On Fri, Jul 17, 2015 at 1:51 PM, Michael Felt <mamf...@gmail.com> wrote: > On 2015-07-17 1:20 PM, Michael Felt wrote: >> >> On 2015-07-17 12:39 PM, Yann Ylavic wrote: >>> >>> tcpdump -i lo -w dump.pcap -s0 tcp port 8532 >> >> > Run at a different time, but with trace5 enabled.
Thanks, I finally managed to build libressl on my system and httpd-2.4.x linked to it. However since this isn't the system's native libssl, the perl framework (libwww-perl/5.836 here) does not use it (but Debian's libssl-0.9.8o-4squeeze20), so I had to use libressl's "openssl s_client" to reproduce the case. So: $ /path/to/httpd/2.4.x/bin/httpd -f /path/to/httpd/framework/trunk/t/conf/httpd.conf -X on the server side, and: $ /path/to/libressl/2.2.1/bin/openssl s_client -connect localhost:8532 -state on the client side, with this simple request: GET /require-aes128-cgi HTTP/1.1 Host: localhost:8532 Attached are the logs from both httpd and s_client, where we can see that httpd somehow expects a client certificate during the renegotiation (without sending any certificate request...), while s_client obviously does not send anything like that (but its key exchange). I can't explain that... I'd need to debug. Does this ring someone's bell?
$ /path/to/httpd/2.4.x/bin/httpd -f /path/to/httpd/framework/trunk/t/conf/httpd.conf -X [Fri Jul 17 15:37:57.819547 2015] [ssl:info] [pid 3808:tid 140560601966336] [client 127.0.0.1:49874] AH01964: Connection to child 1 established (server localhost:8532) [Fri Jul 17 15:37:57.819599 2015] [ssl:trace2] [pid 3808:tid 140560601966336] ssl_engine_rand.c(126): Seeding PRNG with 144 bytes of entropy [Fri Jul 17 15:37:57.819712 2015] [ssl:trace3] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1801): [client 127.0.0.1:49874] OpenSSL: Handshake: start [Fri Jul 17 15:37:57.819735 2015] [ssl:trace3] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1810): [client 127.0.0.1:49874] OpenSSL: Loop: before/accept initialization [Fri Jul 17 15:37:57.819769 2015] [ssl:trace4] [pid 3808:tid 140560601966336] ssl_engine_io.c(2050): [client 127.0.0.1:49874] OpenSSL: read 11/11 bytes from BIO#e33430 [mem: f79ad0] (BIO dump follows) [Fri Jul 17 15:37:57.819813 2015] [ssl:trace4] [pid 3808:tid 140560601966336] ssl_engine_io.c(2050): [client 127.0.0.1:49874] OpenSSL: read 309/309 bytes from BIO#e33430 [mem: f79ade] (BIO dump follows) [Fri Jul 17 15:37:57.819871 2015] [ssl:debug] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1949): [client 127.0.0.1:49874] AH02645: Server name not provided via TLS extension (using default/first virtual host) [Fri Jul 17 15:37:57.819905 2015] [ssl:trace3] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1810): [client 127.0.0.1:49874] OpenSSL: Loop: SSLv3 read client hello A [Fri Jul 17 15:37:57.819924 2015] [ssl:trace3] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1810): [client 127.0.0.1:49874] OpenSSL: Loop: SSLv3 write server hello A [Fri Jul 17 15:37:57.820250 2015] [ssl:trace3] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1810): [client 127.0.0.1:49874] OpenSSL: Loop: SSLv3 write certificate A [Fri Jul 17 15:37:57.838067 2015] [ssl:trace3] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1810): [client 127.0.0.1:49874] OpenSSL: Loop: SSLv3 write key exchange A [Fri Jul 17 15:37:57.838080 2015] [ssl:trace3] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1810): [client 127.0.0.1:49874] OpenSSL: Loop: SSLv3 write server done A [Fri Jul 17 15:37:57.838088 2015] [ssl:trace4] [pid 3808:tid 140560601966336] ssl_engine_io.c(2050): [client 127.0.0.1:49874] OpenSSL: write 1745/1745 bytes to BIO#e28740 [mem: f6b450] (BIO dump follows) [Fri Jul 17 15:37:57.838210 2015] [ssl:trace3] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1810): [client 127.0.0.1:49874] OpenSSL: Loop: SSLv3 flush data [Fri Jul 17 15:37:57.838222 2015] [ssl:trace3] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1810): [client 127.0.0.1:49874] OpenSSL: Loop: SSLv3 read client certificate A [Fri Jul 17 15:37:57.869063 2015] [ssl:trace4] [pid 3808:tid 140560601966336] ssl_engine_io.c(2050): [client 127.0.0.1:49874] OpenSSL: read 5/5 bytes from BIO#e33430 [mem: f79ad3] (BIO dump follows) [Fri Jul 17 15:37:57.869105 2015] [ssl:trace4] [pid 3808:tid 140560601966336] ssl_engine_io.c(2050): [client 127.0.0.1:49874] OpenSSL: read 150/150 bytes from BIO#e33430 [mem: f79ad8] (BIO dump follows) [Fri Jul 17 15:37:57.885825 2015] [ssl:trace3] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1810): [client 127.0.0.1:49874] OpenSSL: Loop: SSLv3 read client key exchange A [Fri Jul 17 15:37:57.885842 2015] [ssl:trace4] [pid 3808:tid 140560601966336] ssl_engine_io.c(2050): [client 127.0.0.1:49874] OpenSSL: read 5/5 bytes from BIO#e33430 [mem: f79ad3] (BIO dump follows) [Fri Jul 17 15:37:57.885849 2015] [ssl:trace4] [pid 3808:tid 140560601966336] ssl_engine_io.c(2050): [client 127.0.0.1:49874] OpenSSL: read 1/1 bytes from BIO#e33430 [mem: f79ad8] (BIO dump follows) [Fri Jul 17 15:37:57.885892 2015] [ssl:trace4] [pid 3808:tid 140560601966336] ssl_engine_io.c(2050): [client 127.0.0.1:49874] OpenSSL: read 5/5 bytes from BIO#e33430 [mem: f79ad3] (BIO dump follows) [Fri Jul 17 15:37:57.885899 2015] [ssl:trace4] [pid 3808:tid 140560601966336] ssl_engine_io.c(2050): [client 127.0.0.1:49874] OpenSSL: read 32/32 bytes from BIO#e33430 [mem: f79ad8] (BIO dump follows) [Fri Jul 17 15:37:57.885922 2015] [ssl:trace3] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1810): [client 127.0.0.1:49874] OpenSSL: Loop: SSLv3 read finished A [Fri Jul 17 15:37:57.885950 2015] [ssl:trace3] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1810): [client 127.0.0.1:49874] OpenSSL: Loop: SSLv3 write session ticket A [Fri Jul 17 15:37:57.885957 2015] [ssl:trace3] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1810): [client 127.0.0.1:49874] OpenSSL: Loop: SSLv3 write change cipher spec A [Fri Jul 17 15:37:57.885980 2015] [ssl:trace3] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1810): [client 127.0.0.1:49874] OpenSSL: Loop: SSLv3 write finished A [Fri Jul 17 15:37:57.885987 2015] [ssl:trace4] [pid 3808:tid 140560601966336] ssl_engine_io.c(2050): [client 127.0.0.1:49874] OpenSSL: write 250/250 bytes to BIO#e28740 [mem: f6b450] (BIO dump follows) [Fri Jul 17 15:37:57.886050 2015] [ssl:trace3] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1810): [client 127.0.0.1:49874] OpenSSL: Loop: SSLv3 flush data [Fri Jul 17 15:37:57.886062 