Hi,
The client and server are hanging at the moment (I have them both set up to
defer the handshake until they actually start doing reads and writes). Here
is the output from the Java (client) side:
%% No cached client session
*** ClientHello, v3.1
RandomCookie: GMT: 1001529913 bytes = { 73, 47, 149, 28, 97, 17, 208, 173,
40, 253, 177, 188, 173, 223, 166, 36, 123, 114, 130, 35, 168, 26, 51, 5, 70,
108, 161, 1 }
Session ID: {}
Cipher Suites: { 0, 5 }
Compression Methods: { 0 }
***
[write] MD5 and SHA1 hashes: len = 45
0000: 01 00 00 29 03 01 3C B2 22 39 49 2F 95 1C 61 11 ...)..<."9I/..a.
0010: D0 AD 28 FD B1 BC AD DF A6 24 7B 72 82 23 A8 1A ..(......$.r.#..
0020: 33 05 46 6C A1 01 00 00 02 00 05 01 00 3.Fl.........
main, WRITE: SSL v3.1 Handshake, length = 45
[write] MD5 and SHA1 hashes: len = 44
0000: 01 03 01 00 03 00 00 00 20 00 00 05 3C B2 22 39 ........ ...<."9
0010: 49 2F 95 1C 61 11 D0 AD 28 FD B1 BC AD DF A6 24 I/..a...(......$
0020: 7B 72 82 23 A8 1A 33 05 46 6C A1 01 .r.#..3.Fl..
main, WRITE: SSL v2, contentType = 22, translated length = 16343
and here is what I get on the server (OpenSSL) when I Ctrl-C the client:
26747:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version
number:s3_pkt.c:290:
This happens when I select "TLSv1" on the Java side and
"TLSv1_server_method" on the OpenSSL side. "TLSv1" on the Java side and
"SSLv23_server_method" (but not "SSLv3_server_method") works fine.
Sincerely,
Kevin Regan
p.s. Here are the results if I use "SSLv23_server_method" on the server
(OpenSSL) side:
%% No cached client session
*** ClientHello, v3.1
RandomCookie: GMT: 1001530276 bytes = { 172, 253, 8, 146, 32, 73, 123, 236,
6, 158, 8, 44, 163, 203, 46, 192, 149, 74, 76, 95, 83, 45, 238, 252, 101,
90, 56, 164 }
Session ID: {}
Cipher Suites: { 0, 5 }
Compression Methods: { 0 }
***
[write] MD5 and SHA1 hashes: len = 45
0000: 01 00 00 29 03 01 3C B2 24 A4 AC FD 08 92 20 49 ...)..<.$..... I
0010: 7B EC 06 9E 08 2C A3 CB 2E C0 95 4A 4C 5F 53 2D .....,.....JL_S-
0020: EE FC 65 5A 38 A4 00 00 02 00 05 01 00 ..eZ8........
main, WRITE: SSL v3.1 Handshake, length = 45
[write] MD5 and SHA1 hashes: len = 44
0000: 01 03 01 00 03 00 00 00 20 00 00 05 3C B2 24 A4 ........ ...<.$.
0010: AC FD 08 92 20 49 7B EC 06 9E 08 2C A3 CB 2E C0 .... I.....,....
0020: 95 4A 4C 5F 53 2D EE FC 65 5A 38 A4 .JL_S-..eZ8.
main, WRITE: SSL v2, contentType = 22, translated length = 16343
main, READ: SSL v3.1 Handshake, length = 74
*** ServerHello, v3.1
RandomCookie: GMT: 1001530276 bytes = { 255, 255, 162, 129, 107, 43, 125,
172, 178, 161, 8, 129, 114, 95, 184, 52, 174, 204, 212, 94, 214, 34, 100,
15, 123, 6, 112, 150 }
Session ID: {249, 243, 66, 107, 91, 54, 214, 205, 129, 246, 12, 116, 74,
151, 254, 124, 0, 15, 107, 140, 84, 135, 62, 65, 108, 38, 145, 148, 140,
114, 175, 20}
Cipher Suite: { 0, 5 }
Compression Method: 0
***
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_SHA]
** SSL_RSA_WITH_RC4_128_SHA
[read] MD5 and SHA1 hashes: len = 74
0000: 02 00 00 46 03 01 3C B2 24 A4 FF FF A2 81 6B 2B ...F..<.$.....k+
0010: 7D AC B2 A1 08 81 72 5F B8 34 AE CC D4 5E D6 22 ......r_.4...^."
