Re: Server ECDSA certificate requirements for 1.0.1f?

Tue, 04 Mar 2014 09:38:23 -0800 

On Tue, Mar 4, 2014 at 11:41 AM, Jeffrey Walton <noloa...@gmail.com> wrote:
> On Tue, Mar 4, 2014 at 11:19 AM, Dr. Stephen Henson <st...@openssl.org> wrote:
>> ...
>
> I'm setting up Wireshark now on another machine to get the trace.
The Wireshark trace is useless (to me) because its only displaying TCP
traffic (and not breaking out the SSL/TLS protocol). I can't break the
bits out in my head.

Here's -debug from a separate s_client on a different physical machine.

$ /usr/local/ssl/bin/openssl s_client -tls1_2 -connect
debian-q500:8443 -cipher ECDHE-ECDSA-AES128-GCM-SHA256 -debug
CONNECTED(00000003)
write to 0x736bc0 [0x7406f3] (163 bytes => 163 (0xA3))
0000 - 16 03 01 00 9e 01 00 00-9a 03 03 12 a5 1d c3 7e   ...............~
0010 - 5e e1 dc 20 c3 9e da dd-cb 66 8f 0b d0 6c 24 13   ^.. .....f...l$.
0020 - e0 b5 de ef 54 5f cd 2c-4c 53 37 00 00 04 c0 2b   ....T_.,LS7....+
0030 - 00 ff 01 00 00 6d 00 0b-00 04 03 00 01 02 00 0a   .....m..........
0040 - 00 34 00 32 00 0e 00 0d-00 19 00 0b 00 0c 00 18   .4.2............
0050 - 00 09 00 0a 00 16 00 17-00 08 00 06 00 07 00 14   ................
0060 - 00 15 00 04 00 05 00 12-00 13 00 01 00 02 00 03   ................
0070 - 00 0f 00 10 00 11 00 23-00 00 00 0d 00 20 00 1e   .......#..... ..
0080 - 06 01 06 02 06 03 05 01-05 02 05 03 04 01 04 02   ................
0090 - 04 03 03 01 03 02 03 03-02 01 02 02 02 03 00 0f   ................
00a0 - 00 01 01                                          ...
read from 0x736bc0 [0x73c1a3] (5 bytes => 5 (0x5))
0000 - 15 03 03 00 02                                    .....
read from 0x736bc0 [0x73c1a8] (2 bytes => 2 (0x2))
0000 - 02 28                                             .(
139925962778272:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3
alert handshake failure:s3_pkt.c:1256:SSL alert number 40
139925962778272:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl
handshake failure:s3_pkt.c:596:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID:
    Session-ID-ctx:
    Master-Key:
    Key-Arg   : None
    SRP username: None
    Start Time: 1393954054
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
---
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to