Re: SSL Handshake errors

Sun, 07 Jul 2013 23:17:01 -0700

Hello Willy,

Thank you for your answer! I've attached a dump with two requests from the same ip. First one failed with Connection closed during SSL handshake, the second one failed with Timeout during SSL handshake.

I've translated the .cap file with tcpdump -qns 0 -X -r file.cap > translated.cap in order to make the dump readable and extract the two requests. If the original dump is needed, let me know and I'll attach it a.s.a.p.

July 7, 2013 10:02 PM
Hello Andrei,

It's very hard to suggest anything unfortunately, since most SSL/TLS errors
can be very cryptic. It would be nice if you could take a pcap capture of
one such faulty connection so that we can see the whole handshake and try
to find what the issue is. Many things can be involved, including versions,
algorithms, key sizes, etc...

In order to take this capture, please use "tcpdump -s0 -npi eth0 -w file.cap"
to ensure that packets are not truncated. If you'd prefer not to reveal your
public IP address on the list, then please send me the capture in private.
But I must say that people here on the list tend to read SSL traces faster
than me :-)

Regards,
Willy


--
Andrei Marinescu -- co-founder
Appscend - The Mobile Experience Igniter

Calea Plevnei 46-48, Bucharest, Romania
phone: +4 0742 896 394
email: [email protected] 

