Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSL hanshake failure #5859

Closed
slandelle opened this issue Sep 23, 2016 · 14 comments
Closed

SSL hanshake failure #5859

slandelle opened this issue Sep 23, 2016 · 14 comments
Assignees
@Scottmitch
Labels
feature
Milestone
4.0.42.Final

Comments

@slandelle
Copy link
Contributor

Hi there,

Please consider this sample.

It always crashes when trying to connect to "https://netty.io".

Issue was originally reported against AHC, see AsyncHttpClient/async-http-client#1252.

It doesn't seem to be actually related to SNI, as the sample works fine against "https://github.com" that has SNI enabled too.

Am I missing something?

Regards
@slandelle slandelle changed the title SSL hanshake failure SSL hanshake failured Sep 23, 2016
@slandelle
Copy link
Contributor Author

Additional comment: issue doesn't happen with ACH1 that runs on Netty 3 instead of 4.0.

@normanmaurer
Copy link
Member

Will check

@normanmaurer normanmaurer self-assigned this Sep 24, 2016
@slandelle
Copy link
Contributor Author

Thanks. I had a quick look at the ssl debug log, it looked like the engine wasn't getting fed enough bytes. Sadly, I won't be able to investigate myself for quite some time :(

@Scottmitch
Copy link
Member

I think it may be a server issue. Your example is able to connect to other well known hosts without issue. Also openssl's s_client also detects an error:

$ openssl s_client -host netty.io -port 443 -tls1
CONNECTED(00000003)
139673537627792:error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error:s3_pkt.c:1472:SSL alert number 80
139673537627792:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure:s3_pkt.c:656:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1
    Cipher    : 0000
    Session-ID: 
    Session-ID-ctx: 
    Master-Key: 
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1474746497
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
---

@slandelle
Copy link
Contributor Author

But I have no problem with Chrome, Firefox and curl.

@slandelle slandelle changed the title SSL hanshake failured SSL hanshake failure Sep 24, 2016
@slandelle
Copy link
Contributor Author

@Scottmitch Actually, you could be right. I forced SSLEngine to use the same cipher suite as curl, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 and it worked.

@normanmaurer
Copy link
Member

So can we close this one ?

On 24 Sep 2016, at 13:21, Stephane Landelle notifications@github.com wrote:

@Scottmitch https://github.com/Scottmitch Actually, you could be right. I forced SSLEngine to use the same cipher suite as curl, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 and it worked.


You are receiving this because you were assigned.
Reply to this email directly, view it on GitHub #5859 (comment), or mute the thread https://github.com/notifications/unsubscribe-auth/AAa0QkcsI-xvEHuaZ0bBKt_KoyMk5r1Zks5qtYZagaJpZM4KFYo5.

@joymufeng
Copy link
Contributor

@slandelle This issue is indeed caused by the servers of CloudFlare, because they only support the following Cipher Suites:

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)   ECDH secp256r1 (eq. 3072 bits RSA)   FS  128
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)   ECDH secp256r1 (eq. 3072 bits RSA)   FS  128
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)   ECDH secp256r1 (eq. 3072 bits RSA)   FS 128
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)   ECDH secp256r1 (eq. 3072 bits RSA)   FS  256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024)   ECDH secp256r1 (eq. 3072 bits RSA)   FS  256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)   ECDH secp256r1 (eq. 3072 bits RSA)   FS 256
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008)   ECDH secp256r1 (eq. 3072 bits RSA)   FS    112
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9)   ECDH secp256r1 (eq. 3072 bits RSA)   FS    256P
OLD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcc14)   ECDH secp256r1 (eq. 3072 bits RSA)   FS    256P

This test result is reported by ssllabs.

@joymufeng joymufeng mentioned this issue Sep 25, 2016
Closed
@Scottmitch
Copy link
Member

I will close for now @slandelle please re-open if you feel there is a Netty component to this issue.

@slandelle
Copy link
Contributor Author

Honestly, it bugs me that Netty fails by default where other user-agents (tested with Chrome, FireFox and curl) succeed.
By default, JdkSslHandler only enables the following cipher suites:

  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
  • TLS_RSA_WITH_AES_128_GCM_SHA256
  • TLS_RSA_WITH_AES_128_CBC_SHA
  • TLS_RSA_WITH_AES_256_CBC_SHA
  • SSL_RSA_WITH_3DES_EDE_CBC_SHA

CloudFlare supports none of them.

Is there a good reason for Netty to be more strict than the rest of the world when it comes to cipher suites, and in the end, not be compatible? Why is TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 good enough for CloudFlare and not good enough for Netty?

@joymufeng
Copy link
Contributor

joymufeng commented Sep 25, 2016
edited
Loading

@normanmaurer Is it possible for netty to support more cipher suites?

@Scottmitch
Copy link
Member

AFAIK there is no reason why we can't add a few more cipher suites to the default set. It has been a while since we have re-visited this. Any objections to the following approach for starters:

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

and removing (older cipher using 3des):

SSL_RSA_WITH_3DES_EDE_CBC_SHA

@Scottmitch Scottmitch added this to the 4.0.42.Final milestone Sep 26, 2016
@Scottmitch
Copy link
Member

Scottmitch commented Sep 26, 2016
edited
Loading

Is it possible for netty to support more cipher suites?

Just to clarify @joymufeng you are free (and generally encouraged if your use case requires it) to specify your own list of ciphers via SslContextBuilder#cihpers(..).

@joymufeng
Copy link
Contributor

@Scottmitch Great! Thanks for reminding!

@slandelle slandelle mentioned this issue Sep 29, 2016
Closed
Scottmitch added a commit to Scottmitch/netty that referenced this issue Oct 11, 2016
@Scottmitch
Update Default Cipher List
d63a6ad 
Motivation:
Our default cipher list has not been updated in a while. We current support some older ciphers not commonly in use and we don't support some newer ciphers which are more commonly used.

Modifications:
- Update the default list of ciphers for JDK and OpenSSL.

Result:
Default cipher list is more likely to connect to peers.
Fixes netty#5859
@Scottmitch Scottmitch mentioned this issue Oct 11, 2016
Closed
Scottmitch added a commit that referenced this issue Oct 11, 2016
@Scottmitch
Update Default Cipher List
8ba5b5f 
Motivation:
Our default cipher list has not been updated in a while. We current support some older ciphers not commonly in use and we don't support some newer ciphers which are more commonly used.

Modifications:
- Update the default list of ciphers for JDK and OpenSSL.

Result:
Default cipher list is more likely to connect to peers.
Fixes #5859
Scottmitch added a commit that referenced this issue Oct 11, 2016
@Scottmitch
Update Default Cipher List
fd30c22 
Motivation:
Our default cipher list has not been updated in a while. We current support some older ciphers not commonly in use and we don't support some newer ciphers which are more commonly used.

Modifications:
- Update the default list of ciphers for JDK and OpenSSL.

Result:
Default cipher list is more likely to connect to peers.
Fixes #5859
@slandelle slandelle mentioned this issue Oct 24, 2016
Closed
@jplock jplock mentioned this issue Jan 16, 2017
Closed
liuzhengyang pushed a commit to liuzhengyang/netty that referenced this issue Sep 10, 2017
@Scottmitch
Update Default Cipher List
17f7942 
Motivation:
Our default cipher list has not been updated in a while. We current support some older ciphers not commonly in use and we don't support some newer ciphers which are more commonly used.

Modifications:
- Update the default list of ciphers for JDK and OpenSSL.

Result:
Default cipher list is more likely to connect to peers.
Fixes netty#5859
pulllock pushed a commit to pulllock/netty that referenced this issue Oct 19, 2023
@Scottmitch
Update Default Cipher List
6b84207 
Motivation:
Our default cipher list has not been updated in a while. We current support some older ciphers not commonly in use and we don't support some newer ciphers which are more commonly used.

Modifications:
- Update the default list of ciphers for JDK and OpenSSL.

Result:
Default cipher list is more likely to connect to peers.
Fixes netty#5859
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Scottmitch Scottmitch

Labels
feature
Projects
None yet
Milestone
4.0.42.Final
Development

No branches or pull requests
4 participants
@normanmaurer @slandelle @joymufeng @Scottmitch