Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/tls: error with client certificate and X448 and X25519 curves #33577

Open
cromefire opened this issue Aug 10, 2019 · 9 comments

Comments

@cromefire
Copy link

commented Aug 10, 2019

What version of Go are you using (go version)?

$ go version
go version go1.12.7 linux/amd64

Does this issue reproduce with the latest release?

Yes (1.12.7)

What operating system and processor architecture are you using (go env)?

go env Output
$ go env
GOARCH="amd64"
GOBIN=""
GOCACHE="/home/<redacted>/.cache/go-build"
GOEXE=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOOS="linux"
GOPATH="/home/<redacted>/go"
GOPROXY="direct"
GORACE=""
GOROOT="/usr/local/go"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64"
GCCGO="gccgo"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD="/home/<redacted>/go/src/test/go.mod"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build069598509=/tmp/go-build -gno-record-gcc-switches"

What did you do?

As far as I've been able to reproduce it it only happens with an ecc client certificate and a rsa server certificate.

https://gist.github.com/cromefire/590eb9743dbadeca89c213b0aa1a2d58 (play.golang.org doesn't work with tcp it seems)

The same thing using curl works:

curl -vk --cert ecccert.pem --key ecckey.pem https://go-issue.cromefire.myds.me

The backend server (Apache/2.4.39 (Ubuntu), with OpenSSL 1.1.1c) is using no special config:

<VirtualHost *:443>
    # Skipped Name, logging and DocumentRoot

    Include includes/ssl.conf  # TLS certs, rsa ones
    SSLProtocol TLSv1.2
    SSLVerifyClient optional_no_ca
</VirtualHost>

For debugging purposes the program creates /tmp/keylog.txt which can be imported into wireshark

What did you expect to see?

The expected result are no errors

What did you see instead?

rsa-ecc: ok
ecc-ecc: ok
nocert-ecc: ok
rsa-rsa: ok
ecc-rsa: Get https://go-issue.cromefire.myds.me: remote error: tls: illegal parameter
nocert-rsa: ok
@cromefire

This comment has been minimized.

Copy link
Author

commented Aug 10, 2019

Some packets captured with wireshark (of the broken request):
pkts.txt

@cromefire

This comment was marked as outdated.

Copy link
Author

commented Aug 10, 2019

It seems to work with nginx, but before anyone starts marking this as apache issue: It works with curl and apache

@cromefire

This comment has been minimized.

Copy link
Author

commented Aug 10, 2019

The underlying issue seems that it rejects X448 and X25519 which are the only curves allowed by the server currently

@cromefire cromefire changed the title tls error with ecc client certificate and rsa cerver certificate and tls error with client certificate and X448 and X25519 curves Aug 10, 2019

@calmh

This comment has been minimized.

Copy link
Contributor

commented Aug 10, 2019

AFAIK, you need to allow the curve in use by the certificate in order to be able to verify it. That's P384 or P256. For what it's worth, your server also does not work for me with curl and a Syncthing-generated certificate:

jb@kvin:~/foo $ syncthing -generate .
16:06:52 INFO: Device ID: UAXNKTY-34GLUSN-EZYFR4M-PKLSFHQ-32ZWHXZ-TR7WXSN-6UO44VY-OI55LQR
16:06:52 INFO: Default folder created and/or linked to new config
jb@kvin:~/foo $ curl -vk --cert cert.pem --key key.pem https://go-issue.cromefire.myds.me
* Rebuilt URL to: https://go-issue.cromefire.myds.me/
*   Trying 91.63.83.36...
...
* error:1401E417:SSL routines:CONNECT_CR_FINISHED:sslv3 alert illegal parameter
* stopped the pause stream!
* Closing connection 0
curl: (35) error:1401E417:SSL routines:CONNECT_CR_FINISHED:sslv3 alert illegal parameter
@cromefire

This comment has been minimized.

Copy link
Author

commented Aug 10, 2019

you need to allow the curve in use by the certificate in order to be able to verify it

Verification should be fine, it should only block it from being used to negotiate a shared key

I have no problem using curl:

~$ syncthing -generate .
16:20:00 INFO: Device ID: KTXYHRS-FZGLNVC-X4QQWNY-3UONW33-H3GZJLT-2JVKXW7-IJM4OYW-P5BB7AP
16:20:00 INFO: Default folder created and/or linked to new config
~$ curl -vk --cert cert.pem --key key.pem https://go-issue.cromefire.myds.me --tlsv1.2
* Rebuilt URL to: https://go-issue.cromefire.myds.me/
*   Trying 91.63.83.36...
[...]
<address>Cromefire Web Frontend Server at go-issue.cromefire.myds.me Port 443</address>
</body></html>
* Connection #0 to host go-issue.cromefire.myds.me left intact

Version:

curl 7.58.0 (x86_64-pc-linux-gnu) libcurl/7.58.0 OpenSSL/1.1.1 zlib/1.2.11 libidn2/2.0.4 libpsl/0.19.1 (+libidn2/2.0.4) nghttp2/1.30.0 librtmp/2.3
Release-Date: 2018-01-24
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp smb smbs smtp smtps telnet tftp 
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy PSL
@calmh

This comment has been minimized.

Copy link
Contributor

commented Aug 10, 2019

Okay, I’ve clearly misunderstood something on that point. Regardless, why don’t you allow the more common curves, is this really the out of the box config in your Ubuntu?

@cromefire

This comment has been minimized.

Copy link
Author

commented Aug 10, 2019

why don’t you allow the more common curves, is this really the out of the box config in your Ubuntu

No there is apparently (still) a bug in apache that makes the ssl configuration for vhosts on the same port be kind of shared and all my other vhosts are restricted to those 2 curves

@calmh

This comment has been minimized.

Copy link
Contributor

commented Aug 10, 2019

Right. So I'll leave this issue for the Go team to decide, but from my point of view after troubleshooting this with your for literally hours -- where you claim a default config, "no special config", and a bug in our code or Go -- only to discover you've disabled a major swath of the relevant cipher stuff in a very unusual way and declined to mention it... I find that disrespectful and a huge waste of time. Over and out.

@cromefire

This comment has been minimized.

Copy link
Author

commented Aug 10, 2019

where you claim a default config, "no special config"

I didn't know about this bug in apache either and as curl worked fine, I wasn't thinking that the config some how applied to that vhost and it still seems like there is a bug, just a different one than what I thought (2 bug coming together and one disguising the other)

@FiloSottile FiloSottile changed the title tls error with client certificate and X448 and X25519 curves crypto/tls: error with client certificate and X448 and X25519 curves Aug 10, 2019

@FiloSottile FiloSottile added this to the Go1.14 milestone Aug 10, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.