Closed
Bug 1052610
Opened 10 years ago
Closed 9 years ago
WebRTC: Allow more ciphers for DTLS 1.2 in Firefox Nightly 34.0a1 (cannot perform DTLS with OpenSSL)
Categories
(Core :: WebRTC: Networking, defect)
Core
WebRTC: Networking
Tracking
()
RESOLVED
FIXED
People
(Reporter: ibc, Assigned: mt)
References
()
Details
Attachments
(5 files, 3 obsolete files)
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36 Steps to reproduce: WebRTC call from Firefox Nightly 34.0a1 (2014-08-12) to Chrome Android (which uses OpenSSL). Actual results: DTLS negotiation failure due to non-matching cipher in Chrome Android. Expected results: Firefox Nightly 34.0a1 (2014-08-12) sends DTLS 1.2 ClientHello with the following ciphers: Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033) Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032) Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039) It can negotiate DTLS with Chrome desktop (which still uses NSS) but it fails to negotiate DTLS with Chrome Android or any other WebRTC agent using OpenSSL (even with the newest openssl 1.1.0-dev which supports DTLS 1.2). In the other side, the current Firefox stable (31.0), which uses DTLS 1.0, can perform DTLS handshake with OpenSSL based WebRTC agents (for example Chrome Android). The list of ciphers in the DTLS 1.0 ClientHello of Firefox 31.0 are the following: Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) Cipher Suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012) Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033) Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032) Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0045) Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039) Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038) Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0088) Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016) Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f) Cipher Suite: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0041) Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035) Cipher Suite: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0084) Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a) I suggest extending the list of available ciphers in Firefox 34.
Reporter | ||
Updated•10 years ago
|
Component: Untriaged → WebRTC: Networking
Product: Firefox → Core
Comment 1•10 years ago
|
||
Do we have a list of what ciphers Chrome for Android supports?
Keywords: regression
Reporter | ||
Comment 2•10 years ago
|
||
Yes and no, let me explain: In OpenSSL last version 1.1.0-dev I set: --------- Ctx = SSL_CTX_new(DTLS_method()); // This allows DTLS 1.0 and 1.2 SSL_CTX_set_cipher_list(ctx, "ALL:!eNULL:!aNULL"); --------- BY running the following command line command I get the list of ciphers for the above string (I use grep to filter those matching the ones available in Firefox 34): --------- openssl ciphers -v ALL:\!eNULL:\!aNULL | grep SHA | grep -E "(128|256)" | grep -E "(ECDHE|DHE)" ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384 ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384 ECDHE-RSA-AES256-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1 ECDHE-ECDSA-AES256-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1 DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(256) Mac=AEAD DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256 DHE-DSS-AES256-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AES(256) Mac=SHA256 DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1 DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) Mac=SHA1 DHE-RSA-CAMELLIA256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA256 DHE-DSS-CAMELLIA256-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=Camellia(256) Mac=SHA256 DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA1 DHE-DSS-CAMELLIA256-SHA SSLv3 Kx=DH Au=DSS Enc=Camellia(256) Mac=SHA1 ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256 ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256 ECDHE-RSA-AES128-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1 ECDHE-ECDSA-AES128-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1 DHE-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(128) Mac=AEAD DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256 DHE-DSS-AES128-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AES(128) Mac=SHA256 DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1 DHE-DSS-AES128-SHA SSLv3 Kx=DH Au=DSS Enc=AES(128) Mac=SHA1 DHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA256 DHE-DSS-CAMELLIA128-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=Camellia(128) Mac=SHA256 DHE-RSA-SEED-SHA SSLv3 Kx=DH Au=RSA Enc=SEED(128) Mac=SHA1 DHE-DSS-SEED-SHA SSLv3 Kx=DH Au=DSS Enc=SEED(128) Mac=SHA1 DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA1 DHE-DSS-CAMELLIA128-SHA SSLv3 Kx=DH Au=DSS Enc=Camellia(128) Mac=SHA1 ECDHE-RSA-RC4-SHA SSLv3 Kx=ECDH Au=RSA Enc=RC4(128) Mac=SHA1 ECDHE-ECDSA-RC4-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=RC4(128) Mac=SHA1 --------- When Firefox 34 sends DTLS 1.2 ClientHello to Chrome 36 desktop (so NSS) Chrome replies ServerHello with the following selected cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) and such a cipher is listed above in the openssl command output, but note that it is flagged as "SSLv3". I don't know whether that is the reason for OpenSSL to ignore it when the received DTLS ClientHello has version 1.2 instead of 1.0. Said that, if you make a call from Firefox 34 to Chrome Android (so OpenSSL), thus Chrome becomes the DTLS agent, then you can capture the DTLS 1.0 ClientHello form Chrome (for example in Wireshark) and get the list of announced ciphers.
Reporter | ||
Comment 3•10 years ago
|
||
Sorry, I mean "if you make a call from Chrome Android to Firefox 34 [...]".
Reporter | ||
Comment 4•10 years ago
|
||
No, sorry again, I was right: it must be a call from Firefox 34 to Chrome Android. BTW I've done that and... it is surprising because in this case it does work (but not the opposite). The DTLS 1.0 ClientHello sent by Chrome Android has those ciphers: ------------------------------ Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a) Cipher Suite: TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA (0xc022) Cipher Suite: TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA (0xc021) Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039) Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038) Cipher Suite: TLS_ECDH_anon_WITH_AES_256_CBC_SHA (0xc019) Cipher Suite: TLS_SRP_SHA_WITH_AES_256_CBC_SHA (0xc020) Cipher Suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA (0xc00f) Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA (0xc005) Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035) Cipher Suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012) Cipher Suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008) Cipher Suite: TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA (0xc01c) Cipher Suite: TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA (0xc01b) Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016) Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013) Cipher Suite: TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA (0xc017) Cipher Suite: TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA (0xc01a) Cipher Suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA (0xc00d) Cipher Suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc003) Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) Cipher Suite: TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA (0xc01f) Cipher Suite: TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA (0xc01e) Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033) Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032) Cipher Suite: TLS_ECDH_anon_WITH_AES_128_CBC_SHA (0xc018) ------------------------------ and Firefox 34 replies ServerHello by choosing this cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
Assignee | ||
Updated•10 years ago
|
Assignee | ||
Comment 5•10 years ago
|
||
This doesn't look like a problem on our end. If Android were sending a ClientHello with only DHE suites, then we wouldn't be able to serve. NSS doesn't support DHE server side, and probably won't until the DHE enumeration stuff is standardized and landed (that's a while out yet). We have a common suite. The chrome guys are looking into this, and they are on the server side where it seems like the fault most likely resides. Let's wait to see what they find.
