Skip navigation
5315 Views 10 Replies Latest reply: Dec 3, 2012 1:13 AM by Ivan Ristic RSS
Palatinux Palatinux Level 1 6 posts since
Apr 28, 2012
Currently Being Moderated

Apr 28, 2012 5:26 AM

The Qualys SSL check can't handle > SSLv3 handshake

While testing our website https://www.fortresslinux.org, we got a "Assessment failed: Received fatal alert: handshake_failure".

 

It's obvious that your are using OpenSSL on your servers to test other https websites because it always tries to do a SSLv3 handshake by default. (Most) up-to-date browsers can negoiate with our https website though we have disabled SSLv3 support where possible.

 

We use our own modified and hardened versions of GNUTLS, OpenSSL, PolarSSL, NSS etc. on our servers. Is there any other way to test our website here?

  • Ivan Ristic Level 5 509 posts since
    Jul 23, 2010

    The problem is not with OpenSSL, but with JSSE (Java's SSL stack). We use JSSE for the initial request. If that request fails, we do not proceed further. There is a small number of sites, like yours, where we get the handshake_failure message, and it's an JSSE interoperability issue. Because JSSE supports TLS 1.0 we can assess servers that do not support SSL v3. I suspect the problem is somewhere else.

     

    If you have a better idea of the problem, please forward me the details. If not, I will proceed to investigate and fix the problem.

     

    Edit: Maybe you meant SSL v2 handshake?

      • Ivan Ristic Level 5 509 posts since
        Jul 23, 2010

        As far as I can tell, the issue is that there are no common cipher suites in the initial handshake. I see that you support Camellia, but do you support any other cipher suites? I've noticed that your site does not work in Internet Explorer, for example.

         

        There may be another issue, which is making my troubleshooting more difficult. When I test for cipher suite support in bulk, I can't even negotiate Camellia. Rate limiting? Because of it I cannot easily inspect your server to determine which cipher suites are supported.

         

        Edit: Ah, no; I forgot to enable full protocol testing. I can see you supporting:

         

        TLS_RSA_WITH_AES_256_CBC_SHA256

        TLS_RSA_WITH_CAMELLIA_256_CBC_SHA

        TLS_RSA_WITH_AES_256_GCM_SHA384

         

        Is that correct?

    • Ivan Ristic Level 5 509 posts since
      Jul 23, 2010

      Palatinux,

       

      I just wanted to let you know that today we deployed our first 1.1.x release (beta), which supports your web site. We're monitoring the operation to determine if there are still issues that need ironing out.

        • Ivan Ristic Level 5 509 posts since
          Jul 23, 2010

          Palatinux,

           

          I will be happy to troubleshoot any issues if you can provide a server where we fail.

           

          Thanks for your help so far.

            • Ivan Ristic Level 5 509 posts since
              Jul 23, 2010

              Palatinux,

               

              Can you be more specific about what's missing? At the moment, the test currently lists your server as supporting 0xc030, which is TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384. We test for all suites specified in RFC 5289. If you support a suite that we're not detecting them, please send me a PCAP of one successful handshake and I will investigate.

               

              I expect that we will be updating the rating guide early next year. Generally speaking, we expect to go deeper and incentivise security quality. I don't know the details yet.

               

              As for CA support for better signature algorithms -- I have never come across such a certificate.

               

              Thanks.

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 6 points