Hi,
Evernote windows client on Wine/OpenSSL 1.0.1/Ubuntu12.04/12.10 cannot connect its server. It is caused by server is only support TLS1.0/SSL3.0, but client ask TLS1.1/1.2 and then server returns that session is fails.
A wininet in Microsoft Windows7 implementation has a behavior to re-try by TLS1.0 after TLS1.2 fails and got FIN from server.
This patch enabled fall back mechanism to SSLv3/TLSv1.
It is also a response for Alexandre's suggestion.
How do you think whether we should implement similar way or not? If we adopt similar fall back mechanism, compatibility may become well, but is it good behavior?
If it's possible to implement some sort of automatic fall back, that would certainly be preferable.
-- Alexandre Julliard
Hiroshi
Hiroshi Miura (1): wininet: TLS fallback mechanism
dlls/wininet/netconnection.c | 163 ++++++++++++++++++++++++++++++++---------- 1 file changed, 124 insertions(+), 39 deletions(-)
Hiroshi Miura wrote:
Evernote windows client on Wine/OpenSSL 1.0.1/Ubuntu12.04/12.10 cannot connect its server. It is caused by server is only support TLS1.0/SSL3.0, but client ask TLS1.1/1.2 and then server returns that session is fails.
A wininet in Microsoft Windows7 implementation has a behavior to re-try by TLS1.0 after TLS1.2 fails and got FIN from server.
This patch enabled fall back mechanism to SSLv3/TLSv1.
Here is details of behavior when patched. Attached is a captured by 'ssldump -AH -i <interface>' when running https://gist.github.com/3949057 test program that makes binary by winemaker.
When original, connection is failed here.
1 0.2624 (0.1304) S>C TCP FIN
With fall back mechanism, wininet.dll try to connect again with
ClientHello Version 3.1
then success to connect.
----------------------------------- New TCP connection #1: miurahr-note.local(54342) <-> www.evernote.com(443) 1 1 0.1319 (0.1319) C>SV3.1(221) Handshake ClientHello Version 3.2 random[32]= 50 87 fb 25 93 f9 4d c6 f2 14 87 70 0a 9f 5b 37 b0 e2 ef 43 76 8c de 31 b9 a8 47 7e 74 6c 15 85 cipher suites Unknown value 0xc014 Unknown value 0xc00a Unknown value 0xc022 Unknown value 0xc021 TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_DSS_WITH_AES_256_CBC_SHA Unknown value 0x88 Unknown value 0x87 Unknown value 0xc00f Unknown value 0xc005 TLS_RSA_WITH_AES_256_CBC_SHA Unknown value 0x84 Unknown value 0xc012 Unknown value 0xc008 Unknown value 0xc01c Unknown value 0xc01b TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA Unknown value 0xc00d Unknown value 0xc003 TLS_RSA_WITH_3DES_EDE_CBC_SHA Unknown value 0xc013 Unknown value 0xc009 Unknown value 0xc01f Unknown value 0xc01e TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_DSS_WITH_AES_128_CBC_SHA Unknown value 0x9a Unknown value 0x99 Unknown value 0x45 Unknown value 0x44 Unknown value 0xc00e Unknown value 0xc004 TLS_RSA_WITH_AES_128_CBC_SHA Unknown value 0x96 Unknown value 0x41 Unknown value 0xc011 Unknown value 0xc007 Unknown value 0xc00c Unknown value 0xc002 TLS_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_RC4_128_MD5 TLS_DHE_RSA_WITH_DES_CBC_SHA TLS_DHE_DSS_WITH_DES_CBC_SHA TLS_RSA_WITH_DES_CBC_SHA TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA TLS_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 TLS_RSA_EXPORT_WITH_RC4_40_MD5 Unknown value 0xff compression methods unknown value NULL 1 0.2624 (0.1304) S>C TCP FIN 1 0.2625 (0.0000) C>S TCP FIN New TCP connection #2: miurahr-note.local(54343) <-> www.evernote.com(443) 2 1 0.1268 (0.1268) C>SV3.1(221) Handshake ClientHello Version 3.1 random[32]= 50 87 fb 25 65 48 ce a6 93 20 b4 d6 f6 d9 49 0d 7b db 7a 93 3c 89 32 4d 4d 15 bc f2 dd ef 26 79 cipher suites Unknown value 0xc014 Unknown value 0xc00a Unknown value 0xc022 Unknown value 0xc021 TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_DSS_WITH_AES_256_CBC_SHA Unknown value 0x88 Unknown value 0x87 Unknown value 0xc00f Unknown value 0xc005 TLS_RSA_WITH_AES_256_CBC_SHA Unknown value 0x84 Unknown value 0xc012 Unknown value 0xc008 Unknown value 0xc01c Unknown value 0xc01b TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA Unknown value 0xc00d Unknown value 0xc003 TLS_RSA_WITH_3DES_EDE_CBC_SHA Unknown value 0xc013 Unknown value 0xc009 Unknown value 0xc01f Unknown value 0xc01e TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_DSS_WITH_AES_128_CBC_SHA Unknown value 0x9a Unknown value 0x99 Unknown value 0x45 Unknown value 0x44 Unknown value 0xc00e Unknown value 0xc004 TLS_RSA_WITH_AES_128_CBC_SHA Unknown value 0x96 Unknown value 0x41 Unknown value 0xc011 Unknown value 0xc007 Unknown value 0xc00c Unknown value 0xc002 TLS_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_RC4_128_MD5 TLS_DHE_RSA_WITH_DES_CBC_SHA TLS_DHE_DSS_WITH_DES_CBC_SHA TLS_RSA_WITH_DES_CBC_SHA TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA TLS_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 TLS_RSA_EXPORT_WITH_RC4_40_MD5 Unknown value 0xff compression methods unknown value NULL 2 2 0.8834 (0.7566) S>CV3.1(74) Handshake ServerHello Version 3.1 random[32]= 50 87 fb 29 9f 05 e2 82 c0 97 fd a3 d7 0d bd 67 d2 a6 42 47 24 e5 d1 c0 d2 e3 42 d5 23 23 00 b0 session_id[32]= 50 87 fb 29 9f 05 e2 82 c0 97 fd a3 d7 0d bd 67 d2 a6 42 47 24 e5 d1 c0 d2 e3 42 d5 23 23 00 b0 cipherSuite TLS_RSA_WITH_AES_256_CBC_SHA compressionMethod NULL 2 3 1.0231 (0.1396) S>CV3.1(2953) Handshake Certificate certificate[1356]= 30 82 05 48 30 82 04 30 a0 03 02 01 02 02 10 5d a1 43 88 66 ca 05 04 e1 4f 00 b4 71 30 67 fe 30 <SNIP> cc a2 9a f1 6e e8 cf 8e d1 1a 3c 5e 19 c5 d7 9b 35 b0 02 23 24 e5 05 b8 d5 88 e3 e0 fa b9 f4 5f 2 4 1.0231 (0.0000) S>CV3.1(4) Handshake ServerHelloDone
-
Hiroshi Miura -
Hiroshi Miura(@osmf)