0020: 64 0F 7B 06 70 96 20 F9 F3 42 6B 5B 36 D6 CD 81 d...p. ..Bk[6...
0030: F6 0C 74 4A 97 FE 7C 00 0F 6B 8C 54 87 3E 41 6C ..tJ.....k.T.>Al
0040: 26 91 94 8C 72 AF 14 00 05 00 &...r.....
main, READ: SSL v3.1 Handshake, length = 440
*** Certificate chain
chain [0] = [
[
Version: V4
Subject: CN=NetIQ Corporation
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@763f5d
Validity: [From: Tue Apr 02 16:17:03 CST 2002,
To: Sun Apr 01 17:17:03 CDT 2007]
Issuer: CN=NetIQ Corporation
SerialNumber: [ 0 ]
]
Algorithm: [MD5withRSA]
Signature:
0000: BA 70 EB 71 D1 96 96 44 A8 F7 37 E8 5E 6B 4C B4 .p.q...D..7.^kL.
0010: 19 24 CE 1D DC 1A DD 35 F3 DA F2 E1 AF 0A 06 3B .$.....5.......;
0020: E4 A3 AA 2E FD 6D 5D E9 60 D0 E7 49 76 E3 71 BE .....m].`..Iv.q.
0030: 1C DA D1 08 75 9E 87 C6 05 62 DC 3C 55 F0 5D 31 ....u....b.<U.]1
0040: E0 EB 35 0A E6 C6 BF BF 1C EC 09 D3 BC AB 49 5B ..5...........I[
0050: A1 82 1D E2 FE ED DE C9 0C AA D2 72 84 1B 7C 4D ...........r...M
0060: C7 1B A7 D6 02 C0 97 0C 3D 66 5F D2 A1 29 B8 05 ........=f_..)..
0070: EA D5 B6 E9 35 DF 42 33 F7 16 B2 7A A2 59 DC F2 ....5.B3...z.Y..
]
***
Checking server trusted.
Server trusted.
[read] MD5 and SHA1 hashes: len = 440
0000: 0B 00 01 B4 00 01 B1 00 01 AE 30 82 01 AA 30 82 ..........0...0.
0010: 01 13 A0 03 02 01 03 02 01 00 30 0D 06 09 2A 86 ..........0...*.
0020: 48 86 F7 0D 01 01 04 05 00 30 1C 31 1A 30 18 06 H........0.1.0..
0030: 03 55 04 03 13 11 4E 65 74 49 51 20 43 6F 72 70 .U....NetIQ Corp
0040: 6F 72 61 74 69 6F 6E 30 1E 17 0D 30 32 30 34 30 oration0...02040
0050: 32 32 32 31 37 30 33 5A 17 0D 30 37 30 34 30 31 2221703Z..070401
0060: 32 32 31 37 30 33 5A 30 1C 31 1A 30 18 06 03 55 221703Z0.1.0...U
0070: 04 03 13 11 4E 65 74 49 51 20 43 6F 72 70 6F 72 ....NetIQ Corpor
0080: 61 74 69 6F 6E 30 81 9D 30 0D 06 09 2A 86 48 86 ation0..0...*.H.
0090: F7 0D 01 01 01 05 00 03 81 8B 00 30 81 87 02 81 ...........0....
00A0: 81 00 BA F1 6E FB D5 A7 73 81 FB C2 AB D2 1B 5D ....n...s......]
00B0: 29 26 83 5A BC 47 C7 13 9A FF B0 6A 16 36 87 1B )&.Z.G.....j.6..
00C0: 1C 67 D7 C0 63 E4 C2 B5 21 8A 14 17 FA 14 F6 7F .g..c...!.......
00D0: 5D EF AF E0 52 C5 0F 9F C2 95 B5 2E 5A A2 6B 68 ]...R.......Z.kh
00E0: 13 07 78 84 50 4A 0B 0D F5 E6 2F 63 C4 30 9B 4D ..x.PJ..../c.0.M
00F0: 9E 89 98 9F 28 A8 CF 45 0C 32 82 EB D9 80 E4 84 ....(..E.2......
0100: DF BC 54 97 7E CD C7 54 E1 E8 1D 44 4D 33 0F D5 ..T....T...DM3..
0110: 53 C9 96 3F 7E 42 FA 24 71 D0 0F 1F 63 81 CD 87 S..?.B.$q...c...
0120: E0 D1 02 01 03 30 0D 06 09 2A 86 48 86 F7 0D 01 .....0...*.H....
0130: 01 04 05 00 03 81 81 00 BA 70 EB 71 D1 96 96 44 .........p.q...D
0140: A8 F7 37 E8 5E 6B 4C B4 19 24 CE 1D DC 1A DD 35 ..7.^kL..$.....5
0150: F3 DA F2 E1 AF 0A 06 3B E4 A3 AA 2E FD 6D 5D E9 .......;.....m].
0160: 60 D0 E7 49 76 E3 71 BE 1C DA D1 08 75 9E 87 C6 `..Iv.q.....u...
0170: 05 62 DC 3C 55 F0 5D 31 E0 EB 35 0A E6 C6 BF BF .b.<U.]1..5.....
0180: 1C EC 09 D3 BC AB 49 5B A1 82 1D E2 FE ED DE C9 ......I[........
0190: 0C AA D2 72 84 1B 7C 4D C7 1B A7 D6 02 C0 97 0C ...r...M........
01A0: 3D 66 5F D2 A1 29 B8 05 EA D5 B6 E9 35 DF 42 33 =f_..)......5.B3
01B0: F7 16 B2 7A A2 59 DC F2 ...z.Y..
main, READ: SSL v3.1 Handshake, length = 4
*** ServerHelloDone
[read] MD5 and SHA1 hashes: len = 4
0000: 0E 00 00 00 ....
JsseJCE: Using JSSE internal implementation for cipher RSA/ECB/PKCS1Padding
*** ClientKeyExchange, RSA PreMasterSecret, v3.1
Random Secret: { 3, 1, 53, 55, 115, 122, 37, 120, 36, 192, 227, 62, 255,
76, 181, 23, 16, 252, 97, 180, 82, 187, 95, 17, 251, 144, 53, 254, 90, 224,
57, 73, 124, 62, 114, 187, 223, 116, 169, 227, 31, 75, 217, 78, 119, 79, 48,
197 }
[write] MD5 and SHA1 hashes: len = 134
0000: 10 00 00 82 00 80 16 2D B1 52 76 E4 63 49 78 7D .......-.Rv.cIx.
0010: 5C 5B B0 92 ED 9F BA FD A1 B3 25 F9 39 B0 AD BB \[........%.9...
0020: FE C4 E2 87 82 B3 FD 9B 20 85 DC 18 17 DF DE 4D ........ ......M
0030: 7B 3A 5F AE 32 25 A2 F8 AB 7C C6 4C 68 4D 3B E8 .:_.2%.....LhM;.
0040: 11 92 68 83 33 86 53 66 A6 C7 44 1E B1 17 3E 52 ..h.3.Sf..D...>R
0050: D5 C1 14 1D D0 AE 15 BA EE 51 F1 DF CA 17 6A BB .........Q....j.
0060: 24 6C A8 89 06 FF B6 8B 67 B1 D2 87 EA 89 BE 8D $l......g.......
0070: 21 88 07 8D 26 A9 D0 94 C6 37 45 58 EF 97 7D 32 !...&....7EX...2
0080: CF E0 3B CF 88 D1 ..;...
main, WRITE: SSL v3.1 Handshake, length = 134
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 35 37 73 7A 25 78 24 C0 E3 3E FF 4C B5 17 ..57sz%x$..>.L..
0010: 10 FC 61 B4 52 BB 5F 11 FB 90 35 FE 5A E0 39 49 ..a.R._...5.Z.9I
0020: 7C 3E 72 BB DF 74 A9 E3 1F 4B D9 4E 77 4F 30 C5 .>r..t...K.NwO0.
CONNECTION KEYGEN:
Client Nonce:
0000: 3C B2 24 A4 AC FD 08 92 20 49 7B EC 06 9E 08 2C <.$..... I.....,
0010: A3 CB 2E C0 95 4A 4C 5F 53 2D EE FC 65 5A 38 A4 .....JL_S-..eZ8.
Server Nonce:
0000: 3C B2 24 A4 FF FF A2 81 6B 2B 7D AC B2 A1 08 81 <.$.....k+......
0010: 72 5F B8 34 AE CC D4 5E D6 22 64 0F 7B 06 70 96 r_.4...^."d...p.
Master Secret:
0000: DE 8F A2 35 06 4C 0A DD 6B 5C DF 6A 03 2A FD 3A ...5.L..k\.j.*.:
0010: C4 94 BC 4F 15 B3 01 44 02 B2 CE 7B FB 59 E5 CF ...O...D.....Y..
0020: 46 3B 78 6C 45 05 8C C6 C4 79 11 87 24 EE F7 36 F;xlE....y..$..6
Client MAC write Secret:
0000: 36 1A 57 C3 C3 C0 72 34 4C 76 13 E4 88 91 5A 7E 6.W...r4Lv....Z.
0010: DD 22 B7 66
Server MAC write Secret:
0000: 6E E7 24 22 00 23 2C A5 CE BB 06 1F C3 4A 22 7A n.$".#,......J"z
0010: 51 E6 E0 E9 Q...
Client write key:
0000: 19 DE 60 FD D5 E1 38 4C 90 69 61 A5 27 C4 41 DF ..`...8L.ia.'.A.
Server write key:
0000: 90 E4 58 F6 23 75 95 CC BD D9 53 1E 76 B7 48 69 ..X.#u....S.v.Hi
... no IV for cipher
main, WRITE: SSL v3.1 Change Cipher Spec, length = 1
JsseJCE: Using JSSE internal implementation for cipher RC4
*** Finished, v3.1
verify_data: { 143, 44, 227, 164, 115, 193, 4, 159, 155, 98, 214, 240 }
***
[write] MD5 and SHA1 hashes: len = 16
0000: 14 00 00 0C 8F 2C E3 A4 73 C1 04 9F 9B 62 D6 F0 .....,..s....b..
Plaintext before ENCRYPTION: len = 36
0000: 14 00 00 0C 8F 2C E3 A4 73 C1 04 9F 9B 62 D6 F0 .....,..s....b..
0010: 51 18 82 39 13 28 33 6B 65 D3 09 EF 21 43 99 F0 Q..9.(3ke...!C..
0020: D8 CA 13 C6 ....
main, WRITE: SSL v3.1 Handshake, length = 36
main, READ: SSL v3.1 Change Cipher Spec, length = 1
JsseJCE: Using JSSE internal implementation for cipher RC4
main, READ: SSL v3.1 Handshake, length = 36
Plaintext after DECRYPTION: len = 36
0000: 14 00 00 0C 23 B4 BF 59 C1 85 6B 0C 89 5E A8 05 ....#..Y..k..^..
0010: 40 1B 34 3D 6E 4A 8C 4C 03 0A 5C 01 C0 EC B4 5A @.4=nJ.L..\....Z
0020: CB F2 1A A3 ....
*** Finished, v3.1
verify_data: { 35, 180, 191, 89, 193, 133, 107, 12, 137, 94, 168, 5 }
***
%% Cached client session: [Session-1, SSL_RSA_WITH_RC4_128_SHA]
[read] MD5 and SHA1 hashes: len = 16
0000: 14 00 00 0C 23 B4 BF 59 C1 85 6B 0C 89 5E A8 05 ....#..Y..k..^..
