[Pkg-openssl-devel] Bug#1020652: Bug#1020652: openssl: tls_process_key_exchange:internal error:../ssl/statem/statem_clnt.c:2254:
Kurt Roeckx
kurt at roeckx.be
Sun Sep 25 07:15:03 BST 2022
On Sun, Sep 25, 2022 at 02:16:00AM +0000, Thorsten Glaser wrote:
> Kurt Roeckx dixit:
>
> >On Sat, Sep 24, 2022 at 10:34:19PM +0200, Thorsten Glaser wrote:
> >> $ openssl s_client -CApath /etc/ssl/certs -connect www.mirbsd.org:443 -legacy_renegotiation -tls1
> >
> >TLS 1.0 is not supported by default because it's insecure. You need
> >to change the security level to 0, for instance by using the cipher
> >string DEFAULT at SECLEVEL=0
> ^ +colon
>
> Hey, this used to work at @SECLEVEL=2 even, with just MinProtocol
> changed. Also openssl ciphers shows the same, independent of the
> number used for @SECLEVEL. How can I find out, for any installed
> OpenSSL, which settings this mysterious @SECLEVEL influences and
> which are available? Where is this documented?
There is /usr/share/doc/openssl/NEWS.md.gz, which says:
* SSL 3, TLS 1.0, TLS 1.1, and DTLS 1.0 only work at security level 0,
except when RSA key exchange without SHA1 is used.
So this also works:
openssl s_client -connect www.mirbsd.org:443 -cipher AES256-SHA -legacy_renegotiation -tls1
That's the only cipher you have with RSA key exchange. Your server
doesn't have a preference for ciphers, so picks the first offered by the
client, so the order is important.
Security levels are documented in SSL_CTX_set_security_level(3):
https://www.openssl.org/docs/man3.0/man3/SSL_CTX_set_security_level.html
SHA1 have been moved to security level 0 because it no longer
provides enough security, even when combined with MD5.
Kurt
More information about the Pkg-openssl-devel
mailing list