Debian Bug report logs - #438137
gnutls-bin: Bad record MAC with a Nokia E90

version graph

Package: gnutls-bin; Maintainer for gnutls-bin is Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>; Source for gnutls-bin is src:gnutls28.

Reported by: Marc Haber <mh+debian-bugs@zugschlus.de>

Date: Wed, 15 Aug 2007 15:24:02 UTC

Severity: normal

Tags: upstream, wontfix

Found in version gnutls13/1.6.3-1

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>:
Bug#438137; Package gnutls-bin. Full text and rfc822 format available.

Acknowledgement sent to Marc Haber <mh+debian-bugs@zugschlus.de>:
New Bug report received and forwarded. Copy sent to Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Marc Haber <mh+debian-bugs@zugschlus.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: gnutls-bin: Bad record MAC with a Nokia E90
Date: Wed, 15 Aug 2007 17:22:22 +0200
[Message part 1 (text/plain, inline)]
Package: gnutls-bin
Version: 1.6.3-1
Severity: normal

Hi,

when a Nokia E90 connects to a gnutls-cli, then connection is not
established and aborts with "Bad record MAC". Full debug output
attached.

Greetings
Marc

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.22.2-zgsrv (SMP w/1 CPU core; PREEMPT)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages gnutls-bin depends on:
ii  libc6                         2.6.1-1    GNU C Library: Shared libraries
ii  libgcrypt11                   1.2.4-2    LGPL Crypto library - runtime libr
ii  libgnutls13                   1.6.3-1    the GNU TLS library - runtime libr
ii  libgpg-error0                 1.4-2      library for common error values an
ii  libopencdk8                   0.5.13-2   Open Crypto Development Kit (OpenC
ii  libtasn1-3                    0.3.10-1   Manage ASN.1 structures (runtime)

gnutls-bin recommends no packages.

-- no debconf information
[output.gnutls (text/x-pascal, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>:
Bug#438137; Package gnutls-bin. Full text and rfc822 format available.

Acknowledgement sent to Andreas Metzler <ametzler@downhill.at.eu.org>:
Extra info received and forwarded to list. Copy sent to Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #10 received at 438137@bugs.debian.org (full text, mbox):

From: Andreas Metzler <ametzler@downhill.at.eu.org>
To: Marc Haber <mh+debian-bugs@zugschlus.de>, 438137@bugs.debian.org
Subject: Re: Bug#438137: gnutls-bin: Bad record MAC with a Nokia E90
Date: Wed, 15 Aug 2007 17:43:07 +0200
On 2007-08-15 Marc Haber <mh+debian-bugs@zugschlus.de> wrote:
> Package: gnutls-bin
> Version: 1.6.3-1
> Severity: normal

> Hi,

> when a Nokia E90 connects to a gnutls-cli, then connection is not
> established and aborts with "Bad record MAC".

Nokia E90 onnecting to gnutls-*serv*, I assume.

> Full debug output
> attached.
[...]

Can you verify this with libgnutls13 and gnutls-bin from experimental
(1.7.16-1)?

thanks, cu andreas

-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'



Information forwarded to debian-bugs-dist@lists.debian.org, Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>:
Bug#438137; Package gnutls-bin. Full text and rfc822 format available.

Acknowledgement sent to Marc Haber <mh+debian-bugs@zugschlus.de>:
Extra info received and forwarded to list. Copy sent to Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #15 received at 438137@bugs.debian.org (full text, mbox):

From: Marc Haber <mh+debian-bugs@zugschlus.de>
To: Andreas Metzler <ametzler@downhill.at.eu.org>
Cc: 438137@bugs.debian.org
Subject: Re: Bug#438137: gnutls-bin: Bad record MAC with a Nokia E90
Date: Wed, 15 Aug 2007 17:57:09 +0200
[Message part 1 (text/plain, inline)]
On Wed, Aug 15, 2007 at 05:43:07PM +0200, Andreas Metzler wrote:
> On 2007-08-15 Marc Haber <mh+debian-bugs@zugschlus.de> wrote:
> > Package: gnutls-bin
> > Version: 1.6.3-1
> > Severity: normal
> 
> > Hi,
> 
> > when a Nokia E90 connects to a gnutls-cli, then connection is not
> > established and aborts with "Bad record MAC".
> 
> Nokia E90 onnecting to gnutls-*serv*, I assume.

