Related
cannot decrypt HTTPS with Wireshark. the steps done are described as follows. can anybody help to throw light on this? thx!
step 1: start a http server
C:\Users\ebinshe\Documents\projects\test-openssl
λ echo 'hello, world.' >index.txt
C:\Users\ebinshe\Documents\projects\test-openssl
λ openssl s_server -key key.pem -cert cert.pem -WWW
Using default temp DH parameters
ACCEPT
step 2: test it with "openssl" and catch the traffic with "RawCap.exe"
C:\Users\ebinshe\Documents\projects\test-openssl
λ openssl s_client -crlf -cipher 'DHE-RSA-AES128-SHA' -host localhost -port 4433 -no_tls1_2
CONNECTED(00000003)
depth=0 CN = localhost
verify error:num=18:self signed certificate
verify return:1
depth=0 CN = localhost
verify return:1
---
Certificate chain
0 s:/CN=localhost
i:/CN=localhost
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIC+zCCAeOgAwIBAgIJAJ6LbmE3wd3bMA0GCSqGSIb3DQEBCwUAMBQxEjAQBgNV
BAMMCWxvY2FsaG9zdDAeFw0xNzEwMjkxMDE0MjhaFw0xNzExMjgxMDE0MjhaMBQx
EjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALZEnU+F4XknWZRvbtkZoKhbcoOguYUPbrucYREsjN+o9i4N8kmtNpiqDav+
J68Uk0r4o3WGhtAoaLdbqny1U+mWuMGUrwHi2fR1X7T6IZHOKLhqdbJLi9i3V7KD
7FLhz20ttbUQHaKlA5BqBiEYptRYOpFrK75R3UFdBGG8SBAoMitqzzLERwPbZDqH
Lk8ZWDLXLnmbDh0jda3B26yjCB9UHCwKJNCqqIDajmOhPq8khH32ZPQQ3NPndNTa
fob5e/vJgjBCHHX7wutIG6fUfuBnokUE2R+Wkg3iGu8fHQ0SY+6Wlmk+nTeJ+HeK
1anuqhwxjZ9Xj1HTGGJIS/JxIlsCAwEAAaNQME4wHQYDVR0OBBYEFOhulfYh0HDL
ItQwXVsceqOdlSx1MB8GA1UdIwQYMBaAFOhulfYh0HDLItQwXVsceqOdlSx1MAwG
A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAKlMRvbkQIrvtBTJH7+1c/Dr
JFR0VhOdDHCDWm1mSw+o+REffaGJHzLUztq2fx7Tciqcsd+5E+RsNn7ySYxiMohD
ud25g/sBoGTqiayNGAJMOSK3/ndskXh9rnLzPBwJ1RRXcTn4aCYYSoddhyfM1Dzl
4SMQkPAW1uMWisPXfl9d7LFzC2wkMj/YswGNkKnEOUIjyfxgexaXgFbOf6+FrUmU
SWcBaw44YOwAYLEL7cVoOo9TXe/i3cSlNJMw6Q8306nnCiiyMAqDN2wTcQUzzDx6
jGGr5eDMuMLC5slWlOK1X7lEA1kNX6uPSktL2TGnzgq7a4nbxjBFHDDa/3/dcU8=
-----END CERTIFICATE-----
subject=/CN=localhost
issuer=/CN=localhost
---
No client certificate CA names sent
Server Temp Key: DH, 2048 bits
---
SSL handshake has read 1890 bytes and written 442 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES128-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: zlib compression
Expansion: zlib compression
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.1
Cipher : DHE-RSA-AES128-SHA
Session-ID: 02F8CB0E6E0BD370A7128C5DE27FC8B3A65A8C212FB91E3A389FB447CB651769
Session-ID-ctx:
Master-Key: 907B687CA8045DCEFB9A168316B6D47C12CC8C6F9EEAB6590427610BD4ACB00CACC2170CB80370EBBF15E5E32204C211
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 6c 5c 1b df f9 18 4b d0-5d c0 a9 f6 90 c1 d4 d1 l\....K.].......
0010 - 71 1e 4b f9 80 f4 f5 d3-fd 12 f7 92 11 2b a3 be q.K..........+..
0020 - 59 31 f2 39 84 cd c9 c6-1b 9b bb f9 9f dd 1c dd Y1.9............
0030 - 8d 97 3b 1f 75 6f 9c 78-dc 63 73 8b b7 ac 9d d0 ..;.uo.x.cs.....
0040 - 20 a3 f1 7e f5 c4 ae b4-56 d5 e1 bd e7 70 21 bb ..~....V....p!.
0050 - 08 f3 d3 6d fd 1b 6b a8-e6 92 de 13 c9 51 3e 0a ...m..k......Q>.
0060 - ee 54 98 0f 79 f3 fe cf-4f e2 a8 47 68 9e 58 f8 .T..y...O..Gh.X.
0070 - 9d f6 98 28 2d 7f 23 fc-f5 5e 34 ec 5c 30 43 a4 ...(-.#..^4.\0C.
0080 - e1 4c 3e 92 41 b2 f5 18-68 8f 6c f8 84 5c 11 3a .L>.A...h.l..\.:
0090 - 30 11 8a 7a 56 e0 18 3d-c3 27 a2 e5 26 f0 b4 2e 0..zV..=.'..&...
Compression: 1 (zlib compression)
Start Time: 1509640881
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
GET /index.txt HTTP/1.1
HTTP/1.0 200 ok
Content-type: text/plain
'hello, world.'
read:errno=0
step 3: create key.log from
Session-ID: 02F8CB0E6E0BD370A7128C5DE27FC8B3A65A8C212FB91E3A389FB447CB651769
Master-Key: 907B687CA8045DCEFB9A168316B6D47C12CC8C6F9EEAB6590427610BD4ACB00CACC2170CB80370EBBF15E5E32204C211
the resulted key.log
CLIENT_RANDOM 02F8CB0E6E0BD370A7128C5DE27FC8B3A65A8C212FB91E3A389FB447CB651769 907B687CA8045DCEFB9A168316B6D47C12CC8C6F9EEAB6590427610BD4ACB00CACC2170CB80370EBBF15E5E32204C211
step 4: point Wireshark SSL "(Pre)-Master-Secret log filename" to it.
load the traffic with Wireshark. the SSL data frames are not decrypted.
the Wireshark SSL debug log:
λ cat debug.log
Wireshark SSL debug log
Wireshark version: 2.4.2 (v2.4.2-0-gb6c63ae086)
GnuTLS version: 3.4.11
Libgcrypt version: 1.7.6
dissect_ssl enter frame #463 (first time)
packet_from_server: is from server - FALSE
conversation = 000000000836D550, ssl_session = 000000000836DF80
record: offset = 0, reported_length_remaining = 100
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 95, ssl state 0x00
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 1 offset 5 length 91 bytes, remaining 100
Calculating hash with offset 5 95
ssl_dissect_hnd_hello_common found CLIENT RANDOM -> state 0x01
dissect_ssl enter frame #465 (first time)
packet_from_server: is from server - TRUE
conversation = 000000000836D550, ssl_session = 000000000836DF80
record: offset = 0, reported_length_remaining = 1460
ssl_try_set_version found version 0x0302 -> state 0x11
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 58, ssl state 0x11
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 2 offset 5 length 54 bytes, remaining 63
Calculating hash with offset 5 58
ssl_try_set_version found version 0x0302 -> state 0x11
ssl_dissect_hnd_hello_common found SERVER RANDOM -> state 0x13
ssl_set_cipher found CIPHER 0x0033 TLS_DHE_RSA_WITH_AES_128_CBC_SHA -> state 0x17
trying to use SSL keylog in C:\Users\ebinshe\sslkeylogfile.log
checking keylog line: # SSL/TLS secrets log file, generated by NSS
unrecognized line
checking keylog line: CLIENT_RANDOM DCD58E1764FDC7A5EA5BC169ED4C96C0D6661120F8A02E96D524F33C155DB934 4DF856122B924EC0E5CA53F1DCE0C95F1FEC1E315E552619DCB5E3963DCAD47A41FF301BAEA33743FADD2E636A0A1D52
matched client_random
tls13_change_key TLS version 0x302 is not 1.3
tls13_change_key TLS version 0x302 is not 1.3
record: offset = 63, reported_length_remaining = 1397
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 777, ssl state 0x17
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 11 offset 68 length 773 bytes, remaining 845
Calculating hash with offset 68 777
lookup(KeyID)[20]:
| 73 ab d9 0c d6 09 d6 06 b9 d7 28 b9 25 12 85 bb |s.........(.%...|
| c2 14 09 02 |.... |
ssl_find_private_key_by_pubkey: lookup result: 0000000000000000
record: offset = 845, reported_length_remaining = 615
need_desegmentation: offset = 845, reported_length_remaining = 615
dissect_ssl enter frame #466 (first time)
packet_from_server: is from server - TRUE
conversation = 000000000836D550, ssl_session = 000000000836DF80
record: offset = 0, reported_length_remaining = 786
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 781, ssl state 0x17
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 12 offset 5 length 777 bytes, remaining 786
Calculating hash with offset 5 781
dissect_ssl enter frame #466 (first time)
packet_from_server: is from server - TRUE
conversation = 000000000836D550, ssl_session = 000000000836DF80
record: offset = 0, reported_length_remaining = 9
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 4, ssl state 0x17
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 14 offset 5 length 0 bytes, remaining 9
Calculating hash with offset 5 4
dissect_ssl enter frame #468 (first time)
packet_from_server: is from server - FALSE
conversation = 000000000836D550, ssl_session = 000000000836DF80
record: offset = 0, reported_length_remaining = 342
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 262, ssl state 0x17
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 16 offset 5 length 258 bytes, remaining 267
Calculating hash with offset 5 262
trying to use SSL keylog in C:\Users\ebinshe\sslkeylogfile.log
ssl_load_keyfile file got deleted, trying to re-open
checking keylog line: # SSL/TLS secrets log file, generated by NSS
unrecognized line
checking keylog line: CLIENT_RANDOM DCD58E1764FDC7A5EA5BC169ED4C96C0D6661120F8A02E96D524F33C155DB934 4DF856122B924EC0E5CA53F1DCE0C95F1FEC1E315E552619DCB5E3963DCAD47A41FF301BAEA33743FADD2E636A0A1D52
matched client_random
ssl_generate_pre_master_secret: found SSL_HND_CLIENT_KEY_EXCHG, state 17
ssl_restore_master_key can't find pre-master secret by Unencrypted pre-master secret
ssl_restore_master_key can't find pre-master secret by Encrypted pre-master secret
dissect_ssl3_handshake can't generate pre master secret
record: offset = 267, reported_length_remaining = 75
dissect_ssl3_record: content_type 20 Change Cipher Spec
decrypt_ssl3_record: app_data len 1, ssl state 0x17
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
trying to use SSL keylog in C:\Users\ebinshe\sslkeylogfile.log
ssl_load_keyfile file got deleted, trying to re-open
checking keylog line: # SSL/TLS secrets log file, generated by NSS
unrecognized line
checking keylog line: CLIENT_RANDOM DCD58E1764FDC7A5EA5BC169ED4C96C0D6661120F8A02E96D524F33C155DB934 4DF856122B924EC0E5CA53F1DCE0C95F1FEC1E315E552619DCB5E3963DCAD47A41FF301BAEA33743FADD2E636A0A1D52
matched client_random
ssl_finalize_decryption state = 0x17
ssl_restore_master_key can't restore master secret using an empty Session ID
ssl_restore_master_key can't find master secret by Client Random
Cannot find master secret
packet_from_server: is from server - FALSE
ssl_change_cipher CLIENT
record: offset = 273, reported_length_remaining = 69
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 64, ssl state 0x17
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 103 offset 278 length 7643659 bytes, remaining 342
dissect_ssl enter frame #470 (first time)
packet_from_server: is from server - TRUE
conversation = 000000000836D550, ssl_session = 000000000836DF80
record: offset = 0, reported_length_remaining = 250
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 170, ssl state 0x17
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 4 offset 5 length 166 bytes, remaining 175
Calculating hash with offset 5 170
ssl_save_master_key not saving empty (pre-)master secret for Session Ticket!
record: offset = 175, reported_length_remaining = 75
dissect_ssl3_record: content_type 20 Change Cipher Spec
decrypt_ssl3_record: app_data len 1, ssl state 0x417
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
ssl_dissect_change_cipher_spec Not using Session resumption
trying to use SSL keylog in C:\Users\ebinshe\sslkeylogfile.log
ssl_load_keyfile file got deleted, trying to re-open
checking keylog line: # SSL/TLS secrets log file, generated by NSS
unrecognized line
checking keylog line: CLIENT_RANDOM DCD58E1764FDC7A5EA5BC169ED4C96C0D6661120F8A02E96D524F33C155DB934 4DF856122B924EC0E5CA53F1DCE0C95F1FEC1E315E552619DCB5E3963DCAD47A41FF301BAEA33743FADD2E636A0A1D52
matched client_random
ssl_finalize_decryption state = 0x417
ssl_restore_master_key can't restore master secret using an empty Session ID
ssl_restore_master_key can't find master secret by Client Random
Cannot find master secret
packet_from_server: is from server - TRUE
ssl_change_cipher SERVER
record: offset = 181, reported_length_remaining = 69
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 64, ssl state 0x417
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 83 offset 186 length 7227761 bytes, remaining 250
dissect_ssl enter frame #472 (first time)
packet_from_server: is from server - FALSE
conversation = 000000000836D550, ssl_session = 000000000836DF80
record: offset = 0, reported_length_remaining = 85
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 80, ssl state 0x417
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl enter frame #474 (first time)
packet_from_server: is from server - TRUE
conversation = 000000000836D550, ssl_session = 000000000836DF80
record: offset = 0, reported_length_remaining = 117
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 112, ssl state 0x417
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl enter frame #478 (first time)
packet_from_server: is from server - FALSE
conversation = 000000000836D550, ssl_session = 000000000836DF80
record: offset = 0, reported_length_remaining = 53
dissect_ssl3_record: content_type 21 Alert
decrypt_ssl3_record: app_data len 48, ssl state 0x417
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl enter frame #463 (already visited)
packet_from_server: is from server - FALSE
conversation = 000000000836D550, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 100
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 1 offset 5 length 91 bytes, remaining 100
dissect_ssl enter frame #465 (already visited)
packet_from_server: is from server - TRUE
conversation = 000000000836D550, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 1460
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 2 offset 5 length 54 bytes, remaining 63
record: offset = 63, reported_length_remaining = 1397
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 11 offset 68 length 773 bytes, remaining 845
record: offset = 845, reported_length_remaining = 615
need_desegmentation: offset = 845, reported_length_remaining = 615
dissect_ssl enter frame #466 (already visited)
packet_from_server: is from server - TRUE
conversation = 000000000836D550, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 786
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 12 offset 5 length 777 bytes, remaining 786
dissect_ssl enter frame #466 (already visited)
packet_from_server: is from server - TRUE
conversation = 000000000836D550, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 9
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 14 offset 5 length 0 bytes, remaining 9
dissect_ssl enter frame #468 (already visited)
packet_from_server: is from server - FALSE
conversation = 000000000836D550, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 342
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 16 offset 5 length 258 bytes, remaining 267
record: offset = 267, reported_length_remaining = 75
dissect_ssl3_record: content_type 20 Change Cipher Spec
record: offset = 273, reported_length_remaining = 69
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 103 offset 278 length 7643659 bytes, remaining 342
dissect_ssl enter frame #470 (already visited)
packet_from_server: is from server - TRUE
conversation = 000000000836D550, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 250
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 4 offset 5 length 166 bytes, remaining 175
record: offset = 175, reported_length_remaining = 75
dissect_ssl3_record: content_type 20 Change Cipher Spec
record: offset = 181, reported_length_remaining = 69
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 83 offset 186 length 7227761 bytes, remaining 250
dissect_ssl enter frame #472 (already visited)
packet_from_server: is from server - FALSE
conversation = 000000000836D550, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 85
dissect_ssl3_record: content_type 23 Application Data
dissect_ssl enter frame #474 (already visited)
packet_from_server: is from server - TRUE
conversation = 000000000836D550, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 117
dissect_ssl3_record: content_type 23 Application Data
dissect_ssl enter frame #478 (already visited)
packet_from_server: is from server - FALSE
conversation = 000000000836D550, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 53
dissect_ssl3_record: content_type 21 Alert
dissect_ssl enter frame #463 (already visited)
packet_from_server: is from server - FALSE
conversation = 000000000836D550, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 100
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 1 offset 5 length 91 bytes, remaining 100
dissect_ssl enter frame #465 (already visited)
packet_from_server: is from server - TRUE
conversation = 000000000836D550, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 1460
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 2 offset 5 length 54 bytes, remaining 63
record: offset = 63, reported_length_remaining = 1397
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 11 offset 68 length 773 bytes, remaining 845
record: offset = 845, reported_length_remaining = 615
need_desegmentation: offset = 845, reported_length_remaining = 615
dissect_ssl enter frame #466 (already visited)
packet_from_server: is from server - TRUE
conversation = 000000000836D550, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 786
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 12 offset 5 length 777 bytes, remaining 786
dissect_ssl enter frame #466 (already visited)
packet_from_server: is from server - TRUE
conversation = 000000000836D550, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 9
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 14 offset 5 length 0 bytes, remaining 9
dissect_ssl enter frame #468 (already visited)
packet_from_server: is from server - FALSE
conversation = 000000000836D550, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 342
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 16 offset 5 length 258 bytes, remaining 267
record: offset = 267, reported_length_remaining = 75
dissect_ssl3_record: content_type 20 Change Cipher Spec
record: offset = 273, reported_length_remaining = 69
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 103 offset 278 length 7643659 bytes, remaining 342
dissect_ssl enter frame #470 (already visited)
packet_from_server: is from server - TRUE
conversation = 000000000836D550, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 250
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 4 offset 5 length 166 bytes, remaining 175
record: offset = 175, reported_length_remaining = 75
dissect_ssl3_record: content_type 20 Change Cipher Spec
record: offset = 181, reported_length_remaining = 69
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 83 offset 186 length 7227761 bytes, remaining 250
dissect_ssl enter frame #472 (already visited)
packet_from_server: is from server - FALSE
conversation = 000000000836D550, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 85
dissect_ssl3_record: content_type 23 Application Data
dissect_ssl enter frame #474 (already visited)
packet_from_server: is from server - TRUE
conversation = 000000000836D550, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 117
dissect_ssl3_record: content_type 23 Application Data
dissect_ssl enter frame #478 (already visited)
packet_from_server: is from server - FALSE
conversation = 000000000836D550, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 53
dissect_ssl3_record: content_type 21 Alert
dissect_ssl enter frame #463 (already visited)
packet_from_server: is from server - FALSE
conversation = 000000000836D550, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 100
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 1 offset 5 length 91 bytes, remaining 100
dissect_ssl enter frame #463 (already visited)
packet_from_server: is from server - FALSE
conversation = 000000000836D550, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 100
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 1 offset 5 length 91 bytes, remaining 100
dissect_ssl enter frame #465 (already visited)
packet_from_server: is from server - TRUE
conversation = 000000000836D550, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 1460
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 2 offset 5 length 54 bytes, remaining 63
record: offset = 63, reported_length_remaining = 1397
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 11 offset 68 length 773 bytes, remaining 845
record: offset = 845, reported_length_remaining = 615
need_desegmentation: offset = 845, reported_length_remaining = 615
dissect_ssl enter frame #466 (already visited)
packet_from_server: is from server - TRUE
conversation = 000000000836D550, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 786
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 12 offset 5 length 777 bytes, remaining 786
dissect_ssl enter frame #466 (already visited)
packet_from_server: is from server - TRUE
conversation = 000000000836D550, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 9
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 14 offset 5 length 0 bytes, remaining 9
dissect_ssl enter frame #468 (already visited)
packet_from_server: is from server - FALSE
conversation = 000000000836D550, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 342
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 16 offset 5 length 258 bytes, remaining 267
record: offset = 267, reported_length_remaining = 75
dissect_ssl3_record: content_type 20 Change Cipher Spec
record: offset = 273, reported_length_remaining = 69
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 103 offset 278 length 7643659 bytes, remaining 342
dissect_ssl enter frame #470 (already visited)
packet_from_server: is from server - TRUE
conversation = 000000000836D550, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 250
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 4 offset 5 length 166 bytes, remaining 175
record: offset = 175, reported_length_remaining = 75
dissect_ssl3_record: content_type 20 Change Cipher Spec
record: offset = 181, reported_length_remaining = 69
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 83 offset 186 length 7227761 bytes, remaining 250
dissect_ssl enter frame #472 (already visited)
packet_from_server: is from server - FALSE
conversation = 000000000836D550, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 85
dissect_ssl3_record: content_type 23 Application Data
dissect_ssl enter frame #474 (already visited)
packet_from_server: is from server - TRUE
conversation = 000000000836D550, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 117
dissect_ssl3_record: content_type 23 Application Data
dissect_ssl enter frame #478 (already visited)
packet_from_server: is from server - FALSE
conversation = 000000000836D550, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 53
dissect_ssl3_record: content_type 21 Alert
dissect_ssl enter frame #474 (already visited)
packet_from_server: is from server - TRUE
conversation = 000000000836D550, ssl_session = 0000000000000000
record: offset = 0, reported_length_remaining = 117
dissect_ssl3_record: content_type 23 Application Data
ok, i found the clue myself. even the most current openssl version, i.e. 1.1.0f has not supported key log. simply take Session-ID and Master-Key from the log doesn't work. the new option -keylogfile will be supported most probably in the next version of openssl. see the following for more details.
c:\Program Files (x86)\OpenSSL-Win32\bin
λ .\openssl.exe version -a
OpenSSL 1.1.0f 25 May 2017
built on: reproducible build, date unspecified
platform:
compiler: cl " "VC-WIN32
OPENSSLDIR: "C:\Program Files (x86)\Common Files\SSL"
ENGINESDIR: "C:\Program Files (x86)\OpenSSL\lib\engines-1_1"
c:\Program Files (x86)\OpenSSL-Win32\bin
λ which openssl
c:\Program Files (x86)\OpenSSL-Win32\bin
λ "c:\Program Files (x86)\OpenSSL-Win32\bin\openssl.exe" s_client -crlf -connect localhost:4433 -keylogfile c:\Users\ebinshe\keylogfile.log
s_client: Option unknown option -keylogfile
s_client: Use -help for summary.
c:\Program Files (x86)\OpenSSL-Win32\bin
I try to connect to office365 mail server with javaMail v1.5.3 (application is deployed on tomcat 6). Im running a thread on startup that is checking for new emails in a loop with one minute sleep. In most cases connection is successfully estabilished and everything works just fine but sometimes I get
"Remote host closed connection during handshake" error.
The error is caused by
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at sun.security.ssl.InputRecord.read(InputRecord.java:482)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:934)
I have tried sulutions from:
How to make Java 6, which fails SSL connection with "SSL peer shut down incorrectly", succeed like Java 7?
and javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake :
adding -Dhttps.protocols=TLSv1,SSLv3 and -Dsun.security.ssl.allowUnsafeRenegotiation=true to my tomcat environment
but I didn't get any result. Still - randomly exception occurs.
I enabled debug mode on javax.net and on IMAP connection and get results:
when connection is not estabilishing correctly log looks like this :
DEBUG: setDebug: JavaMail version 1.5.3
DEBUG: getProvider() returning javax.mail.Provider[STORE,imap,com.sun.mail.imap.IMAPStore,Oracle]
DEBUG IMAP: mail.imap.fetchsize: 16384
DEBUG IMAP: mail.imap.ignorebodystructuresize: false
DEBUG IMAP: mail.imap.statuscachetimeout: 1000
DEBUG IMAP: mail.imap.appendbuffersize: -1
DEBUG IMAP: mail.imap.minidletime: 10
DEBUG IMAP: closeFoldersOnStoreFailure
DEBUG IMAP: trying to connect to host "outlook.office365.com", port 993, isSSL true
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
%% Client cached [Session-4, TLS_RSA_WITH_AES_128_CBC_SHA]
%% Try resuming [Session-4, TLS_RSA_WITH_AES_128_CBC_SHA] from port 51400
*** ClientHello, TLSv1
RandomCookie:
GMT: 1435130635
bytes = { , , , , , , , , , , , , , , , , , , , , , , , , , , }
Session ID: {66, 20, 0, 0, 123, 9, 142, 72, 150, 39, 215, 34, 63, 169, 129, 23, 25, 182, 88, 196, 86, 27, 216, 191, 117, 196, 37, 118, 229, 8, 9, 64}-
Cipher Suites: [TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]-
Compression Methods: { }
Extension server_name, server_name: [host_name: outlook.office365.com]
***-
[write] MD5 and SHA1 hashes: len = 125
46#CheckMailThread, WRITE: TLSv1 Handshake, length = 125
[Raw write]: length = 130
46#CheckMailThread, received EOFException: error
46#CheckMailThread, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
46#CheckMailThread, SEND TLSv1 ALERT: fatal, description = handshake_failure
46#CheckMailThread, WRITE: TLSv1 Alert, length = 2
[Raw write]: length = 7
46#CheckMailThread, called closeSocket()
and then exception occurs
javax.mail.MessagingException: Remote host closed connection during handshake;
nested exception is:
javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
at com.sun.mail.imap.IMAPStore.protocolConnect(IMAPStore.java:733)
at javax.mail.Service.connect(Service.java:364)
at javax.mail.Service.connect(Service.java:245)
(...)
Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:953)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1359)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1343)
at com.sun.mail.util.SocketFetcher.configureSSLSocket(SocketFetcher.java:574)
at com.sun.mail.util.SocketFetcher.createSocket(SocketFetcher.java:369)
at com.sun.mail.util.SocketFetcher.getSocket(SocketFetcher.java:236)
at com.sun.mail.iap.Protocol.<init>(Protocol.java:117)
at com.sun.mail.imap.protocol.IMAPProtocol.<init>(IMAPProtocol.java:120)
at com.sun.mail.imap.IMAPStore.newIMAPProtocol(IMAPStore.java:753)
at com.sun.mail.imap.IMAPStore.protocolConnect(IMAPStore.java:696)
... 6 more
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at sun.security.ssl.InputRecord.read(InputRecord.java:482)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:934)
... 16 more
In other hand in most cases thread is doing ok and the log looks like this:
DEBUG: setDebug: JavaMail version 1.5.3
DEBUG: getProvider() returning javax.mail.Provider[STORE,imap,com.sun.mail.imap.IMAPStore,Oracle]
DEBUG IMAP: mail.imap.fetchsize: 16384
DEBUG IMAP: mail.imap.ignorebodystructuresize: false
DEBUG IMAP: mail.imap.statuscachetimeout: 1000
DEBUG IMAP: mail.imap.appendbuffersize: -1
DEBUG IMAP: mail.imap.minidletime: 10
DEBUG IMAP: closeFoldersOnStoreFailure
DEBUG IMAP: trying to connect to host "outlook.office365.com", port 993, isSSL true
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
%% Client cached [Session-150, TLS_RSA_WITH_AES_128_CBC_SHA]
%% Try resuming [Session-150, TLS_RSA_WITH_AES_128_CBC_SHA] from port 59183
*** ClientHello, TLSv1
RandomCookie:
GMT: 1435076193
bytes = { , , , , , , , , , , , , , , , , , , , , , , , , , , , }
Session ID:
{241, 61, 0, 0, 224, 114, 43, 139, 255, 64, 232, 7, 209, 90, 5, 63, 63, 117, 33, 66, 215, 35, 48, 83, 131, 211, 38, 151, 73, 232, 6, 120}
Cipher Suites: [TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: {
}
Extension server_name, server_name: [host_name: outlook.office365.com]
***
[write] MD5 and SHA1 hashes: len = 125
46#CheckMailThread, WRITE: TLSv1 Handshake, length = 125
[Raw write]: length = 130
[Raw read]: length = 5
[Raw read]: length = 3532
46#CheckMailThread, READ: TLSv1 Handshake, length = 3532
*** ServerHello, TLSv1
RandomCookie:
GMT: 1435076194
Bytes = { , , , , , , , , , , , , , , , , , , , , , , , , , , , }
Session ID:
{112, 39, 0, 0, 59, 34, 200, 120, 31, 23, 110, 30, 10, 37, 236, 213, 46, 233, 201, 3, 253, 223, 81, 109, 188, 218, 33, 164, 33, 127, 27, 55}
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
%% Initialized: [Session-151, TLS_RSA_WITH_AES_128_CBC_SHA]
** TLS_RSA_WITH_AES_128_CBC_SHA
[read] MD5 and SHA1 hashes: len = 81
*** Certificate chain (...)
And then goes the certificate etc
So I was wonderig what can cause such inconsistent behaviour.
I’m trying to configure Single Sign On with weblogic and Kerberos.
So, but I still get login page, may be you can tell me what is wrong by this log:
Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt false ticketCache is null isInitiator true KeyTab is /oracle/product12/user_projects/domains/test/krb/test.keytab refreshKrb5Config is false principal is kinp#TEST.ORG tryFirstPass is false useFirstPass is false storePass is false clearPass is false
KeyTab instance already exists
Added key: 23version: 19
Ordering keys wrt default_tkt_enctypes list
default etypes for default_tkt_enctypes: 23 3.
0: EncryptionKey: keyType=23 kvno=19 keyValue (hex dump)=
0000: C3 CB 19 1C 64 6E F9 7F 6A C9 31 FB EE 69 E7 35 ....dn..j.1..i.5
principal's key obtained from the keytab
Acquire TGT using AS Exchange
default etypes for default_tkt_enctypes: 23 3.
>>> KrbAsReq calling createMessage
>>> KrbAsReq in createMessage
>>> KrbKdcReq send: kdc=192.168.0.100 UDP:88, timeout=30000, number of retries =3, #bytes=137
>>> KDCCommunication: kdc=192.168.0.100 UDP:88, timeout=30000,Attempt =1, #bytes=137
>>> KrbKdcReq send: #bytes read=181
>>> KrbKdcReq send: #bytes read=181
>>> KdcAccessibility: remove 192.168.0.100
>>> KDCRep: init() encoding tag is 126 req type is 11
>>>KRBError:
sTime is Tue Jan 20 10:46:05 EET 2015 1421743565000
suSec is 576578
error code is 25
error Message is Additional pre-authentication required
realm is TEST.ORG
sname is krbtgt/TEST.ORG
eData provided.
msgType is 30
>>>Pre-Authentication Data:
PA-DATA type = 11
PA-ETYPE-INFO etype = 23
PA-ETYPE-INFO salt =
>>>Pre-Authentication Data:
PA-DATA type = 19
PA-ETYPE-INFO2 etype = 23
PA-ETYPE-INFO2 salt = null
>>>Pre-Authentication Data:
PA-DATA type = 2
PA-ENC-TIMESTAMP
>>>Pre-Authentication Data:
PA-DATA type = 16
>>>Pre-Authentication Data:
PA-DATA type = 15
AcquireTGT: PREAUTH FAILED/REQUIRED, re-send AS-REQ
>>>KrbAsReq salt is TEST.ORGdev
default etypes for default_tkt_enctypes: 23 3.
Pre-Authenticaton: find key for etype = 23
AS-REQ: Add PA_ENC_TIMESTAMP now
>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>> KrbAsReq calling createMessage
>>> KrbAsReq in createMessage
>>> KrbKdcReq send: kdc=192.168.0.100 UDP:88, timeout=30000, number of retries =3, #bytes=220
>>> KDCCommunication: kdc=192.168.0.100 UDP:88, timeout=30000,Attempt =1, #bytes=220
>>> KrbKdcReq send: #bytes read=1408
>>> KrbKdcReq send: #bytes read=1408
>>> KdcAccessibility: remove 192.168.0.100
>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>> KrbAsRep cons in KrbAsReq.getReply dev
principal is dev#TEST.ORG
EncryptionKey: keyType=23 keyBytes (hex dump)=0000: C3 CB 19 1C 64 6E F9 7F 6A C9 31 FB EE 69 E7 35 ....dn..j.1..i.5
Added server's keyKerberos Principal dev#TEST.ORGKey Version 19key EncryptionKey: keyType=23 keyBytes (hex dump)=
0000: C3 CB 19 1C 64 6E F9 7F 6A C9 31 FB EE 69 E7 35 ....dn..j.1..i.5
[Krb5LoginModule] added Krb5Principal dev#TEST.ORG to Subject
Commit Succeeded
Found key for dev#TEST.ORG(23)
Entered Krb5Context.acceptSecContext with state=STATE_NEW
I get this log, when I’m trying to access login page.
Error exception:
com.bea.security.utils.kerberos.KerberosException: Failure unspecified at GSS-API level (Mechanism level: Specified version of key is not available (44))
at com.bea.security.utils.kerberos.KerberosTokenHandler.acceptGssInitContextTokenInDoAs(KerberosTokenHandler.java:334)
at com.bea.security.utils.kerberos.KerberosTokenHandler.access$000(KerberosTokenHandler.java:41)
at com.bea.security.utils.kerberos.KerberosTokenHandler$1.run(KerberosTokenHandler.java:226)
...
Caused By: GSSException: Failure unspecified at GSS-API level (Mechanism level: Specified version of key is not available (44))
at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:741)
at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:323)
at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:267)
...
Caused By: KrbException: Specified version of key is not available (44)
at sun.security.krb5.EncryptionKey.findKey(EncryptionKey.java:516)
at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:260)
at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:134)
...
Thanks!
Can't post comment, posting this as an answer. You need to enable Weblogic's authentication logging:
In Weblogic console click the “Lock & Edit” button in the top left corner.
Select Environment – Servers in the Domain Structure portlet on the left.
Select your server on the Summary of Servers page.
Select the “Debug” tab.
Drill down to weblogic – security – atn.
Select the checkbox to the left of word DebugSecurityAtn.
Click the “Enable” button at the top or bottom of the page.
Go to your server again, click on Logging tab,
Scroll down and click on Advanced
In "Message destination(s) - Log file" change the severity level to Debug
Click the “Save” button at the top or bottom of the page.
Click “Activate changes” in the top-left corner.
After that try logging in again, you will have much more info in your log.
I am using http://webmoli.com/2009/08/29/single-sign-on-in-java-platform/
for SSO in java.
I have KDC Windows server 2008, in that i have created spn by using setspn command for testsso user. And using testsso#MYDOMAIN.COM as principal in jaas.con.
I have Tomcat server in Windows 7 machine(within AD). In this i have created one servlet as of jsp(from webmoli itself).
I sending browser request for that servlet from 3rd machine Windows XP(within AD).
But i get checksum failed error. Stacktrace as follws-
Auth is :: Negotiate Token is YIIE9wYGKwYBBQUCoIIE6zCCBOegJDAiBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICCqKCBL0EggS5YIIEtQYJKoZIhvcSAQICAQBuggSkMIIEoKADAgEFoQMCAQ6iBwMFACAAAACjggPQYYIDzDCCA8igAwIBBaEKGwhDT1JFLkNPTaIkMCKgAwIBAqEbMBkbBEhUVFAbEXBjdml0YTI1LmNvcmUuY29to4IDjTCCA4mgAwIBF6EDAgEBooIDewSCA3coGnD2eNCklPBiuNkZE1ssoVPb1coS8Y1or/y8t3HEk9ME623bckx2+d2IG2tCeDylhxFz6Dy4edE9UP952TZj97YotDeME3ILm45vsN4lOzpXVOfPhVlN+KXXtdXMmKo5kLvuJNxIcT8ZbGFwo9CWcB5eYz9qTYFcE7ACogwPiydd4ibtEY4T9Zg98Pd9JGtBeG5Bxi7fYdKXKPt8X9Nb9/UeSkSDV/hDsQh/cSSPgrg9f/qiy35MvMwk930TJHxaauw7cdmBwQo9Ru66ooGxsDgyIHQXQB6GEXAh7lAvKirSRzw43Wg5Gm3S9EZA3SFd38ICf0bOT62imToOHEmO4cBtFTAbYc4v2AoH0H9ZHrtpv1ItK5EUrMduuHvvsXzuYKfgrf45Wrj7Mc6fIXij5eCmsgPxKaBYlbpMDClwdeSh0zCBkXBmbtrS5fPQwQyBjzTFMimOVQ7yLRQtoPOfGsOn0o+S1qc3SLd5q9Z7IFEafsaYwFES2b6iIYqjY6q8VGgp2mzqZAmdKk4ILeZwfHKHs59KhPaG7FC/YAMtG3TB6VH2uLmUx9dzLb+tCsx5qEETt0hKnO9oTfhgHTUb0O/QMp0eBp3lcQWKGFNvIjXZL25ugJKQW+I0kigXhuDq5gN8coH7ij51FAEfZ35A2YbddEGYzGLzQZFXn951Lkw3HlyQxMo1Qka1NDaMkTkTtECHIhW3qArucCNkXCg8N59OXduXI8z/wM0YYcBubaEMuyCxf5GmmhlxjhQ1bOvuu0CGyJk5tVqf8SOEDarN+kzle9jGNZFJetEgxKXBHbsClu+ektux5lWAwEIXboLhTLQv+h46HRru8xkgtxucCmOZYt0LCR30aD1s//U0w34T40n3fMlIEkrheJQ2bs/CigFQeUZyKMJ/oPPGwO1oleQ0q4+d8SjJL9kQzueHCOGz+/0m3LcsoInUXNaCYoF5lHaMV+qVZRJvdfVhCeHKL9uXLRKsjPHMJdOQTqNYoyAxOJ/N16UnJOsIu1feRK0ipzO9VNPuJI5ulcZqzOS+44i9BhYV6QY1oXZ3xVYLIOsQoZIVYOudfn68A+yO+LNsNsRRuXV+ZNWKW6C+SvRuIhqZcBBAS8AfVmzbxxqwpsgv4Z8un+W7t8tus+rqoy8RqjmeQ+8P3APGG20b1gah4BipAvZKhaSBtjCBs6ADAgEXooGrBIGoQ15WbDD8EQZKsUVM1rJuR5lu3EMiS5itx9pDddgBALaSrf+75w9/XfgyuXnzfXdmZgvZ9nE+AINPfmyY14yp2+tys5LsgOOncfvCaXEjR4Xr07E4JQWhTOT8ecsCLNObggVpxNGCfwxN7YlvHwBVaxPAbrOTrWAbIdfMe042ThBWWRLew048z5Il1iLxemJ10IyLsn3vakdnnz57uzM4PvaOLu57Bfic
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 17 16 23 1 3.
>>> KrbAsReq creating message
>>> KrbKdcReq send: kdc=192.168.10.84 UDP:88, timeout=30000, number of retries =3, #bytes=151
>>> KDCCommunication: kdc=192.168.10.84 UDP:88, timeout=30000,Attempt =1, #bytes=151
>>> KrbKdcReq send: #bytes read=245
>>>Pre-Authentication Data:
PA-DATA type = 19
PA-ETYPE-INFO2 etype = 17, salt = MYDOMAIN.COMHTTPMYDOMAIN.com, s2kparams = null
PA-ETYPE-INFO2 etype = 23, salt = null, s2kparams = null
PA-ETYPE-INFO2 etype = 3, salt = MYDOMAIN.COMHTTPMYDOMAIN.com, s2kparams = null
PA-ETYPE-INFO2 etype = 1, salt = MYDOMAIN.COMHTTPMYDOMAIN.com, s2kparams = null
>>>Pre-Authentication Data:
PA-DATA type = 2
PA-ENC-TIMESTAMP
>>>Pre-Authentication Data:
PA-DATA type = 16
>>>Pre-Authentication Data:
PA-DATA type = 15
>>> KdcAccessibility: remove 192.168.10.84
>>> KDCRep: init() encoding tag is 126 req type is 11
>>>KRBError:
sTime is Wed May 28 17:39:33 IST 2014 1401278973000
suSec is 896308
error code is 25
error Message is Additional pre-authentication required
realm is MYDOMAIN.COM
sname is krbtgt/MYDOMAIN.COM
eData provided.
msgType is 30
>>>Pre-Authentication Data:
PA-DATA type = 19
PA-ETYPE-INFO2 etype = 17, salt = MYDOMAIN.COMHTTPMYDOMAIN.com, s2kparams = null
PA-ETYPE-INFO2 etype = 23, salt = null, s2kparams = null
PA-ETYPE-INFO2 etype = 3, salt = MYDOMAIN.COMHTTPMYDOMAIN.com, s2kparams = null
PA-ETYPE-INFO2 etype = 1, salt = MYDOMAIN.COMHTTPMYDOMAIN.com, s2kparams = null
>>>Pre-Authentication Data:
PA-DATA type = 2
PA-ENC-TIMESTAMP
>>>Pre-Authentication Data:
PA-DATA type = 16
>>>Pre-Authentication Data:
PA-DATA type = 15
KrbAsReqBuilder: PREAUTH FAILED/REQ, re-send AS-REQ
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 17 16 23 1 3.
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 17 16 23 1 3.
>>> EType: sun.security.krb5.internal.crypto.Aes128CtsHmacSha1EType
>>> KrbAsReq creating message
>>> KrbKdcReq send: kdc=192.168.10.84 UDP:88, timeout=30000, number of retries =3, #bytes=233
>>> KDCCommunication: kdc=192.168.10.84 UDP:88, timeout=30000,Attempt =1, #bytes=233
>>> KrbKdcReq send: #bytes read=1404
>>> KdcAccessibility: remove 192.168.10.84
>>> EType: sun.security.krb5.internal.crypto.Aes128CtsHmacSha1EType
>>> KrbAsRep cons in KrbAsReq.getReply testsso
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 17 16 23 1 3.
Found KerberosKey for testsso#MYDOMAIN.COM
Found KerberosKey for testsso#MYDOMAIN.COM
Found KerberosKey for testsso#MYDOMAIN.COM
Found KerberosKey for testsso#MYDOMAIN.COM
Found KerberosKey for testsso#MYDOMAIN.COM
Entered Krb5Context.acceptSecContext with state=STATE_NEW
>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
GSSException: Failure unspecified at GSS-API level (Mechanism level: Checksum failed)
at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Unknown Source)
at sun.security.jgss.GSSContextImpl.acceptSecContext(Unknown Source)
at sun.security.jgss.GSSContextImpl.acceptSecContext(Unknown Source)
at sun.security.jgss.spnego.SpNegoContext.GSS_acceptSecContext(Unknown Source)
at sun.security.jgss.spnego.SpNegoContext.acceptSecContext(Unknown Source)
at sun.security.jgss.GSSContextImpl.acceptSecContext(Unknown Source)
at sun.security.jgss.GSSContextImpl.acceptSecContext(Unknown Source)
at one.TEST$2.run(TEST.java:357)
at one.TEST$2.run(TEST.java:1)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Unknown Source)
at one.TEST.acceptSecurityContext(TEST.java:279)
at one.TEST.authenticate(TEST.java:146)
at one.TEST.doGet(TEST.java:103)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:621)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:304)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:240)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:164)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:462)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:562)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:395)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:250)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:188)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:302)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: KrbException: Checksum failed
at sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(Unknown Source)
at sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(Unknown Source)
at sun.security.krb5.EncryptedData.decrypt(Unknown Source)
at sun.security.krb5.KrbApReq.authenticate(Unknown Source)
at sun.security.krb5.KrbApReq.<init>(Unknown Source)
at sun.security.jgss.krb5.InitSecContextToken.<init>(Unknown Source)
... 32 more
Caused by: java.security.GeneralSecurityException: Checksum failed
at sun.security.krb5.internal.crypto.dk.ArcFourCrypto.decrypt(Unknown Source)
at sun.security.krb5.internal.crypto.ArcFourHmac.decrypt(Unknown Source)
... 38 more
Please help me...
If I remember correctly this error is thrown when the service ticket is decrypted with a different key as it had been encrypted.
ktpass /out c:\tomcat.keytab /mapuser tc01#DEV.LOCAL
/princ HTTP/win-tc01.dev.local#DEV.LOCAL
/pass tc01pass /kvno 0
as described at http://tomcat.apache.org/tomcat-7.0-doc/windows-auth-howto.html is only correct if you have a virgin account 'tc01'... AD will automatically increment key version number stored within AD when 'ktpass' is used consecutively.
for example: 202.127.168.21:443
tried the command
openssl s_client -connect server:port 2>&1 | sed -ne "/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p" > cert.pem
from Using openssl to get the certificate from a server
debug.txt
Wireshark SSL debug log
ssl_load_key: can't import pem data: Base64 unexpected header error.
dissect_ssl enter frame #4 (first time)
ssl_session_init: initializing ptr 05EA6D14 size 592
conversation = 05EA68F0, ssl_session = 05EA6D14
record: offset = 0, reported_length_remaining = 240
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 235, ssl state 0x00
association_find: TCP port 3204 found 00000000
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 1 offset 5 length 231 bytes, remaining 240
packet_from_server: is from server - FALSE
ssl_find_private_key server 202.127.168.21:443
ssl_find_private_key can't find private key for this server! Try it again with universal port 0
ssl_find_private_key can't find private key for this server (universal port)! Try it again with universal address 0.0.0.0
ssl_find_private_key can't find any private key!
dissect_ssl3_hnd_hello_common found CLIENT RANDOM -> state 0x01
dissect_ssl enter frame #6 (first time)
conversation = 05EA68F0, ssl_session = 05EA6D14
record: offset = 0, reported_length_remaining = 86
dissect_ssl3_record found version 0x0303(TLS 1.2) -> state 0x11
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 81, ssl state 0x11
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 2 offset 5 length 77 bytes, remaining 86
dissect_ssl3_hnd_hello_common found SERVER RANDOM -> state 0x13
ssl_restore_session can't find stored session
trying to use SSL keylog in
failed to open SSL keylog
cannot find master secret in keylog file either
dissect_ssl3_hnd_srv_hello found CIPHER 0x0005 -> state 0x17
dissect_ssl3_hnd_srv_hello trying to generate keys
ssl_generate_keyring_material not enough data to generate key (0x17 required 0x37 or 0x57)
dissect_ssl3_hnd_srv_hello can't generate keyring material
dissect_ssl enter frame #7 (first time)
conversation = 05EA68F0, ssl_session = 05EA6D14
record: offset = 0, reported_length_remaining = 6
dissect_ssl3_record: content_type 20 Change Cipher Spec
dissect_ssl3_change_cipher_spec
packet_from_server: is from server - TRUE
ssl_change_cipher SERVER
dissect_ssl enter frame #9 (first time)
conversation = 05EA68F0, ssl_session = 05EA6D14
record: offset = 0, reported_length_remaining = 41
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 36, ssl state 0x17
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 203 offset 5 length 9339809 bytes, remaining 41
dissect_ssl enter frame #10 (first time)
conversation = 05EA68F0, ssl_session = 05EA6D14
record: offset = 0, reported_length_remaining = 47
dissect_ssl3_record: content_type 20 Change Cipher Spec
dissect_ssl3_change_cipher_spec
packet_from_server: is from server - FALSE
ssl_change_cipher CLIENT
record: offset = 6, reported_length_remaining = 41
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 36, ssl state 0x17
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 237 offset 11 length 3359662 bytes, remaining 47
dissect_ssl enter frame #11 (first time)
conversation = 05EA68F0, ssl_session = 05EA6D14
record: offset = 0, reported_length_remaining = 776
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 771, ssl state 0x17
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 3204 found 00000000
association_find: TCP port 443 found 05363358
dissect_ssl enter frame #13 (first time)
conversation = 05EA68F0, ssl_session = 05EA6D14
record: offset = 0, reported_length_remaining = 1460
need_desegmentation: offset = 0, reported_length_remaining = 1460
dissect_ssl enter frame #23 (first time)
conversation = 05EA68F0, ssl_session = 05EA6D14
record: offset = 0, reported_length_remaining = 10305
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 10300, ssl state 0x17
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 443 found 05363358
dissect_ssl enter frame #24 (first time)
conversation = 05EA68F0, ssl_session = 05EA6D14
record: offset = 0, reported_length_remaining = 30
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 25, ssl state 0x17
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 443 found 05363358
dissect_ssl enter frame #28 (first time)
ssl_session_init: initializing ptr 05EA8568 size 592
conversation = 05EA8328, ssl_session = 05EA8568
record: offset = 0, reported_length_remaining = 1
dissect_ssl enter frame #9 (already visited)
conversation = 05EA68F0, ssl_session = 00000000
record: offset = 0, reported_length_remaining = 41
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 203 offset 5 length 9339809 bytes, remaining 41
dissect_ssl enter frame #10 (already visited)
conversation = 05EA68F0, ssl_session = 00000000
record: offset = 0, reported_length_remaining = 47
dissect_ssl3_record: content_type 20 Change Cipher Spec
dissect_ssl3_change_cipher_spec
record: offset = 6, reported_length_remaining = 41
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 237 offset 11 length 3359662 bytes, remaining 47
dissect_ssl enter frame #11 (already visited)
conversation = 05EA68F0, ssl_session = 00000000
record: offset = 0, reported_length_remaining = 776
dissect_ssl3_record: content_type 23 Application Data
association_find: TCP port 3204 found 00000000
association_find: TCP port 443 found 05363358
dissect_ssl enter frame #7 (already visited)
conversation = 05EA68F0, ssl_session = 00000000
record: offset = 0, reported_length_remaining = 6
dissect_ssl3_record: content_type 20 Change Cipher Spec
dissect_ssl3_change_cipher_spec
dissect_ssl enter frame #6 (already visited)
conversation = 05EA68F0, ssl_session = 00000000
record: offset = 0, reported_length_remaining = 86
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 2 offset 5 length 77 bytes, remaining 86
dissect_ssl enter frame #4 (already visited)
conversation = 05EA68F0, ssl_session = 00000000
record: offset = 0, reported_length_remaining = 240
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 1 offset 5 length 231 bytes, remaining 240
how can I get the private key? and from https://security.stackexchange.com/questions/20789/ssl-decryption-in-wireshark, "To decrypt you need the private key. The server's certificate, sent as part of the initial steps of the SSL connection (the "handshake"), only contains the public key (which is not sufficient to decrypt). ", is it telling the truth ?