1 (edited by raysatiro 2015-01-02 22:21:28)

Topic: Can SSLv23_client_method ever allow SSLv2?

Background:

Hello I am working on an option for libcurl called CURL_SSLVERSION_SSLv3_OR_LATER. The option will allow legacy behavior to mimic the way CURL_SSLVERSION_DEFAULT used to work, before SSLv3 was disabled by default due to POODLE. In other words the option will attempt to enable SSLv3 protocol in the respective SSL library if possible. The idea is to give some of the old compatibility.

To implement the option in the code that interfaces with wolfSSL I set the request method via SSLv23_client_method and then later in the code if wolfSSL >= 3.3.0 I set the minimum protocol version to the least of SSLv3, TLSv1.0, TLSv1.1, TLSv1.2.

Questions:

If wolfSSL < 3.3.0 I figured that SSLv23_client_method would always give a minimum of SSLv3 without any other calls, and that's how I implemented it. One of the other developers has pointed out that "this patch seems to enable SSLv2 for the wolfSSL back-end when the new option is used." Is that possible in some version <3.3.0? The documentation I read (3.2.0) says SSL3 - TLS 1.2 but I don't know if for some earlier version you allowed SSLv2.

I would like to know how in versions <3.3.0 I can ensure a minimum version of SSLv3, or as close to it as possible. For example if SSLv3 was disabled in wolfSSL at compile time and truly the plumbing isn't there, then I would use TLSv1.0, and if that's disabled then TLSv1.1, and so on.

Also, is there any way at runtime to get the version of the wolfSSL library? I did check the documentation but I don't see it. I'm thinking about shared libraries and the possibility if libcurl is compiled with one version of wolfSSL but then at runtime some other wolfSSL is loaded (by mistake, an upgrade, etc).

Thanks

Share

Re: Can SSLv23_client_method ever allow SSLv2?

Hi Ray,

wolfSSL embedded SSL has never supported SSL 2.0.  It was considered insecure at the time we began writing wolfSSL as a project, thus left it out.

In <wolfSSL/version.h>, you can find the version of wolfSSL installed with either the LIBWOLFSSL_VERSION_STRING or LIBWOLFSSL_VERSION_HEX define.  For example in 3.3.0, version.h includes:

#define LIBWOLFSSL_VERSION_STRING "3.3.0"
#define LIBWOLFSSL_VERSION_HEX 0x03003000

Best Regards,
Chris

Re: Can SSLv23_client_method ever allow SSLv2?

chrisc wrote:

wolfSSL has never supported SSL 2.0.  It was considered insecure at the time we began writing wolfSSL as a project, thus left it out.

In <wolfSSL/version.h>, you can find the version of wolfSSL installed with either the LIBWOLFSSL_VERSION_STRING or LIBWOLFSSL_VERSION_HEX define.

Thanks Chris.

I notice 3.3.0 has dropped the SSLv2 hello, did you have that for SSLv3 since SSLv2 was never supported?

Is there any way to get the version at runtime instead of compile-time?

Share

Re: Can SSLv23_client_method ever allow SSLv2?

wolfSSL does support handling a SSL 2.0 Client Hello, to handle the situation where the connection can be upgraded to something >= SSL 3.0 during the SSL/TLS handshake.

This "Old Hello" processing was enabled by default in versions of wolfSSL prior to 3.3.0.  Starting with 3.3.0, we disabled this functionality at compile time by default.  To re-enable this functionality, you would need to define OLD_HELLO_ALLOWED when compiling wolfSSL.

Is there any way to get the version at runtime instead of compile-time?

Not at the moment, no.  Is this a feature that you need?

Thanks,
Chris

Re: Can SSLv23_client_method ever allow SSLv2?

chrisc wrote:

Is there any way to get the version at runtime instead of compile-time?

Not at the moment, no.  Is this a feature that you need?

I think it could be useful for when wolfSSL is a shared library to determine which version is loaded. There may be a time where the version that is compiled against is not the version that is loaded. Though I'd like it I don't think I need it. In the libcurl interface code for various SSL backends it looks to be standard practice that any SSL library version comparisons are done at compile-time not at runtime. Thanks again.

Share

Re: Can SSLv23_client_method ever allow SSLv2?

We added this to our desired feature list, but probably won't get to it until we finish our name change.  We're in the process of changing the "CyaSSL" product name to "wolfSSL".

Thanks,
Chris