Bug 676384 - OpenSSL / PAM & NSS_LDAP / SUDO fail TLS_CHECKPEER with Cipher AES256-SHA
Summary: OpenSSL / PAM & NSS_LDAP / SUDO fail TLS_CHECKPEER with Cipher AES256-SHA
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: openssl
Version: 5.8
Hardware: Unspecified
OS: Linux
Target Milestone: rc
: ---
Assignee: Tomas Mraz
QA Contact: BaseOS QE Security Team
: 596058 655069 683368 (view as bug list)
Depends On:
Blocks: 554476 655069 683349 683368
TreeView+ depends on / blocked
Reported: 2011-02-09 17:10 UTC by Jr Aquino
Modified: 2018-11-14 16:13 UTC (History)
13 users (show)

Fixed In Version: openssl-0.9.8e-18.el5
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2011-07-21 07:41:17 UTC
Target Upstream Version:

Attachments (Terms of Use)
Patch adding the SHA-2 algorithms to SSL_library_init (772 bytes, patch)
2011-03-07 18:01 UTC, Tomas Mraz
no flags Details | Diff
Cert (1.48 KB, text/plain)
2011-04-29 12:49 UTC, Moisés Barba Pérez
no flags Details

System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 683368 0 medium CLOSED [RFE] Support SHA2 based certificates 2021-02-22 00:41:40 UTC
Red Hat Knowledge Base (Legacy) 43294 0 None None None Never
Red Hat Knowledge Base (Legacy) 46540 0 None None None Never
Red Hat Product Errata RHBA-2011:1010 0 normal SHIPPED_LIVE openssl bug fix and enhancement update 2011-07-20 15:44:40 UTC

Internal Links: 683368

Description Jr Aquino 2011-02-09 17:10:48 UTC
Description of problem:
pam & nss_ldap and sudo all fail to properly perform a TLS_CHECKPEER against a server providing a Cipher with AES256-SHA.  

The OpenSSL client tests also seem to inaccurately verify the cert as valid even though the other programs using the OpenSSL libraries fail.
openssl s_client -connect servername.com:636 -showcerts -CAFILE $PATH/ca.crt

The issue is also reported/documented in this thread:

Version-Release number of selected component (if applicable):
Verification fails on OpenSSL 0.9.8e - 0.9.8h but is reported to work in: OpenSSL 0.9.8k

Steps to Reproduce:
1. Configure a service backed by an OpenSSL cert using a AES256-SHA Cipher 
2. openssl s_client -connect servername.com:636 -showcerts -CAFILE $PATH/ca.crt
3. Configure /etc/ldap.conf (or /etc/nss_ldap.conf) with ssl start_tls, tls_cacertfile $PATH/ca.crt, and tls_checkpeer yes.

Optionally use ldapsearch to test: 
LDAPTLS_CACERT=$PATH/ca.crt ldapsearch -LLL -d 3 -ZZ -H ldap://authserver.com -s base -b "" objectclass=*

Actual results:
ldap_start_tls: Connect error (-11)
additional info: error:0D0C50A1:asn1 encoding routines:ASN1_item_verify:unknown message digest algorithm

Expected results:
Expected cert verification successful.

Additional info:

Comment 1 Tomas Mraz 2011-02-11 08:36:30 UTC
The algorithms have to be added into the SSL_library_init() call. A workaround is to run OpenSSL_add_all_algorithms() before SSL_library_init() in the caller.

> The OpenSSL client tests also seem to inaccurately verify the cert as valid
> even though the other programs using the OpenSSL libraries fail.
This is exactly because the openssl commands always call OpenSSL_add_all_algorithms in addition to the SSL_library_init() call.

Comment 9 Tomas Mraz 2011-03-07 18:01:23 UTC
Created attachment 482750 [details]
Patch adding the SHA-2 algorithms to SSL_library_init

Comment 18 Rich Megginson 2011-03-30 16:29:20 UTC
*** Bug 596058 has been marked as a duplicate of this bug. ***

Comment 19 Moisés Barba Pérez 2011-04-29 12:49:59 UTC
Created attachment 495771 [details]

Comment 20 Moisés Barba Pérez 2011-04-29 12:53:26 UTC
My machines use centos 5.5 with openssl-0.9.8e-12.el5_4.6 and integrated with a LDAP server whit same configuration.

The problem is the same reported here, specially when I try "getent group" "id" and "sudo -l". The LDAP reports the message "SSL peer reports incorrect Message Authentication Code".

I have build the patch added in this bug and applied it in server and client but still have the same problem. I can't connect neither with mozldap ldapsearch.

I use a self-signed certificate. I have attached the result for openss s_client... 

No idea which is the problem, ideas?

Comment 21 Tomas Mraz 2011-04-29 13:05:53 UTC
You have to rebuild the nss_ldap with the patched openssl on a system.

Comment 22 Moisés Barba Pérez 2011-04-29 13:16:45 UTC
There is a problem rebuilding the nss_ldap because in that case I have to install it in the client machine. Is there a way to solve this problem working only in the server??? I can't control all the client machines integrated with the LDAP.

Comment 23 Tomas Mraz 2011-04-29 13:27:15 UTC
Use a different certificate with SHA1 hash then.

Comment 24 Moisés Barba Pérez 2011-05-02 12:21:59 UTC
I have tried to set in /etc/openldap/ldap.conf the configuration parameter


where the ciphers are

# openssl ciphers -v 'MEDIUM'
KRB5-RC4-MD5            SSLv3 Kx=KRB5     Au=KRB5 Enc=RC4(128)  Mac=MD5 
KRB5-RC4-SHA            SSLv3 Kx=KRB5     Au=KRB5 Enc=RC4(128)  Mac=SHA1
ADH-RC4-MD5             SSLv3 Kx=DH       Au=None Enc=RC4(128)  Mac=MD5 
RC4-SHA                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=SHA1
RC4-MD5                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=MD5 
RC2-CBC-MD5             SSLv2 Kx=RSA      Au=RSA  Enc=RC2(128)  Mac=MD5 
RC4-MD5                 SSLv2 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=MD5 

In this case I should'n get a ssl error, but when I try a "getent group" I get this:

[02/May/2011:11:26:49 +0200] conn=9 fd=64 slot=64 SSL connection from to
[02/May/2011:11:26:49 +0200] conn=9 SSL 128-bit RC4
[02/May/2011:11:26:49 +0200] conn=9 op=-1 fd=64 closed - SSL peer reports incorrect Message Authentication Code.
[02/May/2011:11:26:49 +0200] conn=10 fd=65 slot=65 SSL connection from to
[02/May/2011:11:26:49 +0200] conn=10 SSL 128-bit RC4

I think my cert use SHA1 hash "Signature Algorithm: sha1WithRSAEncryption" and throught that i have this 3 ciphers with 256:

# openssl ciphers -v
DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
DHE-DSS-AES256-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(256)  Mac=SHA1
AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1

I'm a little lost about this, Can anyone throw some light on the issue?

Comment 25 Tomas Mraz 2011-05-02 12:39:37 UTC
If your cert uses Signature Algorithm: sha1WithRSAEncryption, your problem is completely unrelated to this bug report.

I'm sorry but this is not a place for support questions. Can you please open a regular support ticket at: http://www.redhat.com/support/

Comment 27 Tomas Mraz 2011-06-01 21:09:14 UTC
*** Bug 655069 has been marked as a duplicate of this bug. ***

Comment 28 Kamil Dudka 2011-06-02 05:46:30 UTC
*** Bug 683368 has been marked as a duplicate of this bug. ***

Comment 29 errata-xmlrpc 2011-07-21 07:41:17 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.