2015] [ssl:trace3] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1805): [client 127.0.0.1:49874] OpenSSL: Handshake: done [Fri Jul 17 15:37:57.886071 2015] [ssl:debug] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1854): [client 127.0.0.1:49874] AH02041: Protocol: TLSv1.2, Cipher: ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits) [Fri Jul 17 15:37:58.777979 2015] [ssl:trace4] [pid 3808:tid 140560601966336] ssl_engine_io.c(2050): [client 127.0.0.1:49874] OpenSSL: read 5/5 bytes from BIO#e33430 [mem: f79ad3] (BIO dump follows) [Fri Jul 17 15:37:58.778040 2015] [ssl:trace4] [pid 3808:tid 140560601966336] ssl_engine_io.c(2050): [client 127.0.0.1:49874] OpenSSL: read 49/49 bytes from BIO#e33430 [mem: f79ad8] (BIO dump follows) [Fri Jul 17 15:37:58.778074 2015] [core:trace5] [pid 3808:tid 140560601966336] protocol.c(618): [client 127.0.0.1:49874] Request received from client: GET /require-aes128-cgi HTTP/1.1 [Fri Jul 17 15:37:58.814426 2015] [ssl:trace4] [pid 3808:tid 140560601966336] ssl_engine_io.c(2050): [client 127.0.0.1:49874] OpenSSL: read 5/5 bytes from BIO#e33430 [mem: f79ad3] (BIO dump follows) [Fri Jul 17 15:37:58.814466 2015] [ssl:trace4] [pid 3808:tid 140560601966336] ssl_engine_io.c(2050): [client 127.0.0.1:49874] OpenSSL: read 37/37 bytes from BIO#e33430 [mem: f79ad8] (BIO dump follows) [Fri Jul 17 15:37:58.814500 2015] [ssl:trace4] [pid 3808:tid 140560601966336] ssl_engine_io.c(2050): [client 127.0.0.1:49874] OpenSSL: read 5/5 bytes from BIO#e33430 [mem: f79ad3] (BIO dump follows) [Fri Jul 17 15:37:58.814517 2015] [ssl:trace4] [pid 3808:tid 140560601966336] ssl_engine_io.c(2050): [client 127.0.0.1:49874] OpenSSL: read 17/17 bytes from BIO#e33430 [mem: f79ad8] (BIO dump follows) [Fri Jul 17 15:37:58.814558 2015] [ssl:debug] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(244): [client 127.0.0.1:49874] AH02034: Initial (No.1) HTTPS request received for child 1 (server localhost:8532) [Fri Jul 17 15:37:58.814577 2015] [http:trace4] [pid 3808:tid 140560601966336] http_request.c(322): [client 127.0.0.1:49874] Headers received from client: [Fri Jul 17 15:37:58.814587 2015] [http:trace4] [pid 3808:tid 140560601966336] http_request.c(326): [client 127.0.0.1:49874] Host: localhost:8532 [Fri Jul 17 15:37:58.815317 2015] [ssl:debug] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(511): [client 127.0.0.1:49874] AH02220: Reconfigured cipher suite will force renegotiation [Fri Jul 17 15:37:58.815341 2015] [ssl:info] [pid 3808:tid 140560601966336] [client 127.0.0.1:49874] AH02221: Requesting connection re-negotiation [Fri Jul 17 15:37:58.815367 2015] [ssl:trace4] [pid 3808:tid 140560601966336] ssl_engine_io.c(2059): [client 127.0.0.1:49874] OpenSSL: I/O error, 5 bytes expected to read on BIO#e33430 [mem: f79ad3] [Fri Jul 17 15:37:58.815391 2015] [ssl:debug] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(802): [client 127.0.0.1:49874] AH02260: Performing full renegotiation: complete handshake protocol (client does support secure renegotiation) [Fri Jul 17 15:37:58.815408 2015] [ssl:trace3] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1801): [client 127.0.0.1:49874] OpenSSL: Handshake: start [Fri Jul 17 15:37:58.815426 