Using tlslite python server with SRP against an open ssl client fails with “SSL_connect:error in SSLv3 read server key exchange B”

Question

I'm using python tlslite lib to implement a TCP server with SRP-RSA-AES-256-CBC-SHA. in the client side I'm running a command line open ssl client in this way:

openssl s_client -srpuser Alice -cipher SRP-RSA-AES-256-CBC-SHA -connect localhost:443 -debug -state

the openssl client failing the server key exchange stage in the handshaking because of that:

"SSL_connect:error in SSLv3 read server key exchange B 139693443733160:error:04091068:rsa routines:INT_RSA_VERIFY:bad signature:rsa_sign.c:222: 139693443733160:error:1408D07B:SSL routines:SSL3_GET_KEY_EXCHANGE:bad signature:s3_clnt.c:1817:"

when I'm running openssl client against openssl server (with the same key and certificate), it works well. the same when running tlslite pyhton server and client.

any one have any idea?

Answer 1

Issue was found. It was a bug in the tlslite lib code (version 0.4.8). there is a bug in the way the signature of the server key exchange packet is generated. The code doesn't really take in account the data in the signature. I fixed it locally and have a plan to commit it to the git project soon.