6

After updating to Mozilla Firefox 38, we could see "Secure connection failed" message on a few HTTPS website.

If we put the websites on exclude list with "security.tls.insecure_fallback_hosts" - then we can see that it can connect via TLSv1.2 ( using https://addons.mozilla.org/en-us/firefox/addon/calomel-ssl-validation/ )

We are suspecting that the problem with the servers are because of TLS version intolerance.

Question: Are there any scripts, solutions to test a given webserver on given port that it has TLS version intolerance or not? The servers aren't publicly on the internet.

LoukiosValentine79
  • 1,499

2 Answers2

2

You can use the OpenSSL command line tool for testing, e.g. as a starting point:

$ openssl s_client -connect example.com:443 -verify 1 -tls1_2

Where:

-tls1_2 - just use TLSv1.2

The help (openssl s_client -h or man s_client) describes many other options - you can e.g. specifiy a ciphers-list - also something a restrictive/modern client/server may explicitly set and which thus might yield failed connections - especially when connecting to/from an old server/client.

An example that shows the different outcomes:

$ echo | openssl s_client -verify 1  -connect www.cebitec.uni-bielefeld.de:443
[..]
verify return:1
[..]
SSL-Session:
  Protocol  : TLSv1
  Cipher    : AES128-SHA
  Session-ID: [non-empty]
[..]
---
DONE
$ echo $?
0

This was without enforcing a minimal version, now with TLS 1.2 requirement:

$ echo \
  | openssl s_client -verify 1 -tls1_2 -connect www.cebitec.uni-bielefeld.de:443
[..]
[..]:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:347:
--
no peer certificate available
[..]
SSL-Session:
  Protocol  : TLSv1.2
  Cipher    : 0000
  Session-ID: 
  Session-ID-ctx: 
  Master-Key:
[..]
---
$ echo $?
1

Meaning that the server does not support TLS 1.2.

Probably because it uses an quite old version of openssl.

maxschlepzig
  • 57,532
2

If the site were on the internet, https://www.ssllabs.com/ssltest/ is a great tool for debugging these issues.

maxschlepzig's answer will test for intolerance specifically but I've seen stuff fail for a multitude of different reasons including most recently weak Diffie-Hellman keys, your distro may have upgraded NSS or OpenSSL so it will refuse <= 768 bit keys. In the past I've seen stuff fail because of a big ClientHello, not sharing any cipher in common, etc.

For debugging SSL/TLS problems in general cipherscan is great but it can't test for intolerance yet. Another useful tool is sslscan.

Mark McKinstry
  • 15,393