<div dir="ltr">Hello!<div><br></div><div>Recently after upgrading to newer openssl our server started to suggest ECC cipher suites.</div><div>Most of clients work fine, but there is at least one which does not — WebDAV client in OmniPlan application under MacOS 10.9.</div>
<div><br></div><div>This application makes three connections to check connectivity. First two of them fail with "error: bad record mac" or sometimes badarg in erlang:size([22,3,1,0,158,1,0,0,154,3,1,83,74|...]) at tls_record.erl:122.</div>
<div>Third connection always fail with {case_clause,{4}} in ssl_v3:mac_hash because it is negotiated as SSLv3 with SHA256 hash which is not described in RFC and thus not supported in Erlang.</div><div><br></div><div>I tried to examine SSL code to understand how that could be true (didn't succeed so far), tried to replay third connection client_hello (server replies with very different server_hello), finally I've written a tool to dump traffic.</div>
<div><br></div><div>So, using <a href="https://github.com/stolen/ssldump">https://github.com/stolen/ssldump</a> I've collected this log showing the three connections from weird client to simple SSL server (listen — transport_accept — ssl_accept — die) leading to erroneous negotiation: <a href="http://pastebin.com/Ym7na7mi">http://pastebin.com/Ym7na7mi</a></div>
<div><br></div><div><br></div><div>Currently I've found workaround — disabling ECC cipher suites with hashes other than MD5 and SHA, but I think it may be possible to behave better allowing even this client to work.</div>
<div><br></div><div>So, there are two bugs:</div><div> * Somewhere packet is received as list instead of binary leading to badarg in erlang:size</div><div> * At some conditions it is possible to negotiate SSLv3 with SHA256 and then crash server worker at encoding message.</div>
<div><br></div><div>Also maybe "bad record mac" is a bug too.</div><div><div><br></div>-- <br><div dir="ltr"><div><font face="'courier new', monospace">Danil Zagoskin | <a href="mailto:z@gosk.in" target="_blank">z@gosk.in</a></font></div>
</div></div></div>