View Issue Details

IDProjectCategoryView StatusLast Update
0005863unrealircdpublic2021-05-01 18:37
ReporterLe_Coyote Assigned Tosyzop  
Status closedResolutionno change required 
Product Version5.0.9 
Summary0005863: "Illegal Parameter" error in TLS handshake when servername contains a ":" and unreal built against libressl
DescriptionWhen a client connects to a Unreal built against libreSSL, with TLS, and the servername contains a ":" (e.g. when connecting to an IPv6-enabled server using the raw IP instead of the FQDN), the connection fails during the TLS handshake. The error is an "Illegal parameter" (47). Unreal/LibreSSL is not returning any server certificate.
The problem was reproduced initially with weechat 2.8, weechat 3.1, and hexchat 2.14.3, but can be reproduced with a simple openssl s_client as described below.
Steps To Reproduce1. Build Unreal ( against libreSSL (tested both 3.2.5 stable and 3.3.2 dev with identical results)
2. openssl s_client -connect localhost:6697
  -> works normally
3. openssl s_client -connect localhost:6697 -servername 2001:
140019933402432:error:14094417:SSL routines:ssl3_read_bytes:sslv3 alert illegal parameter:../ssl/record/rec_layer_s3.c:1543:SSL alert number 47
no peer certificate available
No client certificate CA names sent
SSL handshake has read 7 bytes and written 297 bytes
Verification: OK
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
Additional InformationThe problem is triggered by the colon in the servername, regardless of whether the connection is made with IPv4 or IPv6. It just so happens that connecting to a server using the raw IPv6 address is how the problem is most likely to happen in the wild.
3rd party modules



2021-04-29 23:57

reporter   ~0021951

As suggested by Case_Of on freenode/#libressl, issue opened there as well:


2021-04-30 09:29

reporter   ~0021952

See discussion over at libreSSL's github. It's the client's fault. Bugs reported over there :) This can be closed now.

Issue History

Date Modified Username Field Change
2021-04-29 23:45 Le_Coyote New Issue
2021-04-29 23:45 Le_Coyote Tag Attached: libressl
2021-04-29 23:57 Le_Coyote Note Added: 0021951
2021-04-30 09:29 Le_Coyote Note Added: 0021952
2021-05-01 18:37 syzop Assigned To => syzop
2021-05-01 18:37 syzop Status new => closed
2021-05-01 18:37 syzop Resolution open => no change required