Hi Abhilash,
I played around with different configurations.
When you configure the server to send a certificate request message there is no way in Mbed TLS to indicate whether it has to send it as part of the initial handshake or the resumed handshake.
As such, all I got working is to have the client to always return a certificate when the server asks for it. That’s the conclusion I have come up with.
Here is the configuration I have been using:
ssl_server2.exe server_addr=127.0.0.1 crt_file=C:\certs\server.crt server_port=4433 key_file=C:\certs\server.key ca_file=C:\certs\ca.crt debug_level=5 tickets=0 force_version=tls1_2 auth_mode=optional force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM
renegotiate=1 renegotiation=1
ssl_client2.exe server_addr=127.0.0.1 debug_level=5 server_port=4433 force_version=tls1_2 auth_mode=optional crt_file=C:\certs\client.crt key_file=C:\certs\client.key ca_file=C:\certs\ca.crt server_name=server force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM
renegotiation=1 renegotiate=1 tickets=0
I suspect you would have to add a new API to enable such functionality.
Ciao
Hannes
From: Hannes Tschofenig
Sent: Friday, July 3, 2020 5:07 PM
To: 'Abhilash Iyer' <Abhilash.Iyer@microsoft.com>; Subramanian Gopi Krishnan <gopikrishnan.subramanian@kone.com>
Cc: mbed-tls@lists.trustedfirmware.org
Subject: RE: [mbed-tls] Mutual Authentication in TLS handshake - No client certificate passed
Thanks for the clarification.
- Is this kind of TLS exchange not supported by mbedTLS?
Will check unless my co-workers know it from the top of their head.
Ciao
Hannes
From: Abhilash Iyer <Abhilash.Iyer@microsoft.com>
Sent: Friday, July 3, 2020 4:09 PM
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>; Subramanian Gopi Krishnan <gopikrishnan.subramanian@kone.com>
Cc: mbed-tls@lists.trustedfirmware.org
Subject: Re: [mbed-tls] Mutual Authentication in TLS handshake - No client certificate passed
Hello Hannes,
Thank you very much for your reply and slides. They are really amazing!
When you say that you tried connecting to my test server, did you mean preview.auth.edgeai.azure.net? If you see the OpenSSL logs you can see the certificate request packet coming from the server, whereas it does not come for mbedTLS. There
was no change in the server side between the OpenSSL and mbedTLS tests.
This service is hosted in azure where they exchange the client certificate During renegotiation in an encrypted channel. This is to protect client certificate from other listeners.
Is this kind of TLS exchange not supported by mbedTLS?
Thanks
Abhilash
Get Outlook for iOS
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
Sent: Friday, July 3, 2020 8:44 AM
To: Abhilash Iyer; Subramanian Gopi Krishnan
Cc: mbed-tls@lists.trustedfirmware.org
Subject: [EXTERNAL] RE: [mbed-tls] Mutual Authentication in TLS handshake - No client certificate passed
Hi all,
I have been using Mbed TLS with mutual certificate-based authentication all the time.
Here is the configuration:
Here is a link to a webinar where I talk about certificate-based authentication and show-case mutual authentication with a Keil development board:
https://www.youtube.com/watch?v=iH4v-aXQ2zQ
Slides are here:
http://www2.keil.com/docs/default-source/default-document-library/keil_mbedtls_tutorial_part2.pdf
From what I can tell (trying to connect to your test server myself) you haven’t configured the auth_mode=required on the server side.
Without it the TLS server will not send a CertificateRequest message.
Ciao
Hannes
From: mbed-tls <mbed-tls-bounces@lists.trustedfirmware.org>
On Behalf Of Abhilash Iyer via mbed-tls
Sent: Friday, July 3, 2020 2:56 PM
To: Subramanian Gopi Krishnan <gopikrishnan.subramanian@kone.com>
Cc: mbed-tls@lists.trustedfirmware.org
Subject: Re: [mbed-tls] Mutual Authentication in TLS handshake - No client certificate passed
Hi Gopi,
Thank you very much for your feedback. I double checked all the recommended configuration that you mentioned but it did not help. I really suspect if I have hit a mbedTLS limitation here.
Following our conversation, I tried connecting to the server using openSSL.
Server:
https://preview.auth.edgeai.azure.net/api/v1/device/auth
OpenSSL commands:
OpenSSL> s_client -connect preview.auth.edgeai.azure.net:443 -showcerts -debug -msg -state -tls1_2 -cert certificate1.pem -key privateKey1.pem
GET /api/v1/device/auth HTTP/1.1
HOST:preview.auth.edgeai.azure.net
With the above commands, I am able to send the client certificate to the server. I have attached the openSSL logs to show the flow of TLS activity.
As per the logs attached, this is the flow of activity:
- In the first TLS handshake there is no certificate request and no client certificate sent. I see ClientHello, ServerHello, ServerCertificate, ServerKeyExchange, Server Done, ClientKeyExchange,
Change cipher spec, Certificate chain information and Server Cert. Till here, I do see:
No client certificate CA names sent.
- Now when I do a Get call & pass the HOST, client writes that call to the server and in turn the server returns me a “HelloRequest” which is encrypted. Now, this chain of handshake
has a CertificateRequest, ClientCertificate, CertificateVerify etc. I see that 1009 bytes of data been written on the server under the name of client certificate. There is no way to see this certificate because
the channel is encrypted now.
- Lastly, we get HTTP/1.1 200 OK.
Now when I do the same thing using the mbedTLS client on windows 10 PC, I see that the client gets reset during the renegotiation process. Note that the client cert was supposed to be exchanged in the renegotiation period, not the initial
handshake. I have attached the logs for mbedTLS client as well and here are the commands that I use to communicate using mbedTLS client.
ssl_client2.exe server_name=preview.auth.edgeai.azure.net server_port=443 debug_level=5 auth_mode=required renegotiate=1 reconnect=1 request_page=/api/v1/device/auth crt_file=certificate1.pem
key_file=privateKey1.pem ca_file=server_prev1.pem
I am wondering if this type of exchange of certs is not supported by mbedTLS at all. But it doesn’t work with the remote server since this server looks for the client cert in the renegotiation phase to retain client certificate privacy.
Can you confirm that this is a MBEDTLS limitation and have to move to a different library?
Thanks,
Abhilash
From: Subramanian Gopi Krishnan <gopikrishnan.subramanian@kone.com>
Sent: Sunday, June 28, 2020 8:58 PM
To: Abhilash Iyer <Abhilash.Iyer@microsoft.com>
Subject: [EXTERNAL] RE: [mbed-tls] Mutual Authentication in TLS handshake - No client certificate passed
Hi Abilash,
Few things to verify
- On server side – make sure the authentication mode is set to required instead of optional.
- Test with browser, does Handshake is succeeding if cancelling to select Certificate.
- If the above were success, then proceed to modify auth_mode on server as below and test once again.
- mbedtls_ssl_conf_authmode(
&conf, MBEDTLS_SSL_VERIFY_REQUIRED ); - insisting Server to Request Certificate.
- On client side – check does it has a valid Certificate & Key set to TLS Configuration
- mbedtls_ssl_conf_own_cert(
&conf, &clicert, &pkey );
Thanks,
Gopi Krishnan
From: mbed-tls <mbed-tls-bounces@lists.trustedfirmware.org>
On Behalf Of Abhilash Iyer via mbed-tls
Sent: Monday, June 22, 2020 2:00 PM
To: mbed-tls@lists.trustedfirmware.org
Subject: [mbed-tls] Mutual Authentication in TLS handshake - No client certificate passed
This message is from an external sender. Be cautious, especially with links and attachments.
Hello,
I am trying to incorporate Mutual Authentication TLS in my hardware. For testing the mutual authentication in TLS, I setup a demo service which would request a client certificate in the TLS handshake. I used MS Edge, Google Chrome to test whether the service
requests a client certificate during the TLS 1.2 handshake. When I ping the website, I do receive a request for a client certificate as shown in the image below. On selecting a certificate, I am able to access the website.
Link to the demo service:
https://serviceforsomsecurity.azurewebsites.net/
The above validates that the service requires the client to provide the client certificate during the TLS handshake.
Now, when I test this with the sample mbedTLS ssl_client2.c program:
https://github.com/ARMmbed/mbedtls/blob/development/programs/ssl/ssl_client2.c, the
client does not send a certificate at all.
The following are the steps that I carry out to test the TLS connection with my service with the sample mbedTLS ssl_client2.exe :
1. Open the mbedTLS.sln and build the ssl_client2 project. This creates a ssl_client2.exe under the Debug folder.
2. ssl_client2.exe server_name=serviceforsomsecurity.azurewebsites.net server_port=443 debug_level=3 auth_mode=required reconnect=1 crt_file=cert.pem key_file=key.pem ca_file=Digicert.cer force_version=tls1_2
The above command to test whether the client sends the client certificate during handshake. Here’s the log:
As you can see, in 3025 client receives: got no certificate request and then followed by server hello done at 3157. And then at 2080 & 2094, client skips writing certificate; during this handshake.
3. Then I tried including renegotiation flag:
ssl_client2.exe server_name=serviceforsomsecurity.azurewebsites.net server_port=443 debug_level=3 auth_mode=required reconnect=1 crt_file=cert.pem key_file=key.pem ca_file=Digicert.cer force_version=tls1_2
renegotiate=1
Even in this case, the client does not get the certificate and abruptly ends during renegotiation due to timeout.
I have included both the log files below for complete handshake review. [ssl_client_without_renegotiation.txt and ssl_client_with_renegotiation.txt]
Can you please let me know how to debug this client certificate problem? It will be really a great help!
Million thanks in advance.
Regards,
Abhilash