Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OpenSSL.SSL.Error: wrong tag, nested asn1 error #2

Open
jbaldassari opened this issue Nov 26, 2024 · 2 comments
Open

OpenSSL.SSL.Error: wrong tag, nested asn1 error #2

jbaldassari opened this issue Nov 26, 2024 · 2 comments

Comments

@jbaldassari
Copy link

Any idea what might be causing this SSL error when a client connects? The server requires encryption, and the error occurs whether the client has encryption enabled or not. This error occurs just after the TDS login message is received:

[!] Login data
...
[+] server side: TLS handshake in progess - caching TDSLogin
[+] server side: TLS handshake receive
Unhandled Error
Traceback (most recent call last):
  File "./mitmsqlproxy/lib/python3.12/site-packages/twisted/internet/posixbase.py", line 481, in _doReadOrWrite
    why = selectable.doRead()
  File "./mitmsqlproxy/lib/python3.12/site-packages/twisted/internet/tcp.py", line 250, in doRead
    return self._dataReceived(data)
  File "./mitmsqlproxy/lib/python3.12/site-packages/twisted/internet/tcp.py", line 255, in _dataReceived
    rval = self.protocol.dataReceived(data)
  File "./mitmsqlproxy/mitmsqlproxy.py", line 482, in dataReceived
    self.tls.do_handshake()
  File "./mitmsqlproxy/lib/python3.12/site-packages/OpenSSL/SSL.py", line 2202, in do_handshake
    self._raise_ssl_error(self._ssl, result)
  File "./mitmsqlproxy/lib/python3.12/site-packages/OpenSSL/SSL.py", line 1843, in _raise_ssl_error
    _openssl_assert(
  File "./mitmsqlproxy/lib/python3.12/site-packages/OpenSSL/_util.py", line 71, in openssl_assert
    exception_from_error_queue(error)
  File "./mitmsqlproxy/lib/python3.12/site-packages/OpenSSL/_util.py", line 57, in exception_from_error_queue
    raise exception_type(errors)
OpenSSL.SSL.Error: [('asn1 encoding routines', '', 'wrong tag'), ('asn1 encoding routines', '', 'nested asn1 error'), ('asn1 encoding routines', '', 'nested asn1 error'), ('SSL routines', '', 'ASN1 lib')]

Seems like it might be related to the generated self-signed cert?

$ python --version
Python 3.12.7

$ grep '__version__ =' lib/python3.12/site-packages/OpenSSL/version.py 
__version__ = "24.0.0"

$ openssl --version
OpenSSL 3.3.2 3 Sep 2024 (Library: OpenSSL 3.3.2 3 Sep 2024)
@defragmentator
Copy link
Owner

What was the SQL server version? Was enabled "Strict Encryption" on the server?

@jbaldassari
Copy link
Author

It was a SQL Server instance hosted by Azure, and I believe strict encryption was enabled. Unfortunately I can't actually do any more debugging on it at this point because it was a database controlled by a customer of ours, and we eventually solved the issue we were attempting to debug using mitmsqlproxy. Thanks for checking anyway 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jbaldassari @defragmentator