2015] [ssl:trace3] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1810): [client 127.0.0.1:49874] OpenSSL: Loop: SSL renegotiate ciphers [Fri Jul 17 15:37:58.815447 2015] [ssl:trace4] [pid 3808:tid 140560601966336] ssl_engine_io.c(2050): [client 127.0.0.1:49874] OpenSSL: write 25/25 bytes to BIO#e28740 [mem: f72993] (BIO dump follows) [Fri Jul 17 15:37:58.815471 2015] [ssl:trace3] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1810): [client 127.0.0.1:49874] OpenSSL: Loop: SSLv3 write hello request A [Fri Jul 17 15:37:58.815581 2015] [ssl:trace3] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1810): [client 127.0.0.1:49874] OpenSSL: Loop: SSLv3 flush data [Fri Jul 17 15:37:58.815608 2015] [ssl:trace3] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1810): [client 127.0.0.1:49874] OpenSSL: Loop: SSLv3 write hello request C [Fri Jul 17 15:37:58.815624 2015] [ssl:info] [pid 3808:tid 140560601966336] [client 127.0.0.1:49874] AH02226: Awaiting re-negotiation handshake [Fri Jul 17 15:37:58.815639 2015] [ssl:trace3] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1801): [client 127.0.0.1:49874] OpenSSL: Handshake: start [Fri Jul 17 15:37:58.815662 2015] [ssl:trace3] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1810): [client 127.0.0.1:49874] OpenSSL: Loop: before accept initialization [Fri Jul 17 15:37:58.815913 2015] [ssl:trace4] [pid 3808:tid 140560601966336] ssl_engine_io.c(2050): [client 127.0.0.1:49874] OpenSSL: read 5/5 bytes from BIO#e33430 [mem: f7f033] (BIO dump follows) [Fri Jul 17 15:37:58.815960 2015] [ssl:trace4] [pid 3808:tid 140560601966336] ssl_engine_io.c(2050): [client 127.0.0.1:49874] OpenSSL: read 570/570 bytes from BIO#e33430 [mem: f7f038] (BIO dump follows) [Fri Jul 17 15:37:58.816037 2015] [ssl:debug] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1949): [client 127.0.0.1:49874] AH02645: Server name not provided via TLS extension (using default/first virtual host) [Fri Jul 17 15:37:58.816079 2015] [ssl:trace3] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1810): [client 127.0.0.1:49874] OpenSSL: Loop: SSLv3 read client hello A [Fri Jul 17 15:37:58.816103 2015] [ssl:trace3] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1810): [client 127.0.0.1:49874] OpenSSL: Loop: SSLv3 write server hello A [Fri Jul 17 15:37:58.816450 2015] [ssl:trace3] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1810): [client 127.0.0.1:49874] OpenSSL: Loop: SSLv3 write certificate A [Fri Jul 17 15:37:58.816477 2015] [ssl:trace3] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1810): [client 127.0.0.1:49874] OpenSSL: Loop: SSLv3 write server done A [Fri Jul 17 15:37:58.816494 2015] [ssl:trace4] [pid 3808:tid 140560601966336] ssl_engine_io.c(2050): [client 127.0.0.1:49874] OpenSSL: write 1519/1519 bytes to BIO#e28740 [mem: f8bd20] (BIO dump follows) [Fri Jul 17 15:37:58.816598 2015] [ssl:trace3] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1810): [client 127.0.0.1:49874] OpenSSL: Loop: SSLv3 flush data [Fri Jul 17 15:37:58.816612 2015] [ssl:trace3] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1810): [client 127.0.0.1:49874] OpenSSL: Loop: SSLv3 read client certificate A [Fri Jul 17 15:37:58.818705 2015] [ssl:trace4] [pid 3808:tid 