Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Passenger Enterprise Cipher Suites broken on 14.04 gnutls #2060

Closed
blimmer opened this issue Apr 9, 2018 · 5 comments

Comments

Projects
None yet
4 participants
@blimmer
Copy link

commented Apr 9, 2018

Similar to #1983 , I'm running into a Cipher Suite problem with the enterprise apt packages for passenger:

Ign https://www.phusionpassenger.com trusty/main amd64 Packages/DiffIndex
Ign https://www.phusionpassenger.com trusty/main Translation-en
Err https://www.phusionpassenger.com trusty/main amd64 Packages
  gnutls_handshake() failed: Handshake failed
Fetched 4880 kB in 11s (416 kB/s)
W: Failed to fetch https://www.phusionpassenger.com/enterprise_apt/dists/trusty/main/binary-amd64/Packages: gnutls_handshake() failed: Handshake failed
E: Some index files failed to download. They have been ignored, or old ones used instead.
E: Couldn't rebuild package cache

This test: https://www.ssllabs.com/ssltest/analyze.html?d=www.phusionpassenger.com shows that the following ciphers are the only accepted:


TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)                                                                                    ECDH secp256r1 (eq. 3072 bits RSA)   FS | 256
-- | --
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)                                                                                    ECDH secp256r1 (eq. 3072 bits RSA)   FS | 128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)                                                                                    ECDH secp256r1 (eq. 3072 bits RSA)   FS | 256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)                                                                                    ECDH secp256r1 (eq. 3072 bits RSA)   FS | 128

However, gnutls on Trusty cannot handle those. Here's the list of what it can handle

