On 02/05/17 15:41, Joel Sing wrote:
On Sunday 05 February 2017 11:13:16 Andreas Bartelt wrote:
On 02/05/17 07:41, Joel Sing wrote:
You can just specify X25519 as a group - it will not appear in `openssl
ecparam -list_curves' since it is not a standard EC curve.
thanks - I didn't notice that capitalization is important here. Maybe
x25519 and ecdh_x25519 [IANA] should also be accepted as valid names
[http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml].
I'll consider this, however all of the RFCs refer to it as X25519 (e.g.
RFC7748 and draft-ietf-curdle-pkix-03). This is also no different to the fact
that you cannot use 'Prime256v1' or 'p-384'.
The definition of the curve itself is provided in RFC 7748 - RFCs for
some other listed curves (e.g., brainpool) are also only tagged as
Informational. What is missing with regard to X25519?
There is nothing missing as such - X25519 is a function that performs scalar
multiplication on a curve known as curve25519. The X25519 function is in turn
used to perform Diffie-Hellman key exchange. Neither X25519 nor curve25519 fit
the OpenSSL Elliptic Curve API (largely due to design), hence it does not make
sense for it to appear in 'openssl ecparam -list_curves', which would require
it to be treated and manipulated as if it was a standard EC curve.
thanks for the explanation.
This is really weird. Although my test results for X25519 were similarly
confusing -- for simplicity, I'll provide some more results which were
restricted to explicitly testing secp384r1.
[snip]
Error messages when failing against httpd:
> openssl s_client -connect <servername>:443 -servername <servername>
-groups secp384r1
CONNECTED(00000003)
12254385780000:error:14FFF410:SSL routines:SSL_internal:sslv3 alert
handshake failure:/usr/src/lib/libssl/ssl_pkt.c:1205:SSL alert number 40
12254385780000:error:14FFF0E5:SSL routines:SSL_internal:ssl handshake
failure:/usr/src/lib/libssl/ssl_pkt.c:585:
This is the server-side responding with a fatal SSL handshake failure alert -
there are only a few cases where this will happen, the most likely of which is
when there is no matching cipher suite.
- Is there any other configuration that would limit the cipher suites in use?
I've tested the following tls configurations with httpd:
config 1)
tls {
key "/etc/ssl/private/server.key"
certificate "/etc/ssl/server.crt"
ecdhe "secp384r1"
ocsp "/etc/ssl/server_ocsp.der" # [manually fetched a
fresh one via ocspcheck]
}
config 2)
tls {
key "/etc/ssl/private/server.key"
certificate "/etc/ssl/server.crt"
ecdhe "secp384r1"
ciphers
"ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384"
ocsp "/etc/ssl/server_ocsp.der"
}
A fresh /etc/ssl/server_ocsp.der was manually fetched with ocspcheck.
- What cipher suite is used if you connect without specifying -groups?
config 1: ECDHE-ECDSA-AES256-GCM-SHA384
config 2: ECDHE-ECDSA-CHACHA20-POLY1305
- What type of public certificate are you using (RSA or ECDSA)?
ECDSA with P-256. Certificate signed by letsencrypt (via RSA).
Must-staple is enabled - that's why I'm also using the ocsp line for
testing.
I could verify that OCSP stapling is not the problem here since I've
also tested without the ocsp line in httpd.conf [and then using another
certificate without the encoded "must staple" extension]. Both results
were identical.
- If you're still unable to get to the bottom of it, try running 'openssl
s_client' with -debug and provide the output.
> openssl s_client -connect www.bartelt.name:443 -servername
www.bartelt.name -debug -groups secp384r1
CONNECTED(00000003)
write to 0x59765414700 [0x59775e64003] (261 bytes => 261 (0x105))
0000 - 16 03 01 01 00 01 00 00-fc 03 03 79 f3 5f 4c fe ...........y._L.
0010 - 4f b8 30 11 07 81 ba cc-a4 1e 1b 21 da 3f da 0c O.0........!.?..
0020 - 69 b8 f0 12 b9 33 83 75-ac 35 1d 00 00 7e c0 30 i....3.u.5...~.0
0030 - c0 2c c0 28 c0 24 c0 14-c0 0a 00 a3 00 9f 00 6b .,.(.$.........k
0040 - 00 6a 00 39 00 38 cc a9-cc a8 cc aa cc 14 cc 13 .j.9.8..........
0050 - cc 15 ff 85 00 c4 00 c3-00 88 00 87 00 81 00 9d ................
0060 - 00 3d 00 35 00 c0 00 84-c0 2f c0 2b c0 27 c0 23 .=.5...../.+.'.#
0070 - c0 13 c0 09 00 a2 00 9e-00 67 00 40 00 33 00 32 .........g.@.3.2
0080 - 00 be 00 bd 00 45 00 44-00 9c 00 3c 00 2f 00 ba .....E.D...<./..
0090 - 00 41 c0 11 c0 07 00 05-00 04 c0 12 c0 08 00 16 .A..............
00a0 - 00 13 00 0a 00 15 00 12-00 09 00 ff 01 00 00 55 ...............U
00b0 - 00 00 00 15 00 13 00 00-10 77 77 77 2e 62 61 72 .........www.bar
00c0 - 74 65 6c 74 2e 6e 61 6d-65 00 0b 00 02 01 00 00 telt.name.......
00d0 - 0a 00 04 00 02 00 18 00-23 00 00 00 0d 00 26 00 ........#.....&.
00e0 - 24 06 01 06 02 06 03 ef-ef 05 01 05 02 05 03 04 $...............
00f0 - 01 04 02 04 03 ee ee ed-ed 03 01 03 02 03 03 02 ................
0100 - 01 02 02 02 03 .....
read from 0x59765414700 [0x59702b4d003] (5 bytes => 5 (0x5))
0000 - 15 03 03 00 02 .....
read from 0x59765414700 [0x59702b4d008] (2 bytes => 2 (0x2))
0000 - 02 28 .(
6146239412128:error:14FFF410:SSL routines:SSL_internal:sslv3 alert
handshake failure:/usr/src/lib/libssl/ssl_pkt.c:1205:SSL alert number 40
6146239412128:error:14FFF0E5:SSL routines:SSL_internal:ssl handshake
failure:/usr/src/lib/libssl/ssl_pkt.c:585:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Start Time: 1486310260
Timeout : 7200 (sec)
Verify return code: 0 (ok)
---
> openssl s_client -connect www.bartelt.name:443 -servername
www.bartelt.name -debug
CONNECTED(00000003)
write to 0xb4e53387780 [0xb4ecf059003] (265 bytes => 265 (0x109))
0000 - 16 03 01 01 04 01 00 01-00 03 03 6e 6d af b0 e9 ...........nm...
0010 - b6 ba 2e 5c f9 b5 6f a1-7f 73 10 83 bc 09 5a 65 ...\..o..s....Ze
0020 - 21 93 54 07 64 70 28 fb-45 b3 59 00 00 7e c0 30 !.T.dp(.E.Y..~.0
0030 - c0 2c c0 28 c0 24 c0 14-c0 0a 00 a3 00 9f 00 6b .,.(.$.........k
0040 - 00 6a 00 39 00 38 cc a9-cc a8 cc aa cc 14 cc 13 .j.9.8..........
0050 - cc 15 ff 85 00 c4 00 c3-00 88 00 87 00 81 00 9d ................
0060 - 00 3d 00 35 00 c0 00 84-c0 2f c0 2b c0 27 c0 23 .=.5...../.+.'.#
0070 - c0 13 c0 09 00 a2 00 9e-00 67 00 40 00 33 00 32 .........g.@.3.2
0080 - 00 be 00 bd 00 45 00 44-00 9c 00 3c 00 2f 00 ba .....E.D...<./..
0090 - 00 41 c0 11 c0 07 00 05-00 04 c0 12 c0 08 00 16 .A..............
00a0 - 00 13 00 0a 00 15 00 12-00 09 00 ff 01 00 00 59 ...............Y
00b0 - 00 00 00 15 00 13 00 00-10 77 77 77 2e 62 61 72 .........www.bar
00c0 - 74 65 6c 74 2e 6e 61 6d-65 00 0b 00 02 01 00 00 telt.name.......
00d0 - 0a 00 08 00 06 00 1d 00-17 00 18 00 23 00 00 00 ............#...
00e0 - 0d 00 26 00 24 06 01 06-02 06 03 ef ef 05 01 05 ..&.$...........
00f0 - 02 05 03 04 01 04 02 04-03 ee ee ed ed 03 01 03 ................
0100 - 02 03 03 02 01 02 02 02-03 .........
read from 0xb4e53387780 [0xb4e13e63003] (5 bytes => 5 (0x5))
0000 - 16 03 03 00 3b ....;
read from 0xb4e53387780 [0xb4e13e63008] (59 bytes => 59 (0x3B))
0000 - 02 00 00 37 03 03 cb 0e-0b 28 f2 d5 f6 f0 9f e6 ...7.....(......
0010 - 86 b1 98 71 a1 49 83 e1-0d fe 78 cc d8 2f 30 92 ...q.I....x../0.
0020 - eb 1e 9c 0a 5e ad 00 c0-2c 00 00 0f 00 00 00 00 ....^...,.......
0030 - ff 01 00 01 00 00 0b 00-02 01 ..........
003b - <SPACES/NULS>
read from 0xb4e53387780 [0xb4e13e63003] (5 bytes => 5 (0x5))
0000 - 16 03 03 08 fd .....
read from 0xb4e53387780 [0xb4e13e63008] (2301 bytes => 2301 (0x8FD))
0000 - 0b 00 08 f9 00 08 f6 00-04 5a 30 82 04 56 30 82 .........Z0..V0.
0010 - 03 3e a0 03 02 01 02 02-12 03 75 04 4c 87 56 60 .>........u.L.V`
0020 - dc 20 fa 53 ac 37 ad b2-83 f7 d3 30 0d 06 09 2a . .S.7.....0...*
0030 - 86 48 86 f7 0d 01 01 0b-05 00 30 4a 31 0b 30 09 .H........0J1.0.
0040 - 06 03 55 04 06 13 02 55-53 31 16 30 14 06 03 55 ..U....US1.0...U
0050 - 04 0a 13 0d 4c 65 74 27-73 20 45 6e 63 72 79 70 ....Let's Encryp
0060 - 74 31 23 30 21 06 03 55-04 03 13 1a 4c 65 74 27 t1#0!..U....Let'
0070 - 73 20 45 6e 63 72 79 70-74 20 41 75 74 68 6f 72 s Encrypt Author
0080 - 69 74 79 20 58 33 30 1e-17 0d 31 36 31 32 31 38 ity X30...161218
0090 - 31 31 32 34 30 30 5a 17-0d 31 37 30 33 31 38 31 112400Z..1703181
00a0 - 31 32 34 30 30 5a 30 17-31 15 30 13 06 03 55 04 12400Z0.1.0...U.
00b0 - 03 13 0c 62 61 72 74 65-6c 74 2e 6e 61 6d 65 30 ...bartelt.name0
00c0 - 59 30 13 06 07 2a 86 48-ce 3d 02 01 06 08 2a 86 Y0...*.H.=....*.
00d0 - 48 ce 3d 03 01 07 03 42-00 04 9d a8 88 9c f9 02 H.=....B........
00e0 - 76 3d 52 ff b9 af 31 10-de 9f 5d fa a7 af 47 f9 v=R...1...]...G.
00f0 - bd 34 07 d3 b3 db 80 7f-15 dc 72 32 51 20 47 e3 .4........r2Q G.
0100 - 22 bf 13 56 ed b2 4d 96-46 39 a6 d8 28 9c 01 08 "..V..M.F9..(...
0110 - 63 3d 90 97 8a 6b ac d8-62 77 a3 82 02 32 30 82 c=...k..bw...20.
0120 - 02 2e 30 0e 06 03 55 1d-0f 01 01 ff 04 04 03 02 ..0...U.........
0130 - 07 80 30 1d 06 03 55 1d-25 04 16 30 14 06 08 2b ..0...U.%..0...+
0140 - 06 01 05 05 07 03 01 06-08 2b 06 01 05 05 07 03 .........+......
0150 - 02 30 0c 06 03 55 1d 13-01 01 ff 04 02 30 00 30 .0...U.......0.0
0160 - 1d 06 03 55 1d 0e 04 16-04 14 54 7e 9e 2b f7 3a ...U......T~.+.:
0170 - 98 33 96 12 b7 0f 10 f7-a5 25 38 39 66 a2 30 1f .3.......%89f.0.
0180 - 06 03 55 1d 23 04 18 30-16 80 14 a8 4a 6a 63 04 ..U.#..0....Jjc.
0190 - 7d dd ba e6 d1 39 b7 a6-45 65 ef f3 a8 ec a1 30 }....9..Ee.....0
01a0 - 70 06 08 2b 06 01 05 05-07 01 01 04 64 30 62 30 p..+........d0b0
01b0 - 2f 06 08 2b 06 01 05 05-07 30 01 86 23 68 74 74 /..+.....0..#htt
01c0 - 70 3a 2f 2f 6f 63 73 70-2e 69 6e 74 2d 78 33 2e p://ocsp.int-x3.
01d0 - 6c 65 74 73 65 6e 63 72-79 70 74 2e 6f 72 67 2f letsencrypt.org/
01e0 - 30 2f 06 08 2b 06 01 05-05 07 30 02 86 23 68 74 0/..+.....0..#ht
01f0 - 74 70 3a 2f 2f 63 65 72-74 2e 69 6e 74 2d 78 33 tp://cert.int-x3
0200 - 2e 6c 65 74 73 65 6e 63-72 79 70 74 2e 6f 72 67 .letsencrypt.org
0210 - 2f 30 29 06 03 55 1d 11-04 22 30 20 82 0c 62 61 /0)..U..."0 ..ba
0220 - 72 74 65 6c 74 2e 6e 61-6d 65 82 10 77 77 77 2e rtelt.name..www.
0230 - 62 61 72 74 65 6c 74 2e-6e 61 6d 65 30 11 06 08 bartelt.name0...
0240 - 2b 06 01 05 05 07 01 18-04 05 30 03 02 01 05 30 +.........0....0
0250 - 81 fe 06 03 55 1d 20 04-81 f6 30 81 f3 30 08 06 ....U. ...0..0..
0260 - 06 67 81 0c 01 02 01 30-81 e6 06 0b 2b 06 01 04 .g.....0....+...
0270 - 01 82 df 13 01 01 01 30-81 d6 30 26 06 08 2b 06 .......0..0&..+.
0280 - 01 05 05 07 02 01 16 1a-68 74 74 70 3a 2f 2f 63 ........http://c
0290 - 70 73 2e 6c 65 74 73 65-6e 63 72 79 70 74 2e 6f ps.letsencrypt.o
02a0 - 72 67 30 81 ab 06 08 2b-06 01 05 05 07 02 02 30 rg0....+.......0
02b0 - 81 9e 0c 81 9b 54 68 69-73 20 43 65 72 74 69 66 .....This Certif
02c0 - 69 63 61 74 65 20 6d 61-79 20 6f 6e 6c 79 20 62 icate may only b
02d0 - 65 20 72 65 6c 69 65 64-20 75 70 6f 6e 20 62 79 e relied upon by
02e0 - 20 52 65 6c 79 69 6e 67-20 50 61 72 74 69 65 73 Relying Parties
02f0 - 20 61 6e 64 20 6f 6e 6c-79 20 69 6e 20 61 63 63 and only in acc
0300 - 6f 72 64 61 6e 63 65 20-77 69 74 68 20 74 68 65 ordance with the
0310 - 20 43 65 72 74 69 66 69-63 61 74 65 20 50 6f 6c Certificate Pol
0320 - 69 63 79 20 66 6f 75 6e-64 20 61 74 20 68 74 74 icy found at htt
0330 - 70 73 3a 2f 2f 6c 65 74-73 65 6e 63 72 79 70 74 ps://letsencrypt
0340 - 2e 6f 72 67 2f 72 65 70-6f 73 69 74 6f 72 79 2f .org/repository/
0350 - 30 0d 06 09 2a 86 48 86-f7 0d 01 01 0b 05 00 03 0...*.H.........
0360 - 82 01 01 00 1e fc 7c 9c-39 6c 5e 47 85 2f c7 a0 ......|.9l^G./..
0370 - 15 39 8a 10 96 57 57 55-56 84 30 32 51 56 15 b6 .9...WWUV.02QV..
0380 - 0b 67 07 e1 24 5e cb ee-ce 2e 73 c3 4f bb 18 38 .g..$^....s.O..8
0390 - d3 48 00 43 fe 3e 17 f6-1f 20 cd 3e 79 40 2e fb .H.C.>... .>y@..
03a0 - 07 1f 4f 80 ca e9 cd 40-13 be 38 e1 3f 54 5f e2 ..O....@..8.?T_.
03b0 - 97 46 f3 8d f3 f7 bb 9c-51 79 24 a8 62 a5 70 8c .F......Qy$.b.p.
03c0 - 48 29 a8 1e dc 14 15 c9-f5 43 0b ce e3 1f 83 3a H).......C.....:
03d0 - b3 75 50 db eb b3 b7 85-26 0b 82 01 e2 99 82 f5 .uP.....&.......
03e0 - f2 73 aa c4 05 d5 69 1e-c2 cf 81 54 9d 72 0c 49 .s....i....T.r.I
03f0 - 91 95 20 82 af b4 4c d7-89 e1 76 09 f3 42 71 45 .. ...L...v..BqE
0400 - c3 10 e8 1a 05 0a 25 65-af 8d 80 df 38 20 ab 87 ......%e....8 ..
0410 - 1e b1 d1 55 65 43 fd 1e-19 1e be 85 dd 34 82 d2 ...UeC.......4..
0420 - 26 79 64 ea 16 58 e2 1b-57 16 bf 75 04 70 83 9f &yd..X..W..u.p..
0430 - 63 ee 9b d0 91 1d 18 25-5e 39 79 18 57 68 a9 fe c......%^9y.Wh..
0440 - 8a 3c d0 ba a3 50 31 17-e5 1f a2 f7 4d 36 7b 0e .<...P1.....M6{.
0450 - 09 61 bb 08 e2 ac de 71-9e 16 97 06 75 51 64 95 .a.....q....uQd.
0460 - 44 d7 18 4d 00 04 96 30-82 04 92 30 82 03 7a a0 D..M...0...0..z.
0470 - 03 02 01 02 02 10 0a 01-41 42 00 00 01 53 85 73 ........AB...S.s
0480 - 6a 0b 85 ec a7 08 30 0d-06 09 2a 86 48 86 f7 0d j.....0...*.H...
0490 - 01 01 0b 05 00 30 3f 31-24 30 22 06 03 55 04 0a .....0?1$0"..U..
04a0 - 13 1b 44 69 67 69 74 61-6c 20 53 69 67 6e 61 74 ..Digital Signat
04b0 - 75 72 65 20 54 72 75 73-74 20 43 6f 2e 31 17 30 ure Trust Co.1.0
04c0 - 15 06 03 55 04 03 13 0e-44 53 54 20 52 6f 6f 74 ...U....DST Root
04d0 - 20 43 41 20 58 33 30 1e-17 0d 31 36 30 33 31 37 CA X30...160317
04e0 - 31 36 34 30 34 36 5a 17-0d 32 31 30 33 31 37 31 164046Z..2103171
04f0 - 36 34 30 34 36 5a 30 4a-31 0b 30 09 06 03 55 04 64046Z0J1.0...U.
0500 - 06 13 02 55 53 31 16 30-14 06 03 55 04 0a 13 0d ...US1.0...U....
0510 - 4c 65 74 27 73 20 45 6e-63 72 79 70 74 31 23 30 Let's Encrypt1#0
0520 - 21 06 03 55 04 03 13 1a-4c 65 74 27 73 20 45 6e !..U....Let's En
0530 - 63 72 79 70 74 20 41 75-74 68 6f 72 69 74 79 20 crypt Authority
0540 - 58 33 30 82 01 22 30 0d-06 09 2a 86 48 86 f7 0d X30.."0...*.H...
0550 - 01 01 01 05 00 03 82 01-0f 00 30 82 01 0a 02 82 ..........0.....
0560 - 01 01 00 9c d3 0c f0 5a-e5 2e 47 b7 72 5d 37 83 .......Z..G.r]7.
0570 - b3 68 63 30 ea d7 35 26-19 25 e1 bd be 35 f1 70 .hc0..5&.%...5.p
0580 - 92 2f b7 b8 4b 41 05 ab-a9 9e 35 08 58 ec b1 2a ./..KA....5.X..*
0590 - c4 68 87 0b a3 e3 75 e4-e6 f3 a7 62 71 ba 79 81 .h....u....bq.y.
05a0 - 60 1f d7 91 9a 9f f3 d0-78 67 71 c8 69 0e 95 91 `.......xgq.i...
05b0 - cf fe e6 99 e9 60 3c 48-cc 7e ca 4d 77 12 24 9d .....`<H.~.Mw.$.
05c0 - 47 1b 5a eb b9 ec 1e 37-00 1c 9c ac 7b a7 05 ea G.Z....7....{...
05d0 - ce 4a eb bd 41 e5 36 98-b9 cb fd 6d 3c 96 68 df .J..A.6....m<.h.
05e0 - 23 2a 42 90 0c 86 74 67-c8 7f a5 9a b8 52 61 14 #*B...tg.....Ra.
05f0 - 13 3f 65 e9 82 87 cb db-fa 0e 56 f6 86 89 f3 85 .?e.......V.....
0600 - 3f 97 86 af b0 dc 1a ef-6b 0d 95 16 7d c4 2b a0 ?.......k...}.+.
0610 - 65 b2 99 04 36 75 80 6b-ac 4a f3 1b 90 49 78 2f e...6u.k.J...Ix/
0620 - a2 96 4f 2a 20 25 29 04-c6 74 c0 d0 31 cd 8f 31 ..O* %)..t..1..1
0630 - 38 95 16 ba a8 33 b8 43-f1 b1 1f c3 30 7f a2 79 8....3.C....0..y
0640 - 31 13 3d 2d 36 f8 e3 fc-f2 33 6a b9 39 31 c5 af 1.=-6....3j.91..
0650 - c4 8d 0d 1d 64 16 33 aa-fa 84 29 b6 d4 0b c0 d8 ....d.3...).....
0660 - 7d c3 93 02 03 01 00 01-a3 82 01 7d 30 82 01 79 }..........}0..y
0670 - 30 12 06 03 55 1d 13 01-01 ff 04 08 30 06 01 01 0...U.......0...
0680 - ff 02 01 00 30 0e 06 03-55 1d 0f 01 01 ff 04 04 ....0...U.......
0690 - 03 02 01 86 30 7f 06 08-2b 06 01 05 05 07 01 01 ....0...+.......
06a0 - 04 73 30 71 30 32 06 08-2b 06 01 05 05 07 30 01 .s0q02..+.....0.
06b0 - 86 26 68 74 74 70 3a 2f-2f 69 73 72 67 2e 74 72 .&http://isrg.tr
06c0 - 75 73 74 69 64 2e 6f 63-73 70 2e 69 64 65 6e 74 ustid.ocsp.ident
06d0 - 72 75 73 74 2e 63 6f 6d-30 3b 06 08 2b 06 01 05 rust.com0;..+...
06e0 - 05 07 30 02 86 2f 68 74-74 70 3a 2f 2f 61 70 70 ..0../http://app
06f0 - 73 2e 69 64 65 6e 74 72-75 73 74 2e 63 6f 6d 2f s.identrust.com/
0700 - 72 6f 6f 74 73 2f 64 73-74 72 6f 6f 74 63 61 78 roots/dstrootcax
0710 - 33 2e 70 37 63 30 1f 06-03 55 1d 23 04 18 30 16 3.p7c0...U.#..0.
0720 - 80 14 c4 a7 b1 a4 7b 2c-71 fa db e1 4b 90 75 ff ......{,q...K.u.
0730 - c4 15 60 85 89 10 30 54-06 03 55 1d 20 04 4d 30 ..`...0T..U. .M0
0740 - 4b 30 08 06 06 67 81 0c-01 02 01 30 3f 06 0b 2b K0...g.....0?..+
0750 - 06 01 04 01 82 df 13 01-01 01 30 30 30 2e 06 08 ..........000...
0760 - 2b 06 01 05 05 07 02 01-16 22 68 74 74 70 3a 2f +........"http:/
0770 - 2f 63 70 73 2e 72 6f 6f-74 2d 78 31 2e 6c 65 74 /cps.root-x1.let
0780 - 73 65 6e 63 72 79 70 74-2e 6f 72 67 30 3c 06 03 sencrypt.org0<..
0790 - 55 1d 1f 04 35 30 33 30-31 a0 2f a0 2d 86 2b 68 U...50301./.-.+h
07a0 - 74 74 70 3a 2f 2f 63 72-6c 2e 69 64 65 6e 74 72 ttp://crl.identr
07b0 - 75 73 74 2e 63 6f 6d 2f-44 53 54 52 4f 4f 54 43 ust.com/DSTROOTC
07c0 - 41 58 33 43 52 4c 2e 63-72 6c 30 1d 06 03 55 1d AX3CRL.crl0...U.
07d0 - 0e 04 16 04 14 a8 4a 6a-63 04 7d dd ba e6 d1 39 ......Jjc.}....9
07e0 - b7 a6 45 65 ef f3 a8 ec-a1 30 0d 06 09 2a 86 48 ..Ee.....0...*.H
07f0 - 86 f7 0d 01 01 0b 05 00-03 82 01 01 00 dd 33 d7 ..............3.
0800 - 11 f3 63 58 38 dd 18 15-fb 09 55 be 76 56 b9 70 ..cX8.....U.vV.p
0810 - 48 a5 69 47 27 7b c2 24-08 92 f1 5a 1f 4a 12 29 H.iG'{.$...Z.J.)
0820 - 37 24 74 51 1c 62 68 b8-cd 95 70 67 e5 f7 a4 bc 7$tQ.bh...pg....
0830 - 4e 28 51 cd 9b e8 ae 87-9d ea d8 ba 5a a1 01 9a N(Q.........Z...
0840 - dc f0 dd 6a 1d 6a d8 3e-57 23 9e a6 1e 04 62 9a ...j.j.>W#....b.
0850 - ff d7 05 ca b7 1f 3f c0-0a 48 bc 94 b0 b6 65 62 ......?..H....eb
0860 - e0 c1 54 e5 a3 2a ad 20-c4 e9 e6 bb dc c8 f6 b5 ..T..*. ........
0870 - c3 32 a3 98 cc 77 a8 e6-79 65 07 2b cb 28 fe 3a .2...w..ye.+.(.:
0880 - 16 52 81 ce 52 0c 2e 5f-83 e8 d5 06 33 fb 77 6c .R..R.._....3.wl
0890 - ce 40 ea 32 9e 1f 92 5c-41 c1 74 6c 5b 5d 0a 5f .@.2...\A.tl[]._
08a0 - 33 cc 4d 9f ac 38 f0 2f-7b 2c 62 9d d9 a3 91 6f 3.M..8./{,b....o
08b0 - 25 1b 2f 90 b1 19 46 3d-f6 7e 1b a6 7a 87 b9 a3 %./...F=.~..z...
08c0 - 7a 6d 18 fa 25 a5 91 87-15 e0 f2 16 2f 58 b0 06 zm..%......./X..
08d0 - 2f 2c 68 26 c6 4b 98 cd-da 9f 0c f9 7f 90 ed 43 /,h&.K.........C
08e0 - 4a 12 44 4e 6f 73 7a 28-ea a4 aa 6e 7b 4c 7d 87 J.DNosz(...n{L}.
08f0 - dd e0 c9 02 44 a7 87 af-c3 34 5b b4 42 ....D....4[.B
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = bartelt.name
verify return:1
read from 0xb4e53387780 [0xb4e13e63003] (5 bytes => 5 (0x5))
0000 - 16 03 03 00 b4 .....
read from 0xb4e53387780 [0xb4e13e63008] (180 bytes => 180 (0xB4))
0000 - 0c 00 00 b0 03 00 18 61-04 7e 80 f7 30 60 fa bb .......a.~..0`..
0010 - e5 14 3f 85 07 13 08 2b-be 89 05 66 81 a9 c0 da ..?....+...f....
0020 - 08 15 bd 73 0b 57 35 da-cd 12 08 f7 5f 96 02 ea ...s.W5....._...
0030 - 5c 00 62 88 a1 41 85 4e-84 de dc f4 f8 d0 ef 08 \.b..A.N........
0040 - fb e4 1e 32 45 25 76 55-ab 31 a3 34 95 bc 8e c4 ...2E%vU.1.4....
0050 - e9 90 67 04 a6 6e 1e 87-36 0d 45 59 75 ed 7b 7f ..g..n..6.EYu.{.
0060 - 27 e5 6e 26 ee 53 0b fe-d5 06 03 00 47 30 45 02 '.n&.S......G0E.
0070 - 21 00 ac d3 76 08 2a 4b-80 3f a2 76 a6 09 0e 2b !...v.*K.?.v...+
0080 - 8a b2 11 cf be 2b 09 1a-fa cc ae 38 8d 18 20 62 .....+.....8.. b
0090 - 93 32 02 20 27 32 2f 5e-cc 4a ad 36 db 7f f6 68 .2. '2/^.J.6...h
00a0 - 11 d4 ae 50 4e e1 22 99-eb b6 b1 b6 c4 0f 9c c9 ...PN.".........
00b0 - 11 a7 94 ed ....
read from 0xb4e53387780 [0xb4e13e63003] (5 bytes => 5 (0x5))
0000 - 16 03 03 00 04 .....
read from 0xb4e53387780 [0xb4e13e63008] (4 bytes => 4 (0x4))
0000 - 0e .
0004 - <SPACES/NULS>
write to 0xb4e53387780 [0xb4e65c77000] (107 bytes => 107 (0x6B))
0000 - 16 03 03 00 66 10 00 00-62 61 04 e8 f3 63 55 67 ....f...ba...cUg
0010 - a9 c9 e2 0e c9 02 0d 4f-f6 01 56 21 3a 19 33 b2 .......O..V!:.3.
0020 - c8 52 4a 7c b1 ba fd e7-9a d0 e2 60 70 d4 5b 0b .RJ|.......`p.[.
0030 - 52 ca fd 4d 3a ca c6 b9-4c 9c 6c f9 eb 60 fc 75 R..M:...L.l..`.u
0040 - 24 4f 8d 65 9b 30 d8 e1-7e 03 05 09 b6 1c 61 cd $O.e.0..~.....a.
0050 - 4b e7 55 ee 82 1a a4 4c-c3 44 cd 76 e1 4c 8e f8 K.U....L.D.v.L..
0060 - be a6 09 3f 84 0c 1c a2-6e 5a 9f ...?....nZ.
write to 0xb4e53387780 [0xb4e65c77000] (6 bytes => 6 (0x6))
0000 - 14 03 03 00 01 01 ......
write to 0xb4e53387780 [0xb4e65c77000] (45 bytes => 45 (0x2D))
0000 - 16 03 03 00 28 00 00 00-00 00 00 00 00 9e d2 d6 ....(...........
0010 - e6 20 b9 e9 d3 ae 7b 13-7f 1e be a2 24 ac 43 88 . ....{.....$.C.
0020 - a7 6f 1c e6 77 0a 8b a9-3b e1 50 f9 96 .o..w...;.P..
read from 0xb4e53387780 [0xb4e13e63003] (5 bytes => 5 (0x5))
0000 - 14 03 03 00 01 .....
read from 0xb4e53387780 [0xb4e13e63008] (1 bytes => 1 (0x1))
0000 - 01 .
read from 0xb4e53387780 [0xb4e13e63003] (5 bytes => 5 (0x5))
0000 - 16 03 03 00 28 ....(
read from 0xb4e53387780 [0xb4e13e63008] (40 bytes => 40 (0x28))
0000 - 00 00 00 00 00 00 00 00-5b 7a 18 f0 97 c5 6f 80 ........[z....o.
0010 - be d9 83 4f a8 99 99 3b-65 d7 68 14 75 d5 98 6c ...O...;e.h.u..l
0020 - ad 0e 08 9c 6f ee d6 ad- ....o...
---
Certificate chain
0 s:/CN=bartelt.name
i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEVjCCAz6gAwIBAgISA3UETIdWYNwg+lOsN62yg/fTMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNjEyMTgxMTI0MDBaFw0x
NzAzMTgxMTI0MDBaMBcxFTATBgNVBAMTDGJhcnRlbHQubmFtZTBZMBMGByqGSM49
AgEGCCqGSM49AwEHA0IABJ2oiJz5AnY9Uv+5rzEQ3p9d+qevR/m9NAfTs9uAfxXc
cjJRIEfjIr8TVu2yTZZGOabYKJwBCGM9kJeKa6zYYnejggIyMIICLjAOBgNVHQ8B
Af8EBAMCB4AwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB
/wQCMAAwHQYDVR0OBBYEFFR+niv3OpgzlhK3DxD3pSU4OWaiMB8GA1UdIwQYMBaA
FKhKamMEfd265tE5t6ZFZe/zqOyhMHAGCCsGAQUFBwEBBGQwYjAvBggrBgEFBQcw
AYYjaHR0cDovL29jc3AuaW50LXgzLmxldHNlbmNyeXB0Lm9yZy8wLwYIKwYBBQUH
MAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcvMCkGA1UdEQQi
MCCCDGJhcnRlbHQubmFtZYIQd3d3LmJhcnRlbHQubmFtZTARBggrBgEFBQcBGAQF
MAMCAQUwgf4GA1UdIASB9jCB8zAIBgZngQwBAgEwgeYGCysGAQQBgt8TAQEBMIHW
MCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCBqwYIKwYB
BQUHAgIwgZ4MgZtUaGlzIENlcnRpZmljYXRlIG1heSBvbmx5IGJlIHJlbGllZCB1
cG9uIGJ5IFJlbHlpbmcgUGFydGllcyBhbmQgb25seSBpbiBhY2NvcmRhbmNlIHdp
dGggdGhlIENlcnRpZmljYXRlIFBvbGljeSBmb3VuZCBhdCBodHRwczovL2xldHNl
bmNyeXB0Lm9yZy9yZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEAHvx8nDls
XkeFL8egFTmKEJZXV1VWhDAyUVYVtgtnB+EkXsvuzi5zw0+7GDjTSABD/j4X9h8g
zT55QC77Bx9PgMrpzUATvjjhP1Rf4pdG843z97ucUXkkqGKlcIxIKage3BQVyfVD
C87jH4M6s3VQ2+uzt4UmC4IB4pmC9fJzqsQF1Wkews+BVJ1yDEmRlSCCr7RM14nh
dgnzQnFFwxDoGgUKJWWvjYDfOCCrhx6x0VVlQ/0eGR6+hd00gtImeWTqFljiG1cW
v3UEcIOfY+6b0JEdGCVeOXkYV2ip/oo80LqjUDEX5R+i9002ew4JYbsI4qzecZ4W
lwZ1UWSVRNcYTQ==
-----END CERTIFICATE-----
subject=/CN=bartelt.name
issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
---
No client certificate CA names sent
Server Temp Key: ECDH, P-384, 384 bits
---
SSL handshake has read 2615 bytes and written 423 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-ECDSA-AES256-GCM-SHA384
Server public key is 256 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-ECDSA-AES256-GCM-SHA384
Session-ID:
Session-ID-ctx:
Master-Key:
2F8C3549F54F28F38950B2DC1C95125D8F5BC14D9D80CF6D1255CBD176A8AEE734D1E679F531C654F686575E51293FD4
Start Time: 1486310325
Timeout : 7200 (sec)
Verify return code: 0 (ok)
---
