openssl

OpenSSL STR_COPY variable has no value

Written by  on September 23, 2016

Openssl kann Shellvariablen im der Konfigurationsdatei verarbeiten. Kommt dabei eine Fehlermeldung wie

openssl.exe version
6870300:error:0E065068:configuration file routines:STR_COPY:variable has no value:conf_def.c:618:line 19

liegt das daran, dass die Shellvariable nicht definiert ist.
Eine leere Variable dagegen ist aber OK.
Ich dachte schon einen Bug gefunden zu haben. Der Report dafür wurde aber nicht anerkannt, weil das Verhalten so gewünscht und dokumentiert ist.

Wie kommt man zum Fehler? Mit einer Config wie:

[req]
promt=no
distinguished_name=dn
default_md=sha256
default_bits=2048
req_extensions=alt_names

[dn]
C=AT
ST=NOe
L=xxx
O="org"
OU="ou"
E="test@example.com"

[alt_names]
subjectAltName=${ENV::SAN}

Wie repariert man es?
Indem man einen Default Wert in der Config setzt:

SAN=""
[req]
promt=no
distinguished_name=dn
default_md=sha256
default_bits=2048
req_extensions=alt_names

[dn]
C=AT
ST=NOe
L=xxx
O="org"
OU="ou"
E="test@example.com"

[alt_names]
subjectAltName=${ENV::SAN}

Dokumentation, wenn auch leicht verwirrend findet man unter https://www.openssl.org/docs/man1.0.2/apps/config.html bzw. https://www.openssl.org/docs/manmaster/apps/config.html für die letzte Version.
Suchen auf der Seite nach Begrif „ENV“.

OpenSSL 1.1.0 mit SSL3

Written by  on September 7, 2016

Wie kompiliert man OpenSSL 1.1.0 mit SSL3?
Per Default wird SSL3 direkt abgeschaltet:

~/openssl-1.1.0>./config
Operating system: x86_64-whatever-linux2
Configuring for linux-x86_64
Configuring OpenSSL version 1.1.0 (0x0x1010000fL)
    no-asan         [default]  OPENSSL_NO_ASAN (skip dir)
    no-crypto-mdebug [default]  OPENSSL_NO_CRYPTO_MDEBUG (skip dir)
    no-crypto-mdebug-backtrace [default]  OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE (skip dir)
    no-ec_nistp_64_gcc_128 [default]  OPENSSL_NO_EC_NISTP_64_GCC_128 (skip dir)
    no-egd          [default]  OPENSSL_NO_EGD (skip dir)
    no-fuzz-afl     [default]  OPENSSL_NO_FUZZ_AFL (skip dir)
    no-fuzz-libfuzzer [default]  OPENSSL_NO_FUZZ_LIBFUZZER (skip dir)
    no-heartbeats   [default]  OPENSSL_NO_HEARTBEATS (skip dir)
    no-md2          [default]  OPENSSL_NO_MD2 (skip dir)
    no-msan         [default]  OPENSSL_NO_MSAN (skip dir)
    no-rc5          [default]  OPENSSL_NO_RC5 (skip dir)
    no-sctp         [default]  OPENSSL_NO_SCTP (skip dir)
    no-ssl-trace    [default]  OPENSSL_NO_SSL_TRACE (skip dir)
    no-ssl3         [default]  OPENSSL_NO_SSL3 (skip dir)
    no-ssl3-method  [default]  OPENSSL_NO_SSL3_METHOD (skip dir)
    no-ubsan        [default]  OPENSSL_NO_UBSAN (skip dir)
    no-unit-test    [default]  OPENSSL_NO_UNIT_TEST (skip dir)
    no-weak-ssl-ciphers [default]  OPENSSL_NO_WEAK_SSL_CIPHERS (skip dir)
    no-zlib         [default]
    no-zlib-dynamic [default]
Configuring for linux-x86_64
...

Aber man kann es im Configure aktivieren:

~/openssl-1.1.0>./config enable-ssl3 enable-ssl3-method
Operating system: x86_64-whatever-linux2
Configuring for linux-x86_64
Configuring OpenSSL version 1.1.0 (0x0x1010000fL)
    no-asan         [default]  OPENSSL_NO_ASAN (skip dir)
    no-crypto-mdebug [default]  OPENSSL_NO_CRYPTO_MDEBUG (skip dir)
    no-crypto-mdebug-backtrace [default]  OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE (skip dir)
    no-ec_nistp_64_gcc_128 [default]  OPENSSL_NO_EC_NISTP_64_GCC_128 (skip dir)
    no-egd          [default]  OPENSSL_NO_EGD (skip dir)
    no-fuzz-afl     [default]  OPENSSL_NO_FUZZ_AFL (skip dir)
    no-fuzz-libfuzzer [default]  OPENSSL_NO_FUZZ_LIBFUZZER (skip dir)
    no-heartbeats   [default]  OPENSSL_NO_HEARTBEATS (skip dir)
    no-md2          [default]  OPENSSL_NO_MD2 (skip dir)
    no-msan         [default]  OPENSSL_NO_MSAN (skip dir)
    no-rc5          [default]  OPENSSL_NO_RC5 (skip dir)
    no-sctp         [default]  OPENSSL_NO_SCTP (skip dir)
    no-ssl-trace    [default]  OPENSSL_NO_SSL_TRACE (skip dir)
    no-ubsan        [default]  OPENSSL_NO_UBSAN (skip dir)
    no-unit-test    [default]  OPENSSL_NO_UNIT_TEST (skip dir)
    no-weak-ssl-ciphers [default]  OPENSSL_NO_WEAK_SSL_CIPHERS (skip dir)
    no-zlib         [default]
    no-zlib-dynamic [default]
Configuring for linux-x86_64
...

Die Option -ssl3 wird jetzt wieder erkannt, funktioniert aber nicht:

echo "" | apps/openssl s_client -servername ${SERVERNAME} -connect $SERVERNAME:443 -ssl3
CONNECTED(00000003)
140198926489344:error:141640BF:SSL routines:tls_construct_client_hello:no protocols available:ssl/statem/statem_clnt.c:709:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 0 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
---

Gleicher Befehl mit -tls1 bzw auch wenn keine Protokollversion explizit angegeben wird:

echo "" | apps/openssl s_client -servername ${SERVERNAME} -connect $SERVERNAME:443 -tls1
CONNECTED(00000003)
...
Server did acknowledge servername extension.
---
Certificate chain
...
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIHfjCC...
...
dTc=
-----END CERTIFICATE-----

Irgendjemand eine Idee dazu?

OpenSSL 1.1 ohne SSLv3

Written by  on September 6, 2016

Bisher konnte man zum Beispiel auf SSLv3 testen mit OpenSSL:

openssl version
OpenSSL 1.0.2h  3 May 2016
echo "" | openssl s_client -servername ${SERVERNAME} -connect $SERVERNAME:60003 -ssl3
CONNECTED(00000003)
2675996:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure:s3_pkt.c:656:
...

OpenSSL 1.1.0 kommt per default aber ohne support für SSL3. Das heißt auch, man kann Server von Haus aus nicht mehr auf SSL3 testen.

openssl version
OpenSSL 1.1.0  25 Aug 2016
echo "" | openssl s_client -servername ${SERVERNAME} -connect $SERVERNAME:60003 -ssl3
s_client: Option unknown option -ssl3
s_client: Use -help for summary.

Muss man also Server darauf testen, sollte man noch eine ältere OpenSSL Version vorhalten.

Openssl CRL Verify

Written by  on Juni 24, 2016

Openssl 1.0.2h hat einen kleinen Bug beim verifizieren von CRLs die etwas größer als ein MB sind. Überschreitet eine CRL diese Größe, funktioniert openssl nicht mehr. Bei Symantec war es diese Woche so weit. Es ist also doch nicht so toll, wenn man immer die letzte Version installiert hat.

Mittlerweile gibt es aber auch schon einen Patch dafür… nur halt noch keine offizielle Version.

Testing OCSP

Written by  on Dezember 23, 2015

To test OCSP you need three things: The issuer certificate, the certificate you’d like to check and the path to the OCSP. All this information seems to be slightly redundant, as the certificate itself already contains the information about the OCSP URL and most of the time also the path to the issuer certificate. It would be very nice if openssl would read all this information from the certificate itself, nevertheless you need this three things to do some basic checks.
Get the required information from the AIA and download the issuer certificate:

[1]Authority Info Access
     Access Method=On-line Certificate Status Protocol (1.3.6.1.5.5.7.48.1)
     Alternative Name:
          URL=http://ocsp.startssl.com/sub/class1/server/ca
[2]Authority Info Access
     Access Method=Certification Authority Issuer (1.3.6.1.5.5.7.48.2)
     Alternative Name:
          URL=http://aia.startssl.com/certs/sub.class1.server.ca.crt

Write the request into a file

openssl ocsp -issuer startssl.cer -cert www.höllrigl.at.cer -no_nonce -url http://ocsp.startssl.com/sub/class1/server/ca -reqout ocsp.req

Convert the request to base64

openssl enc -in ocsp.req -out ocsp.req.b64 -a

The file should look something like this

MEswSTBHMEUwQzAJBgUrDgMCGgUABAR571c85Prvkggz7EWCVSbdzaAjFQQUFbqc
WolwWaxKVTlvLQA1YeCBz7MCChnePRMAAAAArhA=

Then you URL encode that file – you might use some free online decoder like http://meyerweb.com/eric/tools/dencoder/ – but here you have to remove the line breaks in advance. Or you do it directly at the shell

tr -d '\n' < ocsp.req.b64 | php -R 'echo urlencode($argn);'

Your output should look something like

MEswSTBHMEUwQzAJBgUrDgMCGgUABAR571c85Prvkggz7EWCVSbdzaAjFQQUFbqcWolwWaxKVTlvLQA1YeCBz7MCChnePRMAAAAArhA%3D

Now you can build your request to submit in a webbrowser or using curl at the shell.

curl http://ocsp.startssl.com/sub/class1/server/ca/MEswSTBHMEUwQzAJBgUrDgMCGgUABAR571c85Prvkggz7EWCVSbdzaAjFQQUFbqcWolwWaxKVTlvLQA1YeCBz7MCChnePRMAAAAArhA%3D --proxy http://path.to.proxy:8080 > ocsp.resp

With the output file you are able to verify the output with something like

openssl ocsp -respin ocsp.resp -text
OCSP Response Data:
    OCSP Response Status: successful (0x0)
...

Why all this effort, when openssl might do this on it’s own?
Just because openssl won’t work too well in an envrionment where a proxy is required.
The –proxy option seems only to work starting with version openssl 1.1

Alternatively you could also try telnet to connect via a proxy

telnet path.to.proxy 8080
CONNECT ocsp.startssl.com:80 HTTP/1.0
GET /sub/class1/server/ca/MEswSTBHMEUwQzAJBgUrDgMCGgUABAR571c85Prvkggz7EWCVSbdzaAjFQQUFbqcWolwWaxKVTlvLQA1YeCBz7MCChnePRMAAAAArhA%3D

But using curl and writing into a file might be more useful.

Compile OpenSSL

Written by  on Dezember 20, 2015

Most distributions contain only an old version of openssl. If you need a newer version for your scripts, ther often is no other way than compiling it from source. Here I’ll show you, how to do it. And don’t be afraid, it’s super easy! The latest version is a 1.1 development version.
There are only a few prerequisits: You need the packets make and gcc. First you download the source from github and unpack it:

wget https://github.com/openssl/openssl/archive/master.zip
unzip master.zip
cd openssl-master

You simply do the steps for compiling software on unix/linux:

./config
make
make install

You need to do at least the 3rd step as root, so it can install the files for you. By default, everything gets installed into /usr/local/ssl – so it won’t destroy your system OpenSSL.

# /usr/local/ssl/bin/openssl version
OpenSSL 1.1.0-pre2-dev  xx XXX xxxx

Have a lot of fun!

What version of wget supports SHA2?

Written by  on Dezember 14, 2015

I’ve already asked that question at Stackoverflow but it seems there is not a simple answer about that, or maybe just nobody ever thought about that before!
From what I found out earlier in „wget isn’t checking CRLs“, I see there is no need to verify the CRL with SHA2, because this simply won’t happen.
My best guess about that question is, that it simply depends on the used openssl version. There is some evidence – my wget here is linked against the openssl library. You might check for yourself with

$ ldd $(which wget)
...
        libssl.so.1.0.0 => /lib/i386-linux-gnu/libssl.so.1.0.0 (0xb76d3000)
...

Or you simply check, what you’ve got installed on your system

$ openssl version
OpenSSL 1.0.1f 6 Jan 2014

From the date you might find out, that your openssl version for sure supports SHA2! According to openssl 0.9.8 changelog each version since 0.9.8o, 01 Jun 2010, supports the SHA2 hash algorithms.

wget isn’t checking CRLs?

Written by  on Dezember 1, 2015

Just a wild theory, but wget is not checking for revoked certificates.
How did I come to this conclusion – and how did I try to verify that?

First some infos about versions – which may be rather important on that topic.

wget --version
GNU Wget 1.15 built on linux-gnu.
openssl version
OpenSSL 1.0.1f 6 Jan 2014

Check about the current certificate, like mine here at https://www.höllrigl.at -> you’ll see a certificate from „StartCom Class 1 Primary Intermediate Server CA“ CA and a CRL at http://crl.startssl.com/crt1-crl.crl

So I’m checking about where to find the CRL and get a nice list

# dig crl.startssl.com +short
www.startssl.com.edgesuite.net.
a1603.g1.akamai.net.
92.122.206.27
92.122.206.10

So let’s see if we find some traffic that goes there – first I tried a ping:

# tcpdump -i eth0 host crl.startssl.com
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
21:34:23.967704 IP 192.168.3.1 > a92-122-206-10.deploy.akamaitechnologies.com: ICMP echo request, id 18687, seq 1, length 64
21:34:24.016819 IP a92-122-206-10.deploy.akamaitechnologies.com > 192.168.3.1: ICMP echo reply, id 18687, seq 1, length 64

Next thing, fetch that URL with wget

# wget https://www.höllrigl.at
--2015-11-30 21:35:46--  https://www.xn--hllrigl-90a.at/
Resolving www.höllrigl.at (www.xn--hllrigl-90a.at)... 193.239.248.170, 2a04:5540:1:41::10
Connecting to www.höllrigl.at (www.xn--hllrigl-90a.at)|193.239.248.170|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: ‘index.html.2’

    [ <=>                                                                                                                                                                                             ] 29,620      --.-K/s   in 0.05s

2015-11-30 21:35:48 (594 KB/s) - ‘index.html.2’ saved [29620]

Now I’d like to show to you the dumped packages in tcpdump – but there are none.
Other strong indicators are, that there only started to be a ‚–crl-file=file‘ option to wget starting with 1.16, which allows you to check your certificate against a locally stored CRL file.

Link des Tages

Written by  on Juni 14, 2015

Gute SSL Konfiguration kann so einfach sein: Mozilla SSL Configuration Generator

openssl ciphers

Written by  on Mai 26, 2015

Wie erzeuge ich eine sinnvolle Liste von Ciphers?

Möglichkeit 1: Schau nach, was andere tun – zum Beispiel bei bettercrypto.org

Möglichkeit 2: Erzeuge eine Liste mit openssl. Das ist auch interessant um zu erfahren was sich hinter Kürzeln wie HIGH, LOW oder EXPORT verbirgt:

$ openssl ciphers 'HIGH'
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:SRP-AES-256-CBC-SHA:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:AECDH-AES256-SHA:ADH-AES256-GCM-SHA384:ADH-AES256-SHA256:ADH-AES256-SHA:ADH-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:PSK-AES256-CBC-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:SRP-DSS-3DES-EDE-CBC-SHA:SRP-RSA-3DES-EDE-CBC-SHA:SRP-3DES-EDE-CBC-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:AECDH-DES-CBC3-SHA:ADH-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:PSK-3DES-EDE-CBC-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:SRP-DSS-AES-128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:SRP-AES-128-CBC-SHA:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:AECDH-AES128-SHA:ADH-AES128-GCM-SHA256:ADH-AES128-SHA256:ADH-AES128-SHA:ADH-CAMELLIA128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA:PSK-AES128-CBC-SHA

Oder auch, was verbiete ich mit !RC4:

$ openssl ciphers 'RC4'
ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:AECDH-RC4-SHA:ADH-RC4-MD5:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:PSK-RC4-SHA:EXP-ADH-RC4-MD5:EXP-RC4-MD5

Siehe dazu auch www.openssl.org