SSL/TLS handshake issue

Post Reply
jkent
Posts: 6
Joined: Sun Jun 28, 2015 11:30 am

SSL/TLS handshake issue

Postby jkent » Sun Jun 28, 2015 12:14 pm

I've been working on a project and cannot seem to get SSL/TLS to work with a particular server: jkent.net:6697

[Edit: I'm using the latest SDK, 1.1.2]

Code: Select all

client handshake start.
client handshake failed


Connecting to my https server, jkent.net:443, works fine.

As suggested elsewhere, I'm using:

Code: Select all

espconn_secure_set_size(ESPCONN_CLIENT, 5120);


Help with diagnosing this issue is appreciated.
Top
ESP_Faye
Posts: 1646
Joined: Mon Oct 27, 2014 11:08 am

Re: SSL/TLS handshake issue

Postby ESP_Faye » Mon Jun 29, 2015 1:36 pm

Hi,

What's the different between "jkent.net:6697" and "jkent.net:443" ?
Top
jkent
Posts: 6
Joined: Sun Jun 28, 2015 11:30 am

Re: SSL/TLS handshake issue

Postby jkent » Tue Jun 30, 2015 12:16 am

jkent.net:443 is an Apache HTTP server with a 2048 bit certificate signed by a certificate authority. jkent.net:6697 is an IRC server running UnrealIRCd using a 1024 bit self-signed certificate. Also the accepted ciphers are different, as shown below in the sslscan output:

Code: Select all

jkent@quark:~/sslscan$ ./sslscan jkent.net:443
Version: 1.10.4-rbsec-static
OpenSSL 1.0.2d-dev xx XXX xxxx

Testing SSL server jkent.net on port 443

  TLS renegotiation:
Secure session renegotiation supported

  TLS Compression:
Compression disabled

  Heartbleed:
TLS 1.0 not vulnerable to heartbleed
TLS 1.1 not vulnerable to heartbleed
TLS 1.2 not vulnerable to heartbleed

