[PATCH 2 of 4] SSL: logging levels of various errors reported with tlsfuzzer

Roman Arutyunyan arut at nginx.com
Wed Mar 8 14:19:10 UTC 2023


On Wed, Mar 08, 2023 at 01:07:45AM +0300, Maxim Dounin wrote:
> Hello!
> 
> On Tue, Mar 07, 2023 at 06:46:12PM +0400, Roman Arutyunyan wrote:
> 
> > Hi,
> > 
> > On Wed, Mar 01, 2023 at 05:56:03PM +0300, Maxim Dounin wrote:
> > > # HG changeset patch
> > > # User Maxim Dounin <mdounin at mdounin.ru>
> > > # Date 1677682421 -10800
> > > #      Wed Mar 01 17:53:41 2023 +0300
> > > # Node ID c76e163105f1eac7727ce4e6d955fecb38d93e49
> > > # Parent  4d0a265c1d20f22f196680dfcc9d044f9e711865
> > > SSL: logging levels of various errors reported with tlsfuzzer.
> > > 
> > > To further differentiate client-related errors and adjust logging levels
> > > of various SSL errors, nginx was tested with tlsfuzzer with multiple
> > > OpenSSL versions (3.1.0-beta1, 3.0.8, 1.1.1t, 1.1.0l, 1.0.2u, 1.0.1u,
> > > 1.0.0s, 0.9.8zh).
> > 
> > While mentioned here, OpenSSL 3.1.0-beta1 is not referenced anywhere in the
> > text below.  It should be added to the list of versions not adding new client
> > errors compared to other versions.
> 
> Thanks for noting.  I've generally not considered OpenSSL 
> 3.1.0-beta1, since it is mostly identical to OpenSSL 3.0.8 in 
> terms of errors and not really a release, but decided to add it to 
> the list of tested versions for completeness.
> 
> Updated the last paragraph as well:
> 
> : No additional client-related errors were observed while testing with            
> : OpenSSL 3.1.0-beta1, OpenSSL 1.1.0l, OpenSSL 1.0.1u, OpenSSL 1.0.0s,            
> : and OpenSSL 0.9.8zh.                                                            
> 
> > > The following errors were observed during tlsfuzzer runs with OpenSSL 3.0.8,
> > > and are clearly client-related:
> > > 
> > > SSL_do_handshake() failed (SSL: error:0A000092:SSL routines::data length too long)
> > > SSL_do_handshake() failed (SSL: error:0A0000A0:SSL routines::length too short)
> > > SSL_do_handshake() failed (SSL: error:0A000124:SSL routines::bad legacy version)
> > > SSL_do_handshake() failed (SSL: error:0A000178:SSL routines::no shared signature algorithms)
> > > 
> > > Accordingly, the SSL_R_DATA_LENGTH_TOO_LONG ("data length too long"),
> > > SSL_R_LENGTH_TOO_SHORT ("length too short"), SSL_R_BAD_LEGACY_VERSION
> > > ("bad legacy version"), and SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS
> > > ("no shared signature algorithms", misspelled as "sigature" in OpenSSL 1.0.2)
> > > errors are now logged at the "info" level.
> > > 
> > > Additionally, the following errors were observed with OpenSSL 3.0.8 and
> > > with TLSv1.3 enabled:
> > > 
> > > SSL_do_handshake() failed (SSL: error:02800066:Diffie-Hellman routines::invalid public key error:0A000132:SSL routines::bad ecpoint)
> > > SSL_do_handshake() failed (SSL: error:08000066:elliptic curve routines::invalid encoding error:0A000132:SSL routines::bad ecpoint)
> > > SSL_do_handshake() failed (SSL: error:0800006B:elliptic curve routines::point is not on curve error:0A000132:SSL routines::bad ecpoint)
> > > SSL_do_handshake() failed (SSL: error:0A00006F:SSL routines::bad digest length)
> > > SSL_do_handshake() failed (SSL: error:0A000070:SSL routines::missing sigalgs extension)
> > > SSL_do_handshake() failed (SSL: error:0A000096:SSL routines::encrypted length too long)
> > > SSL_do_handshake() failed (SSL: error:0A00010F:SSL routines::bad length)
> > > SSL_read() failed (SSL: error:0A00007A:SSL routines::bad key update)
> > > SSL_read() failed (SSL: error:0A000125:SSL routines::mixed handshake and non handshake data)
> > > 
> > > Accordingly, the SSL_R_BAD_ECPOINT ("bad ecpoint"), 
> > 
> > SSL_R_BAD_ECPOINT is already logged at the "info" level, added by you in
> > cac164d0807e.  This text is probably a leftover from testing this without the
> > previous patch applied, in which case a crypto error was analyzed and ignored.
> 
> Indeed, thanks for catching.  Removed this from the commit log (as 
> well as the relevant error messages above).
> 
> > > SSL_R_BAD_DIGEST_LENGTH
> > > ("bad digest length"), SSL_R_MISSING_SIGALGS_EXTENSION ("missing sigalgs
> > > extension"), SSL_R_ENCRYPTED_LENGTH_TOO_LONG ("encrypted length too long"),
> > > SSL_R_BAD_LENGTH ("bad length"), SSL_R_BAD_KEY_UPDATE ("bad key update"),
> > > and SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA ("mixed handshake and non
> > > handshake data") errors are now logged at the "info" level.
> > > 
> > > Additionally, the following errors were observed with OpenSSL 1.1.1t:
> > > 
> > > SSL_do_handshake() failed (SSL: error:14094091:SSL routines:ssl3_read_bytes:data between ccs and finished)
> > > SSL_do_handshake() failed (SSL: error:14094199:SSL routines:ssl3_read_bytes:too many warn alerts)
> > > SSL_read() failed (SSL: error:1408F0C6:SSL routines:ssl3_get_record:packet length too long)
> > > SSL_read() failed (SSL: error:14094085:SSL routines:ssl3_read_bytes:ccs received early)
> > > 
> > > Accordingly, the SSL_R_CCS_RECEIVED_EARLY ("ccs received early"),
> > > SSL_R_DATA_BETWEEN_CCS_AND_FINISHED ("data between ccs and finished"),
> > > SSL_R_PACKET_LENGTH_TOO_LONG ("packet length too long"), and
> > > SSL_R_TOO_MANY_WARN_ALERTS ("too many warn alerts") errors are now logged
> > > at the "info" level.
> > > 
> > > Additionally, the following errors were observed with OpenSSL 1.0.2u:
> > > 
> > > SSL_do_handshake() failed (SSL: error:1407612A:SSL routines:SSL23_GET_CLIENT_HELLO:record too small)
> > > SSL_do_handshake() failed (SSL: error:1408C09A:SSL routines:ssl3_get_finished:got a fin before a ccs)
> > > 
> > > Accordingly, the SSL_R_RECORD_TOO_SMALL ("record too small") and
> > > SSL_R_GOT_A_FIN_BEFORE_A_CCS ("got a fin before a ccs") errors are now
> > > logged at the "info" level.
> > > 
> > > No additional client-related errors were observed while testing with
> > > OpenSSL 1.1.0l, OpenSSL 1.0.1u, OpenSSL 1.0.0s, and OpenSSL 0.9.8zh.
> 
> Full updated commit log:
> 
> # HG changeset patch
> # User Maxim Dounin <mdounin at mdounin.ru>
> # Date 1678226771 -10800
> #      Wed Mar 08 01:06:11 2023 +0300
> # Node ID a48cbbec723b1a6d4943e877deb21e719c19d09a
> # Parent  c011fae23865f04518f9279fb98a312ef8f7a29c
> SSL: logging levels of various errors reported with tlsfuzzer.
> 
> To further differentiate client-related errors and adjust logging levels
> of various SSL errors, nginx was tested with tlsfuzzer with multiple
> OpenSSL versions (3.1.0-beta1, 3.0.8, 1.1.1t, 1.1.0l, 1.0.2u, 1.0.1u,
> 1.0.0s, 0.9.8zh).
> 
> The following errors were observed during tlsfuzzer runs with OpenSSL 3.0.8,
> and are clearly client-related:
> 
> SSL_do_handshake() failed (SSL: error:0A000092:SSL routines::data length too long)
> SSL_do_handshake() failed (SSL: error:0A0000A0:SSL routines::length too short)
> SSL_do_handshake() failed (SSL: error:0A000124:SSL routines::bad legacy version)
> SSL_do_handshake() failed (SSL: error:0A000178:SSL routines::no shared signature algorithms)
> 
> Accordingly, the SSL_R_DATA_LENGTH_TOO_LONG ("data length too long"),
> SSL_R_LENGTH_TOO_SHORT ("length too short"), SSL_R_BAD_LEGACY_VERSION
> ("bad legacy version"), and SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS
> ("no shared signature algorithms", misspelled as "sigature" in OpenSSL 1.0.2)
> errors are now logged at the "info" level.
> 
> Additionally, the following errors were observed with OpenSSL 3.0.8 and
> with TLSv1.3 enabled:
> 
> SSL_do_handshake() failed (SSL: error:0A00006F:SSL routines::bad digest length)
> SSL_do_handshake() failed (SSL: error:0A000070:SSL routines::missing sigalgs extension)
> SSL_do_handshake() failed (SSL: error:0A000096:SSL routines::encrypted length too long)
> SSL_do_handshake() failed (SSL: error:0A00010F:SSL routines::bad length)
> SSL_read() failed (SSL: error:0A00007A:SSL routines::bad key update)
> SSL_read() failed (SSL: error:0A000125:SSL routines::mixed handshake and non handshake data)
> 
> Accordingly, the SSL_R_BAD_DIGEST_LENGTH ("bad digest length"),
> SSL_R_MISSING_SIGALGS_EXTENSION ("missing sigalgs extension"),
> SSL_R_ENCRYPTED_LENGTH_TOO_LONG ("encrypted length too long"),
> SSL_R_BAD_LENGTH ("bad length"), SSL_R_BAD_KEY_UPDATE ("bad key update"),
> and SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA ("mixed handshake and non
> handshake data") errors are now logged at the "info" level.
> 
> Additionally, the following errors were observed with OpenSSL 1.1.1t:
> 
> SSL_do_handshake() failed (SSL: error:14094091:SSL routines:ssl3_read_bytes:data between ccs and finished)
> SSL_do_handshake() failed (SSL: error:14094199:SSL routines:ssl3_read_bytes:too many warn alerts)
> SSL_read() failed (SSL: error:1408F0C6:SSL routines:ssl3_get_record:packet length too long)
> SSL_read() failed (SSL: error:14094085:SSL routines:ssl3_read_bytes:ccs received early)
> 
> Accordingly, the SSL_R_CCS_RECEIVED_EARLY ("ccs received early"),
> SSL_R_DATA_BETWEEN_CCS_AND_FINISHED ("data between ccs and finished"),
> SSL_R_PACKET_LENGTH_TOO_LONG ("packet length too long"), and
> SSL_R_TOO_MANY_WARN_ALERTS ("too many warn alerts") errors are now logged
> at the "info" level.
> 
> Additionally, the following errors were observed with OpenSSL 1.0.2u:
> 
> SSL_do_handshake() failed (SSL: error:1407612A:SSL routines:SSL23_GET_CLIENT_HELLO:record too small)
> SSL_do_handshake() failed (SSL: error:1408C09A:SSL routines:ssl3_get_finished:got a fin before a ccs)
> 
> Accordingly, the SSL_R_RECORD_TOO_SMALL ("record too small") and
> SSL_R_GOT_A_FIN_BEFORE_A_CCS ("got a fin before a ccs") errors are now
> logged at the "info" level.
> 
> No additional client-related errors were observed while testing with
> OpenSSL 3.1.0-beta1, OpenSSL 1.1.0l, OpenSSL 1.0.1u, OpenSSL 1.0.0s,
> and OpenSSL 0.9.8zh.

Looks ok


More information about the nginx-devel mailing list