As a pentester, I regularly test the configuration of SSL servers. For
this purpose I use my customized OpenSSL
fork which contains a lot
more ciphers than the official version, and wrapper
scripts (easier
than remembering command line options).
Last month I ran into an issue with servers behind a SSL terminator
from a well-known network equipment supplier. As soon as the SSL
Client Hello offered 128 or more ciphers to the server and the tls1_2
protocol was specified, the handshake was aborted with the following
error message
9304:error:14094417:SSL routines:ssl3_read_bytes:sslv3 alert illegal parameter:s3_pkt.c:1481:SSL alert number 47 9304:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure:s3_pkt.c:636:
The supplier hadn't heard of this bug yet - I suspect that not that many browsers or generic SSL clients offer 128 or more ciphers. A bugreport has been filed.
To facilitate the testing of SSL/TLS handshakes I created a script, which can be found at GitHub. Currently 3 handshake bugs are identified.
Of course you can test for this bug using a version of OpenSSL with enough (128 or more) ciphers, and the command
openssl s_client -connect host:port -tls1_2
Comments
comments powered by Disqus