Hi,
The client and server are hanging at the moment (I have them both set up to defer the handshake until they actually start doing reads and writes). Here is the output from the Java (client) side: %% No cached client session *** ClientHello, v3.1 RandomCookie: GMT: 1001529913 bytes = { 73, 47, 149, 28, 97, 17, 208, 173, 40, 253, 177, 188, 173, 223, 166, 36, 123, 114, 130, 35, 168, 26, 51, 5, 70, 108, 161, 1 } Session ID: {} Cipher Suites: { 0, 5 } Compression Methods: { 0 } *** [write] MD5 and SHA1 hashes: len = 45 0000: 01 00 00 29 03 01 3C B2 22 39 49 2F 95 1C 61 11 ...)..<."9I/..a. 0010: D0 AD 28 FD B1 BC AD DF A6 24 7B 72 82 23 A8 1A ..(......$.r.#.. 0020: 33 05 46 6C A1 01 00 00 02 00 05 01 00 3.Fl......... main, WRITE: SSL v3.1 Handshake, length = 45 [write] MD5 and SHA1 hashes: len = 44 0000: 01 03 01 00 03 00 00 00 20 00 00 05 3C B2 22 39 ........ ...<."9 0010: 49 2F 95 1C 61 11 D0 AD 28 FD B1 BC AD DF A6 24 I/..a...(......$ 0020: 7B 72 82 23 A8 1A 33 05 46 6C A1 01 .r.#..3.Fl.. main, WRITE: SSL v2, contentType = 22, translated length = 16343 and here is what I get on the server (OpenSSL) when I Ctrl-C the client: 26747:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:290: This happens when I select "TLSv1" on the Java side and "TLSv1_server_method" on the OpenSSL side. "TLSv1" on the Java side and "SSLv23_server_method" (but not "SSLv3_server_method") works fine. Sincerely, Kevin Regan p.s. Here are the results if I use "SSLv23_server_method" on the server (OpenSSL) side: %% No cached client session *** ClientHello, v3.1 RandomCookie: GMT: 1001530276 bytes = { 172, 253, 8, 146, 32, 73, 123, 236, 6, 158, 8, 44, 163, 203, 46, 192, 149, 74, 76, 95, 83, 45, 238, 252, 101, 90, 56, 164 } Session ID: {} Cipher Suites: { 0, 5 } Compression Methods: { 0 } *** [write] MD5 and SHA1 hashes: len = 45 0000: 01 00 00 29 03 01 3C B2 24 A4 AC FD 08 92 20 49 ...)..<.$..... I 0010: 7B EC 06 9E 08 2C A3 CB 2E C0 95 4A 4C 5F 53 2D .....,.....JL_S- 0020: EE FC 65 5A 38 A4 00 00 02 00 05 01 00 ..eZ8........ main, WRITE: SSL v3.1 Handshake, length = 45 [write] MD5 and SHA1 hashes: len = 44 0000: 01 03 01 00 03 00 00 00 20 00 00 05 3C B2 24 A4 ........ ...<.$. 0010: AC FD 08 92 20 49 7B EC 06 9E 08 2C A3 CB 2E C0 .... I.....,.... 0020: 95 4A 4C 5F 53 2D EE FC 65 5A 38 A4 .JL_S-..eZ8. main, WRITE: SSL v2, contentType = 22, translated length = 16343 main, READ: SSL v3.1 Handshake, length = 74 *** ServerHello, v3.1 RandomCookie: GMT: 1001530276 bytes = { 255, 255, 162, 129, 107, 43, 125, 172, 178, 161, 8, 129, 114, 95, 184, 52, 174, 204, 212, 94, 214, 34, 100, 15, 123, 6, 112, 150 } Session ID: {249, 243, 66, 107, 91, 54, 214, 205, 129, 246, 12, 116, 74, 151, 254, 124, 0, 15, 107, 140, 84, 135, 62, 65, 108, 38, 145, 148, 140, 114, 175, 20} Cipher Suite: { 0, 5 } Compression Method: 0 *** %% Created: [Session-1, SSL_RSA_WITH_RC4_128_SHA] ** SSL_RSA_WITH_RC4_128_SHA [read] MD5 and SHA1 hashes: len = 74 0000: 02 00 00 46 03 01 3C B2 24 A4 FF FF A2 81 6B 2B ...F..<.$.....k+ 0010: 7D AC B2 A1 08 81 72 5F B8 34 AE CC D4 5E D6 22 ......r_.4...^." 0020: 64 0F 7B 06 70 96 20 F9 F3 42 6B 5B 36 D6 CD 81 d...p. ..Bk[6... 0030: F6 0C 74 4A 97 FE 7C 00 0F 6B 8C 54 87 3E 41 6C ..tJ.....k.T.>Al 0040: 26 91 94 8C 72 AF 14 00 05 00 &...r..... main, READ: SSL v3.1 Handshake, length = 440 *** Certificate chain chain [0] = [ [ Version: V4 Subject: CN=NetIQ Corporation Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4 Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@763f5d Validity: [From: Tue Apr 02 16:17:03 CST 2002, To: Sun Apr 01 17:17:03 CDT 2007] Issuer: CN=NetIQ Corporation SerialNumber: [ 0 ] ] Algorithm: [MD5withRSA] Signature: 0000: BA 70 EB 71 D1 96 96 44 A8 F7 37 E8 5E 6B 4C B4 .p.q...D..7.^kL. 0010: 19 24 CE 1D DC 1A DD 35 F3 DA F2 E1 AF 0A 06 3B .$.....5.......; 0020: E4 A3 AA 2E FD 6D 5D E9 60 D0 E7 49 76 E3 71 BE .....m].`..Iv.q. 0030: 1C DA D1 08 75 9E 87 C6 05 62 DC 3C 55 F0 5D 31 ....u....b.<U.]1 0040: E0 EB 35 0A E6 C6 BF BF 1C EC 09 D3 BC AB 49 5B ..5...........I[ 0050: A1 82 1D E2 FE ED DE C9 0C AA D2 72 84 1B 7C 4D ...........r...M 0060: C7 1B A7 D6 02 C0 97 0C 3D 66 5F D2 A1 29 B8 05 ........=f_..).. 0070: EA D5 B6 E9 35 DF 42 33 F7 16 B2 7A A2 59 DC F2 ....5.B3...z.Y.. ] *** Checking server trusted. Server trusted. [read] MD5 and SHA1 hashes: len = 440 0000: 0B 00 01 B4 00 01 B1 00 01 AE 30 82 01 AA 30 82 ..........0...0. 0010: 01 13 A0 03 02 01 03 02 01 00 30 0D 06 09 2A 86 ..........0...*. 0020: 48 86 F7 0D 01 01 04 05 00 30 1C 31 1A 30 18 06 H........0.1.0.. 0030: 03 55 04 03 13 11 4E 65 74 49 51 20 43 6F 72 70 .U....NetIQ Corp 0040: 6F 72 61 74 69 6F 6E 30 1E 17 0D 30 32 30 34 30 oration0...02040 0050: 32 32 32 31 37 30 33 5A 17 0D 30 37 30 34 30 31 2221703Z..070401 0060: 32 32 31 37 30 33 5A 30 1C 31 1A 30 18 06 03 55 221703Z0.1.0...U 0070: 04 03 13 11 4E 65 74 49 51 20 43 6F 72 70 6F 72 ....NetIQ Corpor 0080: 61 74 69 6F 6E 30 81 9D 30 0D 06 09 2A 86 48 86 ation0..0...*.H. 0090: F7 0D 01 01 01 05 00 03 81 8B 00 30 81 87 02 81 ...........0.... 00A0: 81 00 BA F1 6E FB D5 A7 73 81 FB C2 AB D2 1B 5D ....n...s......] 00B0: 29 26 83 5A BC 47 C7 13 9A FF B0 6A 16 36 87 1B )&.Z.G.....j.6.. 00C0: 1C 67 D7 C0 63 E4 C2 B5 21 8A 14 17 FA 14 F6 7F .g..c...!....... 00D0: 5D EF AF E0 52 C5 0F 9F C2 95 B5 2E 5A A2 6B 68 ]...R.......Z.kh 00E0: 13 07 78 84 50 4A 0B 0D F5 E6 2F 63 C4 30 9B 4D ..x.PJ..../c.0.M 00F0: 9E 89 98 9F 28 A8 CF 45 0C 32 82 EB D9 80 E4 84 ....(..E.2...... 0100: DF BC 54 97 7E CD C7 54 E1 E8 1D 44 4D 33 0F D5 ..T....T...DM3.. 0110: 53 C9 96 3F 7E 42 FA 24 71 D0 0F 1F 63 81 CD 87 S..?.B.$q...c... 0120: E0 D1 02 01 03 30 0D 06 09 2A 86 48 86 F7 0D 01 .....0...*.H.... 0130: 01 04 05 00 03 81 81 00 BA 70 EB 71 D1 96 96 44 .........p.q...D 0140: A8 F7 37 E8 5E 6B 4C B4 19 24 CE 1D DC 1A DD 35 ..7.^kL..$.....5 0150: F3 DA F2 E1 AF 0A 06 3B E4 A3 AA 2E FD 6D 5D E9 .......;.....m]. 0160: 60 D0 E7 49 76 E3 71 BE 1C DA D1 08 75 9E 87 C6 `..Iv.q.....u... 0170: 05 62 DC 3C 55 F0 5D 31 E0 EB 35 0A E6 C6 BF BF .b.<U.]1..5..... 0180: 1C EC 09 D3 BC AB 49 5B A1 82 1D E2 FE ED DE C9 ......I[........ 0190: 0C AA D2 72 84 1B 7C 4D C7 1B A7 D6 02 C0 97 0C ...r...M........ 01A0: 3D 66 5F D2 A1 29 B8 05 EA D5 B6 E9 35 DF 42 33 =f_..)......5.B3 01B0: F7 16 B2 7A A2 59 DC F2 ...z.Y.. main, READ: SSL v3.1 Handshake, length = 4 *** ServerHelloDone [read] MD5 and SHA1 hashes: len = 4 0000: 0E 00 00 00 .... JsseJCE: Using JSSE internal implementation for cipher RSA/ECB/PKCS1Padding *** ClientKeyExchange, RSA PreMasterSecret, v3.1 Random Secret: { 3, 1, 53, 55, 115, 122, 37, 120, 36, 192, 227, 62, 255, 76, 181, 23, 16, 252, 97, 180, 82, 187, 95, 17, 251, 144, 53, 254, 90, 224, 57, 73, 124, 62, 114, 187, 223, 116, 169, 227, 31, 75, 217, 78, 119, 79, 48, 197 } [write] MD5 and SHA1 hashes: len = 134 0000: 10 00 00 82 00 80 16 2D B1 52 76 E4 63 49 78 7D .......-.Rv.cIx. 0010: 5C 5B B0 92 ED 9F BA FD A1 B3 25 F9 39 B0 AD BB \[........%.9... 0020: FE C4 E2 87 82 B3 FD 9B 20 85 DC 18 17 DF DE 4D ........ ......M 0030: 7B 3A 5F AE 32 25 A2 F8 AB 7C C6 4C 68 4D 3B E8 .:_.2%.....LhM;. 0040: 11 92 68 83 33 86 53 66 A6 C7 44 1E B1 17 3E 52 ..h.3.Sf..D...>R 0050: D5 C1 14 1D D0 AE 15 BA EE 51 F1 DF CA 17 6A BB .........Q....j. 0060: 24 6C A8 89 06 FF B6 8B 67 B1 D2 87 EA 89 BE 8D $l......g....... 0070: 21 88 07 8D 26 A9 D0 94 C6 37 45 58 EF 97 7D 32 !...&....7EX...2 0080: CF E0 3B CF 88 D1 ..;... main, WRITE: SSL v3.1 Handshake, length = 134 SESSION KEYGEN: PreMaster Secret: 0000: 03 01 35 37 73 7A 25 78 24 C0 E3 3E FF 4C B5 17 ..57sz%x$..>.L.. 0010: 10 FC 61 B4 52 BB 5F 11 FB 90 35 FE 5A E0 39 49 ..a.R._...5.Z.9I 0020: 7C 3E 72 BB DF 74 A9 E3 1F 4B D9 4E 77 4F 30 C5 .>r..t...K.NwO0. CONNECTION KEYGEN: Client Nonce: 0000: 3C B2 24 A4 AC FD 08 92 20 49 7B EC 06 9E 08 2C <.$..... I....., 0010: A3 CB 2E C0 95 4A 4C 5F 53 2D EE FC 65 5A 38 A4 .....JL_S-..eZ8. Server Nonce: 0000: 3C B2 24 A4 FF FF A2 81 6B 2B 7D AC B2 A1 08 81 <.$.....k+...... 0010: 72 5F B8 34 AE CC D4 5E D6 22 64 0F 7B 06 70 96 r_.4...^."d...p. Master Secret: 0000: DE 8F A2 35 06 4C 0A DD 6B 5C DF 6A 03 2A FD 3A ...5.L..k\.j.*.: 0010: C4 94 BC 4F 15 B3 01 44 02 B2 CE 7B FB 59 E5 CF ...O...D.....Y.. 0020: 46 3B 78 6C 45 05 8C C6 C4 79 11 87 24 EE F7 36 F;xlE....y..$..6 Client MAC write Secret: 0000: 36 1A 57 C3 C3 C0 72 34 4C 76 13 E4 88 91 5A 7E 6.W...r4Lv....Z. 0010: DD 22 B7 66 Server MAC write Secret: 0000: 6E E7 24 22 00 23 2C A5 CE BB 06 1F C3 4A 22 7A n.$".#,......J"z 0010: 51 E6 E0 E9 Q... Client write key: 0000: 19 DE 60 FD D5 E1 38 4C 90 69 61 A5 27 C4 41 DF ..`...8L.ia.'.A. Server write key: 0000: 90 E4 58 F6 23 75 95 CC BD D9 53 1E 76 B7 48 69 ..X.#u....S.v.Hi ... no IV for cipher main, WRITE: SSL v3.1 Change Cipher Spec, length = 1 JsseJCE: Using JSSE internal implementation for cipher RC4 *** Finished, v3.1 verify_data: { 143, 44, 227, 164, 115, 193, 4, 159, 155, 98, 214, 240 } *** [write] MD5 and SHA1 hashes: len = 16 0000: 14 00 00 0C 8F 2C E3 A4 73 C1 04 9F 9B 62 D6 F0 .....,..s....b.. Plaintext before ENCRYPTION: len = 36 0000: 14 00 00 0C 8F 2C E3 A4 73 C1 04 9F 9B 62 D6 F0 .....,..s....b.. 0010: 51 18 82 39 13 28 33 6B 65 D3 09 EF 21 43 99 F0 Q..9.(3ke...!C.. 0020: D8 CA 13 C6 .... main, WRITE: SSL v3.1 Handshake, length = 36 main, READ: SSL v3.1 Change Cipher Spec, length = 1 JsseJCE: Using JSSE internal implementation for cipher RC4 main, READ: SSL v3.1 Handshake, length = 36 Plaintext after DECRYPTION: len = 36 0000: 14 00 00 0C 23 B4 BF 59 C1 85 6B 0C 89 5E A8 05 ....#..Y..k..^.. 0010: 40 1B 34 3D 6E 4A 8C 4C 03 0A 5C 01 C0 EC B4 5A @.4=nJ.L..\....Z 0020: CB F2 1A A3 .... *** Finished, v3.1 verify_data: { 35, 180, 191, 89, 193, 133, 107, 12, 137, 94, 168, 5 } *** %% Cached client session: [Session-1, SSL_RSA_WITH_RC4_128_SHA] [read] MD5 and SHA1 hashes: len = 16 0000: 14 00 00 0C 23 B4 BF 59 C1 85 6B 0C 89 5E A8 05 ....#..Y..k..^.. Plaintext before ENCRYPTION: len = 31 0000: 48 65 6C 6C 6F 20 57 6F 72 6C 64 AD 37 64 A0 72 Hello World.7d.r 0010: 2B 22 0D C1 FE C3 26 60 F5 EC 86 59 1F E8 6A +"....&`...Y..j main, WRITE: SSL v3.1 Application Data, length = 31 main, READ: SSL v3.1 Application Data, length = 21 Plaintext after DECRYPTION: len = 21 0000: 48 C5 96 0A DF F8 F4 4B BC 6A 33 C9 72 28 D0 2F H......K.j3.r(./ 0010: C8 12 18 7B 41 ....A main, READ: SSL v3.1 Application Data, length = 21 Plaintext after DECRYPTION: len = 21 0000: 65 28 6B 84 B0 B3 73 66 EE 0B DA B7 F3 13 72 B2 e(k...sf......r. 0010: D9 A0 D4 16 6D ....m main, READ: SSL v3.1 Application Data, length = 21 Plaintext after DECRYPTION: len = 21 0000: 6C B6 D0 ED DC A3 1E 5C 28 CB 30 B1 A5 9C 74 FB l......\(.0...t. 0010: 3C 7C 50 35 DF <.P5. main, READ: SSL v3.1 Application Data, length = 21 Plaintext after DECRYPTION: len = 21 0000: 6C 89 C7 AF 5B D6 D2 BC 44 AA B8 07 77 C8 1E F5 l...[...D...w... 0010: 74 C6 15 C1 22 t..." main, READ: SSL v3.1 Application Data, length = 21 Plaintext after DECRYPTION: len = 21 0000: 6F 56 4C D7 72 6D 4E FC CE ED 70 46 5E 14 5B 01 oVL.rmN...pF^.[. 0010: BC 77 91 36 10 .w.6. main, READ: SSL v3.1 Application Data, length = 21 Plaintext after DECRYPTION: len = 21 0000: 20 9C E2 78 B3 1D 71 64 A7 BD D2 FB FD EB 10 3F ..x..qd.......? 0010: BE 33 7A 61 72 .3zar main, READ: SSL v3.1 Application Data, length = 21 Plaintext after DECRYPTION: len = 21 0000: 57 67 A8 D1 33 6A C2 3C 8E EB 4F F2 C9 87 A2 F3 Wg..3j.<..O..... 0010: 34 F8 9C 2B 22 4..+" main, READ: SSL v3.1 Application Data, length = 21 Plaintext after DECRYPTION: len = 21 0000: 6F 83 27 31 45 63 44 E3 D5 90 36 A8 10 92 5A C2 o.'1EcD...6...Z. 0010: 92 06 3E 07 E2 ..>.. main, READ: SSL v3.1 Application Data, length = 21 Plaintext after DECRYPTION: len = 21 0000: 72 BD 36 F7 B0 8E DF DD 5B 9B 22 4C 51 8E E8 DA r.6.....[."LQ... 0010: ED BE A5 0F 53 ....S main, READ: SSL v3.1 Application Data, length = 21 Plaintext after DECRYPTION: len = 21 0000: 6C FF C7 5B 71 3F 71 BF 02 1A 64 DF F4 6D AC A3 l..[q?q...d..m.. 0010: 93 43 00 73 1C .C.s. main, READ: SSL v3.1 Application Data, length = 21 Plaintext after DECRYPTION: len = 21 0000: 64 AE 26 F2 DF A7 9F D6 E4 79 59 7B D2 77 FC 24 d.&......yY..w.$ 0010: 08 2F A2 3C EB ./.<. etc... Kevin Regan wrote: > I've run into the handshake problem with OpenSSL and Java JSSE. If I change > the method used to create the SSL context from TLSv1_server_method to > SSLv23_server_method, the problem is fixed. Which version of JSSE are you using, and can you provide debug output? You can get excellent verbose debug output in JSSE if you use this command line switch: -Djavax.net.debug=ssl,handshake,data,trustmanager when calling your java application, i.e. in windows java.exe -Djavax.net.debug=ssl,handshake,data,trustmanager MyClass Recently - in a rather painful process - I found the cause for a BAD RECORD MAC SSL error sent in the server hello msg, after my JSSE SSL client sent an incorrect finish msg... Best Regards, David Maurus Kevin Regan Technical Lead Houston UNIX Team Office: 2200 Phone: 713-548-1767 ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]