[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#959469: openssl 1.1.1n-0+deb10u1 flagged for acceptance

On 2022-03-20 23:15:57 [+0100], Kurt Roeckx wrote:
> > https://ci.debian.net/data/autopkgtest/oldstable/amd64/g/gnutls28/20199677/log.gz
> > 
> > Checking TLS 1.0 with ECDHE-ECDSA (SECP384R1)...
> > %COMPAT: Checking TLS 1.0 with ECDHE-ECDSA (SECP384R1)...
> > *** Fatal error: A TLS fatal alert has been received.
> > Failure: Failed
> > *** Fatal error: A TLS fatal alert has been received.
> > %NO_ETM: Checking TLS 1.0 with ECDHE-ECDSA (SECP384R1)...
> > Failure: Failed
> > *** Fatal error: A TLS fatal alert has been received.
> > Failure: Failed
> > FAIL [11]../../tests/suite/testcompat-main-openssl
> > 
> > Which, according to me, is this check:
> > https://sources.debian.org/src/gnutls28/3.6.7-4%2Bdeb10u7/tests/suite/testcompat-main-openssl/#L307
> 
> That test still seems to exist, but is just moved to a different file:
> https://github.com/gnutls/gnutls/blob/master/tests/suite/testcompat-openssl-cli-common.sh#L255
> 
> My understanding is that gnutls now passes the correct list of signature
> algorithms to use to OpenSSL's s_client to be able to do that test, and
> that this is probably fixed by:
> https://github.com/gnutls/gnutls/commit/23958322865a8a77c2f924f569484e5fd150a24b
> (and https://github.com/gnutls/gnutls/commit/8259a1dc8503ad760c0887eb95278f9957a00667)
> 
> I'm trying to remember what was changed and why, but I can't
> find/remember it.

The change in openssl is commit
   cc7c6eb8135b ("Check that the default signature type is allowed")

The server is
	openssl s_server -quiet -www -accept 57687 -keyform pem -certform pem -tls1 \
	 -key tests/certs/ecc384.pem -cert tests/certs/cert-ecc384.pem -Verify 1 \
	 -named_curve secp384r1 -CAfile tests/certs/ca-cert-ecc.pem

The client is
	/usr/bin/gnutls-cli -p 57687 127.0.0.1 \
	  --priority NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL \
	  --insecure --x509certfile tests/certs/cert-ecc384.pem --x509keyfile tests/certs/ecc384.pem

Before the commit in question it connects as:
  - Description: (TLS1.0)-(ECDHE-SECP384R1)-(AES-256-CBC)-(SHA1)

after that, the server throws:
  140490373015360:error:14201044:SSL routines:tls_choose_sigalg:internal error:../ssl/t1_lib.c:2880:

and it appears that the security level in openssl forbids SHA1 here.
The argument on the s_server side
	 -sigalgs RSA+SHA1:RSA+SHA256:DSA+SHA1:DSA+SHA256

doesn't help here but
	 -cipher "ALL:@SECLEVEL=1"

does. 

> Kurt

Sebastian
Reply to: