RE: Enabling Logging in OpenSSL

[Dave Thompson]

>From: owner-openssl-us...@openssl.org On Behalf Of Mithun Kumar
>Sent: Tuesday, 11 September, 2012 02:10

>On Tue, Sep 11, 2012 at 8:08 AM, Dave Thompson <dthomp...@prinpay.com>
wrote:
<snip>
>       I didn't notice before, but 1433 on Windows is usually SQLServer.
>       If so, SQLServer doesn't start in SSL; it starts in a SQLServer
protocol
>       (TDS) and optionally switches to SSL. If you connect to 1433 and
just start
>       an SSL handshake, SQLServer will consider this a violation of TDS
protocol.
>       <snip> And in fact on my elderly SQLServer2005 Express, connecting
to 1433
>       and starting -ssl3 handshake does exactly as you report, with an
event logged:
>       source=MSSQLSERVER eventid=17836
>       Length specified in network packet payload did not match number of
bytes read;
>       the connection has been closed. Please contact the vendor of the
client  library.
>       [CLIENT: 127.0.0.1]
>       whereas a (default) ssl2 clienthello hangs (at least 1minute).
<snip>
                
>       In this case, you must implement the TDS protocol, or at least the
part
>       of it that starts SSL. <snip>
>       jtds.sourceforge.net is a Java port of freetds that I do use okay,
>       and Java's SSL implementation (JSSE) has the feature that (fairly
>       verbose) logging can be turned on by a sysprop <snip>
                
>Mithun>>I am trying to connect to SQLServer which by default starts in TDS.

>you said " And in fact on my elderly SQLServer2005 Express, connecting to
1433 
>and starting -ssl3 handshake does exactly as you report, with an event
logged:
>source=MSSQLSERVER eventid=17836"
        
>Did you get the events logged in SQLServer Log's? Can you please elaborate 
>so that i can confirm what i am seeing?

I found it in the Windows application eventlog because that's 
quicker for me to use, but it is also in the SQLServer ERRORLOG.
There was exactly one event for the one ssl3 handshake attempt.

>JSSE tracing indeed gives in detail log on the handshake , Unfortunately 
>i am not sure how to enable the same on SQLServer !!!

I don't know about any SSL or other connection logging in SQLServer.
But do you need to? If there is no network problem in between, 
the messages sent and received by the client, here jtds, are the 
same as the messages received and sent by the server.


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org