EldoS | Feel safer!

Software components for data protection, secure storage and transfer

No random bytes in client hello?

Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.
#3853
Posted: 09/24/2007 11:12:08
by Charlie Jimenez (Standard support level)
Joined: 04/19/2006
Posts: 5

I am using secureblackbox SSL Server component (ElSecureServer ver 4.4.0.94) in my server application. There is a client that sends the client hello without the unix time and random bytes, yet the server still accepts this and the SSL handshake completes successfully. Below is an Etherreal decode of the client hello:

========================================================================
No. Time Source Destination Protocol Info Size
4 08:54:52.667665 192.168.0.123 193.58.72.199 SSLv2 Client Hello 114

Frame 4 (114 bytes on wire, 114 bytes captured)
Ethernet II, Src: WwPcbaTe_b4:ee:00 (00:0f:1f:b4:ee:00), Dst: IntelCor_01:42:ce (00:15:17:01:42:ce)
Internet Protocol, Src: 192.168.0.123 (192.168.0.123), Dst: 193.58.72.199 (193.58.72.199)
Transmission Control Protocol, Src Port: 2209 (2209), Dst Port: 34400 (34400), Seq: 3457243683, Ack: 2927100836, Len: 60
Secure Socket Layer
SSLv2 Record Layer: Client Hello
Length: 58
Handshake Message Type: Client Hello (1)
Version: SSL 3.0 (0x0300)
Cipher Spec Length: 33
Session ID Length: 0
Challenge Length: 16
Cipher Specs (11 specs)
Cipher Spec: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x000016)
Cipher Spec: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x00000a)
Cipher Spec: SSL2_DES_192_EDE3_CBC_WITH_MD5 (0x0700c0)
Cipher Spec: TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA (0x000062)
Cipher Spec: TLS_DHE_RSA_WITH_DES_CBC_SHA (0x000015)
Cipher Spec: TLS_RSA_WITH_DES_CBC_SHA (0x000009)
Cipher Spec: SSL2_DES_64_CBC_WITH_MD5 (0x060040)
Cipher Spec: TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA (0x000014)
Cipher Spec: TLS_RSA_EXPORT_WITH_DES40_CBC_SHA (0x000008)
Cipher Spec: TLS_RSA_WITH_NULL_SHA (0x000002)
Cipher Spec: TLS_RSA_WITH_NULL_MD5 (0x000001)
Challenge

0000 00 15 17 01 42 ce 00 0f 1f b4 ee 00 08 00 45 00 ....B.........E.
0010 00 64 ce 41 40 00 40 06 a1 2d c0 a8 00 7b c1 3a .d.A@.@..-...{.:
0020 48 c7 08 a1 86 60 ce 11 5a 23 ae 78 03 a4 50 18 H....`..Z#.x..P.
0030 fa f0 58 cd 00 00 80 3a 01 03 00 00 21 00 00 00 ..X....:....!...
0040 10 00 00 16 00 00 0a 07 00 c0 00 00 62 00 00 15 ............b...
0050 00 00 09 06 00 40 00 00 14 00 00 08 00 00 02 00 .....@..........
0060 00 01 51 44 f2 a9 c9 c9 e0 54 24 b1 b6 1b 6d fd ..QD.....T$...m.
0070 b2 03 ..


I would expect this to be rejected by the server and the SSL handshake to fail. Why is the server accepting this?

Thank you.

Charlie
#3854
Posted: 09/24/2007 11:25:19
by Ken Ivanov (EldoS Corp.)

Unix timestamp is not present in the SSL2 client hello message (in contrast to SSL3 and TLS1 protocols). The random bytes are sent though:
Quote
Challenge Length: 16
#3855
Posted: 09/24/2007 12:12:57
by Charlie Jimenez (Standard support level)
Joined: 04/19/2006
Posts: 5

The version of SSL is specified in the hello message as version 3.0 (0x0300). But I do see that the challenge bytes of the version 2.0 hello message are present. How does the server handle this? Does it use the challenge data in place of the unixtime+randombytes? Does this mean that ElSecureServer is operating in SSL 3.0 mode or 2.0? All the remaining handshake packets indicate version 3.0. Is this how version compatibility is negotiated?

One final question (sorry for so many questions) - is there a reference on the internet you can point me to that explains the differences between SSL v 2.0 and 3.0?

Thank you very much for your help.

Charlie
#3856
Posted: 09/24/2007 12:46:12
by Ken Ivanov (EldoS Corp.)

SSL/TLS protocols provide a flexible way for negotiating the highest version supported by both client and server. Basically, the client sends an SSL2-compliant client hello packet, specifying the highest version it supports in the body of this packet. I.e., if the only version the server supports is SSL2, it understands client hello [ignoring highest version number in the packet body] and responds with SSL2 server hello. If the server does support higher version(s), it responds with SSL3 or TLS server hello.

The log you have posted shows that the client sends SSL2 client hello, specifying SSL3 version in the body of the hello packet. Server supports SSL3, so it responds with SSL3 server hello.

Quote
One final question (sorry for so many questions) - is there a reference on the internet you can point me to that explains the differences between SSL v 2.0 and 3.0?

Well, these protocols are too different to perform comparisons between them. Actually, both SSL2 and SSL3 are not the standardized protocols -- the both ones have been published as Internet drafts. Besides, SSL2 has a number of serious vulnerabilities, so we highly recommend you to use TLS1 protocol.

Please take a look at the the following link to read about differences between SSL versions:
http://www.eucybervote.org/Reports/MS...1.0-02.htm

Reply

Statistics

Topic viewed 4445 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!