Reporter | ||
Comment 6•10 years ago
|
||
Just a comment (the original issue description is wrong as I see now): the problem happens to me in two cases: 1) When Firefox 34 sends DTLS 1.2 ClientHello to Chrome Android (OpenSSL - no idea which version). 2) When Firefox 34 sends DTLS 1.2 ClientHello to my own WebRTC server implementation (tested with OpenSSL 1.0.1i and 1.1.0-dev). What I mean that this is not a problem in Chrome side, but in any WebRTC endpoint acting as DTLS server and using OpenSSL any-version.
Comment 7•10 years ago
|
||
I can confirm this same problem on my own WebRTC server using OpenSSL for DTLS-SRTP. The handshake works fine in all version of chrome, and all Firefox prior to 34.0a1, but fails in 34.0a1.
Comment 8•10 years ago
|
||
Martin: I wonder if the NSS DTLS 1.2 implementation has a bug or is somehow incompatible with the OpenSSL DTLS 1.2 implementation. This should be easy to track down if we run the OpenSSL side in a debugger. Do you know how to build Chromium on Linux with OpenSSL instead of NSS? Just do export GYP_DEFINES="use_openssl=1" and then run "gclient runhooks" to regenerate the build files.
Assignee | ||
Comment 9•10 years ago
|
||
I'm unable to do that right now. What we should do is back out bug 996237 since we now have confirmation that others are seeing this issue. I'll get into fixing this as soon as I can.
Assignee | ||
Comment 10•10 years ago
|
||
This isn't a direct backout because that was too knarly to get right.
Attachment #8472545 -
Flags: review?(ekr)
Assignee | ||
Comment 11•10 years ago
|
||
Re-enabling the ECDHE tests, disabling the GCM one.
Attachment #8472545 -
Attachment is obsolete: true
Attachment #8472545 -
Flags: review?(ekr)
Attachment #8472570 -
Flags: review?(ekr)
Assignee | ||
Updated•10 years ago
|
Assignee: nobody → martin.thomson
Keywords: leave-open
Comment 12•10 years ago
|
||
Comment on attachment 8472570 [details] [diff] [review] 0001-Bug-1052610-Removing-cipher-suite-profiling.patch Review of attachment 8472570 [details] [diff] [review]: ----------------------------------------------------------------- I reviewed this on Rietveld: LGTM with nits https://codereview.appspot.com/129120043/diff/20001/media/mtransport/test/tra... File media/mtransport/test/transport_unittests.cpp (right): https://codereview.appspot.com/129120043/diff/20001/media/mtransport/test/tra... media/mtransport/test/transport_unittests.cpp:924: //bug1052610 Please add a TODO here. https://codereview.appspot.com/129120043/diff/20001/media/mtransport/test/tra... media/mtransport/test/transport_unittests.cpp:1021: Spurious whitespace. https://codereview.appspot.com/129120043/diff/20001/media/mtransport/transpor... File media/mtransport/transportlayerdtls.cpp (right): https://codereview.appspot.com/129120043/diff/20001/media/mtransport/transpor... media/mtransport/transportlayerdtls.cpp:675: // not limited suite selection; bug 1052610 This comment could be cleaned up.
Attachment #8472570 -
Flags: review?(ekr) → review+
Assignee | ||
Comment 13•10 years ago
|
||
r=ekr
Attachment #8472570 -
Attachment is obsolete: true
Attachment #8472610 -
Flags: review+
Assignee | ||
Comment 14•10 years ago
|
||
Adam, can you put this patch on your autolander please? I'd like to ensure that this gets in quickly.
Flags: needinfo?(adam)
Comment 15•10 years ago
|
||
Landed: https://hg.mozilla.org/integration/mozilla-inbound/rev/8ee163409ca1
Flags: needinfo?(adam)
Comment 17•10 years ago
|
||
Not sure how this got by try's -Werror, but I'm hitting this in local testing. Fix an unused variable warning on mac by disabling the cypher list the code is not longer referencing.
Attachment #8473090 -
Flags: review?(adam)
Comment 18•10 years ago
|
||
Comment on attachment 8473090 [details] [diff] [review] Unbreak -Werror I haven't really looked at this part of the code -- I suspect Martin could understand the implications at a glance, while I'd need to read through the earlier changes. Changing reviewer...
Attachment #8473090 -
Flags: review?(adam) → review?(martin.thomson)
Reporter | ||
Comment 19•10 years ago
|
||
Let me confirm that today's Nightly correctly performs the DTLS handshake with OpenSSL based implementations.
Assignee | ||
Comment 20•10 years ago
|
||
Comment on attachment 8473090 [details] [diff] [review] Unbreak -Werror Review of attachment 8473090 [details] [diff] [review]: ----------------------------------------------------------------- Thanks for fixing my typo. BTW, we should just run builds with -Werror so that this sort of mess doesn't happen. Warnings are useless.
Attachment #8473090 -
Flags: review?(martin.thomson) → review+
Assignee | ||
Comment 21•10 years ago
|
||
I've done some testing now after hacking Firefox to suppress connectivity checking. The following openssl versions work, and negotiate TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: * OpenSSL 1.0.1e-fips 11 Feb 2013 * OpenSSL 1.1.0-dev xx XXX xxxx (git trunk) * OpenSSL 1.0.1i 6 Aug 2014 I was unable to run Chromium; I'm now fetching webrtc.org code to see what I can manage.
Comment 22•10 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/53bafa32a147 I thought we did run builds with -Werror, but maybe that's just inbound? I have ac_add_options --enable-warnings-as-errors to catch these things. I think it still only sets -Werror on directories where FAIL_ON_WARNINGS = True is in the moz.build. -Werror everywhere by default is annoying for contributors because random compiler differences can break the build.
Comment 23•10 years ago
|
||
(In reply to Ralph Giles (:rillian) from comment #22) > I thought we did run builds with -Werror, but maybe that's just inbound? Yep (not just inbound, all trees) > I think it still only sets -Werror on directories where FAIL_ON_WARNINGS = > True is in the moz.build. Correct. That should be the case here, though -- looks like this file is built by http://mxr.mozilla.org/mozilla-central/source/media/mtransport/objs.mozbuild which is included by http://mxr.mozilla.org/mozilla-central/source/media/mtransport/build/moz.build which has FAIL_ON_WARNINGS = True If this broke local opted-in builds but didn't break TBPL, that's probably because TBPL is using an older compiler version that doesn't warn about unused file-global static const variables. (IIRC, clang only recently started warning about that, and I'm not sure GCC does at all) > -Werror everywhere by default is annoying for contributors because random > compiler differences can break the build. (yup, the goal is for people to be able to successfully build locally, even if their compiler has some obscure warning we've never seen before. That's why it's opt-in. And our TBPL builders are opted in, in their mozconfigs, to catch introductions of warnings.)
Assignee | ||
Comment 24•10 years ago
|
||
Iñaki, I can't reproduce the error you are seeing in your OpenSSL-based implementation. Do you have either some more information that you can provide, or can you point me at something that I can build and run? I thought that webrtc.org would work, but it's only got some badly neglected sample code. I'll have to spend some time fixing it.
Reporter | ||
Comment 25•10 years ago
|
||
Martin, just to clarify: as said in a comment above I cannot reproduce the error in today's Nightly, this is, it negotiates DTLS with OpenSSL based implementations (my server and Chrome Android) correctly. Then, do you need more info or data? :)
Assignee | ||
Comment 27•10 years ago
|
||
Iñaki, if you can run a test with the broken nightly and capture the packets, that would help a great deal. A wireshark or tcpdump packet capture would be ideal. If you need a build that contains 1.2 and the limited set of suites, let me know. You should be able to find the nightly build on ftp.mozilla.org though.
Reporter | ||
Comment 28•10 years ago
|
||
OK, will do that tomorrow.
Assignee | ||
Comment 30•10 years ago
|
||
Iñaki, any chance you could help us out with that capture?
Flags: needinfo?(ibc)
Reporter | ||
Comment 31•10 years ago
|
||
Hi Martin, sorry for the delay (holidays). I don't know which exact version to download to get the Nightly version as it was in 2014-08-12. I see too much different releases with that date. May you please send me the exact link in ftp://ftp.mozilla.org/pub/firefox/nightly/?
Flags: needinfo?(ibc)
Reporter | ||
Comment 32•10 years ago
|
||
I will try with ftp://ftp.mozilla.org/pub/firefox/nightly/2014-08-12-mozilla-central-debug/firefox-34.0a1.en-US.debug-mac64.dmg as it is the exact version 34.0a1.
Reporter | ||
Comment 33•10 years ago
|
||
Firefox sends DTLS ClientHello 1.2 to my OpenSSL based server. The handshake fails in server side: SSL_ERROR_SSL: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher The list of ciphers in the server are the same as in Chrome Android (OpenSSL): SSL_CTX_set_cipher_list(ctx, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
Reporter | ||
Comment 34•10 years ago
|
||
Firefox sends DTLS ClientHello 1.2 to Chrome Android (OpenSSL based). The handshake is also rejected by server side (Chrome).
Comment 35•10 years ago
|
||
Inaki, Can you tell us exactly what line of code of OpenSSL this is being generated? Are you able to get this in the debugger?
Reporter | ||
Comment 36•10 years ago
|
||
My DLTS settings (in my server) are similar to what Chrome does (in the OpenSSL version, so Android for now): ------------------------- ctx = SSL_CTX_new(DTLSv1_method()); [certificate stuff] SSL_CTX_set_info_callback(ctx, on_ssl_info); SSL_CTX_set_cipher_list(ctx, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"); SSL_CTX_set_tlsext_use_srtp(...); ssl = SSL_new(ctx); [Bio memory stuff] SSL_set_accept_state(ssl); SSL_do_handshake(ssl); // DTLS data received: BIO_write(sslBioFromNetwork, data, len); read = SSL_read(>ssl, sslReadBuffer, SSL_READ_BUFFER_SIZE); SendPendingOutgoingDTLSData(); // Check SSL status: if ((SSL_get_shutdown(ssl) & SSL_RECEIVED_SHUTDOWN) || err == SSL_ERROR_SSL || err == SSL_ERROR_SYSCALL) { SSL_shutdown(ssl); SendPendingOutgoingDTLSData(); // BIO_read(sslBioToNetwork) stuff } -------------------- The OpenSSL error above: SSL_ERROR_SSL: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher is generated after SSL_read(). I check SSL_get_error(ssl, ssl_read_error_code) and get SSL_ERROR_SSL, and then I also log ERR_error_string(ERR_get_error()) which gives such an error description. > Are you able to get this in the debugger? Sorry, which debugger do you mean? BTW the issue is easily reproducible by making a WebRTC call from Chrome-Android to Firefox 34.0a1 [*] (so Firefox becomes the DTLS client). [*] ftp://ftp.mozilla.org/pub/firefox/nightly/2014-08-12-mozilla-central-debug/firefox-34.0a1.en-US.debug-mac64.dmg
Comment 37•10 years ago
|
||
(In reply to Iñaki Baz Castillo from comment #36) > My DLTS settings (in my server) are similar to what Chrome does (in the > OpenSSL version, so Android for now): > > ------------------------- > ctx = SSL_CTX_new(DTLSv1_method()); > [certificate stuff] > SSL_CTX_set_info_callback(ctx, on_ssl_info); > SSL_CTX_set_cipher_list(ctx, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"); > SSL_CTX_set_tlsext_use_srtp(...); > > ssl = SSL_new(ctx); > [Bio memory stuff] > SSL_set_accept_state(ssl); > SSL_do_handshake(ssl); > > // DTLS data received: > BIO_write(sslBioFromNetwork, data, len); > read = SSL_read(>ssl, sslReadBuffer, SSL_READ_BUFFER_SIZE); > SendPendingOutgoingDTLSData(); > > // Check SSL status: > if ((SSL_get_shutdown(ssl) & SSL_RECEIVED_SHUTDOWN) || err == SSL_ERROR_SSL > || err == SSL_ERROR_SYSCALL) { > SSL_shutdown(ssl); > SendPendingOutgoingDTLSData(); // BIO_read(sslBioToNetwork) stuff > } > -------------------- > > > The OpenSSL error above: > > SSL_ERROR_SSL: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared > cipher > > is generated after SSL_read(). I check SSL_get_error(ssl, > ssl_read_error_code) and get SSL_ERROR_SSL, and then I also log > ERR_error_string(ERR_get_error()) which gives such an error description. Right, but it's happening, as the error indicates, in ssl3_get_client_hello. I'm hoping you can step through and find out where exactly it happens and what the context is. > > > Are you able to get this in the debugger? > > Sorry, which debugger do you mean? gdb or lldb/ > > BTW the issue is easily reproducible by making a WebRTC call from > Chrome-Android to Firefox 34.0a1 [*] (so Firefox becomes the DTLS client). > > [*] > ftp://ftp.mozilla.org/pub/firefox/nightly/2014-08-12-mozilla-central-debug/ > firefox-34.0a1.en-US.debug-mac64.dmg
Reporter | ||
Comment 38•10 years ago
|
||
Not sure if the following is useful (I will try to get more by inspecting the OpenSSL SSL_get_ciphers() function which is the cause of the problem. I've enabled CIPHER_DEBUG in OpenSSL 1.1.0-dev. Those are the related logs in my server when receiving the DTLS 1.2 ClientHello form Firefox 34.0a1: ---------------- DEBUG: [worker #1] RTC::Transport::onICEValidPair() | running DTLS handler in server role DEBUG: [worker #1] RTC::DTLSHandler::onSSLInfo() | DTLS handshake start DEBUG: [worker #1] RTC::DTLSHandler::onSSLInfo() | role: server | action: before/accept initialization DEBUG: [worker #1] RTC::DTLSHandler::onSSLInfo() | role: server | waiting for: SSLv3 read client hello B DEBUG: [worker #1] RTC::UDPSocket::userOnUDPDatagramRecv() | 141 bytes datagram received [local: MY_IP : 10021 | remote: MY_IP : 65062] DEBUG: [worker #1] RTC::Transport::onDTLSDataRecv() | DTLS data received via UDP, passing it to the DTLSHandler // OpenSSL CIPHER_DEBUG stuff after calling SSL_read(): Server has 112 from 0x7ffe99e00790: 0x10ec2fc98:ECDHE-RSA-AES256-GCM-SHA384 0x10ec2fb38:ECDHE-ECDSA-AES256-GCM-SHA384 0x10ec2f9d8:ECDHE-RSA-AES256-SHA384 0x10ec2f878:ECDHE-ECDSA-AES256-SHA384 0x10ec2f2f8:ECDHE-RSA-AES256-SHA 0x10ec2ef88:ECDHE-ECDSA-AES256-SHA 0x10ec2f7c8:SRP-DSS-AES-256-CBC-SHA 0x10ec2f770:SRP-RSA-AES-256-CBC-SHA 0x10ec2f718:SRP-AES-256-CBC-SHA 0x10ec2e748:DH-DSS-AES256-GCM-SHA384 0x10ec2e698:DHE-DSS-AES256-GCM-SHA384 0x10ec2e5e8:DH-RSA-AES256-GCM-SHA384 0x10ec2e538:DHE-RSA-AES256-GCM-SHA384 0x10ec2dc48:DHE-RSA-AES256-SHA256 0x10ec2dbf0:DHE-DSS-AES256-SHA256 0x10ec2db98:DH-RSA-AES256-SHA256 0x10ec2db40:DH-DSS-AES256-SHA256 0x10ec2d618:DHE-RSA-AES256-SHA 0x10ec2d5c0:DHE-DSS-AES256-SHA 0x10ec2d568:DH-RSA-AES256-SHA 0x10ec2d510:DH-DSS-AES256-SHA 0x10ec2ff58:ECDHE-RSA-CAMELLIA256-SHA384 0x10ec2fdf8:ECDHE-ECDSA-CAMELLIA256-SHA384 0x10ec2ebc0:DHE-RSA-CAMELLIA256-SHA256 0x10ec2eb68:DHE-DSS-CAMELLIA256-SHA256 0x10ec2eb10:DH-RSA-CAMELLIA256-SHA256 0x10ec2eab8:DH-DSS-CAMELLIA256-SHA256 0x10ec2e010:DHE-RSA-CAMELLIA256-SHA 0x10ec2dfb8:DHE-DSS-CAMELLIA256-SHA 0x10ec2df60:DH-RSA-CAMELLIA256-SHA 0x10ec2df08:DH-DSS-CAMELLIA256-SHA 0x10ec2f4b0:AECDH-AES256-SHA 0x10ec2fd48:ECDH-RSA-AES256-GCM-SHA384 0x10ec2fbe8:ECDH-ECDSA-AES256-GCM-SHA384 0x10ec2fa88:ECDH-RSA-AES256-SHA384 0x10ec2f928:ECDH-ECDSA-AES256-SHA384 0x10ec2f140:ECDH-RSA-AES256-SHA 0x10ec2edd0:ECDH-ECDSA-AES256-SHA 0x10ec30008:ECDH-RSA-CAMELLIA256-SHA384 0x10ec2fea8:ECDH-ECDSA-CAMELLIA256-SHA384 0x10ec2e488:AES256-GCM-SHA384 0x10ec2d778:AES256-SHA256 0x10ec2d4b8:AES256-SHA 0x10ec2ea60:CAMELLIA256-SHA256 0x10ec2deb0:CAMELLIA256-SHA 0x10ec2e1c8:PSK-AES256-CBC-SHA 0x10ec2fc40:ECDHE-RSA-AES128-GCM-SHA256 0x10ec2fae0:ECDHE-ECDSA-AES128-GCM-SHA256 0x10ec2f980:ECDHE-RSA-AES128-SHA256 0x10ec2f820:ECDHE-ECDSA-AES128-SHA256 0x10ec2f2a0:ECDHE-RSA-AES128-SHA 0x10ec2ef30:ECDHE-ECDSA-AES128-SHA 0x10ec2f6c0:SRP-DSS-AES-128-CBC-SHA 0x10ec2f668:SRP-RSA-AES-128-CBC-SHA 0x10ec2f610:SRP-AES-128-CBC-SHA 0x10ec2e6f0:DH-DSS-AES128-GCM-SHA256 0x10ec2e640:DHE-DSS-AES128-GCM-SHA256 0x10ec2e590:DH-RSA-AES128-GCM-SHA256 0x10ec2e4e0:DHE-RSA-AES128-GCM-SHA256 0x10ec2dae8:DHE-RSA-AES128-SHA256 0x10ec2d880:DHE-DSS-AES128-SHA256 0x10ec2d828:DH-RSA-AES128-SHA256 0x10ec2d7d0:DH-DSS-AES128-SHA256 0x10ec2d408:DHE-RSA-AES128-SHA 0x10ec2d3b0:DHE-DSS-AES128-SHA 0x10ec2d358:DH-RSA-AES128-SHA 0x10ec2d300:DH-DSS-AES128-SHA 0x10ec2ff00:ECDHE-RSA-CAMELLIA128-SHA256 0x10ec2fda0:ECDHE-ECDSA-CAMELLIA128-SHA256 0x10ec2e9b0:DHE-RSA-CAMELLIA128-SHA256 0x10ec2e958:DHE-DSS-CAMELLIA128-SHA256 0x10ec2e900:DH-RSA-CAMELLIA128-SHA256 0x10ec2e8a8:DH-DSS-CAMELLIA128-SHA256 0x10ec2e380:DHE-RSA-SEED-SHA 0x10ec2e328:DHE-DSS-SEED-SHA 0x10ec2e2d0:DH-RSA-SEED-SHA 0x10ec2e278:DH-DSS-SEED-SHA 0x10ec2da38:DHE-RSA-CAMELLIA128-SHA 0x10ec2d9e0:DHE-DSS-CAMELLIA128-SHA 0x10ec2d988:DH-RSA-CAMELLIA128-SHA 0x10ec2d930:DH-DSS-CAMELLIA128-SHA 0x10ec2f458:AECDH-AES128-SHA 0x10ec2fcf0:ECDH-RSA-AES128-GCM-SHA256 0x10ec2fb90:ECDH-ECDSA-AES128-GCM-SHA256 0x10ec2fa30:ECDH-RSA-AES128-SHA256 0x10ec2f8d0:ECDH-ECDSA-AES128-SHA256 0x10ec2f0e8:ECDH-RSA-AES128-SHA 0x10ec2ed78:ECDH-ECDSA-AES128-SHA 0x10ec2ffb0:ECDH-RSA-CAMELLIA128-SHA256 0x10ec2fe50:ECDH-ECDSA-CAMELLIA128-SHA256 0x10ec2e430:AES128-GCM-SHA256 0x10ec2d720:AES128-SHA256 0x10ec2d2a8:AES128-SHA 0x10ec2e850:CAMELLIA128-SHA256 0x10ec2e220:SEED-SHA 0x10ec2d8d8:CAMELLIA128-SHA 0x10ec2cb70:IDEA-CBC-SHA 0x10ec2e170:PSK-AES128-CBC-SHA 0x10ec2f248:ECDHE-RSA-DES-CBC3-SHA 0x10ec2eed8:ECDHE-ECDSA-DES-CBC3-SHA 0x10ec2f5b8:SRP-DSS-3DES-EDE-CBC-SHA 0x10ec2f560:SRP-RSA-3DES-EDE-CBC-SHA 0x10ec2f508:SRP-3DES-EDE-CBC-SHA 0x10ec2d098:DHE-RSA-DES-CBC3-SHA 0x10ec2cf90:DHE-DSS-DES-CBC3-SHA 0x10ec2ce88:DH-RSA-DES-CBC3-SHA 0x10ec2cd80:DH-DSS-DES-CBC3-SHA 0x10ec2f400:AECDH-DES-CBC3-SHA 0x10ec2f090:ECDH-RSA-DES-CBC3-SHA 0x10ec2ed20:ECDH-ECDSA-DES-CBC3-SHA 0x10ec2cc78:DES-CBC3-SHA 0x10ec2e118:PSK-3DES-EDE-CBC-SHA Client sent 9 from 0x7ffe99e00a10: 0x10ec2fae0:ECDHE-ECDSA-AES128-GCM-SHA256 0x10ec2fc40:ECDHE-RSA-AES128-GCM-SHA256 0x10ec2ef88:ECDHE-ECDSA-AES256-SHA 0x10ec2ef30:ECDHE-ECDSA-AES128-SHA 0x10ec2f2a0:ECDHE-RSA-AES128-SHA 0x10ec2f2f8:ECDHE-RSA-AES256-SHA 0x10ec2d408:DHE-RSA-AES128-SHA 0x10ec2d3b0:DHE-DSS-AES128-SHA 0x10ec2d618:DHE-RSA-AES256-SHA rt=0 rte=0 dht=0 ecdht=0 re=1 ree=1 rs=0 ds=0 dhr=0 dhd=0 0:[00000080:00000001:00000101:00000085]0x10ec2f2f8:ECDHE-RSA-AES256-SHA rt=0 rte=0 dht=0 ecdht=0 re=1 ree=1 rs=0 ds=0 dhr=0 dhd=0 0:[00000080:00000040:00000101:00000085]0x10ec2ef88:ECDHE-ECDSA-AES256-SHA rt=0 rte=0 dht=0 ecdht=0 re=1 ree=1 rs=0 ds=0 dhr=0 dhd=0 0:[00000400:00000002:00000101:00000085]0x10ec2f7c8:SRP-DSS-AES-256-CBC-SHA rt=0 rte=0 dht=0 ecdht=0 re=1 ree=1 rs=0 ds=0 dhr=0 dhd=0 0:[00000400:00000001:00000101:00000085]0x10ec2f770:SRP-RSA-AES-256-CBC-SHA rt=0 rte=0 dht=0 ecdht=0 re=1 ree=1 rs=0 ds=0 dhr=0 dhd=0 0:[00000400:00000400:00000101:00000085]0x10ec2f718:SRP-AES-256-CBC-SHA rt=0 rte=0 dht=0 ecdht=0 re=1 ree=1 rs=0 ds=0 dhr=0 dhd=0 0:[00000008:00000001:00000101:00000085]0x10ec2d618:DHE-RSA-AES256-SHA rt=0 rte=0 dht=0 ecdht=0 re=1 ree=1 rs=0 ds=0 dhr=0 dhd=0 0:[00000008:00000002:00000101:00000085]0x10ec2d5c0:DHE-DSS-AES256-SHA rt=0 rte=0 dht=0 ecdht=0 re=1 ree=1 rs=0 ds=0 dhr=0 dhd=0 0:[00000002:00000008:00000101:00000085]0x10ec2d568:DH-RSA-AES256-SHA rt=0 rte=0 dht=0 ecdht=0 re=1 ree=1 rs=0 ds=0 dhr=0 dhd=0 0:[00000004:00000008:00000101:00000085]0x10ec2d510:DH-DSS-AES256-SHA rt=0 rte=0 dht=0 ecdht=0 re=1 ree=1 rs=0 ds=0 dhr=0 dhd=0 0:[00000008:00000001:00000101:00000085]0x10ec2e010:DHE-RSA-CAMELLIA256-SHA rt=0 rte=0 dht=0 ecdht=0 re=1 ree=1 rs=0 ds=0 dhr=0 dhd=0 0:[00000008:00000002:00000101:00000085]0x10ec2dfb8:DHE-DSS-CAMELLIA256-SHA rt=0 rte=0 dht=0 ecdht=0 re=1 ree=1 rs=0 ds=0 dhr=0 dhd=0 0:[00000002:00000008:00000101:00000085]0x10ec2df60:DH-RSA-CAMELLIA256-SHA rt=0 rte=0 dht=0 ecdht=0 re=1 ree=1 rs=0 ds=0 dhr=0 dhd=0 0:[00000004:00000008:00000101:00000085]0x10ec2df08:DH-DSS-CAMELLIA256-SHA rt=0 rte=0 dht=0 ecdht=0 re=1 ree=1 rs=0 ds=0 dhr=0 dhd=0 0:[00000080:00000004:00000101:00000085]0x10ec2f4b0:AECDH-AES256-SHA rt=0 rte=0 dht=0 ecdht=0 re=1 ree=1 rs=0 ds=0 dhr=0 dhd=0 0:[00000020:00000010:00000101:00000085]0x10ec2f140:ECDH-RSA-AES256-SHA rt=0 rte=0 dht=0 ecdht=0 re=1 ree=1 rs=0 ds=0 dhr=0 dhd=0 0:[00000040:00000010:00000101:00000085]0x10ec2edd0:ECDH-ECDSA-AES256-SHA rt=0 rte=0 dht=0 ecdht=0 re=1 ree=1 rs=0 ds=0 dhr=0 dhd=0 1:[00000001:00000001:00000101:00000085]0x10ec2d4b8:AES256-SHA rt=0 rte=0 dht=0 ecdht=0 re=1 ree=1 rs=0 ds=0 dhr=0 dhd=0 1:[00000001:00000001:00000101:00000085]0x10ec2deb0:CAMELLIA256-SHA rt=0 rte=0 dht=0 ecdht=0 re=1 ree=1 rs=0 ds=0 dhr=0 dhd=0 rt=0 rte=0 dht=0 ecdht=0 re=1 ree=1 rs=0 ds=0 dhr=0 dhd=0 0:[00000080:00000001:00000101:00000085]0x10ec2f2a0:ECDHE-RSA-AES128-SHA rt=0 rte=0 dht=0 ecdht=0 re=1 ree=1 rs=0 ds=0 dhr=0 dhd=0 0:[00000080:00000040:00000101:00000085]0x10ec2ef30:ECDHE-ECDSA-AES128-SHA rt=0 rte=0 dht=0 ecdht=0 re=1 ree=1 rs=0 ds=0 