Topic: IE11/Edge: "PadCheck failed"

Hi everyone,

we successfully integrated wolfSSL (3.11.0) server functionality into our embedded device. Our webserver is working fine with web clients like Firefox or Chrome.

However, Microsofts IE11/Edge is showing an error page stating that we should turn on TLS 1.x.

Well, the server is running with wolfSSLv23_server_method() which uses TLS per default. In IE11 settings TLS1.x is enabled and SSH disabled.

Our build settings are:

    #define NO_WRITEV
    #define NO_WOLFSSL_DIR
    #define USE_FAST_MATH
    #define TFM_TIMING_RESISTANT
    #define NO_DEV_RANDOM
    #define USE_CERT_BUFFERS_2048
    #define NO_ERROR_STRINGS
    #define TIME_OVERRIDES
    #define HAVE_ECC
    #define HAVE_ALPN
    #define HAVE_TLS_EXTENSIONS
    #define HAVE_AESGCM
    #define HAVE_SUPPORTED_CURVES
    #define ALT_ECC_SIZE
    #define WOFLSSL_STATIC_RSA
    #define NO_RC4
    #define WOLFSSL_DTLS

    #define WOLFSSL_CERT_GEN
    #define WOLFSSL_ALT_NAMES
    #define WOLFSSL_CERT_EXT
    #define WOLFSSL_CERT_REQ
    #define DEBUG_WOLFSSL

The debug output when connecting with IE11/Edge is as follows:

wolfSSL Entering SSL_new
wolfSSL Leaving SSL_new, return 0
wolfSSL Entering SSL_set_fd
wolfSSL Entering SSL_set_read_fd
wolfSSL Leaving SSL_set_read_fd, return 1
wolfSSL Entering SSL_set_write_fd
wolfSSL Leaving SSL_set_write_fd, return 1
wolfSSL Entering wolfSSL_read()
wolfSSL Entering wolfSSL_read_internal()
wolfSSL Entering ReceiveData()
Handshake not complete, trying to finish
wolfSSL Entering wolfSSL_negotiate
wolfSSL Entering SSL_accept()
growing input buffer

received record layer msg
wolfSSL Entering DoHandShakeMsg()
wolfSSL Entering DoHandShakeMsgType
processing client hello
Matched No Compression
SNI extension received
Certificate Status Request extension received
Elliptic Curves extension received
Secure Renegotiation extension received
wolfSSL Entering MatchSuite
wolfSSL Entering VerifyServerSuite
Requires RSA
Verified suite validity
wolfSSL Leaving DoHandShakeMsgType(), return 0
wolfSSL Leaving DoHandShakeMsg(), return 0
accept state ACCEPT_CLIENT_HELLO_DONE
accept state ACCEPT_FIRST_REPLY_DONE
growing output buffer

Shrinking output buffer

accept state SERVER_HELLO_SENT
growing output buffer

Shrinking output buffer

accept state CERT_SENT
wolfSSL Entering SendCertificateStatus
accept state CERT_STATUS_SENT
wolfSSL Entering SendServerKeyExchange
Using ephemeral ECDH
wolfSSL Entering EccMakeKey
wolfSSL Leaving EccMakeKey, return 0
growing output buffer

wolfSSL Entering RsaSign
wolfSSL Leaving RsaSign, return 0
wolfSSL Entering VerifyRsaSign
wolfSSL Leaving VerifyRsaSign, return 0
Shrinking output buffer

wolfSSL Leaving SendServerKeyExchange, return 0
accept state KEY_EXCHANGE_SENT
accept state CERT_REQ_SENT
growing output buffer

Shrinking output buffer

accept state SERVER_HELLO_DONE
received record layer msg
wolfSSL Entering DoHandShakeMsg()
wolfSSL Entering DoHandShakeMsgType
processing client key exchange
wolfSSL Entering DoClientKeyExchange
wolfSSL Entering EccSharedSecret
wolfSSL Leaving EccSharedSecret, return 0
wolfSSL Leaving DoClientKeyExchange, return 0
wolfSSL Leaving DoHandShakeMsgType(), return 0
wolfSSL Leaving DoHandShakeMsg(), return 0
received record layer msg
got CHANGE CIPHER SPEC
PadCheck failed
VerifyMac failed
wolfSSL error occurred, error = -305
wolfSSL error occurred, error = -312
wolfSSL Leaving wolfSSL_negotiate, return -1
wolfSSL Leaving wolfSSL_read_internal(), return -1
wolfSSL Entering SSL_free
CTX ref count not 0 yet, no free
Shrinking input buffer

wolfSSL Leaving SSL_free, return 0
wolfSSL Entering SSL_new
wolfSSL Leaving SSL_new, return 0
wolfSSL Entering SSL_set_fd
wolfSSL Entering SSL_set_read_fd
wolfSSL Leaving SSL_set_read_fd, return 1
wolfSSL Entering SSL_set_write_fd
wolfSSL Leaving SSL_set_write_fd, return 1
wolfSSL Entering wolfSSL_read()
wolfSSL Entering wolfSSL_read_internal()
wolfSSL Entering ReceiveData()
Handshake not complete, trying to finish
wolfSSL Entering wolfSSL_negotiate
wolfSSL Entering SSL_accept()
Client attempting to connect with different version
growing input buffer

received record layer msg
wolfSSL Entering DoHandShakeMsg()
wolfSSL Entering DoHandShakeMsgType
processing client hello
    downgrading to TLSv1
Matched No Compression
SNI extension received
Certificate Status Request extension received
Elliptic Curves extension received
Secure Renegotiation extension received
wolfSSL Entering MatchSuite
wolfSSL Entering VerifyServerSuite
Requires RSA
Verified suite validity
wolfSSL Leaving DoHandShakeMsgType(), return 0
wolfSSL Leaving DoHandShakeMsg(), return 0
accept state ACCEPT_CLIENT_HELLO_DONE
accept state ACCEPT_FIRST_REPLY_DONE
growing output buffer

Shrinking output buffer

accept state SERVER_HELLO_SENT
growing output buffer

Shrinking output buffer

accept state CERT_SENT
wolfSSL Entering SendCertificateStatus
accept state CERT_STATUS_SENT
wolfSSL Entering SendServerKeyExchange
Using ephemeral ECDH
wolfSSL Entering EccMakeKey
wolfSSL Leaving EccMakeKey, return 0
growing output buffer

wolfSSL Entering RsaSign
wolfSSL Leaving RsaSign, return 0
wolfSSL Entering VerifyRsaSign
wolfSSL Leaving VerifyRsaSign, return 0
Shrinking output buffer

wolfSSL Leaving SendServerKeyExchange, return 0
accept state KEY_EXCHANGE_SENT
accept state CERT_REQ_SENT
growing output buffer

Shrinking output buffer

accept state SERVER_HELLO_DONE
received record layer msg
wolfSSL Entering DoHandShakeMsg()
wolfSSL Entering DoHandShakeMsgType
processing client key exchange
wolfSSL Entering DoClientKeyExchange
wolfSSL Entering EccSharedSecret
wolfSSL Leaving EccSharedSecret, return 0
wolfSSL Leaving DoClientKeyExchange, return 0
wolfSSL Leaving DoHandShakeMsgType(), return 0
wolfSSL Leaving DoHandShakeMsg(), return 0
received record layer msg
got CHANGE CIPHER SPEC
PadCheck failed
VerifyMac failed
wolfSSL error occurred, error = -305
wolfSSL error occurred, error = -312
wolfSSL Leaving wolfSSL_negotiate, return -1
wolfSSL Leaving wolfSSL_read_internal(), return -1
wolfSSL Entering SSL_free
CTX ref count not 0 yet, no free
Shrinking input buffer

wolfSSL Leaving SSL_free, return 0
wolfSSL Entering SSL_new
wolfSSL Leaving SSL_new, return 0
wolfSSL Entering SSL_set_fd
wolfSSL Entering SSL_set_read_fd
wolfSSL Leaving SSL_set_read_fd, return 1
wolfSSL Entering SSL_set_write_fd
wolfSSL Leaving SSL_set_write_fd, return 1
wolfSSL Entering wolfSSL_read()
wolfSSL Entering wolfSSL_read_internal()
wolfSSL Entering ReceiveData()
Handshake not complete, trying to finish
wolfSSL Entering wolfSSL_negotiate
wolfSSL Entering SSL_accept()
Embed receive connection closed
wolfSSL error occurred, error = -308
wolfSSL Leaving wolfSSL_negotiate, return -1
wolfSSL Leaving wolfSSL_read_internal(), return -1
wolfSSL Entering SSL_free
CTX ref count not 0 yet, no free
wolfSSL Leaving SSL_free, return 0

Here it seems the PadCheck fails. Any ideas how to resolve this?

Thanks and greetings,
tdoering

Share

Re: IE11/Edge: "PadCheck failed"

Hi tdoering,

Just wanted to provide an update here since this post is a little older. I am working on reproducing this issue on my end and will detail my findings here soon.

Regards,

Kaleb

Re: IE11/Edge: "PadCheck failed"

Hi Kaleb,

thank you.

One word about wolfSSL in general:
I was very pleased to see how straightforward the integration of wolfSSL was and is. I dealt with a lot of external libraries and wolfSSL is IMHO most easy to integrate so far.

Greetings,
tdoering

Share

Re: IE11/Edge: "PadCheck failed"

Hi Kaleb,

Any news on this?

Thanks and Greetings,
tdoering

Share

Re: IE11/Edge: "PadCheck failed"

Hi Kaleb,

one (probably important) side note: Our IE11 is running on Windows 7. I tried to investigate the issue and found this.

It seems there is a Bug in the TLS1.2 implementation on Windows 7 which might cause the issue. We are now building wolfSSL without DH (define NO_DH) and try to verify that.

Greetings,
tdoering

Share

Re: IE11/Edge: "PadCheck failed"

Hi Kaleb,

we found a solution for the issue. We enabled the following cipher suites on wolfSSL built:

    
    #define BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
    #define BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
    #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA384
    #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256

With those enabled the IE11 connection works.

Thanks and Greetings,
tdoering

Share

Re: IE11/Edge: "PadCheck failed"

Hi tdoering,

Sorry for delayed response.

I can confirm the requirement to define WOLFSSL_STATIC_RSA and use the static RSA cipher suites as ECDHE and DHE do not appear to be performing correctly in IE11/Edge.

I have not tested any of the static DH cipher suites yet but I suspect they will also work (define WOLFSSL_STATIC_DH).


Best Regards,

Kaleb