140560601966336] ssl_engine_io.c(2050): [client 127.0.0.1:49874] OpenSSL: read 5/5 bytes from BIO#e33430 [mem: f7f033] (BIO dump follows) [Fri Jul 17 15:37:58.818744 2015] [ssl:trace4] [pid 3808:tid 140560601966336] ssl_engine_io.c(2050): [client 127.0.0.1:49874] OpenSSL: read 150/150 bytes from BIO#e33430 [mem: f7f038] (BIO dump follows) [Fri Jul 17 15:37:58.819632 2015] [ssl:trace3] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1810): [client 127.0.0.1:49874] OpenSSL: Loop: SSLv3 read client key exchange A [Fri Jul 17 15:37:58.819661 2015] [ssl:trace4] [pid 3808:tid 140560601966336] ssl_engine_io.c(2050): [client 127.0.0.1:49874] OpenSSL: read 5/5 bytes from BIO#e33430 [mem: f7f033] (BIO dump follows) [Fri Jul 17 15:37:58.819678 2015] [ssl:trace4] [pid 3808:tid 140560601966336] ssl_engine_io.c(2050): [client 127.0.0.1:49874] OpenSSL: read 17/17 bytes from BIO#e33430 [mem: f7f038] (BIO dump follows) [Fri Jul 17 15:37:58.819833 2015] [ssl:trace4] [pid 3808:tid 140560601966336] ssl_engine_io.c(2050): [client 127.0.0.1:49874] OpenSSL: read 5/5 bytes from BIO#e33430 [mem: f7f033] (BIO dump follows) [Fri Jul 17 15:37:58.819853 2015] [ssl:trace4] [pid 3808:tid 140560601966336] ssl_engine_io.c(2050): [client 127.0.0.1:49874] OpenSSL: read 68/68 bytes from BIO#e33430 [mem: f7f038] (BIO dump follows) [Fri Jul 17 15:37:58.819902 2015] [ssl:trace4] [pid 3808:tid 140560601966336] ssl_engine_io.c(2050): [client 127.0.0.1:49874] OpenSSL: write 23/23 bytes to BIO#e28740 [mem: f8bd20] (BIO dump follows) [Fri Jul 17 15:37:58.820015 2015] [ssl:trace3] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1820): [client 127.0.0.1:49874] OpenSSL: Write: SSLv3 read certificate verify A [Fri Jul 17 15:37:58.820031 2015] [ssl:trace3] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1839): [client 127.0.0.1:49874] OpenSSL: Exit: error in SSLv3 read certificate verify A [Fri Jul 17 15:37:58.820042 2015] [ssl:error] [pid 3808:tid 140560601966336] [client 127.0.0.1:49874] AH02261: Re-negotiation handshake failed [Fri Jul 17 15:37:58.820066 2015] [ssl:error] [pid 3808:tid 140560601966336] SSL Library Error: error:060C1064:digital envelope routines:AEAD_CHACHA20_POLY1305_OPEN:bad decrypt -- wrong pass phrase!? [Fri Jul 17 15:37:58.820110 2015] [ssl:error] [pid 3808:tid 140560601966336] SSL Library Error: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac [Fri Jul 17 15:37:58.820123 2015] [core:trace3] [pid 3808:tid 140560601966336] request.c(119): [client 127.0.0.1:49874] auth phase 'check access (with Satisfy All)' gave status 403: /require-aes128-cgi [Fri Jul 17 15:37:58.820168 2015] [http:trace3] [pid 3808:tid 140560601966336] http_filters.c(1006): [client 127.0.0.1:49874] Response sent with status 403, headers: [Fri Jul 17 15:37:58.820180 2015] [http:trace5] [pid 3808:tid 140560601966336] http_filters.c(1013): [client 127.0.0.1:49874] Date: Fri, 17 Jul 2015 13:37:58 GMT [Fri Jul 17 15:37:58.820189 2015] [http:trace5] [pid 3808:tid 140560601966336] http_filters.c(1016): [client 127.0.0.1:49874] Server: Apache/2.4.17-dev (Unix) LibreSSL/2.2.1 [Fri Jul 17 15:37:58.820200 2015] [http:trace4] [pid 3808:tid 140560601966336] http_filters.c(835): [client 127.0.0.1:49874] Content-Length: 227 [Fri Jul 17 