Closed
Bug 584684
Opened 14 years ago
Closed 1 month ago
SSL malformed key exchange error (ssl_error_rx_malformed_server_key_exch)
Categories
(Tech Evangelism Graveyard :: Other, defect)
Tech Evangelism Graveyard
Other
Tracking
(Not tracked)
RESOLVED
INCOMPLETE
People
(Reporter: tedkaz, Assigned: wtc)
References
Details
Attachments
(2 files)
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_4; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.125 Safari/533.4 Build Identifier: 4.0b2 Error code: ssl_error_rx_malformed_server_key_exch openssl 0.9.8o Reproducible: Always Steps to Reproduce: 1.openssl s_server -accept 58856 -cert tunnel2.pem -key key2.txt -state -www -cipher DHE-RSA-AES256-SHA 2. 3. Actual Results: Error code: ssl_error_rx_malformed_server_key_exch Expected Results: Session established I will attach key and cert used
Reporter | ||
Comment 1•14 years ago
|
||
Reporter | ||
Comment 2•14 years ago
|
||
Reporter | ||
Comment 3•14 years ago
|
||
Opps forgot to state to to to connect :-)
Comment 4•14 years ago
|
||
And why do you think that this is a bug in Gecko and not with your TLS setup ?
Component: Security → General
QA Contact: firefox → general
(In reply to comment #2) > Created attachment 463144 [details] > ssl cert -----BEGIN DH PARAMETERS----- MCYCIQCFNBuTP1HBJ51z7Giz6DWLmkAvolWOMt3p2kCkZWl76wIBAg== -----END DH PARAMETERS----- These are parameters for a 256-bit key - definitely much too short for public key crypto in 2010. This bug is most likely a duplicate of bug 583337 (I assume that removing the DH parameters block from tunnel2.pem will make the s_server command work - as OpenSSL will then use builtin DH parameters, with 512 bits).
Assignee | ||
Comment 6•14 years ago
|
||
Ted: thanks a lot for the bug report. This is a duplicate of bug 583337. How did you generate tunnel2.pem, in particular the DH PARAMETERS block in it? This may shed some light on bug 583337.
Assignee: nobody → wtc
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
OS: Windows XP → All
(In reply to comment #6) > Ted: thanks a lot for the bug report. This is a > duplicate of bug 583337. Wan-Teh, do you want to keep it open as a separate issue, or can it be duped?
URL: http://custom
Hardware: x86 → All
Summary: ssl malformed key error → SSL malformed key exchange error (ssl_error_rx_malformed_server_key_exch)
Version: unspecified → Trunk
Assignee | ||
Comment 8•14 years ago
|
||
I'd like to keep this open as a separate issue until tedkaz answers my question in comment 6. Ted: any info you can provide on how you generated the DH PARAMETERS block in your tunnel2.pem will be very helpful to us. Thanks.
Reporter | ||
Comment 9•14 years ago
|
||
I pinged the developer who provided me this, but he is away on vacation till Septemeber, so I can't get an answer till then.
Assignee | ||
Comment 10•14 years ago
|
||
I'm changing this into a Technical Evangelism bug so that I have a separate bug report for every server that uses 256-bit DH keys.
Depends on: 583337
Assignee | ||
Updated•14 years ago
|
Assignee | ||
Updated•14 years ago
|
Component: General → Other
Product: Firefox → Tech Evangelism
QA Contact: general → other
Version: Trunk → unspecified
Assignee | ||
Updated•14 years ago
|
Attachment #463144 -
Attachment mime type: application/octet-stream → text/plain
Updated•9 years ago
|
Product: Tech Evangelism → Tech Evangelism Graveyard
Status: ASSIGNED → RESOLVED
Closed: 1 month ago
Resolution: --- → INCOMPLETE
You need to log in
before you can comment on or make changes to this bug.
Description
•