dhr=0 dhd=0 0:[00000400:00000002:00000101:00000085]0x10ec2f6c0:SRP-DSS-AES-128-CBC-SHA rt=0 rte=0 dht=0 ecdht=0 re=1 ree=1 rs=0 ds=0 dhr=0 dhd=0 0:[00000400:00000001:00000101:00000085]0x10ec2f668:SRP-RSA-AES-128-CBC-SHA rt=0 rte=0 dht=0 ecdht=0 re=1 ree=1 rs=0 ds=0 dhr=0 dhd=0 0:[00000400:00000400:00000101:00000085]0x10ec2f610:SRP-AES-128-CBC-SHA rt=0 rte=0 dht=0 ecdht=0 re=1 ree=1 rs=0 ds=0 dhr=0 dhd=0 0:[00000008:00000001:00000101:00000085]0x10ec2d408:DHE-RSA-AES128-SHA rt=0 rte=0 dht=0 ecdht=0 re=1 ree=1 rs=0 ds=0 dhr=0 dhd=0 0:[00000008:00000002:00000101:00000085]0x10ec2d3b0:DHE-DSS-AES128-SHA rt=0 rte=0 dht=0 ecdht=0 re=1 ree=1 rs=0 ds=0 dhr=0 dhd=0 0:[00000002:00000008:00000101:00000085]0x10ec2d358:DH-RSA-AES128-SHA rt=0 rte=0 dht=0 ecdht=0 re=1 ree=1 rs=0 ds=0 dhr=0 dhd=0 0:[00000004:00000008:00000101:00000085]0x10ec2d300:DH-DSS-AES128-SHA rt=0 rte=0 dht=0 ecdht=0 re=1 ree=1 rs=0 ds=0 dhr=0 dhd=0 0:[00000008:00000001:00000101:00000085]0x10ec2e380:DHE-RSA-SEED-SHA rt=0 rte=0 dht=0 ecdht=0 re=1 ree=1 rs=0 ds=0 dhr=0 dhd=0 0:[00000008:00000002:00000101:00000085]0x10ec2e328:DHE-DSS-SEED-SHA rt=0 rte=0 dht=0 ecdht=0 re=1 ree=1 rs=0 ds=0 dhr=0 dhd=0 0:[00000002:00000008:00000101:00000085]0x10ec2e2d0:DH-RSA-SEED-SHA rt=0 rte=0 dht=0 ecdht=0 re=1 ree=1 rs=0 ds=0 dhr=0 dhd=0 0:[00000004:00000008:00000101:00000085]0x10ec2e278:DH-DSS-SEED-SHA rt=0 rte=0 dht=0 ecdht=0 re=1 ree=1 rs=0 ds=0 dhr=0 dhd=0 0:[00000008:00000001:00000101:00000085]0x10ec2da38:DHE-RSA-CAMELLIA128-SHA rt=0 rte=0 dht=0 ecdht=0 re=1 ree=1 rs=0 ds=0 dhr=0 dhd=0 0:[00000008:00000002:00000101:00000085]0x10ec2d9e0:DHE-DSS-CAMELLIA128-SHA rt=0 rte=0 dht=0 ecdht=0 re=1 ree=1 rs=0 ds=0 dhr=0 dhd=0 0:[00000002:00000008:00000101:00000085]0x10ec2d988:DH-RSA-CAMELLIA128-SHA rt=0 rte=0 dht=0 ecdht=0 re=1 ree=1 rs=0 ds=0 dhr=0 dhd=0 0:[00000004:00000008:00000101:00000085]0x10ec2d930:DH-DSS-CAMELLIA128-SHA rt=0 rte=0 dht=0 ecdht=0 re=1 ree=1 rs=0 ds=0 dhr=0 dhd=0 0:[00000080:00000004:00000101:00000085]0x10ec2f458:AECDH-AES128-SHA rt=0 rte=0 dht=0 ecdht=0 re=1 ree=1 rs=0 ds=0 dhr=0 dhd=0 0:[00000020:00000010:00000101:00000085]0x10ec2f0e8:ECDH-RSA-AES128-SHA rt=0 rte=0 dht=0 ecdht=0 re=1 ree=1 rs=0 ds=0 dhr=0 dhd=0 0:[00000040:00000010:00000101:00000085]0x10ec2ed78:ECDH-ECDSA-AES128-SHA rt=0 rte=0 dht=0 ecdht=0 re=1 ree=1 rs=0 ds=0 dhr=0 dhd=0 1:[00000001:00000001:00000101:00000085]0x10ec2d2a8:AES128-SHA rt=0 rte=0 dht=0 ecdht=0 re=1 ree=1 rs=0 ds=0 dhr=0 dhd=0 1:[00000001:00000001:00000101:00000085]0x10ec2e220:SEED-SHA rt=0 rte=0 dht=0 ecdht=0 re=1 ree=1 rs=0 ds=0 dhr=0 dhd=0 1:[00000001:00000001:00000101:00000085]0x10ec2d8d8:CAMELLIA128-SHA rt=0 rte=0 dht=0 ecdht=0 re=1 ree=1 rs=0 ds=0 dhr=0 dhd=0 1:[00000001:00000001:00000101:00000085]0x10ec2cb70:IDEA-CBC-SHA rt=0 rte=0 dht=0 ecdht=0 re=1 ree=1 rs=0 ds=0 dhr=0 dhd=0 rt=0 rte=0 dht=0 ecdht=0 re=1 ree=1 rs=0 ds=0 dhr=0 dhd=0 0:[00000080:00000001:00000101:00000085]0x10ec2f248:ECDHE-RSA-DES-CBC3-SHA rt=0 rte=0 dht=0 ecdht=0 re=1 ree=1 rs=0 ds=0 dhr=0 dhd=0 0:[00000080:00000040:00000101:00000085]0x10ec2eed8:ECDHE-ECDSA-DES-CBC3-SHA rt=0 rte=0 dht=0 ecdht=0 re=1 ree=1 rs=0 ds=0 dhr=0 dhd=0 0:[00000400:00000002:00000101:00000085]0x10ec2f5b8:SRP-DSS-3DES-EDE-CBC-SHA rt=0 rte=0 dht=0 ecdht=0 re=1 ree=1 rs=0 ds=0 dhr=0 dhd=0 0:[00000400:00000001:00000101:00000085]0x10ec2f560:SRP-RSA-3DES-EDE-CBC-SHA rt=0 rte=0 dht=0 ecdht=0 re=1 ree=1 rs=0 ds=0 dhr=0 dhd=0 0:[00000400:00000400:00000101:00000085]0x10ec2f508:SRP-3DES-EDE-CBC-SHA rt=0 rte=0 dht=0 ecdht=0 re=1 ree=1 rs=0 ds=0 dhr=0 dhd=0 0:[00000008:00000001:00000101:00000085]0x10ec2d098:DHE-RSA-DES-CBC3-SHA rt=0 rte=0 dht=0 ecdht=0 re=1 ree=1 rs=0 ds=0 dhr=0 dhd=0 0:[00000008:00000002:00000101:00000085]0x10ec2cf90:DHE-DSS-DES-CBC3-SHA rt=0 rte=0 dht=0 ecdht=0 re=1 ree=1 rs=0 ds=0 dhr=0 dhd=0 0:[00000002:00000008:00000101:00000085]0x10ec2ce88:DH-RSA-DES-CBC3-SHA