  Supported Server Cipher(s):
Accepted  TLSv1.0  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
Accepted  TLSv1.0  256 bits  DHE-RSA-AES256-SHA            DHE 1024 bits
Accepted  TLSv1.0  256 bits  DHE-RSA-CAMELLIA256-SHA       DHE 1024 bits
Accepted  TLSv1.0  256 bits  AES256-SHA                   
Accepted  TLSv1.0  256 bits  CAMELLIA256-SHA             
Accepted  TLSv1.0  128 bits  ECDHE-RSA-AES128-SHA          Curve P-256 DHE 256
Accepted  TLSv1.0  128 bits  DHE-RSA-AES128-SHA            DHE 1024 bits
Accepted  TLSv1.0  128 bits  DHE-RSA-CAMELLIA128-SHA       DHE 1024 bits
Accepted  TLSv1.0  128 bits  AES128-SHA                   
Accepted  TLSv1.0  128 bits  CAMELLIA128-SHA             
Accepted  TLSv1.0  112 bits  ECDHE-RSA-DES-CBC3-SHA        Curve P-256 DHE 256
Accepted  TLSv1.0  112 bits  EDH-RSA-DES-CBC3-SHA          DHE 1024 bits
Accepted  TLSv1.0  112 bits  DES-CBC3-SHA                 
Accepted  TLSv1.1  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
Accepted  TLSv1.1  256 bits  DHE-RSA-AES256-SHA            DHE 1024 bits
Accepted  TLSv1.1  256 bits  DHE-RSA-CAMELLIA256-SHA       DHE 1024 bits
Accepted  TLSv1.1  256 bits  AES256-SHA                   
Accepted  TLSv1.1  256 bits  CAMELLIA256-SHA             
Accepted  TLSv1.1  128 bits  ECDHE-RSA-AES128-SHA          Curve P-256 DHE 256
Accepted  TLSv1.1  128 bits  DHE-RSA-AES128-SHA            DHE 1024 bits
Accepted  TLSv1.1  128 bits  DHE-RSA-CAMELLIA128-SHA       DHE 1024 bits
Accepted  TLSv1.1  128 bits  AES128-SHA                   
Accepted  TLSv1.1  128 bits  CAMELLIA128-SHA             
Accepted  TLSv1.1  112 bits  ECDHE-RSA-DES-CBC3-SHA        Curve P-256 DHE 256
Accepted  TLSv1.1  112 bits  EDH-RSA-DES-CBC3-SHA          DHE 1024 bits
Accepted  TLSv1.1  112 bits  DES-CBC3-SHA                 
Accepted  TLSv1.2  256 bits  ECDHE-RSA-AES256-GCM-SHA384   Curve P-256 DHE 256
Accepted  TLSv1.2  256 bits  ECDHE-RSA-AES256-SHA384       Curve P-256 DHE 256
Accepted  TLSv1.2  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
Accepted  TLSv1.2  256 bits  DHE-RSA-AES256-GCM-SHA384     DHE 1024 bits
Accepted  TLSv1.2  256 bits  DHE-RSA-AES256-SHA256         DHE 1024 bits
Accepted  TLSv1.2  256 bits  DHE-RSA-AES256-SHA            DHE 1024 bits
Accepted  TLSv1.2  256 bits  DHE-RSA-CAMELLIA256-SHA       DHE 1024 bits
Accepted  TLSv1.2  256 bits  AES256-GCM-SHA384           
Accepted  TLSv1.2  256 bits  AES256-SHA256               
Accepted  TLSv1.2  256 bits  AES256-SHA                   
Accepted  TLSv1.2  256 bits  CAMELLIA256-SHA             
Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-GCM-SHA256   Curve P-256 DHE 256
Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-SHA256       Curve P-256 DHE 256
Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-SHA          Curve P-256 DHE 256
Accepted  TLSv1.2  128 bits  DHE-RSA-AES128-GCM-SHA256     DHE 1024 bits
Accepted  TLSv1.2  128 bits  DHE-RSA-AES128-SHA256         DHE 1024 bits
Accepted  TLSv1.2  128 bits  DHE-RSA-AES128-SHA            DHE 1024 bits
Accepted  TLSv1.2  128 bits  DHE-RSA-CAMELLIA128-SHA       DHE 1024 bits
Accepted  TLSv1.2  128 bits  AES128-GCM-SHA256           
Accepted  TLSv1.2  128 bits  AES128-SHA256               
Accepted  TLSv1.2  128 bits  AES128-SHA                   
Accepted  TLSv1.2  128 bits  CAMELLIA128-SHA             
Accepted  TLSv1.2  112 bits  ECDHE-RSA-DES-CBC3-SHA        Curve P-256 DHE 256
Accepted  TLSv1.2  112 bits  EDH-RSA-DES-CBC3-SHA          DHE 1024 bits
Accepted  TLSv1.2  112 bits  DES-CBC3-SHA                 

  Preferred Server Cipher(s):
TLSv1.0  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
TLSv1.1  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
TLSv1.2  256 bits  ECDHE-RSA-AES256-GCM-SHA384   Curve P-256 DHE 256

  SSL Certificate:
Signature Algorithm: sha256WithRSAEncryption
RSA Key Strength:    2048

Subject:  www.jkent.net
Altnames: DNS:www.jkent.net, DNS:jkent.net
Issuer:   StartCom Class 1 Primary Intermediate Server CA


Code: Select all

jkent@quark:~/sslscan$ ./sslscan jkent.net:6697
Version: 1.10.4-rbsec-static
OpenSSL 1.0.2d-dev xx XXX xxxx

Testing SSL server jkent.net on port 6697

  TLS renegotiation:
Secure session renegotiation supported

  TLS Compression:
Compression disabled

  Heartbleed:
TLS 1.0 not vulnerable to heartbleed
TLS 1.1 not vulnerable to heartbleed
TLS 1.2 not vulnerable to heartbleed

