Mantis Bugtracker
  

Viewing Issue Simple Details Jump to Notes ] View Advanced ] Issue History ] Print ]
ID Category Severity Reproducibility Date Submitted Last Update
0005682 [Resin] minor always 03-10-14 09:37 09-10-14 16:03
Reporter alex View Status public  
Assigned To ferg
Priority normal Resolution fixed  
Status closed   Product Version 4.0.38
Summary 0005682: unknown protocol value '-all +tlsv1.1'
Description rep by:

Sarah Gillespie


com.caucho.vfs.OpenSSLFactory.setProtocol(): unknown protocol value '-all +tlsv1.1'

I've tried tlsv1.1, tlsv1_1 and tlsv11, it seems that resin needs to explicitly allow the protocols, which would be tlsv1.1 and tlsv1.2.

In addition, and on a related subject, it would be really nice if resin supported the elliptical curve tlsv1.2 ciphers with your RPMs, I believe it would just require rebuilding your RPMs on a recent version of centos/redhat which have only had support for the elliptical curve ciphers since October:

https://bugzilla.redhat.com/show_bug.cgi?id=319901 [^]

This has been in centos/rhel since 6.5 (released December).


Right now we have an openssl which supports ECDH and ECDHE:

ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384
ECDHE-RSA-AES256-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1
ECDHE-ECDSA-AES256-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1

ECDH-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(256) Mac=AEAD
ECDH-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(256) Mac=AEAD
ECDH-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AES(256) Mac=SHA384
ECDH-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256) Mac=SHA384

And a cipher string that supports this:

AES128-SHA256:AES256
SHA256:EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:AES128-GCM-SHA256:AES256-GCM-SHA384:!3DES:!KRB5:!MD5:!EXP:!PSK:!SRP:!DSS:!eNULL:!aNULL

But the server is only using the non-elliptical curve key exchange mechanisms:

     Preferred Cipher Suite:
       AES128-SHA256 128 bits HTTP 200 OK

     Accepted Cipher Suite(s):
       AES256-SHA256 256 bits HTTP 200 OK
       AES256-GCM-SHA384 256 bits HTTP 200 OK
       AES128-SHA256 128 bits HTTP 200 OK
       AES128-GCM-SHA256 128 bits HTTP 200 OK
Additional Information
Attached Files

- Relationships

- Notes
(0006507)
ferg
09-10-14 16:03

network/040c
 

- Issue History
Date Modified Username Field Change
03-10-14 09:37 alex New Issue
09-10-14 16:03 ferg Note Added: 0006507
09-10-14 16:03 ferg Assigned To  => ferg
09-10-14 16:03 ferg Status new => closed
09-10-14 16:03 ferg Resolution open => fixed
09-10-14 16:03 ferg Fixed in Version  => 4.0.41


Mantis 1.0.0rc3[^]
Copyright © 2000 - 2005 Mantis Group
29 total queries executed.
26 unique queries executed.
Powered by Mantis Bugtracker