I am working on integrating Webservice which has 2 way SSL.
One such service from same client is already integrated and works fine.
I mean Application A is already integrated with WS 1 hosted on Application B, it's working now.
Now I am integrating Application A with WS 2 hosted on Application B
The same keystore and truststore are in used for both services.
WS 1 works fine, WS 2 fails, I have no real clue of how this could happen. Details of SSL debug logs are below.
I verified the Cipher Suite it is same for both Webservices.
SSL Debug Logs for Failed SSL HandShake - WS 2:
Here I add appropriate ssl log, the difference I found between ssl logs for working service and service which is failing is the certificate chain is not sent by client.
[Raw read]: length = 5
0000: 16 03 01 00 0D .....
[Raw read]: length = 13
0000: 0D 00 00 05 02 01 02 00 00 0E 00 00 00 .............
tomcat-http-1, READ: TLSv1 Handshake, length = 13
*** CertificateRequest
Cert Types: RSA, DSS
Cert Authorities:
[read] MD5 and SHA1 hashes: len = 9
0000: 0D 00 00 05 02 01 02 00 00 .........
*** ServerHelloDone
[read] MD5 and SHA1 hashes: len = 4
0000: 0E 00 00 00 ....
***** Certificate chain
***
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1**
[write] MD5 and SHA1 hashes: len = 269
0000: 0B 00 00 03 00 00 00 10 00 01 02 01 00 4C 1E 64 .............L.d
0010: 17 BD D1 EC E9 14 82 08 12 17 01 1F 78 A0 6A 40 ............x.j#
0020: 16 24 A4 0D 54 B6 F4 CF B5 BB A0 BF 32 CD F5 BC .$..T.......2...
0030: EF 14 3C 8B 9B 72 7A 6D 27 93 59 6A AD 11 82 07 ..<..rzm'.Yj....
0040: 37 8C 68 01 EF 20 D6 0B 00 F4 0B 72 1F DE 0C 28 7.h.. .....r...(
0050: B9 47 D2 39 AB B6 E8 72 B9 6D A7 3F 0C F0 3F 1F .G.9...r.m.?..?.
0060: 3C CE 3C A2 E3 D6 CB 9D BA 5D 93 AF 26 B4 D2 83 <.<......]..&...
0070: 68 7A D2 6B 9A 10 D6 A3 95 36 D7 C1 0F C6 F4 79 hz.k.....6.....y
0080: F9 8F 3D 4D 8C D0 E0 46 E2 5A 32 46 42 19 60 09 ..=M...F.Z2FB.`.
0090: 62 15 EE F8 5C 24 A8 78 27 CD A6 22 5F 5E 94 35 b...\$.x'.."_^.5
00A0: 6B 95 C6 42 34 4B D0 98 74 DE 92 9C 8E 79 0E 3A k..B4K..t....y.:
00B0: 07 D6 17 63 E0 CE CE 8A C0 26 A5 51 A7 E4 35 8A ...c.....&.Q..5.
00C0: 5B 2F 1C A6 3A 0B 49 65 24 24 DC F8 39 42 80 38 [/..:.Ie$$..9B.8
00D0: 03 0D 49 F4 61 32 90 8B BC B6 46 47 6E C0 8B C5 ..I.a2....FGn...
00E0: 00 2F 3D AB 56 5E 04 6A AD 27 D2 39 A3 22 C5 CB ./=.V^.j.'.9."..
00F0: 9D D5 8C 47 B7 89 D1 C2 C2 CC AE F7 ED 4D 97 2F ...G.........M./
0100: 4E 4B AA 2A C5 96 A9 2C 4B 28 E0 09 44 NK.*...,K(..D
tomcat-http-1, WRITE: TLSv1 Handshake, length = 269
[Raw write]: length = 274
0000: 16 03 01 01 0D 0B 00 00 03 00 00 00 10 00 01 02 ................
0010: 01 00 4C 1E 64 17 BD D1 EC E9 14 82 08 12 17 01 ..L.d...........
0020: 1F 78 A0 6A 40 16 24 A4 0D 54 B6 F4 CF B5 BB A0 .x.j#.$..T......
0030: BF 32 CD F5 BC EF 14 3C 8B 9B 72 7A 6D 27 93 59 .2.....<..rzm'.Y
0040: 6A AD 11 82 07 37 8C 68 01 EF 20 D6 0B 00 F4 0B j....7.h.. .....
0050: 72 1F DE 0C 28 B9 47 D2 39 AB B6 E8 72 B9 6D A7 r...(.G.9...r.m.
0060: 3F 0C F0 3F 1F 3C CE 3C A2 E3 D6 CB 9D BA 5D 93 ?..?.<.<......].
0070: AF 26 B4 D2 83 68 7A D2 6B 9A 10 D6 A3 95 36 D7 .&...hz.k.....6.
0080: C1 0F C6 F4 79 F9 8F 3D 4D 8C D0 E0 46 E2 5A 32 ....y..=M...F.Z2
0090: 46 42 19 60 09 62 15 EE F8 5C 24 A8 78 27 CD A6 FB.`.b...\$.x'..
00A0: 22 5F 5E 94 35 6B 95 C6 42 34 4B D0 98 74 DE 92 "_^.5k..B4K..t..
00B0: 9C 8E 79 0E 3A 07 D6 17 63 E0 CE CE 8A C0 26 A5 ..y.:...c.....&.
00C0: 51 A7 E4 35 8A 5B 2F 1C A6 3A 0B 49 65 24 24 DC Q..5.[/..:.Ie$$.
00D0: F8 39 42 80 38 03 0D 49 F4 61 32 90 8B BC B6 46 .9B.8..I.a2....F
00E0: 47 6E C0 8B C5 00 2F 3D AB 56 5E 04 6A AD 27 D2 Gn..../=.V^.j.'.
00F0: 39 A3 22 C5 CB 9D D5 8C 47 B7 89 D1 C2 C2 CC AE 9.".....G.......
0100: F7 ED 4D 97 2F 4E 4B AA 2A C5 96 A9 2C 4B 28 E0 ..M./NK.*...,K(.
0110: 09 44 .D
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 93 71 B9 48 72 57 3D 0A BB 31 75 96 FD 0D ...q.HrW=..1u...
0010: CA 96 42 DD C9 44 B7 A8 B1 F1 A9 C1 C3 27 9F 5F ..B..D.......'._
0020: 9D 52 23 E3 36 AC EA A5 3A 05 1F F8 8D 5D 14 21 .R#.6...:....].!
CONNECTION KEYGEN:
Client Nonce:
0000: 53 8F 60 0E 0B DC B6 61 EB F5 3D C8 8C 7E 62 6D S.`....a..=...bm
0010: 5C 42 CB 7A 31 BC B0 0B D5 6F 0F B2 3C D7 3D A2 \B.z1....o..<.=.
Server Nonce:
0000: 53 8F 60 0E 6A EF 4B 22 15 D3 FB 2B 47 60 66 59 S.`.j.K"...+G`fY
0010: 95 FF 2F 5A 5E CD 24 FD AB BC 53 DA AE DE EE 6E ../Z^.$...S....n
Master Secret:
0000: 81 91 2E C9 84 28 03 2A 96 B7 50 3F 4E A6 F6 6D .....(.*..P?N..m
0010: BA E6 A3 97 90 BA 36 43 7F CC 09 DC 6C 49 23 2A ......6C....lI#*
0020: 08 F9 9A 28 37 E9 6A 7D A7 3D DF 5C 1D EE B8 C8 ...(7.j..=.\....
Client MAC write Secret:
0000: 02 6B 86 CF 08 1C F8 E1 3F 37 56 C3 E9 56 AF 7E .k......?7V..V..
0010: 8C AA 30 AD ..0.
Server MAC write Secret:
0000: 60 3E 08 7B D0 B4 23 48 79 D9 56 4E 98 17 AD 9D `>....#Hy.VN....
0010: E1 DA 9D 33 ...3
Client write key:
0000: 42 6D F6 86 E0 A5 CD 25 C1 32 EB C0 40 82 70 7C Bm.....%.2..#.p.
Server write key:
0000: 3D 28 B3 C1 E6 23 94 5F 3E F9 66 77 B1 42 EE AF =(...#._>.fw.B..
Client write IV:
0000: D1 AF 77 1A 7B 63 55 99 0D 20 EA 5F C9 35 C8 33 ..w..cU.. ._.5.3
Server write IV:
0000: 69 95 12 2F F0 85 8D 2B 8F 1F 96 73 A6 1A D7 10 i../...+...s....
tomcat-http-1, WRITE: TLSv1 Change Cipher Spec, length = 1
[Raw write]: length = 6
0000: 14 03 01 00 01 01 ......
*** Finished
verify_data: { 69, 40, 167, 235, 209, 255, 39, 90, 171, 21, 67, 200 }
***
[write] MD5 and SHA1 hashes: len = 16
0000: 14 00 00 0C 45 28 A7 EB D1 FF 27 5A AB 15 43 C8 ....E(....'Z..C.
Padded plaintext before ENCRYPTION: len = 48
0000: 14 00 00 0C 45 28 A7 EB D1 FF 27 5A AB 15 43 C8 ....E(....'Z..C.
0010: F5 F5 5A E3 50 8B BE B4 0A 9C 72 2E FA D7 A2 CD ..Z.P.....r.....
0020: 9A AB 6B FD 0B 0B 0B 0B 0B 0B 0B 0B 0B 0B 0B 0B ..k.............
tomcat-http-1, WRITE: TLSv1 Handshake, length = 48
tomcat-http-1, waiting for close_notify or alert: state 1
[Raw read]: length = 5
0000: 15 03 01 00 02 .....
[Raw read]: length = 2
0000: 02 28 .(
tomcat-http-1, READ: TLSv1 Alert, length = 2
tomcat-http-1, RECV TLSv1 ALERT: fatal, handshake_failure
tomcat-http-1, called closeSocket()
tomcat-http-1, Exception while waiting for close javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
tomcat-http-1, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
tomcat-http-1, called close()
tomcat-http-1, called closeInternal(true)
Please help me if you find any clue of what's going wrong here.
I solved this problem by installing Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files + importing ca certificate. Just importing certificate did not work.
Related
I have a Rest api and am trying to implement the security in it using 2 way SSL. I have server.jks placed at a certain location on the server where the application is deployed. Now I have another java application that is acting as a client. I have a identity.jks and trust.jks as below
{
client.ssl.key-store=/cucumber/dev/identity.jks
client.ssl.key-store-password=changeme
client.ssl.trust-store=/cucumber/dev/trust.jks
client.ssl.trust-store-password=changeme
}
however when my client makes a http post request to the api, I get bad certificate error with below logs getting generated at client side.
I am not getting what is missing here.
ssl logs:
{
*** ServerHelloDone
[read] MD5 and SHA1 hashes: len = 4
0000: 0E 00 00 00 ....
ssl: Ignoring alias server: issuers do not match
ssl: KeyMgr: no matching key found
Warning: no suitable certificate found - continuing without client authentication
*** Certificate chain
<Empty>
***
*** ECDHClientKeyExchange
ECDH Public value: { 4, 157, 56, 226, 111, 107, 118, 232, 80, 45, 243, 230, 40, 102, 248, 0, 45, 8, 136, 14, 177, 18, 135, 204, 179, 35, 160, 73, 134, 194, 251, 79, 36, 227, 96, 119, 125, 116, 170, 222, 179, 162, 179, 2, 227, 10, 51, 198, 142, 183, 70, 247, 39, 191, 105, 2, 173, 245, 11, 104, 11, 85, 19, 206, 95 }
[write] MD5 and SHA1 hashes: len = 77
0000: 0B 00 00 03 00 00 00 10 00 00 42 41 04 9D 38 E2 ..........BA..8.
0010: 6F 6B 76 E8 50 2D F3 E6 28 66 F8 00 2D 08 88 0E okv.P-..(f..-...
0020: B1 12 87 CC B3 23 A0 49 86 C2 FB 4F 24 E3 60 77 .....#.I...O$.`w
0030: 7D 74 AA DE B3 A2 B3 02 E3 0A 33 C6 8E B7 46 F7 .t........3...F.
0040: 27 BF 69 02 AD F5 0B 68 0B 55 13 CE 5F '.i....h.U.._
finagle/netty4-1, WRITE: TLSv1.2 Handshake, length = 77
SESSION KEYGEN:
PreMaster Secret:
0000: 93 55 61 AA 21 BB 29 A9 FA B2 D9 14 9A 34 DF 90 .Ua.!.)......4..
0010: D1 2B 4E D3 0C 8A 32 E0 EB 07 84 4C F1 27 4A 22 .+N...2....L.'J"
CONNECTION KEYGEN:
Client Nonce:
0000: 5B 6D 9A 26 BB 80 E0 FB 21 14 EF EE 2C 72 F1 E2 [m.&....!...,r..
0010: B6 7C 50 A1 94 9A 20 7D 3E 0C 6F 8A 4B 3A 60 AC ..P... .>.o.K:`.
Server Nonce:
0000: 5B 6D 9A 26 A3 CE 30 1A 70 FF DA 97 E5 35 D3 17 [m.&..0.p....5..
0010: E6 60 7E 74 91 3D 0A BC F3 27 B9 BB 63 97 34 39 .`.t.=...'..c.49
Master Secret:
0000: 5F 0D 19 8D 4A 34 95 68 5E 06 D7 3B F5 1A 1E 32 _...J4.h^..;...2
0010: 07 C4 19 06 66 A7 6E A6 18 50 32 56 67 9B A6 FB ....f.n..P2Vg...
0020: F5 DF 33 9A 66 09 2F 7A DF 37 95 4E 8D BF F7 10 ..3.f./z.7.N....
Client MAC write Secret:
0000: 21 8C 67 0B BF 0C A9 19 5B 6B 27 ED 75 4E AA 49 !.g.....[k'.uN.I
0010: 90 DE EA 37 CF D5 06 19 E9 1A 96 14 3D BC 02 26 ...7........=..&
0020: B4 BA 78 A8 AC D6 0D F9 79 38 FE 94 26 2F 82 2B ..x.....y8..&/.+
Server MAC write Secret:
0000: 3C 14 31 DF 62 00 A1 41 18 1E 21 0C E1 CB 0E EF <.1.b..A..!.....
0010: B4 99 85 96 3C 30 51 FF 3C 5B D5 4E 02 EA 2A 67 ....<0Q.<[.N..*g
0020: 54 C5 72 2B 0B 45 A1 CD BC E8 AB 34 CE FD 66 64 T.r+.E.....4..fd
Client write key:
0000: 18 CF 26 CE 55 12 3C 8F 9E 9F A7 80 4D 2C B0 71 ..&.U.<.....M,.q
0010: A7 0A B9 58 07 E9 2E 38 9D AE 49 61 72 3F D1 2C ...X...8..Iar?.,
Server write key:
0000: 0A DE 66 22 5C 2F 38 1E FE 59 79 25 A3 43 6F E1 ..f"\/8..Yy%.Co.
0010: 6D 80 44 2F 60 81 1F 34 C6 C6 1B A8 63 F0 7A 56 m.D/`..4....c.zV
... no IV derived for this protocol
finagle/netty4-1, WRITE: TLSv1.2 Change Cipher Spec, length = 1
*** Finished
verify_data: { 74, 37, 55, 128, 217, 164, 34, 181, 144, 55, 30, 12 }
***
[write] MD5 and SHA1 hashes: len = 16
0000: 14 00 00 0C 4A 25 37 80 D9 A4 22 B5 90 37 1E 0C ....J%7..."..7..
Padded plaintext before ENCRYPTION: len = 96
0000: 54 34 9D E3 6A 86 B0 CC FC A9 2D C8 E1 AF B4 2B T4..j.....-....+
0010: 14 00 00 0C 4A 25 37 80 D9 A4 22 B5 90 37 1E 0C ....J%7..."..7..
0020: F5 A8 F5 FD 3B C7 AE B1 DC FC A1 42 95 04 27 3E ....;......B..'>
0030: 3D DF 96 C1 36 36 CF 77 5B 31 37 6A 1A C0 C9 8C =...66.w[17j....
0040: CF D1 5F 1B 21 05 4E F8 07 28 0C 4E DE 30 32 D2 .._.!.N..(.N.02.
0050: 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F ................
finagle/netty4-1, WRITE: TLSv1.2 Handshake, length = 96
[Raw write]: length = 82
0000: 16 03 03 00 4D 0B 00 00 03 00 00 00 10 00 00 42 ....M..........B
0010: 41 04 9D 38 E2 6F 6B 76 E8 50 2D F3 E6 28 66 F8 A..8.okv.P-..(f.
0020: 00 2D 08 88 0E B1 12 87 CC B3 23 A0 49 86 C2 FB .-........#.I...
0030: 4F 24 E3 60 77 7D 74 AA DE B3 A2 B3 02 E3 0A 33 O$.`w.t........3
0040: C6 8E B7 46 F7 27 BF 69 02 AD F5 0B 68 0B 55 13 ...F.'.i....h.U.
0050: CE 5F ._
[Raw write]: length = 6
0000: 14 03 03 00 01 01 ......
[Raw write]: length = 101
0000: 16 03 03 00 60 36 7B 78 0F A1 87 60 1F F6 0F B8 ....`6.x...`....
0010: 72 88 86 82 35 28 57 25 59 65 D7 DB 2B 37 5C 35 r...5(W%Ye..+7\5
0020: CE 36 EC 8D 85 B0 96 8D C9 8A 9F C3 DF 88 15 65 .6.............e
0030: 3B 4A 78 7D 64 02 CD 18 92 C6 6C 47 21 24 DD 4C ;Jx.d.....lG!$.L
0040: 37 1B 9B 80 64 F3 6B 14 C9 FE 7F DA DF FF 8C 55 7...d.k........U
0050: ED CB 62 77 BF F5 E5 5F C3 99 BB 70 39 5F 28 17 ..bw..._...p9_(.
0060: 4C 8B CF 85 05 L....
[Raw read]: length = 5
0000: 15 03 03 00 02 .....
[Raw read]: length = 2
0000: 02 2A .*
finagle/netty4-1, READ: TLSv1.2 Alert, length = 2
finagle/netty4-1, RECV TLSv1.2 ALERT: fatal, bad_certificate
finagle/netty4-1, fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Received fatal alert: bad_certificate
finagle/netty4-1, fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Received fatal alert: bad_certificate
finagle/netty4-1, called closeOutbound()
finagle/netty4-1, closeOutboundInternal()
finagle/netty4-1, SEND TLSv1.2 ALERT: warning, description = close_notify
Padded plaintext before ENCRYPTION: len = 80
0000: 4A 51 F2 C8 BA 3D 59 D1 E4 97 9D 88 98 EE 5A 44 JQ...=Y.......ZD
0010: 01 00 05 72 73 DF 87 14 B4 B8 2A 5D D8 D2 E8 92 ...rs.....*]....
0020: 86 DD 9F 47 6E 98 52 6F 76 53 96 9F B2 CF BF 22 ...Gn.RovS....."
0030: 27 20 18 FB 9D 82 CE D1 F0 6E D1 A8 73 67 E8 B5 ' .......n..sg..
0040: C8 72 0D 0D 0D 0D 0D 0D 0D 0D 0D 0D 0D 0D 0D 0D .r..............
finagle/netty4-1, WRITE: TLSv1.2 Alert, length = 80
finagle/netty4-1, called closeInbound()
finagle/netty4-1, fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
finagle/netty4-1, called closeOutbound()
finagle/netty4-1, closeOutboundInternal()
[Raw write]: length = 85
0000: 15 03 03 00 50 D3 44 48 4B 3F 93 CE 6F 0D D8 B5 ....P.DHK?..o...
0010: DE 8B 42 4F 3A EE 65 A5 7E 8A A0 20 2B 46 4D 35 ..BO:.e.... +FM5
0020: 68 E5 CB 1A 7B FD 6F F2 F2 E4 23 1A 71 C2 CF 16 h.....o...#.q...
0030: 73 10 0A B1 86 4D 84 51 BF C8 B7 9C A5 E9 AE 20 s....M.Q.......
0040: 07 73 AD B5 4D 85 81 66 10 5E 92 5B 8C DF D4 80 .s..M..f.^.[....
0050: 9E 6D 8C 7C DC .m...
Aug 10, 2018 3:59:03 PM com.twitter.finagle.netty4.channel.ChannelExceptionHandler exceptionCaught
WARNING: Unhandled exception in connection with clrv0000082211.ic.ing.net/10.44.39.4:8086, shutting down connection
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLException: Received fatal alert: bad_certificate
}
I am trying to debug the SSL connection of a client I do not have control over.
A possibility I discovered is to use openssl as a server to check whether the SSL connection is correctly initiated, and if not - why.
The basic connection ends with
root#elk:~# openssl s_server -key sonoff.key -cert sonoff.crt -accept 5555 -www
Using default temp DH parameters
ACCEPT
bad gethostbyaddr
140612029986456:error:140780E5:SSL routines:ssl23_read:ssl handshake failure:s23_lib.c:137:
What does this error actually mean?
The searches I did point to various bugs, but they all gravitate around "incorrect certificates". The certificates I use are correct, although self-signed. What in the message (or the -debug version below) could suggest this? Specifically: could this be an indication of the device checking the certificate and aborting on a self-signed?
root#elk:~# openssl s_server -key sonoff.key -cert sonoff.crt -accept 5555 -www -debug
Using default temp DH parameters
ACCEPT
bad gethostbyaddr
read from 0xb2ca20 [0xb32110] (11 bytes => 11 (0xB))
0000 - 16 03 01 00 4f 01 00 00-4b 03 03 ....O...K..
read from 0xb2ca20 [0xb3211e] (73 bytes => 73 (0x49))
0000 - 1b da e3 8f 9a d2 af 66-81 b5 62 95 7e 44 fc 3b .......f..b.~D.;
0010 - 75 48 90 da 51 03 f6 ad-33 81 ec 15 16 42 2b f2 uH..Q...3....B+.
0020 - 00 00 12 00 3d 00 35 00-3c 00 2f 00 b7 00 95 00 ....=.5.<./.....
0030 - b6 00 94 00 ff 01 00 00-10 00 0d 00 0c 00 0a 06 ................
0040 - 01 05 01 04 01 03 01 02-01 .........
write to 0xb2ca20 [0xb3bc00] (86 bytes => 86 (0x56))
0000 - 16 03 03 00 51 02 00 00-4d 03 03 2b ca 7c 43 47 ....Q...M..+.|CG
0010 - 06 ae 7e 1e b3 9c 71 7a-ca 5d 6d 98 54 4e 1c 5a ..~...qz.]m.TN.Z
0020 - b7 f9 38 2c 0d 3e de e0-62 a6 8a 20 2a 42 cf 9e ..8,.>..b.. *B..
0030 - ba 1e 8c a3 03 24 e1 34-9e 15 2e d8 90 77 73 74 .....$.4.....wst
0040 - 78 33 e6 45 83 34 ca 11-ae 97 4e 18 00 3d 00 00 x3.E.4....N..=..
0050 - 05 ff 01 00 01 .....
0056 - <SPACES/NULS>
write to 0xb2ca20 [0xb3bc00] (1298 bytes => 1298 (0x512))
0000 - 16 03 03 05 0d 0b 00 05-09 00 05 06 00 05 03 30 ...............0
0010 - 82 04 ff 30 82 02 e7 a0-03 02 01 02 02 09 00 df ...0............
0020 - 41 71 c6 48 ff eb 19 30-0d 06 09 2a 86 48 86 f7 Aq.H...0...*.H..
0030 - 0d 01 01 0b 05 00 30 16-31 14 30 12 06 03 55 04 ......0.1.0...U.
0040 - 03 0c 0b 65 78 61 6d 70-6c 65 2e 63 6f 6d 30 1e ...example.com0.
0050 - 17 0d 31 38 30 32 30 34-31 38 31 33 35 36 5a 17 ..180204181356Z.
0060 - 0d 32 38 30 32 30 32 31-38 31 33 35 36 5a 30 16 .280202181356Z0.
0070 - 31 14 30 12 06 03 55 04-03 0c 0b 65 78 61 6d 70 1.0...U....examp
0080 - 6c 65 2e 63 6f 6d 30 82-02 22 30 0d 06 09 2a 86 le.com0.."0...*.
0090 - 48 86 f7 0d 01 01 01 05-00 03 82 02 0f 00 30 82 H.............0.
00a0 - 02 0a 02 82 02 01 00 e0-22 b0 41 79 e5 60 92 2c ........".Ay.`.,
00b0 - c7 1c 97 84 f8 16 46 39-27 67 26 ad d7 c8 dc a4 ......F9'g&.....
00c0 - 18 2e 5a 1a aa f7 92 b0-71 8f f8 a5 e0 d9 52 d3 ..Z.....q.....R.
00d0 - 6a c9 e1 ae 7c ce f1 1c-92 99 dd 77 b7 f7 db b3 j...|......w....
00e0 - 2b f4 96 23 d4 d8 08 e8-e2 f2 15 7b 41 16 30 3d +..#.......{A.0=
00f0 - 21 cd 5f b0 3d 5a 0c ec-60 9b d8 78 99 32 c4 9f !._.=Z..`..x.2..
0100 - 3c 1b 50 d9 d4 cf f0 4b-58 ca c6 6f 56 f5 57 04 <.P....KX..oV.W.
0110 - c9 d5 60 56 d2 25 66 ee-fe f0 da 79 d6 f2 a5 67 ..`V.%f....y...g
0120 - 08 7a 19 e6 82 90 5c e0-a1 63 cf 4b a8 43 c6 d3 .z....\..c.K.C..
0130 - 08 a0 22 4a df be 42 22-8b c9 6f 81 d1 b0 d8 e0 .."J..B"..o.....
0140 - 24 79 b3 3a ad 10 af bd-7a 43 56 a6 87 ad d2 d4 $y.:....zCV.....
0150 - 96 cf 12 f9 9a 42 7a c7-63 07 f7 cc a9 a5 50 1e .....Bz.c.....P.
0160 - bf 4d 2d ae e3 74 b7 a7-66 ca ab 44 66 db f5 e2 .M-..t..f..Df...
0170 - 28 dd a8 6f 76 0a 5a d4-8d 42 c6 a0 16 c2 bd d9 (..ov.Z..B......
0180 - 25 38 74 dc bc d3 95 03-b9 13 39 c0 4a cd d9 c9 %8t.......9.J...
0190 - cb 34 bf 9e 48 1e e4 56-8f 47 9c 33 ed eb d6 db .4..H..V.G.3....
01a0 - 5e b7 46 85 d4 49 48 f3-24 ec 01 c3 98 74 50 f9 ^.F..IH.$....tP.
01b0 - 05 71 01 b5 96 f4 b5 bc-a3 57 78 3f c7 4f 10 1e .q.......Wx?.O..
01c0 - da 96 59 c0 6d c1 13 64-52 7b f8 d7 88 59 29 ba ..Y.m..dR{...Y).
01d0 - b7 5a ec a2 a7 1e 86 bb-ea 8b f8 03 e3 73 b3 6e .Z...........s.n
01e0 - 70 27 29 b6 92 31 4f 52-73 f0 62 91 3e 90 53 40 p')..1ORs.b.>.S#
01f0 - d0 00 e2 1d 80 5e 82 a9-5e fc 56 2f 76 d9 40 39 .....^..^.V/v.#9
0200 - 85 e3 4e 55 d2 a7 47 06-27 92 d9 ec dd 7e 7d c2 ..NU..G.'....~}.
0210 - 07 6d 73 9b 58 75 da ba-cd 65 e3 d9 3b da 78 4e .ms.Xu...e..;.xN
0220 - 96 81 c1 d1 2f f2 c0 65-e0 a2 12 33 1c eb 0c 2a ..../..e...3...*
0230 - 10 c6 ea 87 4c 7a a5 d7-c3 4c a8 45 06 8d ca a5 ....Lz...L.E....
0240 - 90 7d e0 57 be e5 17 f0-13 41 28 6e f6 f3 cb b3 .}.W.....A(n....
0250 - d4 9b fa b1 f9 30 a1 b4-2e a4 de 73 39 35 82 32 .....0.....s95.2
0260 - de 55 f9 70 ee ca 8a d2-62 64 fc fb d7 56 17 c7 .U.p....bd...V..
0270 - 9a 3c 4f 3d b1 4a 1d 37-fb ad 40 ef c4 14 cf 08 .<O=.J.7..#.....
0280 - 57 8e 68 5f 2b d4 3b cc-bb 23 9f 83 64 e3 22 39 W.h_+.;..#..d."9
0290 - 53 30 5c 4d 0f d8 4d 2a-5a 23 e6 ee 06 b6 38 5d S0\M..M*Z#....8]
02a0 - 83 ef 91 f8 25 a6 e3 02-03 01 00 01 a3 50 30 4e ....%........P0N
02b0 - 30 1d 06 03 55 1d 0e 04-16 04 14 bf 22 b8 2a ec 0...U.......".*.
02c0 - f6 61 a9 05 50 d8 6a f5-35 bd 32 3e 7c 9b d7 30 .a..P.j.5.2>|..0
02d0 - 1f 06 03 55 1d 23 04 18-30 16 80 14 bf 22 b8 2a ...U.#..0....".*
02e0 - ec f6 61 a9 05 50 d8 6a-f5 35 bd 32 3e 7c 9b d7 ..a..P.j.5.2>|..
02f0 - 30 0c 06 03 55 1d 13 04-05 30 03 01 01 ff 30 0d 0...U....0....0.
0300 - 06 09 2a 86 48 86 f7 0d-01 01 0b 05 00 03 82 02 ..*.H...........
0310 - 01 00 35 e5 1e a9 74 4f-78 59 c0 fd da a4 71 7a ..5...tOxY....qz
0320 - 4e 9d b7 13 42 5b d5 f3-95 1b 48 a6 91 c8 84 be N...B[....H.....
0330 - fc 67 ed 92 4e 2e f2 e5-6e 14 38 a5 af 51 7f 54 .g..N...n.8..Q.T
0340 - 11 5f ed 15 bd a6 d9 ef-9c ef ee db ed fb 39 45 ._............9E
0350 - e2 5e a9 53 66 73 40 98-27 38 4d a3 1d 5f eb d3 .^.Sfs#.'8M.._..
0360 - f8 33 01 3d ce 08 61 60-e1 ee 91 28 98 0a a2 17 .3.=..a`...(....
0370 - 28 17 39 c1 af 1e d2 f7-42 c6 5f ff a2 fa 77 2a (.9.....B._...w*
0380 - f0 4b ed 4f ea d4 55 b4-4d 02 63 4f 9f 12 ab 86 .K.O..U.M.cO....
0390 - 26 a6 24 26 7e 26 e2 55-89 6b 7d 52 3c 48 ad 4c &.$&~&.U.k}R<H.L
03a0 - 0c 76 64 7d a7 8f ff 9e-23 28 4c d5 79 85 ea 0c .vd}....#(L.y...
03b0 - ee 54 31 24 e2 66 53 4c-ae a6 a6 43 c5 e1 16 c7 .T1$.fSL...C....
03c0 - 48 b3 af 49 c9 f6 30 e6-4a da 2f 9b 1a 9d 5f 15 H..I..0.J./..._.
03d0 - ff ac 9e c7 d3 e4 85 55-1d d6 42 af 58 1e 57 d1 .......U..B.X.W.
03e0 - 84 4f 87 a7 43 10 e8 13-42 fd 49 fa c1 a2 ba 6a .O..C...B.I....j
03f0 - 30 a4 1e fb db be 99 16-a1 dc 1e 45 45 54 c3 89 0..........EET..
0400 - b8 b6 b8 74 90 2f 8b 8c-68 49 07 a2 7c 0d a6 d6 ...t./..hI..|...
0410 - 3c 80 e2 94 66 b0 83 1f-e3 29 02 4d 76 44 1e 65 <...f....).MvD.e
0420 - 57 7c 9e f2 01 0a 77 cd-c5 85 43 53 9e e7 56 21 W|....w...CS..V!
0430 - 4b 55 05 78 0e 6b 7a 14-44 69 d8 cb 06 de 65 9a KU.x.kz.Di....e.
0440 - 0a 8b 15 11 4e 21 c6 1d-be d4 6c 45 96 88 f2 04 ....N!....lE....
0450 - d5 ff 03 fd d3 24 7d 25-22 8b 22 37 99 4b 22 fa .....$}%"."7.K".
0460 - 8f 99 ec 71 88 58 8e 03-9f 76 19 a2 05 a6 3b bc ...q.X...v....;.
0470 - 87 d8 90 db c1 cc 98 f9-1f c5 00 96 e4 90 3d ad ..............=.
0480 - d0 fa a1 d5 b6 71 74 7d-0c a3 f2 79 5a e6 31 fb .....qt}...yZ.1.
0490 - de 65 41 46 39 78 bd d6-c1 b0 1a 44 16 a1 ed 27 .eAF9x.....D...'
04a0 - c6 e7 d6 ab f0 2f 0f 78-a6 78 01 2c ed 18 bb 47 ...../.x.x.,...G
04b0 - 34 54 ee 73 1b 99 83 ca-bf d7 07 65 40 03 f2 75 4T.s.......e#..u
04c0 - 98 d4 f3 22 6c 2f 77 1e-ec e7 1e bf 31 28 90 c4 ..."l/w.....1(..
04d0 - 0c 7a 37 cc 85 37 59 42-94 21 90 05 9e e0 60 51 .z7..7YB.!....`Q
04e0 - 0a 83 b8 29 45 37 06 5a-5e a3 b3 e0 08 cf 48 9b ...)E7.Z^.....H.
04f0 - 51 17 7b 4c fb 6d 06 e9-4f dd 45 42 42 83 c2 f6 Q.{L.m..O.EBB...
0500 - b3 70 29 86 08 c4 28 f7-b4 d6 1f a1 63 94 f7 75 .p)...(.....c..u
0510 - 8f ba ..
write to 0xb2ca20 [0xb3bc00] (9 bytes => 9 (0x9))
0000 - 16 03 03 00 04 0e ......
0009 - <SPACES/NULS>
read from 0xb2ca20 [0xb32113] (5 bytes => 0 (0x0))
140570414024344:error:140780E5:SSL routines:ssl23_read:ssl handshake failure:s23_lib.c:137:
EDIT: a K12 dump of the session:
+---------+---------------+----------+
18:19:07,529,418 ETHER
|0 |8a|4b|47|20|ce|e4|1e|33|c8|aa|1b|40|08|00|45|00|00|2c|05|fb|00|00|7f|06|16|28|0a|64|0a|71|0a|c8|00|0d|58|a7|15|b3|00|36|bf|c5|00|00|00|00|60|02|16|d0|33|57|00|00|02|04|05|b4|
+---------+---------------+----------+
18:19:07,529,450 ETHER
|0 |1e|33|c8|aa|1b|40|8a|4b|47|20|ce|e4|08|00|45|00|00|2c|00|00|40|00|40|06|1b|23|0a|c8|00|0d|0a|64|0a|71|15|b3|58|a7|62|61|d4|6d|00|36|bf|c6|60|12|72|10|1f|c8|00|00|02|04|05|b4|
+---------+---------------+----------+
18:19:07,668,343 ETHER
|0 |8a|4b|47|20|ce|e4|1e|33|c8|aa|1b|40|08|00|45|00|00|7c|05|fc|00|00|7f|06|15|d7|0a|64|0a|71|0a|c8|00|0d|58|a7|15|b3|00|36|bf|c6|62|61|d4|6e|50|18|16|d0|67|d0|00|00|16|03|01|00|4f|01|00|00|4b|03|03|6e|30|37|19|a3|c0|a4|d5|d1|3c|8b|ed|76|72|e2|9f|d5|5e|57|3e|9e|98|b7|33|a9|12|54|de|40|32|df|34|00|00|12|00|3d|00|35|00|3c|00|2f|00|b7|00|95|00|b6|00|94|00|ff|01|00|00|10|00|0d|00|0c|00|0a|06|01|05|01|04|01|03|01|02|01|
+---------+---------------+----------+
18:19:07,668,359 ETHER
|0 |1e|33|c8|aa|1b|40|8a|4b|47|20|ce|e4|08|00|45|00|00|28|39|19|40|00|40|06|e2|0d|0a|c8|00|0d|0a|64|0a|71|15|b3|58|a7|62|61|d4|6e|00|36|c0|1a|50|10|72|10|1f|c4|00|00|
+---------+---------------+----------+
18:19:07,668,617 ETHER
|0 |1e|33|c8|aa|1b|40|8a|4b|47|20|ce|e4|08|00|45|00|05|99|39|1a|40|00|40|06|dc|9b|0a|c8|00|0d|0a|64|0a|71|15|b3|58|a7|62|61|d4|6e|00|36|c0|1a|50|18|72|10|25|35|00|00|16|03|01|00|51|02|00|00|4d|03|01|e9|4e|66|d1|56|43|c2|f8|df|95|62|d2|a1|8f|99|85|39|d3|22|4e|92|64|85|75|47|8f|29|f5|15|11|8e|10|20|b7|07|bc|84|e7|15|1e|6b|53|ed|6c|d5|1c|f6|15|10|ab|03|94|db|15|19|47|b7|43|04|30|59|fb|f2|52|e5|00|35|00|00|05|ff|01|00|01|00|16|03|01|05|0d|0b|00|05|09|00|05|06|00|05|03|30|82|04|ff|30|82|02|e7|a0|03|02|01|02|02|09|00|df|41|71|c6|48|ff|eb|19|30|0d|06|09|2a|86|48|86|f7|0d|01|01|0b|05|00|30|16|31|14|30|12|06|03|55|04|03|0c|0b|65|78|61|6d|70|6c|65|2e|63|6f|6d|30|1e|17|0d|31|38|30|32|30|34|31|38|31|33|35|36|5a|17|0d|32|38|30|32|30|32|31|38|31|33|35|36|5a|30|16|31|14|30|12|06|03|55|04|03|0c|0b|65|78|61|6d|70|6c|65|2e|63|6f|6d|30|82|02|22|30|0d|06|09|2a|86|48|86|f7|0d|01|01|01|05|00|03|82|02|0f|00|30|82|02|0a|02|82|02|01|00|e0|22|b0|41|79|e5|60|92|2c|c7|1c|97|84|f8|16|46|39|27|67|26|ad|d7|c8|dc|a4|18|2e|5a|1a|aa|f7|92|b0|71|8f|f8|a5|e0|d9|52|d3|6a|c9|e1|ae|7c|ce|f1|1c|92|99|dd|77|b7|f7|db|b3|2b|f4|96|23|d4|d8|08|e8|e2|f2|15|7b|41|16|30|3d|21|cd|5f|b0|3d|5a|0c|ec|60|9b|d8|78|99|32|c4|9f|3c|1b|50|d9|d4|cf|f0|4b|58|ca|c6|6f|56|f5|57|04|c9|d5|60|56|d2|25|66|ee|fe|f0|da|79|d6|f2|a5|67|08|7a|19|e6|82|90|5c|e0|a1|63|cf|4b|a8|43|c6|d3|08|a0|22|4a|df|be|42|22|8b|c9|6f|81|d1|b0|d8|e0|24|79|b3|3a|ad|10|af|bd|7a|43|56|a6|87|ad|d2|d4|96|cf|12|f9|9a|42|7a|c7|63|07|f7|cc|a9|a5|50|1e|bf|4d|2d|ae|e3|74|b7|a7|66|ca|ab|44|66|db|f5|e2|28|dd|a8|6f|76|0a|5a|d4|8d|42|c6|a0|16|c2|bd|d9|25|38|74|dc|bc|d3|95|03|b9|13|39|c0|4a|cd|d9|c9|cb|34|bf|9e|48|1e|e4|56|8f|47|9c|33|ed|eb|d6|db|5e|b7|46|85|d4|49|48|f3|24|ec|01|c3|98|74|50|f9|05|71|01|b5|96|f4|b5|bc|a3|57|78|3f|c7|4f|10|1e|da|96|59|c0|6d|c1|13|64|52|7b|f8|d7|88|59|29|ba|b7|5a|ec|a2|a7|1e|86|bb|ea|8b|f8|03|e3|73|b3|6e|70|27|29|b6|92|31|4f|52|73|f0|62|91|3e|90|53|40|d0|00|e2|1d|80|5e|82|a9|5e|fc|56|2f|76|d9|40|39|85|e3|4e|55|d2|a7|47|06|27|92|d9|ec|dd|7e|7d|c2|07|6d|73|9b|58|75|da|ba|cd|65|e3|d9|3b|da|78|4e|96|81|c1|d1|2f|f2|c0|65|e0|a2|12|33|1c|eb|0c|2a|10|c6|ea|87|4c|7a|a5|d7|c3|4c|a8|45|06|8d|ca|a5|90|7d|e0|57|be|e5|17|f0|13|41|28|6e|f6|f3|cb|b3|d4|9b|fa|b1|f9|30|a1|b4|2e|a4|de|73|39|35|82|32|de|55|f9|70|ee|ca|8a|d2|62|64|fc|fb|d7|56|17|c7|9a|3c|4f|3d|b1|4a|1d|37|fb|ad|40|ef|c4|14|cf|08|57|8e|68|5f|2b|d4|3b|cc|bb|23|9f|83|64|e3|22|39|53|30|5c|4d|0f|d8|4d|2a|5a|23|e6|ee|06|b6|38|5d|83|ef|91|f8|25|a6|e3|02|03|01|00|01|a3|50|30|4e|30|1d|06|03|55|1d|0e|04|16|04|14|bf|22|b8|2a|ec|f6|61|a9|05|50|d8|6a|f5|35|bd|32|3e|7c|9b|d7|30|1f|06|03|55|1d|23|04|18|30|16|80|14|bf|22|b8|2a|ec|f6|61|a9|05|50|d8|6a|f5|35|bd|32|3e|7c|9b|d7|30|0c|06|03|55|1d|13|04|05|30|03|01|01|ff|30|0d|06|09|2a|86|48|86|f7|0d|01|01|0b|05|00|03|82|02|01|00|35|e5|1e|a9|74|4f|78|59|c0|fd|da|a4|71|7a|4e|9d|b7|13|42|5b|d5|f3|95|1b|48|a6|91|c8|84|be|fc|67|ed|92|4e|2e|f2|e5|6e|14|38|a5|af|51|7f|54|11|5f|ed|15|bd|a6|d9|ef|9c|ef|ee|db|ed|fb|39|45|e2|5e|a9|53|66|73|40|98|27|38|4d|a3|1d|5f|eb|d3|f8|33|01|3d|ce|08|61|60|e1|ee|91|28|98|0a|a2|17|28|17|39|c1|af|1e|d2|f7|42|c6|5f|ff|a2|fa|77|2a|f0|4b|ed|4f|ea|d4|55|b4|4d|02|63|4f|9f|12|ab|86|26|a6|24|26|7e|26|e2|55|89|6b|7d|52|3c|48|ad|4c|0c|76|64|7d|a7|8f|ff|9e|23|28|4c|d5|79|85|ea|0c|ee|54|31|24|e2|66|53|4c|ae|a6|a6|43|c5|e1|16|c7|48|b3|af|49|c9|f6|30|e6|4a|da|2f|9b|1a|9d|5f|15|ff|ac|9e|c7|d3|e4|85|55|1d|d6|42|af|58|1e|57|d1|84|4f|87|a7|43|10|e8|13|42|fd|49|fa|c1|a2|ba|6a|30|a4|1e|fb|db|be|99|16|a1|dc|1e|45|45|54|c3|89|b8|b6|b8|74|90|2f|8b|8c|68|49|07|a2|7c|0d|a6|d6|3c|80|e2|94|66|b0|83|1f|e3|29|02|4d|76|44|1e|65|57|7c|9e|f2|01|0a|77|cd|c5|85|43|53|9e|e7|56|21|4b|55|05|78|0e|6b|7a|14|44|69|d8|cb|06|de|65|9a|0a|8b|15|11|4e|21|c6|1d|be|d4|6c|45|96|88|f2|04|d5|ff|03|fd|d3|24|7d|25|22|8b|22|37|99|4b|22|fa|8f|99|ec|71|88|58|8e|03|9f|76|19|a2|05|a6|3b|bc|87|d8|90|db|c1|cc|98|f9|1f|c5|00|96|e4|90|3d|ad|d0|fa|a1|d5|b6|71|74|7d|0c|a3|f2|79|5a|e6|31|fb|de|65|41|46|39|78|bd|d6|c1|b0|1a|44|16|a1|ed|27|c6|e7|d6|ab|f0|2f|0f|78|a6|78|01|2c|ed|18|bb|47|34|54|ee|73|1b|99|83|ca|bf|d7|07|65|40|03|f2|75|98|d4|f3|22|6c|2f|77|1e|ec|e7|1e|bf|31|28|90|c4|0c|7a|37|cc|85|37|59|42|94|21|90|05|9e|e0|60|51|0a|83|b8|29|45|37|06|5a|5e|a3|b3|e0|08|cf|48|9b|51|17|7b|4c|fb|6d|06|e9|4f|dd|45|42|42|83|c2|f6|b3|70|29|86|08|c4|28|f7|b4|d6|1f|a1|63|94|f7|75|8f|ba|16|03|01|00|04|0e|00|00|00|
+---------+---------------+----------+
18:19:08,150,907 ETHER
|0 |1e|33|c8|aa|1b|40|8a|4b|47|20|ce|e4|08|00|45|00|05|99|39|1b|40|00|40|06|dc|9a|0a|c8|00|0d|0a|64|0a|71|15|b3|58|a7|62|61|d4|6e|00|36|c0|1a|50|18|72|10|25|35|00|00|16|03|01|00|51|02|00|00|4d|03|01|e9|4e|66|d1|56|43|c2|f8|df|95|62|d2|a1|8f|99|85|39|d3|22|4e|92|64|85|75|47|8f|29|f5|15|11|8e|10|20|b7|07|bc|84|e7|15|1e|6b|53|ed|6c|d5|1c|f6|15|10|ab|03|94|db|15|19|47|b7|43|04|30|59|fb|f2|52|e5|00|35|00|00|05|ff|01|00|01|00|16|03|01|05|0d|0b|00|05|09|00|05|06|00|05|03|30|82|04|ff|30|82|02|e7|a0|03|02|01|02|02|09|00|df|41|71|c6|48|ff|eb|19|30|0d|06|09|2a|86|48|86|f7|0d|01|01|0b|05|00|30|16|31|14|30|12|06|03|55|04|03|0c|0b|65|78|61|6d|70|6c|65|2e|63|6f|6d|30|1e|17|0d|31|38|30|32|30|34|31|38|31|33|35|36|5a|17|0d|32|38|30|32|30|32|31|38|31|33|35|36|5a|30|16|31|14|30|12|06|03|55|04|03|0c|0b|65|78|61|6d|70|6c|65|2e|63|6f|6d|30|82|02|22|30|0d|06|09|2a|86|48|86|f7|0d|01|01|01|05|00|03|82|02|0f|00|30|82|02|0a|02|82|02|01|00|e0|22|b0|41|79|e5|60|92|2c|c7|1c|97|84|f8|16|46|39|27|67|26|ad|d7|c8|dc|a4|18|2e|5a|1a|aa|f7|92|b0|71|8f|f8|a5|e0|d9|52|d3|6a|c9|e1|ae|7c|ce|f1|1c|92|99|dd|77|b7|f7|db|b3|2b|f4|96|23|d4|d8|08|e8|e2|f2|15|7b|41|16|30|3d|21|cd|5f|b0|3d|5a|0c|ec|60|9b|d8|78|99|32|c4|9f|3c|1b|50|d9|d4|cf|f0|4b|58|ca|c6|6f|56|f5|57|04|c9|d5|60|56|d2|25|66|ee|fe|f0|da|79|d6|f2|a5|67|08|7a|19|e6|82|90|5c|e0|a1|63|cf|4b|a8|43|c6|d3|08|a0|22|4a|df|be|42|22|8b|c9|6f|81|d1|b0|d8|e0|24|79|b3|3a|ad|10|af|bd|7a|43|56|a6|87|ad|d2|d4|96|cf|12|f9|9a|42|7a|c7|63|07|f7|cc|a9|a5|50|1e|bf|4d|2d|ae|e3|74|b7|a7|66|ca|ab|44|66|db|f5|e2|28|dd|a8|6f|76|0a|5a|d4|8d|42|c6|a0|16|c2|bd|d9|25|38|74|dc|bc|d3|95|03|b9|13|39|c0|4a|cd|d9|c9|cb|34|bf|9e|48|1e|e4|56|8f|47|9c|33|ed|eb|d6|db|5e|b7|46|85|d4|49|48|f3|24|ec|01|c3|98|74|50|f9|05|71|01|b5|96|f4|b5|bc|a3|57|78|3f|c7|4f|10|1e|da|96|59|c0|6d|c1|13|64|52|7b|f8|d7|88|59|29|ba|b7|5a|ec|a2|a7|1e|86|bb|ea|8b|f8|03|e3|73|b3|6e|70|27|29|b6|92|31|4f|52|73|f0|62|91|3e|90|53|40|d0|00|e2|1d|80|5e|82|a9|5e|fc|56|2f|76|d9|40|39|85|e3|4e|55|d2|a7|47|06|27|92|d9|ec|dd|7e|7d|c2|07|6d|73|9b|58|75|da|ba|cd|65|e3|d9|3b|da|78|4e|96|81|c1|d1|2f|f2|c0|65|e0|a2|12|33|1c|eb|0c|2a|10|c6|ea|87|4c|7a|a5|d7|c3|4c|a8|45|06|8d|ca|a5|90|7d|e0|57|be|e5|17|f0|13|41|28|6e|f6|f3|cb|b3|d4|9b|fa|b1|f9|30|a1|b4|2e|a4|de|73|39|35|82|32|de|55|f9|70|ee|ca|8a|d2|62|64|fc|fb|d7|56|17|c7|9a|3c|4f|3d|b1|4a|1d|37|fb|ad|40|ef|c4|14|cf|08|57|8e|68|5f|2b|d4|3b|cc|bb|23|9f|83|64|e3|22|39|53|30|5c|4d|0f|d8|4d|2a|5a|23|e6|ee|06|b6|38|5d|83|ef|91|f8|25|a6|e3|02|03|01|00|01|a3|50|30|4e|30|1d|06|03|55|1d|0e|04|16|04|14|bf|22|b8|2a|ec|f6|61|a9|05|50|d8|6a|f5|35|bd|32|3e|7c|9b|d7|30|1f|06|03|55|1d|23|04|18|30|16|80|14|bf|22|b8|2a|ec|f6|61|a9|05|50|d8|6a|f5|35|bd|32|3e|7c|9b|d7|30|0c|06|03|55|1d|13|04|05|30|03|01|01|ff|30|0d|06|09|2a|86|48|86|f7|0d|01|01|0b|05|00|03|82|02|01|00|35|e5|1e|a9|74|4f|78|59|c0|fd|da|a4|71|7a|4e|9d|b7|13|42|5b|d5|f3|95|1b|48|a6|91|c8|84|be|fc|67|ed|92|4e|2e|f2|e5|6e|14|38|a5|af|51|7f|54|11|5f|ed|15|bd|a6|d9|ef|9c|ef|ee|db|ed|fb|39|45|e2|5e|a9|53|66|73|40|98|27|38|4d|a3|1d|5f|eb|d3|f8|33|01|3d|ce|08|61|60|e1|ee|91|28|98|0a|a2|17|28|17|39|c1|af|1e|d2|f7|42|c6|5f|ff|a2|fa|77|2a|f0|4b|ed|4f|ea|d4|55|b4|4d|02|63|4f|9f|12|ab|86|26|a6|24|26|7e|26|e2|55|89|6b|7d|52|3c|48|ad|4c|0c|76|64|7d|a7|8f|ff|9e|23|28|4c|d5|79|85|ea|0c|ee|54|31|24|e2|66|53|4c|ae|a6|a6|43|c5|e1|16|c7|48|b3|af|49|c9|f6|30|e6|4a|da|2f|9b|1a|9d|5f|15|ff|ac|9e|c7|d3|e4|85|55|1d|d6|42|af|58|1e|57|d1|84|4f|87|a7|43|10|e8|13|42|fd|49|fa|c1|a2|ba|6a|30|a4|1e|fb|db|be|99|16|a1|dc|1e|45|45|54|c3|89|b8|b6|b8|74|90|2f|8b|8c|68|49|07|a2|7c|0d|a6|d6|3c|80|e2|94|66|b0|83|1f|e3|29|02|4d|76|44|1e|65|57|7c|9e|f2|01|0a|77|cd|c5|85|43|53|9e|e7|56|21|4b|55|05|78|0e|6b|7a|14|44|69|d8|cb|06|de|65|9a|0a|8b|15|11|4e|21|c6|1d|be|d4|6c|45|96|88|f2|04|d5|ff|03|fd|d3|24|7d|25|22|8b|22|37|99|4b|22|fa|8f|99|ec|71|88|58|8e|03|9f|76|19|a2|05|a6|3b|bc|87|d8|90|db|c1|cc|98|f9|1f|c5|00|96|e4|90|3d|ad|d0|fa|a1|d5|b6|71|74|7d|0c|a3|f2|79|5a|e6|31|fb|de|65|41|46|39|78|bd|d6|c1|b0|1a|44|16|a1|ed|27|c6|e7|d6|ab|f0|2f|0f|78|a6|78|01|2c|ed|18|bb|47|34|54|ee|73|1b|99|83|ca|bf|d7|07|65|40|03|f2|75|98|d4|f3|22|6c|2f|77|1e|ec|e7|1e|bf|31|28|90|c4|0c|7a|37|cc|85|37|59|42|94|21|90|05|9e|e0|60|51|0a|83|b8|29|45|37|06|5a|5e|a3|b3|e0|08|cf|48|9b|51|17|7b|4c|fb|6d|06|e9|4f|dd|45|42|42|83|c2|f6|b3|70|29|86|08|c4|28|f7|b4|d6|1f|a1|63|94|f7|75|8f|ba|16|03|01|00|04|0e|00|00|00|
+---------+---------------+----------+
18:19:08,556,603 ETHER
|0 |8a|4b|47|20|ce|e4|1e|33|c8|aa|1b|40|08|00|45|00|00|7c|05|fd|00|00|7f|06|15|d6|0a|64|0a|71|0a|c8|00|0d|58|a7|15|b3|00|36|bf|c6|62|61|d4|6e|50|18|16|d0|67|d0|00|00|16|03|01|00|4f|01|00|00|4b|03|03|6e|30|37|19|a3|c0|a4|d5|d1|3c|8b|ed|76|72|e2|9f|d5|5e|57|3e|9e|98|b7|33|a9|12|54|de|40|32|df|34|00|00|12|00|3d|00|35|00|3c|00|2f|00|b7|00|95|00|b6|00|94|00|ff|01|00|00|10|00|0d|00|0c|00|0a|06|01|05|01|04|01|03|01|02|01|
+---------+---------------+----------+
18:19:08,556,617 ETHER
|0 |1e|33|c8|aa|1b|40|8a|4b|47|20|ce|e4|08|00|45|00|00|28|39|1c|40|00|40|06|e2|0a|0a|c8|00|0d|0a|64|0a|71|15|b3|58|a7|62|61|d9|df|00|36|c0|1a|50|10|72|10|1f|c4|00|00|
+---------+---------------+----------+
18:19:08,683,863 ETHER
|0 |8a|4b|47|20|ce|e4|1e|33|c8|aa|1b|40|08|00|45|00|00|28|05|fe|00|00|7f|06|16|29|0a|64|0a|71|0a|c8|00|0d|58|a7|15|b3|00|36|c0|1a|62|61|d9|df|50|11|11|5f|13|df|00|00|
+---------+---------------+----------+
18:19:08,683,932 ETHER
|0 |1e|33|c8|aa|1b|40|8a|4b|47|20|ce|e4|08|00|45|00|00|28|39|1d|40|00|40|06|e2|09|0a|c8|00|0d|0a|64|0a|71|15|b3|58|a7|62|61|d9|df|00|36|c0|1b|50|11|72|10|1f|c4|00|00|
+---------+---------------+----------+
18:19:08,762,143 ETHER
|0 |8a|4b|47|20|ce|e4|1e|33|c8|aa|1b|40|08|00|45|00|00|28|05|ff|00|00|7f|06|16|28|0a|64|0a|71|0a|c8|00|0d|58|a7|15|b3|00|36|c0|1b|62|61|d9|e0|50|10|11|5e|13|df|00|00|
+---------+---------------+----------+
18:19:16,784,169 ETHER
|0 |8a|4b|47|20|ce|e4|1e|33|c8|aa|1b|40|08|00|45|00|00|2c|06|00|00|00|7f|06|16|23|0a|64|0a|71|0a|c8|00|0d|18|30|15|b3|00|36|e7|9f|00|00|00|00|60|02|16|d0|4b|f4|00|00|02|04|05|b4|
+---------+---------------+----------+
18:19:16,784,184 ETHER
|0 |1e|33|c8|aa|1b|40|8a|4b|47|20|ce|e4|08|00|45|00|00|2c|00|00|40|00|40|06|1b|23|0a|c8|00|0d|0a|64|0a|71|15|b3|18|30|98|bc|9a|61|00|36|e7|a0|60|12|72|10|1f|c8|00|00|02|04|05|b4|
+---------+---------------+----------+
18:19:16,886,424 ETHER
|0 |8a|4b|47|20|ce|e4|1e|33|c8|aa|1b|40|08|00|45|00|00|7c|06|01|00|00|7f|06|15|d2|0a|64|0a|71|0a|c8|00|0d|18|30|15|b3|00|36|e7|a0|98|bc|9a|62|50|18|16|d0|70|29|00|00|16|03|01|00|4f|01|00|00|4b|03|03|e5|7a|5a|74|be|6f|f0|54|cf|60|fd|45|d1|15|6e|25|28|82|23|11|ce|26|76|8f|3a|9b|db|bf|31|93|66|24|00|00|12|00|3d|00|35|00|3c|00|2f|00|b7|00|95|00|b6|00|94|00|ff|01|00|00|10|00|0d|00|0c|00|0a|06|01|05|01|04|01|03|01|02|01|
+---------+---------------+----------+
18:19:16,886,440 ETHER
|0 |1e|33|c8|aa|1b|40|8a|4b|47|20|ce|e4|08|00|45|00|00|28|6c|15|40|00|40|06|af|11|0a|c8|00|0d|0a|64|0a|71|15|b3|18|30|98|bc|9a|62|00|36|e7|f4|50|10|72|10|1f|c4|00|00|
+---------+---------------+----------+
18:19:16,886,658 ETHER
|0 |1e|33|c8|aa|1b|40|8a|4b|47|20|ce|e4|08|00|45|00|05|99|6c|16|40|00|40|06|a9|9f|0a|c8|00|0d|0a|64|0a|71|15|b3|18|30|98|bc|9a|62|00|36|e7|f4|50|18|72|10|25|35|00|00|16|03|01|00|51|02|00|00|4d|03|01|24|c5|4f|88|a2|2e|d6|95|40|f4|42|c1|97|78|b8|4a|33|43|32|94|d8|81|88|7f|09|44|df|3a|6c|79|d2|3a|20|1d|a7|32|d9|88|67|21|c6|69|f6|70|a7|20|28|0c|ac|a4|da|d0|95|3f|02|4f|51|68|78|7e|bf|1c|53|46|69|00|35|00|00|05|ff|01|00|01|00|16|03|01|05|0d|0b|00|05|09|00|05|06|00|05|03|30|82|04|ff|30|82|02|e7|a0|03|02|01|02|02|09|00|df|41|71|c6|48|ff|eb|19|30|0d|06|09|2a|86|48|86|f7|0d|01|01|0b|05|00|30|16|31|14|30|12|06|03|55|04|03|0c|0b|65|78|61|6d|70|6c|65|2e|63|6f|6d|30|1e|17|0d|31|38|30|32|30|34|31|38|31|33|35|36|5a|17|0d|32|38|30|32|30|32|31|38|31|33|35|36|5a|30|16|31|14|30|12|06|03|55|04|03|0c|0b|65|78|61|6d|70|6c|65|2e|63|6f|6d|30|82|02|22|30|0d|06|09|2a|86|48|86|f7|0d|01|01|01|05|00|03|82|02|0f|00|30|82|02|0a|02|82|02|01|00|e0|22|b0|41|79|e5|60|92|2c|c7|1c|97|84|f8|16|46|39|27|67|26|ad|d7|c8|dc|a4|18|2e|5a|1a|aa|f7|92|b0|71|8f|f8|a5|e0|d9|52|d3|6a|c9|e1|ae|7c|ce|f1|1c|92|99|dd|77|b7|f7|db|b3|2b|f4|96|23|d4|d8|08|e8|e2|f2|15|7b|41|16|30|3d|21|cd|5f|b0|3d|5a|0c|ec|60|9b|d8|78|99|32|c4|9f|3c|1b|50|d9|d4|cf|f0|4b|58|ca|c6|6f|56|f5|57|04|c9|d5|60|56|d2|25|66|ee|fe|f0|da|79|d6|f2|a5|67|08|7a|19|e6|82|90|5c|e0|a1|63|cf|4b|a8|43|c6|d3|08|a0|22|4a|df|be|42|22|8b|c9|6f|81|d1|b0|d8|e0|24|79|b3|3a|ad|10|af|bd|7a|43|56|a6|87|ad|d2|d4|96|cf|12|f9|9a|42|7a|c7|63|07|f7|cc|a9|a5|50|1e|bf|4d|2d|ae|e3|74|b7|a7|66|ca|ab|44|66|db|f5|e2|28|dd|a8|6f|76|0a|5a|d4|8d|42|c6|a0|16|c2|bd|d9|25|38|74|dc|bc|d3|95|03|b9|13|39|c0|4a|cd|d9|c9|cb|34|bf|9e|48|1e|e4|56|8f|47|9c|33|ed|eb|d6|db|5e|b7|46|85|d4|49|48|f3|24|ec|01|c3|98|74|50|f9|05|71|01|b5|96|f4|b5|bc|a3|57|78|3f|c7|4f|10|1e|da|96|59|c0|6d|c1|13|64|52|7b|f8|d7|88|59|29|ba|b7|5a|ec|a2|a7|1e|86|bb|ea|8b|f8|03|e3|73|b3|6e|70|27|29|b6|92|31|4f|52|73|f0|62|91|3e|90|53|40|d0|00|e2|1d|80|5e|82|a9|5e|fc|56|2f|76|d9|40|39|85|e3|4e|55|d2|a7|47|06|27|92|d9|ec|dd|7e|7d|c2|07|6d|73|9b|58|75|da|ba|cd|65|e3|d9|3b|da|78|4e|96|81|c1|d1|2f|f2|c0|65|e0|a2|12|33|1c|eb|0c|2a|10|c6|ea|87|4c|7a|a5|d7|c3|4c|a8|45|06|8d|ca|a5|90|7d|e0|57|be|e5|17|f0|13|41|28|6e|f6|f3|cb|b3|d4|9b|fa|b1|f9|30|a1|b4|2e|a4|de|73|39|35|82|32|de|55|f9|70|ee|ca|8a|d2|62|64|fc|fb|d7|56|17|c7|9a|3c|4f|3d|b1|4a|1d|37|fb|ad|40|ef|c4|14|cf|08|57|8e|68|5f|2b|d4|3b|cc|bb|23|9f|83|64|e3|22|39|53|30|5c|4d|0f|d8|4d|2a|5a|23|e6|ee|06|b6|38|5d|83|ef|91|f8|25|a6|e3|02|03|01|00|01|a3|50|30|4e|30|1d|06|03|55|1d|0e|04|16|04|14|bf|22|b8|2a|ec|f6|61|a9|05|50|d8|6a|f5|35|bd|32|3e|7c|9b|d7|30|1f|06|03|55|1d|23|04|18|30|16|80|14|bf|22|b8|2a|ec|f6|61|a9|05|50|d8|6a|f5|35|bd|32|3e|7c|9b|d7|30|0c|06|03|55|1d|13|04|05|30|03|01|01|ff|30|0d|06|09|2a|86|48|86|f7|0d|01|01|0b|05|00|03|82|02|01|00|35|e5|1e|a9|74|4f|78|59|c0|fd|da|a4|71|7a|4e|9d|b7|13|42|5b|d5|f3|95|1b|48|a6|91|c8|84|be|fc|67|ed|92|4e|2e|f2|e5|6e|14|38|a5|af|51|7f|54|11|5f|ed|15|bd|a6|d9|ef|9c|ef|ee|db|ed|fb|39|45|e2|5e|a9|53|66|73|40|98|27|38|4d|a3|1d|5f|eb|d3|f8|33|01|3d|ce|08|61|60|e1|ee|91|28|98|0a|a2|17|28|17|39|c1|af|1e|d2|f7|42|c6|5f|ff|a2|fa|77|2a|f0|4b|ed|4f|ea|d4|55|b4|4d|02|63|4f|9f|12|ab|86|26|a6|24|26|7e|26|e2|55|89|6b|7d|52|3c|48|ad|4c|0c|76|64|7d|a7|8f|ff|9e|23|28|4c|d5|79|85|ea|0c|ee|54|31|24|e2|66|53|4c|ae|a6|a6|43|c5|e1|16|c7|48|b3|af|49|c9|f6|30|e6|4a|da|2f|9b|1a|9d|5f|15|ff|ac|9e|c7|d3|e4|85|55|1d|d6|42|af|58|1e|57|d1|84|4f|87|a7|43|10|e8|13|42|fd|49|fa|c1|a2|ba|6a|30|a4|1e|fb|db|be|99|16|a1|dc|1e|45|45|54|c3|89|b8|b6|b8|74|90|2f|8b|8c|68|49|07|a2|7c|0d|a6|d6|3c|80|e2|94|66|b0|83|1f|e3|29|02|4d|76|44|1e|65|57|7c|9e|f2|01|0a|77|cd|c5|85|43|53|9e|e7|56|21|4b|55|05|78|0e|6b|7a|14|44|69|d8|cb|06|de|65|9a|0a|8b|15|11|4e|21|c6|1d|be|d4|6c|45|96|88|f2|04|d5|ff|03|fd|d3|24|7d|25|22|8b|22|37|99|4b|22|fa|8f|99|ec|71|88|58|8e|03|9f|76|19|a2|05|a6|3b|bc|87|d8|90|db|c1|cc|98|f9|1f|c5|00|96|e4|90|3d|ad|d0|fa|a1|d5|b6|71|74|7d|0c|a3|f2|79|5a|e6|31|fb|de|65|41|46|39|78|bd|d6|c1|b0|1a|44|16|a1|ed|27|c6|e7|d6|ab|f0|2f|0f|78|a6|78|01|2c|ed|18|bb|47|34|54|ee|73|1b|99|83|ca|bf|d7|07|65|40|03|f2|75|98|d4|f3|22|6c|2f|77|1e|ec|e7|1e|bf|31|28|90|c4|0c|7a|37|cc|85|37|59|42|94|21|90|05|9e|e0|60|51|0a|83|b8|29|45|37|06|5a|5e|a3|b3|e0|08|cf|48|9b|51|17|7b|4c|fb|6d|06|e9|4f|dd|45|42|42|83|c2|f6|b3|70|29|86|08|c4|28|f7|b4|d6|1f|a1|63|94|f7|75|8f|ba|16|03|01|00|04|0e|00|00|00|
+---------+---------------+----------+
18:19:16,933,784 ETHER
|0 |8a|4b|47|20|ce|e4|1e|33|c8|aa|1b|40|08|00|45|00|00|28|06|02|00|00|7f|06|16|25|0a|64|0a|71|0a|c8|00|0d|18|30|15|b3|00|36|e7|f4|98|bc|9f|d3|50|11|11|5f|30|2d|00|00|
+---------+---------------+----------+
18:19:16,933,874 ETHER
|0 |1e|33|c8|aa|1b|40|8a|4b|47|20|ce|e4|08|00|45|00|00|28|6c|17|40|00|40|06|af|0f|0a|c8|00|0d|0a|64|0a|71|15|b3|18|30|98|bc|9f|d3|00|36|e7|f5|50|11|72|10|1f|c4|00|00|
+---------+---------------+----------+
18:19:16,973,340 ETHER
|0 |8a|4b|47|20|ce|e4|1e|33|c8|aa|1b|40|08|00|45|00|00|28|06|03|00|00|7f|06|16|24|0a|64|0a|71|0a|c8|00|0d|18|30|15|b3|00|36|e7|f5|98|bc|9f|d4|50|10|11|5e|30|2d|00|00|
What does this error actually mean?
At the risk of stating the obvious it literally means "the handshake failed" and doesn't give you any more information than that. It could be caused by any number of possible issues. From your debug output we can see that:
The client issues a ClientHello to the server
The server responds with a ServerHello, a Certificate and a ServerHelloDone.
The server then attempts to read a response from the client but this read fails (most probably because the client has aborted - but without sending any kind of alert to indicate the cause of the problem).
Clearly something in the response that your server has sent back to the client has caused the client to just give up. The most likely culprit is the certificate, but its also possible that there is something about the ServerHello it doesn't like (e.g. the server didn't understand some extension that the client sent in its ClientHello, which it refuses to work without...although this is quite unlikely)
When looking in details to your debug log, it looks like a normal client/server handshake, in TLS 1.2. The last 9 bytes written mean the SERVER HELLO DONE is accomplished, and then the client (the last "read from") is sending 5 bytes that unfortunately we don't have. 5 bytes is a normal thing at this moment, these bytes are supposed to continue with the TLS exchange (Client key exchange,..) and they contain the "hello" byte, the protocol version (2 bytes), and the data length (2 bytes).
All this work would be easier for me if you provided a network capture. But OK, we have some information.
There is one reason to make openssl bug at this moment, when we receive 5 bytes instead of 11. This code will later generate the same handshake failure that you get :
* Request this many bytes in initial read.
* We can detect SSL 3.0/TLS 1.0 Client Hellos
* ('type == 3') correctly only when the following
* is in a single record, which is not guaranteed by
* the protocol specification:
* Byte Content
* 0 type \
* 1/2 version > record header
* 3/4 length /
* 5 msg_type \
* 6-8 length > Client Hello message
* 9/10 client_version /
*/
char buf_space[11];
But without any capture, it's almost impossible to say whether the client is sending a wrong Client key exchange, or if it's your openssl version which is faulty (more likely, it's the client).
Can you check what openssl version you are running ?
This appears to be a network or stack problem.
Assuming we are the server at 10.200.0.13 and the client is 10.100.10.113 your network dump decodes as follows:
18:19:07,529,418 receive connect request (SYN) from port 22695 to port 5555 with starting seq 0x0036bfc5
18:19:07,529,450 send accept (SYN ACK) with starting seq 0x6261d46d
18:19:07,668,343 receive segment containing ClientHello message with seq 0x0036bfc6 len 0x54
18:19:07,668,359 send ack (through 0x0036c01a)
18:19:07,668,617 send segment containing ServerHello, Certificate, ServerHelloDone with seq 0x6261d46e len 0x56+0x512+9=0x571
18:19:08,150,907 after no response ~0.5s, resend segment
18:19:08,556,603 receive resend of client 0x0036bfc6, which does NOT ack our data;
this implies client didn't get our data-ack and didn't get or accept (either copy of) our 0x6261d46e
18:19:08,556,617 send probe (ACK with no additional data)
18:19:08,683,863 receive probe from client, again neg-acking data but pos-acking SYN
18:19:08,683,932 after 2x neg-ack, send FIN (seq 0x6261d9df)
18:19:08,762,143 receive ACK of our FIN (and data?) (ack=0x6261d9e0)
18:19:16,784,169 receive new connect (SYN) from port 6192
...
This is screwy. If the client is any normal computer with an OS, usually those ack data at TCP level in the protocol stack even if their user program doesn't read (or accept) the data, at least up to some reasonable buffersize. The client is clearly getting at least some of our frames, since it correctly acks SYN and FIN, but it apparently refuses to ack our data.
If the client is something like a thermostat or an Arduino, where there is no actual OS but often instead a heap of code someone mashed together, often by copying from websites (including Stack?) without understanding it, so it doesn't work right. Or possibly the actual client is correct, but there is some broken middlebox like a firewall, IDS, 'smart' router, etc. in between.
Anyway if you can't get the TLS protocol messages, which are TCP data, delivered to the client at the TCP level, nothing else can work, so without any more useful info about or control over the client you're out of luck.
Sorry.
bad gethostbyaddr
A reverse DNS is not working well on your server. With your server IP, run these commands and check if they return anything (I suppose you're on Linux) :
dig -x XXX.XXX.XXX.XXX
host XXX.XXX.XXX.XXX
Check that your hosts file solves correctly your hostname. If you have to configure a DNS server (/etc/resolv.conf), do it.
I am using the below code to generate public and private keys:
using (var rsaProvider = new RSACryptoServiceProvider(cspParams))
{
try
{
// Export public key
publicKey = rsaProvider.ToXmlString(false);
// Write public key to file
publicKeyFile = File.CreateText(publicKeyFileName);
publicKeyFile.Write(publicKey);
// Export private/public key pair
//privateKey = rsaProvider.ToXmlString(true);
privateKey = rsaProvider.ToXmlString(true);
// Write private/public key pair to file
privateKeyFile = File.CreateText(privateKeyFileName);
privateKeyFile.Write(privateKey);
}
catch (Exception ex)
{
}
finally
{
rsaProvider.PersistKeyInCsp = false; // dont srotre in windows key container
}
}
The public key that is generated contains a key and an expontent:
<RSAKeyValue
<Modulus>rx39KaNggx7IFO/CT2XTi/aHdgEnZq0f6E2lKFVbObZ9ws0wCsRftfomOOy2z8/jFXn7NLOuiC+MvO6AsSb8nSCO0PY08TklmFBzsFxsq7CLWubL8TDV0wq7AtVpovdJkywc+O4wnz8ZTn38nAgNnQ6Ga+hIJspFCYZS01jkx30=
</Modulus>
<Exponent>AQAB</Exponent>
</RSAKeyValue>
But when I look at the public key of a certificate from Internet Explorer it shows:
RSA (2048 Bits).
30 82 01 0a 02 82 01 01 00 bf 61 0a 29 10 1f 5e
fe 34 37 51 08 f8 1e fb 22 ed 61 be 0b 0d 70 4c
50 63 26 75 15 b9 41 88 97 b6 f0 a0 15 bb 08 60
e0 42 e8 05 29 10 87 36 8a 28 65 a8 ef 31 07 74
6d 36 97 2f 28 46 66 04 c7 2a 79 26 7a 99 d5 8e
c3 6d 4f a0 5e ad bc 3d 91 c2 59 7b 5e 36 6c c0
53 cf 00 08 32 3e 10 64 58 10 13 69 c7 0c ee 9c
42 51 00 f9 05 44 ee 24 ce 7a 1f ed 8c 11 bd 12
a8 f3 15 f4 1c 7a 31 69 01 1b a7 e6 5d c0 9a 6c
7e 09 9e e7 52 44 4a 10 3a 23 e4 9b b6 03 af a8
9c b4 5b 9f d4 4b ad 92 8c ce b5 11 2a aa 37 18
8d b4 c2 b8 d8 5c 06 8c f8 ff 23 bd 35 5e d4 7c
3e 7e 83 0e 91 96 05 98 c3 b2 1f e3 c8 65 eb a9
7b 5d a0 2c cc fc 3c d9 6d ed cc fa 4b 43 8c c9
d4 b8 a5 61 1c b2 40 b6 28 12 df b9 f8 5f fe d3
b2 c9 ef 3d b4 1e 4b 7c 1c 4c 99 36 9e 3d eb ec
a7 68 5e 1d df 67 6e 5e fb 02 03 01 00 01
Is this the same type of key containing an exponent or is it encoded, or simply a different type of encryption?
It's just a different encoding of the same information. One is XML, using base-64 encoding for the modulus and exponent numbers. The other is a hexadecimal encoding of the information using the Distinguished Encoding Rules (DER) common with PKI protocols. It's a "SEQUENCE" containing two "INTEGER" elements: the modulus and the exponent, as defined in the PKCS #1 standard.
30 - SEQUENCE tag
82 01 0a - length is 266 bytes
02 - INTEGER tag (modulus)
82 01 01 - length is 257 bytes
00 bf 61 0a 29 10 1f 5e
fe 34 37 51 08 f8 1e fb 22 ed 61 be 0b 0d 70 4c
50 63 26 75 15 b9 41 88 97 b6 f0 a0 15 bb 08 60
e0 42 e8 05 29 10 87 36 8a 28 65 a8 ef 31 07 74
6d 36 97 2f 28 46 66 04 c7 2a 79 26 7a 99 d5 8e
c3 6d 4f a0 5e ad bc 3d 91 c2 59 7b 5e 36 6c c0
53 cf 00 08 32 3e 10 64 58 10 13 69 c7 0c ee 9c
42 51 00 f9 05 44 ee 24 ce 7a 1f ed 8c 11 bd 12
a8 f3 15 f4 1c 7a 31 69 01 1b a7 e6 5d c0 9a 6c
7e 09 9e e7 52 44 4a 10 3a 23 e4 9b b6 03 af a8
9c b4 5b 9f d4 4b ad 92 8c ce b5 11 2a aa 37 18
8d b4 c2 b8 d8 5c 06 8c f8 ff 23 bd 35 5e d4 7c
3e 7e 83 0e 91 96 05 98 c3 b2 1f e3 c8 65 eb a9
7b 5d a0 2c cc fc 3c d9 6d ed cc fa 4b 43 8c c9
d4 b8 a5 61 1c b2 40 b6 28 12 df b9 f8 5f fe d3
b2 c9 ef 3d b4 1e 4b 7c 1c 4c 99 36 9e 3d eb ec
a7 68 5e 1d df 67 6e 5e fb
02 - INTEGER tag (public exponent)
03 - length is 3 bytes
01 00 01 (65,537 [F4])
I am trying to create a CNG (Windows Cryptography API Next Generation) key handle by calling NCryptOpenKey() and using the certificate's thumbprint as the key name parameter:
LPCWSTR keyName = L"\0xe0\0xf5\0xdf\0x72\0x7f\0x81\0x92\0xfa\0xae\0x8a\0x4b\0xf1\0xd5\0x53\0xc1\0xbe\0x40\0x18\0x90\0xdc";
NCryptOpenKey( hProvider, &hKey, keyName, 0, 0 );
Using this keyName the key cannot be found, but I can see the certificate with that thumbprint when I look it up in certmgr.msc ("e0 f5 df 72 7f 81 92 fa ae 8a 4b f1 d5 53 c1 be 40 18 90 dc"). What could possibly be the problem here?
Edit: What I essentially want to do (as I found out by the help of the people on stack overflow ;)) is to create a NCRYPT_KEY_HANDLE from a certificate stored in the Windows certificate store.
The thumbprint and the key name usually has no relationship.
To get the name of the key that is associated with a certificate use CertGetCertificateContextProperty with CERT_KEY_PROV_INFO_PROP_ID.
Certificates don't contain the private keys. CERT_CONTEXT can have a CERT_KEY_PROV_INFO_PROP_ID property which say where to find a related private key. It is used by system function CryptAcquireCertificatePrivateKey and other high-level cryptography functions. This property is the only information about private key location in CNG.
Also, you can open every stored key in loop and compare private key BLOB with certificate's one.
If you want to try my example, here is a code:
DATA_BLOB key;
FILE *fil = _wfopen(L"D:\\222.p8", L"rb");
if(fil)
{
fseek(fil, 0 ,2);
key.cbData = ftell(fil);
fseek(fil, 0, 0);
key.pbData = new BYTE[key.cbData];
fread(key.pbData, 1, key.cbData, fil);
fclose(fil);
} else {
MessageBox(L"Cannot open file", L"Error", MB_ICONERROR);
return;
}
BCryptBuffer nameBuf;
nameBuf.BufferType = NCRYPTBUFFER_PKCS_KEY_NAME;
nameBuf.pvBuffer = L"killme";
nameBuf.cbBuffer = 14;
NCryptBufferDesc parList;
parList.ulVersion = NCRYPTBUFFER_VERSION;
parList.cBuffers = 1;
parList.pBuffers = &nameBuf;
// No error handlers!!!
NCRYPT_PROV_HANDLE hProv;
NCRYPT_KEY_HANDLE hKey;
NCryptOpenStorageProvider( &hProv, L"Microsoft Software Key Storage Provider", 0 );
NCryptImportKey( hProv, NULL, NCRYPT_PKCS8_PRIVATE_KEY_BLOB, &parList, &hKey, key.pbData, key.cbData, 0 );
NCryptFreeObject( hKey );
NCryptFreeObject( hProv );
return;
And this is my file (in HEX):
30 82 02 78 02 01 00 30 0D 06 09 2A 86 48 86 F7
0D 01 01 01 05 00 04 82 02 62 30 82 02 5E 02 01
00 02 81 81 00 BB 13 C9 C6 4A 18 1F 11 1D D3 CB
E4 6A E2 F4 46 8C 1D 67 7F F2 6E 16 67 C6 81 B9
D9 93 56 45 0B D5 EA 0F EB 7F F3 1D 83 07 19 3B
A7 1C 84 82 23 88 44 65 13 79 78 EA E0 B7 AD A8
4D B6 3C 9B D4 74 48 51 0D E8 60 59 19 D8 28 2B
49 FE BC 8D BF 62 0D 44 70 70 76 2D 83 5B 2E DE
9E 97 40 D3 BE 23 36 BB 02 3B F0 17 F2 EA 9A 97
28 41 39 7F A1 98 6E CB A3 9F 5B B3 81 D8 66 73
D5 19 63 35 E9 02 03 01 00 01 02 81 80 02 BA 5C
CF 35 C0 B8 F5 EB 45 18 61 B7 51 4C 95 EE C5 CA
FE E9 A3 C3 53 36 13 7E DD F6 5B B9 5C 07 D2 DC
47 E7 30 BE 0B 18 17 BD 1A 9D BC 2C ED A4 62 0D
9B 45 6D 31 A2 49 EB 65 5B 3A 14 BE 2C F4 DC C8
9B 94 2C 5A EF 1E 43 00 3E 88 00 D3 F1 0F 6A E3
14 C1 4D C8 7E 77 BD C8 41 92 8B 7D 2A B5 36 1A
61 81 9C 38 F1 34 C4 C3 73 57 67 25 4C 93 59 9B
C7 1B 10 39 F2 B2 2F 85 ED 69 B4 43 01 02 41 00
EC D9 DD B0 C8 F3 BC 39 77 9F 15 20 D5 80 C7 E3
F5 36 DB F0 BF AC 27 9E 82 A1 CB 64 F0 26 5A 31
97 C5 75 B0 CB 42 E3 0D AC F1 69 AF 02 1C 0F F5
38 7A 75 5C 87 41 16 D7 57 E5 A5 78 BB A4 6E 89
02 41 00 CA 33 BF CA 34 F6 17 F8 F8 1F 0C FF EE
62 18 09 22 BD 45 DC 2E E7 5D 6C 0F 66 0E 21 3D
74 61 35 79 19 56 91 1B 90 93 12 AD BA FA 31 23
4D D2 AE F8 0F 00 46 DE 6B F4 31 62 E3 88 5F 80
35 B4 61 02 41 00 C7 78 AC C6 28 57 6D 5C 10 AC
7F C4 C9 4A CE 0D E4 04 B1 B2 CE 1A 14 BB E0 54
96 D1 89 97 23 3A C5 11 5D 8E E9 80 89 6C 89 0C
3F EF 4E 1D 88 2B 03 C7 CE 73 80 CD 86 89 11 D3
AC 4A 43 ED B5 D1 02 41 00 A7 E7 E3 0A 31 82 6D
93 B3 CE 6D 08 15 56 E5 A8 A8 6D 4D 96 B2 68 33
9E A9 06 D1 12 EF 2A 36 12 A6 55 D1 19 BC 2F 08
C2 08 FB EC 08 63 CD 9A F6 EA 4B E2 A9 F6 C6 E4
47 22 5B D9 01 9C C0 7B E1 02 41 00 E1 94 F0 BB
B8 7E E6 CF 38 E0 8D 6B F7 BB E2 47 A2 B6 E4 EB
A5 C7 15 62 76 C4 BA B8 DC 81 06 24 EB B1 46 9B
EE 5D AC A5 A6 EB 93 2E B4 E7 F8 A3 CD FB 40 C1
C9 F9 27 DF 31 8B BB EE 29 4F 63 6D
My Connection to my test application keeps terminating in the same place without any errors.
I think perhaps something is triggering the channel/connection to close, but I don't know what it could be. Where exactly it closes changes slightly if I change printouts in the code, so the timing appears to be on a different thread.
I've been working on this for four days now and list myself as officially stuck.
Here is my connection code:
final HttpQueryRequestImpl realRequest = (HttpQueryRequestImpl) getPredecessorQueryResolver().resolvePredecessorResults(getPredecessorResults(), getQueryRequest(), getId());
// Configure the client.
// TODO determine if this ClientBootstrap object can be reused. Indications in the doucmentation
// seem to say yes, with caveats. Reusing the pool would improve performance. Caveats must be investigated.
final ClientBootstrap bootstrap = new ClientBootstrap(
new NioClientSocketChannelFactory(
Executors.newCachedThreadPool(),
Executors.newCachedThreadPool()));
// Set up the event pipeline factory.
bootstrap.setPipelineFactory(new HttpSnoopClientPipelineFactory());
// TODO audit and timestamp logging
if (logger.isInfoEnabled()) {
logger.info("Starting connection to !" + realRequest.getUri());
}
// Start the connection attempt.
// ChannelFuture future = bootstrap.connect(new InetSocketAddress(realRequest.getHost(), realRequest.getPort()));
logger.info(realRequest.getHost() + " " + realRequest.getPort());
ChannelFuture future = bootstrap.connect(new InetSocketAddress("myname.organization.com", 8443));
// register some things to happen after the channel completes
future.addListener(new ChannelFutureListener() {
#Override
public void operationComplete(ChannelFuture future) throws Exception {
if (!future.isSuccess()) {
logger.error("Error connecting to " + realRequest.getHost() + ":" + realRequest.getPort() + " " + realRequest.getUri());
bootstrap.releaseExternalResources();
} else {
if (logger.isInfoEnabled()) {
logger.info("Connected to " + realRequest.getHost() + ":" + realRequest.getPort() + " " + realRequest.getUri());
}
// Send the HTTP request.
Channel channel = future.getChannel();
HttpRequest request = new DefaultHttpRequest(
HttpVersion.HTTP_1_1, HttpMethod.GET, "/factorial");
request.setHeader(HttpHeaders.Names.HOST, "myname.organization.com");
request.setHeader(HttpHeaders.Names.CONNECTION, HttpHeaders.Values.CLOSE);
request.setHeader(HttpHeaders.Names.ACCEPT_ENCODING, HttpHeaders.Values.GZIP);
ChannelFuture writeFuture = channel.write(request);
writeFuture.addListener(new ChannelFutureListener() {
#Override
public void operationComplete(ChannelFuture future) throws Exception {
logger.info("Wrote data complete");
// TODO once bootstrap is reused, get rid of this
// Shut down executor threads to exit.
// bootstrap.releaseExternalResources();
}
});
}
}
});
This is what my output looks like with SSL debugging enabled:
32 [main] INFO nettyliteserver.remotequeries.HttpsQuery - Starting connection to !https://myname.organization.com:8443/factorial
32 [main] INFO nettyliteserver.remotequeries.HttpsQuery - myname.organization.com 8443
***
found key for : myname.organization.com
chain [0] = [
[
Version: V1
Subject: CN=myname.organization.com, OU=myname.organization.com, O=myname.organization.com, L=myname.organization.com, ST=myname.organization.com, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 94642469145065852073118930371145672868332389407646565010478303790446281089121119363888463093443199472593726155607365724815252704927244864250811984977900576391208121343883948799873869280369621492901495505803717080952775289840654752626694613842653754724186814688913115288788127483906065658243886585022651573993
public exponent: 65537
Validity: [From: Fri Mar 09 13:29:22 EST 2012,
To: Sat Mar 09 13:29:22 EST 2013]
Issuer: C=US, CN=myname.organization.com, ST=myname.organization.com, L=myname.organization.com, EMAILADDRESS=myname.organization.com, OU=myname.organization.com, O=myname.organization.com
SerialNumber: [ 71c8]
]
Algorithm: [SHA1withRSA]
Signature:
0000: C5 55 9C 1D 76 CE 05 87 45 0D C3 15 9C DB 0B 3A .U..v...E......:
0010: 70 0E 50 0C DB DB B4 62 2F BA A3 30 48 C0 D2 E9 p.P....b/..0H...
0020: 45 9C 3C C0 4A 84 7B 21 51 78 93 F1 63 4C 61 37 E.<.J..!Qx..cLa7
0030: 21 97 E8 38 F9 62 C5 EA 02 53 28 4F F8 EC 01 F2 !..8.b...S(O....
0040: 08 70 DB 96 D5 1D 9E 0A 89 33 D3 1D C8 79 8B C1 .p.......3...y..
0050: 6E 07 C4 98 FA 55 85 80 D4 10 AF A7 E5 A7 94 FA n....U..........
0060: 45 CB DA 7C FA 66 C6 FC 69 A4 B2 05 01 C6 DC 8E E....f..i.......
0070: AC 15 7D A2 FC 25 DF FE 19 80 D4 27 07 EA D6 3F .....%.....'...?
0080: 5C 73 5F 63 0B 4E 02 FC 49 EA 76 69 FA 82 5B 1B \s_c.N..I.vi..[.
0090: 3B 45 6B 95 DC 8F C2 E8 A9 6C 10 CD 9B E0 59 D7 ;Ek......l....Y.
00A0: DC E6 69 2C F9 DB 99 F7 7F E3 76 81 13 CD B3 FE ..i,......v.....
00B0: 1D AD 32 7D 6F 74 A9 12 4B 06 E2 9F E9 1F EF 8A ..2.ot..K.......
00C0: 1F CA 1D B8 08 47 00 1D 19 53 87 0A E3 FA B4 B5 .....G...S......
00D0: 99 4F B9 97 5D D0 EE 0D DD 09 5F 3C 41 31 D6 18 .O..]....._<A1..
00E0: 5C 39 01 8E DA D9 27 85 FE 0F C5 EE 00 A3 27 44 \9....'.......'D
00F0: C0 A1 42 EA 13 5B 66 3B 64 E3 EA 9B 23 20 0B C6 ..B..[f;d...# ..
0100: 66 DB AB 79 77 97 3E 4A D0 C7 79 C4 D2 E7 BD 1A f..yw.>J..y.....
0110: F3 90 39 A2 A4 69 A9 A1 4E A3 0B 92 93 9F 8F 4F ..9..i..N......O
0120: C3 4F CE E7 20 D6 45 4D 9B E0 B2 58 EC 96 19 99 .O.. .EM...X....
0130: E0 F3 BB E4 EF 7E 1D C7 C3 48 8B D0 7D 2D 8C 3A .........H...-.:
0140: 1A AF 77 3A 83 F4 51 C9 D6 DE BE 24 3B 03 7C A9 ..w:..Q....$;...
0150: 4B 5C C4 6E 59 AB E2 02 63 73 CE 98 8A D0 45 D5 K\.nY...cs....E.
0160: 6C FE 23 79 93 69 D5 74 0D AF FE 23 AE BB 3F E4 l.#y.i.t...#..?.
0170: 9C 05 87 E1 2E 91 51 D6 44 55 7E 66 73 1D BB C2 ......Q.DU.fs...
0180: F3 E8 4D CA 50 D9 6D 2A AD 84 EF C7 70 4B 15 EA ..M.P.m*....pK..
0190: C4 E0 33 3E 44 89 A3 97 8C 32 17 FD B9 DD 22 FB ..3>D....2....".
01A0: 08 CF 1E 49 78 B7 2F 8E 60 66 58 3D 57 6F 21 72 ...Ix./.`fX=Wo!r
01B0: D3 87 38 9C DD EB 60 D8 BD 06 A8 04 FD 2D 59 EA ..8...`......-Y.
01C0: 82 A8 E8 E7 73 81 1E DE FD 51 33 0C F7 47 AE 34 ....s....Q3..G.4
01D0: 58 57 DD CE FD 12 68 A6 A8 2E 58 4F C7 6A 1E 27 XW....h...XO.j.'
01E0: 39 EF C7 BE 75 32 96 99 6B 1B E6 23 2A A5 0E 2F 9...u2..k..#*../
01F0: 35 0A 0C 0C FA 92 65 1D DC 17 56 57 C4 08 89 48 5.....e...VW...H
]
chain [1] = [
[
Version: V1
Subject: C=US, CN=myname.organization.com, ST=myname.organization.com, L=myname.organization.com, EMAILADDRESS=myname.organization.com, OU=myname.organization.com, O=myname.organization.com
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 4096 bits
modulus: 806866056348410276765741718640530245144236832502515305762072630647553277327953919063172921502880537921571234334570551528531888439605163701867371172813984927986527584575335107418628498623377289440387978453125866503947773575289298639780740830349842738718874502642354354786938153803982142709595698253667527748252780647208422256786989310056682111281793756866001585577762899819782647308899956239433307951381179494148030342543127196354965114705680137760255253494869690234155019595101679874833401305309080790668924554791611347641826073186513714032079267845800910995372117962695304732667441462587341743926848435668491205343373472147947564642450777593350053051331533112897445884090255314793988795654376385927964164743689070718825504556057816253883950563232708345137230621100544965407234099088514072120925433729718654307794068734283314839693884400349895261851764957828001331060077733384251643023885026867016629337741393451760864161087662305445338147618921663305526880031574988450298248773113067904762125722376437187045162922144483754266350990810318433387352520742359961188082219224300651116723774686748606066644650420169490565673256120050113505389581136874611045622641221693918773655462724374483166653830081719164259720121105179323613660081321
public exponent: 65537
Validity: [From: Fri Mar 09 13:29:15 EST 2012,
To: Sat Mar 09 13:29:15 EST 2013]
Issuer: C=US, CN=myname.organization.com, ST=myname.organization.com, L=myname.organization.com, EMAILADDRESS=myname.organization.com, OU=myname.organization.com, O=myname.organization.com
SerialNumber: [ c1e2c18c f327ad81]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 8A EB 65 0E 88 09 BE 9A BA 88 FB CA 9A D4 53 F4 ..e...........S.
0010: B0 5C 91 67 BD C9 35 67 2D 37 78 2D 5C E6 4B 26 .\.g..5g-7x-\.K&
0020: E9 8E 20 3D DE 92 9B 29 A7 CB CC 5F 4E E3 CD 1A .. =...)..._N...
0030: FA 5B EB 0D 42 DC 17 05 4E D6 34 72 43 46 6C 55 .[..B...N.4rCFlU
0040: 99 FF AC 00 2E BF 28 5D 4A 6A 21 DE 72 9E 6C 7A ......(]Jj!.r.lz
0050: A6 10 28 27 21 72 0F 69 09 04 D3 FB A7 83 DF 81 ..('!r.i........
0060: E2 78 BD 0B 4F D7 AA B4 CC E2 E4 3B A5 30 A3 14 .x..O......;.0..
0070: B4 83 75 DC E6 8C 01 9A B2 BA FF 0D 3F AA F1 30 ..u.........?..0
0080: A0 33 A9 CC 13 08 72 8F E2 75 1D 3B 30 B8 82 3C .3....r..u.;0..<
0090: 9A A0 A3 68 18 60 C0 1F E4 2E 06 D6 1B B8 46 6F ...h.`........Fo
00A0: AB D3 C9 AD 89 E6 E7 48 12 0F 90 A5 B8 A2 17 51 .......H.......Q
00B0: 41 AF 1E 62 6C D2 48 B2 41 C6 CE 1D 4E B1 F7 90 A..bl.H.A...N...
00C0: 34 26 E0 5D 95 7B BD 93 BA 4C D1 7A 08 A9 1E 57 4&.].....L.z...W
00D0: 03 EE F2 EC BD 8E 36 43 1D 4F 9E 39 56 A8 E4 B6 ......6C.O.9V...
00E0: 44 6C D5 D3 8C F0 FE 1F 87 87 67 2D E6 05 7E BA Dl........g-....
00F0: 18 FB 6C 0B D8 80 19 08 27 8F 60 09 A6 BA 68 55 ..l.....'.`...hU
0100: 05 13 A8 9C 04 06 F8 24 A1 52 DB 67 69 2E FE 12 .......$.R.gi...
0110: A5 23 D1 2E 56 EA 54 08 83 DD 91 43 45 8B F6 97 .#..V.T....CE...
0120: 01 65 CC 32 4C FA D6 89 81 83 B4 21 92 F4 EC 29 .e.2L......!...)
0130: 68 87 51 A0 FC B7 7D BD 90 F8 A1 F8 68 82 CF 03 h.Q.........h...
0140: 4E 9C C2 FA AF 4A D3 AD 0B AB AB 73 4B B4 95 B0 N....J.....sK...
0150: EC 64 6B 8E 2B D4 E1 41 96 19 EC E9 6B 92 51 8A .dk.+..A....k.Q.
0160: D8 C1 87 FC DB B4 12 BD 14 AB 5C 07 73 AA DE CE ..........\.s...
0170: E5 05 8F E9 CC 9F C4 2A B6 0F 5D 40 8E 7A 82 7E .......*..]#.z..
0180: CD 28 88 8F 01 3E 6C EF E7 01 58 2E C9 3F 0E 44 .(...>l...X..?.D
0190: 4D 1A 2B BB 0D 51 76 38 26 D4 89 5C 9B AB 63 FA M.+..Qv8&..\..c.
01A0: 4B 63 7C DC 0E 05 01 BB E4 97 73 03 4F 83 71 1E Kc........s.O.q.
01B0: B6 CB A6 62 F9 21 1B F2 24 D3 85 1D E6 31 87 E4 ...b.!..$....1..
01C0: D6 74 09 70 C3 D0 4C 35 7E F1 49 5A 60 B7 02 72 .t.p..L5..IZ`..r
01D0: 04 C9 83 AD 5E 63 1F 7B 97 4C 35 7F 15 88 D5 5D ....^c...L5....]
01E0: DA 3B F6 80 9B 07 E5 86 4B 67 F6 B2 66 DE 81 6C .;......Kg..f..l
01F0: FF B6 99 D1 06 EF 3A 27 68 8D F2 EE 72 C4 48 64 ......:'h...r.Hd
]
***
adding as trusted cert:
Subject: CN=myname.organization.com, OU=myname.organization.com, O=myname.organization.com, L=myname.organization.com, ST=myname.organization.com, C=US
Issuer: C=US, CN=myname.organization.com, ST=myname.organization.com, L=myname.organization.com, EMAILADDRESS=myname.organization.com, OU=myname.organization.com, O=myname.organization.com
Algorithm: RSA; Serial number: 0x71c8
Valid from Fri Mar 09 13:29:22 EST 2012 until Sat Mar 09 13:29:22 EST 2013
adding as trusted cert:
Subject: C=US, CN=myname.organization.com, ST=myname.organization.com, L=myname.organization.com, EMAILADDRESS=myname.organization.com, OU=myname.organization.com, O=myname.organization.com
Issuer: C=US, CN=myname.organization.com, ST=myname.organization.com, L=myname.organization.com, EMAILADDRESS=myname.organization.com, OU=myname.organization.com, O=myname.organization.com
Algorithm: RSA; Serial number: 0xc1e2c18cf327ad81
Valid from Fri Mar 09 13:29:15 EST 2012 until Sat Mar 09 13:29:15 EST 2013
trigger seeding of SecureRandom
done seeding SecureRandom
trigger seeding of SecureRandom
done seeding SecureRandom
Using SSLEngineImpl.
985 [main] INFO nettyliteserver.ssl.FlexibleErrorSslHandler - handleDownstream
That's where it terminates. I've changed the printouts around a bit so that sometimes I also get one more line, the printout from logger.info("Connected to " + realRequest.getHost() + ":" + realRequest.getPort() + " " + realRequest.getUri()); but I really don't know what is causing it to shut down.
I tried overriding the netty SSLHandler and on all it's public operations added a printout, but the close(), channelConnected(), channelDisconnected(), etc methods are never being called. Neither is handshake().
My pipeline is set up to do a handshake:
public class HttpSnoopClientPipelineFactory implements ChannelPipelineFactory {
public ChannelPipeline getPipeline() throws Exception {
// Create a default pipeline implementation.
ChannelPipeline pipeline = pipeline();
// Enable HTTPS
SSLEngine engine =
SecureChatSslContextFactory.getClientContext().createSSLEngine();
engine.setUseClientMode(true);
System.out.println("HERE!!!!!!!!!!!!");
pipeline.addLast("ssl", new SslHandler(engine));
pipeline.addLast("codec", new HttpClientCodec());
// Remove the following line if you don't want automatic content decompression.
pipeline.addLast("inflater", new HttpContentDecompressor());
// Uncomment the following line if you don't want to handle HttpChunks.
//pipeline.addLast("aggregator", new HttpChunkAggregator(1048576));
pipeline.addLast("handler", new HttpSnoopClientHandler());
return pipeline;
}
}
My custom SSLHandler is really the same as the library's SslHandler, I just overrode the methods to add printouts before delegating to the super version.
It looks like the only thing being called on it is handleDownstream()
You need to call SslHandler.handshake() by yourself after the connect success.
Something like:
future.getChannel().getPipeline(SslHandler.class).handshake();
This needs to get done in your ChannelFuture that gets returned by the connect method or a SimpleChannelUpstreamHandler implementation that you add to the ChannelPipeline
Netty documentation states:
Handshake
If isIssueHandshake() is false (default) you will need to take care of
calling handshake() by your own. In most situations were SslHandler is
used in 'client mode' you want to issue a handshake once the
connection was established. if setIssueHandshake(boolean) is set to
true you don't need to worry about this as the SslHandler will take
care of it.
see javadoc
So, you should set isIssueHandshake on SslHandler before estamblishing the connection:
SslHandler sslHandler = new SslHandler(engine);
setIssueHandshake(boolean);
pipeline.addLast("ssl", sslHandler);