[erlang-questions] Errors in SSL handshake (weird client)

Danil Zagoskin z@REDACTED
Sun Apr 13 23:27:07 CEST 2014


Recently after upgrading to newer openssl our server started to suggest ECC
cipher suites.
Most of clients work fine, but there is at least one which does not —
WebDAV client in OmniPlan application under MacOS 10.9.

This application makes three connections to check connectivity. First two
of them fail with "error: bad record mac" or sometimes badarg in
erlang:size([22,3,1,0,158,1,0,0,154,3,1,83,74|...]) at tls_record.erl:122.
Third connection always fail with {case_clause,{4}} in ssl_v3:mac_hash
because it is negotiated as SSLv3 with SHA256 hash which is not described
in RFC and thus not supported in Erlang.

I tried to examine SSL code to understand how that could be true (didn't
succeed so far), tried to replay third connection client_hello (server
replies with very different server_hello), finally I've written a tool to
dump traffic.

So, using https://github.com/stolen/ssldump I've collected this log showing
the three connections from weird client to simple SSL server (listen —
transport_accept — ssl_accept — die) leading to erroneous negotiation:

Currently I've found workaround — disabling ECC cipher suites with hashes
other than MD5 and SHA, but I think it may be possible to behave better
allowing even this client to work.

So, there are two bugs:
  * Somewhere packet is received as list instead of binary leading to
badarg in erlang:size
  * At some conditions it is possible to negotiate SSLv3 with SHA256 and
then crash server worker at encoding message.

Also maybe "bad record mac" is a bug too.

Danil Zagoskin | z@REDACTED
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20140414/8178777d/attachment.htm>

More information about the erlang-questions mailing list