user@host:~$ gnutls-cli -l
Cipher suites:
TLS_ANON_DH_ARCFOUR_MD5                           	0x00, 0x18	SSL3.0
TLS_ANON_DH_3DES_EDE_CBC_SHA1                     	0x00, 0x1b	SSL3.0
TLS_ANON_DH_AES_128_CBC_SHA1                      	0x00, 0x34	SSL3.0
TLS_ANON_DH_AES_256_CBC_SHA1                      	0x00, 0x3a	SSL3.0
TLS_ANON_DH_CAMELLIA_128_CBC_SHA1                 	0x00, 0x46	TLS1.0
TLS_ANON_DH_CAMELLIA_256_CBC_SHA1                 	0x00, 0x89	TLS1.0
TLS_ANON_DH_AES_128_CBC_SHA256                    	0x00, 0x6c	TLS1.2
TLS_ANON_DH_AES_256_CBC_SHA256                    	0x00, 0x6d	TLS1.2
TLS_PSK_SHA_ARCFOUR_SHA1                          	0x00, 0x8a	TLS1.0
TLS_PSK_SHA_3DES_EDE_CBC_SHA1                     	0x00, 0x8b	TLS1.0
TLS_PSK_SHA_AES_128_CBC_SHA1                      	0x00, 0x8c	TLS1.0
TLS_PSK_SHA_AES_256_CBC_SHA1                      	0x00, 0x8d	TLS1.0
TLS_DHE_PSK_SHA_ARCFOUR_SHA1                      	0x00, 0x8e	TLS1.0
TLS_DHE_PSK_SHA_3DES_EDE_CBC_SHA1                 	0x00, 0x8f	TLS1.0
TLS_DHE_PSK_SHA_AES_128_CBC_SHA1                  	0x00, 0x90	TLS1.0
TLS_DHE_PSK_SHA_AES_256_CBC_SHA1                  	0x00, 0x91	TLS1.0
TLS_SRP_SHA_3DES_EDE_CBC_SHA1                     	0xc0, 0x1a	TLS1.0
TLS_SRP_SHA_AES_128_CBC_SHA1                      	0xc0, 0x1d	TLS1.0
TLS_SRP_SHA_AES_256_CBC_SHA1                      	0xc0, 0x20	TLS1.0
TLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1                 	0xc0, 0x1c	TLS1.0
TLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1                 	0xc0, 0x1b	TLS1.0
TLS_SRP_SHA_DSS_AES_128_CBC_SHA1                  	0xc0, 0x1f	TLS1.0
TLS_SRP_SHA_RSA_AES_128_CBC_SHA1                  	0xc0, 0x1e	TLS1.0
TLS_SRP_SHA_DSS_AES_256_CBC_SHA1                  	0xc0, 0x22	TLS1.0
TLS_SRP_SHA_RSA_AES_256_CBC_SHA1                  	0xc0, 0x21	TLS1.0
TLS_DHE_DSS_ARCFOUR_SHA1                          	0x00, 0x66	TLS1.0
TLS_DHE_DSS_3DES_EDE_CBC_SHA1                     	0x00, 0x13	SSL3.0
TLS_DHE_DSS_AES_128_CBC_SHA1                      	0x00, 0x32	SSL3.0
TLS_DHE_DSS_AES_256_CBC_SHA1                      	0x00, 0x38	SSL3.0
TLS_DHE_DSS_CAMELLIA_128_CBC_SHA1                 	0x00, 0x44	TLS1.0
TLS_DHE_DSS_CAMELLIA_256_CBC_SHA1                 	0x00, 0x87	TLS1.0