05:54:30.410434 IP 109.166.130.140.58713 > 10.36.226.198.443: tcp 0
        0x0000:  4508 0034 5342 4000 2d06 1d5d 6da6 828c  [email protected]..]m...
        0x0010:  0a24 e2c6 e559 01bb 07e7 7788 0000 0000  .$...Y....w.....
        0x0020:  8002 3908 f2a6 0000 0204 0578 0402 0101  ..9........x....
        0x0030:  0103 0304                                ....
05:54:30.410486 IP 10.36.226.198.443 > 109.166.130.140.58713: tcp 0
        0x0000:  4500 0034 0000 4000 4006 5da7 0a24 e2c6  E..4..@.@.]..$..
        0x0010:  6da6 828c 01bb e559 5a0f 20ff 07e7 7789  m......YZ.....w.
        0x0020:  8012 3908 dd43 0000 0204 05b4 0101 0402  ..9..C..........
        0x0030:  0103 0304                                ....
05:54:30.518562 IP 109.166.130.140.58713 > 10.36.226.198.443: tcp 0
        0x0000:  4508 0028 5343 4000 2d06 1d68 6da6 828c  E..([email protected]...
        0x0010:  0a24 e2c6 e559 01bb 07e7 7789 5a0f 2100  .$...Y....w.Z.!.
        0x0020:  5010 0391 ed91 0000                      P.......
05:54:30.543877 IP 109.166.130.140.58713 > 10.36.226.198.443: tcp 442
        0x0000:  4508 01e2 5344 4000 2d06 1bad 6da6 828c  [email protected]...
        0x0010:  0a24 e2c6 e559 01bb 07e7 7789 5a0f 2100  .$...Y....w.Z.!.
        0x0020:  5018 07d0 237d 0000 1603 0101 b501 0001  P...#}..........
        0x0030:  b103 0151 da54 1f34 b1f1 9c47 bd5f 7c91  ...Q.T.4...G._|.
        0x0040:  54d2 010e 933e 8104 3dee d19d ca5f 6cdf  T....>..=...._l.
        0x0050:  4044 4520 52b5 30f4 c316 bfb1 d217 f224  @DE.R.0........$
        0x0060:  675f c495 f3e3 b69e 3937 e706 d6ab 7b9e  g_......97....{.
        0x0070:  319f 4477 0046 0004 0005 002f 0035 c002  1.Dw.F...../.5..
        0x0080:  c004 c005 c00c c00e c00f c007 c009 c00a  ................
        0x0090:  c011 c013 c014 0033 0039 0032 0038 000a  .......3.9.2.8..
        0x00a0:  c003 c00d c008 c012 0016 0013 0009 0015  ................
        0x00b0:  0012 0003 0008 0014 0011 00ff 0100 0122  ..............."
        0x00c0:  0000 001a 0018 0000 1569 6e74 6572 6661  .........CERTNAM
        0x00d0:  6365 2e61 7070 6365 6e64 2e63 6f6d 000b  EREDACTED.......
        0x00e0:  0004 0300 0102 000a 0034 0032 000e 000d  .........4.2....
        0x00f0:  0019 000b 000c 0018 0009 000a 0016 0017  ................
        0x0100:  0008 0006 0007 0014 0015 0004 0005 0012  ................
        0x0110:  0013 0001 0002 0003 000f 0010 0011 0023  ...............#
        0x0120:  00c0 1274 21e9 1971 b5fe 682e acfd f820  ...t!..q..h.....
        0x0130:  bfd3 3d05 5b42 3a22 0104 1638 200e 1abd  ..=.[B:"...8....
        0x0140:  e601 36b5 7d4d 8c4f 815d b259 95b3 1e92  ..6.}M.O.].Y....
        0x0150:  f433 eeeb 1131 64b6 9b99 23c6 364d 660e  .3...1d...#.6Mf.
        0x0160:  c21c 20c8 4daa 4059 5291 3cd4 0986 ff4c  ....M.@YR.<....L
        0x0170:  591e 3ed4 fde3 623f 048c 1947 082d ddc3  Y.>...b?...G.-..
        0x0180:  49ce 201e 115a 6d08 817e 4ded 32d0 2d83  I....Zm..~M.2.-.
        0x0190:  f9b9 838e 78e8 c66a 652b 51f3 bfb9 a749  ....x..je+Q....I
        0x01a0:  a64c b8d3 16a5 134d 8d19 3548 50b3 1c30  .L.....M..5HP..0
        0x01b0:  d068 2de2 b5a5 ad69 3239 96f4 b10b 7ba1  .h-....i29....{.
        0x01c0:  cb98 8801 3b9e 96b3 93e2 9889 f918 075e  ....;..........^
        0x01d0:  6df8 75cb 1f36 01c7 772d 54b1 040c 1e73  m.u..6..w-T....s
        0x01e0:  2fe0                                     /.
05:54:30.544355 IP 10.36.226.198.443 > 109.166.130.140.58713: tcp 145
        0x0000:  4500 00b9 d904 4000 4006 841d 0a24 e2c6  E.....@.@....$..
        0x0010:  6da6 828c 01bb e559 5a0f 2100 07e7 7943  m......YZ.!...yC
        0x0020:  5018 03d4 ddc8 0000 1603 0100 5102 0000  P...........Q...
        0x0030:  4d03 0151 da54 16ee 209e 7a1f 2b35 458c  M..Q.T....z.+5E.
        0x0040:  b4a3 0820 be41 0d27 59ac f893 a214 9f78  .....A.'Y......x
        0x0050:  482d c820 52b5 30f4 c316 bfb1 d217 f224  H-..R.0........$
        0x0060:  675f c495 f3e3 b69e 3937 e706 d6ab 7b9e  g_......97....{.
        0x0070:  319f 4477 c014 0000 05ff 0100 0100 1403  1.Dw............
        0x0080:  0100 0101 1603 0100 304c 1ddb 9d9e 9b45  ........0L.....E
        0x0090:  b42f 35c2 da4c ba89 893a 17e4 58df 0f97  ./5..L...:..X...
        0x00a0:  9804 8be6 4478 5730 43e4 b59d 3e21 30f2  ....DxW0C...>!0.
        0x00b0:  1f66 d0bd cf9f b722 bc                   .f.....".
05:54:30.590325 IP 109.166.130.140.58713 > 10.36.226.198.443: tcp 0
        0x0000:  4508 0028 5345 4000 2d06 1d66 6da6 828c  E..([email protected]...
        0x0010:  0a24 e2c6 e559 01bb 07e7 7943 5a0f 2100  .$...Y....yCZ.!.
        0x0020:  5011 07d0 e797 0000                      P.......
05:54:30.590628 IP 10.36.226.198.443 > 109.166.130.140.58713: tcp 0
        0x0000:  4500 0028 d905 4000 4006 84ad 0a24 e2c6  E..(..@.@....$..
        0x0010:  6da6 828c 01bb e559 5a0f 2191 07e7 7944  m......YZ.!...yD
        0x0020:  5011 03d4 dd37 0000                      P....7..
05:54:30.598343 IP 109.166.130.140.58713 > 10.36.226.198.443: tcp 0
        0x0000:  4500 0028 54b9 0000 f106 97f9 6da6 828c  E..(T.......m...
        0x0010:  0a24 e2c6 e559 01bb 07e7 7944 5a0f 2191  .$...Y....yDZ.!.
        0x0020:  5010 07c6 e710 0000                      P.......

Reply via email to