Re: Comparing LibreSSL and OpenSSL based on ApacheTest t/ssl results

Yann Ylavic Fri, 17 Jul 2015 07:20:37 -0700

On Fri, Jul 17, 2015 at 1:51 PM, Michael Felt <mamf...@gmail.com> wrote:
> On 2015-07-17 1:20 PM, Michael Felt wrote:
>>
>> On 2015-07-17 12:39 PM, Yann Ylavic wrote:
>>>
>>> tcpdump -i lo -w dump.pcap -s0 tcp port 8532
>>
>>
> Run at a different time, but with trace5 enabled.


Thanks, I finally managed to build libressl on my system and
httpd-2.4.x linked to it.
However since this isn't the system's native libssl, the perl
framework (libwww-perl/5.836 here) does not use it (but Debian's
libssl-0.9.8o-4squeeze20), so I had to use libressl's "openssl
s_client" to reproduce the case.

So:
$ /path/to/httpd/2.4.x/bin/httpd -f
/path/to/httpd/framework/trunk/t/conf/httpd.conf -X
on the server side, and:
$ /path/to/libressl/2.2.1/bin/openssl s_client -connect localhost:8532 -state
on the client side, with this simple request:
GET /require-aes128-cgi HTTP/1.1
Host: localhost:8532

Attached are the logs from both httpd and s_client, where we can see
that httpd somehow expects a client certificate during the
renegotiation (without sending any certificate request...), while
s_client obviously does not send anything like that (but its key
exchange).

I can't explain that... I'd need to debug.
Does this ring someone's bell?

$ /path/to/httpd/2.4.x/bin/httpd -f /path/to/httpd/framework/trunk/t/conf/httpd.conf -X

