OpenLDAP
Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest

Viewing Incoming/6251
Full headers

From: quanah@zimbra.com
Subject: GnuTLS cipher suite failure
Compose comment
Download message
State:
0 replies:
3 followups: 1 2 3

Major security issue: yes  no

Notes:

Notification:


Date: Wed, 12 Aug 2009 19:21:00 +0000
From: quanah@zimbra.com
To: openldap-its@OpenLDAP.org
Subject: GnuTLS cipher suite failure
Full_Name: Quanah Gibson-Mount
Version: 2.4.17
OS: Linux 2.6
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (75.111.29.239)


Debian bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=541256

OpenLDAP+gnutls worked fine for me for more than a year, but now I have
TLS problems again. It started on my unstable client when libnss-ldap
reported:

TLS: could not set cipher list TLS_RSA_AES_256_CBC_SHA1

Then I upgraded gnutls and ldap on my server from lenny to unstable and
now even slapd doesn't start:

TLS: could not set cipher list TLS_RSA_AES_256_CBC_SHA1.
main: TLS init def ctx failed: -1

If I comment out line which defines cipher:

TLSCipherSuite     TLS_RSA_AES_256_CBC_SHA1

it works again.

$ gnutls-cli -l|grep TLS_RSA_AES_256_CBC_SHA1
TLS_RSA_AES_256_CBC_SHA1     0x00, 0x35      SSL3.0

...so I don't see why it shouldn't work.

Followup 1

Download message
Date: Wed, 12 Aug 2009 14:40:51 -0700
From: Howard Chu <hyc@symas.com>
To: quanah@zimbra.com
CC: openldap-its@openldap.org
Subject: Re: (ITS#6251) GnuTLS cipher suite failure
quanah@zimbra.com wrote:
> Full_Name: Quanah Gibson-Mount
> Version: 2.4.17
> OS: Linux 2.6
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (75.111.29.239)
>
>
> Debian bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=541256
>
> OpenLDAP+gnutls worked fine for me for more than a year, but now I have
> TLS problems again. It started on my unstable client when libnss-ldap
> reported:
>
> TLS: could not set cipher list TLS_RSA_AES_256_CBC_SHA1
>
> Then I upgraded gnutls and ldap on my server from lenny to unstable and
> now even slapd doesn't start:
>
> TLS: could not set cipher list TLS_RSA_AES_256_CBC_SHA1.
> main: TLS init def ctx failed: -1
>
> If I comment out line which defines cipher:
>
> TLSCipherSuite     TLS_RSA_AES_256_CBC_SHA1
>
> it works again.
>
> $ gnutls-cli -l|grep TLS_RSA_AES_256_CBC_SHA1
> TLS_RSA_AES_256_CBC_SHA1     0x00, 0x35      SSL3.0
>
> ...so I don't see why it shouldn't work.

This appears to be caused by our switch to using GnuTLS's cipher suite parsing 
functions in 2.4.14 (due to ITS#5887). The syntax that GnuTLS uses is quite 
different from what we were using in 2.4.13 and earlier. Also, the GnuTLS 
documentation on their format is misleading and just plain wrong on several 
points.

We can treat this as an OpenLDAP doc bug, or we can revert to the pre-ITS#5887 
behavior, which still works as expected. (But then we will be incompatible 
with the behavior described in the current GnuTLS documentation. But of 
course, the doc is wrong anyway.)

For reference, the GnuTLS doc says you can list suite names in a semicolon 
separated list, and they may optionally be prefixed with "+" or "-" to add or 
remove particular elements from the list.

In fact, the list must be colon separated, and the "+" is required. Just 
listing the name will cause an error. Also, the actual suite names cannot be 
used, only the individual algorithm names are recognized. So instead of the 
suite name "TLS_RSA_AES_256_CBC_SHA1" you must specify "+AES-256-CBC:+SHA1". 
This method is more error-prone, because it makes it possible to specify a 
list of algorithms that do not conform to any valid suite.

All in all, it may be best to revert back to using our own suite parser and 
ignore the one GnuTLS provides.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/



Followup 2

Download message
Date: Wed, 12 Aug 2009 17:22:42 -0700
From: Howard Chu <hyc@symas.com>
To: openldap-its@openldap.org
Subject: Re: (ITS#6251) GnuTLS cipher suite failure
hyc@symas.com wrote:
> In fact, the list must be colon separated, and the "+" is required. Just
> listing the name will cause an error. Also, the actual suite names cannot
be
> used, only the individual algorithm names are recognized. So instead of the
> suite name "TLS_RSA_AES_256_CBC_SHA1" you must specify
"+AES-256-CBC:+SHA1".

To be precise, you must specify "+RSA:+AES-256-CBC:+SHA1".

> This method is more error-prone, because it makes it possible to specify a
> list of algorithms that do not conform to any valid suite.
>
> All in all, it may be best to revert back to using our own suite parser and
> ignore the one GnuTLS provides.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/



Followup 3

Download message
Date: Wed, 14 Oct 2009 12:04:24 +0800
From: Kent Tong <kent@cpttm.org.mo>
To: openldap-its@OpenLDAP.org
CC: quanah@zimbra.com
Subject: Re: (ITS#6251) GnuTLS cipher suite failure
Hi,

I am having this issue, but setting the cipher suite to
+RSA:+AES-256-CBC:+SHA1 doesn't fix the problem.

slapd.conf:
TLSCipherSuite +RSA:+AES-256-CBC:+SHA1
TLSCACertificateFile /etc/ldap/ssl/cacert.pem
TLSCertificateFile /etc/ldap/ssl/cert.pem
TLSCertificateKeyFile /etc/ldap/ssl/key.pem

Debug log of slapd:
tchingRuleUse: ... supportedFeatures $ supportedApplicationContext ) )
TLS: could not set cipher list +RSA:+AES-256-CBC:+SHA1.
main: TLS init def ctx failed: -1
slapd destroy: freeing system resources.
slapd stopped.

Output of "gnutls-cli -l":
...
TLS_RSA_EXPORT_ARCFOUR_40_MD5                           0x00, 0x03 
SSL 3.0
TLS_RSA_ARCFOUR_SHA1                                    0x00, 0x05 
SSL 3.0
TLS_RSA_ARCFOUR_MD5                                     0x00, 0x04 
SSL 3.0
TLS_RSA_3DES_EDE_CBC_SHA1                               0x00, 0x0a 
SSL 3.0
TLS_RSA_AES_128_CBC_SHA1                                0x00, 0x2f 
SSL 3.0
TLS_RSA_AES_256_CBC_SHA1                                0x00, 0x35 
SSL 3.0
Certificate types: X.509, OPENPGP
Protocols: SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2
Ciphers: AES 256 CBC, AES 128 CBC, 3DES 168 CBC, DES CBC, ARCFOUR 128, 
ARCFOUR 4
0, RC2 40, NULL
MACs: SHA, MD5, SHA256, SHA384, SHA512, MD2, RIPEMD160, NULL
Key exchange algorithms: Anon DH, RSA, RSA EXPORT, DHE RSA, DHE DSS, SRP 
DSS, SR
P RSA, SRP, PSK, DHE PSK
Compression: LZO, DEFLATE, NULL


-- 
Kent Tong
SME accounting software package for just MOP30.
See 
http://www.cpttm.org.mo/index_c.php?pg=cpttm/department/is/ispu/accsys/index.htm

for more.


Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest


The OpenLDAP Issue Tracking System uses a hacked version of JitterBug

______________
© Copyright 2013, OpenLDAP Foundation, info@OpenLDAP.org