SSL handshake_failure after clientHello

问题:

I am trying to connect an embedded device to smtp.gmail.com:465 using tls1.2 with WolfSSL. The library creates and sends the following clientHello message and receives a handshake failure.

16 03 03 00 4f 01 00 00  4b 03 03 2e 2a ec 85 7f 15 dd 09 5f 22 d1 53 82  60 d7 80 67 28 aa 67 48  ce f0 71 ab 63 d0 b2 3e  55 3a 05 00 00 14 c0 27  c0 23 c0 0a c0 09 c0 07  c0 08 c0 14 c0 13 c0 11  c0 12 01 00 00 0e 00 0d  00 0a 00 08 04 03 02 03  04 01 02 01 

Here is the received message;

15 03 03 00 02 02 28 

As can be seen in the wireshark screenshot, the following cipher suites are supported by the client;

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023) TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a) TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) TLS_ECDHE_ECDSA_WITH_RC4_128_SHA (0xc007) TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008) TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) **TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)** **TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011)** TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012) 

...and the following signature algorithms are supported by the client (please see hexadecimal part at the bottom of the screenshot, wireshark does not decode signature algorithms)

04 03: SHA256 EDCSA 02 03: SHA1   EDCSA 04 01: SHA256 RSA 02 01: SHA1   RSA 

On the other hand, smtp.gmail.com supports the following cipher suites; (This is obtained by running script here: "superuser.com/questions/109213/how-do-i-list-the-ssl-tls-cipher-suites-a-particular-website-offers")

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 **TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA** **TLS_ECDHE_RSA_WITH_RC4_128_SHA** TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA SSL_RSA_WITH_RC4_128_SHA SSL_RSA_WITH_RC4_128_MD5 TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_RSA_WITH_AES_256_CBC_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA SSL_RSA_WITH_3DES_EDE_CBC_SHA 

As can be seen above, these two suites match.

• TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
• TLS_ECDHE_RSA_WITH_RC4_128_SHA

And, I've checked the certificate in "www.digicert.com/help/" (use "smtp.gmail.com:465") and got this: Digicert Screenshot

• Signature algorithm = SHA256 + RSA (excellent)

This matches as well

According to "tools.ietf.org/html/rfc5246#section-7.2.2"

  Reception of a handshake_failure alert message indicates that the   sender was unable to negotiate an acceptable set of security   parameters given the options available.  This is a fatal error. 

As far as I understand, there exists other reasons than cipher suite and signature algorithm mismatch for handshake_failure or I am missing something very big. I am looking for the reason of the failure but I am unable to find. I would be grateful for any help or any idea. What can be the cause of handshake_failure?

I am very sorry for unclickable links. stackoverflow does not allow me to add more than 2 links. I will replace them with regular links when have 10 reputations :)

回答1:

I just came across this and I realize it has been a long time. I regret I did not find this sooner.

For users experiencing this in the future however...

I am aware of a requirement when connecting to google servers that has changed in the last 6-9 months. Google servers will outright ignore any connection attempt if the client hello packet does not include the supported curves extension.

Could you try adding these defines to your default settings when building the wolfSSL library with the intent of connecting to ANY google servers:

#define HAVE_SUPPORTED_CURVES #define HAVE_TLS_EXTENSIONS 

(Corresponding configure option would be: "--enable-supportedcurves" which will define both of the above pre-processor macros)

and load at least one supported curve in any client application with the API:

wolfSSL_UseSupportedCurve(ssl, <CURVE NAME>); 

A list of supported curves can be found in the comment section at the top of (wolfssl-root)/wolfcrypt/src/ecc.c

文章来源: SSL handshake_failure after clientHello