Closed Bug 584684 Opened 15 years ago Closed 1 year ago

SSL malformed key exchange error (ssl_error_rx_malformed_server_key_exch)

Categories

(Tech Evangelism Graveyard :: Other, defect)

Product:
Tech Evangelism Graveyard
Component:
Other
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INCOMPLETE

People

(Reporter: tedkaz, Assigned: wtc)

References

Details

Attachments

(2 files)

ssl key
888 bytes, text/plain
Details
ssl cert
1.46 KB, text/plain
Details
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_4; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.125 Safari/533.4 Build Identifier: 4.0b2 Error code: ssl_error_rx_malformed_server_key_exch openssl 0.9.8o Reproducible: Always Steps to Reproduce: 1.openssl s_server -accept 58856 -cert tunnel2.pem -key key2.txt -state -www -cipher DHE-RSA-AES256-SHA 2. 3. Actual Results: Error code: ssl_error_rx_malformed_server_key_exch Expected Results: Session established I will attach key and cert used
Attached file ssl key
Attached file ssl cert
Opps forgot to state to to to connect :-)
And why do you think that this is a bug in Gecko and not with your TLS setup ?
Component: Security → General
QA Contact: firefox → general
(In reply to comment #2) > Created attachment 463144 [details] > ssl cert -----BEGIN DH PARAMETERS----- MCYCIQCFNBuTP1HBJ51z7Giz6DWLmkAvolWOMt3p2kCkZWl76wIBAg== -----END DH PARAMETERS----- These are parameters for a 256-bit key - definitely much too short for public key crypto in 2010. This bug is most likely a duplicate of bug 583337 (I assume that removing the DH parameters block from tunnel2.pem will make the s_server command work - as OpenSSL will then use builtin DH parameters, with 512 bits).
Ted: thanks a lot for the bug report. This is a duplicate of bug 583337. How did you generate tunnel2.pem, in particular the DH PARAMETERS block in it? This may shed some light on bug 583337.
Assignee: nobody → wtc
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
OS: Windows XP → All
(In reply to comment #6) > Ted: thanks a lot for the bug report. This is a > duplicate of bug 583337. Wan-Teh, do you want to keep it open as a separate issue, or can it be duped?
URL: http://custom
Hardware: x86 → All
Summary: ssl malformed key error → SSL malformed key exchange error (ssl_error_rx_malformed_server_key_exch)
Version: unspecified → Trunk
I'd like to keep this open as a separate issue until tedkaz answers my question in comment 6. Ted: any info you can provide on how you generated the DH PARAMETERS block in your tunnel2.pem will be very helpful to us. Thanks.
I pinged the developer who provided me this, but he is away on vacation till Septemeber, so I can't get an answer till then.
I'm changing this into a Technical Evangelism bug so that I have a separate bug report for every server that uses 256-bit DH keys.
Depends on: 583337
Blocks: 583337
No longer depends on: 583337
Component: General → Other
Product: Firefox → Tech Evangelism
QA Contact: general → other
Version: Trunk → unspecified
Attachment #463144 - Attachment mime type: application/octet-stream → text/plain
Product: Tech Evangelism → Tech Evangelism Graveyard
Status: ASSIGNED → RESOLVED
Closed: 1 year ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: