Re: NOSRV/BADREQ from some Java based clients [SSL handshake issue]

Mon, 23 Feb 2015 14:36:11 -0800 

On 23/02/2015 10:55 μμ, NuSkooler wrote:
> Attached is the information you requested -- and hopefully performed
> correctly :)
> 
> * no_haproxy.pcap: This is a successful connection + POST to the
> original Mochiweb server. Note that here the port is 8443 not 443
> (IP=10.3.3.3)
> * ha_self_signed.pcap: Failed attempt against HAProxy with a self
> signed certificate & key.
> * TEST_cert_and_key.pem: The self signed cert/key from above.
> 
> The bind line for ha_self_signed.pcap looks like this:
> bind *:443 ssl crt /home/bashby/Lukas/TEST_cert_and_key.pem ciphers AES128-SHA
> 
> Thanks again to you and everyone here taking the time to look at this!
> 

I am not an expert but from the following I can understand
that client and server agreed to use
TLS_RSA_WITH_AES_128_CBC_SHA cipher but over SSLv3. I am wondering if
AES cipher suite is supported on SSLv3

ssldump -k TEST_cert_and_key.pem -r ha_self_signed.pcap
New TCP connection #1: 10.1.1.93(56835) <-> 10.3.2.74(443)
1 1  0.0138 (0.0138)  C>S  Handshake
      ClientHello
        Version 3.1
        cipher suites
        TLS_RSA_WITH_RC4_128_MD5
        TLS_RSA_WITH_RC4_128_SHA
        TLS_RSA_WITH_AES_128_CBC_SHA
        TLS_RSA_WITH_AES_256_CBC_SHA
        Unknown value 0xc002
        Unknown value 0xc004
        Unknown value 0xc005
        Unknown value 0xc00c
        Unknown value 0xc00e
        Unknown value 0xc00f
        Unknown value 0xc007
        Unknown value 0xc009
        Unknown value 0xc00a
        Unknown value 0xc011
        Unknown value 0xc013
        Unknown value 0xc014
        TLS_DHE_RSA_WITH_AES_128_CBC_SHA
        TLS_DHE_RSA_WITH_AES_256_CBC_SHA
        TLS_DHE_DSS_WITH_AES_128_CBC_SHA
        TLS_DHE_DSS_WITH_AES_256_CBC_SHA
        TLS_RSA_WITH_3DES_EDE_CBC_SHA
        Unknown value 0xc003
        Unknown value 0xc00d
        Unknown value 0xc008
        Unknown value 0xc012
        TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
        TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
        TLS_RSA_WITH_DES_CBC_SHA
        TLS_DHE_RSA_WITH_DES_CBC_SHA
        TLS_DHE_DSS_WITH_DES_CBC_SHA
        TLS_RSA_EXPORT_WITH_RC4_40_MD5
        TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
        TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
        TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
        Unknown value 0xff
        compression methods
                  NULL
1 2  0.0181 (0.0043)  S>C  Handshake
      ServerHello
        Version 3.1
        session_id[32]=
          61 c5 71 7e 28 35 69 4e b4 de 72 ff c1 18 e4 d4
          6f f3 af 24 7c fc ab f4 51 2e c8 be e9 84 58 c1
        cipherSuite         TLS_RSA_WITH_AES_128_CBC_SHA
        compressionMethod                   NULL
1 3  0.0181 (0.0000)  S>C  Handshake
      Certificate
1 4  0.0181 (0.0000)  S>C  Handshake
      ServerHelloDone
1 5  0.0240 (0.0058)  C>S  Handshake
      ClientKeyExchange
1 6  0.0240 (0.0000)  C>S  ChangeCipherSpec
1 7  0.0240 (0.0000)  C>S  Handshake
1    0.0245 (0.0005)  C>S  TCP FIN
1 8  0.1077 (0.0832)  S>C  ChangeCipherSpec
1 9  0.1077 (0.0000)  S>C  Handshake
1 10 0.1885 (0.0807)  S>C  application_data
1 11 0.1890 (0.0005)  S>C  Alert
1    0.1891 (0.0001)  S>C  TCP FIN

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to