After reading an old articel on TLSv1 vulnerability I wanted to test it. The website I have red about this TLSv1 Issue:
http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/
After reading I wanted to look for a webserver that support TLSv1. For that task I need only an openssl on a device with public internet access, that is actually my ddwrt router.
The command is easy, only issue this and see if in the output of the server reply there is a TLS Version 1.
An example can be seen below:
root@schlagmichtotgw:/tmp/mnt/test# openssl s_client -connect 3.3.3.3:443 -tls1
...
---
No client certificate CA names sent
---
SSL handshake has read 3135 bytes and written 414 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 2048 bit
...
|
That is fine, but before that I wanted to upgrade my openssl version, because the ipkg repository has a newer version as the ipkg-opt repository (anyway both of the are really old):
Whiterussian package:
.
root@schlagmichtotgw:~# ipkg info openssl-util Package: openssl-util Version: 0.9.8d-1 Depends: libopenssl Section: admin Architecture: mipsel Maintainer: OpenWrt Developers Team MD5Sum: 5da30d14ce39c8e0f5c2f19d0ea4db3e Size: 133776 Filename: openssl-util_0.9.8d-1_mipsel.ipk Source: http://svn.openwrt.org/openwrt/branches/whiterussian/openwrt/package/openssl Description: OpenSSL (Secure Socket Layer) command line tool |
Optware package:
.
root@schlagmichtotgw:~# ipkg-opt list | grep openssl openssl - 0.9.7m-5 - Openssl provides the ssl implementation in libraries libcrypto and libssl, and is needed by many other applications and librari ... |
My Version:
.
root@schlagmichtotgw:~# openssl version OpenSSL 0.9.7m 23 Feb 2007 |
Try to install the newer version:
1.) Install the opnessl-util fails because of dependency:
root@schlagmichtotgw:~# ipkg install openssl-util
Downloading http://downloads.openwrt.org/whiterussian/packages/libopenssl_0.9.8d-1_mipsel.ipk ...
Connecting to downloads.openwrt.org (78.24.191.177:80)
Done.
Unpacking libopenssl...Done.
Configuring libopenssl...Done.
Downloading http://downloads.openwrt.org/whiterussian/packages/openssl-util_0.9.8d-1_mipsel.ipk ...
Connecting to downloads.openwrt.org (78.24.191.177:80)
Done.
ipkg_install_file: ERROR: openssl-util depends on the following uninstalled programs:
libopenssl
ipkg_install_file: You may want to use `ipkg install' to install these.
ipkg_get_install: ERROR: Failed to install /jffs/tmp/ipkg/openssl-util_0.9.8d-1_mipsel.ipk
ipkg_get_install: I'll leave it there for you to try a manual installation
|
2.) Install only the required libary seems to be ok:
root@schlagmichtotgw:~# ipkg install libopenssl Downloading http://downloads.openwrt.org/whiterussian/packages/libopenssl_0.9.8d-1_mipsel.ipk ... Connecting to downloads.openwrt.org (78.24.191.177:80) Done. Unpacking libopenssl...Done. Configuring libopenssl...Done. root@schlagmichtotgw:~# |
3.) After that I still cannot install it:
root@schlagmichtotgw:~# ipkg install openssl-util
Downloading http://downloads.openwrt.org/whiterussian/packages/libopenssl_0.9.8d-1_mipsel.ipk ...
Connecting to downloads.openwrt.org (78.24.191.177:80)
Done.
Unpacking libopenssl...Done.
Configuring libopenssl...Done.
Downloading http://downloads.openwrt.org/whiterussian/packages/openssl-util_0.9.8d-1_mipsel.ipk ...
Connecting to downloads.openwrt.org (78.24.191.177:80)
Done.
ipkg_install_file: ERROR: openssl-util depends on the following uninstalled programs:
libopenssl
ipkg_install_file: You may want to use `ipkg install' to install these.
ipkg_get_install: ERROR: Failed to install /jffs/tmp/ipkg/openssl-util_0.9.8d-1_mipsel.ipk
ipkg_get_install: I'll leave it there for you to try a manual installation
|
4.) What files are used for openssl:
root@schlagmichtotgw:~# ipkg-opt files openssl Package openssl (0.9.7m-5) is installed on /opt/ and has the following files: /opt/share/openssl/openssl.cnf /opt/lib/libssl.so /opt/lib/libssl.so.0 /opt/bin/openssl /opt/lib/libcrypto.so /opt/lib/libssl.so.0.9.7 /opt/lib/libcrypto.so.0 /opt/lib/libcrypto.so.0.9.7 Successfully terminated. |
5.) Try to download the package and open it:
root@schlagmichtotgw:/tmp/mnt# wget http://downloads.openwrt.org/whiterussian/packages/libopenssl_0.9.8d-1_mipsel.ipk Connecting to downloads.openwrt.org (78.24.191.177:80) root@schlagmichtotgw:/tmp/mnt/test# ar t libopenssl_0.9.8d-1_mipsel.ipk ar: can't resolve symbol '_dl_app_init_array' root@schlagmichtotgw:/tmp/mnt/test# ar x libopenssl_0.9.8d-1_mipsel.ipk ar: can't resolve symbol '_dl_app_init_array' ar does not work... |
6.) Check the lib files for openssl:
root@schlagmichtotgw:/tmp/mnt/test# ls -lat /opt/lib/libssl* lrwxrwxrwx 1 root root 15 Apr 25 2011 /opt/lib/libssl.so -> libssl.so.0.9.7 lrwxrwxrwx 1 root root 15 Apr 25 2011 /opt/lib/libssl.so.0 -> libssl.so.0.9.7 -rw-r--r-- 1 root root 235852 Nov 17 2010 /opt/lib/libssl.so.0.9.7 |
7.) Look for the newly installed library files for openssl:
root@schlagmichtotgw:/tmp/mnt/test# find / -name libssl.so.0.9* /jffs/usr/lib/libssl.so.0.9.8 /opt/lib/libssl.so.0.9.7 |
It is in /jffs/usr/lib/
8.) Copy and update opnssl library:
root@schlagmichtotgw:/tmp/mnt/test# cp /jffs/usr/lib/libssl.so.0.9.8 /opt/lib/ root@schlagmichtotgw:/tmp/mnt/test# rm /opt/lib/libssl.so root@schlagmichtotgw:/tmp/mnt/test# rm /opt/lib/libssl.so.0 root@schlagmichtotgw:/tmp/mnt/test# ln -s /opt/lib/libssl.so.0.9.8 /opt/lib/libssl.so.0 root@schlagmichtotgw:/tmp/mnt/test# ln -s /opt/lib/libssl.so.0.9.8 /opt/lib/libssl.so The result: root@schlagmichtotgw:/tmp/mnt/test# ls -lat /opt/lib/libssl* lrwxrwxrwx 1 root root 24 Apr 12 10:03 /opt/lib/libssl.so -> /opt/lib/libssl.so.0.9.8 lrwxrwxrwx 1 root root 24 Apr 12 10:03 /opt/lib/libssl.so.0 -> /opt/lib/libssl.so.0.9.8 -rw-r--r-- 1 root root 192135 Apr 12 10:02 /opt/lib/libssl.so.0.9.8 -rw-r--r-- 1 root root 235852 Nov 17 2010 /opt/lib/libssl.so.0.9.7 |
9.) Try to install again:
root@schlagmichtotgw:/tmp/mnt/test# ipkg install openssl-util
Downloading http://downloads.openwrt.org/whiterussian/packages/libopenssl_0.9.8d-1_mipsel.ipk ...
Connecting to downloads.openwrt.org (78.24.191.177:80)
Done.
Unpacking libopenssl...Done.
Configuring libopenssl...Done.
Downloading http://downloads.openwrt.org/whiterussian/packages/openssl-util_0.9.8d-1_mipsel.ipk ...
Connecting to downloads.openwrt.org (78.24.191.177:80)
Done.
ipkg_install_file: ERROR: openssl-util depends on the following uninstalled programs:
libopenssl
ipkg_install_file: You may want to use `ipkg install' to install these.
ipkg_get_install: ERROR: Failed to install /jffs/tmp/ipkg/openssl-util_0.9.8d-1_mipsel.ipk
ipkg_get_install: I'll leave it there for you to try a manual installation
root@schlagmichtotgw:/tmp/mnt/test# ls -lat /jffs/tmp/ipkg/openssl-util_0.9.8d-1_mipsel.ipk
root@schlagmichtotgw:/tmp/mnt/test#
|
It failed and the file is not in /jffs/tmp… try to force it
root@schlagmichtotgw:/tmp/mnt/test# ipkg -force-depends install openssl-util Downloading http://downloads.openwrt.org/whiterussian/packages/libopenssl_0.9.8d-1_mipsel.ipk ... Connecting to downloads.openwrt.org (78.24.191.177:80) Done. Unpacking libopenssl...Done. Configuring libopenssl...Done. Downloading http://downloads.openwrt.org/whiterussian/packages/openssl-util_0.9.8d-1_mipsel.ipk ... Connecting to downloads.openwrt.org (78.24.191.177:80) Done. ipkg_install_file: Warning: openssl-util depends on the following uninstalled programs: libopenssl Unpacking openssl-util...Done. Configuring openssl-util...Done. |
I have now 2 openssl, but one does not work, it has uclibc problem:
root@schlagmichtotgw:/tmp/mnt/test# find / -name openssl /jffs/usr/bin/openssl /opt/share/openssl /opt/bin/openssl root@schlagmichtotgw:/tmp/mnt/test# /jffs/usr/bin/openssl /jffs/usr/bin/openssl: can't resolve symbol '__uClibc_start_main' root@schlagmichtotgw:/tmp/mnt/test# /opt/bin/openssl version OpenSSL 0.9.7m 23 Feb 2007 |
And here I cannot go on, I have to dig it later…
itsecworks 
Posted on April 17, 2012
0