Of course. Sorry.

> > Full debug output
> > attached.
> [...]
> 
> Can you verify this with libgnutls13 and gnutls-bin from experimental
> (1.7.16-1)?

Same error, output attached.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 3221 2323190
[output.gnutls (text/plain, attachment)]

Noted your statement that Bug has been forwarded to http://news.gmane.org/find-root.php?message_id=%3c20070815162651.GB3741%40downhill.g.la%3e. Request was from Andreas Metzler <ametzler@debian.org> to control@bugs.debian.org. (Wed, 15 Aug 2007 16:45:06 GMT) Full text and rfc822 format available.

Message sent on to Marc Haber <mh+debian-bugs@zugschlus.de>:
Bug#438137. Full text and rfc822 format available.

Message #20 received at 438137-submitter@bugs.debian.org (full text, mbox):

From: Andreas Metzler <ametzler@downhill.at.eu.org>
To: 438137-submitter@bugs.debian.org
Subject: [nmav@gnutls.org: Re: [gnutls-dev] Bad record MAC with a Nokia E90]
Date: Sun, 19 Aug 2007 08:38:42 +0200
----- Forwarded message from Nikos Mavrogiannopoulos <nmav@gnutls.org> -----

From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
To: gnutls-dev@gnupg.org
Date: Sun, 19 Aug 2007 02:12:56 +0300
Cc: Andreas Metzler <ametzler@downhill.at.eu.org>
Message-Id: <200708190212.56856.nmav@gnutls.org>

On Wednesday 15 August 2007, Andreas Metzler wrote:
> Hello,
> this is http://bugs.debian.org/438137 submitted by Marc Haber for
> gnutls 1.7.16:

> When a Nokia E90 connects to a gnutls-serv, then connection is not
> established and it aborts with "Bad record MAC".
> [...]

> gnutls-serv output is attached an Marc will surely be available to add
> additional info if necessary.

I glimpsed on the trace and saw that it selects this ciphersuite:
<3>| HSK[8077a48]: Selected cipher suite: RSA_AES_256_CBC_SHA1

Something that might help in debugging without much fuss, would be
to test handshake by enabling other ciphersuites.
That would be for gnutls-serv to only enable:
a. key exchage: DHE-RSA  cipher: 3DES
b. key exchange: DHE-RSA cipher: AES_256_CBC
c. key exchange: RSA cipher ARCFOUR

and return the traces if possible.

best regards,
Nikos

----- End forwarded message -----



Information forwarded to debian-bugs-dist@lists.debian.org, Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>:
Bug#438137; Package gnutls-bin. Full text and rfc822 format available.

Acknowledgement sent to Marc Haber <mh+debian-packages@zugschlus.de>:
Extra info received and forwarded to list. Copy sent to Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #25 received at 438137@bugs.debian.org (full text, mbox):

From: Marc Haber <mh+debian-packages@zugschlus.de>
To: Andreas Metzler <ametzler@downhill.at.eu.org>, 438137@bugs.debian.org
Cc: Marc Haber <mh+debian-packages@zugschlus.de>
Subject: Re: Bug#438137: [nmav@gnutls.org: Re: [gnutls-dev] Bad record MAC with a Nokia E90]
Date: Tue, 4 Sep 2007 13:02:20 +0200
[Message part 1 (text/plain, inline)]
On Sun, Aug 19, 2007 at 08:38:42AM +0200, Andreas Metzler wrote:
> Something that might help in debugging without much fuss, would be
> to test handshake by enabling other ciphersuites.
> That would be for gnutls-serv to only enable:
> a. key exchage: DHE-RSA  cipher: 3DES
> b. key exchange: DHE-RSA cipher: AES_256_CBC
> c. key exchange: RSA cipher ARCFOUR
> 
> and return the traces if possible.

I have done these three tests (and a fourth against a gnutls-serv with
no restrictions for kx and cipher), and have attached the traces.

Version of gnutls-bin and libgnutls13 is 1.7.19-1.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835
[output.gnutls-default (text/plain, attachment)]
[output.gnutls-rsa-arcfour (text/plain, attachment)]
[output.gnutls-dhe-rsa-aes-256-cbc (text/plain, attachment)]
[output.gnutls-dhe-rsa-3des (text/plain, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>:
Bug#438137; Package gnutls-bin. Full text and rfc822 format available.

Acknowledgement sent to Hanno 'Rince' Wagner <wagner@rince.de>:
Extra info received and forwarded to list. Copy sent to Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #30 received at 438137@bugs.debian.org (full text, mbox):

From: Hanno 'Rince' Wagner <wagner@rince.de>
To: 438137@bugs.debian.org
Subject: anything new?
Date: Fri, 14 Sep 2007 10:56:29 +0200
Hi,

since I'd like to use my Nokia E90 I wanted to know wether you see a
way to help me with that gnutls-behaviour? Is there a way to solve
that problem with gnutls-possibilities?

Ciao, Hanno
-- 
|  Hanno Wagner  | Member of the HTML Writers Guild  | Rince@IRC      |
| Eine gewerbliche Nutzung meiner Email-Adressen ist nicht gestattet! |
| 74 a3 53 cc 0b 19 - we did it!          |    Generation @           |
"Love is the one game you loose by refusing to play"
					Dame Edna in Ally McBeal




Information forwarded to debian-bugs-dist@lists.debian.org, Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>:
Bug#438137; Package gnutls-bin. Full text and rfc822 format available.

Acknowledgement sent to Nikos Mavrogiannopoulos <nmav@gnutls.org>:
Extra info received and forwarded to list. Copy sent to Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #35 received at 438137@bugs.debian.org (full text, mbox):

From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
To: 438137@bugs.debian.org
Cc: mh+debian-packages@zugschlus.de, ametzler@downhill.at.eu.org
Subject: gnutls
Date: Mon, 22 Oct 2007 13:42:14 +0300
On Sun, Aug 19, 2007 at 08:38:42AM +0200, Andreas Metzler wrote:
> > Something that might help in debugging without much fuss, would be
> > to test handshake by enabling other ciphersuites.
> > That would be for gnutls-serv to only enable:
> > a. key exchage: DHE-RSA  cipher: 3DES
> > b. key exchange: DHE-RSA cipher: AES_256_CBC
> > c. key exchange: RSA cipher ARCFOUR
> > 
> > and return the traces if possible.

> I have done these three tests (and a fourth against a gnutls-serv with
> no restrictions for kx and cipher), and have attached the traces.

> Version of gnutls-bin and libgnutls13 is 1.7.19-1.

I have no clue what this could be. I only posses a Sony-Ericsson W810 which 
connects to my test gnutls server just fine, so I cannot reproduce or test 
it. If you could find a combination of ciphers, protocols, macs that work 
with these phones, I'd like to see the trace as well. However since I'm 
unable to reproduce I don't expect much.

regards,
Nikos




Information forwarded to debian-bugs-dist@lists.debian.org, Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>:
Bug#438137; Package gnutls-bin. Full text and rfc822 format available.

Acknowledgement sent to wagner@rince.de:
Extra info received and forwarded to list. Copy sent to Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #40 received at 438137@bugs.debian.org (full text, mbox):

From: Hanno Wagner <wagner@rince.de>
To: Nikos Mavrogiannopoulos <nmav@gnutls.org>, 438137@bugs.debian.org
Cc: mh+debian-packages@zugschlus.de, ametzler@downhill.at.eu.org
Subject: Re: Bug#438137: gnutls
Date: Mon, 22 Oct 2007 13:02:42 +0200
Hi,

Nikos Mavrogiannopoulos schrieb:
> I have no clue what this could be. I only posses a Sony-Ericsson W810 which 
> connects to my test gnutls server just fine, so I cannot reproduce or test 
> it. If you could find a combination of ciphers, protocols, macs that work 
> with these phones, I'd like to see the trace as well. However since I'm 
> unable to reproduce I don't expect much.
>   
If you want to, I can connect with my E90 against your testserver.  I
just need the address (and port, if not standard) so we could test that.

Ciao, Hanno
-- 
|  Hanno Wagner  | Member of the HTML Writers Guild  | Rince@IRC      |
| Eine gewerbliche Nutzung meiner Email-Adressen ist nicht gestattet! |
| 74 a3 53 cc 0b 19 - we did it!          |    Generation @           |
Fachbegriffe der Informatik : C
->  Eine Programmiersprache, bei der die Überprüfung, ob eine
Zeichenfolge ein
    gültiges Programm darstellt, äquivalent zum Halteproblem ist.
Florian Weimer






Information forwarded to debian-bugs-dist@lists.debian.org, Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>:
Bug#438137; Package gnutls-bin. Full text and rfc822 format available.

Acknowledgement sent to Nikos Mavrogiannopoulos <nmav@gnutls.org>:
Extra info received and forwarded to list. Copy sent to Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #45 received at 438137@bugs.debian.org (full text, mbox):

From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
To: 438137@bugs.debian.org, gnutls-dev@gnupg.org
Cc: mh+debian-packages@zugschlus.de, ametzler@downhill.at.eu.org
Subject: Re: gnutls
Date: Mon, 22 Oct 2007 23:47:43 +0300
On Monday 22 October 2007, Nikos Mavrogiannopoulos wrote:
> On Sun, Aug 19, 2007 at 08:38:42AM +0200, Andreas Metzler wrote:
> > > Something that might help in debugging without much fuss, would be
> > > to test handshake by enabling other ciphersuites.
> > > That would be for gnutls-serv to only enable:
> > > a. key exchage: DHE-RSA  cipher: 3DES
> > > b. key exchange: DHE-RSA cipher: AES_256_CBC
> > > c. key exchange: RSA cipher ARCFOUR
> > > and return the traces if possible.
> > I have done these three tests (and a fourth against a gnutls-serv with
> > no restrictions for kx and cipher), and have attached the traces.
> > Version of gnutls-bin and libgnutls13 is 1.7.19-1.
> I have no clue what this could be. I only posses a Sony-Ericsson W810 which
> connects to my test gnutls server just fine, so I cannot reproduce or test
> it. If you could find a combination of ciphers, protocols, macs that work
> with these phones, I'd like to see the trace as well. However since I'm
> unable to reproduce I don't expect much.

Ok it seems that with the help of Hanno Wagner I managed to debug this issue.
These clients fail to understand TLS 1.0 record packets with a padding added. 
This only occurs when using non stream ciphers (i.e. not arcfour) and does 
not occur when using SSL 3.0 which does not allow such padding. So one point 
is for users of these devices to report that as bug.

However a fix in gnutls is not easy to do. If we disable the random padding in 
TLS 1.0 we do disable a nice feature of TLS that protects against statistical 
attacks. Thus I'd be against such a fix.

A solution for the clients would be to only allow SSL 3.0 (if they can 
configure it).

What I can do within gnutls is to add a function to disable this protection 
and servers that require maximum compatibility could use it.

regards,
Nikos




Information forwarded to debian-bugs-dist@lists.debian.org, Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>:
Bug#438137; Package gnutls-bin. Full text and rfc822 format available.

Acknowledgement sent to Simon Josefsson <simon@josefsson.org>:
Extra info received and forwarded to list. Copy sent to Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #50 received at 438137@bugs.debian.org (full text, mbox):

From: Simon Josefsson <simon@josefsson.org>
To: Marc Haber <mh+debian-bugs@zugschlus.de>
Cc: 438137@bugs.debian.org
Subject: Nokia E90 problem
Date: Mon, 04 Feb 2008 12:03:19 +0100
I believe we have identified that the problem in this bug is the MAC
padding.  We brought this up on the IETF TLS list:

http://thread.gmane.org/gmane.ietf.tls/3079

Pasi forwarded this to the Symbian TLS team, and my understanding is
that it is a known bug with the Symbian TLS implementation.

GnuTLS won't change the default to cater with broken implementations, at
least not without more justification that it is a widespread problem.  I
think this bug can be resolved as 'wontfix'.

Further, GnuTLS 2.2+ provides a mechanism to work around bugs in
implementations.  You should be able to connect the Nokia E90 to
gnutls-serv if you start it as:

$ gnutls-serv --priority "NORMAL:%COMPAT"

Applications can use the following functions to implement similar
behaviour:

  int gnutls_priority_init( gnutls_priority_t*, const char *priority, const char** err_pos);
  void gnutls_priority_deinit( gnutls_priority_t);
  
  int gnutls_priority_set(gnutls_session_t session, gnutls_priority_t);
  int gnutls_priority_set_direct(gnutls_session_t session, const char *priority, const char** err_pos);

I recommend that applications offer a way to set the GnuTLS priority
string in a configuration file, and to default it to 'NORMAL'.  It is
extra good if the application allows users to set the GnuTLS priority on
a per-IP basis, so that administrators doesn't have to decrease security
to cater for a few broken devices.

Given this, I think gnutls has done what it can about this bug, and it
might be appropriate to even close it, rather than leaving it in
wontfix.

Is there anything more we can do about this bug?  Suggestions are most
welcome.

/Simon




Information forwarded to debian-bugs-dist@lists.debian.org, Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>:
Bug#438137; Package gnutls-bin. Full text and rfc822 format available.

Acknowledgement sent to Simon Josefsson <simon@josefsson.org>:
Extra info received and forwarded to list. Copy sent to Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #55 received at 438137@bugs.debian.org (full text, mbox):

From: Simon Josefsson <simon@josefsson.org>
To: 438137@bugs.debian.org
Subject: Tagging as wontfix
Date: Tue, 05 Feb 2008 09:27:55 +0100
tag 438137 wontfix
thanks

I'm tagging this bug as wontfix because I don't see us doing much more
about it.  The problem appears to be well understood now.  We decided
not to change the implementation's default behaviour.  We offer
workarounds for the bug for applications, and the problem and
workarounds are discussed in the GnuTLS manual [1].

If there is anything more we could do here, feel free to raise it in
this bug.  (I'm assuming wontfix bugs aren't archived?)

Thanks,
/Simon

[1] http://www.gnu.org/software/gnutls/manual/html_node/On-Record-Padding.html




Tags added: wontfix Request was from Simon Josefsson <simon@josefsson.org> to control@bugs.debian.org. (Tue, 05 Feb 2008 08:30:03 GMT) Full text and rfc822 format available.

Tags added: upstream Request was from Simon Josefsson <simon@josefsson.org> to control@bugs.debian.org. (Fri, 16 May 2008 09:21:08 GMT) Full text and rfc822 format available.

Removed annotation that Bug had been forwarded to http://news.gmane.org/find-root.php?message_id=%3c20070815162651.GB3741%40downhill.g.la%3e. Request was from Simon Josefsson <simon@josefsson.org> to control@bugs.debian.org. (Wed, 22 Jul 2009 21:48:05 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 15:30:50 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.