-
Bug
-
Resolution: Not an Issue
-
P4
-
None
-
1.4.1
-
sparc
-
solaris_8
Name: pa48320 Date: 07/11/2003
The problem can be reproduced if a JSSE client repeatedly makes
connections to any SSL Server that uses BSAFE's DH implementation.
The negotiated cipher suite should be a DH anon cipher suite. The
problem occurs due to the error in the premaster secret calculation
in a particular scenario on the client side. On the client side
sometimes the premaster data is just 127 bytes long though it should
be 128. On the server side we can see that the premaster secret has
a leading zero and thus the premaster secret has the correct length
of 128. Because of this problem the failure happens on
the server side at the time of MAC check.
This is the exception we are getting on the client side:
javax.naming.CommunicationException: akoyfman-sun:5000 [Root exception is javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake]
javax.naming.CommunicationException: akoyfman-sun:5000. Root exception is javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275)
at SFactory.init(SFactory.java:140)
at SFactory.createSocket(SFactory.java:76)
at sun.reflect.GeneratedMethodAccessor14.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at com.sun.jndi.ldap.Connection.createSocket(Connection.java:311)
at com.sun.jndi.ldap.Connection.<init>(Connection.java:181)
at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:119)
at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1668)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2528)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:275)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:173)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:191)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:662)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:243)
at javax.naming.InitialContext.init(InitialContext.java:219)
at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:133)
at oracle.ldap.util.jndi.ConnectionUtil.getSSLDirCtx(ConnectionUtil.java:268)
at SSL.main(SSL.java:38)
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at com.sun.net.ssl.internal.ssl.InputRecord.read(DashoA6275)
... 24 more
----------------------------------------------------------------------
This is the tracing we get where can see that the premaster secret is
just 127 bytes long.
%% Created: [Session-365, SSL_DH_anon_WITH_3DES_EDE_CBC_SHA]
** SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
main, READ: SSLv3 Handshake, length = 267
*** Diffie-Hellman ServerKeyExchange
DH Modulus: { 244, 136, 253, 88, 78, 73, 219, 205, 32, 180, 157, 228, 145, 7, 54, 107, 51, 108, 56, 13, 69, 29, 15, 124, 136, 179, 28, 124, 91, 45, 142, 246, 243, 201, 35, 192, 67, 240, 165, 91, 24, 141, 142, 187, 85, 140, 184, 93, 56, 211, 52, 253, 124, 23, 87, 67, 163, 29, 24, 108, 222, 51, 33, 44, 181, 42, 255, 60, 225, 177, 41, 64, 24, 17, 141, 124, 132, 167, 10, 114, 214, 134, 196, 3, 25, 200, 7, 41, 122, 202, 149, 12, 217, 150, 159, 171, 208, 10, 80, 155, 2, 70, 211, 8, 61, 102, 164, 93, 65, 159, 156, 124, 189, 137, 75, 34, 25, 38, 186, 171, 162, 94, 195, 85, 233, 47, 120, 199 }
DH Base: { 2 }
Server DH Public Key: { 213, 38, 61, 111, 117, 40, 169, 217, 82, 250, 196, 42, 78, 230, 243, 217, 106, 163, 33, 43, 45, 234, 206, 43, 1, 125, 53, 213, 67, 29, 206, 75, 81, 155, 105, 103, 83, 249, 146, 31, 78, 38, 165, 120, 1, 109, 106, 228, 137, 118, 194, 182, 38, 130, 208, 240, 213, 106, 13, 146, 126, 43, 0, 216, 192, 223, 61, 161, 189, 153, 158, 234, 6, 165, 130, 109, 80, 193, 246, 190, 2, 83, 228, 113, 66, 178, 199, 124, 83, 101, 151, 187, 232, 41, 237, 3, 219, 80, 36, 13, 164, 125, 224, 158, 169, 60, 3, 179, 22, 73, 167, 155, 226, 139, 119, 24, 48, 1, 2, 12, 123, 95, 231, 14, 179, 195, 62, 181 }
Anonymous
main, READ: SSLv3 Handshake, length = 4
*** ServerHelloDone
*** ClientDiffieHellmanPublic
DH Public key: { 70, 146, 255, 33, 30, 126, 207, 92, 179, 218, 64, 32, 16, 63, 49, 99, 41, 163, 112, 78, 32, 18, 225, 157, 104, 145, 217, 41, 56, 115, 227, 56, 34, 83, 55, 167, 71, 2, 206, 218, 14, 243, 149, 84, 195, 139, 40, 139, 112, 61, 242, 30, 15, 4, 210, 157, 128, 175, 147, 92, 110, 162, 135, 165, 231, 209, 92, 67, 157, 119, 85, 220, 147, 73, 58, 58, 100, 146, 130, 9, 25, 176, 28, 163, 155, 79, 184, 0, 117, 137, 40, 124, 164, 70, 160, 21, 185, 194, 232, 4, 69, 43, 223, 105, 235, 82, 254, 172, 1, 255, 227, 16, 153, 161, 236, 106, 3, 96, 77, 188, 165, 40, 230, 98, 95, 246, 34, 19 }
main, WRITE: SSLv3 Handshake, length = 134
SESSION KEYGEN:
PreMaster Secret:
0000: B5 57 C5 62 60 54 95 08 5F 8F EB DA 81 68 DE D3 .W.b`T.._....h..
0010: 8B 2F C3 D0 27 AE 2A CA B6 AB E5 71 8E B6 CA CA ./..'.*....q....
0020: AD C3 A1 5F 8F 60 0C D1 C6 33 9D E5 F6 5A 66 65 ..._.`...3...Zfe
0030: 22 EA 4B 3A 07 91 44 F3 F1 46 6B F1 4C 9D 5E 94 ".K:..D..Fk.L.^.
0040: BA 82 46 11 F7 6F 68 0D 91 1F AF E8 77 09 2B B8 ..F..oh.....w.+.
0050: A4 BF 21 97 EE F0 16 F2 B0 22 02 E7 1E 05 24 0B ..!......"....$.
0060: F6 5E 33 78 7B CE 68 F6 DE 8F C8 DB C7 8E 6B 68 .^3x..h.......kh
0070: 30 1C 66 00 FD 94 52 4C 9C 7D BC 9C 55 6C C5 0.f...RL....Ul.
CONNECTION KEYGEN:
Client Nonce:
0000: 3F 0D AD D7 E6 D4 9A C2 CA 29 D6 F4 EA 69 A3 C0 ?........)...i..
0010: 62 84 F8 6A 7B F8 86 E2 43 F3 87 12 11 F1 7B 68 b..j....C......h
Server Nonce:
0000: 3F 0D AD D7 A4 39 A0 C5 7E CA F3 BD 19 5C AD 7C ?....9.......\..
0010: 44 4F 27 95 6D 22 A6 D2 22 4F FB 18 29 6A D3 B1 DO'.m".."O..)j..
Master Secret:
0000: 25 4E 69 B7 E9 D4 8A 12 3D 56 62 F6 CC 50 88 16 %Ni.....=Vb..P..
0010: AD 1F 9A 7E A8 0D 64 80 A2 E0 5F 88 FD A9 79 D2 ......d..._...y.
0020: CB D3 4E 9E 8F AB F8 E5 79 57 9E FD FF FD 89 79 ..N.....yW.....y
Client MAC write Secret:
0000: A1 0C 3C F5 CE 1A 4E 9C 3D C0 F7 EB 9B C3 D1 12 ..<...N.=.......
0010: 91 45 63 7E .Ec.
Server MAC write Secret:
0000: 83 7F BA 78 64 94 55 47 23 0E F8 A4 5D EA 2A 21 ...xd.UG#...].*!
0010: 59 47 01 E8 YG..
Client write key:
0000: 93 CC 5F 6F C1 49 F8 FA CB 6E CD 87 9E 7F 1F 3F .._o.I...n.....?
0010: 30 1A D4 5D 1C 8D 50 4A 0..]..PJ
Server write key:
0000: 14 C8 EA 3E 58 87 8E D6 14 44 95 68 31 2E D4 23 ...>X....D.h1..#
0010: D8 AE 2F D8 08 BF 03 6F ../....o
Client write IV:
0000: C2 71 7F 6B 57 2F 26 6C .q.kW/&l
Server write IV:
0000: 7B AF 00 26 05 9D 69 CB ...&..i.
main, WRITE: SSLv3 Change Cipher Spec, length = 1
JsseJCE: Using JSSE internal implementation for cipher DESede/CBC/NoPadding
*** Finished
verify_data: { 221, 233, 209, 15, 56, 122, 26, 35, 112, 210, 8, 116, 176, 105, 225, 156, 108, 21, 251, 209, 144, 178, 65, 168, 170, 117, 219, 248, 53, 151, 190, 132, 48, 183, 141, 170 }
***
main, WRITE: SSLv3 Handshake, length = 64
main, received EOFException: error
main, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
main, SEND SSLv3 ALERT: fatal, description = unexpected_message
main, WRITE: SSLv3 Alert, length = 24
main, called closeSocket()
(Review ID: 191083)
======================================================================