Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Question: ERROR: returned an error: sending request: SSL error: ssl_write_all 29527: 1 - ERROR_SYSCALL #699

Open
drwetter opened this issue Sep 15, 2020 · 3 comments
Open

Question: ERROR: returned an error: sending request: SSL error: ssl_write_all 29527: 1 - ERROR_SYSCALL #699

drwetter opened this issue Sep 15, 2020 · 3 comments
Labels
bug

Comments

@drwetter
Copy link
Contributor

This is not really a bugreport. But I would love to understand what's going on.

I have a host (HTTPS) to scan which frequently returns

E:Tue Sep 15 20:47:32 2020 + ERROR:  returned an error: sending request: SSL error: ssl_write_all 29527: 1 - ERROR_SYSCALL(-1,5) :

E:Tue Sep 15 20:47:32 2020 + ERROR:  returned an error: sending request: SSL error: ssl_write_all 29527: 1 - ERROR_SYSCALL(-1,5) :

E:Tue Sep 15 20:47:32 2020 + ERROR:  returned an error: sending request: SSL error: ssl_write_all 29527: 1 - ERROR_SYSCALL(-1,5) :

E:Tue Sep 15 20:47:33 2020 + ERROR:  returned an error: sending request: SSL error: ssl_write_all 29527: 1 - ERROR_SYSCALL(-1,5) :

E:Tue Sep 15 20:47:33 2020 + ERROR:  returned an error: sending request: SSL error: ssl_write_all 29527: 1 - ERROR_SYSCALL(-1,5) :

E:Tue Sep 15 20:47:33 2020 + ERROR:  returned an error: sending request: SSL error: ssl_write_all 29527: 1 - ERROR_SYSCALL(-1,5)

Look like this error is thrown in LW2.pm.

tcpdump is telling me the server side sends a TCP reset on a ClientHello. This is not every request in the pcap file.

One thing which puzzles me is in debugging mode the JSON object typically tells me there's no cipher:

 D:Tue Sep 15 21:04:16 2020 'Result Hash' = {
        'whisker' => {
                'ssl_cipher' => '(NONE)',
                'uri' => '/dpa.alz',
                'MAGIC' => 31340,
                'error' => "sending request: SSL error: ssl_write_all 29606: 1 - ERROR_SYSCALL(-1,5) : \n"
        }

which is probably not true if the ClientHellos before the TCP resets are to blame. Q1: Why do I see here no ssl_cipher?

The ClientHello before the TCP reset looks on the first glance ok, I haven't done a side by side comparison with another ClientHello for which I get a proper response yet. Both look like a TLS 1.3 handshake.

The TCP resets don't happen every time.

Scan host is Debian 10. Target is Windows Server 2012 or 2012 R2 or Windows Server 2016.

Q2: has anybody else seen that? (no, I don't think here's a middle box or an IPS/IDS the culprit).

Cheers, Dirk
@drwetter drwetter added the bug label Sep 15, 2020
@iasdeoupxe
Copy link
Contributor

Q1: Why do I see here no ssl_cipher?

If the server doesn't send a ServerHello including the negotiated ciphers how should the Result (Result Hash) contain a cipher?

Without a ServerHello no communication / cipher was negotiated so the 'ssl_cipher' => '(NONE)', looks fine to me.

@sullo
Copy link
Owner

sullo commented Nov 11, 2020

I have been having this problem on one one Mac, but I also have the same issue using curl. On the Mac I've chalked it up to Apple vs OpenSSL versions vs Homebrew.

@drwetter what platform was this?

@drwetter
Copy link
Contributor Author

probably Debian 10

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@sullo @drwetter @iasdeoupxe