Hi,
I have a custom client, which I wrote long time ago.
Now it connects to a server, which requests renegotiation.
First time it doesn't request client certificate, second time it does.
It looks like my client sending application data twice and just discards first response from the server.
Is this correct behavior?
Thanks,
Andrei
This is SSL dump.
New TCP connection #1: 168.11.1.5(47848) <-> 155.136.172.48(443)
1 1 0.0500 (0.0500) C>SV3.0(69) Handshake
ClientHello
Version 3.0
random[32]=
cipher suites
SSL_DHE_DSS_WITH_RC2_56_CBC_SHA
SSL_RSA_EXPORT1024_WITH_RC4_56_SHA
SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA
SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA
SSL_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5
SSL_RSA_EXPORT1024_WITH_RC4_56_MD5
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5
SSL_RSA_EXPORT_WITH_RC4_40_MD5
SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA
SSL_DH_anon_EXPORT_WITH_RC4_40_MD5
compression methods
NULL
1 2 0.0701 (0.0200) S>CV3.0(995) Handshake
ServerHello
Version 3.0
random[32]=
session_id[32]=
cipherSuite SSL_RSA_EXPORT1024_WITH_RC4_56_SHA
compressionMethod NULL
Certificate
... omitted for security reasons
ServerHelloDone
1 3 0.1501 (0.0800) C>SV3.0(132) Handshake
ClientKeyExchange
EncryptedPreMasterSecret[128]=
1 4 0.1501 (0.0000) C>SV3.0(1) ChangeCipherSpec
1 5 0.1501 (0.0000) C>SV3.0(60) Handshake
Finished
md5_hash[16]=
sha_hash[20]=
1 6 0.1642 (0.0141) S>CV3.0(1) ChangeCipherSpec
1 7 0.1642 (0.0000) S>CV3.0(60) Handshake
Finished
md5_hash[16]=
sha_hash[20]=
1 8 0.3500 (0.1858) C>SV3.0(415) application_data
---------------------------------------------------------------
GET /WorkflowHTTP.asmx ... omitted for security reasons
Host: ... omitted for security reasons
Connection: Keep-Alive
Accept: */*
User-Agent: ...... omitted for security reasons
---------------------------------------------------------------
1 9 0.3533 (0.0032) S>CV3.0(24) Handshake
HelloRequest
1 10 0.4041 (0.0508) C>SV3.0(89) Handshake
ClientHello
Version 3.0
random[32]=
cipher suites
SSL_DHE_DSS_WITH_RC2_56_CBC_SHA
SSL_RSA_EXPORT1024_WITH_RC4_56_SHA
SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA
SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA
SSL_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5
SSL_RSA_EXPORT1024_WITH_RC4_56_MD5
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5
SSL_RSA_EXPORT_WITH_RC4_40_MD5
SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA
SSL_DH_anon_EXPORT_WITH_RC4_40_MD5
compression methods
NULL
1 11 0.5656 (0.1614) S>CV3.0(4275) Handshake
ServerHello
Version 3.0
random[32]=
session_id[32]=
cipherSuite SSL_RSA_EXPORT1024_WITH_RC4_56_SHA
compressionMethod NULL
Certificate
... omitted for security reasons
CertificateRequest
certificate_types rsa_sign
certificate_types dss_sign
certificate_authority
DC=com
DC=prophit
CN=ProphITCA
certificate_authority
C=US
O=VeriSign, Inc.
OU=Class 1 Public Primary Certification Authority - G2
OU=(c) 1998 VeriSign, Inc. - For authorized use only
OU=VeriSign Trust Network
certificate_authority
C=US
O=VeriSign, Inc.
OU=Class 4 Public Primary Certification Authority - G2
OU=(c) 1998 VeriSign, Inc. - For authorized use only
OU=VeriSign Trust Network
certificate_authority
C=ZA
ST=Western Cape
L=Cape Town
O=Thawte Consulting
OU=Certification Services Division
CN=Thawte Personal Freemail CA
[EMAIL PROTECTED]
certificate_authority
C=ZA
ST=Western Cape
L=Cape Town
O=Thawte Consulting
OU=Certification Services Division
CN=Thawte Personal Premium CA
[EMAIL PROTECTED]
certificate_authority
C=US
O=First Data Digital Certificates Inc.
CN=First Data Digital Certificates Inc. Certification Authority
certificate_authority
C=ZA
ST=Western Cape
L=Cape Town
O=Thawte Consulting
OU=Certification Services Division
CN=Thawte Personal Basic CA
[EMAIL PROTECTED]
certificate_authority
C=US
O=VeriSign, Inc.
OU=Class 3 Public Primary Certification Authority
certificate_authority
C=US
O=VeriSign, Inc.
OU=Class 2 Public Primary Certification Authority
certificate_authority
C=US
O=VeriSign, Inc.
OU=Class 1 Public Primary Certification Authority
certificate_authority
C=US
O=VeriSign, Inc.
OU=Class 3 Public Primary Certification Authority - G2
OU=(c) 1998 VeriSign, Inc. - For authorized use only
OU=VeriSign Trust Network
certificate_authority
C=HU
L=Budapest
O=NetLock Halozatbiztonsagi Kft.
OU=Tanusitvanykiadok
CN=NetLock Uzleti (Class B) Tanusitvanykiado
certificate_authority
C=US
O=GTE Corporation
CN=GTE CyberTrust Root
certificate_authority
C=US
O=GTE Corporation
OU=GTE CyberTrust Solutions, Inc.
CN=GTE CyberTrust Global Root
certificate_authority
C=US
O=Entrust.net
OU=www.entrust.net
CPS incorp. by ref. (limits liab.)
OU=(c) 1999 Entrust.net Limited
CN=Entrust.net Secure Server Certification Authority
certificate_authority
C=HU
ST=Hungary
L=Budapest
O=NetLock Halozatbiztonsagi Kft.
OU=Tanusitvanykiadok
CN=NetLock Kozjegyzoi (Class A) Tanusitvanykiado
certificate_authority
C=US
O=VeriSign, Inc.
OU=Class 2 Public Primary Certification Authority - G2
OU=(c) 1998 VeriSign, Inc. - For authorized use only
OU=VeriSign Trust Network
certificate_authority
C=US
O=GTE Corporation
OU=GTE CyberTrust Solutions, Inc.
CN=GTE CyberTrust Root
certificate_authority
C=HU
L=Budapest
O=NetLock Halozatbiztonsagi Kft.
OU=Tanusitvanykiadok
CN=NetLock Expressz (Class C) Tanusitvanykiado
certificate_authority
OU=Copyright (c) 1997 Microsoft Corp.
OU=Microsoft Corporation
CN=Microsoft Root Authority
certificate_authority
C=GB
O=Royal Bank of Scotland plc
OU=Royal Bank of Scotland Enterprise CA
certificate_authority
DC=com
DC=microsoft
CN=Microsoft Root Certificate Authority
ServerHelloDone
1 12 0.6836 (0.1179) C>SV3.0(1486) Handshake
Certificate
... omitted for security reasons
1 13 0.9601 (0.2765) C>SV3.0(152) Handshake
ClientKeyExchange
EncryptedPreMasterSecret[128]=
1 14 0.9601 (0.0000) C>SV3.0(154) Handshake
CertificateVerify
Signature[128]=
1 15 0.9601 (0.0000) C>SV3.0(21) ChangeCipherSpec
1 16 0.9601 (0.0000) C>SV3.0(60) Handshake
Finished
md5_hash[16]=
83 a3 0c 55 08 4e ec 08 24 58 f5 89 c7 c5 c0 37
sha_hash[20]=
5b d3 1a 33 3f d0 b9 62 40 20 d5 5d 46 7c 41 11
3d 9b 3a 7d
1 17 0.9788 (0.0186) S>CV3.0(21) ChangeCipherSpec
1 18 0.9788 (0.0000) S>CV3.0(60) Handshake
Finished
md5_hash[16]=
sha_hash[20]=
1 19 1.0401 (0.0613) S>CV3.0(508) application_data
---------------------------------------------------------------
HTTP/1.1 200 OK
Date: Mon, 24 Jan 2005 14:44:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: private, max-age=0
Content-Type: text/xml; charset=utf-8
Content-Length: 287
<?xml version="1.0" encoding="utf-8"?>
<Output>
... omitted for security reasons
</Output>---------------------------------------------------------------
1 20 1.5700 (0.5298) C>SV3.0(415) application_data
---------------------------------------------------------------
GET /WorkflowHTTP.asmx ... omitted for security reasons, but it's exactly the same request.
Host:
Connection: Keep-Alive
Accept: */*
User-Agent: Nortel PERIhtmls/1.0.0
---------------------------------------------------------------
1 21 1.6100 (0.0400) S>CV3.0(508) application_data
---------------------------------------------------------------
HTTP/1.1 200 OK
Date: Mon, 24 Jan 2005 14:44:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: private, max-age=0
Content-Type: text/xml; charset=utf-8
Content-Length: 287
<?xml version="1.0" encoding="utf-8"?>
<Output>
... omitted for security reasons, but it's exactly the same response
</Output>---------------------------------------------------------------
1 22 1.7100 (0.0999) C>SV3.0(22) Alert
level warning
value close_notify
