SSL Handlshake

Stefan Kleineikenscheidt added a comment - 09/Jan/08 5:45 AM This actually also happens with the latest code from SVN (6.2-SNAPHOT). Here is debug output from ssltap ( http://www.mozilla.org/projects/security/pki/nss/tools/ssltap.html): 1.) Successful handshake: C:\SKL\Stuff>ssltap -slx -p 4443 localhost:8443 Looking up "localhost"... Proxy socket ready and listening Connection #1 [Wed Jan 09 12:24:05 2008] Connected to localhost:8443 --> [ (142 bytes of 137) SSLRecord { [Wed Jan 09 12:24:05 2008] 0: 16 03 01 00 89 |..... type = 22 (handshake) version = { 3,1 } length = 137 (0x89) handshake { 0: 01 00 00 85 |.... type = 1 (client_hello) length = 133 (0x000085) ClientHelloV3 { client_version = {3, 1} random = {...} 0: 00 01 6c ad e4 a3 70 11 01 33 86 c3 78 ff 01 f9 | ..l¡õúp..3.├x... 10: a4 c2 73 7f d4 14 9e 46 69 ac 98 ad 62 10 f3 26 | ñ┬s.È.×Fi¼ÿ¡b.¾& session ID = { length = 0 contents = {..} } cipher_suites [28] = { (0xc00a) ????/????????/?????????/??? (0xc014) ????/????????/?????????/??? (0x0039) TLS/DHE-RSA/AES256-CBC/SHA (0x0038) TLS/DHE-DSS/AES256-CBC/SHA (0xc00f) ????/????????/?????????/??? (0xc005) ????/????????/?????????/??? (0x0035) TLS/RSA/AES256-CBC/SHA (0xc007) ????/????????/?????????/??? (0xc009) ????/????????/?????????/??? (0xc011) ????/????????/?????????/??? (0xc013) ????/????????/?????????/??? (0x0033) TLS/DHE-RSA/AES128-CBC/SHA (0x0032) TLS/DHE-DSS/AES128-CBC/SHA (0xc00c) ????/????????/?????????/??? (0xc00e) ????/????????/?????????/??? (0xc002) ????/????????/?????????/??? (0xc004) ????/????????/?????????/??? (0x0004) SSL3/RSA/RC4-128/MD5 (0x0005) SSL3/RSA/RC4-128/SHA (0x002f) TLS/RSA/AES128-CBC/SHA (0xc008) ????/????????/?????????/??? (0xc012) ????/????????/?????????/??? (0x0016) SSL3/DHE-RSA/3DES192EDE-CBC/SHA (0x0013) SSL3/DHE-DSS/DES192EDE3CBC/SHA (0xc00d) ????/????????/?????????/??? (0xc003) ????/????????/?????????/??? (0xfeff) SSL3/RSA-FIPS/3DESEDE-CBC/SHA (0x000a) SSL3/RSA/3DES192EDE-CBC/SHA } } } } ] <-- [ (1160 bytes of 1155) SSLRecord { [Wed Jan 09 12:24:05 2008] 0: 16 03 01 04 83 |....â type = 22 (handshake) version = { 3,1 } length = 1155 (0x483) handshake { 0: 02 00 00 46 |...F type = 2 (server_hello) length = 70 (0x000046) ServerHello { server_version = {3, 1} random = {...} 0: 47 84 ae d5 a3 f9 5c f0 52 69 98 89 9e 2d 2c e6 | Gä«ıú.\­Riÿ.×-,. 10: 67 0d c8 f0 e4 a9 4b 08 2d d5 39 59 3c 9e dd d3 | g.╚­õ.K.-ı9Y<×.Ë session ID = { length = 32 contents = {..} 0: 47 84 ae d5 c3 99 8d b3 77 f6 da bc 6f 44 4a 4d | Gä«ı├Öì│w..╝oDJM 10: d2 d1 69 f8 e8 3f 0c ef f5 e0 18 ef e7 95 b4 69 | ÊÐi°Þ?.´.Ó.´þò┤i } cipher_suite = (0x0032) TLS/DHE-DSS/AES128-CBC/SHA } 0: 0b 00 02 f6 |.... type = 11 (certificate) length = 758 (0x0002f6) CertificateChain { chainlength = 755 (0x02f3) Certificate { size = 752 (0x02f0) data = { saved in file 'cert.001' } } } 0: 0c 00 01 37 |...7 type = 12 (server_key_exchange) length = 311 (0x000137) 0: 0e 00 00 00 |.... type = 14 (server_hello_done) length = 0 (0x000000) } } ] --> [ (198 bytes of 134, with 59 left over) SSLRecord { [Wed Jan 09 12:24:05 2008] 0: 16 03 01 00 86 |..... type = 22 (handshake) version = { 3,1 } length = 134 (0x86) handshake { 0: 10 00 00 82 |.... type = 16 (client_key_exchange) length = 130 (0x000082) ClientKeyExchange { message = {...} } } } (198 bytes of 1, with 53 left over) SSLRecord { [Wed Jan 09 12:24:05 2008] 0: 14 03 01 00 01 |..... type = 20 (change_cipher_spec) version = { 3,1 } length = 1 (0x1) 0: 01 |. } (198 bytes of 48) SSLRecord { [Wed Jan 09 12:24:05 2008] 0: 16 03 01 00 30 |....0 type = 22 (handshake) version = { 3,1 } length = 48 (0x30) < encrypted > } ] <-- [ (6 bytes of 1) SSLRecord { [Wed Jan 09 12:24:05 2008] 0: 14 03 01 00 01 |..... type = 20 (change_cipher_spec) version = { 3,1 } length = 1 (0x1) 0: 01 |. } ] <-- [ (53 bytes of 48) SSLRecord { [Wed Jan 09 12:24:05 2008] 0: 16 03 01 00 30 |....0 type = 22 (handshake) version = { 3,1 } length = 48 (0x30) < encrypted > } ] --> [ (485 bytes of 480) SSLRecord { [Wed Jan 09 12:24:05 2008] 0: 17 03 01 01 e0 |....