Different SSL behaviours, how to pick ciphers?

classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|

Different SSL behaviours, how to pick ciphers?

André Cruz
Hello.

I'm observing different behaviours when running my Erlang code on two Erlang 18 beam instances. One is running on my macos machine provided by home-brew, and the other comes from the erlang:18 container:

macos:

Erlang/OTP 18 [erts-7.3] [source] [64-bit] [smp:4:4] [async-threads:0] [hipe] [kernel-poll:false] [dtrace]
Eshell V7.3  (abort with ^G)

1> ssl:versions().
[{ssl_app,"7.3"},
 {supported,['tlsv1.2','tlsv1.1',tlsv1]},
 {available,['tlsv1.2','tlsv1.1',tlsv1,sslv3]}]
2> ssl:connect("test.search.windows.net", 443,  [], infinity).
{ok,{sslsocket,{gen_tcp,#Port<0.29349>,tls_connection,
                        undefined},
               <0.109.0>}}


linux container:

Erlang/OTP 18 [erts-7.3.1] [source] [64-bit] [smp:2:2] [async-threads:0] [hipe] [kernel-poll:false]
Eshell V7.3.1  (abort with ^G)

1> ssl:versions().
[{ssl_app,"7.3.3"},
 {supported,['tlsv1.2','tlsv1.1',tlsv1]},
 {available,['tlsv1.2','tlsv1.1',tlsv1,sslv3]}]
2> ssl:connect("test.search.windows.net", 443,  [], infinity).
{error,closed}

As can be seen I cannot establish a connection using the container version of Erlang. Looking at the traffic I can see that the ClientHello message specifies SSLv3 ciphers, while the version that works uses TLS1.2. How can I influence this choice of ciphers? Is it a problem with the openssl lib in the container image?

Thank you and best regards,
André Cruz
_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|

Re: Different SSL behaviours, how to pick ciphers?

André Cruz
On 12 Jul 2016, at 18:51, André Cruz <[hidden email]> wrote:
>
> Hello.
>
> I'm observing different behaviours when running my Erlang code on two Erlang 18 beam instances. One is running on my macos machine provided by home-brew, and the other comes from the erlang:18 container:

Upon further investigation I've noticed that this behaviour started happening with the erlang 18.3.4 deb package provided by Erlang Solutions. Version 18.3 does not exhibit this problem.

André
_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|

Re: Different SSL behaviours, how to pick ciphers?

André Cruz
On 13 Jul 2016, at 10:47, André Cruz <[hidden email]> wrote:
>
> On 12 Jul 2016, at 18:51, André Cruz <[hidden email]> wrote:
>>
>> Hello.
>>
>> I'm observing different behaviours when running my Erlang code on two Erlang 18 beam instances. One is running on my macos machine provided by home-brew, and the other comes from the erlang:18 container:
>
> Upon further investigation I've noticed that this behaviour started happening with the erlang 18.3.4 deb package provided by Erlang Solutions. Version 18.3 does not exhibit this problem.

So, after trying all intermediate versions it seems this behaviour started happening on the transition 18.3.1 -> 18.3.2.

André
_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|

Re: Different SSL behaviours, how to pick ciphers?

Fred Hebert-2
In reply to this post by André Cruz
On 07/12, André Cruz wrote:
>As can be seen I cannot establish a connection using the container
>version of Erlang. Looking at the traffic I can see that the
>ClientHello message specifies SSLv3 ciphers, while the version that
>works uses TLS1.2. How can I influence this choice of ciphers? Is it a
>problem with the openssl lib in the container image?
>

You should at the very least have some basic configuration of SSL in
Erlang -- the one that ships stock isn't particularly great.

Say for example:

[
  {ciphers, Ciphers},
  {honor_cipher_order, true},
  {secure_renegotiate, true},
  {client_renegotiation, false},
  {versions, ['tlsv1.2', 'tlsv1.1', 'tlsv1']}
]

Where `Ciphers' is a list based on either the tools at
https://wiki.mozilla.org/Security/Server_Side_TLS or
http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb-security-policy-table.html 
so you avoid ciphersuites deemed unsafe or which could give you
compatibility issues (with say HTTP/2, which has its own blacklist of
certificates)

As a client -- and possibly as a server -- you'll also want to validate
SSL certificates.  To do so, you can use `certifi' to provide a decent
set of root CAs (https://github.com/certifi/erlang-certifi) and
`ssl_verify_fun' (https://hex.pm/packages/ssl_verify_fun) to do the
actual validation:

[
  {verify, verify_peer},
  {depth, 2},
  {cacerts, certifi:cacerts()},
  {server_name_indication, Hostname},
  {verify_fun, {fun ssl_verify_hostname:verify_fun/3,
                [{check_hostname, Hostname}]}
]

With these options, certificate validation can take place.

