Eric Rescorla wrote:
>
> "Paul L. Allen" <[EMAIL PROTECTED]> writes:
> > JSSE stores keys and certificates in its own private format managed
> > by a thing called "keytool". In the JSSE documentation, no mention
> > is ever made of a CA. Keys and certs are always generated as needed
> > by keytool. To get my client its certificate, I had the Cylink CA
> > generate a cert, downloaded it into my Netscape browser, exported that
> > to a PKCS12 file, converted that to PEM and then to DER using the
> > openssl x509 command, and then imported it into a JSSE keystore file
> > using the keytool. A similar operation converted the CA's root
> > certificate into a "truststore" file for use by JSSE.
> >
> > I've watched my Java client connecting to my OpenSSL server using
> > ssldump. I can see the server's cert going over to the client. The
> > client does not send its own cert over to the server, and the server
> > confirms that it has not got a cert from the client. The client
> > sends its first line of application data to the server and ssldump
> > successfully decrypts it. The server receives binary garbage, and
> > things unravel from there.
> What do you mean by "the server receives binary garbage"?
The client sends 60 bytes (including the newline) of printable ASCII
using BIO_puts(). The server does a matching BIO_gets(), which hangs
apparently waiting for a newline. I kill the client. The server's
BIO_gets() returns 90 bytes of non-printable binary.
> > Perhaps the client is unhappy with its cert or the CA cert, but
> > these certs (in PEM format) work fine with a test client coded in
> > C. The client and server appear to be successfully negotiating a
> > connection, but data coming out the server end is garbled. The fact
> > that ssldump successfully decrypts data going over the connection
> > suggests that the JSSE side is doing the right thing. But then, why
> > is the JSSE side refusing to send its certificate? Puzzles, puzzles!
> Well, one question is: is the server asking for the client's
> certificate. Does ssldump show a CertificateRequest message
> from the server? In either case, this shouldn't cause
> bad decryption but just a handshake error.
>
> Perhaps an ssldump trace would be helpful to post.
If I'm interpreting the trace right, the server is sending a
CertificateRequest message. Ssldump does successfully decrypt
the line of application data. A typescript of the ssldump session
is attached.
> It's relatively hard to debug JSSE problems because you can't
> debug the code itself. Are you committed to JSSE or have you
> considered PureTLS?
The guy who wrote the Java code probably picked JSSE because it was
included with the JDK. I'll ask him if he's aware of PureTLS.
Thanks for your thoughts.
Paul Allen
--
Boeing Phantom Works \ Paul L. Allen, (425) 865-3297
Math & Computing Technology \ [EMAIL PROTECTED]
POB 3707 M/S 7L-40, Seattle, WA 98124-2207 \ Prototype Systems Group
Script started on Mon Aug 26 11:01:24 2002
�]0;paula@bluesky:~/projects/policy_language/policy_parser�[paula@bluesky
policy_parser]$ ssldump -d -N -i lo -k server.pem port 4434
Enter PEM pass phrase:
New TCP connection #1: bluesky.rt.cs.boeing.com(34735) <->
bluesky.rt.cs.boeing.com(4434)
1 1 0.0800 (0.0800) C>S SSLv2 compatible client hello
Version 3.1
cipher suites
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_MD5
SSL2_CK_RC4
TLS_RSA_WITH_DES_CBC_SHA
SSL2_CK_DES
TLS_RSA_WITH_3DES_EDE_CBC_SHA
SSL2_CK_3DES
TLS_DHE_DSS_WITH_DES_CBC_SHA
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS_RSA_EXPORT_WITH_RC4_40_MD5
SSL2_CK_RC4_EXPORT40
TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
1 2 0.1000 (0.0200) S>C Handshake
ServerHello
Version 3.1
session_id[32]=
1c f6 89 06 3c 92 37 55 de 33 65 0f b6 7d 55 99
f0 02 b7 62 3a 62 4c 07 40 76 ca af ed f2 e4 e2
cipherSuite TLS_RSA_WITH_RC4_128_SHA
compressionMethod NULL
1 3 0.1000 (0.0000) S>C Handshake
Certificate
Subject
C=US
ST=WA
L=Bellevue
O=Phantom Works
OU=mct
CN=webtest.i2net.phantomworks.org
[EMAIL PROTECTED]
Issuer
C=US
ST=WA
L=Bellevue
O=Phantom Works
CN=CA Server
Serial 27 94
Extensions
Extension: 2.16.840.113901.100.2.6
Extension: 2.16.840.113901.100.2.8
Extension: 2.16.840.113901.100.2.7
Extension: 2.16.840.113901.100.2.1
Extension: 2.16.840.113901.100.2.3
Extension: 2.16.840.113901.100.2.4
Extension: X509v3 Subject Key Identifier
Extension: X509v3 Authority Key Identifier
Extension: X509v3 Issuer Alternative Name
Extension: X509v3 Key Usage
Critical
Extension: X509v3 Basic Constraints
Subject
C=US
ST=WA
L=Bellevue
O=Phantom Works
CN=CA Server
Issuer
C=US
ST=WA
L=Bellevue
O=Phantom Works
CN=CA Server
Serial 27 11
Extensions
Extension: 2.16.840.113901.100.2.6
Extension: 2.16.840.113901.100.2.7
Extension: 2.16.840.113901.100.2.1
Extension: 2.16.840.113901.100.2.3
Extension: 2.16.840.113901.100.2.4
Extension: X509v3 Subject Key Identifier
Extension: X509v3 Subject Alternative Name
Extension: X509v3 Key Usage
Critical
Extension: X509v3 Basic Constraints
Critical
1 4 0.1000 (0.0000) S>C Handshake
CertificateRequest
certificate_types rsa_sign
certificate_types dss_sign
ServerHelloDone
1 5 0.3800 (0.2800) C>S Handshake
Certificate
ClientKeyExchange
1 6 0.4800 (0.1000) C>S ChangeCipherSpec
1 7 0.5000 (0.0200) C>S Handshake
Finished
1 8 0.5000 (0.0000) S>C ChangeCipherSpec
1 9 0.5000 (0.0000) S>C Handshake
Finished
1 10 0.6000 (0.1000) C>S application_data
---------------------------------------------------------------
(system:user name="Joe Admin" issuer="boeing.com" serial=12345)
---------------------------------------------------------------
1 77.3100 (76.7100) C>S TCP FIN
1 11 77.3100 (0.0000) S>C Alert
level warning
value close_notify
�]0;paula@bluesky:~/projects/policy_language/policy_parser�[paula@bluesky
policy_parser]$ exit
Script done on Mon Aug 26 11:05:35 2002
