SSL：SSLV3_ALERT_HANDSHAKE_FAILURE sslv3 警报握手失败 (_ssl.c:833)

Question

I have a simple TLS client in python running in Ubuntu 18.04 and openssl version 1.1.0g. The client supports a single ciphersuite. I get an error when trying to connect to a TLS 1.0 server. The cipher suite is not supported by the server. I know that the reason for the error is most likely due to lack of ciphersuite mismatch but I am looking for a more meaningful error for the user in this case. The error I am getting at the moment is pointing to SSLv3 which neither the client nor the server has anything to do with SSLv3. The client disables SSLv3 and the server as well. This is the error :

[SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:833) 

My question is: I need a better error message says for example (lack of ciphersuite mismatch or something like that is relevant to ciphersuite issue). Is there any? Of course I could write my own message but the socket connection can fail for various reasons and I can not make a general error that always says "ciphersuite mismatch".

This is the client script:

import socket,ssl
import itertools

context = ssl.SSLContext()

context.verify_mode = ssl.CERT_NONE
context.check_hostname = False

ciphers = "ECDHE-ECDSA-AES128-GCM-SHA256"
context.set_ciphers(ciphers)

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

domainName = "privatedomain.com"
sslSocket = context.wrap_socket(s, server_hostname = domainName)

try:
    sslSocket.connect((domainName, 443))
except (ssl.SSLError, ssl.SSLEOFError, ssl.CertificateError,ssl.SSLSyscallError, ssl.SSLWantWriteError, ssl.SSLWantReadError,ssl.SSLZeroReturnError) as e:
    print("Error: ",e)
sslSocket.close()

Answer 1

From the client's view, it is not possible to get another message than the one sent by the server, which is handshake failure in your case. The error message are, for example, documented in RFC 2246 7.2.

The reason why you see SSLv3 in your message, is that you probably send a SSLv3 Hello, which is something allowed to negotiate a TLS 1.0 or later protocol.

Answer 2

Late answer but hopefully helpful . . .

Both client and server must agree on the transport layer version for the connection to be successful. Consider meeting a person for the first time. The person (client) extends their hand to you (server) in a gesture of greeting. If you just saw the person come out of the latrine without washing hands and you see (and/or smell) something undesirable, you will not extend your hand in return.

It is similar with an SSL handshake. The client says "Hey I'd like to communicate via TLS v1.0". The savvy admin for the server knows TLS v1.0 is not secure and they have disabled it on the server--so the server responds to the client, "No, but how about version 1.3?" (ie: "Go wash your hands first"). If the client accepts (washes hands), the handshake is accepted and the connection is established. If the client refuses, the server keeps asking for lower versions ("How about a gallon of Purell then?") until the client accepts or the server has no other versions to offer (walks away).

Basically, the handshake is designed to use the highest version that both the client and server support.

This page has a nice table of versions for client & server (about half way down in the "SSL Contexts" section:

 https://docs.python.org/3/library/ssl.html

Note that TLS v1.0 is no longer considered secure (Google "POODLE attack"). If your server supports it, disable it ASAP.

Answer 3

For me this:

 urllib.error.URLError: <urlopen error [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:1123)>

meant I was doing this

        cipherstr = 'MEDIUM:!aNULL:!eNULL'
        context = ssl._create_unverified_context()
        context.set_ciphers(cipherstr)

commenting out the set_ciphers and it works now.

Other thing to check: make sure your version of OpenSSL is new enough .