Plaintext before ENCRYPTION: len = 31
0000: 48 65 6C 6C 6F 20 57 6F 72 6C 64 AD 37 64 A0 72 Hello World.7d.r
0010: 2B 22 0D C1 FE C3 26 60 F5 EC 86 59 1F E8 6A +"....&`...Y..j
main, WRITE: SSL v3.1 Application Data, length = 31
main, READ: SSL v3.1 Application Data, length = 21
Plaintext after DECRYPTION: len = 21
0000: 48 C5 96 0A DF F8 F4 4B BC 6A 33 C9 72 28 D0 2F H......K.j3.r(./
0010: C8 12 18 7B 41 ....A
main, READ: SSL v3.1 Application Data, length = 21
Plaintext after DECRYPTION: len = 21
0000: 65 28 6B 84 B0 B3 73 66 EE 0B DA B7 F3 13 72 B2 e(k...sf......r.
0010: D9 A0 D4 16 6D ....m
main, READ: SSL v3.1 Application Data, length = 21
Plaintext after DECRYPTION: len = 21
0000: 6C B6 D0 ED DC A3 1E 5C 28 CB 30 B1 A5 9C 74 FB l......\(.0...t.
0010: 3C 7C 50 35 DF <.P5.
main, READ: SSL v3.1 Application Data, length = 21
Plaintext after DECRYPTION: len = 21
0000: 6C 89 C7 AF 5B D6 D2 BC 44 AA B8 07 77 C8 1E F5 l...[...D...w...
0010: 74 C6 15 C1 22 t..."
main, READ: SSL v3.1 Application Data, length = 21
Plaintext after DECRYPTION: len = 21
0000: 6F 56 4C D7 72 6D 4E FC CE ED 70 46 5E 14 5B 01 oVL.rmN...pF^.[.
0010: BC 77 91 36 10 .w.6.
main, READ: SSL v3.1 Application Data, length = 21
Plaintext after DECRYPTION: len = 21
0000: 20 9C E2 78 B3 1D 71 64 A7 BD D2 FB FD EB 10 3F ..x..qd.......?
0010: BE 33 7A 61 72 .3zar
main, READ: SSL v3.1 Application Data, length = 21
Plaintext after DECRYPTION: len = 21
0000: 57 67 A8 D1 33 6A C2 3C 8E EB 4F F2 C9 87 A2 F3 Wg..3j.<..O.....
0010: 34 F8 9C 2B 22 4..+"
main, READ: SSL v3.1 Application Data, length = 21
Plaintext after DECRYPTION: len = 21
0000: 6F 83 27 31 45 63 44 E3 D5 90 36 A8 10 92 5A C2 o.'1EcD...6...Z.
0010: 92 06 3E 07 E2 ..>..
main, READ: SSL v3.1 Application Data, length = 21
Plaintext after DECRYPTION: len = 21
0000: 72 BD 36 F7 B0 8E DF DD 5B 9B 22 4C 51 8E E8 DA r.6.....[."LQ...
0010: ED BE A5 0F 53 ....S
main, READ: SSL v3.1 Application Data, length = 21
Plaintext after DECRYPTION: len = 21
0000: 6C FF C7 5B 71 3F 71 BF 02 1A 64 DF F4 6D AC A3 l..[q?q...d..m..
0010: 93 43 00 73 1C .C.s.
main, READ: SSL v3.1 Application Data, length = 21
Plaintext after DECRYPTION: len = 21
0000: 64 AE 26 F2 DF A7 9F D6 E4 79 59 7B D2 77 FC 24 d.&......yY..w.$
0010: 08 2F A2 3C EB ./.<.
etc...
Kevin Regan wrote:
> I've run into the handshake problem with OpenSSL and Java JSSE. If I
change
> the method used to create the SSL context from TLSv1_server_method to
> SSLv23_server_method, the problem is fixed.
Which version of JSSE are you using, and can you provide debug output?
You can get excellent verbose debug output in JSSE if you use this command
line switch: -Djavax.net.debug=ssl,handshake,data,trustmanager when calling
your java application, i.e. in windows java.exe
-Djavax.net.debug=ssl,handshake,data,trustmanager MyClass
Recently - in a rather painful process - I found the cause for a BAD RECORD
MAC SSL error sent in the server hello msg, after my JSSE SSL client sent an
incorrect finish msg...
Best Regards,
David Maurus
Kevin Regan
Technical Lead
Houston UNIX Team
Office: 2200
Phone: 713-548-1767
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