TLS_DHE_DSS_AES_128_CBC_SHA256                    	0x00, 0x40	TLS1.2
TLS_DHE_DSS_AES_256_CBC_SHA256                    	0x00, 0x6a	TLS1.2
TLS_DHE_RSA_3DES_EDE_CBC_SHA1                     	0x00, 0x16	SSL3.0
TLS_DHE_RSA_AES_128_CBC_SHA1                      	0x00, 0x33	SSL3.0
TLS_DHE_RSA_AES_256_CBC_SHA1                      	0x00, 0x39	SSL3.0
TLS_DHE_RSA_CAMELLIA_128_CBC_SHA1                 	0x00, 0x45	TLS1.0
TLS_DHE_RSA_CAMELLIA_256_CBC_SHA1                 	0x00, 0x88	TLS1.0
TLS_DHE_RSA_AES_128_CBC_SHA256                    	0x00, 0x67	TLS1.2
TLS_DHE_RSA_AES_256_CBC_SHA256                    	0x00, 0x6b	TLS1.2
TLS_RSA_NULL_MD5                                  	0x00, 0x01	SSL3.0
TLS_RSA_NULL_SHA1                                 	0x00, 0x02	SSL3.0
TLS_RSA_NULL_SHA256                               	0x00, 0x3b	TLS1.2
TLS_RSA_EXPORT_ARCFOUR_40_MD5                     	0x00, 0x03	SSL3.0
TLS_RSA_ARCFOUR_SHA1                              	0x00, 0x05	SSL3.0
TLS_RSA_ARCFOUR_MD5                               	0x00, 0x04	SSL3.0
TLS_RSA_3DES_EDE_CBC_SHA1                         	0x00, 0x0a	SSL3.0
TLS_RSA_AES_128_CBC_SHA1                          	0x00, 0x2f	SSL3.0
TLS_RSA_AES_256_CBC_SHA1                          	0x00, 0x35	SSL3.0
TLS_RSA_CAMELLIA_128_CBC_SHA1                     	0x00, 0x41	TLS1.0
TLS_RSA_CAMELLIA_256_CBC_SHA1                     	0x00, 0x84	TLS1.0
TLS_RSA_AES_128_CBC_SHA256                        	0x00, 0x3c	TLS1.2
TLS_RSA_AES_256_CBC_SHA256                        	0x00, 0x3d	TLS1.2
Certificate types: CTYPE-X.509, CTYPE-OPENPGP
Protocols: VERS-SSL3.0, VERS-TLS1.0, VERS-TLS1.1, VERS-TLS1.2
Ciphers: AES-256-CBC, AES-128-CBC, 3DES-CBC, DES-CBC, ARCFOUR-128, ARCFOUR-40, RC2-40, CAMELLIA-256-CBC, CAMELLIA-128-CBC, NULL
MACs: SHA1, MD5, SHA256, SHA384, SHA512, MD2, RIPEMD160, MAC-NULL
Key exchange algorithms: ANON-DH, RSA, RSA-EXPORT, DHE-RSA, DHE-DSS, SRP-DSS, SRP-RSA, SRP, PSK, DHE-PSK
Compression: COMP-DEFLATE, COMP-NULL
Public Key Systems: RSA, DSA
PK-signatures: SIGN-RSA-SHA1, SIGN-RSA-SHA224, SIGN-RSA-SHA256, SIGN-RSA-SHA384, SIGN-RSA-SHA512, SIGN-RSA-RMD160, SIGN-DSA-SHA1, SIGN-DSA-SHA224, SIGN-DSA-SHA256, SIGN-RSA-MD5, SIGN-RSA-MD2

