A quick update on this issue. After digging through some untouched
code, I discovered that the server was writing data directly to the
port instead of the SSL_SOCK_Stream. Problem solved. Thanks for all
of your help.
On 12/11/06, Marek Marcola <[EMAIL PROTECTED]> wrote:
Hello,
> Hrm... ssldump fails during the handshake with a 'Length Mismatch"
> error with the xX options. Here is the output;
>
> New TCP connection #5: localhost.localdomain(53503) <->
> localhost.localdomain(5758)
> 5 1 0.0024 (0.0024) C>S SSLv2 compatible client hello
> Version 3.1
> cipher suites
> Unknown value 0x39
> Unknown value 0x38
> Unknown value 0x35
> TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
> TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
> TLS_RSA_WITH_3DES_EDE_CBC_SHA
> SSL2_CK_3DES
> Unknown value 0x33
> Unknown value 0x32
> Unknown value 0x2f
> TLS_RSA_WITH_IDEA_CBC_SHA
> SSL2_CK_IDEA
> SSL2_CK_RC2
> TLS_RSA_WITH_RC4_128_SHA
> TLS_RSA_WITH_RC4_128_MD5
> SSL2_CK_RC4
> TLS_DHE_RSA_WITH_DES_CBC_SHA
> TLS_DHE_DSS_WITH_DES_CBC_SHA
> TLS_RSA_WITH_DES_CBC_SHA
> SSL2_CK_DES
> TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
> TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
> TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
> TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
> SSL2_CK_RC2_EXPORT40
> TLS_RSA_EXPORT_WITH_RC4_40_MD5
> SSL2_CK_RC4_EXPORT40
> Packet data[108]=
> 80 6a 01 03 01 00 51 00 00 00 10 00 00 39 00 00
> 38 00 00 35 00 00 16 00 00 13 00 00 0a 07 00 c0
> 00 00 33 00 00 32 00 00 2f 00 00 07 05 00 80 03
> 00 80 00 00 05 00 00 04 01 00 80 00 00 15 00 00
> 12 00 00 09 06 00 40 00 00 14 00 00 11 00 00 08
> 00 00 06 04 00 80 00 00 03 02 00 80 91 55 24 ce
> 72 4d 72 01 68 d9 56 6c 86 9c 59 f6
>
> 5 2 0.0053 (0.0029) S>CV3.1(74) Handshake
> ServerHello
> Version 3.1
> random[32]=
> 45 7d b0 b3 87 26 d8 05 b8 27 68 85 01 f5 5e 59
> 8a 67 d1 ac 3d 94 bc d6 45 c4 f0 42 7a a1 60 ec
> session_id[32]=
> 2e ab ad 61 fe 1e 47 6a f2 a2 0f 06 c9 61 23 13
> d1 4f 24 e4 5f f3 89 ea 25 8c 90 2d ea b7 fa aa
> cipherSuite Unknown value 0x35
> compressionMethod NULL
> Packet data[79]=
> 16 03 01 00 4a 02 00 00 46 03 01 45 7d b0 b3 87
> 26 d8 05 b8 27 68 85 01 f5 5e 59 8a 67 d1 ac 3d
> 94 bc d6 45 c4 f0 42 7a a1 60 ec 20 2e ab ad 61
> fe 1e 47 6a f2 a2 0f 06 c9 61 23 13 d1 4f 24 e4
> 5f f3 89 ea 25 8c 90 2d ea b7 fa aa 00 35 00
>
>
> 5 3 0.0053 (0.0000) S>CV3.1(889) Handshake
> Certificate
> Subject
> C=US
> ST=Illinois
> L=Chicago
> O=Blah
> CN=BLAH-SRV-BLAH
> [EMAIL PROTECTED]
> Issuer
> C=US
> ST=Illinois
> L=Chicago
> O=Blah
> CN=BLAH-SRV-BLAH
> [EMAIL PROTECTED]
> Serial 00
> Extensions
> Extension: X509v3 Subject Key Identifier
> Extension: X509v3 Authority Key Identifier
> Extension: X509v3 Basic Constraints
> Packet data[894]=
> 16 03 01 03 79 0b 00 03 75 00 03 72 00 03 6f 30
> 82 03 6b 30 82 02 d4 a0 03 02 01 02 02 01 00 30
> 0d 06 09 2a 86 48 86 f7 0d 01 01 04 05 00 30 81
> 86 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 11
> 30 0f 06 03 55 04 08 13 08 49 6c 6c 69 6e 6f 69
> 73 31 10 30 0e 06 03 55 04 07 13 07 43 68 69 63
> 61 67 6f 31 12 30 10 06 03 55 04 0a 13 09 43 6f
> 6e 6e 61 6d 61 72 61 31 18 30 16 06 03 55 04 03
> 13 0f 43 48 49 2d 53 52 56 2d 4f 50 50 44 45 56
> 31 31 24 30 22 06 09 2a 86 48 86 f7 0d 01 09 01
> 16 15 63 62 75 73 62 65 79 40 63 6f 6e 6e 61 6d
> 61 72 61 2e 63 6f 6d 30 1e 17 0d 30 36 31 32 30
> 34 32 33 30 32 35 33 5a 17 0d 30 39 30 38 33 30
> 32 33 30 32 35 33 5a 30 81 86 31 0b 30 09 06 03
> 55 04 06 13 02 55 53 31 11 30 0f 06 03 55 04 08
> 13 08 49 6c 6c 69 6e 6f 69 73 31 10 30 0e 06 03
> 55 04 07 13 07 43 68 69 63 61 67 6f 31 12 30 10
> 06 03 55 04 0a 13 09 43 6f 6e 6e 61 6d 61 72 61
> 31 18 30 16 06 03 55 04 03 13 0f 43 48 49 2d 53
> 52 56 2d 4f 50 50 44 45 56 31 31 24 30 22 06 09
> 2a 86 48 86 f7 0d 01 09 01 16 15 63 62 75 73 62
> 65 79 40 63 6f 6e 6e 61 6d 61 72 61 2e 63 6f 6d
> 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01
> 05 00 03 81 8d 00 30 81 89 02 81 81 00 a1 17 50
> 53 10 ef 67 24 62 b5 6a 76 9d dd c5 32 61 9d 9d
> b4 59 43 a2 a8 9a 72 11 7d c0 36 4d 9f 1e ae 25
> 30 01 97 3d 90 54 bd b1 1a 3e 65 ec 3f 56 1b 79
> 39 03 57 08 74 29 6f 0b 19 e1 ca 5d 3b 8e 25 de
> 54 28 15 d0 f0 8c c2 0f 41 5a db ba e8 67 8a e1
> af 93 0f f9 11 d4 8f e7 6c 6a 2a d9 8d 1f 9a df
> 46 0b 61 3b 17 75 00 08 fd 5d f5 b8 57 00 90 4d
> 83 25 bf 47 22 ab b2 d7 0e 83 9a 28 c3 02 03 01
> 00 01 a3 81 e6 30 81 e3 30 1d 06 03 55 1d 0e 04
> 16 04 14 23 cf 32 38 42 52 75 4f 8f 4d ae d5 05
> b5 68 76 30 a0 18 01 30 81 b3 06 03 55 1d 23 04
> 81 ab 30 81 a8 80 14 23 cf 32 38 42 52 75 4f 8f
> 4d ae d5 05 b5 68 76 30 a0 18 01 a1 81 8c a4 81
> 89 30 81 86 31 0b 30 09 06 03 55 04 06 13 02 55
> 53 31 11 30 0f 06 03 55 04 08 13 08 49 6c 6c 69
> 6e 6f 69 73 31 10 30 0e 06 03 55 04 07 13 07 43
> 68 69 63 61 67 6f 31 12 30 10 06 03 55 04 0a 13
> 09 43 6f 6e 6e 61 6d 61 72 61 31 18 30 16 06 03
> 55 04 03 13 0f 43 48 49 2d 53 52 56 2d 4f 50 50
> 44 45 56 31 31 24 30 22 06 09 2a 86 48 86 f7 0d
> 01 09 01 16 15 63 62 75 73 62 65 79 40 63 6f 6e
> 6e 61 6d 61 72 61 2e 63 6f 6d 82 01 00 30 0c 06
> 03 55 1d 13 04 05 30 03 01 01 ff 30 0d 06 09 2a
> 86 48 86 f7 0d 01 01 04 05 00 03 81 81 00 28 d7
> ca 7f 50 fe 55 70 24 20 57 3d 2e f4 30 8b ff 0f
> d6 16 3b 18 d3 84 ba 17 54 b2 a6 6e 45 1e 3f b5
> cf 6e d1 90 4e a7 bf d8 2b a8 7d ae 7c 69 f6 e4
> 72 33 cc 73 12 db 71 f5 56 00 69 e5 5a 47 92 6c
> 9c 34 a1 0e 7c 02 b3 aa e8 e0 98 e6 dc 68 77 81
> 78 42 78 61 b6 3b 02 15 71 cc 09 8d 19 81 62 8c
> 8e b5 fa 9d cc 61 21 06 57 1d a9 c5 d1 70 81 14
> 1e 12 cb e7 ae d2 d2 df 7a a5 70 1a 50 5d
>
>
> 5 4 0.0053 (0.0000) S>CV3.1(4) Handshake
> ServerHelloDone
> Packet data[9]=
> 16 03 01 00 04 0e 00 00 00
>
>
> 5 5 0.0256 (0.0203) C>SV3.1(134) Handshake
> ClientKeyExchange
> Packet data[139]=
> 16 03 01 00 86 10 00 00 82 00 80 2a 13 72 b1 21
> cf db 06 bd 58 d9 de 6a 2f 71 60 79 dc 19 ce e6
> 96 1a 17 d8 2c d3 0e 9f c1 74 aa 29 29 49 34 d7
> f4 a4 33 a9 ad b4 7b de 7e 4f e0 73 01 99 c7 a9
> 1d 97 79 49 4f 22 5c cd 07 b3 5e 3b 7b 39 2f 43
> ad 84 76 5b 12 0f f8 80 96 c7 53 de d2 b8 ef dc
> 89 ce df 44 64 a9 c5 7b 6a e7 26 41 24 f6 e7 51
> d3 d3 cd 9f 01 5e d6 8e 1a c3 a5 17 e6 53 46 06
> e8 ee 80 9d 9c 54 07 ba 63 87 3d
This packet looks good:
- 5 bytes of protocol header (16 03 01 00 86)
indicating 134 (86) bytes of data
- 4 bytes of handshake header (10 00 00 82)
indicating 130 (82) bytes of data and
client_key_exchange packet (10)
- 2 bytes indicating length of encrypted data
(only for TLS1) 00 80 (128), so 1024 bit
RSA key is used (128*8)
- and next encrypted data
> ERROR: Length mismatch
This error is from reading next packet and indicate
some errors when capturing packet. Some network errors ?
Some IDS devices ?
My proposition is to check SSL communication with
s_client/s_server.
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
