OpenSSL s_client -connect incompatibility issue - ssl

I am currently facing a problem that puzzles me.
When i use this command from a machine with RHEL 7 with OpenSSL 1.0.2k:
openssl s_client -connect name.name.somename:9093
I get the result i wanted. I can see the cert, the cert chain and etc..
CONNECTED(00000003)
depth=1 CN = XXXXXXX
verify error:num=19:self signed certificate in certificate chain
---
Certificate chain
0 s:/CN=*XXXXXXX
i:/CN=XXXXXXX
1 s:/CN=XXXXXXX
i:/CN=XXXXXXX
---
Server certificate
-----BEGIN CERTIFICATE-----
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-----END CERTIFICATE-----
subject=/xxxxxxxxxxxxxxxxxx
issuer=/xxxxxxxxxxxxxxxxxx
---
No client certificate CA names sent
Peer signing digest: SHA256
Server Temp Key: DH, 1024 bits
---
SSL handshake has read 3294 bytes and written 479 bytes
---
New, TLSv1/SSLv3, Cipher is xxxxxxxxxxxxxxxxxx
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : xxxxxxxxxxxxxxxxxx
Session-ID: xxxxxxxxxxxxxxxxxx
Session-ID-ctx:
Master-Key: xxxxxxxxxxxxxxxxxx
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1638952814
Timeout : 300 (sec)
Verify return code: 19 (self signed certificate in certificate chain)
But whenever i try the same command from a machine running newer version of OpenSSL i get this error:
CONNECTED(00000003)
139685857744704:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:332:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 320 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
Is there any compatibility issues or some new command or conf file for the newer version?|
Adding all ciphers:
Obtaining cipher list from OpenSSL 1.1.1k 25 Mar 2021.
Testing TLS_AES_256_GCM_SHA384...NO (SSL_CTX_set_cipher_list)
Testing TLS_CHACHA20_POLY1305_SHA256...NO (SSL_CTX_set_cipher_list)
Testing TLS_AES_128_GCM_SHA256...NO (SSL_CTX_set_cipher_list)
Testing ECDHE-ECDSA-AES256-GCM-SHA384...NO (wrong version number)
Testing ECDHE-RSA-AES256-GCM-SHA384...NO (wrong version number)
Testing DHE-DSS-AES256-GCM-SHA384...YES
Testing DHE-RSA-AES256-GCM-SHA384...NO (wrong version number)
Testing ECDHE-ECDSA-CHACHA20-POLY1305...NO (wrong version number)
Testing ECDHE-RSA-CHACHA20-POLY1305...NO (wrong version number)
Testing DHE-RSA-CHACHA20-POLY1305...NO (wrong version number)
Testing ECDHE-ECDSA-AES256-CCM8...NO (wrong version number)
Testing ECDHE-ECDSA-AES256-CCM...NO (wrong version number)
Testing DHE-RSA-AES256-CCM8...NO (wrong version number)
Testing DHE-RSA-AES256-CCM...NO (wrong version number)
Testing ECDHE-ECDSA-ARIA256-GCM-SHA384...NO (wrong version number)
Testing ECDHE-ARIA256-GCM-SHA384...NO (wrong version number)
Testing DHE-DSS-ARIA256-GCM-SHA384...NO (wrong version number)
Testing DHE-RSA-ARIA256-GCM-SHA384...NO (wrong version number)
Testing ADH-AES256-GCM-SHA384...NO (wrong version number)
Testing ECDHE-ECDSA-AES128-GCM-SHA256...NO (wrong version number)
Testing ECDHE-RSA-AES128-GCM-SHA256...NO (wrong version number)
Testing DHE-DSS-AES128-GCM-SHA256...YES
Testing DHE-RSA-AES128-GCM-SHA256...NO (wrong version number)
Testing ECDHE-ECDSA-AES128-CCM8...NO (wrong version number)
Testing ECDHE-ECDSA-AES128-CCM...NO (wrong version number)
Testing DHE-RSA-AES128-CCM8...NO (wrong version number)
Testing DHE-RSA-AES128-CCM...NO (wrong version number)
Testing ECDHE-ECDSA-ARIA128-GCM-SHA256...NO (wrong version number)
Testing ECDHE-ARIA128-GCM-SHA256...NO (wrong version number)
Testing DHE-DSS-ARIA128-GCM-SHA256...NO (wrong version number)
Testing DHE-RSA-ARIA128-GCM-SHA256...NO (wrong version number)
Testing ADH-AES128-GCM-SHA256...NO (wrong version number)
Testing ECDHE-ECDSA-AES256-SHA384...NO (wrong version number)
Testing ECDHE-RSA-AES256-SHA384...NO (wrong version number)
Testing DHE-RSA-AES256-SHA256...NO (wrong version number)
Testing DHE-DSS-AES256-SHA256...YES
Testing ECDHE-ECDSA-CAMELLIA256-SHA384...NO (wrong version number)
Testing ECDHE-RSA-CAMELLIA256-SHA384...NO (wrong version number)
Testing DHE-RSA-CAMELLIA256-SHA256...NO (wrong version number)
Testing DHE-DSS-CAMELLIA256-SHA256...NO (wrong version number)
Testing ADH-AES256-SHA256...NO (wrong version number)
Testing ADH-CAMELLIA256-SHA256...NO (wrong version number)
Testing ECDHE-ECDSA-AES128-SHA256...NO (wrong version number)
Testing ECDHE-RSA-AES128-SHA256...NO (wrong version number)
Testing DHE-RSA-AES128-SHA256...NO (wrong version number)
Testing DHE-DSS-AES128-SHA256...YES
Testing ECDHE-ECDSA-CAMELLIA128-SHA256...NO (wrong version number)
Testing ECDHE-RSA-CAMELLIA128-SHA256...NO (wrong version number)
Testing DHE-RSA-CAMELLIA128-SHA256...NO (wrong version number)
Testing DHE-DSS-CAMELLIA128-SHA256...NO (wrong version number)
Testing ADH-AES128-SHA256...NO (wrong version number)
Testing ADH-CAMELLIA128-SHA256...NO (wrong version number)
Testing ECDHE-ECDSA-AES256-SHA...NO (wrong version number)
Testing ECDHE-RSA-AES256-SHA...NO (wrong version number)
Testing DHE-RSA-AES256-SHA...NO (wrong version number)
Testing DHE-DSS-AES256-SHA...YES
Testing DHE-RSA-CAMELLIA256-SHA...NO (wrong version number)
Testing DHE-DSS-CAMELLIA256-SHA...NO (wrong version number)
Testing AECDH-AES256-SHA...NO (wrong version number)
Testing ADH-AES256-SHA...NO (wrong version number)
Testing ADH-CAMELLIA256-SHA...NO (wrong version number)
Testing ECDHE-ECDSA-AES128-SHA...NO (wrong version number)
Testing ECDHE-RSA-AES128-SHA...NO (wrong version number)
Testing DHE-RSA-AES128-SHA...NO (wrong version number)
Testing DHE-DSS-AES128-SHA...YES
Testing DHE-RSA-SEED-SHA...NO (wrong version number)
Testing DHE-DSS-SEED-SHA...NO (wrong version number)
Testing DHE-RSA-CAMELLIA128-SHA...NO (wrong version number)
Testing DHE-DSS-CAMELLIA128-SHA...NO (wrong version number)
Testing AECDH-AES128-SHA...NO (wrong version number)
Testing ADH-AES128-SHA...NO (wrong version number)
Testing ADH-SEED-SHA...NO (wrong version number)
Testing ADH-CAMELLIA128-SHA...NO (wrong version number)
Testing RSA-PSK-AES256-GCM-SHA384...NO (wrong version number)
Testing DHE-PSK-AES256-GCM-SHA384...NO (wrong version number)
Testing RSA-PSK-CHACHA20-POLY1305...NO (wrong version number)
Testing DHE-PSK-CHACHA20-POLY1305...NO (wrong version number)
Testing ECDHE-PSK-CHACHA20-POLY1305...NO (wrong version number)
Testing DHE-PSK-AES256-CCM8...NO (wrong version number)
Testing DHE-PSK-AES256-CCM...NO (wrong version number)
Testing RSA-PSK-ARIA256-GCM-SHA384...NO (wrong version number)
Testing DHE-PSK-ARIA256-GCM-SHA384...NO (wrong version number)
Testing AES256-GCM-SHA384...NO (wrong version number)
Testing AES256-CCM8...NO (wrong version number)
Testing AES256-CCM...NO (wrong version number)
Testing ARIA256-GCM-SHA384...NO (wrong version number)
Testing PSK-AES256-GCM-SHA384...NO (wrong version number)
Testing PSK-CHACHA20-POLY1305...NO (wrong version number)
Testing PSK-AES256-CCM8...NO (wrong version number)
Testing PSK-AES256-CCM...NO (wrong version number)
Testing PSK-ARIA256-GCM-SHA384...NO (wrong version number)
Testing RSA-PSK-AES128-GCM-SHA256...NO (wrong version number)
Testing DHE-PSK-AES128-GCM-SHA256...NO (wrong version number)
Testing DHE-PSK-AES128-CCM8...NO (wrong version number)
Testing DHE-PSK-AES128-CCM...NO (wrong version number)
Testing RSA-PSK-ARIA128-GCM-SHA256...NO (wrong version number)
Testing DHE-PSK-ARIA128-GCM-SHA256...NO (wrong version number)
Testing AES128-GCM-SHA256...NO (wrong version number)
Testing AES128-CCM8...NO (wrong version number)
Testing AES128-CCM...NO (wrong version number)
Testing ARIA128-GCM-SHA256...NO (wrong version number)
Testing PSK-AES128-GCM-SHA256...NO (wrong version number)
Testing PSK-AES128-CCM8...NO (wrong version number)
Testing PSK-AES128-CCM...NO (wrong version number)
Testing PSK-ARIA128-GCM-SHA256...NO (wrong version number)
Testing AES256-SHA256...NO (wrong version number)
Testing CAMELLIA256-SHA256...NO (wrong version number)
Testing AES128-SHA256...NO (wrong version number)
Testing CAMELLIA128-SHA256...NO (wrong version number)
Testing ECDHE-PSK-AES256-CBC-SHA384...NO (wrong version number)
Testing ECDHE-PSK-AES256-CBC-SHA...NO (wrong version number)
Testing SRP-DSS-AES-256-CBC-SHA...NO (wrong version number)
Testing SRP-RSA-AES-256-CBC-SHA...NO (wrong version number)
Testing SRP-AES-256-CBC-SHA...NO (wrong version number)
Testing RSA-PSK-AES256-CBC-SHA384...NO (wrong version number)
Testing DHE-PSK-AES256-CBC-SHA384...NO (wrong version number)
Testing RSA-PSK-AES256-CBC-SHA...NO (wrong version number)
Testing DHE-PSK-AES256-CBC-SHA...NO (wrong version number)
Testing ECDHE-PSK-CAMELLIA256-SHA384...NO (wrong version number)
Testing RSA-PSK-CAMELLIA256-SHA384...NO (wrong version number)
Testing DHE-PSK-CAMELLIA256-SHA384...NO (wrong version number)
Testing AES256-SHA...NO (wrong version number)
Testing CAMELLIA256-SHA...NO (wrong version number)
Testing PSK-AES256-CBC-SHA384...NO (wrong version number)
Testing PSK-AES256-CBC-SHA...NO (wrong version number)
Testing PSK-CAMELLIA256-SHA384...NO (wrong version number)
Testing ECDHE-PSK-AES128-CBC-SHA256...NO (wrong version number)
Testing ECDHE-PSK-AES128-CBC-SHA...NO (wrong version number)
Testing SRP-DSS-AES-128-CBC-SHA...NO (wrong version number)
Testing SRP-RSA-AES-128-CBC-SHA...NO (wrong version number)
Testing SRP-AES-128-CBC-SHA...NO (wrong version number)
Testing RSA-PSK-AES128-CBC-SHA256...NO (wrong version number)
Testing DHE-PSK-AES128-CBC-SHA256...NO (wrong version number)
Testing RSA-PSK-AES128-CBC-SHA...NO (wrong version number)
Testing DHE-PSK-AES128-CBC-SHA...NO (wrong version number)
Testing ECDHE-PSK-CAMELLIA128-SHA256...NO (wrong version number)
Testing RSA-PSK-CAMELLIA128-SHA256...NO (wrong version number)
Testing DHE-PSK-CAMELLIA128-SHA256...NO (wrong version number)
Testing AES128-SHA...NO (wrong version number)
Testing SEED-SHA...NO (wrong version number)
Testing CAMELLIA128-SHA...NO (wrong version number)
Testing IDEA-CBC-SHA...NO (wrong version number)
Testing PSK-AES128-CBC-SHA256...NO (wrong version number)
Testing PSK-AES128-CBC-SHA...NO (wrong version number)
Testing PSK-CAMELLIA128-SHA256...NO (wrong version number)
Testing ECDHE-ECDSA-NULL-SHA...NO (wrong version number)
Testing ECDHE-RSA-NULL-SHA...NO (wrong version number)
Testing AECDH-NULL-SHA...NO (wrong version number)
Testing NULL-SHA256...NO (wrong version number)
Testing ECDHE-PSK-NULL-SHA384...NO (wrong version number)
Testing ECDHE-PSK-NULL-SHA256...NO (wrong version number)
Testing ECDHE-PSK-NULL-SHA...NO (wrong version number)
Testing RSA-PSK-NULL-SHA384...NO (wrong version number)
Testing RSA-PSK-NULL-SHA256...NO (wrong version number)
Testing DHE-PSK-NULL-SHA384...NO (wrong version number)
Testing DHE-PSK-NULL-SHA256...NO (wrong version number)
Testing RSA-PSK-NULL-SHA...NO (wrong version number)
Testing DHE-PSK-NULL-SHA...NO (wrong version number)
Testing NULL-SHA...NO (wrong version number)
Testing NULL-MD5...NO (wrong version number)
Testing PSK-NULL-SHA384...NO (wrong version number)
Testing PSK-NULL-SHA256...NO (wrong version number)
Testing PSK-NULL-SHA...NO (wrong version number
)

