Opened 6 years ago
Last modified 3 years ago
#963 accepted Bug / Defect
OpenVPN 2.4.4 OpenSSL 1.1.x issues with ECC ciphers (client only)
| Reported by: | mke208 | Owned by: | Steffan Karger |
|---|---|---|---|
| Priority: | major | Milestone: | release 2.4.11 |
| Component: | Generic / unclassified | Version: | OpenVPN 2.4.4 (Community Ed) |
| Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | openvpn openssl 1.1 ecc |
| Cc: | Steffan Karger |
Description
- openvpn 2.4.4 + openssl 1.1.0g compiled from source.
- certificates using curve sect571r1
On connect, client hangs, and on server i get:
OpenSSL: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
This is only with openssl 1.1 , with 1.0.x it works just fine.
After some reading, i saw this change on OpenSSL:
*) Change the ECC default curve list to be this, in order: x25519,
secp256r1, secp521r1, secp384r1.
[Rich Salz]
Somehow openssl defaults to x25519 , and my certificates are using sect571r1, and passing ecdh-curve to openvpn does not solve it.
What i tried was adding this:
SSL_CTX_set1_curves_list(ctx->ctx, "sect571r1");
in src/openvpn/ssl_openssl.c, on line 271, just under SSL_CTX_set_default_passwd_cb
This only happens on the client, it doesn't seem to have anything to do with the server.
Maybe someone can implement a proper fix to adapt to openssl 1.1 changes ...
Issue can also be seen here: https://github.com/schwabe/ics-openvpn/issues/721
Attachments (1)
Change History (9)
comment:1 Changed 6 years ago by
| Cc: | Steffan Karger added |
|---|
comment:2 Changed 6 years ago by
comment:3 Changed 6 years ago by
| Owner: | set to Steffan Karger |
|---|---|
| Status: | new → accepted |
comment:4 Changed 6 years ago by
Per openssl wiki:
https://wiki.openssl.org/index.php/Elliptic_Curve_Cryptography#Named_Curves
I guess it could be somehow possible to get the curve name from the certificate and pass it to
SSL_CTX_set1_curves_list ...
Changed 6 years ago by
| Attachment: | ssl.c.diff added |
|---|
comment:7 Changed 6 years ago by
ECDH and your certificates do not have to use the same curves
Just for information :-
On paper this may be true, however, it is not how openvpn currently works.
Currently, the TLS curve must match the PKI curve.
Tested with openvpn Server:2.4.6 Client:2.4.6 :-
| Server openssl | Client openssl | PKI Curve 1 | --ecdh-curve 2 | Result |
| 1.1.0h | 1.1.0h | secp384r1 | undefined | OK |
| 1.1.0h | 1.1.0h | brainpoolP384r1 | undefined | Fail |
| 1.1.0h | 1.1.0h | secp384r1 | secp384r1 | OK |
| 1.1.0h | 1.1.0h | brainpoolP384r1 | secp384r1 | Fail |
| 1.1.0h | 1.1.0h | secp384r1 | brainpoolP384r1 | Fail |
| 1.1.0h | 1.1.0h | brainpoolP384r1 | brainpoolP384r1 | Fail |
| 1.1.0h | 1.0.2o | secp384r1 | undefined | OK |
| 1.1.0h | 1.0.2o | brainpoolP384r1 | undefined | Fail |
| 1.1.0h | 1.0.2o | secp384r1 | secp384r1 | OK |
| 1.1.0h | 1.0.2o | brainpoolP384r1 | secp384r1 | Fail |
| 1.1.0h | 1.0.2o | secp384r1 | brainpoolP384r1 | Fail |
| 1.1.0h | 1.0.2o | brainpoolP384r1 | brainpoolP384r1 | OK |
Note 1: Curve selected in EasyRSA before creating PKI.
Note 2: undefined means --ecdh-curve is not used in server config.
Note 3: --ecdh-curve is never defined in the client config.
All failures are tls_post_process_client_hello:no shared cipher
comment:8 Changed 3 years ago by
| Milestone: | release 2.4.4 → release 2.4.11 |
|---|
@syzzer: should this be fixed by recent commits related to curve handling?
ECDH and your certificates do not have to use the same curves. The curve from the certificates is used to sign (using in your case ECDSA) the key exchange, while the --ecdh-curve is used to perform the key exchange.
That said, it looks like OpenSSL 1.1+ indeed needs a call to SSL_CTX_set1_curves_list (or SSL_CTX_set1_groups_list as is preferred in the current master branch...). Something similar to --tls-ciphers and --show-tls.
I'll assign this ticket to myself to keep track of it, but can't promise I'll be looking into this soon. So if anyone else wants to take a stab at it: patches are welcome!