RE: client hello difference 1.0.1e vs 1.0.1f

Wed, 12 Nov 2014 07:15:11 -0800 

Took me a while to see, but the difference is in the last line of the client 
hello. Your working example has MD5+RSA listed as a TLS 1.2 signature pair 
whereas first doesn't.

0302 SHA-224 DSA
0303 SHA-224 ECDSA
0201 SHA-1 RSA
0202 SHA-1 DSA
0203 SHA-1 ECDSA
000F TLS_DH_RSA_WITH_DES_CBC_SHA
0101 (missing from first example) MD5 RSA
0001 TLS_NULL_WITH_NULL_MD5

0130 - 03 02 03 03 02 01 02 02-02 03 00 0f 00 01 01      ...............

0130 - 03 02 03 03 02 01 02 02-02 03 01 01 00 0f 00 01   ................
0140 - 01                                                .

The trailing 1 is compression.

Carl

________________________________________
From: owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] on 
behalf of Tristan Hill [tris...@saticed.me.uk]
Sent: 12 November 2014 09:32
To: openssl-users@openssl.org
Subject: client hello difference 1.0.1e vs 1.0.1f

Hi,

Is it possible to make s_client give more detail about the client
hello it sends.  A break down covering the RFC structure would be
useful.

struct {
            ProtocolVersion client_version;
            Random random;
            SessionID session_id;
            CipherSuite cipher_suites<2..2^16-1>;
            CompressionMethod compression_methods<1..2^8-1>;
        } ClientHello;

I'm trying to work out what is different between these two connections
(and why one works but the other doesn't):

$  ~/Downloads/openssl-1.0.1f/apps/openssl s_client -connect
yum.dev.bbc.co.uk:443 -cert /home/stan/Downloads/hillt08.pem -CAfile
/home/stan/Downloads/ca.pem -debug -state
WARNING: can't open config file:
/home/stan/Downloads/openssl-1.0.1f/prefix/openssl.cnf
CONNECTED(00000003)
SSL_connect:before/connect initialization
write to 0x1d71d10 [0x1d71d90] (319 bytes => 319 (0x13F))
0000 - 16 03 01 01 3a 01 00 01-36 03 03 70 e7 e7 64 c8   ....:...6..p..d.
0010 - 4d 6e 3e 08 a9 f9 98 15-6d c2 64 34 6a 84 c3 f7   Mn>.....m.d4j...
0020 - 7d 8a 1b b5 9e ab 79 98-7a 37 ec 00 00 a0 c0 30   }.....y.z7.....0
0030 - c0 2c c0 28 c0 24 c0 14-c0 0a c0 22 c0 21 00 a3   .,.(.$.....".!..
0040 - 00 9f 00 6b 00 6a 00 39-00 38 00 88 00 87 c0 32   ...k.j.9.8.....2
0050 - c0 2e c0 2a c0 26 c0 0f-c0 05 00 9d 00 3d 00 35   ...*.&.......=.5
0060 - 00 84 c0 12 c0 08 c0 1c-c0 1b 00 16 00 13 c0 0d   ................
0070 - c0 03 00 0a c0 2f c0 2b-c0 27 c0 23 c0 13 c0 09   ...../.+.'.#....
0080 - c0 1f c0 1e 00 a2 00 9e-00 67 00 40 00 33 00 32   .........g.@.3.2
0090 - 00 9a 00 99 00 45 00 44-c0 31 c0 2d c0 29 c0 25   .....E.D.1.-.).%
00a0 - c0 0e c0 04 00 9c 00 3c-00 2f 00 96 00 41 00 07   .......<./...A..
00b0 - c0 11 c0 07 c0 0c c0 02-00 05 00 04 00 15 00 12   ................
00c0 - 00 09 00 14 00 11 00 08-00 06 00 03 00 ff 01 00   ................
00d0 - 00 6d 00 0b 00 04 03 00-01 02 00 0a 00 34 00 32   .m...........4.2
00e0 - 00 0e 00 0d 00 19 00 0b-00 0c 00 18 00 09 00 0a   ................
00f0 - 00 16 00 17 00 08 00 06-00 07 00 14 00 15 00 04   ................
0100 - 00 05 00 12 00 13 00 01-00 02 00 03 00 0f 00 10   ................
0110 - 00 11 00 23 00 00 00 0d-00 20 00 1e 06 01 06 02   ...#..... ......
0120 - 06 03 05 01 05 02 05 03-04 01 04 02 04 03 03 01   ................
0130 - 03 02 03 03 02 01 02 02-02 03 00 0f 00 01 01      ...............
SSL_connect:SSLv2/v3 write client hello A
read from 0x1d71d10 [0x1d772f0] (7 bytes => 7 (0x7))
0000 - 15 03 03 00 02 02 28                              ......(
SSL3 alert read:fatal:handshake failure
SSL_connect:error in SSLv2/v3 read server hello A
140550067680928:error:14077410:SSL
routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake
failure:s23_clnt.c:762:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 319 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---


