Dear openssl-users@ and, in particular, Dr. Henson, First, apologies that I didn't realize I was writing to you in my previous response to Fred. I'll check my To: lines more carefully in the future.
Second, thanks for your earlier assistance in diagnosing this
issue. Your suggestions have led me to some interesting data, which I
will now try to summarize for you. (Full data are attached.)
## Test Setup:
1. As before, Fred has set up Apache with openssl-0.9.8m as follows:
./configure --prefix=/usr/local/apache2 --enable-ssl
--with-ssl=../openssl-0.9.8m-beta1
2. I have compiled today's snapshot
# curl .../openssl-0.9.8-stable-SNAP-20100122.tar.gz | tar xzf
# cd openssl-*
./config --prefix=~/ssl
make -j4
make install
3. To produce the attached log, excerpts of which are quoted below, I
ran
./openssl s_client -connect 72.247.216.155:443 -state -msg \
-crlf &> log.txt <<EOF
GET /cgi-bin/client-cert-reneg/printenv?p1=v1&p2=v2&p3=v3 HTTP/1.0
Host: caqa3-3.ssltest.akamai.com
EOF
4. Then I sat down with
http://tools.ietf.org/html/rfc5246
http://tools.ietf.org/html/draft-ietf-tls-renegotiation-03
http://www.iana.org/assignments/tls-parameters/
http://www.iana.org/assignments/tls-extensiontype-values/
and a text editor.
## Observations
1. In the attached log, the initial ClientHello contains the SCSV and
no renegotiation_info extension.
>>> TLS 1.0 Handshake [length 005b], ClientHello
01 00 00 57 03 01 4b 5a 1f 82 89 98 93 ad d5 3e
d4 04 d5 1a 72 da 56 55 1e 74 3e da 34 38 3c 59
fb 45 04 c3 e9 fb 00 00 2a 00 39 00 38 00 35 00
16 00 13 00 0a 00 33 00 32 00 2f 00 07 00 05 00
04 00 15 00 12 00 09 00 14 00 11 00 08 00 06 00
03|00 ff|01 00 00|04 00 23 00 00|
(The |00 ff| is the SCSV; the |04 00 23 00 00| is the extensions
section and contains only a SessionTicket extension with no
extension data.)
2. The corresponding ServerHello contains a renegotiation_info
extension whose renegotiated_connection field contains only a
0-length vector and no SCSV.
<<< TLS 1.0 Handshake [length 0035], ServerHello
02 00 00 31 03 01 4b 5a 1f 82 66 a3 76 ad cb db
44 ed 10 e6 05 e7 24 9f ac d7 1f 8a 4e e9 6f fe
39 be 8e b5 2f 19 00 00 39 00 00 09|ff 01 00 01
00|00 23 00 00
3. We happily exchange handshake messages and, eventually, write
Client ChangeCipherSpec and Finished messages. Then we receive the
NewSessionTicket message that we indicated support for followed by
the Server ChangeCipherSpec and Finished messages. Then we exchange
some application data. Yay!
4. We receive a HelloRequest from the server, as expected in our test
case.
5. We send our second ClientHello:
>>> TLS 1.0 Handshake [length 006a], ClientHello
01 00 00 66 03 01 4b 5a 1f 85 c1 3f f1 ff 9c 47
73 15 ef 33 f0 61 53 95 ed 9b 18 ce b6 ef e8 b8
45 64 f3 49 82 d6 00 00 28 00 39 00 38 00 35 00
16 00 13 00 0a 00 33 00 32 00 2f 00 07 00 05 00
04 00 15 00 12 00 09 00 14 00 11 00 08 00 06 00
03 01 00 00 15 ff 01 00 0d 0c c4 b3 49 4f 90 f0
37 9d 7d 63 bb 9a 00 23 00 00
without SCSV and with a renegotiation_info extension with
renegotiated_connection data of length 0x000d with contents
0c c4 b3 49 4f 90 f0 37 9d 7d 63 bb 9a
This certainly looks like a 12-byte verify_data field encoded as a
variable-length vector (i.e. prefixed with a 1-byte length).
6. We receive a fatal unexpected_message alert:
<<< TLS 1.0 Alert [length 0002], fatal unexpected_message
02 0a
7. The end.
## Questions
1. Everything looks good until we get the unexpected_message
alert. Is there some reason why we should expect to see it?
2. Does openssl s_client have a flag that will cause it to print the
Client's Finished.verify_data and the server's Finished.verify_data
as part of the secure renegotiation session state?
3. I'm confused about whether the Client's previous
Finished.verify_data field is properly encoded into the
renegotiation_info extension's renegotiated_connection field.
My concern is based on my (perhaps incorrect?) reading of
draft-ietf-tls-renegotiation-03. I read that text as saying that I
should be seeing a 12-byte value. However, I see a 13-byte
value.
My reading also seems to be consistent with RFC 5246, which
specifies Finished.verify_data
struct {
opaque verify_data[verify_data_length];
} Finished;
as a fixed-length vector (whose length happens to be calculated
dynamically based on the negotiated ciphersuite).
Finally, while I recall that this issue was discussed on
t...@ietf.org, I am unable to find a normative statement supporting
OpenSSL's encoding.
## Ending
First, I hope that these observations are of some help in diagnosing the
problem. Please let me know if I can collect other observations which
would be more helpful.
Second, I'll try to spend some quality time with the OpenSSL codebase
next week looking for implementation-level clues. Maybe I'll spot the
problem then.
Third, Fred and I will look carefully next week to see if we can spot
any differences between the behavior of openssl s_server and
Apache. Maybe we'll find a simpler test case.
Finally, thanks for making these patches available for testing and, in
general, for being a great project to work with!
Regards,
Michael
SSL_connect:before/connect initialization
CONNECTED(00000003)
>>> TLS 1.0 Handshake [length 005b], ClientHello
01 00 00 57 03 01 4b 5a 1f 82 89 98 93 ad d5 3e
d4 04 d5 1a 72 da 56 55 1e 74 3e da 34 38 3c 59
fb 45 04 c3 e9 fb 00 00 2a 00 39 00 38 00 35 00
16 00 13 00 0a 00 33 00 32 00 2f 00 07 00 05 00
04 00 15 00 12 00 09 00 14 00 11 00 08 00 06 00
03 00 ff 01 00 00 04 00 23 00 00
SSL_connect:SSLv2/v3 write client hello A
<<< TLS 1.0 Handshake [length 0035], ServerHello
02 00 00 31 03 01 4b 5a 1f 82 66 a3 76 ad cb db
44 ed 10 e6 05 e7 24 9f ac d7 1f 8a 4e e9 6f fe
39 be 8e b5 2f 19 00 00 39 00 00 09 ff 01 00 01
00 00 23 00 00
SSL_connect:SSLv3 read server hello A
<<< TLS 1.0 Handshake [length 080e], Certificate
0b 00 08 0a 00 08 07 00 03 e9 30 82 03 e5 30 82
02 cd a0 03 02 01 02 02 02 00 bd 30 0d 06 09 2a
86 48 86 f7 0d 01 01 04 05 00 30 69 31 0b 30 09
06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55
04 08 13 0a 43 61 6c 69 66 6f 72 6e 69 61 31 12
30 10 06 03 55 04 07 13 09 53 61 6e 20 4d 61 74
65 6f 31 1c 30 1a 06 03 55 04 0a 13 13 41 6b 61
6d 61 69 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73
31 13 30 11 06 03 55 04 0b 13 0a 47 68 6f 73 74
20 43 41 20 32 30 1e 17 0d 30 36 30 31 31 37 30
31 35 36 35 34 5a 17 0d 33 36 30 31 31 37 30 31
35 36 35 34 5a 30 81 91 31 0b 30 09 06 03 55 04
06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a
43 61 6c 69 66 6f 72 6e 69 61 31 12 30 10 06 03
55 04 07 13 09 53 61 6e 20 4d 61 74 65 6f 31 1c
30 1a 06 03 55 04 0a 13 13 41 6b 61 6d 61 69 20
54 65 63 68 6e 6f 6c 6f 67 69 65 73 31 1c 30 1a
06 03 55 04 0b 13 13 47 68 6f 73 74 20 2d 20 67
6f 6f 64 20 63 65 72 74 20 31 31 1d 30 1b 06 03
55 04 03 14 14 2a 2e 73 73 6c 74 65 73 74 2e 61
6b 61 6d 61 69 2e 63 6f 6d 30 81 9f 30 0d 06 09
2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30
81 89 02 81 81 00 c1 46 53 48 dd 11 87 72 8f 93
97 ef bc 33 00 9c 2e 21 84 25 90 38 f7 35 8f 7c
30 e4 eb 0b 4b ba e4 90 56 24 e8 d6 c1 37 a3 3c
ec df 00 5b ed 5e c6 e4 f2 5b 01 dd 05 71 4b 54
ad 53 80 7f 31 26 20 a2 67 4f 79 f0 b4 6d 0c 10
fb 8e 07 09 57 9d 11 3d b4 50 61 61 dc 65 64 d1
31 bd 88 cf f0 59 0f c8 a5 7c 51 ec 92 af 0e bd
22 4b 92 47 5d a5 c0 fd 2c 9d 74 72 cc 82 a0 6e
fe c1 eb 51 7d 19 02 03 01 00 01 a3 81 f1 30 81
ee 30 09 06 03 55 1d 13 04 02 30 00 30 2c 06 09
60 86 48 01 86 f8 42 01 0d 04 1f 16 1d 4f 70 65
6e 53 53 4c 20 47 65 6e 65 72 61 74 65 64 20 43
65 72 74 69 66 69 63 61 74 65 30 1d 06 03 55 1d
0e 04 16 04 14 4f cd 6e f3 b1 0f 57 11 51 a2 a6
91 79 1e eb c2 31 d7 13 5c 30 81 93 06 03 55 1d
23 04 81 8b 30 81 88 80 14 63 7f b3 b7 45 db 11
f6 d2 d5 03 11 9d d5 ce 1e d2 53 9e 0a a1 6d a4
6b 30 69 31 0b 30 09 06 03 55 04 06 13 02 55 53
31 13 30 11 06 03 55 04 08 13 0a 43 61 6c 69 66
6f 72 6e 69 61 31 12 30 10 06 03 55 04 07 13 09
53 61 6e 20 4d 61 74 65 6f 31 1c 30 1a 06 03 55
04 0a 13 13 41 6b 61 6d 61 69 20 54 65 63 68 6e
6f 6c 6f 67 69 65 73 31 13 30 11 06 03 55 04 0b
13 0a 47 68 6f 73 74 20 43 41 20 32 82 01 00 30
0d 06 09 2a 86 48 86 f7 0d 01 01 04 05 00 03 82
01 01 00 7d 74 c1 69 96 6f 13 41 55 99 a8 53 7b
fa 7c 9a 0c a0 be 51 59 76 31 bd 70 7a 75 43 25
d8 c5 04 cb d0 5a d5 1c 46 8d 43 6e 26 4b e3 5e
70 7c fd 6e ea a0 5f f7 ba 83 35 88 bb a6 99 8d
48 f8 e2 2b 7e 74 d9 35 97 0b b6 b9 bb c2 dd 8b
ec b3 49 2e b0 03 69 b6 1b c3 68 b1 41 f0 6b 12
6a b7 20 35 1b c9 bb 83 b7 06 3e 7b 49 a6 e0 c6
ce 95 3e 76 02 cd c5 6f 66 ce 47 ae 51 d5 6c 7c
70 4e 57 d4 80 ec 5c 68 84 c9 3b 2f f3 ec fb 50
2f 8d 50 c3 c5 ce a2 c7 1b ec 51 b6 aa 48 4c 06
61 8c 43 26 bc 36 1c 65 d3 e2 a7 30 86 9a 0e 64
5f 32 0a ee ca 9b 51 9e f1 08 fd 41 a2 58 4f 10
31 54 98 7a 2e 66 5d 44 7a cf 51 91 25 b6 5d c0
c0 75 23 f9 4b 50 9f 47 bf 4f 51 55 45 4c de d4
d5 37 b2 da d7 a6 df 7b b2 ca 78 00 b8 8e 10 69
fa 4a 52 d9 c2 7a f7 37 98 51 82 87 da 20 5d c7
d1 88 a5 00 04 18 30 82 04 14 30 82 02 fc a0 03
02 01 02 02 01 00 30 0d 06 09 2a 86 48 86 f7 0d
01 01 04 05 00 30 69 31 0b 30 09 06 03 55 04 06
13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 43
61 6c 69 66 6f 72 6e 69 61 31 12 30 10 06 03 55
04 07 13 09 53 61 6e 20 4d 61 74 65 6f 31 1c 30
1a 06 03 55 04 0a 13 13 41 6b 61 6d 61 69 20 54
65 63 68 6e 6f 6c 6f 67 69 65 73 31 13 30 11 06
03 55 04 0b 13 0a 47 68 6f 73 74 20 43 41 20 32
30 1e 17 0d 30 33 31 32 32 39 32 30 35 32 33 31
5a 17 0d 33 33 31 32 32 38 32 30 35 32 33 31 5a
30 69 31 0b 30 09 06 03 55 04 06 13 02 55 53 31
13 30 11 06 03 55 04 08 13 0a 43 61 6c 69 66 6f
72 6e 69 61 31 12 30 10 06 03 55 04 07 13 09 53
61 6e 20 4d 61 74 65 6f 31 1c 30 1a 06 03 55 04
0a 13 13 41 6b 61 6d 61 69 20 54 65 63 68 6e 6f
6c 6f 67 69 65 73 31 13 30 11 06 03 55 04 0b 13
0a 47 68 6f 73 74 20 43 41 20 32 30 82 01 22 30
0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82
01 0f 00 30 82 01 0a 02 82 01 01 00 b8 36 e3 86
1c a3 2e 70 1f 28 ac a2 c5 e2 75 0c 73 64 12 78
ab f0 4f de ce cd 32 45 5f a2 e4 01 d2 39 d4 0c
47 0e 2a 05 2f 27 83 68 83 17 32 cb e1 d8 7c 06
bf ef 89 9e 62 92 38 c8 e7 9d ba 96 84 3b 15 f8
c3 30 47 a3 74 22 41 f4 85 1d a5 d7 0f aa 2d fc
56 62 07 7f 98 26 8a 82 09 8b 32 07 be 46 01 f0
47 71 fa 7e 2e 06 8a 59 28 aa 58 c1 ab d7 66 42
3e 86 00 0f d1 6f 82 8b cd 29 cd bf ec db d3 52
34 16 5b df 22 84 5e f3 90 0a 0b 5b 61 57 e6 d2
46 6e a2 d1 3a 0f f0 20 13 d4 b0 77 d5 c2 be db
c8 cb 7a 57 a7 0a ef 9e d0 b8 c6 b3 0e 0a f0 0f
88 0d 11 12 2a 43 fe 0c 6f 0f ce f7 95 23 ed 76
d9 75 82 2a 17 76 e4 5a 77 4d be ca 40 b9 47 83
45 7f ff fb 06 f6 e2 12 7a d4 c9 e4 f0 45 66 e3
4f cb c1 80 69 fb af fb 91 e3 82 83 8d 25 7c 32
b5 81 a1 ee 2d 6b 7a ff 64 6e fb 1b 02 03 01 00
01 a3 81 c6 30 81 c3 30 1d 06 03 55 1d 0e 04 16
04 14 63 7f b3 b7 45 db 11 f6 d2 d5 03 11 9d d5
ce 1e d2 53 9e 0a 30 81 93 06 03 55 1d 23 04 81
8b 30 81 88 80 14 63 7f b3 b7 45 db 11 f6 d2 d5
03 11 9d d5 ce 1e d2 53 9e 0a a1 6d a4 6b 30 69
31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30
11 06 03 55 04 08 13 0a 43 61 6c 69 66 6f 72 6e
69 61 31 12 30 10 06 03 55 04 07 13 09 53 61 6e
20 4d 61 74 65 6f 31 1c 30 1a 06 03 55 04 0a 13
13 41 6b 61 6d 61 69 20 54 65 63 68 6e 6f 6c 6f
67 69 65 73 31 13 30 11 06 03 55 04 0b 13 0a 47
68 6f 73 74 20 43 41 20 32 82 01 00 30 0c 06 03
55 1d 13 04 05 30 03 01 01 ff 30 0d 06 09 2a 86
48 86 f7 0d 01 01 04 05 00 03 82 01 01 00 96 f2
10 9d 13 07 cd 45 1e 8a af 79 be 3c 4a 70 e7 3f
82 03 58 56 b4 ba 9b 44 51 a4 09 0e 5d 64 d9 4a
b9 be 9b 1d be b7 75 70 9c 36 bd 7e 10 9c a9 1f
67 5e cd e2 39 29 3d fd 9e e6 3f 73 da 64 0d 5a
97 b1 d9 ae 85 26 51 05 c9 39 12 b6 d5 27 27 eb
c4 bd 99 08 d5 44 4c 9a 82 02 32 be 35 54 d7 d5
9c 5d e6 b8 fc 59 3c cd d3 20 df 3d ca 61 cc 3c
4c 24 5e 95 93 05 44 9a 3e 81 2a bc 47 1e 13 12
db d9 16 01 39 5e 90 0f aa ba cf f1 9f 06 8e 60
bd e4 fd 3b ac 31 7a 17 c7 e3 63 27 86 14 40 28
55 58 e3 f4 6a 77 60 04 d0 43 87 91 cb 48 24 1c
d2 55 73 f6 3a a4 7d eb c5 c7 33 1d 71 47 73 df
9b 55 b0 28 4f 61 cf 3e 00 78 13 6d 9e 16 bb 3d
09 18 3c 1b 95 10 2b 67 ce 8f 4b e1 06 9f f7 2a
46 53 ed b1 eb 77 22 b0 9d 89 d5 08 dd 0f e8 19
a9 46 52 25 d1 b6 3b e2 69 48 d8 cb 31 66
depth=1 /C=US/ST=California/L=San Mateo/O=Akamai Technologies/OU=Ghost CA 2
verify error:num=19:self signed certificate in certificate chain
verify return:0
SSL_connect:SSLv3 read server certificate A
<<< TLS 1.0 Handshake [length 018d], ServerKeyExchange
0c 00 01 89 00 80 d6 7d e4 40 cb bb dc 19 36 d6
93 d3 4a fd 0a d5 0c 84 d2 39 a4 5f 52 0b b8 81
74 cb 98 bc e9 51 84 9f 91 2e 63 9c 72 fb 13 b4
b4 d7 17 7e 16 d5 5a c1 79 ba 42 0b 2a 29 fe 32
4a 46 7a 63 5e 81 ff 59 01 37 7b ed dc fd 33 16
8a 46 1a ad 3b 72 da e8 86 00 78 04 5b 07 a7 db
ca 78 74 08 7d 15 10 ea 9f cc 9d dd 33 05 07 dd
62 db 88 ae aa 74 7d e0 f4 d6 e2 bd 68 b0 e7 39
3e 0f 24 21 8e b3 00 01 02 00 80 50 7c 0c d5 f8
1b 3a e1 3f 59 29 b9 fb 98 0f be 68 f9 57 7d bf
cc f1 46 6f 33 f9 ad 9b a2 2a 5f 14 0a 13 3b 80
6d 76 b3 8e 78 f5 c4 29 13 7f 8b d8 18 77 08 96
1f 17 c1 f5 60 9c cd 9e 03 7a fd 0b b1 a6 26 08
0b 7c 80 d5 9f 96 da c5 d9 97 c9 b9 9f 43 36 cf
21 4b 84 93 95 55 9a 5e 47 b3 3e 7c af f1 91 8a
79 32 b3 89 4c 2e e6 38 3f e9 e2 54 4d 7c 36 a6
30 49 0a 52 67 3d d6 f1 18 73 21 00 80 43 0e 6e
4b 34 31 bf 46 7f 9e b8 a5 14 69 be e4 c7 77 b4
1b bf 1d 5a 9c 4d 5b 5b 13 be 96 6d 51 96 a4 36
72 e4 5f eb 0e 28 d4 5b a4 cd 6e 6c 27 44 cf 09
0c 2f f5 87 60 17 01 72 d6 fb b3 f2 eb d8 f3 4a
69 8d 9a 0d 9c 49 5c e6 54 5e d7 e4 05 e8 b2 84
be c0 b8 69 27 73 a7 c3 7a 2e d3 67 c2 b1 a8 da
fa 21 7f 53 5a 6c 13 dd 64 1e ab d0 28 b5 2b 57
1e 81 a1 27 23 f2 b7 df 35 dc f3 86 55
SSL_connect:SSLv3 read server key exchange A
<<< TLS 1.0 Handshake [length 0004], ServerHelloDone
0e 00 00 00
SSL_connect:SSLv3 read server done A
>>> TLS 1.0 Handshake [length 0086], ClientKeyExchange
10 00 00 82 00 80 5e 66 f5 ff b5 47 1d 47 49 28
dc 2a ef 4e 03 fc 7a 12 8b 89 00 ef e1 3f c4 9f
18 c8 f1 26 e9 0b 3d cf 80 0c 30 ab a6 3b e9 82
66 10 9a 19 3d 4d 4d ab 3a 63 71 22 ae 5d 3d 1e
df ec fc f9 60 4f 3a 64 d5 15 f0 64 92 04 0b 7f
7a 85 ae d9 04 9c dc 5e a0 99 d5 3e 8f 88 ec 43
d0 bc 5c 04 23 e2 57 ab 80 72 f8 7c 7a 48 f2 d0
38 f9 94 f3 7c 2e 31 4d a0 2f b0 04 47 71 8c 39
e1 42 2f 37 2d 61
SSL_connect:SSLv3 write client key exchange A
>>> TLS 1.0 ChangeCipherSpec [length 0001]
01
SSL_connect:SSLv3 write change cipher spec A
>>> TLS 1.0 Handshake [length 0010], Finished
14 00 00 0c c4 b3 49 4f 90 f0 37 9d 7d 63 bb 9a
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
<<< TLS 1.0 Handshake [length 00ca]???
04 00 00 c6 00 00 00 00 00 c0 7f 74 70 a9 52 65
40 e4 39 d5 ff 3b d6 4c 3e 2d ec ae fb 47 d8 e3
b3 c1 64 0e 8a b8 22 97 66 7a 2d 2c 49 24 72 32
3d 9c 8f e7 b3 cf 3d d7 98 bf 41 99 df 70 f9 fe
c5 48 dc 5b e3 ca 97 50 3a 0e bf 8b 8b e0 59 40
f8 b9 56 7e df 35 3d 08 5b 02 4b 99 7c 94 b0 49
23 1e 14 63 9c a3 c5 30 a1 f7 a0 e3 8b 15 58 7a
21 2c 3f b1 8e 4b 96 94 84 6e ab 9a 8e cc 9a f9
ed 7a 0b 79 c0 50 a3 0b 2c 3b b1 59 0f b5 2f b2
37 92 96 f5 51 f6 4f 64 60 fa 16 1d c9 c7 5c 58
ae 6f d8 15 4b b3 4d 0b 32 62 2b 7f ad e1 db e2
6e 5b 8f 07 af 6c e3 cc d4 63 9c e5 4e 40 a6 58
4f 39 ea a2 0e c7 5b 34 67 b2
SSL_connect:SSLv3 read server session ticket A
<<< TLS 1.0 ChangeCipherSpec [length 0001]
01
<<< TLS 1.0 Handshake [length 0010], Finished
14 00 00 0c 0f 67 c5 1d 2f 62 b6 21 ca 8f b0 f0
SSL_connect:SSLv3 read finished A
---
Certificate chain
0 s:/C=US/ST=California/L=San Mateo/O=Akamai Technologies/OU=Ghost - good cert
1/CN=*.ssltest.akamai.com
i:/C=US/ST=California/L=San Mateo/O=Akamai Technologies/OU=Ghost CA 2
1 s:/C=US/ST=California/L=San Mateo/O=Akamai Technologies/OU=Ghost CA 2
i:/C=US/ST=California/L=San Mateo/O=Akamai Technologies/OU=Ghost CA 2
---
Server certificate
-----BEGIN CERTIFICATE-----
MIID5TCCAs2gAwIBAgICAL0wDQYJKoZIhvcNAQEEBQAwaTELMAkGA1UEBhMCVVMx
EzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVNhbiBNYXRlbzEcMBoGA1UE
ChMTQWthbWFpIFRlY2hub2xvZ2llczETMBEGA1UECxMKR2hvc3QgQ0EgMjAeFw0w
NjAxMTcwMTU2NTRaFw0zNjAxMTcwMTU2NTRaMIGRMQswCQYDVQQGEwJVUzETMBEG
A1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJU2FuIE1hdGVvMRwwGgYDVQQKExNB
a2FtYWkgVGVjaG5vbG9naWVzMRwwGgYDVQQLExNHaG9zdCAtIGdvb2QgY2VydCAx
MR0wGwYDVQQDFBQqLnNzbHRlc3QuYWthbWFpLmNvbTCBnzANBgkqhkiG9w0BAQEF
AAOBjQAwgYkCgYEAwUZTSN0Rh3KPk5fvvDMAnC4hhCWQOPc1j3ww5OsLS7rkkFYk
6NbBN6M87N8AW+1exuTyWwHdBXFLVK1TgH8xJiCiZ0958LRtDBD7jgcJV50RPbRQ
YWHcZWTRMb2Iz/BZD8ilfFHskq8OvSJLkkddpcD9LJ10csyCoG7+wetRfRkCAwEA
AaOB8TCB7jAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUT81u87EPVxFRoqaReR7rwjHXE1ww
gZMGA1UdIwSBizCBiIAUY3+zt0XbEfbS1QMRndXOHtJTngqhbaRrMGkxCzAJBgNV
BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTYW4gTWF0ZW8x
HDAaBgNVBAoTE0FrYW1haSBUZWNobm9sb2dpZXMxEzARBgNVBAsTCkdob3N0IENB
IDKCAQAwDQYJKoZIhvcNAQEEBQADggEBAH10wWmWbxNBVZmoU3v6fJoMoL5RWXYx
vXB6dUMl2MUEy9Ba1RxGjUNuJkvjXnB8/W7qoF/3uoM1iLummY1I+OIrfnTZNZcL
trm7wt2L7LNJLrADabYbw2ixQfBrEmq3IDUbybuDtwY+e0mm4MbOlT52As3Fb2bO
R65R1Wx8cE5X1IDsXGiEyTsv8+z7UC+NUMPFzqLHG+xRtqpITAZhjEMmvDYcZdPi
pzCGmg5kXzIK7sqbUZ7xCP1BolhPEDFUmHouZl1Ees9RkSW2XcDAdSP5S1CfR79P
UVVFTN7U1Tey2tem33uyyngAuI4QafpKUtnCevc3mFGCh9ogXcfRiKU=
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=San Mateo/O=Akamai Technologies/OU=Ghost - good
cert 1/CN=*.ssltest.akamai.com
issuer=/C=US/ST=California/L=San Mateo/O=Akamai Technologies/OU=Ghost CA 2
---
No client certificate CA names sent
---
SSL handshake has read 2802 bytes and written 294 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: BD26D858B47E7E4BF1338A2F8F659B49D138633401AB3118911D77560299E3DD
Session-ID-ctx:
Master-Key:
0513B0C35A3EDAE975041FB4E0E6E695FE7B2D05680EBB584EE050959B859CF3DC944ECB8EF2FC1EDDDD8FE3FA518318
Key-Arg : None
TLS session ticket:
0000 - 7f 74 70 a9 52 65 40 e4-39 d5 ff 3b d6 4c 3e 2d .tp...@.9..;.L>-
0010 - ec ae fb 47 d8 e3 b3 c1-64 0e 8a b8 22 97 66 7a ...G....d...".fz
0020 - 2d 2c 49 24 72 32 3d 9c-8f e7 b3 cf 3d d7 98 bf -,I$r2=.....=...
0030 - 41 99 df 70 f9 fe c5 48-dc 5b e3 ca 97 50 3a 0e A..p...H.[...P:.
0040 - bf 8b 8b e0 59 40 f8 b9-56 7e df 35 3d 08 5b 02 .....@..v~.5=.[.
0050 - 4b 99 7c 94 b0 49 23 1e-14 63 9c a3 c5 30 a1 f7 K.|..I#..c...0..
0060 - a0 e3 8b 15 58 7a 21 2c-3f b1 8e 4b 96 94 84 6e ....Xz!,?..K...n
0070 - ab 9a 8e cc 9a f9 ed 7a-0b 79 c0 50 a3 0b 2c 3b .......z.y.P..,;
0080 - b1 59 0f b5 2f b2 37 92-96 f5 51 f6 4f 64 60 fa .Y../.7...Q.Od`.
0090 - 16 1d c9 c7 5c 58 ae 6f-d8 15 4b b3 4d 0b 32 62 ....\X.o..K.M.2b
00a0 - 2b 7f ad e1 db e2 6e 5b-8f 07 af 6c e3 cc d4 63 +.....n[...l...c
00b0 - 9c e5 4e 40 a6 58 4f 39-ea a2 0e c7 5b 34 67 b2 ....@.xo9....[4g.
Start Time: 1264197506
Timeout : 300 (sec)
Verify return code: 19 (self signed certificate in certificate chain)
---
<<< TLS 1.0 Handshake [length 0004], HelloRequest
00 00 00 00
SSL_connect:SSL renegotiate ciphers
>>> TLS 1.0 Handshake [length 006a], ClientHello
01 00 00 66 03 01 4b 5a 1f 85 c1 3f f1 ff 9c 47
73 15 ef 33 f0 61 53 95 ed 9b 18 ce b6 ef e8 b8
45 64 f3 49 82 d6 00 00 28 00 39 00 38 00 35 00
16 00 13 00 0a 00 33 00 32 00 2f 00 07 00 05 00
04 00 15 00 12 00 09 00 14 00 11 00 08 00 06 00
03 01 00 00 15 ff 01 00 0d 0c c4 b3 49 4f 90 f0
37 9d 7d 63 bb 9a 00 23 00 00
SSL_connect:SSLv3 write client hello A
<<< TLS 1.0 Alert [length 0002], fatal unexpected_message
02 0a
SSL3 alert read:fatal:unexpected_message
SSL_connect:failed in SSLv3 read server hello A
11345:error:140943F2:SSL routines:SSL3_READ_BYTES:sslv3 alert unexpected
message:s3_pkt.c:1102:SSL alert number 10
11345:error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake
failure:s3_pkt.c:1006:
pgpmkDnlka2m8.pgp
Description: PGP signature