[Fri Jul 17 15:37:57.819547 2015] [ssl:info] [pid 3808:tid 140560601966336] [client 127.0.0.1:49874] AH01964: Connection to child 1 established (server localhost:8532)
[Fri Jul 17 15:37:57.819599 2015] [ssl:trace2] [pid 3808:tid 140560601966336] ssl_engine_rand.c(126): Seeding PRNG with 144 bytes of entropy
[Fri Jul 17 15:37:57.819712 2015] [ssl:trace3] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1801): [client 127.0.0.1:49874] OpenSSL: Handshake: start
[Fri Jul 17 15:37:57.819735 2015] [ssl:trace3] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1810): [client 127.0.0.1:49874] OpenSSL: Loop: before/accept initialization
[Fri Jul 17 15:37:57.819769 2015] [ssl:trace4] [pid 3808:tid 140560601966336] ssl_engine_io.c(2050): [client 127.0.0.1:49874] OpenSSL: read 11/11 bytes from BIO#e33430 [mem: f79ad0] (BIO dump follows)
[Fri Jul 17 15:37:57.819813 2015] [ssl:trace4] [pid 3808:tid 140560601966336] ssl_engine_io.c(2050): [client 127.0.0.1:49874] OpenSSL: read 309/309 bytes from BIO#e33430 [mem: f79ade] (BIO dump follows)
[Fri Jul 17 15:37:57.819871 2015] [ssl:debug] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1949): [client 127.0.0.1:49874] AH02645: Server name not provided via TLS extension (using default/first virtual host)
[Fri Jul 17 15:37:57.819905 2015] [ssl:trace3] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1810): [client 127.0.0.1:49874] OpenSSL: Loop: SSLv3 read client hello A
[Fri Jul 17 15:37:57.819924 2015] [ssl:trace3] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1810): [client 127.0.0.1:49874] OpenSSL: Loop: SSLv3 write server hello A
[Fri Jul 17 15:37:57.820250 2015] [ssl:trace3] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1810): [client 127.0.0.1:49874] OpenSSL: Loop: SSLv3 write certificate A
[Fri Jul 17 15:37:57.838067 2015] [ssl:trace3] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1810): [client 127.0.0.1:49874] OpenSSL: Loop: SSLv3 write key exchange A
[Fri Jul 17 15:37:57.838080 2015] [ssl:trace3] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1810): [client 127.0.0.1:49874] OpenSSL: Loop: SSLv3 write server done A
[Fri Jul 17 15:37:57.838088 2015] [ssl:trace4] [pid 3808:tid 140560601966336] ssl_engine_io.c(2050): [client 127.0.0.1:49874] OpenSSL: write 1745/1745 bytes to BIO#e28740 [mem: f6b450] (BIO dump follows)
[Fri Jul 17 15:37:57.838210 2015] [ssl:trace3] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1810): [client 127.0.0.1:49874] OpenSSL: Loop: SSLv3 flush data
[Fri Jul 17 15:37:57.838222 2015] [ssl:trace3] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1810): [client 127.0.0.1:49874] OpenSSL: Loop: SSLv3 read client certificate A
[Fri Jul 17 15:37:57.869063 2015] [ssl:trace4] [pid 3808:tid 140560601966336] ssl_engine_io.c(2050): [client 127.0.0.1:49874] OpenSSL: read 5/5 bytes from BIO#e33430 [mem: f79ad3] (BIO dump follows)
[Fri Jul 17 15:37:57.869105 2015] [ssl:trace4] [pid 3808:tid 140560601966336] ssl_engine_io.c(2050): [client 127.0.0.1:49874] OpenSSL: read 150/150 bytes from BIO#e33430 [mem: f79ad8] (BIO dump follows)
[Fri Jul 17 15:37:57.885825 2015] [ssl:trace3] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1810): [client 127.0.0.1:49874] OpenSSL: Loop: SSLv3 read client key exchange A
[Fri Jul 17 15:37:57.885842 2015] [ssl:trace4] [pid 3808:tid 140560601966336] ssl_engine_io.c(2050): [client 127.0.0.1:49874] OpenSSL: read 5/5 bytes from BIO#e33430 [mem: f79ad3] (BIO dump follows)
[Fri Jul 17 15:37:57.885849 2015] [ssl:trace4] [pid 3808:tid 140560601966336] ssl_engine_io.c(2050): [client 127.0.0.1:49874] OpenSSL: read 1/1 bytes from BIO#e33430 [mem: f79ad8] (BIO dump follows)
[Fri Jul 17 15:37:57.885892 2015] [ssl:trace4] [pid 3808:tid 140560601966336] ssl_engine_io.c(2050): [client 127.0.0.1:49874] OpenSSL: read 5/5 bytes from BIO#e33430 [mem: f79ad3] (BIO dump follows)
[Fri Jul 17 15:37:57.885899 2015] [ssl:trace4] [pid 3808:tid 140560601966336] ssl_engine_io.c(2050): [client 127.0.0.1:49874] OpenSSL: read 32/32 bytes from BIO#e33430 [mem: f79ad8] (BIO dump follows)
[Fri Jul 17 15:37:57.885922 2015] [ssl:trace3] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1810): [client 127.0.0.1:49874] OpenSSL: Loop: SSLv3 read finished A
[Fri Jul 17 15:37:57.885950 2015] [ssl:trace3] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1810): [client 127.0.0.1:49874] OpenSSL: Loop: SSLv3 write session ticket A
[Fri Jul 17 15:37:57.885957 2015] [ssl:trace3] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1810): [client 127.0.0.1:49874] OpenSSL: Loop: SSLv3 write change cipher spec A
[Fri Jul 17 15:37:57.885980 2015] [ssl:trace3] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1810): [client 127.0.0.1:49874] OpenSSL: Loop: SSLv3 write finished A
[Fri Jul 17 15:37:57.885987 2015] [ssl:trace4] [pid 3808:tid 140560601966336] ssl_engine_io.c(2050): [client 127.0.0.1:49874] OpenSSL: write 250/250 bytes to BIO#e28740 [mem: f6b450] (BIO dump follows)
[Fri Jul 17 15:37:57.886050 2015] [ssl:trace3] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1810): [client 127.0.0.1:49874] OpenSSL: Loop: SSLv3 flush data
[Fri Jul 17 15:37:57.886062 2015] [ssl:trace3] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1805): [client 127.0.0.1:49874] OpenSSL: Handshake: done
[Fri Jul 17 15:37:57.886071 2015] [ssl:debug] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1854): [client 127.0.0.1:49874] AH02041: Protocol: TLSv1.2, Cipher: ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)
[Fri Jul 17 15:37:58.777979 2015] [ssl:trace4] [pid 3808:tid 140560601966336] ssl_engine_io.c(2050): [client 127.0.0.1:49874] OpenSSL: read 5/5 bytes from BIO#e33430 [mem: f79ad3] (BIO dump follows)
[Fri Jul 17 15:37:58.778040 2015] [ssl:trace4] [pid 3808:tid 140560601966336] ssl_engine_io.c(2050): [client 127.0.0.1:49874] OpenSSL: read 49/49 bytes from BIO#e33430 [mem: f79ad8] (BIO dump follows)
[Fri Jul 17 15:37:58.778074 2015] [core:trace5] [pid 3808:tid 140560601966336] protocol.c(618): [client 127.0.0.1:49874] Request received from client: GET /require-aes128-cgi HTTP/1.1
[Fri Jul 17 15:37:58.814426 2015] [ssl:trace4] [pid 3808:tid 140560601966336] ssl_engine_io.c(2050): [client 127.0.0.1:49874] OpenSSL: read 5/5 bytes from BIO#e33430 [mem: f79ad3] (BIO dump follows)
[Fri Jul 17 15:37:58.814466 2015] [ssl:trace4] [pid 3808:tid 140560601966336] ssl_engine_io.c(2050): [client 127.0.0.1:49874] OpenSSL: read 37/37 bytes from BIO#e33430 [mem: f79ad8] (BIO dump follows)
