Welcome! Log In Create A New Profile

Re: [PATCH 2 of 4] SSL: logging levels of various errors reported with tlsfuzzer

Forum List Message List New Topic Print View

Roman Arutyunyan

March 08, 2023 09:20AM

On Wed, Mar 08, 2023 at 01:07:45AM +0300, Maxim Dounin wrote:
> Hello!
>
> On Tue, Mar 07, 2023 at 06:46:12PM +0400, Roman Arutyunyan wrote:
>
> > Hi,
> >
> > On Wed, Mar 01, 2023 at 05:56:03PM +0300, Maxim Dounin wrote:
> > > # HG changeset patch
> > > # User Maxim Dounin <mdounin@mdounin.ru>
> > > # Date 1677682421 -10800
> > > # Wed Mar 01 17:53:41 2023 +0300
> > > # Node ID c76e163105f1eac7727ce4e6d955fecb38d93e49
> > > # Parent 4d0a265c1d20f22f196680dfcc9d044f9e711865
> > > SSL: logging levels of various errors reported with tlsfuzzer.
> > >
> > > To further differentiate client-related errors and adjust logging levels
> > > of various SSL errors, nginx was tested with tlsfuzzer with multiple
> > > OpenSSL versions (3.1.0-beta1, 3.0.8, 1.1.1t, 1.1.0l, 1.0.2u, 1.0.1u,
> > > 1.0.0s, 0.9.8zh).
> >
> > While mentioned here, OpenSSL 3.1.0-beta1 is not referenced anywhere in the
> > text below. It should be added to the list of versions not adding new client
> > errors compared to other versions.
>
> Thanks for noting. I've generally not considered OpenSSL
> 3.1.0-beta1, since it is mostly identical to OpenSSL 3.0.8 in
> terms of errors and not really a release, but decided to add it to
> the list of tested versions for completeness.
>
> Updated the last paragraph as well:
>
> : No additional client-related errors were observed while testing with
> : OpenSSL 3.1.0-beta1, OpenSSL 1.1.0l, OpenSSL 1.0.1u, OpenSSL 1.0.0s,
> : and OpenSSL 0.9.8zh.
>
> > > The following errors were observed during tlsfuzzer runs with OpenSSL 3.0.8,
> > > and are clearly client-related:
> > >
> > > SSL_do_handshake() failed (SSL: error:0A000092:SSL routines::data length too long)
> > > SSL_do_handshake() failed (SSL: error:0A0000A0:SSL routines::length too short)
> > > SSL_do_handshake() failed (SSL: error:0A000124:SSL routines::bad legacy version)
> > > SSL_do_handshake() failed (SSL: error:0A000178:SSL routines::no shared signature algorithms)
> > >
> > > Accordingly, the SSL_R_DATA_LENGTH_TOO_LONG ("data length too long"),
> > > SSL_R_LENGTH_TOO_SHORT ("length too short"), SSL_R_BAD_LEGACY_VERSION
> > > ("bad legacy version"), and SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS
> > > ("no shared signature algorithms", misspelled as "sigature" in OpenSSL 1.0.2)
> > > errors are now logged at the "info" level.
> > >
> > > Additionally, the following errors were observed with OpenSSL 3.0.8 and
> > > with TLSv1.3 enabled:
> > >
> > > SSL_do_handshake() failed (SSL: error:02800066:Diffie-Hellman routines::invalid public key error:0A000132:SSL routines::bad ecpoint)
> > > SSL_do_handshake() failed (SSL: error:08000066:elliptic curve routines::invalid encoding error:0A000132:SSL routines::bad ecpoint)
> > > SSL_do_handshake() failed (SSL: error:0800006B:elliptic curve routines::point is not on curve error:0A000132:SSL routines::bad ecpoint)
> > > SSL_do_handshake() failed (SSL: error:0A00006F:SSL routines::bad digest length)
> > > SSL_do_handshake() failed (SSL: error:0A000070:SSL routines::missing sigalgs extension)
> > > SSL_do_handshake() failed (SSL: error:0A000096:SSL routines::encrypted length too long)
> > > SSL_do_handshake() failed (SSL: error:0A00010F:SSL routines::bad length)
> > > SSL_read() failed (SSL: error:0A00007A:SSL routines::bad key update)
> > > SSL_read() failed (SSL: error:0A000125:SSL routines::mixed handshake and non handshake data)
> > >
> > > Accordingly, the SSL_R_BAD_ECPOINT ("bad ecpoint"),
> >
> > SSL_R_BAD_ECPOINT is already logged at the "info" level, added by you in
> > cac164d0807e. This text is probably a leftover from testing this without the
> > previous patch applied, in which case a crypto error was analyzed and ignored.
>
> Indeed, thanks for catching. Removed this from the commit log (as
> well as the relevant error messages above).
>
> > > SSL_R_BAD_DIGEST_LENGTH
> > > ("bad digest length"), SSL_R_MISSING_SIGALGS_EXTENSION ("missing sigalgs
> > > extension"), SSL_R_ENCRYPTED_LENGTH_TOO_LONG ("encrypted length too long"),
> > > SSL_R_BAD_LENGTH ("bad length"), SSL_R_BAD_KEY_UPDATE ("bad key update"),
> > > and SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA ("mixed handshake and non
> > > handshake data") errors are now logged at the "info" level.
> > >
> > > Additionally, the following errors were observed with OpenSSL 1.1.1t:
> > >
> > > SSL_do_handshake() failed (SSL: error:14094091:SSL routines:ssl3_read_bytes:data between ccs and finished)
> > > SSL_do_handshake() failed (SSL: error:14094199:SSL routines:ssl3_read_bytes:too many warn alerts)
> > > SSL_read() failed (SSL: error:1408F0C6:SSL routines:ssl3_get_record:packet length too long)
> > > SSL_read() failed (SSL: error:14094085:SSL routines:ssl3_read_bytes:ccs received early)
> > >
> > > Accordingly, the SSL_R_CCS_RECEIVED_EARLY ("ccs received early"),
> > > SSL_R_DATA_BETWEEN_CCS_AND_FINISHED ("data between ccs and finished"),
> > > SSL_R_PACKET_LENGTH_TOO_LONG ("packet length too long"), and
> > > SSL_R_TOO_MANY_WARN_ALERTS ("too many warn alerts") errors are now logged
> > > at the "info" level.
> > >
> > > Additionally, the following errors were observed with OpenSSL 1.0.2u:
> > >
> > > SSL_do_handshake() failed (SSL: error:1407612A:SSL routines:SSL23_GET_CLIENT_HELLO:record too small)
> > > SSL_do_handshake() failed (SSL: error:1408C09A:SSL routines:ssl3_get_finished:got a fin before a ccs)
> > >
> > > Accordingly, the SSL_R_RECORD_TOO_SMALL ("record too small") and
> > > SSL_R_GOT_A_FIN_BEFORE_A_CCS ("got a fin before a ccs") errors are now
> > > logged at the "info" level.
> > >
> > > No additional client-related errors were observed while testing with
> > > OpenSSL 1.1.0l, OpenSSL 1.0.1u, OpenSSL 1.0.0s, and OpenSSL 0.9.8zh.
>
> Full updated commit log:
>
> # HG changeset patch
> # User Maxim Dounin <mdounin@mdounin.ru>
> # Date 1678226771 -10800
> # Wed Mar 08 01:06:11 2023 +0300
> # Node ID a48cbbec723b1a6d4943e877deb21e719c19d09a
> # Parent c011fae23865f04518f9279fb98a312ef8f7a29c
> SSL: logging levels of various errors reported with tlsfuzzer.
>
> To further differentiate client-related errors and adjust logging levels
> of various SSL errors, nginx was tested with tlsfuzzer with multiple
> OpenSSL versions (3.1.0-beta1, 3.0.8, 1.1.1t, 1.1.0l, 1.0.2u, 1.0.1u,
> 1.0.0s, 0.9.8zh).
>
> The following errors were observed during tlsfuzzer runs with OpenSSL 3.0.8,
> and are clearly client-related:
>
> SSL_do_handshake() failed (SSL: error:0A000092:SSL routines::data length too long)
> SSL_do_handshake() failed (SSL: error:0A0000A0:SSL routines::length too short)
> SSL_do_handshake() failed (SSL: error:0A000124:SSL routines::bad legacy version)
> SSL_do_handshake() failed (SSL: error:0A000178:SSL routines::no shared signature algorithms)
>
> Accordingly, the SSL_R_DATA_LENGTH_TOO_LONG ("data length too long"),
> SSL_R_LENGTH_TOO_SHORT ("length too short"), SSL_R_BAD_LEGACY_VERSION
> ("bad legacy version"), and SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS
> ("no shared signature algorithms", misspelled as "sigature" in OpenSSL 1.0.2)
> errors are now logged at the "info" level.
>
> Additionally, the following errors were observed with OpenSSL 3.0.8 and
> with TLSv1.3 enabled:
>
> SSL_do_handshake() failed (SSL: error:0A00006F:SSL routines::bad digest length)
> SSL_do_handshake() failed (SSL: error:0A000070:SSL routines::missing sigalgs extension)
> SSL_do_handshake() failed (SSL: error:0A000096:SSL routines::encrypted length too long)
> SSL_do_handshake() failed (SSL: error:0A00010F:SSL routines::bad length)
> SSL_read() failed (SSL: error:0A00007A:SSL routines::bad key update)
> SSL_read() failed (SSL: error:0A000125:SSL routines::mixed handshake and non handshake data)
>
> Accordingly, the SSL_R_BAD_DIGEST_LENGTH ("bad digest length"),
> SSL_R_MISSING_SIGALGS_EXTENSION ("missing sigalgs extension"),
> SSL_R_ENCRYPTED_LENGTH_TOO_LONG ("encrypted length too long"),
> SSL_R_BAD_LENGTH ("bad length"), SSL_R_BAD_KEY_UPDATE ("bad key update"),
> and SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA ("mixed handshake and non
> handshake data") errors are now logged at the "info" level.
>
> Additionally, the following errors were observed with OpenSSL 1.1.1t:
>
> SSL_do_handshake() failed (SSL: error:14094091:SSL routines:ssl3_read_bytes:data between ccs and finished)
> SSL_do_handshake() failed (SSL: error:14094199:SSL routines:ssl3_read_bytes:too many warn alerts)
> SSL_read() failed (SSL: error:1408F0C6:SSL routines:ssl3_get_record:packet length too long)
> SSL_read() failed (SSL: error:14094085:SSL routines:ssl3_read_bytes:ccs received early)
>
> Accordingly, the SSL_R_CCS_RECEIVED_EARLY ("ccs received early"),
> SSL_R_DATA_BETWEEN_CCS_AND_FINISHED ("data between ccs and finished"),
> SSL_R_PACKET_LENGTH_TOO_LONG ("packet length too long"), and
> SSL_R_TOO_MANY_WARN_ALERTS ("too many warn alerts") errors are now logged
> at the "info" level.
>
> Additionally, the following errors were observed with OpenSSL 1.0.2u:
>
> SSL_do_handshake() failed (SSL: error:1407612A:SSL routines:SSL23_GET_CLIENT_HELLO:record too small)
> SSL_do_handshake() failed (SSL: error:1408C09A:SSL routines:ssl3_get_finished:got a fin before a ccs)
>
> Accordingly, the SSL_R_RECORD_TOO_SMALL ("record too small") and
> SSL_R_GOT_A_FIN_BEFORE_A_CCS ("got a fin before a ccs") errors are now
> logged at the "info" level.
>
> No additional client-related errors were observed while testing with
> OpenSSL 3.1.0-beta1, OpenSSL 1.1.0l, OpenSSL 1.0.1u, OpenSSL 1.0.0s,
> and OpenSSL 0.9.8zh.