In case you want to do certificate pinning (validating that the request
comes or goes to a known certificate -- more useful if you're working
with self-signed stuff), I've so far used `Tak'
(https://github.com/heroku/tak) to generate the SSL configuration
required.

Regards,
Fred.
_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|

Re: Different SSL behaviours, how to pick ciphers?

André Cruz
Hello Fred.

> On 13 Jul 2016, at 14:41, Fred Hebert <[hidden email]> wrote:
>
> On 07/12, André Cruz wrote:
>> As can be seen I cannot establish a connection using the container version of Erlang. Looking at the traffic I can see that the ClientHello message specifies SSLv3 ciphers, while the version that works uses TLS1.2. How can I influence this choice of ciphers? Is it a problem with the openssl lib in the container image?
>>
>
> You should at the very least have some basic configuration of SSL in Erlang -- the one that ships stock isn't particularly great.

I've found the difference in the default SSL configuration between 18.3.1 and 18.3.2.

18.3.1 uses TLS1.2 records:

TLSv1.2 Record Layer: Handshake Protocol: Client Hello
    Content Type: Handshake (22)
    Version: TLS 1.0 (0x0301)
    Length: 279


18.3.2 uses SSL records:

SSL Record Layer: Handshake Protocol: Client Hello
    Content Type: Handshake (22)
    Version: TLS 1.0 (0x0301)
    Length: 249

It's strange to change this default in a minor version upgrade. Is this something that can be configured? I've found that some SSL servers drop the connection immediately when SSL records are used.

Thanks,
André
_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|

Re: Different SSL behaviours, how to pick ciphers?

André Cruz
On 13 Jul 2016, at 17:02, Fred Hebert <[hidden email]> wrote:
>
> On 07/13, André Cruz wrote:
>>
>> It's strange to change this default in a minor version upgrade. Is this something that can be configured? I've found that some SSL servers drop the connection immediately when SSL records are used.
>>
>
> The `versions' tuple should specify the versions in order if you have them configured for your socket. The `honor_cipher_order` thing lets the server force the order you gave as the order to honor for ciphers.

The problem was that since Erlang 18.3.2 the "signature_algorithms" extension is only sent if the supported ssl versions is just 'tlsv1.2'. Since the default is tls 1 though 1.2, this extension is not sent and some servers require it. It's strange that I'm the only one with this problem...

Anyway, the solution in this case was to specify {versions, ['tlsv1.2']}, but if you need to support other tls versions you may need to manually fill the "signature_algs" option.

Best regards,
André Cruz
_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|

Re: Different SSL behaviours, how to pick ciphers?

Bengt Kleberg
In reply to this post by André Cruz
Greetings,

When I read the thread about the cipher problem you seemed happy with
the solution to specify

{versions, ['tlsv1.2']}

I wonder if you could tell me where to set this?


To automate a file copy (scp) from one machine to another (different users, etc) I have an escript that starts ssh application, and then does
        {ok, Connection} = ssh:connect( Hostname, 22, [{user, "x"}, {password, "y"}, {silently_accept_hosts, true}, {connect_timeout, Timeout}], Timeout ),
This fails with
{error, "Unable to connect using the available authentication methods"}

It is not possible to add
{versions, ['tlsv1.2']}
as an option to ssh:connect/4


bengt

_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|

Re: Different SSL behaviours, how to pick ciphers?

PAILLEAU Eric

Hi,
Error you got look to me more another issue.
Looks like your server don't accept login/password authentication but allow only with public-key. But I maybe wrong.

"Envoyé depuis mon mobile " Eric



---- Bengt Kleberg a écrit ----

Greetings,

When I read the thread about the cipher problem you seemed happy with
the solution to specify

{versions, ['tlsv1.2']}

I wonder if you could tell me where to set this?


To automate a file copy (scp) from one machine to another (different users, etc) I have an escript that starts ssh application, and then does
{ok, Connection} = ssh:connect( Hostname, 22, [{user, "x"}, {password, "y"}, {silently_accept_hosts, true}, {connect_timeout, Timeout}], Timeout ),
This fails with
{error, "Unable to connect using the available authentication methods"}

It is not possible to add
{versions, ['tlsv1.2']}
as an option to ssh:connect/4


bengt

_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions

_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|

Re: Different SSL behaviours, how to pick ciphers?

Ingela Andin
In reply to this post by Bengt Kleberg
Hi!

