Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SSL Handshake Aborted #963

Closed
storrgie opened this issue Feb 21, 2017 · 5 comments

Comments

@storrgie
Copy link

commented Feb 21, 2017

I've seen this issue on two users so far (out of many split across Android and IOS). Both afflicted users are on Android 7.0.0, where as many other users are on pre 7.0.0 and post 7.0.0. I hope I'm not reaching at straws by placing emphasis on the Android version, however at the end of this post you'll see the error... which seems to be within the Android ssl subsystem.

We're running a homeserver that is behind nginx with certificates issued from letsencrypt. The deployment is documented here. I assume this issue could be caused by my own nginx configuration, which I'll excerpt here:

vim /etc/nginx/sites-available/matrix.domain.name.conf  
---
server {  
    listen 80;
    listen 443 ssl;
    server_name  matrix.domain.name;

    access_log /var/log/nginx/matrix.domain.name.access.log;
    error_log /var/log/nginx/matrix.domain.name.error.log;

    #ssl_certificate     /etc/letsencrypt/live/matrix.domain.name/fullchain.pem;
    #ssl_certificate_key /etc/letsencrypt/live/matrix.domain.name/privkey.pem;

    ssl_protocols TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
    ssl_ecdh_curve secp384r1;
    ssl_session_cache shared:SSL:10m;
    ssl_session_tickets off;
    ssl_stapling on;
    ssl_stapling_verify on;
    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
    add_header X-Frame-Options DENY;
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header Public-Key-Pins 'pin-sha256="YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg="; pin-sha256="sRHdihwgkaib1P1gxX8HFszlD+7/gTfNvuAybgLPNis="; max-age=5184000; includeSubDomains';
    add_header Content-Security-Policy "default-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'";

    resolver 8.8.8.8;

    location '/.well-known/acme-challenge' {
        root /srv/http/letsencrypt;
        default_type "text/plain";
        try_files $uri =404;
    }

    location '/_matrix' {
        proxy_set_header    Host $host;
        proxy_set_header    X-Real-IP $remote_addr;
        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header    X-Forwarded-Proto $scheme;
        proxy_redirect      off;
        proxy_pass http://127.0.0.1:8008;
    }
}

All our users, except the two on Android 7.0.0 are able to use our instance, however the two afflicted see this error:

Unable to login : SSL handshake aborted: ssl=0x7fce7f840: I/O error during system call, Connection reset by peer

@ylecollen ylecollen added bug P2 labels Feb 21, 2017

@ylecollen

This comment has been minimized.

Copy link
Contributor

commented Feb 21, 2017

it might a TLSv1.2 support issue.
Could you with TLSv1.0 ?

@storrgie

This comment has been minimized.

Copy link
Author

commented Feb 21, 2017

It doesn't appear to resolve the issue.

We modified to this:

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
    ssl_ecdh_curve secp384r1;
    ssl_session_cache shared:SSL:10m;
    ssl_session_tickets off;
    ssl_stapling on;
    ssl_stapling_verify on;
    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
    add_header X-Frame-Options DENY;
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header Public-Key-Pins 'pin-sha256="YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg="; pin-sha256="sRHdihwgkaib1P1gxX8HFszlD+7/gTfNvuAybgLPNis="; max-age=5184000; includeSubDomains';
    add_header Content-Security-Policy "default-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'";

Their clients still appear to be afflicted, where the other Android / IOS clients are still connected fine. Could it be related to ciphers? I've got both users attention for the day so I can modify the parameter set and test if you've got suggestions.

@storrgie

This comment has been minimized.

Copy link
Author

commented Feb 21, 2017

Also, need to modify my above statement (edited above), the handshake error occurs when they type in the url to the custom homeserver. Before I stated that it occurred when they initiated login, but that was incorrect.

@storrgie

This comment has been minimized.

Copy link
Author

commented Feb 21, 2017

@ylecollen one of the users found this which looks like the issue we're seeing. We're forcing secp384r1 above, which might be the issue. This very well could mean that this shouldn't be a bug registered against this project.

@storrgie

This comment has been minimized.

Copy link
Author

commented Feb 21, 2017

After evaluation, I'm going to close this because it's not a bug for riot to even consider. Hopefully others can find this line of reasoning if they encounter the same errors:

  • Android 7.0.0 has known botched implementation of EC Crypto which was resolved in 7.1.1
  • This necessitates dropping back to an EC implementation of NIST's prime256v1, which at the time of this bug I was able to test and find out that this did resolve the issue.
  • prime256v1 is not considered safe
  • the best advice here is to tell users to update, or buy phones from manufactures who actually care to keep their installs up to date.

I'm not planning to change my deployment to use "worse" crypto just to support phones that are already lagging months (almost years) behind the upstream baseline.

@storrgie storrgie closed this Feb 21, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.