Bug 1268848 - Reporting incorrect protocol version
Reporting incorrect protocol version
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: openssl (Show other bugs)
6.8
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Tomas Mraz
BaseOS QE Security Team
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-10-05 08:50 EDT by Jan
Modified: 2015-10-05 09:28 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-10-05 09:28:34 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jan 2015-10-05 08:50:42 EDT
Description of problem:

It was found via case with stunnel. Which writes in logs type of encryption protocol that he gets from openssl chipers. We can see there that even version of TLS is used logs shows SSLv3

Version-Release number of selected component (if applicable):


How reproducible:

openssl s_client -connect access.redhat.com:443 -tls1 -state 2>&1  | egrep '(SSL|TLS)v'


Actual results:


SSL_connect:SSLv3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read server session ticket A
SSL_connect:SSLv3 read finished A
New, TLSv1/SSLv3, Cipher is AES256-SHA
    Protocol  : TLSv1




Expected results:

SSL_connect:TLSv1 write client hello A
SSL_connect:TLSv1 read server hello A
SSL_connect:TLSv1 read server certificate A
SSL_connect:TLSv1 read server done A
SSL_connect:TLSv1 write client key exchange A
SSL_connect:TLSv1 write change cipher spec A
SSL_connect:TLSv1 write finished A
SSL_connect:TLSv1 flush data
SSL_connect:TLSv1 read server session ticket A
SSL_connect:TLSv1 read finished A
New, TLSv1/SSLv3, Cipher is AES256-SHA
    Protocol  : TLSv1




Additional info:

https://www.stunnel.org/pipermail/stunnel-users/2015-February/004943.html
Comment 2 Tomas Mraz 2015-10-05 09:28:34 EDT
This is not a version - it is a debugging message showing which state is SSL connection in.

Note You need to log in before you can comment on or make changes to this bug.