How to produce a PKCS8 private key encrypted by a symmetric key? - ssl

If I try to produce a 3TDES encrypted PKCS 8 key using the OpenSSL command line:
openssl genrsa 512 | openssl pkcs8 -topk8 -v2 des-ede3-cbc
I get:
Enter Encryption Password:
What if I wanted to encrypt it using an actual key, not a key derived from a passphrase?
The PKCS8 RFC does not say which algorithm must be used to create the keyblock. It does give PKCS5 algorithms as example. Is there a way to use OpenSSL to create a PKCS8 key encrypted by a DES key? If not, is it just unsupported by OpenSSL or is it a very nonstandard thing to do?
Here is an example created using password based encryption through the OpenSSL command line (password "test"):
0:d=0 hl=4 l= 422 cons: SEQUENCE
4:d=1 hl=2 l= 64 cons: SEQUENCE
6:d=2 hl=2 l= 9 prim: OBJECT :PBES2
17:d=2 hl=2 l= 51 cons: SEQUENCE
19:d=3 hl=2 l= 27 cons: SEQUENCE
21:d=4 hl=2 l= 9 prim: OBJECT :PBKDF2
32:d=4 hl=2 l= 14 cons: SEQUENCE
34:d=5 hl=2 l= 8 prim: OCTET STRING
0000 - 34 28 48 ce 80 65 2e 49- 4(H..e.I
44:d=5 hl=2 l= 2 prim: INTEGER :0800
48:d=3 hl=2 l= 20 cons: SEQUENCE
50:d=4 hl=2 l= 8 prim: OBJECT :des-ede3-cbc
60:d=4 hl=2 l= 8 prim: OCTET STRING
0000 - 87 9a 4b b1 4a 9a 5d 2a- ..K.J.]*
70:d=1 hl=4 l= 352 prim: OCTET STRING
0000 - 1a 93 74 14 57 96 80 ca-68 2f 06 82 a4 3c c5 bb ..t.W...h/...<..
0010 - 2e 32 81 28 89 d9 71 8c-f3 20 4c 3d d4 7a 8c 17 .2.(..q.. L=.z..
0020 - 13 fd 8e bd 59 54 dd 17-4d 72 12 dd 24 71 af 39 ....YT..Mr..$q.9
0030 - 16 64 3f 11 63 4b 36 b4-cf 5d 42 a7 4a 7e be 26 .d?.cK6..]B.J~.&
0040 - b1 8e 60 2a 28 b8 21 f8-a6 0e 54 93 28 bb 46 e9 ..`*(.!...T.(.F.
0050 - c9 45 1f 5a 91 17 d8 a0-06 b0 c4 1b c0 2f ee e1 .E.Z........./..
0060 - fd d0 3b 44 23 2c 98 ab-ea e9 3e 2e f3 ce 14 04 ..;D#,....>.....
0070 - f7 ab 4e 1a f2 f7 70 b0-02 51 aa cd 86 ae 97 f1 ..N...p..Q......
0080 - 66 9f 75 72 06 2e a3 90-38 50 44 88 b0 8a c1 26 f.ur....8PD....&
0090 - 57 1b 21 95 7b f9 af 66-c4 ac 4e 68 c4 32 cb 16 W.!.{..f..Nh.2..
00a0 - 78 1c 55 d1 c1 b6 93 1c-15 ab 92 32 2c 6c 8d 2f x.U........2,l./
00b0 - 34 ba 09 a1 ac 4b 7a d0-86 cd 68 0d b8 67 2f 20 4....Kz...h..g/
00c0 - 91 c7 79 64 0a cd f7 68-5f c3 08 ea 1a 4f d1 b8 ..yd...h_....O..
00d0 - c6 ac ff ff a1 c0 38 e1-32 22 f4 76 60 60 6f 9d ......8.2".v``o.
00e0 - c0 07 32 ec 35 31 7a c5-d4 f3 0d cc 76 f4 f1 d2 ..2.51z.....v...
00f0 - 77 79 11 4d 60 62 9b 23-56 23 a3 7d 9d 64 96 b0 wy.M`b.#V#.}.d..
0100 - c4 c5 12 7f d4 87 07 fa-c4 8a 0a 03 9e 21 70 d8 .............!p.
0110 - eb 8a 6b 24 ee 58 bc 23-82 23 ac 90 36 9a ab a0 ..k$.X.#.#..6...
0120 - 9f c9 8d f5 07 f4 c6 53-6d 00 fd b3 9d 5b e9 cd .......Sm....[..
0130 - c4 f6 27 89 55 98 f0 bc-05 31 75 6a 2d d5 12 b1 ..'.U....1uj-...
0140 - 41 9f e5 6b 45 6c 12 7d-02 ab b6 e6 78 6c 62 f3 A..kEl.}....xlb.
0150 - d2 9d c1 29 de 98 22 ba-98 b5 47 7d 38 ff 82 50 ...).."...G}8..P
Here is a PKCS8 key I made manually, by using TDES CBC with a triple length key of all 0s (IV 5F218F117C86CEE1) to encrypt the "PrivateKeyInfo" ASN1 structure and then put that payload into an "EncryptedPrivateKeyInfo" ASN1 structure:
0:d=0 hl=4 l= 378 cons: SEQUENCE
4:d=1 hl=2 l= 20 cons: SEQUENCE
6:d=2 hl=2 l= 8 prim: OBJECT :des-ede3-cbc
16:d=2 hl=2 l= 8 prim: OCTET STRING
0000 - 5f 21 8f 11 7c 86 ce e1- _!..|...
26:d=1 hl=4 l= 352 prim: OCTET STRING
0000 - c1 dc 29 07 0d 4b 48 73-8a 6f 98 04 12 69 e0 ca ..)..KHs.o...i..
0010 - a6 d2 f3 94 01 ba aa c8-72 da d4 cb 99 92 96 cd ........r.......
0020 - f0 7f 92 b0 c9 4b 81 02-c6 28 a9 3a 26 68 44 e3 .....K...(.:&hD.
0030 - 6a 52 4b a6 02 0d ef 72-07 d2 23 a4 0e c3 ab 2c jRK....r..#....,
0040 - 9c d7 8c 92 3c df 01 41-a5 b9 90 fc 91 f6 c3 6a ....<..A.......j
0050 - 83 02 2a e9 71 59 a4 70-36 16 45 be a6 2a c8 e7 ..*.qY.p6.E..*..
0060 - 84 cc ce a9 fa 1f a0 60-e9 26 a2 d7 41 bb 3c 1a .......`.&..A.<.
0070 - 1b a4 47 21 dc 51 4d f7-ed dd 2a 8c 5f e6 68 9e ..G!.QM...*._.h.
0080 - f2 60 c1 79 bc d4 e7 0d-4b 90 4b 80 30 5b 30 f8 .`.y....K.K.0[0.
0090 - 49 8f 7f 82 05 f7 d3 4d-51 f7 5d ff e8 7c c4 ff I......MQ.]..|..
00a0 - d9 ad a3 f9 33 08 22 29-9e da d5 ee 67 6a 68 a4 ....3.")....gjh.
00b0 - 80 29 8f 6a d9 2b ef d5-50 87 69 9a 66 da 3e 78 .).j.+..P.i.f.>x
00c0 - 0a 5d 9d 40 58 ea a3 88-92 62 d5 7c 72 05 f4 4d .].#X....b.|r..M
00d0 - 01 ca 8d fb 0b af 71 25-d8 1b a6 03 4d 74 f8 ac ......q%....Mt..
00e0 - 7d 77 44 08 e5 84 0d fb-15 c3 f7 d4 4c e7 50 b3 }wD.........L.P.
00f0 - 08 96 9a 33 3c 74 05 ec-3d 8b 19 01 ba 04 d0 ab ...3<t..=.......
0100 - 47 32 6a d8 09 9b 0e 0e-58 f5 34 5f 8f 63 18 12 G2j.....X.4_.c..
0110 - 22 a5 f7 e0 af 09 ed 16-22 2c 35 4a 8f 55 f3 22 ".......",5J.U."
0120 - aa b1 e0 f4 27 df 45 ef-3b 04 08 19 89 67 dd 17 ....'.E.;....g..
0130 - 47 13 55 3f 9d 0a a3 80-4d 6a 49 90 e9 83 90 ad G.U?....MjI.....
0140 - 1b 49 2f c1 1f c5 8b db-03 38 a4 13 03 ad fe 99 .I/......8......
0150 - 1d 75 e7 b1 2f 83 ad e4-42 74 44 06 38 cb bd c4 .u../...BtD.8...
As far as I can tell, my keyblock conforms to the RFC. However since OpenSSL doesn't have the ability to produce something like this, and I can't find any test vectors for a similar type of PKCS8 encryption, I am concerned that this format is somehow nonstandard.
Does anyone know if it is correct to build a PKCS8 key this way (using a non-passphrase based encryption scheme)?
PKCS8 RFC https://www.rfc-editor.org/rfc/rfc5208
Unencrypted PKCS8 Private Key:
PrivateKeyInfo ::= SEQUENCE {
version Version,
privateKeyAlgorithm AlgorithmIdentifier {{PrivateKeyAlgorithms}},
privateKey PrivateKey,
attributes [0] Attributes OPTIONAL }
Is enciphered and placed into encrypted PKCS8 structure:
EncryptedPrivateKeyInfo ::= SEQUENCE {
encryptionAlgorithm AlgorithmIdentifier {{KeyEncryptionAlgorithms}},
encryptedData EncryptedData }
I'm not sure what these empty algorithm identifier definitions are for
PrivateKeyAlgorithms ALGORITHM-IDENTIFIER ::= {
... -- For local profiles
}
KeyEncryptionAlgorithms ALGORITHM-IDENTIFIER ::= {
... -- For local profiles
}
X509 RFC https://www.rfc-editor.org/rfc/rfc5280
This defines the algorithm identifier field
AlgorithmIdentifier ::= SEQUENCE {
algorithm OBJECT IDENTIFIER,
parameters ANY DEFINED BY algorithm OPTIONAL }
Cryptographic Message Syntax for TDES CBC AlgorithmIdentifier: http://www.ietf.org/rfc/rfc3370.txt
The AlgorithmIdentifier parameters field MUST be present, and the
parameters field must contain a CBCParameter:
CBCParameter ::= IV
IV ::= OCTET STRING -- exactly 8 octets

Here is a response to the same-ish question on the OpenSSL mailing list:
http://marc.info/?l=openssl-users&m=137106970116394&w=2
It appears to be valid to create a PKCS8 keyblock using any cipher's AlgorithmIdentifier for the encryptionAlgorithm field.
"[T]he standard does not restrict the possible values, it may very
well be possible that someone somewhere has a PKCS#8 implementation
which accepts a value which does not refer to a password based
encryption scheme."

Related

Extracting GZipped data from the DATA frame in HTTP/2

I've received the following DATA frame from https://example.com (is contains the HTML file).
Stream: DATA, Stream ID: 1, Length 606
Length: 606
Type: DATA (0)
Flags: 0x01
.... ...1 = End Stream: True
.... 0... = Padded: False
0000 .00. = Unused: 0x00
0... .... .... .... .... .... .... .... = Reserved: 0x0
.000 0000 0000 0000 0000 0000 0000 0001 = Stream Identifier: 1
[Pad Length: 0]
Reassembled body in frame: 37
Data: 1f8b08003b81055200038d5441afd3300cbeef5798720169…
My understanding is that this data is gzipped. When I save the decrypted data to a file and give it a .gz extension and attempt to extract it with 7-Zip I get an error though. It can open the archive, see that there is a single file in there, but when I try to read it or extract it I just get an error.
This is a hex dump of the decrypted data.
0000 1f 8b 08 00 3b 81 05 52 00 03 8d 54 41 af d3 30
0010 0c be ef 57 98 72 01 69 5d f7 80 07 53 d7 56 20
0020 40 e2 02 1c e0 c2 31 6b dc d5 5a 93 94 24 ed 36
0030 a1 f7 df 71 db bd ae e5 ed 40 2b b5 8e 1d 7f fe
0040 6c c7 49 9e 49 93 fb 73 8d 50 7a 55 65 8b e4 f1
0050 87 42 66 0b e0 27 f1 e4 2b cc 3e 9f 84 aa 2b 84
0060 4f 46 09 d2 49 34 68 17 c3 16 85 5e 40 5e 0a eb
0070 d0 a7 41 e3 8b 70 13 40 94 4d 8c a5 f7 75 88 bf
0080 1b 6a d3 e0 a3 d1 1e b5 0f bb b0 01 e4 c3 2a 0d
0090 3c 9e 7c d4 85 df 8e 50 b7 90 b4 50 98 06 2d e1
00a0 b1 36 d6 4f fc 8f 24 7d 99 4a 6c 29 c7 b0 5f 2c
00b0 81 34 79 12 55 e8 72 51 61 7a 77 85 72 fe cc c9
00c0 74 0c 2e 81 73 e7 82 c1 b6 33 f2 0c 7f 7a b1 5f
00d0 8a fc b0 b7 a6 d1 32 cc 4d 65 6c 0c cf 8b 35 bf
00e0 af b6 e3 16 25 ec 9e 74 0c eb ab aa 16 52 92 de
00f0 cf 74 05 33 0d 0b a1 a8 3a c7 10 7c af 51 c3 0f
0100 a1 5d b0 84 e0 0b 56 2d 7a ca 05 7c c3 06 59 33
0110 2a 96 f0 c1 72 06 4b 70 bc 35 74 68 a9 b8 22 f6
0120 c2 43 ff 95 d4 4e 48 f7 e9 c7 f0 76 bd ae 4f 4f
0130 79 de a3 02 d1 78 73 83 ee fd cc e1 56 ee c5 24
0140 fe ce 58 89 36 b4 42 52 e3 62 b8 43 b5 9d 50 12
0150 71 45 fa b0 e4 7f 4b 8e 3c ca 09 c1 47 b8 d7 9b
0160 37 9b cd 04 b1 eb 45 28 31 37 56 78 32 cc 55 1b
0170 8d 53 d0 f7 0a 25 09 78 a1 c4 29 bc 64 f9 ae cb
0180 f2 e5 b4 65 f3 0e fe 4f 26 0f a3 34 2f e4 a4 98
0190 f3 8a cd fa 7e c3 f6 4f 69 d6 73 eb 58 ef b1 64
01a0 57 12 c3 37 89 fa 23 9a 75 f2 22 89 86 79 5c 24
01b0 5d 6a 3c 9e 4c f2 72 90 cb bb 27 a3 c9 aa c1 56
01c0 67 3f 4b 72 20 7b 3d b0 84 ce 8b 5d 45 ae e4 5e
01d0 78 03 3b 84 c6 b1 58 18 0b 54 55 8d f3 5d d5 5b
01e0 04 1c 10 1d cf 0f 7b e7 8d e2 01 73 2b f8 65 1a
01f0 ce f9 dc 39 81 67 e4 e1 e0 5d d0 f5 d5 eb 48 be
0200 34 8d 87 da 12 23 e7 86 4b 41 ba ef 27 f0 5a b8
0210 03 a7 de 07 ad d1 2a 72 8e 0d ab 24 aa 47 d6 09
0220 df 17 16 8b 34 e8 6e 8d 38 8a 8e c7 e3 8a 84 16
0230 2b 63 f7 d1 10 cf 45 97 68 41 f6 d5 58 e4 f0 8c
0240 a7 fa 18 ab 15 83 89 ac 07 4c a2 be 52 49 74 a9
0250 5b 34 5c 6f 7f 01 08 95 aa 8b f6 04 00 00
How do I decompress this data?
Looks right to me. I suspect this is a problem with however you have extracted the DATA Frame, or 7Zip (don't have that on my machine).
Running the following in GitBash in Windows downloads the gzipped file (which might be over HTTP/1.1 probably depending on the version of curl you have installed, but ignore that for now, because I don't think this is an HTTP/2 problem):
$ curl --raw --compress https://example.com > /tmp/index.html.gz
At this point you can look at the raw hex (using xxd /tmp/index.html.gz for example) and see it's the exact same as what you've posted:
00000000: 1f8b 0800 3b81 0552 0003 8d54 41af d330 ....;..R...TA..0
00000010: 0cbe ef57 9872 0169 5df7 8007 53d7 5620 ...W.r.i]...S.V
00000020: 40e2 021c e0c2 316b dcd5 5a93 9424 ed36 #.....1k..Z..$.6
00000030: a1f7 df71 dbbd aee5 ed40 2bb5 8e1d 7ffe ...q.....#+.....
00000040: 6cc7 499e 4993 fb73 8d50 7a55 658b e4f1 l.I.I..s.PzUe...
00000050: 8742 660b e027 f1e4 2bcc 3e9f 84aa 2b84 .Bf..'..+.>...+.
00000060: 4f46 09d2 4934 6817 c316 855e 405e 0aeb OF..I4h....^#^..
00000070: d0a7 41e3 8b70 1340 944d 8ca5 f775 88bf ..A..p.#.M...u..
00000080: 1b6a d3e0 a3d1 1eb5 0fbb b001 e4c3 2a0d .j............*.
00000090: 3c9e 7cd4 85df 8e50 b790 b450 9806 2de1 <.|....P...P..-.
000000a0: b136 d64f fc8f 247d 994a 6c29 c7b0 5f2c .6.O..$}.Jl).._,
000000b0: 8134 7912 55e8 7251 617a 7785 72fe ccc9 .4y.U.rQazw.r...
000000c0: 740c 2e81 73e7 82c1 b633 f20c 7f7a b15f t...s....3...z._
000000d0: 8afc b0b7 a6d1 32cc 4d65 6c0c cf8b 35bf ......2.Mel...5.
000000e0: afb6 e316 25ec 9e74 0ceb abaa 1652 92de ....%..t.....R..
000000f0: cf74 0533 0d0b a1a8 3ac7 107c af51 c30f .t.3....:..|.Q..
00000100: a15d b084 e00b 562d 7aca 057c c306 5933 .]....V-z..|..Y3
00000110: 2a96 f0c1 7206 4b70 bc35 7468 a9b8 22f6 *...r.Kp.5th..".
00000120: c243 ff95 d44e 48f7 e9c7 f076 bdae 4f4f .C...NH....v..OO
00000130: 79de a302 d178 7383 eefd cce1 56ee c524 y....xs.....V..$
00000140: fece 5889 36b4 4252 e362 b843 b59d 5012 ..X.6.BR.b.C..P.
00000150: 7145 fab0 e47f 4b8e 3cca 09c1 47b8 d79b qE....K.<...G...
00000160: 379b cd04 b1eb 4528 3137 5678 32cc 551b 7.....E(17Vx2.U.
00000170: 8d53 d0f7 0a25 0978 a1c4 29bc 64f9 aecb .S...%.x..).d...
00000180: f2e5 b465 f30e fe4f 260f a334 2fe4 a498 ...e...O&..4/...
00000190: f38a cdfa 7ec3 f64f 69d6 73eb 58ef b164 ....~..Oi.s.X..d
000001a0: 5712 c337 89fa 239a 75f2 2289 8679 5c24 W..7..#.u."..y\$
000001b0: 5d6a 3c9e 4cf2 7290 cbbb 27a3 c9aa c156 ]j<.L.r...'....V
000001c0: 673f 4b72 207b 3db0 84ce 8b5d 45ae e45e g?Kr {=....]E..^
000001d0: 7803 3b84 c6b1 5818 0b54 558d f35d d55b x.;...X..TU..].[
000001e0: 041c 101d cf0f 7be7 8de2 0173 2bf8 651a ......{....s+.e.
000001f0: cef9 dc39 8167 e4e1 e05d d0f5 d5eb 48be ...9.g...]....H.
00000200: 348d 87da 1223 e786 4b41 baef 27f0 5ab8 4....#..KA..'.Z.
00000210: 03a7 de07 add1 2a72 8e0d ab24 aa47 d609 ......*r...$.G..
00000220: df17 168b 34e8 6e8d 388a 8ec7 e38a 8416 ....4.n.8.......
00000230: 2b63 f7d1 10cf 4597 6841 f6d5 58e4 f08c +c....E.hA..X...
00000240: a7fa 18ab 1583 89ac 074c a2be 5249 74a9 .........L..RIt.
00000250: 5b34 5c6f 7f01 0895 aa8b f604 0000 [4\o..........
Then can use gunzip to view the file in the command line:
$ gunzip -c index.html.gz
<!doctype html>
<html>
<head>
<title>Example Domain</title>
...etc.
Or decompress it:
$ gunzip index.html.gz
$ cat index.html
<!doctype html>
<html>
<head>
<title>Example Domain</title>
...etc.
So I would guess either 7zip doesn't like reading this file (but it seems to from a quick search online) or you are corrupting the saving of the data somehow before opening it in 7zip.

What does the SSL error 140612029986456:error:140780E5:SSL mean?

I am trying to debug the SSL connection of a client I do not have control over.
A possibility I discovered is to use openssl as a server to check whether the SSL connection is correctly initiated, and if not - why.
The basic connection ends with
root#elk:~# openssl s_server -key sonoff.key -cert sonoff.crt -accept 5555 -www
Using default temp DH parameters
ACCEPT
bad gethostbyaddr
140612029986456:error:140780E5:SSL routines:ssl23_read:ssl handshake failure:s23_lib.c:137:
What does this error actually mean?
The searches I did point to various bugs, but they all gravitate around "incorrect certificates". The certificates I use are correct, although self-signed. What in the message (or the -debug version below) could suggest this? Specifically: could this be an indication of the device checking the certificate and aborting on a self-signed?
root#elk:~# openssl s_server -key sonoff.key -cert sonoff.crt -accept 5555 -www -debug
Using default temp DH parameters
ACCEPT
bad gethostbyaddr
read from 0xb2ca20 [0xb32110] (11 bytes => 11 (0xB))
0000 - 16 03 01 00 4f 01 00 00-4b 03 03 ....O...K..
read from 0xb2ca20 [0xb3211e] (73 bytes => 73 (0x49))
0000 - 1b da e3 8f 9a d2 af 66-81 b5 62 95 7e 44 fc 3b .......f..b.~D.;
0010 - 75 48 90 da 51 03 f6 ad-33 81 ec 15 16 42 2b f2 uH..Q...3....B+.
0020 - 00 00 12 00 3d 00 35 00-3c 00 2f 00 b7 00 95 00 ....=.5.<./.....
0030 - b6 00 94 00 ff 01 00 00-10 00 0d 00 0c 00 0a 06 ................
0040 - 01 05 01 04 01 03 01 02-01 .........
write to 0xb2ca20 [0xb3bc00] (86 bytes => 86 (0x56))
0000 - 16 03 03 00 51 02 00 00-4d 03 03 2b ca 7c 43 47 ....Q...M..+.|CG
0010 - 06 ae 7e 1e b3 9c 71 7a-ca 5d 6d 98 54 4e 1c 5a ..~...qz.]m.TN.Z
0020 - b7 f9 38 2c 0d 3e de e0-62 a6 8a 20 2a 42 cf 9e ..8,.>..b.. *B..
0030 - ba 1e 8c a3 03 24 e1 34-9e 15 2e d8 90 77 73 74 .....$.4.....wst
0040 - 78 33 e6 45 83 34 ca 11-ae 97 4e 18 00 3d 00 00 x3.E.4....N..=..
0050 - 05 ff 01 00 01 .....
0056 - <SPACES/NULS>
write to 0xb2ca20 [0xb3bc00] (1298 bytes => 1298 (0x512))
0000 - 16 03 03 05 0d 0b 00 05-09 00 05 06 00 05 03 30 ...............0
0010 - 82 04 ff 30 82 02 e7 a0-03 02 01 02 02 09 00 df ...0............
0020 - 41 71 c6 48 ff eb 19 30-0d 06 09 2a 86 48 86 f7 Aq.H...0...*.H..
0030 - 0d 01 01 0b 05 00 30 16-31 14 30 12 06 03 55 04 ......0.1.0...U.
0040 - 03 0c 0b 65 78 61 6d 70-6c 65 2e 63 6f 6d 30 1e ...example.com0.
0050 - 17 0d 31 38 30 32 30 34-31 38 31 33 35 36 5a 17 ..180204181356Z.
0060 - 0d 32 38 30 32 30 32 31-38 31 33 35 36 5a 30 16 .280202181356Z0.
0070 - 31 14 30 12 06 03 55 04-03 0c 0b 65 78 61 6d 70 1.0...U....examp
0080 - 6c 65 2e 63 6f 6d 30 82-02 22 30 0d 06 09 2a 86 le.com0.."0...*.
0090 - 48 86 f7 0d 01 01 01 05-00 03 82 02 0f 00 30 82 H.............0.
00a0 - 02 0a 02 82 02 01 00 e0-22 b0 41 79 e5 60 92 2c ........".Ay.`.,
00b0 - c7 1c 97 84 f8 16 46 39-27 67 26 ad d7 c8 dc a4 ......F9'g&.....
00c0 - 18 2e 5a 1a aa f7 92 b0-71 8f f8 a5 e0 d9 52 d3 ..Z.....q.....R.
00d0 - 6a c9 e1 ae 7c ce f1 1c-92 99 dd 77 b7 f7 db b3 j...|......w....
00e0 - 2b f4 96 23 d4 d8 08 e8-e2 f2 15 7b 41 16 30 3d +..#.......{A.0=
00f0 - 21 cd 5f b0 3d 5a 0c ec-60 9b d8 78 99 32 c4 9f !._.=Z..`..x.2..
0100 - 3c 1b 50 d9 d4 cf f0 4b-58 ca c6 6f 56 f5 57 04 <.P....KX..oV.W.
0110 - c9 d5 60 56 d2 25 66 ee-fe f0 da 79 d6 f2 a5 67 ..`V.%f....y...g
0120 - 08 7a 19 e6 82 90 5c e0-a1 63 cf 4b a8 43 c6 d3 .z....\..c.K.C..
0130 - 08 a0 22 4a df be 42 22-8b c9 6f 81 d1 b0 d8 e0 .."J..B"..o.....
0140 - 24 79 b3 3a ad 10 af bd-7a 43 56 a6 87 ad d2 d4 $y.:....zCV.....
0150 - 96 cf 12 f9 9a 42 7a c7-63 07 f7 cc a9 a5 50 1e .....Bz.c.....P.
0160 - bf 4d 2d ae e3 74 b7 a7-66 ca ab 44 66 db f5 e2 .M-..t..f..Df...
0170 - 28 dd a8 6f 76 0a 5a d4-8d 42 c6 a0 16 c2 bd d9 (..ov.Z..B......
0180 - 25 38 74 dc bc d3 95 03-b9 13 39 c0 4a cd d9 c9 %8t.......9.J...
0190 - cb 34 bf 9e 48 1e e4 56-8f 47 9c 33 ed eb d6 db .4..H..V.G.3....
01a0 - 5e b7 46 85 d4 49 48 f3-24 ec 01 c3 98 74 50 f9 ^.F..IH.$....tP.
01b0 - 05 71 01 b5 96 f4 b5 bc-a3 57 78 3f c7 4f 10 1e .q.......Wx?.O..
01c0 - da 96 59 c0 6d c1 13 64-52 7b f8 d7 88 59 29 ba ..Y.m..dR{...Y).
01d0 - b7 5a ec a2 a7 1e 86 bb-ea 8b f8 03 e3 73 b3 6e .Z...........s.n
01e0 - 70 27 29 b6 92 31 4f 52-73 f0 62 91 3e 90 53 40 p')..1ORs.b.>.S#
01f0 - d0 00 e2 1d 80 5e 82 a9-5e fc 56 2f 76 d9 40 39 .....^..^.V/v.#9
0200 - 85 e3 4e 55 d2 a7 47 06-27 92 d9 ec dd 7e 7d c2 ..NU..G.'....~}.
0210 - 07 6d 73 9b 58 75 da ba-cd 65 e3 d9 3b da 78 4e .ms.Xu...e..;.xN
0220 - 96 81 c1 d1 2f f2 c0 65-e0 a2 12 33 1c eb 0c 2a ..../..e...3...*
0230 - 10 c6 ea 87 4c 7a a5 d7-c3 4c a8 45 06 8d ca a5 ....Lz...L.E....
0240 - 90 7d e0 57 be e5 17 f0-13 41 28 6e f6 f3 cb b3 .}.W.....A(n....
0250 - d4 9b fa b1 f9 30 a1 b4-2e a4 de 73 39 35 82 32 .....0.....s95.2
0260 - de 55 f9 70 ee ca 8a d2-62 64 fc fb d7 56 17 c7 .U.p....bd...V..
0270 - 9a 3c 4f 3d b1 4a 1d 37-fb ad 40 ef c4 14 cf 08 .<O=.J.7..#.....
0280 - 57 8e 68 5f 2b d4 3b cc-bb 23 9f 83 64 e3 22 39 W.h_+.;..#..d."9
0290 - 53 30 5c 4d 0f d8 4d 2a-5a 23 e6 ee 06 b6 38 5d S0\M..M*Z#....8]
02a0 - 83 ef 91 f8 25 a6 e3 02-03 01 00 01 a3 50 30 4e ....%........P0N
02b0 - 30 1d 06 03 55 1d 0e 04-16 04 14 bf 22 b8 2a ec 0...U.......".*.
02c0 - f6 61 a9 05 50 d8 6a f5-35 bd 32 3e 7c 9b d7 30 .a..P.j.5.2>|..0
02d0 - 1f 06 03 55 1d 23 04 18-30 16 80 14 bf 22 b8 2a ...U.#..0....".*
02e0 - ec f6 61 a9 05 50 d8 6a-f5 35 bd 32 3e 7c 9b d7 ..a..P.j.5.2>|..
02f0 - 30 0c 06 03 55 1d 13 04-05 30 03 01 01 ff 30 0d 0...U....0....0.
0300 - 06 09 2a 86 48 86 f7 0d-01 01 0b 05 00 03 82 02 ..*.H...........
0310 - 01 00 35 e5 1e a9 74 4f-78 59 c0 fd da a4 71 7a ..5...tOxY....qz
0320 - 4e 9d b7 13 42 5b d5 f3-95 1b 48 a6 91 c8 84 be N...B[....H.....
0330 - fc 67 ed 92 4e 2e f2 e5-6e 14 38 a5 af 51 7f 54 .g..N...n.8..Q.T
0340 - 11 5f ed 15 bd a6 d9 ef-9c ef ee db ed fb 39 45 ._............9E
0350 - e2 5e a9 53 66 73 40 98-27 38 4d a3 1d 5f eb d3 .^.Sfs#.'8M.._..
0360 - f8 33 01 3d ce 08 61 60-e1 ee 91 28 98 0a a2 17 .3.=..a`...(....
0370 - 28 17 39 c1 af 1e d2 f7-42 c6 5f ff a2 fa 77 2a (.9.....B._...w*
0380 - f0 4b ed 4f ea d4 55 b4-4d 02 63 4f 9f 12 ab 86 .K.O..U.M.cO....
0390 - 26 a6 24 26 7e 26 e2 55-89 6b 7d 52 3c 48 ad 4c &.$&~&.U.k}R<H.L
03a0 - 0c 76 64 7d a7 8f ff 9e-23 28 4c d5 79 85 ea 0c .vd}....#(L.y...
03b0 - ee 54 31 24 e2 66 53 4c-ae a6 a6 43 c5 e1 16 c7 .T1$.fSL...C....
03c0 - 48 b3 af 49 c9 f6 30 e6-4a da 2f 9b 1a 9d 5f 15 H..I..0.J./..._.
03d0 - ff ac 9e c7 d3 e4 85 55-1d d6 42 af 58 1e 57 d1 .......U..B.X.W.
03e0 - 84 4f 87 a7 43 10 e8 13-42 fd 49 fa c1 a2 ba 6a .O..C...B.I....j
03f0 - 30 a4 1e fb db be 99 16-a1 dc 1e 45 45 54 c3 89 0..........EET..
0400 - b8 b6 b8 74 90 2f 8b 8c-68 49 07 a2 7c 0d a6 d6 ...t./..hI..|...
0410 - 3c 80 e2 94 66 b0 83 1f-e3 29 02 4d 76 44 1e 65 <...f....).MvD.e
0420 - 57 7c 9e f2 01 0a 77 cd-c5 85 43 53 9e e7 56 21 W|....w...CS..V!
0430 - 4b 55 05 78 0e 6b 7a 14-44 69 d8 cb 06 de 65 9a KU.x.kz.Di....e.
0440 - 0a 8b 15 11 4e 21 c6 1d-be d4 6c 45 96 88 f2 04 ....N!....lE....
0450 - d5 ff 03 fd d3 24 7d 25-22 8b 22 37 99 4b 22 fa .....$}%"."7.K".
0460 - 8f 99 ec 71 88 58 8e 03-9f 76 19 a2 05 a6 3b bc ...q.X...v....;.
0470 - 87 d8 90 db c1 cc 98 f9-1f c5 00 96 e4 90 3d ad ..............=.
0480 - d0 fa a1 d5 b6 71 74 7d-0c a3 f2 79 5a e6 31 fb .....qt}...yZ.1.
0490 - de 65 41 46 39 78 bd d6-c1 b0 1a 44 16 a1 ed 27 .eAF9x.....D...'
04a0 - c6 e7 d6 ab f0 2f 0f 78-a6 78 01 2c ed 18 bb 47 ...../.x.x.,...G
04b0 - 34 54 ee 73 1b 99 83 ca-bf d7 07 65 40 03 f2 75 4T.s.......e#..u
04c0 - 98 d4 f3 22 6c 2f 77 1e-ec e7 1e bf 31 28 90 c4 ..."l/w.....1(..
04d0 - 0c 7a 37 cc 85 37 59 42-94 21 90 05 9e e0 60 51 .z7..7YB.!....`Q
04e0 - 0a 83 b8 29 45 37 06 5a-5e a3 b3 e0 08 cf 48 9b ...)E7.Z^.....H.
04f0 - 51 17 7b 4c fb 6d 06 e9-4f dd 45 42 42 83 c2 f6 Q.{L.m..O.EBB...
0500 - b3 70 29 86 08 c4 28 f7-b4 d6 1f a1 63 94 f7 75 .p)...(.....c..u
0510 - 8f ba ..
write to 0xb2ca20 [0xb3bc00] (9 bytes => 9 (0x9))
0000 - 16 03 03 00 04 0e ......
0009 - <SPACES/NULS>
read from 0xb2ca20 [0xb32113] (5 bytes => 0 (0x0))
140570414024344:error:140780E5:SSL routines:ssl23_read:ssl handshake failure:s23_lib.c:137:
EDIT: a K12 dump of the session:
+---------+---------------+----------+
18:19:07,529,418 ETHER
|0 |8a|4b|47|20|ce|e4|1e|33|c8|aa|1b|40|08|00|45|00|00|2c|05|fb|00|00|7f|06|16|28|0a|64|0a|71|0a|c8|00|0d|58|a7|15|b3|00|36|bf|c5|00|00|00|00|60|02|16|d0|33|57|00|00|02|04|05|b4|
+---------+---------------+----------+
18:19:07,529,450 ETHER
|0 |1e|33|c8|aa|1b|40|8a|4b|47|20|ce|e4|08|00|45|00|00|2c|00|00|40|00|40|06|1b|23|0a|c8|00|0d|0a|64|0a|71|15|b3|58|a7|62|61|d4|6d|00|36|bf|c6|60|12|72|10|1f|c8|00|00|02|04|05|b4|
+---------+---------------+----------+
18:19:07,668,343 ETHER
|0 |8a|4b|47|20|ce|e4|1e|33|c8|aa|1b|40|08|00|45|00|00|7c|05|fc|00|00|7f|06|15|d7|0a|64|0a|71|0a|c8|00|0d|58|a7|15|b3|00|36|bf|c6|62|61|d4|6e|50|18|16|d0|67|d0|00|00|16|03|01|00|4f|01|00|00|4b|03|03|6e|30|37|19|a3|c0|a4|d5|d1|3c|8b|ed|76|72|e2|9f|d5|5e|57|3e|9e|98|b7|33|a9|12|54|de|40|32|df|34|00|00|12|00|3d|00|35|00|3c|00|2f|00|b7|00|95|00|b6|00|94|00|ff|01|00|00|10|00|0d|00|0c|00|0a|06|01|05|01|04|01|03|01|02|01|
+---------+---------------+----------+
18:19:07,668,359 ETHER
|0 |1e|33|c8|aa|1b|40|8a|4b|47|20|ce|e4|08|00|45|00|00|28|39|19|40|00|40|06|e2|0d|0a|c8|00|0d|0a|64|0a|71|15|b3|58|a7|62|61|d4|6e|00|36|c0|1a|50|10|72|10|1f|c4|00|00|
+---------+---------------+----------+
18:19:07,668,617 ETHER
|0 |1e|33|c8|aa|1b|40|8a|4b|47|20|ce|e4|08|00|45|00|05|99|39|1a|40|00|40|06|dc|9b|0a|c8|00|0d|0a|64|0a|71|15|b3|58|a7|62|61|d4|6e|00|36|c0|1a|50|18|72|10|25|35|00|00|16|03|01|00|51|02|00|00|4d|03|01|e9|4e|66|d1|56|43|c2|f8|df|95|62|d2|a1|8f|99|85|39|d3|22|4e|92|64|85|75|47|8f|29|f5|15|11|8e|10|20|b7|07|bc|84|e7|15|1e|6b|53|ed|6c|d5|1c|f6|15|10|ab|03|94|db|15|19|47|b7|43|04|30|59|fb|f2|52|e5|00|35|00|00|05|ff|01|00|01|00|16|03|01|05|0d|0b|00|05|09|00|05|06|00|05|03|30|82|04|ff|30|82|02|e7|a0|03|02|01|02|02|09|00|df|41|71|c6|48|ff|eb|19|30|0d|06|09|2a|86|48|86|f7|0d|01|01|0b|05|00|30|16|31|14|30|12|06|03|55|04|03|0c|0b|65|78|61|6d|70|6c|65|2e|63|6f|6d|30|1e|17|0d|31|38|30|32|30|34|31|38|31|33|35|36|5a|17|0d|32|38|30|32|30|32|31|38|31|33|35|36|5a|30|16|31|14|30|12|06|03|55|04|03|0c|0b|65|78|61|6d|70|6c|65|2e|63|6f|6d|30|82|02|22|30|0d|06|09|2a|86|48|86|f7|0d|01|01|01|05|00|03|82|02|0f|00|30|82|02|0a|02|82|02|01|00|e0|22|b0|41|79|e5|60|92|2c|c7|1c|97|84|f8|16|46|39|27|67|26|ad|d7|c8|dc|a4|18|2e|5a|1a|aa|f7|92|b0|71|8f|f8|a5|e0|d9|52|d3|6a|c9|e1|ae|7c|ce|f1|1c|92|99|dd|77|b7|f7|db|b3|2b|f4|96|23|d4|d8|08|e8|e2|f2|15|7b|41|16|30|3d|21|cd|5f|b0|3d|5a|0c|ec|60|9b|d8|78|99|32|c4|9f|3c|1b|50|d9|d4|cf|f0|4b|58|ca|c6|6f|56|f5|57|04|c9|d5|60|56|d2|25|66|ee|fe|f0|da|79|d6|f2|a5|67|08|7a|19|e6|82|90|5c|e0|a1|63|cf|4b|a8|43|c6|d3|08|a0|22|4a|df|be|42|22|8b|c9|6f|81|d1|b0|d8|e0|24|79|b3|3a|ad|10|af|bd|7a|43|56|a6|87|ad|d2|d4|96|cf|12|f9|9a|42|7a|c7|63|07|f7|cc|a9|a5|50|1e|bf|4d|2d|ae|e3|74|b7|a7|66|ca|ab|44|66|db|f5|e2|28|dd|a8|6f|76|0a|5a|d4|8d|42|c6|a0|16|c2|bd|d9|25|38|74|dc|bc|d3|95|03|b9|13|39|c0|4a|cd|d9|c9|cb|34|bf|9e|48|1e|e4|56|8f|47|9c|33|ed|eb|d6|db|5e|b7|46|85|d4|49|48|f3|24|ec|01|c3|98|74|50|f9|05|71|01|b5|96|f4|b5|bc|a3|57|78|3f|c7|4f|10|1e|da|96|59|c0|6d|c1|13|64|52|7b|f8|d7|88|59|29|ba|b7|5a|ec|a2|a7|1e|86|bb|ea|8b|f8|03|e3|73|b3|6e|70|27|29|b6|92|31|4f|52|73|f0|62|91|3e|90|53|40|d0|00|e2|1d|80|5e|82|a9|5e|fc|56|2f|76|d9|40|39|85|e3|4e|55|d2|a7|47|06|27|92|d9|ec|dd|7e|7d|c2|07|6d|73|9b|58|75|da|ba|cd|65|e3|d9|3b|da|78|4e|96|81|c1|d1|2f|f2|c0|65|e0|a2|12|33|1c|eb|0c|2a|10|c6|ea|87|4c|7a|a5|d7|c3|4c|a8|45|06|8d|ca|a5|90|7d|e0|57|be|e5|17|f0|13|41|28|6e|f6|f3|cb|b3|d4|9b|fa|b1|f9|30|a1|b4|2e|a4|de|73|39|35|82|32|de|55|f9|70|ee|ca|8a|d2|62|64|fc|fb|d7|56|17|c7|9a|3c|4f|3d|b1|4a|1d|37|fb|ad|40|ef|c4|14|cf|08|57|8e|68|5f|2b|d4|3b|cc|bb|23|9f|83|64|e3|22|39|53|30|5c|4d|0f|d8|4d|2a|5a|23|e6|ee|06|b6|38|5d|83|ef|91|f8|25|a6|e3|02|03|01|00|01|a3|50|30|4e|30|1d|06|03|55|1d|0e|04|16|04|14|bf|22|b8|2a|ec|f6|61|a9|05|50|d8|6a|f5|35|bd|32|3e|7c|9b|d7|30|1f|06|03|55|1d|23|04|18|30|16|80|14|bf|22|b8|2a|ec|f6|61|a9|05|50|d8|6a|f5|35|bd|32|3e|7c|9b|d7|30|0c|06|03|55|1d|13|04|05|30|03|01|01|ff|30|0d|06|09|2a|86|48|86|f7|0d|01|01|0b|05|00|03|82|02|01|00|35|e5|1e|a9|74|4f|78|59|c0|fd|da|a4|71|7a|4e|9d|b7|13|42|5b|d5|f3|95|1b|48|a6|91|c8|84|be|fc|67|ed|92|4e|2e|f2|e5|6e|14|38|a5|af|51|7f|54|11|5f|ed|15|bd|a6|d9|ef|9c|ef|ee|db|ed|fb|39|45|e2|5e|a9|53|66|73|40|98|27|38|4d|a3|1d|5f|eb|d3|f8|33|01|3d|ce|08|61|60|e1|ee|91|28|98|0a|a2|17|28|17|39|c1|af|1e|d2|f7|42|c6|5f|ff|a2|fa|77|2a|f0|4b|ed|4f|ea|d4|55|b4|4d|02|63|4f|9f|12|ab|86|26|a6|24|26|7e|26|e2|55|89|6b|7d|52|3c|48|ad|4c|0c|76|64|7d|a7|8f|ff|9e|23|28|4c|d5|79|85|ea|0c|ee|54|31|24|e2|66|53|4c|ae|a6|a6|43|c5|e1|16|c7|48|b3|af|49|c9|f6|30|e6|4a|da|2f|9b|1a|9d|5f|15|ff|ac|9e|c7|d3|e4|85|55|1d|d6|42|af|58|1e|57|d1|84|4f|87|a7|43|10|e8|13|42|fd|49|fa|c1|a2|ba|6a|30|a4|1e|fb|db|be|99|16|a1|dc|1e|45|45|54|c3|89|b8|b6|b8|74|90|2f|8b|8c|68|49|07|a2|7c|0d|a6|d6|3c|80|e2|94|66|b0|83|1f|e3|29|02|4d|76|44|1e|65|57|7c|9e|f2|01|0a|77|cd|c5|85|43|53|9e|e7|56|21|4b|55|05|78|0e|6b|7a|14|44|69|d8|cb|06|de|65|9a|0a|8b|15|11|4e|21|c6|1d|be|d4|6c|45|96|88|f2|04|d5|ff|03|fd|d3|24|7d|25|22|8b|22|37|99|4b|22|fa|8f|99|ec|71|88|58|8e|03|9f|76|19|a2|05|a6|3b|bc|87|d8|90|db|c1|cc|98|f9|1f|c5|00|96|e4|90|3d|ad|d0|fa|a1|d5|b6|71|74|7d|0c|a3|f2|79|5a|e6|31|fb|de|65|41|46|39|78|bd|d6|c1|b0|1a|44|16|a1|ed|27|c6|e7|d6|ab|f0|2f|0f|78|a6|78|01|2c|ed|18|bb|47|34|54|ee|73|1b|99|83|ca|bf|d7|07|65|40|03|f2|75|98|d4|f3|22|6c|2f|77|1e|ec|e7|1e|bf|31|28|90|c4|0c|7a|37|cc|85|37|59|42|94|21|90|05|9e|e0|60|51|0a|83|b8|29|45|37|06|5a|5e|a3|b3|e0|08|cf|48|9b|51|17|7b|4c|fb|6d|06|e9|4f|dd|45|42|42|83|c2|f6|b3|70|29|86|08|c4|28|f7|b4|d6|1f|a1|63|94|f7|75|8f|ba|16|03|01|00|04|0e|00|00|00|
+---------+---------------+----------+
18:19:08,150,907 ETHER
|0 |1e|33|c8|aa|1b|40|8a|4b|47|20|ce|e4|08|00|45|00|05|99|39|1b|40|00|40|06|dc|9a|0a|c8|00|0d|0a|64|0a|71|15|b3|58|a7|62|61|d4|6e|00|36|c0|1a|50|18|72|10|25|35|00|00|16|03|01|00|51|02|00|00|4d|03|01|e9|4e|66|d1|56|43|c2|f8|df|95|62|d2|a1|8f|99|85|39|d3|22|4e|92|64|85|75|47|8f|29|f5|15|11|8e|10|20|b7|07|bc|84|e7|15|1e|6b|53|ed|6c|d5|1c|f6|15|10|ab|03|94|db|15|19|47|b7|43|04|30|59|fb|f2|52|e5|00|35|00|00|05|ff|01|00|01|00|16|03|01|05|0d|0b|00|05|09|00|05|06|00|05|03|30|82|04|ff|30|82|02|e7|a0|03|02|01|02|02|09|00|df|41|71|c6|48|ff|eb|19|30|0d|06|09|2a|86|48|86|f7|0d|01|01|0b|05|00|30|16|31|14|30|12|06|03|55|04|03|0c|0b|65|78|61|6d|70|6c|65|2e|63|6f|6d|30|1e|17|0d|31|38|30|32|30|34|31|38|31|33|35|36|5a|17|0d|32|38|30|32|30|32|31|38|31|33|35|36|5a|30|16|31|14|30|12|06|03|55|04|03|0c|0b|65|78|61|6d|70|6c|65|2e|63|6f|6d|30|82|02|22|30|0d|06|09|2a|86|48|86|f7|0d|01|01|01|05|00|03|82|02|0f|00|30|82|02|0a|02|82|02|01|00|e0|22|b0|41|79|e5|60|92|2c|c7|1c|97|84|f8|16|46|39|27|67|26|ad|d7|c8|dc|a4|18|2e|5a|1a|aa|f7|92|b0|71|8f|f8|a5|e0|d9|52|d3|6a|c9|e1|ae|7c|ce|f1|1c|92|99|dd|77|b7|f7|db|b3|2b|f4|96|23|d4|d8|08|e8|e2|f2|15|7b|41|16|30|3d|21|cd|5f|b0|3d|5a|0c|ec|60|9b|d8|78|99|32|c4|9f|3c|1b|50|d9|d4|cf|f0|4b|58|ca|c6|6f|56|f5|57|04|c9|d5|60|56|d2|25|66|ee|fe|f0|da|79|d6|f2|a5|67|08|7a|19|e6|82|90|5c|e0|a1|63|cf|4b|a8|43|c6|d3|08|a0|22|4a|df|be|42|22|8b|c9|6f|81|d1|b0|d8|e0|24|79|b3|3a|ad|10|af|bd|7a|43|56|a6|87|ad|d2|d4|96|cf|12|f9|9a|42|7a|c7|63|07|f7|cc|a9|a5|50|1e|bf|4d|2d|ae|e3|74|b7|a7|66|ca|ab|44|66|db|f5|e2|28|dd|a8|6f|76|0a|5a|d4|8d|42|c6|a0|16|c2|bd|d9|25|38|74|dc|bc|d3|95|03|b9|13|39|c0|4a|cd|d9|c9|cb|34|bf|9e|48|1e|e4|56|8f|47|9c|33|ed|eb|d6|db|5e|b7|46|85|d4|49|48|f3|24|ec|01|c3|98|74|50|f9|05|71|01|b5|96|f4|b5|bc|a3|57|78|3f|c7|4f|10|1e|da|96|59|c0|6d|c1|13|64|52|7b|f8|d7|88|59|29|ba|b7|5a|ec|a2|a7|1e|86|bb|ea|8b|f8|03|e3|73|b3|6e|70|27|29|b6|92|31|4f|52|73|f0|62|91|3e|90|53|40|d0|00|e2|1d|80|5e|82|a9|5e|fc|56|2f|76|d9|40|39|85|e3|4e|55|d2|a7|47|06|27|92|d9|ec|dd|7e|7d|c2|07|6d|73|9b|58|75|da|ba|cd|65|e3|d9|3b|da|78|4e|96|81|c1|d1|2f|f2|c0|65|e0|a2|12|33|1c|eb|0c|2a|10|c6|ea|87|4c|7a|a5|d7|c3|4c|a8|45|06|8d|ca|a5|90|7d|e0|57|be|e5|17|f0|13|41|28|6e|f6|f3|cb|b3|d4|9b|fa|b1|f9|30|a1|b4|2e|a4|de|73|39|35|82|32|de|55|f9|70|ee|ca|8a|d2|62|64|fc|fb|d7|56|17|c7|9a|3c|4f|3d|b1|4a|1d|37|fb|ad|40|ef|c4|14|cf|08|57|8e|68|5f|2b|d4|3b|cc|bb|23|9f|83|64|e3|22|39|53|30|5c|4d|0f|d8|4d|2a|5a|23|e6|ee|06|b6|38|5d|83|ef|91|f8|25|a6|e3|02|03|01|00|01|a3|50|30|4e|30|1d|06|03|55|1d|0e|04|16|04|14|bf|22|b8|2a|ec|f6|61|a9|05|50|d8|6a|f5|35|bd|32|3e|7c|9b|d7|30|1f|06|03|55|1d|23|04|18|30|16|80|14|bf|22|b8|2a|ec|f6|61|a9|05|50|d8|6a|f5|35|bd|32|3e|7c|9b|d7|30|0c|06|03|55|1d|13|04|05|30|03|01|01|ff|30|0d|06|09|2a|86|48|86|f7|0d|01|01|0b|05|00|03|82|02|01|00|35|e5|1e|a9|74|4f|78|59|c0|fd|da|a4|71|7a|4e|9d|b7|13|42|5b|d5|f3|95|1b|48|a6|91|c8|84|be|fc|67|ed|92|4e|2e|f2|e5|6e|14|38|a5|af|51|7f|54|11|5f|ed|15|bd|a6|d9|ef|9c|ef|ee|db|ed|fb|39|45|e2|5e|a9|53|66|73|40|98|27|38|4d|a3|1d|5f|eb|d3|f8|33|01|3d|ce|08|61|60|e1|ee|91|28|98|0a|a2|17|28|17|39|c1|af|1e|d2|f7|42|c6|5f|ff|a2|fa|77|2a|f0|4b|ed|4f|ea|d4|55|b4|4d|02|63|4f|9f|12|ab|86|26|a6|24|26|7e|26|e2|55|89|6b|7d|52|3c|48|ad|4c|0c|76|64|7d|a7|8f|ff|9e|23|28|4c|d5|79|85|ea|0c|ee|54|31|24|e2|66|53|4c|ae|a6|a6|43|c5|e1|16|c7|48|b3|af|49|c9|f6|30|e6|4a|da|2f|9b|1a|9d|5f|15|ff|ac|9e|c7|d3|e4|85|55|1d|d6|42|af|58|1e|57|d1|84|4f|87|a7|43|10|e8|13|42|fd|49|fa|c1|a2|ba|6a|30|a4|1e|fb|db|be|99|16|a1|dc|1e|45|45|54|c3|89|b8|b6|b8|74|90|2f|8b|8c|68|49|07|a2|7c|0d|a6|d6|3c|80|e2|94|66|b0|83|1f|e3|29|02|4d|76|44|1e|65|57|7c|9e|f2|01|0a|77|cd|c5|85|43|53|9e|e7|56|21|4b|55|05|78|0e|6b|7a|14|44|69|d8|cb|06|de|65|9a|0a|8b|15|11|4e|21|c6|1d|be|d4|6c|45|96|88|f2|04|d5|ff|03|fd|d3|24|7d|25|22|8b|22|37|99|4b|22|fa|8f|99|ec|71|88|58|8e|03|9f|76|19|a2|05|a6|3b|bc|87|d8|90|db|c1|cc|98|f9|1f|c5|00|96|e4|90|3d|ad|d0|fa|a1|d5|b6|71|74|7d|0c|a3|f2|79|5a|e6|31|fb|de|65|41|46|39|78|bd|d6|c1|b0|1a|44|16|a1|ed|27|c6|e7|d6|ab|f0|2f|0f|78|a6|78|01|2c|ed|18|bb|47|34|54|ee|73|1b|99|83|ca|bf|d7|07|65|40|03|f2|75|98|d4|f3|22|6c|2f|77|1e|ec|e7|1e|bf|31|28|90|c4|0c|7a|37|cc|85|37|59|42|94|21|90|05|9e|e0|60|51|0a|83|b8|29|45|37|06|5a|5e|a3|b3|e0|08|cf|48|9b|51|17|7b|4c|fb|6d|06|e9|4f|dd|45|42|42|83|c2|f6|b3|70|29|86|08|c4|28|f7|b4|d6|1f|a1|63|94|f7|75|8f|ba|16|03|01|00|04|0e|00|00|00|
+---------+---------------+----------+
18:19:08,556,603 ETHER