Looks ok
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel

Reply Quote

RSS

Subject	Author	Views	Posted
[PATCH 0 of 4] logging levels of SSL errors observed with tlsfuzzer	Maxim Dounin	452	March 01, 2023 10:10AM
[PATCH 1 of 4] SSL: switched to detect log level based on the last error	Maxim Dounin	92	March 01, 2023 10:10AM
Re: [PATCH 1 of 4] SSL: switched to detect log level based on the last error	Roman Arutyunyan	96	March 07, 2023 09:42AM
Re: [PATCH 1 of 4] SSL: switched to detect log level based on the last error	Maxim Dounin	102	March 07, 2023 04:52PM
[PATCH 3 of 4] SSL: logging levels of errors observed with tlsfuzzer and LibreSSL	Maxim Dounin	97	March 01, 2023 10:10AM
Re: [PATCH 3 of 4] SSL: logging levels of errors observed with tlsfuzzer and LibreSSL	Roman Arutyunyan	104	March 07, 2023 09:48AM
Re: [PATCH 3 of 4] SSL: logging levels of errors observed with tlsfuzzer and LibreSSL	Maxim Dounin	179	March 07, 2023 05:26PM
Re: [PATCH 3 of 4] SSL: logging levels of errors observed with tlsfuzzer and LibreSSL	Roman Arutyunyan	95	March 08, 2023 09:24AM
Re: [PATCH 3 of 4] SSL: logging levels of errors observed with tlsfuzzer and LibreSSL	Maxim Dounin	146	March 08, 2023 02:50PM
[PATCH 4 of 4] SSL: logging levels of errors observed with BoringSSL	Maxim Dounin	104	March 01, 2023 10:10AM
Re: [PATCH 4 of 4] SSL: logging levels of errors observed with BoringSSL	Roman Arutyunyan	106	March 07, 2023 09:50AM
[PATCH 2 of 4] SSL: logging levels of various errors reported with tlsfuzzer	Maxim Dounin	149	March 01, 2023 10:12AM
Re: [PATCH 2 of 4] SSL: logging levels of various errors reported with tlsfuzzer	Roman Arutyunyan	108	March 07, 2023 09:48AM
Re: [PATCH 2 of 4] SSL: logging levels of various errors reported with tlsfuzzer	Maxim Dounin	105	March 07, 2023 05:08PM
Re: [PATCH 2 of 4] SSL: logging levels of various errors reported with tlsfuzzer	Roman Arutyunyan	97	March 08, 2023 09:20AM

Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 312

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018