ssl error "SSL3_READ_BYTES:tlsv1 alert decrypt error "
Added by kiran over 11 years ago
Hi,
I am trying enable ssl in lighttpd .
My OS is "Arago linux" running on "Beaglebone black".
I did the proper configuration for enabling ssl using "self signed" certificate:
~# tail -6 /etc/lighttpd.conf
$SERVER["socket"] == "0.0.0.0:443" {
server.document-root = "/www"
ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd/ssl/ws/server.pem"
}
These are the permissions:
root@am335x-evm:~# ls -l /etc/lighttpd/ssl/ws/server.pem -rw------- 1 root root 1762 Jun 26 2013 /etc/lighttpd/ssl/ws/server.pem root@am335x-evm:~# ls -l /etc/lighttpd/ssl/ws/ -rw------- 1 root root 1762 Jun 26 2013 server.pem root@am335x-evm:~# ps | grep lighttpd 1769 root 4312 S /usr/sbin/lighttpd -f /etc/lighttpd.conf 1777 root 1828 S grep lighttpd root@am335x-evm:~#
Other relevant info:
root@am335x-evm:~# lighttpd -help lighttpd: /usr/lib/libssl.so.1.0.0: no version information available (required by lighttpd) lighttpd/1.4.33 (ssl) (Oct 26 2013 12:02:47) - a light and fast webserver usage: -f <name> filename of the config-file -m <name> module directory (default: /usr/lib) -p print the parsed config-file in internal form, and exit -t test the config-file, and exit -D don't go to background (default: go to background) -v show version -V show compile-time features -h show this help root@am335x-evm:~#
When I access the https page from browser (Firefox), I am getting the "This Connection is Untrusted" message. But when I accept the certificate, firefox throws the following error:
"Peer's certificate has an invalid signature. (Error code: sec_error_bad_signature)"
I confirmed that the certificate file is valid by using it with lighttpd running on my desktop.
I also tested the same certificate using openssl command:
openssl s_server -accept 12345 -cert /etc/lighttpd/ssl/ws/serv openssl: /usr/lib/libssl.so.1.0.0: no version information available (required by openssl) openssl: /usr/lib/libcrypto.so.1.0.0: no version information available (required by openssl) openssl: /usr/lib/libcrypto.so.1.0.0: no version information available (required by /usr/lib/libssl.so.1.0.0) WARNING: can't open config file: /usr/local/ssl/openssl.cnf Using default temp DH parameters Using default temp ECDH parameters ACCEPT bad gethostbyaddr -----BEGIN SSL SESSION PARAMETERS----- MHUCAQECAgMABAIAiAQgk50jQT/vr5EiUPND7DRlGFFViZzAhav4VEinRK7jlM8E MJP19GGiblkRbqXOFvBRsU3L5lm1LMXwCam8hUZzoxg9FSH+Fw4T7ACJz4t6Zv0L V6EGAgRRyjfKogQCAgEspAYEBAEAAAA= -----END SSL SESSION PARAMETERS----- Shared ciphers:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:CAMELLIA256-SHA:AES256-SHA:DHE-RSA-CAMELLIA128-SA CIPHER is DHE-RSA-CAMELLIA256-SHA Secure Renegotiation IS supported GET / HTTP/1.1 Host: 192.168.3.152:12345 User-Agent: Mozilla/5.0 (X11; Linux i686; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip, deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache TESTINGSLL DONE shutdown accept socket shutting down SSL CONNECTION CLOSED 1 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 1 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 1 server accepts that finished 0 session cache hits 1 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed)
And these are the errors found in the lighttpd logs:
root@am335x-evm:~# tail -f /www/logs/lighttpd.error.log 2013-06-26 00:14:12: (connections.c.305) SSL: 1 error:1409441B:SSL routines:SSL3_READ_BYTES:tlsv1 alert decrypt error 2013-06-26 00:14:12: (connections.c.305) SSL: 1 error:1409441B:SSL routines:SSL3_READ_BYTES:tlsv1 alert decrypt error 2013-06-26 00:14:12: (connections.c.305) SSL: 1 error:1409441B:SSL routines:SSL3_READ_BYTES:tlsv1 alert decrypt error 2013-06-26 00:14:13: (connections.c.305) SSL: 1 error:1409441B:SSL routines:SSL3_READ_BYTES:tlsv1 alert decrypt error 2013-06-26 00:14:13: (connections.c.305) SSL: 1 error:1409441B:SSL routines:SSL3_READ_BYTES:tlsv1 alert decrypt error
These are the stuff I tried:
Recompile openssl from source. Recompile lighttpd from source.
I am still not able to make this work. Can someone help me out? Is there something I have missed?
Thanks,
Kiran
Replies (6)
RE: ssl error "SSL3_READ_BYTES:tlsv1 alert decrypt error " - Added by stbuehler over 11 years ago
You got some strange linker errors; I suggest fixing those before doing anything else. They could indicate that the library versions don't match the version you compiled against:
lighttpd: /usr/lib/libssl.so.1.0.0: no version information available (required by lighttpd) openssl: /usr/lib/libssl.so.1.0.0: no version information available (required by openssl) openssl: /usr/lib/libcrypto.so.1.0.0: no version information available (required by openssl) openssl: /usr/lib/libcrypto.so.1.0.0: no version information available (required by /usr/lib/libssl.so.1.0.0)
In order to debug the SSL issue a tcpdump -o somefile.pcap packet capture might be useful; as Firefox complains with "Peer's certificate has an invalid signature." the problem should be visible in the plaintext (not encrypted) handshake.
Perhaps you can upload a minimal test configuration to reproduce it with (including a new self signed key+cert; obviously you shouldn't give us your real private key).
RE: ssl error "SSL3_READ_BYTES:tlsv1 alert decrypt error " - Added by kiran over 11 years ago
Stefan,
Thanks for the reply.
I removed the linker errors by replacing the ssl/crypto libraries (that I had cross compiled ) with the ones which came with the tool chain. But the issue still persists.
Is this output enough for the tcpdump analysis:
root@am335x-evm:/usr/lib# tcpdump -vv | grep 192.168.3.152.https
[10296.111541] net eth0: promiscuity enabled
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
192.168.3.12.34354 > 192.168.3.152.https: Flags [S], cksum 0x369a (correct), seq 1438665819, win 14600, options [mss 1460,sackOK,TS val 7939562 e0
192.168.3.152.https > 192.168.3.12.34354: Flags [S.], cksum 0x8823 (incorrect -> 0x47ff), seq 900953787, ack 1438665820, win 14480, options [mss 0
192.168.3.12.34354 > 192.168.3.152.https: Flags [.], cksum 0xabc6 (correct), seq 1, ack 1, win 913, options [nop,nop,TS val 7939562 ecr 1000069],0
192.168.3.12.34354 > 192.168.3.152.https: Flags [P.], cksum 0x9b51 (correct), seq 1:145, ack 1, win 913, options [nop,nop,TS val 7939562 ecr 10004
192.168.3.152.https > 192.168.3.12.34354: Flags [.], cksum 0x881b (incorrect -> 0xa72f), seq 1, ack 145, win 1944, options [nop,nop,TS val 1000060
192.168.3.152.https > 192.168.3.12.34354: Flags [P.], cksum 0x56e8 (correct), seq 1:903, ack 145, win 1944, options [nop,nop,TS val 1000072 ecr 72
192.168.3.12.34354 > 192.168.3.152.https: Flags [.], cksum 0xa735 (correct), seq 145, ack 903, win 1026, options [nop,nop,TS val 7939569 ecr 10000
192.168.3.12.34354 > 192.168.3.152.https: Flags [P.], cksum 0x5c21 (correct), seq 145:152, ack 903, win 1026, options [nop,nop,TS val 7939569 ecr7
192.168.3.12.34354 > 192.168.3.152.https: Flags [R.], cksum 0xa729 (correct), seq 152, ack 903, win 1026, options [nop,nop,TS val 7939570 ecr 1000
Attaching the configuration file and the certificate+key file.
Let me know if you need more info.
Kiran
| lighttpd.conf (11.8 KB) lighttpd.conf | |||
| server.pem (1.72 KB) server.pem |
RE: ssl error "SSL3_READ_BYTES:tlsv1 alert decrypt error " - Added by stbuehler over 11 years ago
"Minimal configuration"?
"Packet capture" - not the text output, the actual packets (although the option for that is -w, not -o - sry)
The pem file is good, and the config should work too (tested it with the necessary local path and port changes). So this looks like a platform specific problem.
Please don't use /tmp/ paths; another use could create (and own) /tmp/lighttpd and have lighttpd overwrite files through symlinks (in your case all files, as you are running as root).
Also running lighttpd as root is a bad idea. Use server.username.
RE: ssl error "SSL3_READ_BYTES:tlsv1 alert decrypt error " - Added by kiran over 11 years ago
Stefan,
This is my test setup. I will be using a lighttpd dedicated user once I stabilize this.
At least if you can confirm for me that this is a platform issue by looking at the attached capture file, that would be great.
Kiran
RE: ssl error "SSL3_READ_BYTES:tlsv1 alert decrypt error " - Added by stbuehler over 11 years ago
I couldn't see anything obviously wrong; although I didn't try to verify the signature(s) manually.
Your openssl s_server test used a different ciphersuite (TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA), the pcap shows TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA; the different cipher (Camellia-256-CBC instead of AES-256-CBC) shouldn't matter in that stage of the connection, but I guess the ECDHE-RSA key exchange could be the problem.
You could try to disable elliptic curves with ssl.cipher-list. Also I don't think this is a bug in lighttpd; it probably is somewhere in the compiler, standard library, openssl, custom patches by whoever is involved or even the hardware.
I hope I could help you a little bit, but I doubt we can help you much further here.
RE: ssl error "SSL3_READ_BYTES:tlsv1 alert decrypt error " - Added by kiran over 11 years ago
Stefan,
Cool..Thanks a lot.
Kiran