rt=0 rte=0 dht=0 ecdht=0 re=1 ree=1 rs=0 ds=0 dhr=0 dhd=0 0:[00000004:00000008:00000101:00000085]0x10ec2cd80:DH-DSS-DES-CBC3-SHA rt=0 rte=0 dht=0 ecdht=0 re=1 ree=1 rs=0 ds=0 dhr=0 dhd=0 0:[00000080:00000004:00000101:00000085]0x10ec2f400:AECDH-DES-CBC3-SHA rt=0 rte=0 dht=0 ecdht=0 re=1 ree=1 rs=0 ds=0 dhr=0 dhd=0 0:[00000020:00000010:00000101:00000085]0x10ec2f090:ECDH-RSA-DES-CBC3-SHA rt=0 rte=0 dht=0 ecdht=0 re=1 ree=1 rs=0 ds=0 dhr=0 dhd=0 0:[00000040:00000010:00000101:00000085]0x10ec2ed20:ECDH-ECDSA-DES-CBC3-SHA rt=0 rte=0 dht=0 ecdht=0 re=1 ree=1 rs=0 ds=0 dhr=0 dhd=0 1:[00000001:00000001:00000101:00000085]0x10ec2cc78:DES-CBC3-SHA rt=0 rte=0 dht=0 ecdht=0 re=1 ree=1 rs=0 ds=0 dhr=0 dhd=0 DEBUG: [worker #1] RTC::DTLSHandler::onSSLInfo() | sending DTLS fatal alert: handshake failure DEBUG: [worker #1] RTC::DTLSHandler::onSSLInfo() | role: server | waiting for: SSLv3 read client hello C DEBUG: [worker #1] RTC::DTLSHandler::SendPendingOutgoingDTLSData() | 15 bytes of DTLS data ready to sent to the peer ERROR: [worker #1] RTC::DTLSHandler::CheckStatus() | OpenSSL error | SSL status: SSL_ERROR_SSL: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher NOTICE: [worker #1] RTC::DTLSHandler::CheckStatus() | DTLS connection failed DEBUG: [worker #1] RTC::Transport::onDTLSFailed() | DTLS failed ----------------
Reporter | ||
Comment 39•10 years ago
|
||
Sorry, I don't even get OpenSSL to be compiled with debug symbols (despite I've followed the steps for that) so I see nothing in lldb. I'm not sure but I expect that the following OpenSSL code could be related: ssl/s3_libs.c line 4472: ------------------------- /* Skip TLS v1.2 only ciphersuites if not supported */ if ((c->algorithm_ssl & SSL_TLSV1_2) && !SSL_USE_TLS1_2_CIPHERS(s)) continue; -------------------------
Assignee | ||
Comment 40•10 years ago
|
||
Looks like David found the problem and he has a simple fix: https://code.google.com/p/chromium/issues/detail?id=406458 I'm going to land a fix to re-enable DTLS 1.2 and then we will wait for that fix to hit a Chrome release. Then we're switching PFS back on. For now, if you care about PFS and you have an openssl- or boringssl-based Chrome or WebRTC, have Firefox act in the server role (usually, that's Firefox sending the offer).
Reporter | ||
Comment 41•10 years ago
|
||
Confirmed that SSL_CTX_set_ecdh_auto(ctx, 1) works so the DTLS1.2 ClientHello from Firefox 34.0a1 is accepted.
Assignee | ||
Comment 43•9 years ago
|
||
Attachment #8542198 -
Flags: review?(ekr)
Assignee | ||
Comment 44•9 years ago
|
||
/r/1753 - Bug 1052610 - Disabling non-PFS cipher suites Pull down this commit: hg pull review -r 559b226f73d8178b2efbd21776e6f7e07791ab0c
Updated•9 years ago
|
Attachment #8542198 -
Flags: review?(ekr) → review+
Comment 45•9 years ago
|
||
https://reviewboard.mozilla.org/r/1751/#review1197 Ship It!
Assignee | ||
Comment 46•9 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/47d9e690f4a9
Assignee | ||
Comment 48•9 years ago
|
||
I should have dropped the `leave-open`. This is fixed now.
Comment 49•9 years ago
|
||
Is this fix going into FF37?
Comment 50•9 years ago
|
||
MT is on vacation, but I think there may be some confusion here. We initially restricted the list of ciphers that we used for DTLS and then discovered it was creating interop problems. We backed out that change: https://hg.mozilla.org/integration/mozilla-inbound/rev/8ee163409ca1 Now that Chrome has been updated, the change has been re-landed: https://hg.mozilla.org/integration/mozilla-inbound/rev/47d9e690f4a9 So "fixed" means "expect other sides to have upgraded"
Assignee | ||
Comment 51•9 years ago
|
||
Attachment #8542198 -
Attachment is obsolete: true
Attachment #8618273 -
Flags: review+
Assignee | ||
Comment 52•9 years ago
|
||
You need to log in
before you can comment on or make changes to this bug.
Description
•