Closed Bug 584684 Opened 14 years ago Closed 1 month ago

SSL malformed key exchange error (ssl_error_rx_malformed_server_key_exch)

Categories

(Tech Evangelism Graveyard :: Other, defect)

Product:
Tech Evangelism Graveyard
Component:
Other
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INCOMPLETE

People

(Reporter: tedkaz, Assigned: wtc)

References

Details

Attachments

(2 files)

ssl key
888 bytes, text/plain
Details
ssl cert
1.46 KB, text/plain
Details 
User-Agent:       Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_4; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.125 Safari/533.4
Build Identifier: 4.0b2

Error code: ssl_error_rx_malformed_server_key_exch
openssl 0.9.8o


Reproducible: Always

Steps to Reproduce:
1.openssl s_server -accept 58856 -cert tunnel2.pem -key key2.txt -state -www -cipher DHE-RSA-AES256-SHA
2.
3.
Actual Results:  
Error code: ssl_error_rx_malformed_server_key_exch

Expected Results:  
Session established

I will attach key and cert used
Attached file ssl key 

    
    

    
  

      
      
      
      

        Attached file
          
        ssl cert
      

    


  

    
    

    
  
Opps forgot to state to to to connect :-)

    
    

    
  
And why do you think that this is a bug in Gecko and not with your TLS setup ?
Component: Security → General
QA Contact: firefox → general

    
    

    
  
(In reply to comment #2)
> Created attachment 463144 [details]
> ssl cert

-----BEGIN DH PARAMETERS-----
MCYCIQCFNBuTP1HBJ51z7Giz6DWLmkAvolWOMt3p2kCkZWl76wIBAg==
-----END DH PARAMETERS-----

These are parameters for a 256-bit key - definitely much too short for public key crypto in 2010.

This bug is most likely a duplicate of bug 583337 (I assume that removing the DH parameters block from tunnel2.pem will make the s_server command work - as OpenSSL will then use builtin DH parameters, with 512 bits).

    
    

    
  
Ted: thanks a lot for the bug report.  This is a
duplicate of bug 583337.

How did you generate tunnel2.pem, in particular the
DH PARAMETERS block in it?  This may shed some light
on bug 583337.
Assignee: nobody → wtc
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
OS: Windows XP → All

    
    

    
  
(In reply to comment #6)
> Ted: thanks a lot for the bug report.  This is a
> duplicate of bug 583337.

Wan-Teh, do you want to keep it open as a separate issue, or can it be duped?
URL: http://custom
Hardware: x86 → All
Summary: ssl malformed key error → SSL malformed key exchange error (ssl_error_rx_malformed_server_key_exch)
Version: unspecified → Trunk

    
    

    
  
I'd like to keep this open as a separate issue
until tedkaz answers my question in comment 6.

Ted: any info you can provide on how you generated
the DH PARAMETERS block in your tunnel2.pem will
be very helpful to us.  Thanks.

    
    

    
  
I pinged the developer who provided me this, but he is away on vacation till Septemeber, so I can't get an answer till then.

    
    

    
  
I'm changing this into a Technical Evangelism bug
so that I have a separate bug report for every server
that uses 256-bit DH keys.
Depends on: 583337

    
  
Blocks: 583337
No longer depends on: 583337

    
  
Component: General → Other
Product: Firefox → Tech Evangelism
QA Contact: general → other
Version: Trunk → unspecified

    
  

        Attachment #463144 -
        Attachment mime type: application/octet-stream → text/plain
Product: Tech Evangelism → Tech Evangelism Graveyard

    
  
Status: ASSIGNED → RESOLVED
Closed: 1 month ago
Resolution: --- → INCOMPLETE

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: