin 204 March 01, 2023 10:12AM

Re: [PATCH 2 of 4] SSL: logging levels of various errors reported with tlsfuzzer

Roman Arutyunyan 149 March 07, 2023 09:48AM

Re: [PATCH 2 of 4] SSL: logging levels of various errors reported with tlsfuzzer

Maxim Dounin 147 March 07, 2023 05:08PM

Re: [PATCH 2 of 4] SSL: logging levels of various errors reported with tlsfuzzer

Roman Arutyunyan 138 March 08, 2023 09:20AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 138
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready