Browser handshake failure

[Thomas Krey1709160326]

Dear all,

after upgrading our NetScaler to version 12.1-49.23 we weren't any longer able to access our

extranet with Google Chrome 70 and Mozilla Firefox 62.

We are using the recommended cipher suites and settings to achieve an A+ at SSL Labs.

We enabled the following cipher suites on our web frontend:

 

# TLS 1.2 (suites in server-preferred order):

TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8) ECDH secp256r1 (eq. 3072 bits RSA) FS 256

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) ECDH secp256r1 (eq. 3072 bits RSA) FS 128

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH secp256r1 (eq. 3072 bits RSA) FS 256

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) ECDH secp256r1 (eq. 3072 bits RSA) FS 128

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) ECDH secp256r1 (eq. 3072 bits RSA) FS 256

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH secp256r1 (eq. 3072 bits RSA) FS 128

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH secp256r1 (eq. 3072 bits RSA) FS 256

# TLS 1.1 (suites in server-preferred order):

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH secp256r1 (eq. 3072 bits RSA) FS 128

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH secp256r1 (eq. 3072 bits RSA) FS 256

# TLS 1.0 (suites in server-preferred order):

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH secp256r1 (eq. 3072 bits RSA) FS 128

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH secp256r1 (eq. 3072 bits RSA) FS 256

 

While Safari 12, Internet Explorer 11 and Edge are working as desired, however the other two browsers claim a handshake failure.

Firefox states SSL_ERROR_NO_CYPHER_OVERLAP and Chrome states ERR_SSL_VERSION_INTERFERENCE although there are compatible ciphers in this list.

SSL Labs state fatal handshake errors on these browsers: https://www.ssllabs.com/ssltest/analyze.html?d=extranet.pluradent.de

 

Any ideas?

 

Have a nice evening

 

Kind regards,

 

Thomas

 

 

 

[Vamsi Krishna1709162168]

What does packet capture say? 

TLS1.3 enable? 

Do you have SSL profile configured? 

Does default cipher works?

 

Thanks,

Vamsi

[Thomas Krey1709160326]

Hi Vamsi,

sorry, I haven't done a packet capture , yet.

TLS1.3 is enabled, but SSL Labs state, that TLS1.3 is disabled.

Is there anything else to do, in order to enable TLSv1.3?

Since this Friday, we use release NS12.1 49.37.nc.

Yes, we have a SSL profile configured, the Settings can be seen in the attached screenshot.

Enabling or disabling TLS1 doesn't make any difference, most handshakes use TLSv1.2 as can be seen here:

https://www.ssllabs.com/ssltest/analyze.html?d=extranet.pluradent.de

I have enabled two cipher groups, the self-created group called "ssllabs-smw-q2-2018" and "TLSv1.3".

Here are the CLI parameters of the self-created group:

set ssl parameter -denySSLReneg NONSECURE

add ssl cipher ssllabs-smw-q2-2018

bind ssl cipher ssllabs-smw-q2-2018 -cipherName TLS1.3-AES256-GCM-SHA384
bind ssl cipher ssllabs-smw-q2-2018 -cipherName TLS1.3-CHACHA20-POLY1305-SHA256
bind ssl cipher ssllabs-smw-q2-2018 -cipherName TLS1.3-AES128-GCM-SHA256
bind ssl cipher ssllabs-smw-q2-2018 -cipherName TLS1.2-ECDHE-RSA-CHACHA20-POLY1305
bind ssl cipher ssllabs-smw-q2-2018 -cipherName TLS1.2-ECDHE-ECDSA-AES128-GCM-SHA256
bind ssl cipher ssllabs-smw-q2-2018 -cipherName TLS1.2-ECDHE-ECDSA-AES256-GCM-SHA384
bind ssl cipher ssllabs-smw-q2-2018 -cipherName TLS1.2-ECDHE-ECDSA-AES128-SHA256
bind ssl cipher ssllabs-smw-q2-2018 -cipherName TLS1.2-ECDHE-ECDSA-AES256-SHA384
bind ssl cipher ssllabs-smw-q2-2018 -cipherName TLS1-ECDHE-ECDSA-AES128-SHA
bind ssl cipher ssllabs-smw-q2-2018 -cipherName TLS1-ECDHE-ECDSA-AES256-SHA
bind ssl cipher ssllabs-smw-q2-2018 -cipherName TLS1.2-ECDHE-RSA-AES128-GCM-SHA256
bind ssl cipher ssllabs-smw-q2-2018 -cipherName TLS1.2-ECDHE-RSA-AES256-GCM-SHA384
bind ssl cipher ssllabs-smw-q2-2018 -cipherName TLS1.2-ECDHE-RSA-AES-128-SHA256
bind ssl cipher ssllabs-smw-q2-2018 -cipherName TLS1.2-ECDHE-RSA-AES-256-SHA384
bind ssl cipher ssllabs-smw-q2-2018 -cipherName TLS1.2-DHE-RSA-AES128-GCM-SHA256
bind ssl cipher ssllabs-smw-q2-2018 -cipherName TLS1.2-DHE-RSA-AES256-GCM-SHA384

bind ssl cipher ssllabs-smw-q2-2018 -cipherName TLS1-ECDHE-RSA-AES128-SHA
bind ssl cipher ssllabs-smw-q2-2018 -cipherName TLS1-ECDHE-RSA-AES256-SHA
bind ssl cipher ssllabs-smw-q2-2018 -cipherName TLS1-DHE-RSA-AES-128-CBC-SHA
bind ssl cipher ssllabs-smw-q2-2018 -cipherName TLS1-DHE-RSA-AES-256-CBC-SHA

bind ssl vserver RZ-CNS1-AG -cipherName ssllabs-smw-q2-2018

bind ssl vserver RZ-CNS1-AG -eccCurveName ALL

 

Did I forget something?

 

Thanks a lot!

 

Best regards,

 

Thomas.

[Vamsi Krishna1709162168]

Let's try to narrow down where is the issue.

 

1. Disable TLS1.3 and see if this works

2. Disable "DenySSLRenegotiation" and see if this works

3. Remove SSL profile and use default parameters with custom ciphers.

 

And if we unbind custom ciphers and use default ciphers is this working?

 

Thanks,

Vamsi

 

[Thomas Krey1709160326]

Hello Vamsi,

it is already sufficient to disable TLSv1.3.

With TLSv1.3 disabled, our extranet.pluradent.de works fine with Mozilla Firefox 63.0.1 and Google Chrome 70.0.3538.77.

Is there any possibility to get TLSv1.3 working, or is it not compatible, yet?

 

Many thanks!

 

Best regards,

 

Thomas.

 

[Vamsi Krishna1709162168]

With default ciphers, enabling TLS1.3 is this working?

 

All I see with TLS1.3 is below

 

bind ssl cipher ssllabs-smw-q2-2018 -cipherName TLS1.3-AES256-GCM-SHA384
bind ssl cipher ssllabs-smw-q2-2018 -cipherName TLS1.3-CHACHA20-POLY1305-SHA256
bind ssl cipher ssllabs-smw-q2-2018 -cipherName TLS1.3-AES128-GCM-SHA256

 

Do you see chrome/Mozilla coming with these ciphers in client hello? 

 

May be a case with citrix will help to debug more :)

As of now you can use work around by disabling TLS1.3

 

Thanks,

Vamsi 

[Sambhaji Banapure]

Hi All, 

 

I have disabled the TLS1.3 post which it start working without any issues.

 

add ssl profile custom_ssl_profile_TLSV1.3_NON_SECURE -sessReuse ENABLED -sessTimeout 120 -tls1 DISABLED -tls11 DISABLED -denySSLReneg NONSECURE

 

my current version 

 

 NetScaler NS12.1: Build 55.18.nc, Date: Jan 20 2020, 06:37:31   (64-bit)

 

Can someone let me know how can i achieve the same by while enabling TLS 1.3.

 

Regards

Samb

[Sambhaji Banapure]

 Name: custom_ssl_profile_TLSV1.3_NON_SECURE     (Front-End)
        SSLv3: DISABLED TLSv1.0: DISABLED  TLSv1.1: DISABLED  TLSv1.2: ENABLED  TLSv1.3: DISABLED
        Client Auth: DISABLED
        Use only bound CA certificates: DISABLED
        Strict CA checks:               NO
        Session Reuse: ENABLED          Timeout: 120 seconds
        DH: DISABLED
        DH Private-Key Exponent Size Limit: DISABLED    Ephemeral RSA: ENABLED          Refresh Count: 0
        Deny SSL Renegotiation          NONSECURE
        Non FIPS Ciphers: DISABLED
        Cipher Redirect: DISABLED
        SSL Redirect: DISABLED
        Send Close-Notify: YES
        Strict Sig-Digest Check: DISABLED
        Zero RTT Early Data: DISABLED
        DHE Key Exchange With PSK: NO
        Tickets Per Authentication Context: 1
        Push Encryption Trigger: Always
        PUSH encryption trigger timeout:        1 ms
        SNI: DISABLED
        OCSP Stapling: DISABLED
        Strict Host Header check for SNI enabled SSL sessions:          NO
        Push flag:      0x0 (Auto)
        SSL quantum size:               8 kB
        Encryption trigger timeout      100 mS
        Encryption trigger packet count:        45
        Subject/Issuer Name Insertion Format:   Unicode

        SSL Interception: DISABLED
        SSL Interception OCSP Check: ENABLED
        SSL Interception End to End Renegotiation: ENABLED
        SSL Interception Maximum Reuse Sessions per Server:     10
        Session Ticket: DISABLED
        HSTS: DISABLED
        HSTS IncludeSubDomains: NO
        HSTS Max-Age: 0
        HSTS Preload: NO

 

What additional changes are required in above profile to achieve Qualys A+ - currently it is B.