[PATCH(0/1)] wininet: TLS fallback mechanism
Hiroshi Miura
miurahr at linux.com
Wed Oct 24 16:52:01 CDT 2012
Hiroshi Miura wrote:
> Evernote windows client on Wine/OpenSSL 1.0.1/Ubuntu12.04/12.10 cannot connect
> its server.
> It is caused by server is only support TLS1.0/SSL3.0,
> but client ask TLS1.1/1.2 and then server returns that session is fails.
>
> A wininet in Microsoft Windows7 implementation has a behavior
> to re-try by TLS1.0 after TLS1.2 fails and got FIN from server.
>
> This patch enabled fall back mechanism to SSLv3/TLSv1.
>
Here is details of behavior when patched.
Attached is a captured by 'ssldump -AH -i <interface>' when running
https://gist.github.com/3949057
test program that makes binary by winemaker.
When original, connection is failed here.
> 1 0.2624 (0.1304) S>C TCP FIN
With fall back mechanism, wininet.dll try to connect again with
> ClientHello
> Version 3.1
then success to connect.
-----------------------------------
New TCP connection #1: miurahr-note.local(54342) <-> www.evernote.com(443)
1 1 0.1319 (0.1319) C>SV3.1(221) Handshake
ClientHello
Version 3.2
random[32]=
50 87 fb 25 93 f9 4d c6 f2 14 87 70 0a 9f 5b 37
b0 e2 ef 43 76 8c de 31 b9 a8 47 7e 74 6c 15 85
cipher suites
Unknown value 0xc014
Unknown value 0xc00a
Unknown value 0xc022
Unknown value 0xc021
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Unknown value 0x88
Unknown value 0x87
Unknown value 0xc00f
Unknown value 0xc005
TLS_RSA_WITH_AES_256_CBC_SHA
Unknown value 0x84
Unknown value 0xc012
Unknown value 0xc008
Unknown value 0xc01c
Unknown value 0xc01b
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
Unknown value 0xc00d
Unknown value 0xc003
TLS_RSA_WITH_3DES_EDE_CBC_SHA
Unknown value 0xc013
Unknown value 0xc009
Unknown value 0xc01f
Unknown value 0xc01e
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
Unknown value 0x9a
Unknown value 0x99
Unknown value 0x45
Unknown value 0x44
Unknown value 0xc00e
Unknown value 0xc004
TLS_RSA_WITH_AES_128_CBC_SHA
Unknown value 0x96
Unknown value 0x41
Unknown value 0xc011
Unknown value 0xc007
Unknown value 0xc00c
Unknown value 0xc002
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_MD5
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_DSS_WITH_DES_CBC_SHA
TLS_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
TLS_RSA_EXPORT_WITH_RC4_40_MD5
Unknown value 0xff
compression methods
unknown value
NULL
1 0.2624 (0.1304) S>C TCP FIN
1 0.2625 (0.0000) C>S TCP FIN
New TCP connection #2: miurahr-note.local(54343) <-> www.evernote.com(443)
2 1 0.1268 (0.1268) C>SV3.1(221) Handshake
ClientHello
Version 3.1
random[32]=
50 87 fb 25 65 48 ce a6 93 20 b4 d6 f6 d9 49 0d
7b db 7a 93 3c 89 32 4d 4d 15 bc f2 dd ef 26 79
cipher suites
Unknown value 0xc014
Unknown value 0xc00a
Unknown value 0xc022
Unknown value 0xc021
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Unknown value 0x88
Unknown value 0x87
Unknown value 0xc00f
Unknown value 0xc005
TLS_RSA_WITH_AES_256_CBC_SHA
Unknown value 0x84
Unknown value 0xc012
Unknown value 0xc008
Unknown value 0xc01c
Unknown value 0xc01b
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
Unknown value 0xc00d
Unknown value 0xc003
TLS_RSA_WITH_3DES_EDE_CBC_SHA
Unknown value 0xc013
Unknown value 0xc009
Unknown value 0xc01f
Unknown value 0xc01e
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
Unknown value 0x9a
Unknown value 0x99
Unknown value 0x45
Unknown value 0x44
Unknown value 0xc00e
Unknown value 0xc004
TLS_RSA_WITH_AES_128_CBC_SHA
Unknown value 0x96
Unknown value 0x41
Unknown value 0xc011
Unknown value 0xc007
Unknown value 0xc00c
Unknown value 0xc002
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_MD5
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_DSS_WITH_DES_CBC_SHA
TLS_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
TLS_RSA_EXPORT_WITH_RC4_40_MD5
Unknown value 0xff
compression methods
unknown value
NULL
2 2 0.8834 (0.7566) S>CV3.1(74) Handshake
ServerHello
Version 3.1
random[32]=
50 87 fb 29 9f 05 e2 82 c0 97 fd a3 d7 0d bd 67
d2 a6 42 47 24 e5 d1 c0 d2 e3 42 d5 23 23 00 b0
session_id[32]=
50 87 fb 29 9f 05 e2 82 c0 97 fd a3 d7 0d bd 67
d2 a6 42 47 24 e5 d1 c0 d2 e3 42 d5 23 23 00 b0
cipherSuite TLS_RSA_WITH_AES_256_CBC_SHA
compressionMethod NULL
2 3 1.0231 (0.1396) S>CV3.1(2953) Handshake
Certificate
certificate[1356]=
30 82 05 48 30 82 04 30 a0 03 02 01 02 02 10 5d
a1 43 88 66 ca 05 04 e1 4f 00 b4 71 30 67 fe 30
<SNIP>
cc a2 9a f1 6e e8 cf 8e d1 1a 3c 5e 19 c5 d7 9b
35 b0 02 23 24 e5 05 b8 d5 88 e3 e0 fa b9 f4 5f
2 4 1.0231 (0.0000) S>CV3.1(4) Handshake
ServerHelloDone
More information about the wine-devel
mailing list