2016-08-08 13:35 GMT+02:00 Bengt Kleberg <[hidden email]>:
Greetings,

When I read the thread about the cipher problem you seemed happy with the solution to specify

{versions, ['tlsv1.2']}

I wonder if you could tell me where to set this?


To automate a file copy (scp) from one machine to another (different users, etc) I have an escript that starts ssh application, and then does
        {ok, Connection} = ssh:connect( Hostname, 22, [{user, "x"}, {password, "y"}, {silently_accept_hosts, true}, {connect_timeout, Timeout}], Timeout ),
This fails with
{error, "Unable to connect using the available authentication methods"}

It is not possible to add
{versions, ['tlsv1.2']}
as an option to ssh:connect/4

That is an ssl option, not an ssh option. ssl and ssh are different protocols!

Regards Ingela Erlang/OTP Team -  Ericsson AB


bengt


_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions


_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|

Re: Different SSL behaviours, how to pick ciphers?

Ingela Andin
In reply to this post by André Cruz
Hi!


2016-07-13 17:27 GMT+02:00 André Cruz <[hidden email]>:
Hello Fred.

> On 13 Jul 2016, at 14:41, Fred Hebert <[hidden email]> wrote:
>
> On 07/12, André Cruz wrote:
>> As can be seen I cannot establish a connection using the container version of Erlang. Looking at the traffic I can see that the ClientHello message specifies SSLv3 ciphers, while the version that works uses TLS1.2. How can I influence this choice of ciphers? Is it a problem with the openssl lib in the container image?
>>
>
> You should at the very least have some basic configuration of SSL in Erlang -- the one that ships stock isn't particularly great.

I've found the difference in the default SSL configuration between 18.3.1 and 18.3.2.

18.3.1 uses TLS1.2 records:

TLSv1.2 Record Layer: Handshake Protocol: Client Hello
    Content Type: Handshake (22)
    Version: TLS 1.0 (0x0301)
    Length: 279


18.3.2 uses SSL records:

SSL Record Layer: Handshake Protocol: Client Hello
    Content Type: Handshake (22)
    Version: TLS 1.0 (0x0301)
    Length: 249

It's strange to change this default in a minor version upgrade. Is this something that can be configured? I've found that some SSL servers drop the connection immediately when SSL records are used.


Huum ... I think this was suppose to be a bug fix, maybe I got it wrong I will investigate.

Regards Ingela Erlang/OTP team - Ericsson AB

 
Thanks,
André
_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions


_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|

Re: Different SSL behaviours, how to pick ciphers?

Ingela Andin
Hi!

I investigated it and as it turns out it is not a bug. RFC 5246 says, 

7.4.1.4.1 Signature Algorithms
[...]
 Note: this extension is not meaningful for TLS versions prior to 1.2.
 Clients MUST NOT offer it if they are offering prior versions.

However the initial client hello will now be sent with the TLS record protocol with lowest version supported, which it failed to do before and that is
why it happened to work before. Extensions are sent for the wanted version and should be ignored if a lower version is negotiated with exception of 
signature algorithms, due to the sentence above. 

Regards Ingela Erlang/OTP Team - Ericsson AB


2016-08-08 17:42 GMT+02:00 Ingela Andin <[hidden email]>:
Hi!


2016-07-13 17:27 GMT+02:00 André Cruz <[hidden email]>:
Hello Fred.

> On 13 Jul 2016, at 14:41, Fred Hebert <[hidden email]> wrote:
>
> On 07/12, André Cruz wrote:
>> As can be seen I cannot establish a connection using the container version of Erlang. Looking at the traffic I can see that the ClientHello message specifies SSLv3 ciphers, while the version that works uses TLS1.2. How can I influence this choice of ciphers? Is it a problem with the openssl lib in the container image?
>>
>
> You should at the very least have some basic configuration of SSL in Erlang -- the one that ships stock isn't particularly great.

I've found the difference in the default SSL configuration between 18.3.1 and 18.3.2.

18.3.1 uses TLS1.2 records:

TLSv1.2 Record Layer: Handshake Protocol: Client Hello
    Content Type: Handshake (22)
    Version: TLS 1.0 (0x0301)
    Length: 279


18.3.2 uses SSL records:

SSL Record Layer: Handshake Protocol: Client Hello
    Content Type: Handshake (22)
    Version: TLS 1.0 (0x0301)
    Length: 249

It's strange to change this default in a minor version upgrade. Is this something that can be configured? I've found that some SSL servers drop the connection immediately when SSL records are used.


Huum ... I think this was suppose to be a bug fix, maybe I got it wrong I will investigate.

Regards Ingela Erlang/OTP team - Ericsson AB

 
Thanks,
André
_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions



_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions