1

I am experiencing some trouble while making a secure connection to www.howsmyssl.com/a/check. I am using wolfSSL to connect, however, the handshake always fails (FATAL ERROR alert 40). I tried to sniff the network to look into the packets to see what exactly is sent and which ciphersuites are supported, and I see that according to a test from ssllabs, howsmyssl.com and my client have ciphersuites in common. So I don't really know where the mistake is taken place. This is trace of the client:

trace

And this is a link to the ssllabs analysation of www.howsmyssl.com. Here you can see that they have ciphersuites in common (for example 0xc02f), so I think that the connection should succeed, or am I missing something?

EDIT: Here are the debug logs of wolfssl

[0;32mI (6565) openssl_example: OpenSSL demo thread start OK[0m
[0;33mW (6565) openssl_example: Size of long = 4, Size of longlong = 8
[0m
[0;32mI (6565) openssl_example: get target IP address[0m
[0;32mI (6595) openssl_example: OK[0m
[0;32mI (6595) openssl_example: 104.196.190.195[0m
wolfSSL Entering wolfSSL_Init
wolfSSL Entering wolfCrypt_Init
[0;32mI (6595) openssl_example: create SSL context ......[0m
wolfSSL Entering WOLFSSL_CTX_new_ex
wolfSSL Entering wolfSSL_CertManagerNew
wolfSSL Leaving WOLFSSL_CTX_new, return 0
[0;32mI (6615) openssl_example: OK[0m
wolfSSL Entering wolfSSL_CTX_set_verify
wolfSSL Entering wolfSSL_CTX_load_verify_buffer
Getting into SSL_FILETYPE_PEM if
Processing CA PEM file
wolfSSL Entering PemToDer
Adding a CA
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetSerialNumber
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
    Parsed new CA
    Freeing Parsed CA
    Freeing der CA
        OK Freeing der CA
wolfSSL Leaving AddCA, return 0
1
   Processed a CA
wolfSSL Entering PemToDer
Couldn't find PEM header
-372
CA Parse failed, no progress in file.
Do not continue search for other certs in file
Processed at least one valid CA. Other stuff OK
[0;32mI (6715) openssl_example: create socket ......[0m
[0;32mI (6725) openssl_example: OK[0m
[0;32mI (6725) openssl_example: bind socket ......[0m
[0;32mI (6735) openssl_example: OK[0m
[0;32mI (6735) openssl_example: socket connect to remote www.howsmyssl.com ......[0m
[0;32mI (6865) openssl_example: OK[0m
[0;32mI (6865) openssl_example: create SSL ......[0m
wolfSSL Entering SSL_new
wolfSSL Leaving SSL_new, return 0
[0;32mI (6865) openssl_example: OK[0m
wolfSSL Entering SSL_set_fd
wolfSSL Entering SSL_set_read_fd
wolfSSL Leaving SSL_set_read_fd, return 1
wolfSSL Entering SSL_set_write_fd
wolfSSL Leaving SSL_set_write_fd, return 1
[0;32mI (6885) openssl_example: SSL connected to www.howsmyssl.com port 443 ......[0m
wolfSSL Entering SSL_connect()
growing output buffer

Shrinking output buffer

connect state: CLIENT_HELLO_SENT
received record layer msg
got ALERT!
Got alert
wolfSSL error occurred, error = 40
wolfSSL error occurred, error = -313
[0;32mI (7065) openssl_example: OK[0m
wolfSSL Entering wolfSSL_get_cipher
wolfSSL Entering SSL_get_current_cipher
wolfSSL Entering SSL_CIPHER_get_name
wolfSSL Entering wolfSSL_get_cipher_name_from_suite
READ USED CIPHERSUITE: NONE
[0;32mI (7085) openssl_example: send https request to www.howsmyssl.com port 443 ......[0m
wolfSSL Entering SSL_write()
handshake not complete, trying to finish
wolfSSL Entering wolfSSL_negotiate
wolfSSL Entering SSL_connect()
ProcessReply retry in error state, not allowed
wolfSSL error occurred, error = -313
wolfSSL Leaving wolfSSL_negotiate, return -1
wolfSSL Leaving SSL_write(), return -1
[0;32mI (7115) openssl_example: failed[0m
wolfSSL Entering SSL_shutdown()
wolfSSL Leaving SSL_shutdown(), return -1
wolfSSL Entering SSL_free
CTX ref count not 0 yet, no free
wolfSSL Leaving SSL_free, return 0
wolfSSL Entering SSL_CTX_free
CTX ref count down to 0, doing full free
wolfSSL Entering wolfSSL_CertManagerFree
wolfSSL Leaving SSL_CTX_free, return 0
I (14055) wifi: pm start, type:0

UPDATE I tried connecting to www.google.com and this succeeds. No changes were made to my code, so I think this will be a server issue. However, when I connect to www.howsmyssl.com with mbedtls, the request also succeeds and after comparing the packets by sniffing the network, I cannot see any major differences.

Lennart
  • 383
  • 4
  • 16
  • Alert 40 doesn't just mean no cipher suites in common. – user207421 Jul 04 '17 at 08:29
  • Yeah, I know. It means that something went wrong during the handshake procedure (in this case with the client hello message). So I checked my whole trace to see if there is something missing but I don't think so. Also at least one ciphersuite is supported by the server. And I think that that are the things that could go wrong on a client hello message. – Lennart Jul 04 '17 at 08:45
  • No. It means [RFC 2246 #7.2.2](https://www.ietf.org/rfc/rfc2246): 'Reception of a handshake_failure alert message indicates that the sender was unable to negotiate an acceptable set of security parameters given the options available. This is a fatal error.' – user207421 Jul 04 '17 at 09:30

1 Answers1

5

Merely sharing the Client Hello from the client won't help here. You would need to gather some SSL related logs. I am not an wolfssl expert, but looks like it exposes additional logs when you compile it using --enable-debug. I refered this: WolfSL - SSL Alert fatal error

Cipher Suites is the not the only thing that can go wrong. If the server expected a certain TLS extension in the Client Hello in a certain format and if it was not accepted even in this case, the Server can terminate the handshake.

See this thread for reference: SSL handshake_failure after clientHello

Without the debug logs, it will be like shooting in the dark.

UPDATE:

So these are the errors in the logs:

wolfSSL error occurred, error = 40
wolfSSL error occurred, error = -313

313 means the server either didn't like one of the following sent by the client:

  • Cipher suites
  • TLS Extensions

Since you have already specified supported curves, you might try enabling static key cipher suites. These seem to be disabled by default in WolfSSL. WolfSSL - Supported Cipher Suites

Kaushal Kumar Panday
  • 2,329
  • 13
  • 22
  • I added the debug logs. I already enabled tls extensions and defined HAVE_SUPPORTED_CURVES so this is not the issue. – Lennart Jul 04 '17 at 09:25
  • Then review the **extensions**. There are only so many things that can go wrong. Also, it would be easier to debug if you have access to server side SSL logs. – Kaushal Kumar Panday Jul 04 '17 at 09:30
  • updated my response. can you try enabling static key cipher suites? – Kaushal Kumar Panday Jul 04 '17 at 09:50
  • This works, but I read in the README of wolfssl on [github](https://github.com/wolfSSL/wolfssl) that they are deprecated and that they will not be supported in future tls versions. So isn't it insecure to use them? – Lennart Jul 04 '17 at 10:04
  • Perhaps, I think you may want to check with wolfssl on how to go about this. Also, the server needs to be answer as to why it is not accepting ECC ciphers. – Kaushal Kumar Panday Jul 04 '17 at 10:10
  • Ok, I will contact them. Thanks for your support. – Lennart Jul 04 '17 at 10:23
  • It looks like the difference between a success case and failure is the ec_point_format extension being sent with client hello. This can be seen with dummy code that sends a ec_point_format extension along with wolfSSL client hello but does not really parse or use the extension. The server howsmyssl.com after getting a ec_point_format extension is then happy to continue with an ECDHE cipher suite. – Sweetness Jul 05 '17 at 16:00