|0 |8a|4b|47|20|ce|e4|1e|33|c8|aa|1b|40|08|00|45|00|00|7c|05|fd|00|00|7f|06|15|d6|0a|64|0a|71|0a|c8|00|0d|58|a7|15|b3|00|36|bf|c6|62|61|d4|6e|50|18|16|d0|67|d0|00|00|16|03|01|00|4f|01|00|00|4b|03|03|6e|30|37|19|a3|c0|a4|d5|d1|3c|8b|ed|76|72|e2|9f|d5|5e|57|3e|9e|98|b7|33|a9|12|54|de|40|32|df|34|00|00|12|00|3d|00|35|00|3c|00|2f|00|b7|00|95|00|b6|00|94|00|ff|01|00|00|10|00|0d|00|0c|00|0a|06|01|05|01|04|01|03|01|02|01|
+---------+---------------+----------+
18:19:08,556,617 ETHER
|0 |1e|33|c8|aa|1b|40|8a|4b|47|20|ce|e4|08|00|45|00|00|28|39|1c|40|00|40|06|e2|0a|0a|c8|00|0d|0a|64|0a|71|15|b3|58|a7|62|61|d9|df|00|36|c0|1a|50|10|72|10|1f|c4|00|00|
+---------+---------------+----------+
18:19:08,683,863 ETHER
|0 |8a|4b|47|20|ce|e4|1e|33|c8|aa|1b|40|08|00|45|00|00|28|05|fe|00|00|7f|06|16|29|0a|64|0a|71|0a|c8|00|0d|58|a7|15|b3|00|36|c0|1a|62|61|d9|df|50|11|11|5f|13|df|00|00|
+---------+---------------+----------+
18:19:08,683,932 ETHER
|0 |1e|33|c8|aa|1b|40|8a|4b|47|20|ce|e4|08|00|45|00|00|28|39|1d|40|00|40|06|e2|09|0a|c8|00|0d|0a|64|0a|71|15|b3|58|a7|62|61|d9|df|00|36|c0|1b|50|11|72|10|1f|c4|00|00|
+---------+---------------+----------+
18:19:08,762,143 ETHER
|0 |8a|4b|47|20|ce|e4|1e|33|c8|aa|1b|40|08|00|45|00|00|28|05|ff|00|00|7f|06|16|28|0a|64|0a|71|0a|c8|00|0d|58|a7|15|b3|00|36|c0|1b|62|61|d9|e0|50|10|11|5e|13|df|00|00|
+---------+---------------+----------+
18:19:16,784,169 ETHER
|0 |8a|4b|47|20|ce|e4|1e|33|c8|aa|1b|40|08|00|45|00|00|2c|06|00|00|00|7f|06|16|23|0a|64|0a|71|0a|c8|00|0d|18|30|15|b3|00|36|e7|9f|00|00|00|00|60|02|16|d0|4b|f4|00|00|02|04|05|b4|
+---------+---------------+----------+
18:19:16,784,184 ETHER
|0 |1e|33|c8|aa|1b|40|8a|4b|47|20|ce|e4|08|00|45|00|00|2c|00|00|40|00|40|06|1b|23|0a|c8|00|0d|0a|64|0a|71|15|b3|18|30|98|bc|9a|61|00|36|e7|a0|60|12|72|10|1f|c8|00|00|02|04|05|b4|
+---------+---------------+----------+
18:19:16,886,424 ETHER
|0 |8a|4b|47|20|ce|e4|1e|33|c8|aa|1b|40|08|00|45|00|00|7c|06|01|00|00|7f|06|15|d2|0a|64|0a|71|0a|c8|00|0d|18|30|15|b3|00|36|e7|a0|98|bc|9a|62|50|18|16|d0|70|29|00|00|16|03|01|00|4f|01|00|00|4b|03|03|e5|7a|5a|74|be|6f|f0|54|cf|60|fd|45|d1|15|6e|25|28|82|23|11|ce|26|76|8f|3a|9b|db|bf|31|93|66|24|00|00|12|00|3d|00|35|00|3c|00|2f|00|b7|00|95|00|b6|00|94|00|ff|01|00|00|10|00|0d|00|0c|00|0a|06|01|05|01|04|01|03|01|02|01|
+---------+---------------+----------+
18:19:16,886,440 ETHER
|0 |1e|33|c8|aa|1b|40|8a|4b|47|20|ce|e4|08|00|45|00|00|28|6c|15|40|00|40|06|af|11|0a|c8|00|0d|0a|64|0a|71|15|b3|18|30|98|bc|9a|62|00|36|e7|f4|50|10|72|10|1f|c4|00|00|
+---------+---------------+----------+
18:19:16,886,658 ETHER
|0 |1e|33|c8|aa|1b|40|8a|4b|47|20|ce|e4|08|00|45|00|05|99|6c|16|40|00|40|06|a9|9f|0a|c8|00|0d|0a|64|0a|71|15|b3|18|30|98|bc|9a|62|00|36|e7|f4|50|18|72|10|25|35|00|00|16|03|01|00|51|02|00|00|4d|03|01|24|c5|4f|88|a2|2e|d6|95|40|f4|42|c1|97|78|b8|4a|33|43|32|94|d8|81|88|7f|09|44|df|3a|6c|79|d2|3a|20|1d|a7|32|d9|88|67|21|c6|69|f6|70|a7|20|28|0c|ac|a4|da|d0|95|3f|02|4f|51|68|78|7e|bf|1c|53|46|69|00|35|00|00|05|ff|01|00|01|00|16|03|01|05|0d|0b|00|05|09|00|05|06|00|05|03|30|82|04|ff|30|82|02|e7|a0|03|02|01|02|02|09|00|df|41|71|c6|48|ff|eb|19|30|0d|06|09|2a|86|48|86|f7|0d|01|01|0b|05|00|30|16|31|14|30|12|06|03|55|04|03|0c|0b|65|78|61|6d|70|6c|65|2e|63|6f|6d|30|1e|17|0d|31|38|30|32|30|34|31|38|31|33|35|36|5a|17|0d|32|38|30|32|30|32|31|38|31|33|35|36|5a|30|16|31|14|30|12|06|03|55|04|03|0c|0b|65|78|61|6d|70|6c|65|2e|63|6f|6d|30|82|02|22|30|0d|06|09|2a|86|48|86|f7|0d|01|01|01|05|00|03|82|02|0f|00|30|82|02|0a|02|82|02|01|00|e0|22|b0|41|79|e5|60|92|2c|c7|1c|97|84|f8|16|46|39|27|67|26|ad|d7|c8|dc|a4|18|2e|5a|1a|aa|f7|92|b0|71|8f|f8|a5|e0|d9|52|d3|6a|c9|e1|ae|7c|ce|f1|1c|92|99|dd|77|b7|f7|db|b3|2b|f4|96|23|d4|d8|08|e8|e2|f2|15|7b|41|16|30|3d|21|cd|5f|b0|3d|5a|0c|ec|60|9b|d8|78|99|32|c4|9f|3c|1b|50|d9|d4|cf|f0|4b|58|ca|c6|6f|56|f5|57|04|c9|d5|60|56|d2|25|66|ee|fe|f0|da|79|d6|f2|a5|67|08|7a|19|e6|82|90|5c|e0|a1|63|cf|4b|a8|43|c6|d3|08|a0|22|4a|df|be|42|22|8b|c9|6f|81|d1|b0|d8|e0|24|79|b3|3a|ad|10|af|bd|7a|43|56|a6|87|ad|d2|d4|96|cf|12|f9|9a|42|7a|c7|63|07|f7|cc|a9|a5|50|1e|bf|4d|2d|ae|e3|74|b7|a7|66|ca|ab|44|66|db|f5|e2|28|dd|a8|6f|76|0a|5a|d4|8d|42|c6|a0|16|c2|bd|d9|25|38|74|dc|bc|d3|95|03|b9|13|39|c0|4a|cd|d9|c9|cb|34|bf|9e|48|1e|e4|56|8f|47|9c|33|ed|eb|d6|db|5e|b7|46|85|d4|49|48|f3|24|ec|01|c3|98|74|50|f9|05|71|01|b5|96|f4|b5|bc|a3|57|78|3f|c7|4f|10|1e|da|96|59|c0|6d|c1|13|64|52|7b|f8|d7|88|59|29|ba|b7|5a|ec|a2|a7|1e|86|bb|ea|8b|f8|03|e3|73|b3|6e|70|27|29|b6|92|31|4f|52|73|f0|62|91|3e|90|53|40|d0|00|e2|1d|80|5e|82|a9|5e|fc|56|2f|76|d9|40|39|85|e3|4e|55|d2|a7|47|06|27|92|d9|ec|dd|7e|7d|c2|07|6d|73|9b|58|75|da|ba|cd|65|e3|d9|3b|da|78|4e|96|81|c1|d1|2f|f2|c0|65|e0|a2|12|33|1c|eb|0c|2a|10|c6|ea|87|4c|7a|a5|d7|c3|4c|a8|45|06|8d|ca|a5|90|7d|e0|57|be|e5|17|f0|13|41|28|6e|f6|f3|cb|b3|d4|9b|fa|b1|f9|30|a1|b4|2e|a4|de|73|39|35|82|32|de|55|f9|70|ee|ca|8a|d2|62|64|fc|fb|d7|56|17|c7|9a|3c|4f|3d|b1|4a|1d|37|fb|ad|40|ef|c4|14|cf|08|57|8e|68|5f|2b|d4|3b|cc|bb|23|9f|83|64|e3|22|39|53|30|5c|4d|0f|d8|4d|2a|5a|23|e6|ee|06|b6|38|5d|83|ef|91|f8|25|a6|e3|02|03|01|00|01|a3|50|30|4e|30|1d|06|03|55|1d|0e|04|16|04|14|bf|22|b8|2a|ec|f6|61|a9|05|50|d8|6a|f5|35|bd|32|3e|7c|9b|d7|30|1f|06|03|55|1d|23|04|18|30|16|80|14|bf|22|b8|2a|ec|f6|61|a9|05|50|d8|6a|f5|35|bd|32|3e|7c|9b|d7|30|0c|06|03|55|1d|13|04|05|30|03|01|01|ff|30|0d|06|09|2a|86|48|86|f7|0d|01|01|0b|05|00|03|82|02|01|00|35|e5|1e|a9|74|4f|78|59|c0|fd|da|a4|71|7a|4e|9d|b7|13|42|5b|d5|f3|95|1b|48|a6|91|c8|84|be|fc|67|ed|92|4e|2e|f2|e5|6e|14|38|a5|af|51|7f|54|11|5f|ed|15|bd|a6|d9|ef|9c|ef|ee|db|ed|fb|39|45|e2|5e|a9|53|66|73|40|98|27|38|4d|a3|1d|5f|eb|d3|f8|33|01|3d|ce|08|61|60|e1|ee|91|28|98|0a|a2|17|28|17|39|c1|af|1e|d2|f7|42|c6|5f|ff|a2|fa|77|2a|f0|4b|ed|4f|ea|d4|55|b4|4d|02|63|4f|9f|12|ab|86|26|a6|24|26|7e|26|e2|55|89|6b|7d|52|3c|48|ad|4c|0c|76|64|7d|a7|8f|ff|9e|23|28|4c|d5|79|85|ea|0c|ee|54|31|24|e2|66|53|4c|ae|a6|a6|43|c5|e1|16|c7|48|b3|af|49|c9|f6|30|e6|4a|da|2f|9b|1a|9d|5f|15|ff|ac|9e|c7|d3|e4|85|55|1d|d6|42|af|58|1e|57|d1|84|4f|87|a7|43|10|e8|13|42|fd|49|fa|c1|a2|ba|6a|30|a4|1e|fb|db|be|99|16|a1|dc|1e|45|45|54|c3|89|b8|b6|b8|74|90|2f|8b|8c|68|49|07|a2|7c|0d|a6|d6|3c|80|e2|94|66|b0|83|1f|e3|29|02|4d|76|44|1e|65|57|7c|9e|f2|01|0a|77|cd|c5|85|43|53|9e|e7|56|21|4b|55|05|78|0e|6b|7a|14|44|69|d8|cb|06|de|65|9a|0a|8b|15|11|4e|21|c6|1d|be|d4|6c|45|96|88|f2|04|d5|ff|03|fd|d3|24|7d|25|22|8b|22|37|99|4b|22|fa|8f|99|ec|71|88|58|8e|03|9f|76|19|a2|05|a6|3b|bc|87|d8|90|db|c1|cc|98|f9|1f|c5|00|96|e4|90|3d|ad|d0|fa|a1|d5|b6|71|74|7d|0c|a3|f2|79|5a|e6|31|fb|de|65|41|46|39|78|bd|d6|c1|b0|1a|44|16|a1|ed|27|c6|e7|d6|ab|f0|2f|0f|78|a6|78|01|2c|ed|18|bb|47|34|54|ee|73|1b|99|83|ca|bf|d7|07|65|40|03|f2|75|98|d4|f3|22|6c|2f|77|1e|ec|e7|1e|bf|31|28|90|c4|0c|7a|37|cc|85|37|59|42|94|21|90|05|9e|e0|60|51|0a|83|b8|29|45|37|06|5a|5e|a3|b3|e0|08|cf|48|9b|51|17|7b|4c|fb|6d|06|e9|4f|dd|45|42|42|83|c2|f6|b3|70|29|86|08|c4|28|f7|b4|d6|1f|a1|63|94|f7|75|8f|ba|16|03|01|00|04|0e|00|00|00|
+---------+---------------+----------+
18:19:16,933,784 ETHER
|0 |8a|4b|47|20|ce|e4|1e|33|c8|aa|1b|40|08|00|45|00|00|28|06|02|00|00|7f|06|16|25|0a|64|0a|71|0a|c8|00|0d|18|30|15|b3|00|36|e7|f4|98|bc|9f|d3|50|11|11|5f|30|2d|00|00|
+---------+---------------+----------+
18:19:16,933,874 ETHER
|0 |1e|33|c8|aa|1b|40|8a|4b|47|20|ce|e4|08|00|45|00|00|28|6c|17|40|00|40|06|af|0f|0a|c8|00|0d|0a|64|0a|71|15|b3|18|30|98|bc|9f|d3|00|36|e7|f5|50|11|72|10|1f|c4|00|00|
+---------+---------------+----------+
18:19:16,973,340 ETHER
|0 |8a|4b|47|20|ce|e4|1e|33|c8|aa|1b|40|08|00|45|00|00|28|06|03|00|00|7f|06|16|24|0a|64|0a|71|0a|c8|00|0d|18|30|15|b3|00|36|e7|f5|98|bc|9f|d4|50|10|11|5e|30|2d|00|00|
What does this error actually mean?
At the risk of stating the obvious it literally means "the handshake failed" and doesn't give you any more information than that. It could be caused by any number of possible issues. From your debug output we can see that:
The client issues a ClientHello to the server
The server responds with a ServerHello, a Certificate and a ServerHelloDone.
The server then attempts to read a response from the client but this read fails (most probably because the client has aborted - but without sending any kind of alert to indicate the cause of the problem).
Clearly something in the response that your server has sent back to the client has caused the client to just give up. The most likely culprit is the certificate, but its also possible that there is something about the ServerHello it doesn't like (e.g. the server didn't understand some extension that the client sent in its ClientHello, which it refuses to work without...although this is quite unlikely)
When looking in details to your debug log, it looks like a normal client/server handshake, in TLS 1.2. The last 9 bytes written mean the SERVER HELLO DONE is accomplished, and then the client (the last "read from") is sending 5 bytes that unfortunately we don't have. 5 bytes is a normal thing at this moment, these bytes are supposed to continue with the TLS exchange (Client key exchange,..) and they contain the "hello" byte, the protocol version (2 bytes), and the data length (2 bytes).
All this work would be easier for me if you provided a network capture. But OK, we have some information.
There is one reason to make openssl bug at this moment, when we receive 5 bytes instead of 11. This code will later generate the same handshake failure that you get :
* Request this many bytes in initial read.
* We can detect SSL 3.0/TLS 1.0 Client Hellos
* ('type == 3') correctly only when the following
* is in a single record, which is not guaranteed by
* the protocol specification:
* Byte Content
* 0 type \
* 1/2 version > record header
* 3/4 length /
* 5 msg_type \
* 6-8 length > Client Hello message
* 9/10 client_version /
*/
char buf_space[11];
But without any capture, it's almost impossible to say whether the client is sending a wrong Client key exchange, or if it's your openssl version which is faulty (more likely, it's the client).
Can you check what openssl version you are running ?
This appears to be a network or stack problem.
Assuming we are the server at 10.200.0.13 and the client is 10.100.10.113 your network dump decodes as follows:
18:19:07,529,418 receive connect request (SYN) from port 22695 to port 5555 with starting seq 0x0036bfc5
18:19:07,529,450 send accept (SYN ACK) with starting seq 0x6261d46d
18:19:07,668,343 receive segment containing ClientHello message with seq 0x0036bfc6 len 0x54
18:19:07,668,359 send ack (through 0x0036c01a)
18:19:07,668,617 send segment containing ServerHello, Certificate, ServerHelloDone with seq 0x6261d46e len 0x56+0x512+9=0x571
18:19:08,150,907 after no response ~0.5s, resend segment
18:19:08,556,603 receive resend of client 0x0036bfc6, which does NOT ack our data;
this implies client didn't get our data-ack and didn't get or accept (either copy of) our 0x6261d46e
18:19:08,556,617 send probe (ACK with no additional data)
18:19:08,683,863 receive probe from client, again neg-acking data but pos-acking SYN
18:19:08,683,932 after 2x neg-ack, send FIN (seq 0x6261d9df)
18:19:08,762,143 receive ACK of our FIN (and data?) (ack=0x6261d9e0)
18:19:16,784,169 receive new connect (SYN) from port 6192
...
This is screwy. If the client is any normal computer with an OS, usually those ack data at TCP level in the protocol stack even if their user program doesn't read (or accept) the data, at least up to some reasonable buffersize. The client is clearly getting at least some of our frames, since it correctly acks SYN and FIN, but it apparently refuses to ack our data.
If the client is something like a thermostat or an Arduino, where there is no actual OS but often instead a heap of code someone mashed together, often by copying from websites (including Stack?) without understanding it, so it doesn't work right. Or possibly the actual client is correct, but there is some broken middlebox like a firewall, IDS, 'smart' router, etc. in between.
Anyway if you can't get the TLS protocol messages, which are TCP data, delivered to the client at the TCP level, nothing else can work, so without any more useful info about or control over the client you're out of luck.
Sorry.
bad gethostbyaddr
A reverse DNS is not working well on your server. With your server IP, run these commands and check if they return anything (I suppose you're on Linux) :
dig -x XXX.XXX.XXX.XXX
host XXX.XXX.XXX.XXX
Check that your hosts file solves correctly your hostname. If you have to configure a DNS server (/etc/resolv.conf), do it.

Why does .cer file public key not contain RSA Exponent?

I am using the below code to generate public and private keys:
using (var rsaProvider = new RSACryptoServiceProvider(cspParams))
{
try
{
// Export public key
publicKey = rsaProvider.ToXmlString(false);
// Write public key to file
publicKeyFile = File.CreateText(publicKeyFileName);
publicKeyFile.Write(publicKey);
// Export private/public key pair
//privateKey = rsaProvider.ToXmlString(true);
privateKey = rsaProvider.ToXmlString(true);
// Write private/public key pair to file
privateKeyFile = File.CreateText(privateKeyFileName);
privateKeyFile.Write(privateKey);
}
catch (Exception ex)
{
}
finally
{
rsaProvider.PersistKeyInCsp = false; // dont srotre in windows key container
}
}
The public key that is generated contains a key and an expontent:
<RSAKeyValue
<Modulus>rx39KaNggx7IFO/CT2XTi/aHdgEnZq0f6E2lKFVbObZ9ws0wCsRftfomOOy2z8/jFXn7NLOuiC+MvO6AsSb8nSCO0PY08TklmFBzsFxsq7CLWubL8TDV0wq7AtVpovdJkywc+O4wnz8ZTn38nAgNnQ6Ga+hIJspFCYZS01jkx30=
</Modulus>
<Exponent>AQAB</Exponent>
</RSAKeyValue>
But when I look at the public key of a certificate from Internet Explorer it shows:
RSA (2048 Bits).
30 82 01 0a 02 82 01 01 00 bf 61 0a 29 10 1f 5e
fe 34 37 51 08 f8 1e fb 22 ed 61 be 0b 0d 70 4c
50 63 26 75 15 b9 41 88 97 b6 f0 a0 15 bb 08 60
e0 42 e8 05 29 10 87 36 8a 28 65 a8 ef 31 07 74
6d 36 97 2f 28 46 66 04 c7 2a 79 26 7a 99 d5 8e
c3 6d 4f a0 5e ad bc 3d 91 c2 59 7b 5e 36 6c c0
53 cf 00 08 32 3e 10 64 58 10 13 69 c7 0c ee 9c
42 51 00 f9 05 44 ee 24 ce 7a 1f ed 8c 11 bd 12
a8 f3 15 f4 1c 7a 31 69 01 1b a7 e6 5d c0 9a 6c
7e 09 9e e7 52 44 4a 10 3a 23 e4 9b b6 03 af a8
9c b4 5b 9f d4 4b ad 92 8c ce b5 11 2a aa 37 18
8d b4 c2 b8 d8 5c 06 8c f8 ff 23 bd 35 5e d4 7c
3e 7e 83 0e 91 96 05 98 c3 b2 1f e3 c8 65 eb a9
7b 5d a0 2c cc fc 3c d9 6d ed cc fa 4b 43 8c c9
d4 b8 a5 61 1c b2 40 b6 28 12 df b9 f8 5f fe d3
b2 c9 ef 3d b4 1e 4b 7c 1c 4c 99 36 9e 3d eb ec
a7 68 5e 1d df 67 6e 5e fb 02 03 01 00 01
Is this the same type of key containing an exponent or is it encoded, or simply a different type of encryption?
It's just a different encoding of the same information. One is XML, using base-64 encoding for the modulus and exponent numbers. The other is a hexadecimal encoding of the information using the Distinguished Encoding Rules (DER) common with PKI protocols. It's a "SEQUENCE" containing two "INTEGER" elements: the modulus and the exponent, as defined in the PKCS #1 standard.
30 - SEQUENCE tag
82 01 0a - length is 266 bytes
02 - INTEGER tag (modulus)
82 01 01 - length is 257 bytes
00 bf 61 0a 29 10 1f 5e
fe 34 37 51 08 f8 1e fb 22 ed 61 be 0b 0d 70 4c
50 63 26 75 15 b9 41 88 97 b6 f0 a0 15 bb 08 60
e0 42 e8 05 29 10 87 36 8a 28 65 a8 ef 31 07 74
6d 36 97 2f 28 46 66 04 c7 2a 79 26 7a 99 d5 8e
c3 6d 4f a0 5e ad bc 3d 91 c2 59 7b 5e 36 6c c0
53 cf 00 08 32 3e 10 64 58 10 13 69 c7 0c ee 9c
42 51 00 f9 05 44 ee 24 ce 7a 1f ed 8c 11 bd 12
a8 f3 15 f4 1c 7a 31 69 01 1b a7 e6 5d c0 9a 6c
7e 09 9e e7 52 44 4a 10 3a 23 e4 9b b6 03 af a8
9c b4 5b 9f d4 4b ad 92 8c ce b5 11 2a aa 37 18
8d b4 c2 b8 d8 5c 06 8c f8 ff 23 bd 35 5e d4 7c
3e 7e 83 0e 91 96 05 98 c3 b2 1f e3 c8 65 eb a9
7b 5d a0 2c cc fc 3c d9 6d ed cc fa 4b 43 8c c9
d4 b8 a5 61 1c b2 40 b6 28 12 df b9 f8 5f fe d3
b2 c9 ef 3d b4 1e 4b 7c 1c 4c 99 36 9e 3d eb ec
a7 68 5e 1d df 67 6e 5e fb
02 - INTEGER tag (public exponent)
03 - length is 3 bytes
01 00 01 (65,537 [F4])

NCryptOpenKey()

I am trying to create a CNG (Windows Cryptography API Next Generation) key handle by calling NCryptOpenKey() and using the certificate's thumbprint as the key name parameter:
LPCWSTR keyName = L"\0xe0\0xf5\0xdf\0x72\0x7f\0x81\0x92\0xfa\0xae\0x8a\0x4b\0xf1\0xd5\0x53\0xc1\0xbe\0x40\0x18\0x90\0xdc";
NCryptOpenKey( hProvider, &hKey, keyName, 0, 0 );
Using this keyName the key cannot be found, but I can see the certificate with that thumbprint when I look it up in certmgr.msc ("‎e0 f5 df 72 7f 81 92 fa ae 8a 4b f1 d5 53 c1 be 40 18 90 dc"). What could possibly be the problem here?
Edit: What I essentially want to do (as I found out by the help of the people on stack overflow ;)) is to create a NCRYPT_KEY_HANDLE from a certificate stored in the Windows certificate store.
The thumbprint and the key name usually has no relationship.
To get the name of the key that is associated with a certificate use CertGetCertificateContextProperty with CERT_KEY_PROV_INFO_PROP_ID.
Certificates don't contain the private keys. CERT_CONTEXT can have a CERT_KEY_PROV_INFO_PROP_ID property which say where to find a related private key. It is used by system function CryptAcquireCertificatePrivateKey and other high-level cryptography functions. This property is the only information about private key location in CNG.
Also, you can open every stored key in loop and compare private key BLOB with certificate's one.
If you want to try my example, here is a code:
DATA_BLOB key;
FILE *fil = _wfopen(L"D:\\222.p8", L"rb");
if(fil)
{
fseek(fil, 0 ,2);
key.cbData = ftell(fil);
fseek(fil, 0, 0);
key.pbData = new BYTE[key.cbData];
fread(key.pbData, 1, key.cbData, fil);
fclose(fil);
} else {
MessageBox(L"Cannot open file", L"Error", MB_ICONERROR);
return;
}
BCryptBuffer nameBuf;
nameBuf.BufferType = NCRYPTBUFFER_PKCS_KEY_NAME;
nameBuf.pvBuffer = L"killme";
nameBuf.cbBuffer = 14;
NCryptBufferDesc parList;
parList.ulVersion = NCRYPTBUFFER_VERSION;
parList.cBuffers = 1;
parList.pBuffers = &nameBuf;
// No error handlers!!!
NCRYPT_PROV_HANDLE hProv;
NCRYPT_KEY_HANDLE hKey;
NCryptOpenStorageProvider( &hProv, L"Microsoft Software Key Storage Provider", 0 );
NCryptImportKey( hProv, NULL, NCRYPT_PKCS8_PRIVATE_KEY_BLOB, &parList, &hKey, key.pbData, key.cbData, 0 );
NCryptFreeObject( hKey );
NCryptFreeObject( hProv );
return;
And this is my file (in HEX):
30 82 02 78 02 01 00 30 0D 06 09 2A 86 48 86 F7
0D 01 01 01 05 00 04 82 02 62 30 82 02 5E 02 01
00 02 81 81 00 BB 13 C9 C6 4A 18 1F 11 1D D3 CB
E4 6A E2 F4 46 8C 1D 67 7F F2 6E 16 67 C6 81 B9
D9 93 56 45 0B D5 EA 0F EB 7F F3 1D 83 07 19 3B
A7 1C 84 82 23 88 44 65 13 79 78 EA E0 B7 AD A8
4D B6 3C 9B D4 74 48 51 0D E8 60 59 19 D8 28 2B
49 FE BC 8D BF 62 0D 44 70 70 76 2D 83 5B 2E DE
9E 97 40 D3 BE 23 36 BB 02 3B F0 17 F2 EA 9A 97
28 41 39 7F A1 98 6E CB A3 9F 5B B3 81 D8 66 73
D5 19 63 35 E9 02 03 01 00 01 02 81 80 02 BA 5C
CF 35 C0 B8 F5 EB 45 18 61 B7 51 4C 95 EE C5 CA
FE E9 A3 C3 53 36 13 7E DD F6 5B B9 5C 07 D2 DC
47 E7 30 BE 0B 18 17 BD 1A 9D BC 2C ED A4 62 0D
9B 45 6D 31 A2 49 EB 65 5B 3A 14 BE 2C F4 DC C8
9B 94 2C 5A EF 1E 43 00 3E 88 00 D3 F1 0F 6A E3
14 C1 4D C8 7E 77 BD C8 41 92 8B 7D 2A B5 36 1A
61 81 9C 38 F1 34 C4 C3 73 57 67 25 4C 93 59 9B
C7 1B 10 39 F2 B2 2F 85 ED 69 B4 43 01 02 41 00
EC D9 DD B0 C8 F3 BC 39 77 9F 15 20 D5 80 C7 E3
F5 36 DB F0 BF AC 27 9E 82 A1 CB 64 F0 26 5A 31
97 C5 75 B0 CB 42 E3 0D AC F1 69 AF 02 1C 0F F5
38 7A 75 5C 87 41 16 D7 57 E5 A5 78 BB A4 6E 89
02 41 00 CA 33 BF CA 34 F6 17 F8 F8 1F 0C FF EE
62 18 09 22 BD 45 DC 2E E7 5D 6C 0F 66 0E 21 3D
74 61 35 79 19 56 91 1B 90 93 12 AD BA FA 31 23
4D D2 AE F8 0F 00 46 DE 6B F4 31 62 E3 88 5F 80
35 B4 61 02 41 00 C7 78 AC C6 28 57 6D 5C 10 AC
7F C4 C9 4A CE 0D E4 04 B1 B2 CE 1A 14 BB E0 54
96 D1 89 97 23 3A C5 11 5D 8E E9 80 89 6C 89 0C
3F EF 4E 1D 88 2B 03 C7 CE 73 80 CD 86 89 11 D3
AC 4A 43 ED B5 D1 02 41 00 A7 E7 E3 0A 31 82 6D
93 B3 CE 6D 08 15 56 E5 A8 A8 6D 4D 96 B2 68 33
9E A9 06 D1 12 EF 2A 36 12 A6 55 D1 19 BC 2F 08
C2 08 FB EC 08 63 CD 9A F6 EA 4B E2 A9 F6 C6 E4
47 22 5B D9 01 9C C0 7B E1 02 41 00 E1 94 F0 BB
B8 7E E6 CF 38 E0 8D 6B F7 BB E2 47 A2 B6 E4 EB
A5 C7 15 62 76 C4 BA B8 DC 81 06 24 EB B1 46 9B
EE 5D AC A5 A6 EB 93 2E B4 E7 F8 A3 CD FB 40 C1
C9 F9 27 DF 31 8B BB EE 29 4F 63 6D

Netty ClientBootstrap SSL Handshake Terminates--Channel/ClientBootstrap closing?

My Connection to my test application keeps terminating in the same place without any errors.
I think perhaps something is triggering the channel/connection to close, but I don't know what it could be. Where exactly it closes changes slightly if I change printouts in the code, so the timing appears to be on a different thread.
I've been working on this for four days now and list myself as officially stuck.
Here is my connection code:
final HttpQueryRequestImpl realRequest = (HttpQueryRequestImpl) getPredecessorQueryResolver().resolvePredecessorResults(getPredecessorResults(), getQueryRequest(), getId());
// Configure the client.
// TODO determine if this ClientBootstrap object can be reused. Indications in the doucmentation
// seem to say yes, with caveats. Reusing the pool would improve performance. Caveats must be investigated.
final ClientBootstrap bootstrap = new ClientBootstrap(
new NioClientSocketChannelFactory(
Executors.newCachedThreadPool(),
Executors.newCachedThreadPool()));
// Set up the event pipeline factory.
bootstrap.setPipelineFactory(new HttpSnoopClientPipelineFactory());
// TODO audit and timestamp logging
if (logger.isInfoEnabled()) {
logger.info("Starting connection to !" + realRequest.getUri());
}
// Start the connection attempt.
// ChannelFuture future = bootstrap.connect(new InetSocketAddress(realRequest.getHost(), realRequest.getPort()));
logger.info(realRequest.getHost() + " " + realRequest.getPort());
ChannelFuture future = bootstrap.connect(new InetSocketAddress("myname.organization.com", 8443));
// register some things to happen after the channel completes
future.addListener(new ChannelFutureListener() {
#Override
public void operationComplete(ChannelFuture future) throws Exception {
if (!future.isSuccess()) {
logger.error("Error connecting to " + realRequest.getHost() + ":" + realRequest.getPort() + " " + realRequest.getUri());
bootstrap.releaseExternalResources();
} else {
if (logger.isInfoEnabled()) {
logger.info("Connected to " + realRequest.getHost() + ":" + realRequest.getPort() + " " + realRequest.getUri());
}
// Send the HTTP request.
Channel channel = future.getChannel();
HttpRequest request = new DefaultHttpRequest(
HttpVersion.HTTP_1_1, HttpMethod.GET, "/factorial");
request.setHeader(HttpHeaders.Names.HOST, "myname.organization.com");
request.setHeader(HttpHeaders.Names.CONNECTION, HttpHeaders.Values.CLOSE);
request.setHeader(HttpHeaders.Names.ACCEPT_ENCODING, HttpHeaders.Values.GZIP);
ChannelFuture writeFuture = channel.write(request);
writeFuture.addListener(new ChannelFutureListener() {
#Override
public void operationComplete(ChannelFuture future) throws Exception {
logger.info("Wrote data complete");
// TODO once bootstrap is reused, get rid of this
// Shut down executor threads to exit.
// bootstrap.releaseExternalResources();
}
});
}
}
});
This is what my output looks like with SSL debugging enabled:
32 [main] INFO nettyliteserver.remotequeries.HttpsQuery - Starting connection to !https://myname.organization.com:8443/factorial
32 [main] INFO nettyliteserver.remotequeries.HttpsQuery - myname.organization.com 8443
***
found key for : myname.organization.com
chain [0] = [
[
Version: V1
Subject: CN=myname.organization.com, OU=myname.organization.com, O=myname.organization.com, L=myname.organization.com, ST=myname.organization.com, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 94642469145065852073118930371145672868332389407646565010478303790446281089121119363888463093443199472593726155607365724815252704927244864250811984977900576391208121343883948799873869280369621492901495505803717080952775289840654752626694613842653754724186814688913115288788127483906065658243886585022651573993
public exponent: 65537
Validity: [From: Fri Mar 09 13:29:22 EST 2012,
To: Sat Mar 09 13:29:22 EST 2013]
Issuer: C=US, CN=myname.organization.com, ST=myname.organization.com, L=myname.organization.com, EMAILADDRESS=myname.organization.com, OU=myname.organization.com, O=myname.organization.com
SerialNumber: [ 71c8]
]
Algorithm: [SHA1withRSA]
Signature:
0000: C5 55 9C 1D 76 CE 05 87 45 0D C3 15 9C DB 0B 3A .U..v...E......:
0010: 70 0E 50 0C DB DB B4 62 2F BA A3 30 48 C0 D2 E9 p.P....b/..0H...
0020: 45 9C 3C C0 4A 84 7B 21 51 78 93 F1 63 4C 61 37 E.<.J..!Qx..cLa7
0030: 21 97 E8 38 F9 62 C5 EA 02 53 28 4F F8 EC 01 F2 !..8.b...S(O....
0040: 08 70 DB 96 D5 1D 9E 0A 89 33 D3 1D C8 79 8B C1 .p.......3...y..
0050: 6E 07 C4 98 FA 55 85 80 D4 10 AF A7 E5 A7 94 FA n....U..........
0060: 45 CB DA 7C FA 66 C6 FC 69 A4 B2 05 01 C6 DC 8E E....f..i.......
0070: AC 15 7D A2 FC 25 DF FE 19 80 D4 27 07 EA D6 3F .....%.....'...?
0080: 5C 73 5F 63 0B 4E 02 FC 49 EA 76 69 FA 82 5B 1B \s_c.N..I.vi..[.
0090: 3B 45 6B 95 DC 8F C2 E8 A9 6C 10 CD 9B E0 59 D7 ;Ek......l....Y.
00A0: DC E6 69 2C F9 DB 99 F7 7F E3 76 81 13 CD B3 FE ..i,......v.....
00B0: 1D AD 32 7D 6F 74 A9 12 4B 06 E2 9F E9 1F EF 8A ..2.ot..K.......
00C0: 1F CA 1D B8 08 47 00 1D 19 53 87 0A E3 FA B4 B5 .....G...S......
00D0: 99 4F B9 97 5D D0 EE 0D DD 09 5F 3C 41 31 D6 18 .O..]....._<A1..
00E0: 5C 39 01 8E DA D9 27 85 FE 0F C5 EE 00 A3 27 44 \9....'.......'D
00F0: C0 A1 42 EA 13 5B 66 3B 64 E3 EA 9B 23 20 0B C6 ..B..[f;d...# ..
0100: 66 DB AB 79 77 97 3E 4A D0 C7 79 C4 D2 E7 BD 1A f..yw.>J..y.....
0110: F3 90 39 A2 A4 69 A9 A1 4E A3 0B 92 93 9F 8F 4F ..9..i..N......O
0120: C3 4F CE E7 20 D6 45 4D 9B E0 B2 58 EC 96 19 99 .O.. .EM...X....
0130: E0 F3 BB E4 EF 7E 1D C7 C3 48 8B D0 7D 2D 8C 3A .........H...-.:
0140: 1A AF 77 3A 83 F4 51 C9 D6 DE BE 24 3B 03 7C A9 ..w:..Q....$;...
0150: 4B 5C C4 6E 59 AB E2 02 63 73 CE 98 8A D0 45 D5 K\.nY...cs....E.
0160: 6C FE 23 79 93 69 D5 74 0D AF FE 23 AE BB 3F E4 l.#y.i.t...#..?.
0170: 9C 05 87 E1 2E 91 51 D6 44 55 7E 66 73 1D BB C2 ......Q.DU.fs...
0180: F3 E8 4D CA 50 D9 6D 2A AD 84 EF C7 70 4B 15 EA ..M.P.m*....pK..
0190: C4 E0 33 3E 44 89 A3 97 8C 32 17 FD B9 DD 22 FB ..3>D....2....".
01A0: 08 CF 1E 49 78 B7 2F 8E 60 66 58 3D 57 6F 21 72 ...Ix./.`fX=Wo!r
01B0: D3 87 38 9C DD EB 60 D8 BD 06 A8 04 FD 2D 59 EA ..8...`......-Y.
01C0: 82 A8 E8 E7 73 81 1E DE FD 51 33 0C F7 47 AE 34 ....s....Q3..G.4
01D0: 58 57 DD CE FD 12 68 A6 A8 2E 58 4F C7 6A 1E 27 XW....h...XO.j.'
01E0: 39 EF C7 BE 75 32 96 99 6B 1B E6 23 2A A5 0E 2F 9...u2..k..#*../
01F0: 35 0A 0C 0C FA 92 65 1D DC 17 56 57 C4 08 89 48 5.....e...VW...H
]
chain [1] = [
[
Version: V1
Subject: C=US, CN=myname.organization.com, ST=myname.organization.com, L=myname.organization.com, EMAILADDRESS=myname.organization.com, OU=myname.organization.com, O=myname.organization.com
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 4096 bits
modulus: 806866056348410276765741718640530245144236832502515305762072630647553277327953919063172921502880537921571234334570551528531888439605163701867371172813984927986527584575335107418628498623377289440387978453125866503947773575289298639780740830349842738718874502642354354786938153803982142709595698253667527748252780647208422256786989310056682111281793756866001585577762899819782647308899956239433307951381179494148030342543127196354965114705680137760255253494869690234155019595101679874833401305309080790668924554791611347641826073186513714032079267845800910995372117962695304732667441462587341743926848435668491205343373472147947564642450777593350053051331533112897445884090255314793988795654376385927964164743689070718825504556057816253883950563232708345137230621100544965407234099088514072120925433729718654307794068734283314839693884400349895261851764957828001331060077733384251643023885026867016629337741393451760864161087662305445338147618921663305526880031574988450298248773113067904762125722376437187045162922144483754266350990810318433387352520742359961188082219224300651116723774686748606066644650420169490565673256120050113505389581136874611045622641221693918773655462724374483166653830081719164259720121105179323613660081321
public exponent: 65537
Validity: [From: Fri Mar 09 13:29:15 EST 2012,
To: Sat Mar 09 13:29:15 EST 2013]
Issuer: C=US, CN=myname.organization.com, ST=myname.organization.com, L=myname.organization.com, EMAILADDRESS=myname.organization.com, OU=myname.organization.com, O=myname.organization.com
SerialNumber: [ c1e2c18c f327ad81]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 8A EB 65 0E 88 09 BE 9A BA 88 FB CA 9A D4 53 F4 ..e...........S.
0010: B0 5C 91 67 BD C9 35 67 2D 37 78 2D 5C E6 4B 26 .\.g..5g-7x-\.K&
0020: E9 8E 20 3D DE 92 9B 29 A7 CB CC 5F 4E E3 CD 1A .. =...)..._N...
0030: FA 5B EB 0D 42 DC 17 05 4E D6 34 72 43 46 6C 55 .[..B...N.4rCFlU
0040: 99 FF AC 00 2E BF 28 5D 4A 6A 21 DE 72 9E 6C 7A ......(]Jj!.r.lz
0050: A6 10 28 27 21 72 0F 69 09 04 D3 FB A7 83 DF 81 ..('!r.i........
0060: E2 78 BD 0B 4F D7 AA B4 CC E2 E4 3B A5 30 A3 14 .x..O......;.0..
0070: B4 83 75 DC E6 8C 01 9A B2 BA FF 0D 3F AA F1 30 ..u.........?..0
0080: A0 33 A9 CC 13 08 72 8F E2 75 1D 3B 30 B8 82 3C .3....r..u.;0..<
0090: 9A A0 A3 68 18 60 C0 1F E4 2E 06 D6 1B B8 46 6F ...h.`........Fo
00A0: AB D3 C9 AD 89 E6 E7 48 12 0F 90 A5 B8 A2 17 51 .......H.......Q
00B0: 41 AF 1E 62 6C D2 48 B2 41 C6 CE 1D 4E B1 F7 90 A..bl.H.A...N...
00C0: 34 26 E0 5D 95 7B BD 93 BA 4C D1 7A 08 A9 1E 57 4&.].....L.z...W
00D0: 03 EE F2 EC BD 8E 36 43 1D 4F 9E 39 56 A8 E4 B6 ......6C.O.9V...
00E0: 44 6C D5 D3 8C F0 FE 1F 87 87 67 2D E6 05 7E BA Dl........g-....
00F0: 18 FB 6C 0B D8 80 19 08 27 8F 60 09 A6 BA 68 55 ..l.....'.`...hU
0100: 05 13 A8 9C 04 06 F8 24 A1 52 DB 67 69 2E FE 12 .......$.R.gi...
0110: A5 23 D1 2E 56 EA 54 08 83 DD 91 43 45 8B F6 97 .#..V.T....CE...
0120: 01 65 CC 32 4C FA D6 89 81 83 B4 21 92 F4 EC 29 .e.2L......!...)
0130: 68 87 51 A0 FC B7 7D BD 90 F8 A1 F8 68 82 CF 03 h.Q.........h...
0140: 4E 9C C2 FA AF 4A D3 AD 0B AB AB 73 4B B4 95 B0 N....J.....sK...
0150: EC 64 6B 8E 2B D4 E1 41 96 19 EC E9 6B 92 51 8A .dk.+..A....k.Q.
0160: D8 C1 87 FC DB B4 12 BD 14 AB 5C 07 73 AA DE CE ..........\.s...
0170: E5 05 8F E9 CC 9F C4 2A B6 0F 5D 40 8E 7A 82 7E .......*..]#.z..
0180: CD 28 88 8F 01 3E 6C EF E7 01 58 2E C9 3F 0E 44 .(...>l...X..?.D
0190: 4D 1A 2B BB 0D 51 76 38 26 D4 89 5C 9B AB 63 FA M.+..Qv8&..\..c.
01A0: 4B 63 7C DC 0E 05 01 BB E4 97 73 03 4F 83 71 1E Kc........s.O.q.
01B0: B6 CB A6 62 F9 21 1B F2 24 D3 85 1D E6 31 87 E4 ...b.!..$....1..
01C0: D6 74 09 70 C3 D0 4C 35 7E F1 49 5A 60 B7 02 72 .t.p..L5..IZ`..r
01D0: 04 C9 83 AD 5E 63 1F 7B 97 4C 35 7F 15 88 D5 5D ....^c...L5....]
01E0: DA 3B F6 80 9B 07 E5 86 4B 67 F6 B2 66 DE 81 6C .;......Kg..f..l
01F0: FF B6 99 D1 06 EF 3A 27 68 8D F2 EE 72 C4 48 64 ......:'h...r.Hd
]
***
adding as trusted cert:
Subject: CN=myname.organization.com, OU=myname.organization.com, O=myname.organization.com, L=myname.organization.com, ST=myname.organization.com, C=US
Issuer: C=US, CN=myname.organization.com, ST=myname.organization.com, L=myname.organization.com, EMAILADDRESS=myname.organization.com, OU=myname.organization.com, O=myname.organization.com
Algorithm: RSA; Serial number: 0x71c8
Valid from Fri Mar 09 13:29:22 EST 2012 until Sat Mar 09 13:29:22 EST 2013
adding as trusted cert:
Subject: C=US, CN=myname.organization.com, ST=myname.organization.com, L=myname.organization.com, EMAILADDRESS=myname.organization.com, OU=myname.organization.com, O=myname.organization.com
Issuer: C=US, CN=myname.organization.com, ST=myname.organization.com, L=myname.organization.com, EMAILADDRESS=myname.organization.com, OU=myname.organization.com, O=myname.organization.com
Algorithm: RSA; Serial number: 0xc1e2c18cf327ad81
Valid from Fri Mar 09 13:29:15 EST 2012 until Sat Mar 09 13:29:15 EST 2013
trigger seeding of SecureRandom
done seeding SecureRandom
trigger seeding of SecureRandom
done seeding SecureRandom
Using SSLEngineImpl.
985 [main] INFO nettyliteserver.ssl.FlexibleErrorSslHandler - handleDownstream
That's where it terminates. I've changed the printouts around a bit so that sometimes I also get one more line, the printout from logger.info("Connected to " + realRequest.getHost() + ":" + realRequest.getPort() + " " + realRequest.getUri()); but I really don't know what is causing it to shut down.
I tried overriding the netty SSLHandler and on all it's public operations added a printout, but the close(), channelConnected(), channelDisconnected(), etc methods are never being called. Neither is handshake().
My pipeline is set up to do a handshake:
public class HttpSnoopClientPipelineFactory implements ChannelPipelineFactory {
public ChannelPipeline getPipeline() throws Exception {
// Create a default pipeline implementation.
ChannelPipeline pipeline = pipeline();
// Enable HTTPS
SSLEngine engine =
SecureChatSslContextFactory.getClientContext().createSSLEngine();
engine.setUseClientMode(true);
System.out.println("HERE!!!!!!!!!!!!");
pipeline.addLast("ssl", new SslHandler(engine));
pipeline.addLast("codec", new HttpClientCodec());
// Remove the following line if you don't want automatic content decompression.
pipeline.addLast("inflater", new HttpContentDecompressor());
// Uncomment the following line if you don't want to handle HttpChunks.
//pipeline.addLast("aggregator", new HttpChunkAggregator(1048576));
pipeline.addLast("handler", new HttpSnoopClientHandler());
return pipeline;
}
}
My custom SSLHandler is really the same as the library's SslHandler, I just overrode the methods to add printouts before delegating to the super version.
It looks like the only thing being called on it is handleDownstream()
You need to call SslHandler.handshake() by yourself after the connect success.
Something like:
future.getChannel().getPipeline(SslHandler.class).handshake();
This needs to get done in your ChannelFuture that gets returned by the connect method or a SimpleChannelUpstreamHandler implementation that you add to the ChannelPipeline
Netty documentation states:
Handshake
If isIssueHandshake() is false (default) you will need to take care of
calling handshake() by your own. In most situations were SslHandler is
used in 'client mode' you want to issue a handshake once the
connection was established. if setIssueHandshake(boolean) is set to
true you don't need to worry about this as the SslHandler will take
care of it.
see javadoc
So, you should set isIssueHandshake on SslHandler before estamblishing the connection:
SslHandler sslHandler = new SslHandler(engine);
setIssueHandshake(boolean);
pipeline.addLast("ssl", sslHandler);