Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-66308

TLS 1.3 connection does not work when using brainpool certificates

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Normal Normal
    • None
    • rhel-10.0
    • openssl
    • None
    • No
    • Moderate
    • rhel-sst-security-crypto
    • ssg_security
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • None

      What were you trying to do that didn't work?

      This is a downstream tracked for https://github.com/openssl/openssl/issues/25697. 

       

      When using brainpool certificates and TLS 1.3 connection between s_server and s_client does not work.

      Please provide the package NVR for which the bug is seen:

      openssl-3.2.2-13.el10

      Steps to reproduce

      1. Generate brainpool certificates.
      2. Enabled brainpool curves in crypto-policies.
      3. Connect s_client to s_server using brainpool certificate and TLS 1.3 (or without specifying TLS version)

      Expected results

      Connection works

      Actual results

      Client

       

      # openssl s_client -CAfile ca/cert.pem -connect localhost:4433

Connecting to ::1

CONNECTED(00000003)

8042F00A4B7F0000:error:0A000410:SSL routines:ssl3_read_bytes:ssl/tls alert handshake failure:ssl/record/rec_layer_s3.c:909:SSL alert number 40

---

no peer certificate available

---

No client certificate CA names sent

---

SSL handshake has read 7 bytes and written 292 bytes

Verification: OK

---

New, (NONE), Cipher is (NONE)

This TLS version forbids renegotiation.

Compression: NONE

Expansion: NONE

No ALPN negotiated

Early data was not sent

Verify return code: 0 (ok)

---

      Server

      Security callback: Certificate chain EE key=, bits=256, security bits=128: yes
Security callback: Certificate chain CA digest=RSA-SHA256, security bits=128: yes
Security callback: Version=TLS 1.3: yes
Security callback: Version=TLS 1.3: yes
Security callback: Version=TLS 1.2: yes
Security callback: Version=TLS 1.3: yes
Security callback: Shared Ciphersuite=TLS_AES_256_GCM_SHA384, security bits=256: yes
Security callback: Check Curve=X25519, security bits=128: yes
Security callback: Supported Curve=X25519, security bits=128: yes
Security callback: Shared Signature Algorithm scheme=ecdsa_secp256r1_sha256, security bits=128: yes
Security callback: Shared Signature Algorithm scheme=ecdsa_secp384r1_sha384, security bits=192: yes
Security callback: Shared Signature Algorithm scheme=ecdsa_secp521r1_sha512, security bits=256: yes
Security callback: Shared Signature Algorithm scheme=ed25519, security bits=128: yes
Security callback: Shared Signature Algorithm scheme=ed448, security bits=224: yes
Security callback: Shared Signature Algorithm scheme=rsa_pss_pss_sha256, security bits=128: yes
Security callback: Shared Signature Algorithm scheme=rsa_pss_pss_sha384, security bits=192: yes
Security callback: Shared Signature Algorithm scheme=rsa_pss_pss_sha512, security bits=256: yes
Security callback: Shared Signature Algorithm scheme=rsa_pss_rsae_sha256, security bits=128: yes
Security callback: Shared Signature Algorithm scheme=rsa_pss_rsae_sha384, security bits=192: yes
Security callback: Shared Signature Algorithm scheme=rsa_pss_rsae_sha512, security bits=256: yes
Security callback: Shared Signature Algorithm scheme=rsa_pkcs1_sha256, security bits=128: yes
Security callback: Shared Signature Algorithm scheme=rsa_pkcs1_sha384, security bits=192: yes
Security callback: Shared Signature Algorithm scheme=rsa_pkcs1_sha512, security bits=256: yes
Security callback: Shared Signature Algorithm digest=SHA224, algorithm=ECDSA, security bits=112: yes
Security callback: Shared Signature Algorithm digest=SHA224, algorithm=RSA, security bits=112: yes
Security callback: Shared Signature Algorithm scheme=ecdsa_secp256r1_sha256, security bits=128: yes
Security callback: Shared Signature Algorithm scheme=ecdsa_secp384r1_sha384, security bits=192: yes
Security callback: Shared Signature Algorithm scheme=ecdsa_secp521r1_sha512, security bits=256: yes
Security callback: Shared Signature Algorithm scheme=ed25519, security bits=128: yes
Security callback: Shared Signature Algorithm scheme=ed448, security bits=224: yes
Security callback: Shared Signature Algorithm scheme=rsa_pss_pss_sha256, security bits=128: yes
Security callback: Shared Signature Algorithm scheme=rsa_pss_pss_sha384, security bits=192: yes
Security callback: Shared Signature Algorithm scheme=rsa_pss_pss_sha512, security bits=256: yes
Security callback: Shared Signature Algorithm scheme=rsa_pss_rsae_sha256, security bits=128: yes
Security callback: Shared Signature Algorithm scheme=rsa_pss_rsae_sha384, security bits=192: yes
Security callback: Shared Signature Algorithm scheme=rsa_pss_rsae_sha512, security bits=256: yes
Security callback: Shared Signature Algorithm scheme=rsa_pkcs1_sha256, security bits=128: yes
Security callback: Shared Signature Algorithm scheme=rsa_pkcs1_sha384, security bits=192: yes
Security callback: Shared Signature Algorithm scheme=rsa_pkcs1_sha512, security bits=256: yes
Security callback: Shared Signature Algorithm digest=SHA224, algorithm=ECDSA, security bits=112: yes
Security callback: Shared Signature Algorithm digest=SHA224, algorithm=RSA, security bits=112: yes
80829156977F0000:error:0A000076:SSL routines:tls_choose_sigalg:no suitable signature algorithm:ssl/t1_lib.c:3786:

              dbelyavs@redhat.com Dmitry Belyavskiy
              omoris Ondrej Moris
              Dmitry Belyavskiy Dmitry Belyavskiy
              George Pantelakis George Pantelakis
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated: