[erlang-questions] Errors in SSL handshake (weird client)

Danil Zagoskin <>
Sun Apr 13 23:27:07 CEST 2014


Hello!

Recently after upgrading to newer openssl our server started to suggest ECC
cipher suites.
Most of clients work fine, but there is at least one which does not —
WebDAV client in OmniPlan application under MacOS 10.9.

This application makes three connections to check connectivity. First two
of them fail with "error: bad record mac" or sometimes badarg in
erlang:size([22,3,1,0,158,1,0,0,154,3,1,83,74|...]) at tls_record.erl:122.
Third connection always fail with {case_clause,{4}} in ssl_v3:mac_hash
because it is negotiated as SSLv3 with SHA256 hash which is not described
in RFC and thus not supported in Erlang.

I tried to examine SSL code to understand how that could be true (didn't
succeed so far), tried to replay third connection client_hello (server
replies with very different server_hello), finally I've written a tool to
dump traffic.

So, using https://github.com/stolen/ssldump I've collected this log showing
the three connections from weird client to simple SSL server (listen —
transport_accept — ssl_accept — die) leading to erroneous negotiation:
http://pastebin.com/Ym7na7mi


Currently I've found workaround — disabling ECC cipher suites with hashes
other than MD5 and SHA, but I think it may be possible to behave better
allowing even this client to work.

So, there are two bugs:
  * Somewhere packet is received as list instead of binary leading to
badarg in erlang:size
  * At some conditions it is possible to negotiate SSLv3 with SHA256 and
then crash server worker at encoding message.

Also maybe "bad record mac" is a bug too.

-- 
Danil Zagoskin | 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20140414/8178777d/attachment.html>


More information about the erlang-questions mailing list