Ó type = 23 (application_data) version = { 3,1 } length = 480 (0x1e0) < encrypted > } ] <-- [ (165 bytes of 160) SSLRecord { [Wed Jan 09 12:24:05 2008] 0: 17 03 01 00 a0 |....á type = 23 (application_data) version = { 3,1 } length = 160 (0xa0) < encrypted > } ] <-- [ (261 bytes of 256) SSLRecord { [Wed Jan 09 12:24:05 2008] 0: 17 03 01 01 00 |..... type = 23 (application_data) version = { 3,1 } length = 256 (0x100) < encrypted > } ] --> [ (421 bytes of 416) SSLRecord { [Wed Jan 09 12:24:05 2008] 0: 17 03 01 01 a0 |....á type = 23 (application_data) version = { 3,1 } length = 416 (0x1a0) < encrypted > } ] <-- [ (149 bytes of 144) SSLRecord { [Wed Jan 09 12:24:05 2008] 0: 17 03 01 00 90 |....É type = 23 (application_data) version = { 3,1 } length = 144 (0x90) < encrypted > } ] <-- [ (1429 bytes of 1424) SSLRecord { [Wed Jan 09 12:24:05 2008] 0: 17 03 01 05 90 |....É type = 23 (application_data) version = { 3,1 } length = 1424 (0x590) < encrypted > } ] <-- [ (37 bytes of 32) SSLRecord { [Wed Jan 09 12:24:36 2008] 0: 15 03 01 00 20 |.... type = 21 (alert) version = { 3,1 } length = 32 (0x20) < encrypted > } ] Read EOF on Server socket. [Wed Jan 09 12:24:36 2008] Read EOF on Client socket. [Wed Jan 09 12:24:44 2008] Connection 1 Complete [Wed Jan 09 12:24:44 2008] 2.) Handshake error: C:\SKL\Stuff>ssltap -slx -p 6443 localhost:8443 Looking up "localhost"... Proxy socket ready and listening Connection #1 [Wed Jan 09 12:18:41 2008] Connected to localhost:8443 --> [ alloclen = 63 bytes (63 bytes of 63) [Wed Jan 09 12:18:41 2008] [ssl2] ClientHelloV2 { version = {0x03, 0x00} cipher-specs-length = 36 (0x24) sid-length = 0 (0x00) challenge-length = 16 (0x10) cipher-suites = { (0x000039) TLS/DHE-RSA/AES256-CBC/SHA (0x000038) TLS/DHE-DSS/AES256-CBC/SHA (0x000035) TLS/RSA/AES256-CBC/SHA (0x000033) TLS/DHE-RSA/AES128-CBC/SHA (0x000032) TLS/DHE-DSS/AES128-CBC/SHA (0x000004) SSL3/RSA/RC4-128/MD5 (0x000005) SSL3/RSA/RC4-128/SHA (0x00002f) TLS/RSA/AES128-CBC/SHA (0x000016) SSL3/DHE-RSA/3DES192EDE-CBC/SHA (0x000013) SSL3/DHE-DSS/DES192EDE3CBC/SHA (0x00feff) SSL3/RSA-FIPS/3DESEDE-CBC/SHA (0x00000a) SSL3/RSA/3DES192EDE-CBC/SHA } session-id = { } challenge = { 0xa954 0x2122 0x3e82 0xb993 0xd72f 0xea54 0x779f 0x958c } } ] <-- [ (1161 bytes of 1156) SSLRecord { [Wed Jan 09 12:18:41 2008] 0: 16 03 00 04 84 |....ä type = 22 (handshake) version = { 3,0 } length = 1156 (0x484) handshake { 0: 02 00 00 46 |...F type = 2 (server_hello) length = 70 (0x000046) ServerHello { server_version = {3, 0} random = {...} 0: 47 84 ad 91 a1 f6 cb e5 f8 e2 f0 46 60 4b dd 48 | Gä¡æí.╦.°.­F`K.H 10: 13 a8 93 96 d2 4f 2b d8 2d fe 49 2f 22 e5 29 5e | .¿ôûÊO+Ï-.I/".)^ session ID = { length = 32 contents = {..} 0: 47 84 ad 91 84 b7 ef 62 92 fb 03 d7 8a 41 ae 82 | Gä¡æäÀ´bƹ.Î.A«. 10: d5 57 a3 e0 24 cc b5 2e b2 c7 29 3d 3a 37 a6 11 | ıWúÓ$╠Á.▓Ã)=:7ª. } cipher_suite = (0x0032) TLS/DHE-DSS/AES128-CBC/SHA } 0: 0b 00 02 f6 |.... type = 11 (certificate) length = 758 (0x0002f6) CertificateChain { chainlength = 755 (0x02f3) Certificate { size = 752 (0x02f0) data = { saved in file 'cert.001' } } } 0: 0c 00 01 38 |...8 type = 12 (server_key_exchange) length = 312 (0x000138) 0: 0e 00 00 00 |.... type = 14 (server_hello_done) length = 0 (0x000000) } } ] --> [ (7 bytes of 2) SSLRecord { [Wed Jan 09 12:18:41 2008] 0: 15 03 00 00 02 |..... type = 21 (alert) version = { 3,0 } length = 2 (0x2) fatal: handshake failure 0: 02 28 |.( } ] Read EOF on Server socket. [Wed Jan 09 12:18:41 2008] Read EOF on Client socket. [Wed Jan 09 12:18:48 2008] Connection 1 Complete [Wed Jan 09 12:18:48 2008]

