Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

openssl (1.0.2) curve + cloudflare artefact? #1255

drwetter opened this issue May 2, 2019 · 2 comments


Copy link

commented May 2, 2019

Stumbled over this in a client simulation case:

./ --ssl-native -c  --color 0 --ip=one

 Edge 17 (Win 10)             No connection
 Opera 60 (Win 10)            No connection
 OpenSSL 1.1.0j (Debian)      No connection
 OpenSSL 1.1.1b (Debian)      No connection
 Thunderbird (60.6)           No connection

It seems that for the simulation with For OpenSSL 1.1.0j (Debian) and OpenSSL 1.1.1b (Debian) No connection returns in the openssl handshake an

prompt % ./bin/openssl.Linux.x86_64 s_client -curves secp521r1:secp384r1 -no_ssl2 -no_ssl3 -connect -servername -no_comp -cipher ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA </dev/null


13322304:error:1414D17A:SSL routines:tls12_check_peer_sigalg:wrong curve:t1_lib.c:1071

the return code of openssl s_client is 1 albeit both curves are available on both sides.

If I remove the ciphers using elliptic cryptography for KX I can successfully connect (return code 0):

./bin/openssl.Linux.x86_64 s_client  -no_ssl2 -no_ssl3 -connect -servername -no_comp -cipher DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA </dev/null

OpenSSL 1.1.1 behaves slightly different, only OpenSSL 1.1.0j (Debian) and Edge 17 (Win 10) (still) fail, whereas the other three connect over TLS 1.3 (and curve X25519).


This comment has been minimized.

Copy link
Owner Author

commented May 2, 2019

Received Record
  Version = TLS 1.2 (0x303)
  Content Type = Handshake (22)
  Length = 179
    ServerKeyExchange, Length=175
        named_curve: secp384r1 (P-384) (24)
        point (len=97): 043B5858D08B6E1BF56DF8C4D9877D31B966FBBB54BF7DB416697F5E0E7125732B69E1442D6A2F500529BC91E6DC034D8E8FE9E9A7ACFB984E5C8EB8A80C01F578726EBAE347F908C9BEDF84D812FA5FB60F9837C9FEAB599AFAA552D8D3B3F49A
      Signature Algorithm sha256+ecdsa (4+3)
      Signature (len=70): 3044022070E55B8DAE265B2E3CA282E893D7BA0FD1CC8932B07BF9BE651D384E6A9D30ED02207ECB1781FF722E221D8C4CAAF1B05F04DA5A3D7BDB8605C15947C3DEB9F75B03

Sent Record
  Version = TLS 1.2 (0x303)
  Content Type = Alert (21)
  Length = 2
    Level=fatal(2), description=decode error(50)


This comment has been minimized.

Copy link
Owner Author

commented May 3, 2019

2176f29 supports now also one of the curves from cloudflare (secp224r1 prime256v1 secp384r1 secp521r1 X25519 as of today).

Still not sure why the other curves fail and throw a decode error:

prompt% ./bin/openssl.Linux.x86_64 ecparam -list_curves | grep -E 'prime256v1|secp521r1|secp384r1'                                                     more_unittests1
  secp384r1 : NIST/SECG curve over a 384 bit prime field
  secp521r1 : NIST/SECG curve over a 521 bit prime field
  prime256v1: X9.62/SECG curve over a 256 bit prime field

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
1 participant
You can’t perform that action at this time.