-
Notifications
You must be signed in to change notification settings - Fork 87
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Error_EOF connecting to google domains #152
Comments
(I was just about to post the same! Funny to hear from you here again Erik, hope you and silk are doing good :)) So I ran into it this working on pandoc-placetable...
Maybe #109 wasn't completely fixed with |
I've been having this problem too. Interestingly, it seems that aside from forcing TLS 1.1 or 1.0, it also seems to work with tls-simpleclient when using |
Okay, I finally pinned it down. The problematic option is the cipher ECDHE-ECDSA-AES128GCM-SHA256 (0xc02b), recompiling tls-debug without this line: made it work again. The reason Google hangs up the connection is probably because the combination of a ECDSA-authenticated cipher (which they probably prefer over the others) but no advertised ECDSA signature algorithm is causing an unexpected error causing the connection to be closed immediately. Adding at least one ECDSA option also solved this problem: However, it seems that this sometimes leads to the signature verification to fail, so I guess there's a reason this code is not yet enabled by default:
|
Thanks @xnyhps about the detailed analysis. I'll see about adding the signature ECDSA |
I tested it a bit more and found that:
I think, but I have not dived into the RFCs enough to say for sure, that the problem is when truncating a SHA-512/SHA-384 hash when verifying a ECDSA signature generated on P-256 (which is what Google's ECC certs used): https://hackage.haskell.org/package/cryptonite-0.17/docs/src/Crypto-PubKey-ECC-ECDSA.html#tHash This shifts the hash right as an integer until it is less than the upper bound, but I think TLS requires you to only take the leftmost x bytes. This will fail about half the time as it will shift by one less if the first bit of the hash is 0. |
I'm no expert either but I think your analysis is right. The hash truncation The current implementation in function So the variable
|
@ocheron Could you create a PR for it? |
Yes I work on it. I just need to finish converting new test vectors to add to the test suite. |
Is there enything outstanding for this issue? |
There is still an issue about inconsistent extensions being sent: in |
I'm little bit lost in this discussion. :-) What's current status of this issue? There is more pages using ECDHE_ECDSA for key exchange. Will be this fixed soon or is there some workaround? Or is it possible somehow help (even if I'm not SSL guru)? :-) Thanks! |
This issue still exists: a connection to The workaround is simple if the API you use gives control over TLS parameters |
I use |
@horejsek it would be awesome if you could create the change for that library... it should be as easy as discussing the change and expose tls settings there |
Another option is to use our fork of |
@tolysz I'm not sure if it's good idea. It sounds like high-level library for me where you just want to do some request without worrying about lower level. But maybe it could be done by allowing to create manager from @hasselink Thanks! I will think about it. :-) |
Well, it seems it's rather hard to construct the proper It seems this should really be fixed in |
Maybe there should be a web usable subset of protocols and any "normal" client will use just that? |
I'm still undecided concerning the exact direction because I'm not sure of the consequences for security and performance (enabling ECDSA), or interoperability (disabling). A first step could be to change the default set of algorithms only in the
|
Yes, I think the default generated by
Indeed, but as you mentioned, that's a separate issue. |
It's a different issue, however I feel more comfortable changing default parameters when it is easy to override. So I worked on a possible solution for both issues and located in the package |
fixed in 1.3.9 |
I'm getting
HandshakeFailed Error_EOF
when connecting to google domains. For example:And:
This is using tls 1.3.8. Forcing TLS 1.1 makes it work. Any idea what's going on here? And perhaps a workaround? I guess I could patch the used libraries to use TLS 1.1...
The text was updated successfully, but these errors were encountered: