Bug 1057715

Summary: s_client utility doesn't report the size of used DHE and ECDHE parameters selected by server
Product: Red Hat Enterprise Linux 6 Reporter: Hubert Kario <hkario>
Component: opensslAssignee: Tomas Mraz <tmraz>
Status: CLOSED ERRATA QA Contact: Hubert Kario <hkario>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.5CC: jherrman, rmainz
Target Milestone: rcKeywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Fixed In Version: openssl-1.0.1e-26.el6 Doc Type: Enhancement
Doc Text:
When connecting to a server using ECDHE-based or DHE-based cipher suites, the s_client utility now reports the size of ECDHE and DHE parameters selected by the server. This allows for easy verification whether the used configuration set is secure.
Story Points: ---
Clone Of:
: 1057717 (view as bug list) Environment:
Last Closed: 2014-10-14 07:19:38 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 1057717    

Description Hubert Kario 2014-01-24 16:27:00 UTC
Description of problem:
When connecting to server using one of the ECDHE-* and DHE-* suites, openssl s_client utility doesn't report the size of parameters selected by server.

This makes it hard to verify if the configuration set is secure.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Run openssl s_server
2. Connect openssl s_client to it

1. openssl s_client -connect www.google.com:443

Actual results:
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
    Session-ID: 8E883DD2A0476D7898F5A4485E1647760609D880D187EA9DD3481B93080CB629
    Master-Key: C78ED7F083A6CB066729DCE229F754F6D5D38DA7B9326364E2F9F11F00C1557E2AD1D2543BF77A37E503A2E29AD5FEE9
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    TLS session ticket lifetime hint: 100800 (seconds)
    TLS session ticket:
    0000 - 0a 12 64 19 5b 28 de 75-0b 4c 00 80 c9 ef 0b 60   ..d.[(.u.L.....`
    0010 - 84 65 2f a4 db 28 8d 13-db ae 39 8b 2a d6 8c 71   .e/..(....9.*..q
    0020 - 08 84 84 58 2f e6 f5 3f-24 07 00 52 5b d2 46 54   ...X/..?$..R[.FT
    0030 - ba ac d6 0b d7 ae 1a 75-c8 ad 23 0f d2 d5 4b fa   .......u..#...K.
    0040 - cd 50 07 3f 9d 1c 57 b6-ea 8e c7 06 0c ed 9c 4b   .P.?..W........K
    0050 - 4a 68 2f 0a 6a b6 6e 13-92 c5 c8 07 aa 77 17 97   Jh/.j.n......w..
    0060 - 53 e8 8b 67 4a bb f3 a1-fb b8 9b 30 7f 79 c1 4f   S..gJ......0.y.O
    0070 - 47 c9 52 a2 5c 4d 93 33-dc 69 6c 5d 5c df 7c 2d   G.R.\M.3.il]\.|-
    0080 - 5a 55 0a 86 14 8a 20 82-0f b7 90 ae 6b 60 e4 a0   ZU.... .....k`..
    0090 - b2 0a ad 2b                                       ...+

    Start Time: 1390580593
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)

Expected results:
ECDHE parameters size
DHE parameters size in case of DHE suite

Additional info:
Needed for verification of bug 1057656, bug 1057687 and bug 1035818 with all suites supported by mod_ssl.

Comment 2 Tomas Mraz 2014-01-24 16:49:10 UTC
I'm sorry but this is by no means a blocker. It should be at least submitted to upstream first for review.

The DH parameter size and ECDHE curve is determined by the server.

Comment 4 Hubert Kario 2014-01-27 15:26:56 UTC
Needed changes are available upstream:

Comment 7 errata-xmlrpc 2014-10-14 07:19:38 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.