Opened 5 years ago

Closed 4 years ago

#13816 closed defect (worksforme)

tor SSL errors with LibreSSL on OS X 10.9

Reported by: teor Owned by:
Priority: High Milestone: Tor: 0.2.7.x-final
Component: Core Tor/Tor Version: Tor: 0.2.7
Severity: Keywords: tor-relay, tor-auth, tor-client, lorax, 027-triaged-1-in, SponsorU, PostFreeze027
Cc: nickm Actual Points:
Parent ID: #13415 Points: unclear
Reviewer: Sponsor:

Description

Split from #13415:

Testing tor LibreSSL with Chutney

teor:

Once I get tor/LibreSSL to compile, the unit tests pass flawlessly.

But I see the following log entries in chutney clients, which I really don't have any idea how to fix (I'm going to try boringssl next):

[notice] We weren't able to find support for all of the TLS ciphersuites that we wanted to advertise. This won't hurt security, but it might make your Tor (if run as a client) more easy for censors to block.
[notice] To correct this, use a version of OpenSSL built with none of its ciphers disabled.

[info] TLS error while handshaking with "127.0.0.1": wrong cipher returned (in SSL routines:SSL3_GET_SERVER_HELLO:SSLv3 read server hello B)
[info] int connection_tls_continue_handshake(or_connection_t *)(): tls error [misc error]. breaking connection.
[info] void circuit_n_chan_done(channel_t *, int)(): Channel failed; closing circ.
[info] void circuit_build_failed(origin_circuit_t *)(): Our circuit died before the first hop with no connection
[info] void connection_ap_fail_onehop(const char *, cpath_build_state_t *)(): Closing one-hop stream to '$<KEY>/127.0.0.1' because the OR conn just failed.
[info] void connection_or_note_state_when_broken(or_connection_t *)(): Connection died in state 'handshaking (TLS) with SSL state SSLv3 read server hello B in HANDSHAKE'
[info] void control_event_bootstrap_problem(const char *, int, or_connection_t *)(): Problem bootstrapping. Stuck at 10%: Finishing handshake with directory server. (DONE; DONE; count 8; recommendation ignore)
[info] 8 connections have failed:
[info] 8 connections died in state handshaking (TLS) with SSL state SSLv3 read server hello B in HANDSHAKE

chutney routers are similar, with these extra lines on init:

[info] int crypto_global_init(int, const char *, const char *)(): NOT using OpenSSL engine support.
[info] int evaluate_evp_for_aes(int)(): This version of OpenSSL has a known-good EVP counter-mode implementation. Using it.
[info] void tor_tls_init()(): OpenSSL LibreSSL 2.0 looks like version 0.9.8m or later; I will try SSL_OP to enable renegotiation

chutney authorities also include these extras:

[info] or_connection_t *connection_or_connect(const tor_addr_t *, uint16_t, const char *, channel_tls_t *)(): Client asked me to connect to myself. Refusing.
[info] void log_unsupported_ciphers(smartlist_t *)(): The unsupported ciphers were: ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:EDH-RSA-DES-CBC3-SHA:AES128-SHA:CAMELLIA128-SHA:AES256-SHA:CAMELLIA256-SHA:DES-CBC3-SHA:RC4-SHA
[info] TLS error while handshaking with "127.0.0.1": sslv3 alert illegal parameter (in SSL routines:SSL3_READ_BYTES:SSLv3 read client certificate A)

nickm:

There's some kind of server-side issue we'll need to solve, though.

Tor master with libressl 2.1.0 bootstraps fine under Chutney with me, without the "TLS error while handshaking" warnings. Do I need to do additional steps to see those?

Child Tickets

Change History (8)

comment:1 Changed 5 years ago by teor

I can't say what additional steps are needed - they came out in info-level logs in chutney for me, and the bootstrap and transmission testing failed.

I was using LibreSSL 2.1.2 (git 5c23f2510315053a4164f2aa5e4e65b87a4f7a5f), with the following configuration:

export CC="clang -g -fno-omit-frame-pointer -fasynchronous-unwind-tables \
-Oz -fstack-protector -D_FORTIFY_SOURCE=2 -DPURIFY"

./configure --prefix=/test/tor/libressl-install

comment:2 Changed 4 years ago by nickm

Milestone: Tor: 0.2.???Tor: 0.2.7.x-final

Tentatively move some tickets to 0.2.7

comment:3 Changed 4 years ago by nickm

Status: newassigned

comment:4 Changed 4 years ago by nickm

Keywords: 027-triaged-1-in added

Marking more tickets as triaged-in for 0.2.7

comment:5 Changed 4 years ago by isabela

Keywords: SponsorU added
Points: unclear
Priority: normalmajor
Version: Tor: 0.2.6.1-alphaTor: 0.2.7

comment:6 Changed 4 years ago by nickm

Keywords: PostFreeze027 added

If we wind up with a nice patch for any of these in the appropriate window, we should sure merge it.

comment:7 Changed 4 years ago by nickm

Status: assignedneeds_information

I've tried this with the closest system I have (librssl 2.2.3 from Homebrew; OSX 10.10; latest Tor master) and I didn't run into any server-side problems. I wonder if all the hacking we did as part of the OpenSSL 1.1 compatibility fixes in June might have improved stuff here?

comment:8 Changed 4 years ago by teor

Resolution: worksforme
Status: needs_informationclosed

I installed libressl 2.2.2 from MacPorts on OS X 10.10, and then rebuilt all the dependencies of openssl/libressl in MacPorts, including libevent and tor. (I probably skipped this step last time, which might have been the source of my issues. MacPorts (or I) seem smarter about this now.)

I then rebuilt the latest tor master with:

make clean
./configure --with-libevent-dir=/opt/local --with-openssl-dir=/opt/local --disable-asciidoc
make test-network-all

All of the 7 make test-network-all tests passed, including the mixed test based on tor master and the rebuilt tor 0.2.6.9 from MacPorts.

I think this was either a misconfiguration on my end (failure to rebuild), or something we fixed in both tor master and tor 0.2.6.9, or something specific to a different version of OS X, Xcode, or clang.

Note: See TracTickets for help on using tickets.