  Supported Server Cipher(s):
Accepted  SSLv3    256 bits  AES256-SHA                   
Accepted  SSLv3    256 bits  CAMELLIA256-SHA             
Accepted  SSLv3    128 bits  AES128-SHA                   
Accepted  SSLv3    128 bits  SEED-SHA                     
Accepted  SSLv3    128 bits  CAMELLIA128-SHA             
Accepted  SSLv3    128 bits  RC4-SHA                     
Accepted  SSLv3    128 bits  RC4-MD5                     
Accepted  SSLv3    112 bits  DES-CBC3-SHA                 
Accepted  SSLv3    56 bits   DES-CBC-SHA                 
Accepted  TLSv1.0  256 bits  AES256-SHA                   
Accepted  TLSv1.0  256 bits  CAMELLIA256-SHA             
Accepted  TLSv1.0  128 bits  AES128-SHA                   
Accepted  TLSv1.0  128 bits  SEED-SHA                     
Accepted  TLSv1.0  128 bits  CAMELLIA128-SHA             
Accepted  TLSv1.0  128 bits  RC4-SHA                     
Accepted  TLSv1.0  128 bits  RC4-MD5                     
Accepted  TLSv1.0  112 bits  DES-CBC3-SHA                 
Accepted  TLSv1.0  56 bits   DES-CBC-SHA                 
Accepted  TLSv1.1  256 bits  AES256-SHA                   
Accepted  TLSv1.1  256 bits  CAMELLIA256-SHA             
Accepted  TLSv1.1  128 bits  AES128-SHA                   
Accepted  TLSv1.1  128 bits  SEED-SHA                     
Accepted  TLSv1.1  128 bits  CAMELLIA128-SHA             
Accepted  TLSv1.1  128 bits  RC4-SHA                     
Accepted  TLSv1.1  128 bits  RC4-MD5                     
Accepted  TLSv1.1  112 bits  DES-CBC3-SHA                 
Accepted  TLSv1.1  56 bits   DES-CBC-SHA                 
Accepted  TLSv1.2  256 bits  AES256-GCM-SHA384           
Accepted  TLSv1.2  256 bits  AES256-SHA256               
Accepted  TLSv1.2  256 bits  AES256-SHA                   
Accepted  TLSv1.2  256 bits  CAMELLIA256-SHA             
Accepted  TLSv1.2  128 bits  AES128-GCM-SHA256           
Accepted  TLSv1.2  128 bits  AES128-SHA256               
Accepted  TLSv1.2  128 bits  AES128-SHA                   
Accepted  TLSv1.2  128 bits  SEED-SHA                     
Accepted  TLSv1.2  128 bits  CAMELLIA128-SHA             
Accepted  TLSv1.2  128 bits  RC4-SHA                     
Accepted  TLSv1.2  128 bits  RC4-MD5                     
Accepted  TLSv1.2  112 bits  DES-CBC3-SHA                 
Accepted  TLSv1.2  56 bits   DES-CBC-SHA                 

  Preferred Server Cipher(s):
SSLv3    256 bits  AES256-SHA                   
TLSv1.0  256 bits  AES256-SHA                   
TLSv1.1  256 bits  AES256-SHA                   
TLSv1.2  256 bits  AES256-GCM-SHA384           

  SSL Certificate:
Signature Algorithm: sha1WithRSAEncryption
RSA Key Strength:    1024

Subject:  irc.jkent.net
Issuer:   irc.jkent.net
Top
ESP_Faye
Posts: 1646
Joined: Mon Oct 27, 2014 11:08 am

Re: SSL/TLS handshake issue

Postby ESP_Faye » Tue Jun 30, 2015 9:56 am

Hi,

Please refer to documentation “ESP8266__SDK__SSL_User_Manual” in \esp_iot_sdk_v1.1.2\document\SSL ,chapter “3 ESP8266 as SSL client”

Generate “esp_ca_cert.bin” with your CA of "jkent.net:6697", and download “esp_ca_cert.bin” into flash.

Could it help solve your problem ?
Top
jkent
Posts: 6
Joined: Sun Jun 28, 2015 11:30 am

Re: SSL/TLS handshake issue

Postby jkent » Tue Jun 30, 2015 10:42 am

Thanks for getting back with me Faye,

I tried as suggested, and I got the same result. I would not expect enabling CA verification would help if it does not work with it disabled.

In the meantime, I will get a certificate signed by my CA, and report back.
Top
rith87

Re: SSL/TLS handshake issue

Postby rith87 » Tue Jun 30, 2015 10:52 am

I got the same handshake error when connecting to https://my.flair.zone/api/help. And as I explained in this thread (http://bbs.espressif.com/viewtopic.php?f=7&t=602), I don't think the CA verification will work because the handshake occurs before CA verification. Faye, is there any way to get one of the Espressif engineers to reproduce the issue and take a quick look? It should be really easy for them given that they have access to the source code.
Top
jkent
Posts: 6
Joined: Sun Jun 28, 2015 11:30 am

Re: SSL/TLS handshake issue

Postby jkent » Tue Jun 30, 2015 12:17 pm

I got a certificate from my CA installed, and I'm still getting the same handshake issue.

Output of sslscan with the new certificate below.

Code: Select all

jkent@quark:~/Projects/sslscan$ ./sslscan jkent.net:6697
Version: 1.10.4-rbsec-wip-static
OpenSSL 1.0.2d-dev xx XXX xxxx

Testing SSL server jkent.net on port 6697

  TLS renegotiation:
Secure session renegotiation supported

  TLS Compression:
Compression disabled

  Heartbleed:
TLS 1.0 not vulnerable to heartbleed
TLS 1.1 not vulnerable to heartbleed
TLS 1.2 not vulnerable to heartbleed

  Supported Server Cipher(s):
Accepted  SSLv3    256 bits  AES256-SHA                   
Accepted  SSLv3    256 bits  CAMELLIA256-SHA             
Accepted  SSLv3    128 bits  AES128-SHA                   
Accepted  SSLv3    128 bits  SEED-SHA                     
Accepted  SSLv3    128 bits  CAMELLIA128-SHA             
Accepted  SSLv3    128 bits  RC4-SHA                     
Accepted  SSLv3    128 bits  RC4-MD5                     
Accepted  SSLv3    112 bits  DES-CBC3-SHA                 
Accepted  SSLv3    56 bits   DES-CBC-SHA                 
Accepted  TLSv1.0  256 bits  AES256-SHA                   
Accepted  TLSv1.0  256 bits  CAMELLIA256-SHA             
Accepted  TLSv1.0  128 bits  AES128-SHA                   
Accepted  TLSv1.0  128 bits  SEED-SHA                     
Accepted  TLSv1.0  128 bits  CAMELLIA128-SHA             
Accepted  TLSv1.0  128 bits  RC4-SHA                     
Accepted  TLSv1.0  128 bits  RC4-MD5                     
Accepted  TLSv1.0  112 bits  DES-CBC3-SHA                 
Accepted  TLSv1.0  56 bits   DES-CBC-SHA                 
Accepted  TLSv1.1  256 bits  AES256-SHA                   
Accepted  TLSv1.1  256 bits  CAMELLIA256-SHA             
Accepted  TLSv1.1  128 bits  AES128-SHA                   
Accepted  TLSv1.1  128 bits  SEED-SHA                     
Accepted  TLSv1.1  128 bits  CAMELLIA128-SHA             
Accepted  TLSv1.1  128 bits  RC4-SHA                     
Accepted  TLSv1.1  128 bits  RC4-MD5                     
Accepted  TLSv1.1  112 bits  DES-CBC3-SHA                 
Accepted  TLSv1.1  56 bits   DES-CBC-SHA                 
Accepted  TLSv1.2  256 bits  AES256-GCM-SHA384           
Accepted  TLSv1.2  256 bits  AES256-SHA256               
Accepted  TLSv1.2  256 bits  AES256-SHA                   
Accepted  TLSv1.2  256 bits  CAMELLIA256-SHA             
Accepted  TLSv1.2  128 bits  AES128-GCM-SHA256           
Accepted  TLSv1.2  128 bits  AES128-SHA256               
Accepted  TLSv1.2  128 bits  AES128-SHA                   
Accepted  TLSv1.2  128 bits  SEED-SHA                     
Accepted  TLSv1.2  128 bits  CAMELLIA128-SHA             
Accepted  TLSv1.2  128 bits  RC4-SHA                     
Accepted  TLSv1.2  128 bits  RC4-MD5                     
Accepted  TLSv1.2  112 bits  DES-CBC3-SHA                 
Accepted  TLSv1.2  56 bits   DES-CBC-SHA                 

  Preferred Server Cipher(s):
SSLv3    256 bits  AES256-SHA                   
TLSv1.0  256 bits  AES256-SHA                   
TLSv1.1  256 bits  AES256-SHA                   
TLSv1.2  256 bits  AES256-GCM-SHA384           

  SSL Certificate:
Signature Algorithm: sha256WithRSAEncryption
RSA Key Strength:    2048

Subject:  irc.jkent.net
Altnames: DNS:irc.jkent.net, DNS:jkent.net, othername:<unsupported>, othername:<unsupported>, othername:<unsupported>, othername:<unsupported>
Issuer:   StartCom Class 1 Primary Intermediate Server CA
Top
jkent
Posts: 6
Joined: Sun Jun 28, 2015 11:30 am

Re: SSL/TLS handshake issue

Postby jkent » Sat Jul 11, 2015 4:56 am

With the latest SDK 1.2.0 and SSL patch 2, this issue is still not resolved.

It now tries to connect over and over:

Code: Select all

client handshake start.
client handshake failed
client handshake start.
client handshake failed
client handshake start.
client handshake failed
...
Top
jkent
Posts: 6
Joined: Sun Jun 28, 2015 11:30 am

Re: SSL/TLS handshake issue

Postby jkent » Thu Sep 24, 2015 6:18 am

I'm still having problems with this as of SDK 1.4.0

The code that I am testing this with can be found here: https://github.com/jkent/espbot

Build with USE_SECURE=1
Top
GothAck
Posts: 2
Joined: Mon Jun 06, 2016 8:40 pm

Re: SSL/TLS handshake issue

Postby GothAck » Mon Jun 06, 2016 8:47 pm

I'm having the same problem with TLS socket to Mosquitto. I've added my cacert to the image.

Debug output from ESP8266 (running nodemcu, but error seems to be from Expressif SSL library:

Code: Select all

> c = net.createConnection(net.TCP, 1)
net_create is called.
TCP server/socket is set.
net_delete is called.
> c:connect(21883, 'apollo.gothack.name')
net_start is called.
TCP port is set: 21883.
TCP ip is set: 255.255.255.255
> socket_dns_found is called.
TCP ip is set: 45.32.95.69
socket_connect is called.
CERTIFICATE 5e9
� 0
 0
the file is not a PEM file.
E:M 0
Certificate '�' is undefined.
the file is not a PEM file.
client handshake start.
client handshake failed
Error: invalid protocol message
net_socket_reconnected is called.
net_socket_disconnected is called.


Config options applied to Mosquitto to ensure compatibility:

Code: Select all

tls_version tlsv1.1
ciphers AES256-SHA:AES128-SHA


The handshake looks okay in Wireshark, but I'm no a expert on tls
(screenshots via Dropbox, annoyingly unembeddable)
https://www.dropbox.com/s/x296307zsitrr02/Screen%20Shot%202016-06-06%20at%2005.44.30.png?dl=0
https://www.dropbox.com/s/iu76au4v361xje5/Screen%20Shot%202016-06-06%20at%2005.44.41.png?dl=0


Edit: formatting
Top
Post Reply

Return to “ESP8266 SDK”



Who is online

Users browsing this forum: No registered users and 230 guests