15:37:58.820209 2015] [http:trace4] [pid 3808:tid 140560601966336] http_filters.c(835): [client 127.0.0.1:49874] Connection: close [Fri Jul 17 15:37:58.820219 2015] [http:trace4] [pid 3808:tid 140560601966336] http_filters.c(835): [client 127.0.0.1:49874] Content-Type: text/html; charset=iso-8859-1 [Fri Jul 17 15:37:58.820231 2015] [ssl:trace4] [pid 3808:tid 140560601966336] ssl_engine_io.c(1489): [client 127.0.0.1:49874] coalesce: have 0 bytes, adding 197 more [Fri Jul 17 15:37:58.820260 2015] [ssl:trace4] [pid 3808:tid 140560601966336] ssl_engine_io.c(2050): [client 127.0.0.1:49874] OpenSSL: write 23/23 bytes to BIO#e28740 [mem: f8bd20] (BIO dump follows) [Fri Jul 17 15:37:58.820306 2015] [ssl:trace3] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1820): [client 127.0.0.1:49874] OpenSSL: Write: SSLv3 read finished A [Fri Jul 17 15:37:58.820321 2015] [ssl:trace3] [pid 3808:tid 140560601966336] ssl_engine_kernel.c(1839): [client 127.0.0.1:49874] OpenSSL: Exit: error in SSLv3 read finished A [Fri Jul 17 15:37:58.820337 2015] [ssl:info] [pid 3808:tid 140560601966336] [client 127.0.0.1:49874] AH02008: SSL library error 1 in handshake (server localhost:8532) [Fri Jul 17 15:37:58.820375 2015] [ssl:info] [pid 3808:tid 140560601966336] SSL Library Error: error:1408E0F4:SSL routines:SSL3_GET_MESSAGE:unexpected message [Fri Jul 17 15:37:58.820390 2015] [ssl:info] [pid 3808:tid 140560601966336] [client 127.0.0.1:49874] AH01998: Connection closed to child 1 with abortive shutdown (server localhost:8532)
$ /path/to/libressl/2.2.1/bin/openssl s_client -connect localhost:8532 -state CONNECTED(00000003) SSL_connect:before/connect initialization SSL_connect:unknown state SSL_connect:SSLv3 read server hello A depth=1 C = US, ST = California, L = San Francisco, O = ASF, OU = httpd-test, CN = ca, emailAddress = test-...@httpd.apache.org verify error:num=19:self signed certificate in certificate chain verify return:0 SSL_connect:SSLv3 read server certificate A SSL_connect:SSLv3 read server key exchange A SSL_connect:SSLv3 read server done A SSL_connect:SSLv3 write client key exchange A SSL_connect:SSLv3 write change cipher spec A SSL_connect:SSLv3 write finished A SSL_connect:SSLv3 flush data SSL_connect:SSLv3 read server session ticket A SSL_connect:SSLv3 read finished A --- Certificate chain 0 s:/C=US/ST=California/L=San Francisco/O=ASF/OU=httpd-test/rsa-test/CN=localhost/emailAddress=test-...@httpd.apache.org i:/C=US/ST=California/L=San Francisco/O=ASF/OU=httpd-test/CN=ca/emailAddress=test-...@httpd.apache.org 1 s:/C=US/ST=California/L=San Francisco/O=ASF/OU=httpd-test/CN=ca/emailAddress=test-...@httpd.apache.org i:/C=US/ST=California/L=San Francisco/O=ASF/OU=httpd-test/CN=ca/emailAddress=test-...@httpd.apache.org --- Server certificate -----BEGIN CERTIFICATE----- MIICqTCCAhICAQswDQYJKoZIhvcNAQEFBQAwgZQxCzAJBgNVBAYTAlVTMRMwEQYD VQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMQwwCgYDVQQK DANBU0YxEzARBgNVBAsMCmh0dHBkLXRlc3QxCzAJBgNVBAMMAmNhMSgwJgYJKoZI hvcNAQkBFhl0ZXN0LWRldkBodHRwZC5hcGFjaGUub3JnMB4XDTE1MDcxNzEyMDQ0 MVoXDTE2MDcxNjEyMDQ0MVowgaQxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxp Zm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMQwwCgYDVQQKDANBU0YxHDAa BgNVBAsME2h0dHBkLXRlc3QvcnNhLXRlc3QxEjAQBgNVBAMMCWxvY2FsaG9zdDEo MCYGCSqGSIb3DQEJARYZdGVzdC1kZXZAaHR0cGQuYXBhY2hlLm9yZzCBnzANBgkq hkiG9w0BAQEFAAOBjQAwgYkCgYEAxW4N5sHHn6sTjqN4yxQ0eoJroe3Tcl1eDesN QH542YjYb+Owiyhe8D4bD2bpoPBnFM7ZWcysUDyfdz2Jbk/89U7NoVZvM+HmCkQg xDSKh4waUpJ4tNZFabZrPN0o4a4q0c/krGk/r3gBd6SpmmZHXL11v4sFji16/5Bj S9yCatkCAwEAATANBgkqhkiG9w0BAQUFAAOBgQAn5RmglU/JWy6mziWE5bQxMX4a NGplfEW5FyQSEJRC5i5SSiItLZE/fBMSAdi5X+RcQYfKTDvzIsz5aZaBXA5NkgRN +1m6S+Ris0EGD4sgtSC6l50No2MexZ9KueBh3nAaVWeyxKLRa5QgHCViJi0EYLm0 1piLKoX8PDfYJevhYw== -----END CERTIFICATE----- subject=/C=US/ST=California/L=San Francisco/O=ASF/OU=httpd-test/rsa-test/CN=localhost/emailAddress=test-...@httpd.apache.org issuer=/C=US/ST=California/L=San Francisco/O=ASF/OU=httpd-test/CN=ca/emailAddress=test-...@httpd.apache.org --- No client certificate CA names sent --- SSL handshake has read 1995 bytes and written 518 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-CHACHA20-POLY1305 Server public key is 1024 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-CHACHA20-POLY1305 Session-ID: 327DB3F57CD40D67A7E1DA2DE548FA8A11E7888E935C4C61AF28702EB14EBE5C Session-ID-ctx: Master-Key: 2EFA02BB2D2C8029A4D55F13F4B3228AAD2B84B5203ED2668B177886C800B59B11C63B1E56BD48A473EA424E7A45A75A TLS session ticket lifetime hint: 300 (seconds) TLS session ticket: 0000 - 03 7b a8 88 63 a4 ff 0d-69 1d 73 b6 66 36 ae 67 .{..c...i.s.f6.g 0010 - b6 a6 b5 72 dd 03 99 01-af 01 54 4f 56 8a ea d2 ...r......TOV... 0020 - a0 14 c5 3e 98 7d 8c 35-8b 7b 38 64 b7 ad 7d 45 ...>.}.5.{8d..}E 0030 - 00 c2 4b e9 9f a9 27 98-1f f6 e6 be 32 0f b1 a4 ..K...'.....2... 0040 - ab f5 e2 14 7c ee 09 74-0b 0a 75 01 e0 0b 84 f3 ....|..t..u..... 0050 - 12 31 3f d2 91 fc d2 cf-fb 34 20 d5 fd 15 97 d1 .1?......4 ..... 0060 - 2d 84 ab 58 e3 5f c1 1c-60 e6 de 32 a0 0f ef 55 -..X._..`..2...U 0070 - e4 80 6d 7c cc a7 3a 26-6b 58 f5 9f 36 4f b9 c0 ..m|..:&kX..6O.. 0080 - d6 9d c0 86 ef 15 c3 55-40 75 44 aa b5 95 86 e2 .......U@uD..... 0090 - a9 92 73 3b 66 06 6a 28-22 c2 0d 0a 40 b9 5c 0f ..s;f.j("...@.\. 00a0 - 48 fe d3 83 6a af 54 db-6a bd 1c 8a 9a d6 de 16 H...j.T.j....... 00b0 - 22 83 c2 24 e5 71 50 06-a3 d5 cb 5d bd 9d 04 f6 "..$.qP....].... Start Time: 1437140277 Timeout : 300 (sec) Verify return code: 19 (self signed certificate in certificate chain) --- GET /require-aes128-cgi HTTP/1.1 Host: localhost:8532 SSL_connect:SSL renegotiate ciphers SSL_connect:SSLv3 write client hello A SSL_connect:SSLv3 read server hello A depth=1 C = US, ST = California, L = San Francisco, O = ASF, OU = httpd-test, CN = ca, emailAddress = test-...@httpd.apache.org verify error:num=19:self signed certificate in certificate chain verify return:0 SSL_connect:SSLv3 read server certificate A SSL_connect:SSLv3 read server done A SSL_connect:SSLv3 write client key exchange A SSL_connect:SSLv3 write change cipher spec A SSL_connect:SSLv3 write finished A SSL_connect:SSLv3 flush data SSL3 alert read:fatal:bad record mac SSL_connect:failed in SSLv3 read server session ticket A 139901660460712:error:140943FC:SSL routines:SSL3_READ_BYTES:sslv3 alert bad record mac:s3_pkt.c:1139:SSL alert number 20 139901660460712:error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure:s3_pkt.c:1051: