On Tue, Mar 4, 2014 at 11:41 AM, Jeffrey Walton <noloa...@gmail.com> wrote: > On Tue, Mar 4, 2014 at 11:19 AM, Dr. Stephen Henson <st...@openssl.org> wrote: >> ... > > I'm setting up Wireshark now on another machine to get the trace. The Wireshark trace is useless (to me) because its only displaying TCP traffic (and not breaking out the SSL/TLS protocol). I can't break the bits out in my head.
Here's -debug from a separate s_client on a different physical machine. $ /usr/local/ssl/bin/openssl s_client -tls1_2 -connect debian-q500:8443 -cipher ECDHE-ECDSA-AES128-GCM-SHA256 -debug CONNECTED(00000003) write to 0x736bc0 [0x7406f3] (163 bytes => 163 (0xA3)) 0000 - 16 03 01 00 9e 01 00 00-9a 03 03 12 a5 1d c3 7e ...............~ 0010 - 5e e1 dc 20 c3 9e da dd-cb 66 8f 0b d0 6c 24 13 ^.. .....f...l$. 0020 - e0 b5 de ef 54 5f cd 2c-4c 53 37 00 00 04 c0 2b ....T_.,LS7....+ 0030 - 00 ff 01 00 00 6d 00 0b-00 04 03 00 01 02 00 0a .....m.......... 0040 - 00 34 00 32 00 0e 00 0d-00 19 00 0b 00 0c 00 18 .4.2............ 0050 - 00 09 00 0a 00 16 00 17-00 08 00 06 00 07 00 14 ................ 0060 - 00 15 00 04 00 05 00 12-00 13 00 01 00 02 00 03 ................ 0070 - 00 0f 00 10 00 11 00 23-00 00 00 0d 00 20 00 1e .......#..... .. 0080 - 06 01 06 02 06 03 05 01-05 02 05 03 04 01 04 02 ................ 0090 - 04 03 03 01 03 02 03 03-02 01 02 02 02 03 00 0f ................ 00a0 - 00 01 01 ... read from 0x736bc0 [0x73c1a3] (5 bytes => 5 (0x5)) 0000 - 15 03 03 00 02 ..... read from 0x736bc0 [0x73c1a8] (2 bytes => 2 (0x2)) 0000 - 02 28 .( 139925962778272:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1256:SSL alert number 40 139925962778272:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:596: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 0 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1.2 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: Key-Arg : None SRP username: None Start Time: 1393954054 Timeout : 7200 (sec) Verify return code: 0 (ok) --- ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org