Stefan Kleineikenscheidt added a comment - 09/Jan/08 6:38 AM FYI - I have also posted on mozilla.dev.tech.crypto and on Sun's Developer Forums to see whether we can do something about that on the Firefox side, or on JSSE-level. http://groups.google.com/group/mozilla.dev.tech.crypto/browse_thread/thread/0fc53b4d4d2ed7a9#4160a1ceccc5b139 http://forum.java.sun.com/thread.jspa?threadID=5252481&tstart=0

Greg Wilkins added a comment - 09/Jan/08 4:57 PM Stefan, thanks for seeking additional help on this one. Does this happen for you when you run the standard jetty demo with java -jar start.jar etc/jetty.xml etc/jetty-sslengine.xml or is it just for your specific app/key/browser combination?

Stefan Kleineikenscheidt added a comment - 10/Jan/08 4:07 PM This was a good hint. java -jar start.jar etc/jetty.xml etc/jetty-sslengine.xml or java -jar start.jar etc/jetty.xml etc/jetty-ssl.xml out-of-the-box (6.1.7) works. However, if I replace the the keystore with my keystore, the error will show up again (both with the SslSelectChannelConnector and SslSocketConnector). Now I guess the question is: What is the difference between the two keystores? Answer: As far as I can see, the Keystore provided in the Jetty distro has expired in 2001, while my keystore is still valid (although also self-generated). ATM I can't see any other difference. Also, the handshake exceptions occur, and Firefox is sending a "SSL v2" and then "ClientHello, SSLv3" (as described in Thomas' original post), but the Firefox continues to communicate with Jetty using SSLv3 (rather than TLS). Could it be, that Firefox some is less strict regarding handshake failures, after you have told it to accept an expired certificate? Also, I will attach my keystore, if anyone wants to check what might be wrong with it.

Dexter Ang added a comment - 13/Jan/08 9:48 PM Stefan, Tried testing this in jetty-6.1.4 and 6.1.7 and everything seems to work fine by creating a new keystore not the Jetty keystore. Tried using your keystore and it failed since i do not know your password. Kindly attached here your password so I can test it out. Also if you can put a specific steps on how to reoccur this problem the better.

Thomas Termin added a comment - 15/Jan/08 7:20 AM Dexter, the keystore password is just password If you want to reproduce the problem you can do some reloads very fast. Thomas

Stefan Kleineikenscheidt added a comment - 16/Jan/08 2:11 PM It turned out, that Firefox fails after handshake failures, if the certificates uses DSA. With RSA there is no problem... As the problem also occurs with Tomcat, I assume this issue can be closed...

Dexter Ang added a comment - 20/Jan/08 9:59 PM Agree with you Stefan, it fails when the certificates uses DSA. I'll take note on this one. p.s. Thanks Thomas.

Greg Wilkins added a comment - 17/Feb/08 4:46 PM Dexter, can you document this issue on the Jetty wiki on a new trouble shooting page (that you also link to from the SSL configuration page). You can then link to that page from this issue and mark this issue as resolved. thanks

Jan Bartel added a comment - 17/Feb/08 11:19 PM Dexter, did you update the jetty wiki yet? cheers Jan

Dexter Ang added a comment - 18/Feb/08 3:19 AM Hi Jan, Yes, I already document this in Jetty wiki. Added a new trouble shooting page also. Cheers Dexter

Dexter Ang added a comment - 18/Feb/08 3:21 AM Here's the link http://docs.codehaus.org/display/JETTY/How+to+configure+SSL . And link for the trouble shooting page http://docs.codehaus.org/display/JETTY/Issue+on+SSL+Handshake+when+using+DSA+key+algorithm .