Was a change made recently to this config? Can we add the "best" cipher that trusty supports back to the config?

@FooBarWidget

This comment has been minimized.

Copy link
Member

commented Apr 10, 2018

@scarhand Could this be caused by the server migration?

@scarhand

This comment has been minimized.

Copy link
Member

commented Apr 10, 2018

Yes, the ssl_ciphers were updated and support for TLS1.0 and TLS1.1 was dropped.

@FooBarWidget

This comment has been minimized.

Copy link
Member

commented Apr 10, 2018

We still support Ubuntu 14.04 Trusty. Can we lower the SSL settings such that Trusty can access the server?

@scarhand

This comment has been minimized.

Copy link
Member

commented Apr 10, 2018

I've updated the cipherlist. I verified that it works in a Ubuntu 14.04 docker container. Can you try again @blimmer?

@blimmer

This comment has been minimized.

Copy link
Author

commented Apr 11, 2018

Yep, this looks good now. Thank you!

gnutls-cli -V -p 443 www.phusionpassenger.com
Resolving 'www.phusionpassenger.com'...
Connecting to '167.99.102.244:443'...
- Ephemeral Diffie-Hellman parameters
 - Using prime: 4096 bits
 - Secret key: 4093 bits
 - Peer's public key: 4095 bits
- Certificate type: X.509
 - Got a certificate list of 2 certificates.
 - Certificate[0] info:
  - X.509 Certificate Information:
	Version: 3
	Serial Number (hex): 04ee9e16109a14c8758281298b35a41c7c7c
	Issuer: C=US,O=Let's Encrypt,CN=Let's Encrypt Authority X3
	Validity:
		Not Before: Mon Apr 09 12:57:20 UTC 2018
		Not After: Sun Jul 08 12:57:20 UTC 2018
	Subject: CN=www.phusionpassenger.com
	Subject Public Key Algorithm: RSA
	Certificate Security Level: Low
		Modulus (bits 2048):
			00:c5:b4:c5:7c:28:51:f4:a0:25:f0:3e:32:35:2f:2a
			a6:4b:63:f7:46:89:49:cf:42:df:d8:59:76:cb:78:e7
			9f:f1:b1:e1:0d:ce:ef:4a:e5:fb:a7:ed:3f:a9:a1:8c
			b2:22:1c:7b:c9:a7:4a:2c:50:24:47:56:38:f3:88:5c
			35:a6:75:e7:5e:83:d4:cd:b0:35:c3:70:83:d0:ce:bb
			ad:9d:20:d0:63:29:06:9d:c8:ef:19:ff:77:93:52:d9
			66:49:3b:0d:69:13:26:a6:95:69:2a:57:8f:5b:78:aa
			74:d3:2e:73:33:39:0b:c4:55:5a:1f:d7:20:a9:fa:8d
			54:b5:40:52:8c:45:08:2f:90:09:e6:ae:d3:7e:cf:19
			95:af:ca:af:8e:0c:80:e5:b0:da:1e:bc:ad:40:98:c3
			8a:c3:62:ac:f5:69:6d:bc:a1:41:7a:10:4c:df:0b:97
			8d:a8:ef:78:11:93:06:01:26:cf:50:45:c4:c3:4c:95
			f6:48:bd:bc:67:93:e4:00:52:d7:f0:1c:99:4b:6f:0e
			d2:bb:e8:10:0d:10:43:c4:85:20:39:49:3f:3e:d9:b1
			37:e3:54:61:74:6b:de:21:fe:31:4b:65:7a:81:55:95
			05:77:5d:1b:01:40:46:a4:3a:2f:f9:67:b6:68:f8:3e
			c7
		Exponent (bits 24):
			01:00:01
	Extensions:
		Key Usage (critical):
			Digital signature.
			Key encipherment.
		Key Purpose (not critical):
			TLS WWW Server.
			TLS WWW Client.
		Basic Constraints (critical):
			Certificate Authority (CA): FALSE
		Subject Key Identifier (not critical):
			6f51b06dd42080293af6f671fc55402c24d74bb1
		Authority Key Identifier (not critical):
			a84a6a63047dddbae6d139b7a64565eff3a8eca1
		Unknown extension 1.3.6.1.5.5.7.1.1 (not critical):
