ECDHE Support? TLS error: no TLS ciphersuites in common

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
fmf
OpenVpn Newbie
Posts: 9
Joined: Fri Jan 03, 2014 1:07 pm

ECDHE Support? TLS error: no TLS ciphersuites in common

Post by fmf » Tue Jan 09, 2018 8:41 pm

I have a separete Openvpn server for my windows clients so far, which run over secp521r1 ellicpic curves. I was happy to hear that the new OpenVPN Connect Version for iOS had mbedTLS updated to 2.6.0 (according to Changelog), that support elliptic curves as well. Using the same config as for my windows clients doesn't work though. The server runs on a Turris omnia device with OpenVPN 2.4.4 and OpenSSL 1.0.2m.

Configs look as follows:

Server:

Code: Select all

port 101
proto udp
dev tun2
auth-user-pass-verify /etc/openvpn/server1/auth.sh via-env
server 10.2.5.0 255.255.255.0
topology subnet
client-to-client
username-as-common-name
push "route 10.0.0.0 255.240.0.0"
push "dhcp-option DNS 10.2.5.1"
push "dhcp-option DOMAIN heim.netz"
duplicate-cn
ca   /etc/openvpn/easy_rsa_elliptic/easy-rsa/easyrsa3/pki/ca.crt
cert /etc/openvpn/easy_rsa_elliptic/easy-rsa/easyrsa3/pki/issued/rwserver.crt
key  /etc/openvpn/easy_rsa_elliptic/easy-rsa/easyrsa3/pki/private/rwserver.key
dh   none
keepalive 10 60
ping-timer-rem
persist-key
persist-tun
script-security 3
status /tmp/server2.ovpn
verb 3
mssfix 1300
ncp-ciphers AES-128-GCM
tls-version-min 1.2
Client:

Code: Select all

client
dev tun
remote XXXX 101 udp
server-poll-timeout 4
auth-user-pass
redirect-gateway def1
remote-cert-tls server
auth-retry interact
resolv-retry infinite
persist-key
persist-tun
verb 3
tls-version-min 1.2
<ca>
-----BEGIN CERTIFICATE-----
XXX
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
XXX
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
XXX
-----END PRIVATE KEY-----
</key>
Connection does not work, log file on iOS device:

Code: Select all

2018-01-09 19:37:07 ----- OpenVPN Start -----
OpenVPN core 3.1.2 ios arm64 64-bit built on Jan  5 2018 23:09:59
2018-01-09 19:37:07 Frame=512/2048/512 mssfix-ctrl=1250
2018-01-09 19:37:07 UNUSED OPTIONS
10 [verify-x509-name] [rwserver] [name]
11 [auth-retry] [interact]
12 [resolv-retry] [infinite]
13 [persist-key]
14 [persist-tun]
15 [verb] [3]
 
2018-01-09 19:37:07 EVENT: RESOLVE
2018-01-09 19:37:07 Contacting [85.195.251.181]:101/UDP via UDP
2018-01-09 19:37:07 EVENT: WAIT
2018-01-09 19:37:07 Connecting to [onion.4flex.info]:101 (85.195.251.181) via UDPv4
2018-01-09 19:37:07 EVENT: CONNECTING
2018-01-09 19:37:07 mbed TLS[ssl_tls.c:6557 2]: => handshake
2018-01-09 19:37:07 mbed TLS[ssl_cli.c:3363 2]: client state: 0
2018-01-09 19:37:07 mbed TLS[ssl_tls.c:2416 2]: => flush output
2018-01-09 19:37:07 mbed TLS[ssl_tls.c:2428 2]: <= flush output
2018-01-09 19:37:07 mbed TLS[ssl_cli.c:3363 2]: client state: 1
2018-01-09 19:37:07 mbed TLS[ssl_tls.c:2416 2]: => flush output
2018-01-09 19:37:07 mbed TLS[ssl_tls.c:2428 2]: <= flush output
2018-01-09 19:37:07 mbed TLS[ssl_cli.c:719 2]: => write client hello
2018-01-09 19:37:07 mbed TLS[ssl_cli.c:757 3]: client hello, max version: [3:3]
2018-01-09 19:37:07 mbed TLS[ssl_cli.c:695 3]: client hello, current time: 1515523027
2018-01-09 19:37:07 mbed TLS[ssl_cli.c:766 3]: dumping 'client hello, random bytes' (32 bytes)
2018-01-09 19:37:07 mbed TLS[ssl_cli.c:766 3]: 0000:  5a 55 0b d3 f1 dc 1c cb a4 0a 66 d8 e2 ef 6b 63  ZU........f...kc
2018-01-09 19:37:07 mbed TLS[ssl_cli.c:766 3]: 0010:  1f a2 7a 0a 66 2d ef d2 3b 94 79 5e 25 37 47 f7  ..z.f-..;.y^%7G.
2018-01-09 19:37:07 mbed TLS[ssl_cli.c:819 3]: client hello, session id len.: 0
2018-01-09 19:37:07 mbed TLS[ssl_cli.c:820 3]: dumping 'client hello, session id' (0 bytes)
2018-01-09 19:37:07 mbed TLS[ssl_cli.c:887 3]: client hello, add ciphersuite: c030
2018-01-09 19:37:07 mbed TLS[ssl_cli.c:887 3]: client hello, add ciphersuite: 009f
2018-01-09 19:37:07 mbed TLS[ssl_cli.c:887 3]: client hello, add ciphersuite: c028
2018-01-09 19:37:07 mbed TLS[ssl_cli.c:887 3]: client hello, add ciphersuite: 006b
2018-01-09 19:37:07 mbed TLS[ssl_cli.c:887 3]: client hello, add ciphersuite: c02f
2018-01-09 19:37:07 mbed TLS[ssl_cli.c:887 3]: client hello, add ciphersuite: 009e
2018-01-09 19:37:07 mbed TLS[ssl_cli.c:887 3]: client hello, add ciphersuite: c027
2018-01-09 19:37:07 mbed TLS[ssl_cli.c:887 3]: client hello, add ciphersuite: 0067
2018-01-09 19:37:07 mbed TLS[ssl_cli.c:887 3]: client hello, add ciphersuite: c012
2018-01-09 19:37:07 mbed TLS[ssl_cli.c:887 3]: client hello, add ciphersuite: 0016
2018-01-09 19:37:07 mbed TLS[ssl_cli.c:887 3]: client hello, add ciphersuite: 009d
2018-01-09 19:37:07 mbed TLS[ssl_cli.c:887 3]: client hello, add ciphersuite: 003d
2018-01-09 19:37:07 mbed TLS[ssl_cli.c:887 3]: client hello, add ciphersuite: 0035
2018-01-09 19:37:07 mbed TLS[ssl_cli.c:887 3]: client hello, add ciphersuite: c032
2018-01-09 19:37:07 mbed TLS[ssl_cli.c:887 3]: client hello, add ciphersuite: c02a
2018-01-09 19:37:07 mbed TLS[ssl_cli.c:887 3]: client hello, add ciphersuite: c00f
2018-01-09 19:37:07 mbed TLS[ssl_cli.c:887 3]: client hello, add ciphersuite: 009c
2018-01-09 19:37:07 mbed TLS[ssl_cli.c:887 3]: client hello, add ciphersuite: 003c
2018-01-09 19:37:07 mbed TLS[ssl_cli.c:887 3]: client hello, add ciphersuite: 002f
2018-01-09 19:37:07 mbed TLS[ssl_cli.c:887 3]: client hello, add ciphersuite: c031
2018-01-09 19:37:07 mbed TLS[ssl_cli.c:887 3]: client hello, add ciphersuite: c029
2018-01-09 19:37:07 mbed TLS[ssl_cli.c:887 3]: client hello, add ciphersuite: c00e
2018-01-09 19:37:07 mbed TLS[ssl_cli.c:887 3]: client hello, add ciphersuite: 000a
2018-01-09 19:37:07 mbed TLS[ssl_cli.c:887 3]: client hello, add ciphersuite: c00d
2018-01-09 19:37:07 mbed TLS[ssl_cli.c:920 3]: client hello, got 25 ciphersuites
2018-01-09 19:37:07 mbed TLS[ssl_cli.c:951 3]: client hello, compress len.: 1
2018-01-09 19:37:07 mbed TLS[ssl_cli.c:953 3]: client hello, compress alg.: 0
2018-01-09 19:37:07 mbed TLS[ssl_cli.c:178 3]: client hello, adding signature_algorithms extension
2018-01-09 19:37:07 mbed TLS[ssl_cli.c:263 3]: client hello, adding supported_elliptic_curves extension
2018-01-09 19:37:07 mbed TLS[ssl_cli.c:328 3]: client hello, adding supported_point_formats extension
2018-01-09 19:37:07 mbed TLS[ssl_cli.c:510 3]: client hello, adding encrypt_then_mac extension
2018-01-09 19:37:07 mbed TLS[ssl_cli.c:544 3]: client hello, adding extended_master_secret extension
2018-01-09 19:37:07 mbed TLS[ssl_cli.c:577 3]: client hello, adding session ticket extension
2018-01-09 19:37:07 mbed TLS[ssl_cli.c:1025 3]: client hello, total extension length: 72
2018-01-09 19:37:07 mbed TLS[ssl_tls.c:2701 2]: => write record
2018-01-09 19:37:07 mbed TLS[ssl_tls.c:2838 3]: output record: msgtype = 22, version = [3:3], msglen = 167
2018-01-09 19:37:07 mbed TLS[ssl_tls.c:2416 2]: => flush output
2018-01-09 19:37:07 mbed TLS[ssl_tls.c:2435 2]: message length: 172, out_left: 172
2018-01-09 19:37:07 mbed TLS[ssl_tls.c:2441 2]: ssl->f_send() returned 172 (-0xffffff54)
2018-01-09 19:37:07 mbed TLS[ssl_tls.c:2460 2]: <= flush output
2018-01-09 19:37:07 mbed TLS[ssl_tls.c:2850 2]: <= write record
2018-01-09 19:37:07 mbed TLS[ssl_cli.c:1051 2]: <= write client hello
2018-01-09 19:37:07 mbed TLS[ssl_cli.c:3363 2]: client state: 2
2018-01-09 19:37:07 mbed TLS[ssl_tls.c:2416 2]: => flush output
2018-01-09 19:37:07 mbed TLS[ssl_tls.c:2428 2]: <= flush output
2018-01-09 19:37:07 mbed TLS[ssl_cli.c:1447 2]: => parse server hello
2018-01-09 19:37:07 mbed TLS[ssl_tls.c:3721 2]: => read record
2018-01-09 19:37:07 mbed TLS[ssl_tls.c:2208 2]: => fetch input
2018-01-09 19:37:07 mbed TLS[ssl_tls.c:2366 2]: in_left: 0, nb_want: 5
2018-01-09 19:37:07 mbed TLS[ssl_tls.c:2390 2]: in_left: 0, nb_want: 5
2018-01-09 19:37:07 mbed TLS[ssl_tls.c:2391 2]: ssl->f_recv(_timeout)() returned -32768 (-0x8000)
2018-01-09 19:37:07 mbed TLS[ssl_tls.c:3875 1]: mbedtls_ssl_fetch_input() returned -32768 (-0x8000)
2018-01-09 19:37:07 mbed TLS[ssl_tls.c:3729 1]: mbedtls_ssl_read_record_layer() returned -32768 (-0x8000)
2018-01-09 19:37:07 mbed TLS[ssl_cli.c:1454 1]: mbedtls_ssl_read_record() returned -32768 (-0x8000)
2018-01-09 19:37:07 mbed TLS[ssl_tls.c:6567 2]: <= handshake

Logfile on Server:
notice openvpn(rwvpn2_ec)[9859]: 178.197.228.255:64891 TLS: Initial packet from [AF_INET]178.197.228.255:64891, sid=1f4acb83 06d19f9e
err openvpn(rwvpn2_ec)[9859]: 178.197.228.255:64891 TLS error: The server has no TLS ciphersuites in common with the client. Your --tls-cipher setting might be too restrictive.
err openvpn(rwvpn2_ec)[9859]: 178.197.228.255:64891 OpenSSL: error:1408A0C1:lib(20):func(138):reason(193)
err openvpn(rwvpn2_ec)[9859]: 178.197.228.255:64891 TLS_ERROR: BIO read tls_read_plaintext error
err openvpn(rwvpn2_ec)[9859]: 178.197.228.255:64891 TLS Error: TLS object -> incoming plaintext read error
err openvpn(rwvpn2_ec)[9859]: 178.197.228.255:64891 TLS Error: TLS handshake failed
notice openvpn(rwvpn2_ec)[9859]: 178.197.228.255:64891 SIGUSR1[soft,tls-error] received, client-instance restarting
I have no tls-cipher setting set. openvpn --show-tls shows this list
TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384
TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA
TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
TLS-DHE-RSA-WITH-AES-256-CBC-SHA
TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256
TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256
TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA
TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
TLS-DHE-RSA-WITH-AES-128-CBC-SHA

According to iOS log:

Code: Select all

2018-01-09 19:37:07 mbed TLS[ssl_cli.c:887 3]: client hello, add ciphersuite: c030
Ciphersuite c030 equals TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, which is supported by the server. I cant figure out whats the problem? Can anyone help? It works well with openSSL clients on Windows.

thanks!
Top
User avatar
ordex
OpenVPN Inc.
Posts: 444
Joined: Wed Dec 28, 2016 2:32 am
Location: IRC #openvpn-devel @ libera.chat

Re: ECDHE Support? TLS error: no TLS ciphersuites in common

Post by ordex » Wed Jan 10, 2018 1:53 pm

Maybe secp521r1 is not yet supported by mbedTLS 2.6.0? have you looked into that already?
Top
fmf
OpenVpn Newbie
Posts: 9
Joined: Fri Jan 03, 2014 1:07 pm

Re: ECDHE Support? TLS error: no TLS ciphersuites in common

Post by fmf » Wed Jan 10, 2018 8:22 pm

Yep, it should. From: https://tls.mbed.org/core-features

Code: Select all

Elliptic Curve Cryptography (ECC)
mbed TLS has its own big number library for its ECC implementation and supports both Elliptic Curve Ephemeral Diffie Hellman (ECDHE) and ECDSA. The following standardized curves / ECP groups are supported:
secp192r1 - 192-bits NIST curve
secp224r1 - 224-bits NIST curve
secp256r1 - 256-bits NIST curve
secp384r1 - 384-bits NIST curve
secp521r1 - 521-bits NIST curve
secp192k1 - 192-bits Koblitz curve
secp224k1 - 224-bits Koblitz curve
secp256k1 - 256-bits Koblitz curve
bp256r1 - 256-bits Brainpool curve
bp384r1 - 384-bits Brainpool curve
bp512r1 - 512-bits Brainpool curve
m255 - 255-bits Curve25519
Top
fmf
OpenVpn Newbie
Posts: 9
Joined: Fri Jan 03, 2014 1:07 pm

Re: ECDHE Support? TLS error: no TLS ciphersuites in common

Post by fmf » Wed Jan 10, 2018 8:26 pm

Connecting with non ECC crypto works just fine even with iOS client
Top
fmf
OpenVpn Newbie
Posts: 9
Joined: Fri Jan 03, 2014 1:07 pm

Re: ECDHE Support? TLS error: no TLS ciphersuites in common

Post by fmf » Wed Jan 10, 2018 8:29 pm

secp224r1 didn't work as well
Top
GainfulShrimp
OpenVpn Newbie
Posts: 12
Joined: Tue May 12, 2015 10:00 am

Re: ECDHE Support? TLS error: no TLS ciphersuites in common

Post by GainfulShrimp » Sat Jan 13, 2018 7:45 pm

I'm also getting this problem, without specifying a specific curve to use. I understand that ECDHE-ECDSA isn't available in 1.2.5, so for now ECDHE-RSA would be fine. According to the mbedTLS docs, it supports all of the tls cipher suites that my (OpenSSL-based) server can offer, i.e.:

Code: Select all

Available TLS Ciphers,
listed in order of preference:

TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256
TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256
TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256
TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256
TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384
TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384
TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256
TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256
TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA
TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA
TLS-DHE-RSA-WITH-AES-256-CBC-SHA
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA
TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA
TLS-DHE-RSA-WITH-AES-128-CBC-SHA

Be aware that that whether a cipher suite in this list can actually work
depends on the specific setup of both peers. See the man page entries of
--tls-cipher and --show-tls for more details.
Does anybody have a working config for using ECDHE suites with iOS Connect 1.2.5?

Or a list of TLS cipher suites that *are* supported by 1.2.5 please?
Top
User avatar
ordex
OpenVPN Inc.
Posts: 444
Joined: Wed Dec 28, 2016 2:32 am
Location: IRC #openvpn-devel @ libera.chat

Re: ECDHE Support? TLS error: no TLS ciphersuites in common

Post by ordex » Sun Jan 14, 2018 2:08 am

I haven't tested this through yet, but don't you think that if you use ECC certs it will always try to negotiate an *-ECDSA-* ciphersuite, thus leading to the "no common ciphersuite" problem?

My guess is that you have to use RSA keys in order to have it negotiate ECDHE-RSA-*.

Still, I might be wrong.
Top
Post Reply

Return to “OpenVPN Connect (iOS)”