Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto/tls: error with client certificate and X448 and X25519 curves #33577

Open
cromefire opened this issue Aug 10, 2019 · 9 comments
Open

crypto/tls: error with client certificate and X448 and X25519 curves #33577

cromefire opened this issue Aug 10, 2019 · 9 comments
Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone
Backlog

Comments

@cromefire
Copy link

cromefire commented Aug 10, 2019
edited

What version of Go are you using (go version)?

$ go version
go version go1.12.7 linux/amd64

Does this issue reproduce with the latest release?

Yes (1.12.7)

What operating system and processor architecture are you using (go env)?

go env Output 
$ go env
GOARCH="amd64"
GOBIN=""
GOCACHE="/home/<redacted>/.cache/go-build"
GOEXE=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOOS="linux"
GOPATH="/home/<redacted>/go"
GOPROXY="direct"
GORACE=""
GOROOT="/usr/local/go"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64"
GCCGO="gccgo"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD="/home/<redacted>/go/src/test/go.mod"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build069598509=/tmp/go-build -gno-record-gcc-switches"

What did you do?

As far as I've been able to reproduce it it only happens with an ecc client certificate and a rsa server certificate.

https://gist.github.com/cromefire/590eb9743dbadeca89c213b0aa1a2d58 (play.golang.org doesn't work with tcp it seems)

The same thing using curl works:

curl -vk --cert ecccert.pem --key ecckey.pem https://go-issue.cromefire.myds.me

The backend server (Apache/2.4.39 (Ubuntu), with OpenSSL 1.1.1c) is using no special config:

<VirtualHost *:443>
    # Skipped Name, logging and DocumentRoot

    Include includes/ssl.conf  # TLS certs, rsa ones
    SSLProtocol TLSv1.2
    SSLVerifyClient optional_no_ca
</VirtualHost>

For debugging purposes the program creates /tmp/keylog.txt which can be imported into wireshark

What did you expect to see?

The expected result are no errors

What did you see instead?

rsa-ecc: ok
ecc-ecc: ok
nocert-ecc: ok
rsa-rsa: ok
ecc-rsa: Get https://go-issue.cromefire.myds.me: remote error: tls: illegal parameter
nocert-rsa: ok
@cromefire
Copy link
Author

Some packets captured with wireshark (of the broken request):
pkts.txt

@cromefire

This comment has been minimized.

Sign in to view
@cromefire
Copy link
Author

The underlying issue seems that it rejects X448 and X25519 which are the only curves allowed by the server currently

@cromefire cromefire changed the title tls error with ecc client certificate and rsa cerver certificate and tls error with client certificate and X448 and X25519 curves Aug 10, 2019
@calmh
Copy link
Contributor

calmh commented Aug 10, 2019

AFAIK, you need to allow the curve in use by the certificate in order to be able to verify it. That's P384 or P256. For what it's worth, your server also does not work for me with curl and a Syncthing-generated certificate:

jb@kvin:~/foo $ syncthing -generate .
16:06:52 INFO: Device ID: UAXNKTY-34GLUSN-EZYFR4M-PKLSFHQ-32ZWHXZ-TR7WXSN-6UO44VY-OI55LQR
16:06:52 INFO: Default folder created and/or linked to new config
jb@kvin:~/foo $ curl -vk --cert cert.pem --key key.pem https://go-issue.cromefire.myds.me
* Rebuilt URL to: https://go-issue.cromefire.myds.me/
*   Trying 91.63.83.36...
...
* error:1401E417:SSL routines:CONNECT_CR_FINISHED:sslv3 alert illegal parameter
* stopped the pause stream!
* Closing connection 0
curl: (35) error:1401E417:SSL routines:CONNECT_CR_FINISHED:sslv3 alert illegal parameter

@cromefire
Copy link
Author

you need to allow the curve in use by the certificate in order to be able to verify it

Verification should be fine, it should only block it from being used to negotiate a shared key

I have no problem using curl:

~$ syncthing -generate .
16:20:00 INFO: Device ID: KTXYHRS-FZGLNVC-X4QQWNY-3UONW33-H3GZJLT-2JVKXW7-IJM4OYW-P5BB7AP
16:20:00 INFO: Default folder created and/or linked to new config
~$ curl -vk --cert cert.pem --key key.pem https://go-issue.cromefire.myds.me --tlsv1.2
* Rebuilt URL to: https://go-issue.cromefire.myds.me/
*   Trying 91.63.83.36...
[...]
<address>Cromefire Web Frontend Server at go-issue.cromefire.myds.me Port 443</address>
</body></html>
* Connection #0 to host go-issue.cromefire.myds.me left intact

Version:

curl 7.58.0 (x86_64-pc-linux-gnu) libcurl/7.58.0 OpenSSL/1.1.1 zlib/1.2.11 libidn2/2.0.4 libpsl/0.19.1 (+libidn2/2.0.4) nghttp2/1.30.0 librtmp/2.3
Release-Date: 2018-01-24
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp smb smbs smtp smtps telnet tftp 
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy PSL

@calmh
Copy link
Contributor

calmh commented Aug 10, 2019

Okay, I’ve clearly misunderstood something on that point. Regardless, why don’t you allow the more common curves, is this really the out of the box config in your Ubuntu?

@cromefire
Copy link
Author

why don’t you allow the more common curves, is this really the out of the box config in your Ubuntu

No there is apparently (still) a bug in apache that makes the ssl configuration for vhosts on the same port be kind of shared and all my other vhosts are restricted to those 2 curves

@calmh
Copy link
Contributor

calmh commented Aug 10, 2019

Right. So I'll leave this issue for the Go team to decide, but from my point of view after troubleshooting this with your for literally hours -- where you claim a default config, "no special config", and a bug in our code or Go -- only to discover you've disabled a major swath of the relevant cipher stuff in a very unusual way and declined to mention it... I find that disrespectful and a huge waste of time. Over and out.

@cromefire
Copy link
Author

cromefire commented Aug 10, 2019
edited

where you claim a default config, "no special config"

I didn't know about this bug in apache either and as curl worked fine, I wasn't thinking that the config some how applied to that vhost and it still seems like there is a bug, just a different one than what I thought (2 bug coming together and one disguising the other)

@FiloSottile FiloSottile changed the title tls error with client certificate and X448 and X25519 curves crypto/tls: error with client certificate and X448 and X25519 curves Aug 10, 2019
@FiloSottile FiloSottile added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Aug 10, 2019
@FiloSottile FiloSottile added this to the Go1.14 milestone Aug 10, 2019
@rsc rsc modified the milestones: Go1.14, Backlog Oct 9, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Projects
None yet
Milestone
Backlog
Development

No branches or pull requests
4 participants
@rsc @calmh @FiloSottile @cromefire