			ASCII: 0a0...+.....0.."http://ocsp.int-x3.letsencrypt.org0/..+.....0..#http://cert.int-x3.letsencrypt.org/
			Hexdump: 3061302e06082b060105050730018622687474703a2f2f6f6373702e696e742d78332e6c657473656e63727970742e6f7267302f06082b060105050730028623687474703a2f2f636572742e696e742d78332e6c657473656e63727970742e6f72672f
		Subject Alternative Name (not critical):
			DNSname: www.phusionpassenger.com
		Unknown extension 2.5.29.32 (not critical):
			ASCII: 0..0...g.....0....+..........0..0&..+.........http://cps.letsencrypt.org0....+.......0.....This Certificate may only be relied upon by Relying Parties and only in accordance with the Certificate Policy found at https://letsencrypt.org/repository/
			Hexdump: 3081f33008060667810c0102013081e6060b2b0601040182df130101013081d6302606082b06010505070201161a687474703a2f2f6370732e6c657473656e63727970742e6f72673081ab06082b0601050507020230819e0c819b54686973204365727469666963617465206d6179206f6e6c792062652072656c6965642075706f6e2062792052656c79696e67205061727469657320616e64206f6e6c7920696e206163636f7264616e636520776974682074686520436572746966696361746520506f6c69637920666f756e642061742068747470733a2f2f6c657473656e63727970742e6f72672f7265706f7369746f72792f
		Unknown extension 1.3.6.1.4.1.11129.2.4.2 (not critical):
			ASCII: ......u.U.....6.J...W<S...8xp%../..........b..c......F0D. ].#J.+...N .......@Y"X........T.. >[...`....A......(/c.:........X..v.)<Q.T.9e..P.X...o.Xz)r......EG.x...b..c......G0E.!........N....b...\....m..>...m.a.. ......5.|...Q...Zh`.'.)..w.....n
			Hexdump: 0481f100ef0075005581d4c2169036014aea0b9b573c53f0c0e43878702508172fa3aa1d0713d30c00000162aab263f9000004030046304402205d96234aa72ba1b99b4e200e14b9a1d0c0c74059225887831087dfdec4e354df02203e5b81e91760dccbf98b41a11d09f58ff9282f631c3a8d0d96ceac09991e5812007600293c519654c83965baaa50fc5807d4b76fbf587a2972dca4c30cf4e54547f47800000162aab263ee00000403004730450221009b12faf4d9edde4eeecedcd6621febfc5ceed0eea56dff0c3edfd2006de261c402202eeac9e091da35b57c97feb851d9ed885a6860ea279029a9d277d2e1929d846e
	Signature Algorithm: RSA-SHA256
	Signature:
		2d:b7:13:88:16:e7:d8:3d:e4:82:77:00:a1:5f:1d:59
		1c:ea:48:3c:43:b2:f0:cd:59:5e:ac:9c:1f:47:80:03
		b7:cd:a2:a4:77:01:82:2f:21:a4:28:09:2a:51:48:74
		38:49:8a:58:07:7a:a1:3c:6c:5c:d2:c5:36:97:12:a3
		7c:31:69:f8:b3:bb:a0:55:f4:62:cd:45:58:fd:a6:2e
		38:4f:4c:70:40:71:a7:6e:5d:e9:8f:7c:40:66:a0:9b
		7a:eb:97:e6:ec:1e:0f:87:be:a3:dd:14:ee:c2:00:bf
		84:d2:bb:02:e1:55:72:d3:c5:c9:a0:a5:75:00:73:0e
		43:0d:fb:41:3d:17:72:bd:f3:e5:a5:ce:45:26:10:5c
		6a:56:63:7b:0f:6a:a6:90:29:94:b4:70:1e:0e:d7:8c
		ea:bc:ce:1b:08:7a:d0:6e:da:bd:15:18:11:24:4b:fa
		c6:4f:09:1b:a3:5b:80:76:71:92:28:7e:a2:20:5f:d2
		b7:16:4b:51:58:23:57:fc:e5:c0:ea:0e:76:9c:e7:3f
		7d:7b:58:28:16:9e:ff:9c:80:b1:cc:ed:5e:e5:e2:5b
		8f:cb:c5:23:81:f8:90:9c:78:2e:55:3d:79:07:95:0a
		f2:31:a3:36:a0:2b:79:83:a8:4b:d6:b1:5a:36:b2:1c
Other Information:
	MD5 fingerprint:
		672c77d5cf74fdcb6925bf5e45afba2f
	SHA-1 fingerprint:
		326aa78c2cb0149846986dfb693e0d9a81fb70ba
	Public Key Id:
		6f51b06dd42080293af6f671fc55402c24d74bb1

 - Certificate[1] info:
  - X.509 Certificate Information:
	Version: 3
	Serial Number (hex): 0a0141420000015385736a0b85eca708
	Issuer: O=Digital Signature Trust Co.,CN=DST Root CA X3
	Validity:
		Not Before: Thu Mar 17 16:40:46 UTC 2016
		Not After: Wed Mar 17 16:40:46 UTC 2021
	Subject: C=US,O=Let's Encrypt,CN=Let's Encrypt Authority X3
	Subject Public Key Algorithm: RSA
	Certificate Security Level: Low
		Modulus (bits 2048):
			00:9c:d3:0c:f0:5a:e5:2e:47:b7:72:5d:37:83:b3:68
			63:30:ea:d7:35:26:19:25:e1:bd:be:35:f1:70:92:2f
			b7:b8:4b:41:05:ab:a9:9e:35:08:58:ec:b1:2a:c4:68
			87:0b:a3:e3:75:e4:e6:f3:a7:62:71:ba:79:81:60:1f
			d7:91:9a:9f:f3:d0:78:67:71:c8:69:0e:95:91:cf:fe
			e6:99:e9:60:3c:48:cc:7e:ca:4d:77:12:24:9d:47:1b
			5a:eb:b9:ec:1e:37:00:1c:9c:ac:7b:a7:05:ea:ce:4a
			eb:bd:41:e5:36:98:b9:cb:fd:6d:3c:96:68:df:23:2a
			42:90:0c:86:74:67:c8:7f:a5:9a:b8:52:61:14:13:3f
			65:e9:82:87:cb:db:fa:0e:56:f6:86:89:f3:85:3f:97
			86:af:b0:dc:1a:ef:6b:0d:95:16:7d:c4:2b:a0:65:b2
			99:04:36:75:80:6b:ac:4a:f3:1b:90:49:78:2f:a2:96
			4f:2a:20:25:29:04:c6:74:c0:d0:31:cd:8f:31:38:95
			16:ba:a8:33:b8:43:f1:b1:1f:c3:30:7f:a2:79:31:13
			3d:2d:36:f8:e3:fc:f2:33:6a:b9:39:31:c5:af:c4:8d
			0d:1d:64:16:33:aa:fa:84:29:b6:d4:0b:c0:d8:7d:c3
			93
		Exponent (bits 24):
			01:00:01
	Extensions:
		Basic Constraints (critical):
			Certificate Authority (CA): TRUE
			Path Length Constraint: 0
		Key Usage (critical):
			Digital signature.
			Certificate signing.
			CRL signing.
		Unknown extension 1.3.6.1.5.5.7.1.1 (not critical):
			ASCII: 0q02..+.....0..&http://isrg.trustid.ocsp.identrust.com0;..+.....0../http://apps.identrust.com/roots/dstrootcax3.p7c
			Hexdump: 3071303206082b060105050730018626687474703a2f2f697372672e747275737469642e6f6373702e6964656e74727573742e636f6d303b06082b06010505073002862f687474703a2f2f617070732e6964656e74727573742e636f6d2f726f6f74732f647374726f6f74636178332e703763
		Authority Key Identifier (not critical):
			c4a7b1a47b2c71fadbe14b9075ffc41560858910
		Unknown extension 2.5.29.32 (not critical):
			ASCII: 0K0...g.....0?..+..........000...+........"http://cps.root-x1.letsencrypt.org
			Hexdump: 304b3008060667810c010201303f060b2b0601040182df130101013030302e06082b060105050702011622687474703a2f2f6370732e726f6f742d78312e6c657473656e63727970742e6f7267
		CRL Distribution points (not critical):
			URI: http://crl.identrust.com/DSTROOTCAX3CRL.crl
		Subject Key Identifier (not critical):
			a84a6a63047dddbae6d139b7a64565eff3a8eca1
	Signature Algorithm: RSA-SHA256
	Signature:
		dd:33:d7:11:f3:63:58:38:dd:18:15:fb:09:55:be:76
		56:b9:70:48:a5:69:47:27:7b:c2:24:08:92:f1:5a:1f
		4a:12:29:37:24:74:51:1c:62:68:b8:cd:95:70:67:e5
		f7:a4:bc:4e:28:51:cd:9b:e8:ae:87:9d:ea:d8:ba:5a
		a1:01:9a:dc:f0:dd:6a:1d:6a:d8:3e:57:23:9e:a6:1e
		04:62:9a:ff:d7:05:ca:b7:1f:3f:c0:0a:48:bc:94:b0
		b6:65:62:e0:c1:54:e5:a3:2a:ad:20:c4:e9:e6:bb:dc
		c8:f6:b5:c3:32:a3:98:cc:77:a8:e6:79:65:07:2b:cb
		28:fe:3a:16:52:81:ce:52:0c:2e:5f:83:e8:d5:06:33
		fb:77:6c:ce:40:ea:32:9e:1f:92:5c:41:c1:74:6c:5b
		5d:0a:5f:33:cc:4d:9f:ac:38:f0:2f:7b:2c:62:9d:d9
		a3:91:6f:25:1b:2f:90:b1:19:46:3d:f6:7e:1b:a6:7a
		87:b9:a3:7a:6d:18:fa:25:a5:91:87:15:e0:f2:16:2f
		58:b0:06:2f:2c:68:26:c6:4b:98:cd:da:9f:0c:f9:7f
		90:ed:43:4a:12:44:4e:6f:73:7a:28:ea:a4:aa:6e:7b
		4c:7d:87:dd:e0:c9:02:44:a7:87:af:c3:34:5b:b4:42
Other Information:
	MD5 fingerprint:
		b15409274f54ad8f023d3b85a5ecec5d
	SHA-1 fingerprint:
		e6a3b45b062d509b3382282d196efe97d5956ccb
	Public Key Id:
		a84a6a63047dddbae6d139b7a64565eff3a8eca1

- The hostname in the certificate matches 'www.phusionpassenger.com'.
- Peer's certificate issuer is unknown
- Peer's certificate is NOT trusted
- Version: TLS1.2
- Key Exchange: DHE-RSA
- Cipher: AES-256-CBC
- MAC: SHA256
- Compression: NULL
- Session ID: D8:00:24:D2:BC:5F:64:22:60:D8:91:DA:C2:CA:73:1D:F2:2B:B1:DC:13:A5:20:3A:1B:43:3D:56:16:99:06:F2
- Channel binding 'tls-unique': 86cdf9d85f81c36dc56dcef3
- Handshake was completed

- Simple Client Mode:

@blimmer blimmer closed this Apr 11, 2018

@CamJN CamJN removed the SupportCentral label Apr 13, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.