Testing DHE-DSS-AES256-GCM-SHA384...YES
It looks like the server supports only DSS ciphers, which is very unusual. As can be seen from the changelog such ciphers were removed from the default cipher list with OpenSSL 1.1.0. This means one explicitly need to enable the cipher, i.e.
$ openssl s_client -cipher 'DHE-DSS-AES256-GCM-SHA384' ...

Related

Is Apache http server 2.5/2.6 available now?

I want to keep the my Apache HTTP server to its latest version. So I check https://httpd.apache.org/ and it says 2.4.48 is the latest version. I also check https://en.wikipedia.org/wiki/Apache_HTTP_Server#Versions and it says the latest version is 2.4.48 (June 1, 2021; 2 months ago[2])
However, I also see this https://httpd.apache.org/docs/trunk/ and it seems there is 2.5/2.6 version available. I click "New features with Apache 2.5/2.6" link in the page, but get "page not found" error. So, what is the problem?
Apache httpd uses the classic three numbers versioning scheme
Major.Minor.Patchlevel
and uses the Minor version number to distinguish between development versions (odd Minor number) and stable, released versions (even Minor number).
So 2.4.52 is the most recent released version as of the time of this writing.
The 2.5.x versions also exist, being in-progress unstable and unreleased development versions targetted at developers only. Once the 2.5 series matures and is considered to be ready for a release, it will become the 2.6 stable series, successor of the 2.4 stable series. (Just as the 2.4 series is the successor of the 2.2 series, with all 2.3.x versions being unstable development versions leading up to 2.4.0.)
There is not version 2.6.x yet, as development hasn't finished so far.
Unfortunately, I could not find any official informatin on the Apache httpd website detailing this.

Karate test cases are failing after updating to jdk version 1.8.0_111

I am unable to run my test cases.Below is my Configurations and IDE used -
Maven: 3.6.0
JDK: 1.8.0_111
IDE: Intellij
karate Version:0.9.0
Caused By com.intuit.karate - javascript function call failed: ReferenceError: "karate" is not defined.
Karate requires at least version 1.8.0_112 or greater. This is mentioned in the docs.

How to determine the latest OpenSSL version

What is the most reliable source to find the latest version number?
Is it github?
And if yes, which version should I take?
Right now, here is what I see:
Should I take the 1.0.2k?
But then 1.1.0d seems like it is more recent (if it follows semantic versioning). What do the letters actually mean?
Note: in my case this is to compile an openssl version with nginx.
Last time I picked (quite randomly) the version 1.0.2h which seemed the latest at the time.
So what is the process to follow to find the latest openssl version?
https://www.openssl.org/ shows which version are current and supported.
Currently there are two major versions in development: 1.1.0 and 1.0.2. 1.1.0 is newer and has more features. But due to the cleanups between 1.0.2 and 1.1.0 lots of undocumented API (i.e. things which never were an official API but got used anyway since no official API existed) got broken and not all software works or works stable with 1.1.0 yet. Also, 1.1.0 tends to introduce not only features but also bugs faster than 1.0.2 when looking at the release history. And with 1.1.0 the chance is higher that documented behavior changes even between patch releases.
Thus if you need the new features with 1.1.0 then go with it. If you prefer a more stable version with a smaller chance of bugs use 1.0.2. In all cases you should always use the latest patch release and keep using it if new patches get released or backport security patches.

Testing LMS for SCORM 2004 3rd edition Conformance

I've installed the SCORM 2004 3rd Edition Test Suite from adlnet.gov and set the java version to 6 update 34 in order to perform the LMS conformance testing, but the test suite is stuck when trying to start ADL LMS Test Content Package API. No error is displayed.
Test Environment Information:
Operating System: Windows Vista - SP 1
Java Run-Time Environment: 1.4.2_14
I'm using IE10 with compatibility mode set on IE7 and these are the steps that im going:
- Start the SCORM 2004 3rd Edition Conformance Test Suite Version 1.0.2 ST in new tab next to the LMS tab
- Choose "Learning Management System (LMS) Conformance Test" and than "New LMS Conformance Test"
- Enter the LMS name, version and dev.
- Enter usernames and ids of real users from our LMS that are enrolled as students in previously created course named "SCORM 2004 ADL test course"
- Signed in as the first user I entered in the Test Suite and started the ADL LMS Test Content Package API.
- The ADL LMS Test Content Package API was launched in the Test Suite. The last message the Test Suite displayed was "Start ADL LMS Test Content Package API".
I have waited for 10 minutes but nothing happened even if I open the course and start clicking on the first chapter.
Since this scenario didn't work I tried to do the test without prior creating a course. But the result was the same and no course was created (if that was needed).
Note that I'm using the steps described in the readme file provided with the test suite and I've maid all the changes needed in the Java plugin and in the browser.
Also tried in windows XP and 7 with virtualmachine and with live LMS and LMS in my local machine.
The live LMS is hosted on Ubuntu with postgresql and my local is on Windows with mysql.
So I've tried pretty much with everything and I have no idea what am I doing wrong.
Does anyone knows how the SCORM 2004 3rd Edition Test Suite works and what am I missing here?
Thank you.

Debugging Unit Tests in MonoDevelop 3

I'm getting an exception:
Null Ref > Stack Trace (System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke( {yadda yadda} )
when I try to debug unit tests in MonoDevelop. I'm running MonoDevelop 3.0.3.2 on Lubuntu installed from the standard repo. I have referenced the mono versions of nunit (I'm not sure why there are standard and mono versions either?).
I have been able to debug unit tests using older versions on MonoDevelop. Example solution here: http://dl.dropbox.com/u/30149716/DebugUnitTest.zip
I have downloaded the above and successfully debugged in VS (having change the unit refs of course)
================ EDIT ================
I filed a bug report: https://bugzilla.xamarin.com/show_bug.cgi?id=8442