[Fri Jul 17 15:37:58.814500 2015] [ssl:trace4] [pid 3808:tid 140560601966336] ssl_engine_io.c(2050): [client 127.0.0.1:49874] OpenSSL: read 5/5 bytes from BIO#e33430 [mem: f79ad3] (BIO dump follows)
[Fri Jul 17 15:37:58.814517 2015] [ssl:trace4] [pid 3808:tid 140560601966336] ssl_engine_io.c(2050): [client 127.0.0.1:49874] OpenSSL: read 17/17 bytes from BIO#e33430 [mem: f79ad8] (BIO dump follows)
[Fri Jul 17 15:37:58.814558 2015] [ssl:debug] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(244): [client 127.0.0.1:49874] AH02034: Initial (No.1) HTTPS request received for child 1 (server localhost:8532)
[Fri Jul 17 15:37:58.814577 2015] [http:trace4] [pid 3808:tid 140560601966336] http_request.c(322): [client 127.0.0.1:49874] Headers received from client:
[Fri Jul 17 15:37:58.814587 2015] [http:trace4] [pid 3808:tid 140560601966336] http_request.c(326): [client 127.0.0.1:49874]   Host: localhost:8532
[Fri Jul 17 15:37:58.815317 2015] [ssl:debug] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(511): [client 127.0.0.1:49874] AH02220: Reconfigured cipher suite will force renegotiation
[Fri Jul 17 15:37:58.815341 2015] [ssl:info] [pid 3808:tid 140560601966336] [client 127.0.0.1:49874] AH02221: Requesting connection re-negotiation
[Fri Jul 17 15:37:58.815367 2015] [ssl:trace4] [pid 3808:tid 140560601966336] ssl_engine_io.c(2059): [client 127.0.0.1:49874] OpenSSL: I/O error, 5 bytes expected to read on BIO#e33430 [mem: f79ad3]
[Fri Jul 17 15:37:58.815391 2015] [ssl:debug] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(802): [client 127.0.0.1:49874] AH02260: Performing full renegotiation: complete handshake protocol (client does support secure renegotiation)
[Fri Jul 17 15:37:58.815408 2015] [ssl:trace3] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1801): [client 127.0.0.1:49874] OpenSSL: Handshake: start
[Fri Jul 17 15:37:58.815426 2015] [ssl:trace3] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1810): [client 127.0.0.1:49874] OpenSSL: Loop: SSL renegotiate ciphers
[Fri Jul 17 15:37:58.815447 2015] [ssl:trace4] [pid 3808:tid 140560601966336] ssl_engine_io.c(2050): [client 127.0.0.1:49874] OpenSSL: write 25/25 bytes to BIO#e28740 [mem: f72993] (BIO dump follows)
[Fri Jul 17 15:37:58.815471 2015] [ssl:trace3] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1810): [client 127.0.0.1:49874] OpenSSL: Loop: SSLv3 write hello request A
[Fri Jul 17 15:37:58.815581 2015] [ssl:trace3] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1810): [client 127.0.0.1:49874] OpenSSL: Loop: SSLv3 flush data
[Fri Jul 17 15:37:58.815608 2015] [ssl:trace3] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1810): [client 127.0.0.1:49874] OpenSSL: Loop: SSLv3 write hello request C
[Fri Jul 17 15:37:58.815624 2015] [ssl:info] [pid 3808:tid 140560601966336] [client 127.0.0.1:49874] AH02226: Awaiting re-negotiation handshake
[Fri Jul 17 15:37:58.815639 2015] [ssl:trace3] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1801): [client 127.0.0.1:49874] OpenSSL: Handshake: start
[Fri Jul 17 15:37:58.815662 2015] [ssl:trace3] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1810): [client 127.0.0.1:49874] OpenSSL: Loop: before accept initialization
[Fri Jul 17 15:37:58.815913 2015] [ssl:trace4] [pid 3808:tid 140560601966336] ssl_engine_io.c(2050): [client 127.0.0.1:49874] OpenSSL: read 5/5 bytes from BIO#e33430 [mem: f7f033] (BIO dump follows)
[Fri Jul 17 15:37:58.815960 2015] [ssl:trace4] [pid 3808:tid 140560601966336] ssl_engine_io.c(2050): [client 127.0.0.1:49874] OpenSSL: read 570/570 bytes from BIO#e33430 [mem: f7f038] (BIO dump follows)
[Fri Jul 17 15:37:58.816037 2015] [ssl:debug] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1949): [client 127.0.0.1:49874] AH02645: Server name not provided via TLS extension (using default/first virtual host)
[Fri Jul 17 15:37:58.816079 2015] [ssl:trace3] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1810): [client 127.0.0.1:49874] OpenSSL: Loop: SSLv3 read client hello A
[Fri Jul 17 15:37:58.816103 2015] [ssl:trace3] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1810): [client 127.0.0.1:49874] OpenSSL: Loop: SSLv3 write server hello A
[Fri Jul 17 15:37:58.816450 2015] [ssl:trace3] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1810): [client 127.0.0.1:49874] OpenSSL: Loop: SSLv3 write certificate A
[Fri Jul 17 15:37:58.816477 2015] [ssl:trace3] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1810): [client 127.0.0.1:49874] OpenSSL: Loop: SSLv3 write server done A
[Fri Jul 17 15:37:58.816494 2015] [ssl:trace4] [pid 3808:tid 140560601966336] ssl_engine_io.c(2050): [client 127.0.0.1:49874] OpenSSL: write 1519/1519 bytes to BIO#e28740 [mem: f8bd20] (BIO dump follows)
[Fri Jul 17 15:37:58.816598 2015] [ssl:trace3] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1810): [client 127.0.0.1:49874] OpenSSL: Loop: SSLv3 flush data
[Fri Jul 17 15:37:58.816612 2015] [ssl:trace3] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1810): [client 127.0.0.1:49874] OpenSSL: Loop: SSLv3 read client certificate A
[Fri Jul 17 15:37:58.818705 2015] [ssl:trace4] [pid 3808:tid 140560601966336] ssl_engine_io.c(2050): [client 127.0.0.1:49874] OpenSSL: read 5/5 bytes from BIO#e33430 [mem: f7f033] (BIO dump follows)
[Fri Jul 17 15:37:58.818744 2015] [ssl:trace4] [pid 3808:tid 140560601966336] ssl_engine_io.c(2050): [client 127.0.0.1:49874] OpenSSL: read 150/150 bytes from BIO#e33430 [mem: f7f038] (BIO dump follows)
[Fri Jul 17 15:37:58.819632 2015] [ssl:trace3] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1810): [client 127.0.0.1:49874] OpenSSL: Loop: SSLv3 read client key exchange A
[Fri Jul 17 15:37:58.819661 2015] [ssl:trace4] [pid 3808:tid 140560601966336] ssl_engine_io.c(2050): [client 127.0.0.1:49874] OpenSSL: read 5/5 bytes from BIO#e33430 [mem: f7f033] (BIO dump follows)
[Fri Jul 17 15:37:58.819678 2015] [ssl:trace4] [pid 3808:tid 140560601966336] ssl_engine_io.c(2050): [client 127.0.0.1:49874] OpenSSL: read 17/17 bytes from BIO#e33430 [mem: f7f038] (BIO dump follows)
[Fri Jul 17 15:37:58.819833 2015] [ssl:trace4] [pid 3808:tid 140560601966336] ssl_engine_io.c(2050): [client 127.0.0.1:49874] OpenSSL: read 5/5 bytes from BIO#e33430 [mem: f7f033] (BIO dump follows)
[Fri Jul 17 15:37:58.819853 2015] [ssl:trace4] [pid 3808:tid 140560601966336] ssl_engine_io.c(2050): [client 127.0.0.1:49874] OpenSSL: read 68/68 bytes from BIO#e33430 [mem: f7f038] (BIO dump follows)
[Fri Jul 17 15:37:58.819902 2015] [ssl:trace4] [pid 3808:tid 140560601966336] ssl_engine_io.c(2050): [client 127.0.0.1:49874] OpenSSL: write 23/23 bytes to BIO#e28740 [mem: f8bd20] (BIO dump follows)
[Fri Jul 17 15:37:58.820015 2015] [ssl:trace3] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1820): [client 127.0.0.1:49874] OpenSSL: Write: SSLv3 read certificate verify A
[Fri Jul 17 15:37:58.820031 2015] [ssl:trace3] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1839): [client 127.0.0.1:49874] OpenSSL: Exit: error in SSLv3 read certificate verify A
[Fri Jul 17 15:37:58.820042 2015] [ssl:error] [pid 3808:tid 140560601966336] [client 127.0.0.1:49874] AH02261: Re-negotiation handshake failed
[Fri Jul 17 15:37:58.820066 2015] [ssl:error] [pid 3808:tid 140560601966336] SSL Library Error: error:060C1064:digital envelope routines:AEAD_CHACHA20_POLY1305_OPEN:bad decrypt -- wrong pass phrase!?
[Fri Jul 17 15:37:58.820110 2015] [ssl:error] [pid 3808:tid 140560601966336] SSL Library Error: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac
[Fri Jul 17 15:37:58.820123 2015] [core:trace3] [pid 3808:tid 140560601966336] request.c(119): [client 127.0.0.1:49874] auth phase 'check access (with Satisfy All)' gave status 403: /require-aes128-cgi
[Fri Jul 17 15:37:58.820168 2015] [http:trace3] [pid 3808:tid 140560601966336] http_filters.c(1006): [client 127.0.0.1:49874] Response sent with status 403, headers:
[Fri Jul 17 15:37:58.820180 2015] [http:trace5] [pid 3808:tid 140560601966336] http_filters.c(1013): [client 127.0.0.1:49874]   Date: Fri, 17 Jul 2015 13:37:58 GMT
[Fri Jul 17 15:37:58.820189 2015] [http:trace5] [pid 3808:tid 140560601966336] http_filters.c(1016): [client 127.0.0.1:49874]   Server: Apache/2.4.17-dev (Unix) LibreSSL/2.2.1
[Fri Jul 17 15:37:58.820200 2015] [http:trace4] [pid 3808:tid 140560601966336] http_filters.c(835): [client 127.0.0.1:49874]   Content-Length: 227
[Fri Jul 17 15:37:58.820209 2015] [http:trace4] [pid 3808:tid 140560601966336] http_filters.c(835): [client 127.0.0.1:49874]   Connection: close
[Fri Jul 17 15:37:58.820219 2015] [http:trace4] [pid 3808:tid 140560601966336] http_filters.c(835): [client 127.0.0.1:49874]   Content-Type: text/html; charset=iso-8859-1
[Fri Jul 17 15:37:58.820231 2015] [ssl:trace4] [pid 3808:tid 140560601966336] ssl_engine_io.c(1489): [client 127.0.0.1:49874] coalesce: have 0 bytes, adding 197 more
[Fri Jul 17 15:37:58.820260 2015] [ssl:trace4] [pid 3808:tid 140560601966336] ssl_engine_io.c(2050): [client 127.0.0.1:49874] OpenSSL: write 23/23 bytes to BIO#e28740 [mem: f8bd20] (BIO dump follows)
[Fri Jul 17 15:37:58.820306 2015] [ssl:trace3] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1820): [client 127.0.0.1:49874] OpenSSL: Write: SSLv3 read finished A
[Fri Jul 17 15:37:58.820321 2015] [ssl:trace3] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1839): [client 127.0.0.1:49874] OpenSSL: Exit: error in SSLv3 read finished A
[Fri Jul 17 15:37:58.820337 2015] [ssl:info] [pid 3808:tid 140560601966336] [client 127.0.0.1:49874] AH02008: SSL library error 1 in handshake (server localhost:8532)
[Fri Jul 17 15:37:58.820375 2015] [ssl:info] [pid 3808:tid 140560601966336] SSL Library Error: error:1408E0F4:SSL routines:SSL3_GET_MESSAGE:unexpected message
[Fri Jul 17 15:37:58.820390 2015] [ssl:info] [pid 3808:tid 140560601966336] [client 127.0.0.1:49874] AH01998: Connection closed to child 1 with abortive shutdown (server localhost:8532)

$ /path/to/libressl/2.2.1/bin/openssl s_client -connect localhost:8532 -state

CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:unknown state
SSL_connect:SSLv3 read server hello A
depth=1 C = US, ST = California, L = San Francisco, O = ASF, OU = httpd-test, CN = ca, emailAddress = test-...@httpd.apache.org
verify error:num=19:self signed certificate in certificate chain
verify return:0
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server key exchange A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read server session ticket A
SSL_connect:SSLv3 read finished A
---
Certificate chain
 0 s:/C=US/ST=California/L=San Francisco/O=ASF/OU=httpd-test/rsa-test/CN=localhost/emailAddress=test-...@httpd.apache.org
   i:/C=US/ST=California/L=San Francisco/O=ASF/OU=httpd-test/CN=ca/emailAddress=test-...@httpd.apache.org
 1 s:/C=US/ST=California/L=San Francisco/O=ASF/OU=httpd-test/CN=ca/emailAddress=test-...@httpd.apache.org
   i:/C=US/ST=California/L=San Francisco/O=ASF/OU=httpd-test/CN=ca/emailAddress=test-...@httpd.apache.org
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICqTCCAhICAQswDQYJKoZIhvcNAQEFBQAwgZQxCzAJBgNVBAYTAlVTMRMwEQYD
VQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMQwwCgYDVQQK
DANBU0YxEzARBgNVBAsMCmh0dHBkLXRlc3QxCzAJBgNVBAMMAmNhMSgwJgYJKoZI
hvcNAQkBFhl0ZXN0LWRldkBodHRwZC5hcGFjaGUub3JnMB4XDTE1MDcxNzEyMDQ0
MVoXDTE2MDcxNjEyMDQ0MVowgaQxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxp
Zm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMQwwCgYDVQQKDANBU0YxHDAa
BgNVBAsME2h0dHBkLXRlc3QvcnNhLXRlc3QxEjAQBgNVBAMMCWxvY2FsaG9zdDEo
MCYGCSqGSIb3DQEJARYZdGVzdC1kZXZAaHR0cGQuYXBhY2hlLm9yZzCBnzANBgkq
hkiG9w0BAQEFAAOBjQAwgYkCgYEAxW4N5sHHn6sTjqN4yxQ0eoJroe3Tcl1eDesN
QH542YjYb+Owiyhe8D4bD2bpoPBnFM7ZWcysUDyfdz2Jbk/89U7NoVZvM+HmCkQg
xDSKh4waUpJ4tNZFabZrPN0o4a4q0c/krGk/r3gBd6SpmmZHXL11v4sFji16/5Bj
S9yCatkCAwEAATANBgkqhkiG9w0BAQUFAAOBgQAn5RmglU/JWy6mziWE5bQxMX4a
NGplfEW5FyQSEJRC5i5SSiItLZE/fBMSAdi5X+RcQYfKTDvzIsz5aZaBXA5NkgRN
+1m6S+Ris0EGD4sgtSC6l50No2MexZ9KueBh3nAaVWeyxKLRa5QgHCViJi0EYLm0
1piLKoX8PDfYJevhYw==
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=San Francisco/O=ASF/OU=httpd-test/rsa-test/CN=localhost/emailAddress=test-...@httpd.apache.org
issuer=/C=US/ST=California/L=San Francisco/O=ASF/OU=httpd-test/CN=ca/emailAddress=test-...@httpd.apache.org
---
No client certificate CA names sent
---
SSL handshake has read 1995 bytes and written 518 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-CHACHA20-POLY1305
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-CHACHA20-POLY1305
    Session-ID: 327DB3F57CD40D67A7E1DA2DE548FA8A11E7888E935C4C61AF28702EB14EBE5C
    Session-ID-ctx: 
    Master-Key: 2EFA02BB2D2C8029A4D55F13F4B3228AAD2B84B5203ED2668B177886C800B59B11C63B1E56BD48A473EA424E7A45A75A
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - 03 7b a8 88 63 a4 ff 0d-69 1d 73 b6 66 36 ae 67   .{..c...i.s.f6.g
    0010 - b6 a6 b5 72 dd 03 99 01-af 01 54 4f 56 8a ea d2   ...r......TOV...
    0020 - a0 14 c5 3e 98 7d 8c 35-8b 7b 38 64 b7 ad 7d 45   ...>.}.5.{8d..}E
    0030 - 00 c2 4b e9 9f a9 27 98-1f f6 e6 be 32 0f b1 a4   ..K...'.....2...
    0040 - ab f5 e2 14 7c ee 09 74-0b 0a 75 01 e0 0b 84 f3   ....|..t..u.....
    0050 - 12 31 3f d2 91 fc d2 cf-fb 34 20 d5 fd 15 97 d1   .1?......4 .....
    0060 - 2d 84 ab 58 e3 5f c1 1c-60 e6 de 32 a0 0f ef 55   -..X._..`..2...U
    0070 - e4 80 6d 7c cc a7 3a 26-6b 58 f5 9f 36 4f b9 c0   ..m|..:&kX..6O..
    0080 - d6 9d c0 86 ef 15 c3 55-40 75 44 aa b5 95 86 e2   .......U@uD.....
    0090 - a9 92 73 3b 66 06 6a 28-22 c2 0d 0a 40 b9 5c 0f   ..s;f.j("...@.\.
    00a0 - 48 fe d3 83 6a af 54 db-6a bd 1c 8a 9a d6 de 16   H...j.T.j.......
    00b0 - 22 83 c2 24 e5 71 50 06-a3 d5 cb 5d bd 9d 04 f6   "..$.qP....]....

    Start Time: 1437140277
    Timeout   : 300 (sec)
    Verify return code: 19 (self signed certificate in certificate chain)
---
GET /require-aes128-cgi HTTP/1.1
Host: localhost:8532

SSL_connect:SSL renegotiate ciphers
SSL_connect:SSLv3 write client hello A
SSL_connect:SSLv3 read server hello A
depth=1 C = US, ST = California, L = San Francisco, O = ASF, OU = httpd-test, CN = ca, emailAddress = test-...@httpd.apache.org
verify error:num=19:self signed certificate in certificate chain
verify return:0
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL3 alert read:fatal:bad record mac
SSL_connect:failed in SSLv3 read server session ticket A
139901660460712:error:140943FC:SSL routines:SSL3_READ_BYTES:sslv3 alert bad record mac:s3_pkt.c:1139:SSL alert number 20
139901660460712:error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure:s3_pkt.c:1051:

Re: Comparing LibreSSL and OpenSSL based on ApacheTest t/ssl results

Reply via email to