$ ~/Downloads/openssl-1.0.1e/apps/openssl s_client -connect
yum.dev.bbc.co.uk:443 -cert /home/stan/Downloads/hillt08.pem -CAfile
/home/stan/Downloads/ca.pem -debug -state
WARNING: can't open config file:
/home/stan/Downloads/openssl-1.0.1e/prefix/openssl.cnf
CONNECTED(00000003)
SSL_connect:before/connect initialization
write to 0xfa9cf0 [0xfa9d70] (321 bytes => 321 (0x141))
0000 - 16 03 01 01 3c 01 00 01-38 03 03 54 63 25 81 54   ....<...8..Tc%.T
0010 - 37 70 1d 7e 32 ad a3 ab-6a 54 2c 18 96 6f f5 59   7p.~2...jT,..o.Y
0020 - f6 49 e1 c7 72 ab a5 06-51 61 29 00 00 a0 c0 30   .I..r...Qa)....0
0030 - c0 2c c0 28 c0 24 c0 14-c0 0a c0 22 c0 21 00 a3   .,.(.$.....".!..
0040 - 00 9f 00 6b 00 6a 00 39-00 38 00 88 00 87 c0 32   ...k.j.9.8.....2
0050 - c0 2e c0 2a c0 26 c0 0f-c0 05 00 9d 00 3d 00 35   ...*.&.......=.5
0060 - 00 84 c0 12 c0 08 c0 1c-c0 1b 00 16 00 13 c0 0d   ................
0070 - c0 03 00 0a c0 2f c0 2b-c0 27 c0 23 c0 13 c0 09   ...../.+.'.#....
0080 - c0 1f c0 1e 00 a2 00 9e-00 67 00 40 00 33 00 32   .........g.@.3.2
0090 - 00 9a 00 99 00 45 00 44-c0 31 c0 2d c0 29 c0 25   .....E.D.1.-.).%
00a0 - c0 0e c0 04 00 9c 00 3c-00 2f 00 96 00 41 00 07   .......<./...A..
00b0 - c0 11 c0 07 c0 0c c0 02-00 05 00 04 00 15 00 12   ................
00c0 - 00 09 00 14 00 11 00 08-00 06 00 03 00 ff 01 00   ................
00d0 - 00 6f 00 0b 00 04 03 00-01 02 00 0a 00 34 00 32   .o...........4.2
00e0 - 00 0e 00 0d 00 19 00 0b-00 0c 00 18 00 09 00 0a   ................
00f0 - 00 16 00 17 00 08 00 06-00 07 00 14 00 15 00 04   ................
0100 - 00 05 00 12 00 13 00 01-00 02 00 03 00 0f 00 10   ................
0110 - 00 11 00 23 00 00 00 0d-00 22 00 20 06 01 06 02   ...#.....". ....
0120 - 06 03 05 01 05 02 05 03-04 01 04 02 04 03 03 01   ................
0130 - 03 02 03 03 02 01 02 02-02 03 01 01 00 0f 00 01   ................
0140 - 01                                                .
SSL_connect:SSLv2/v3 write client hello A
read from 0xfa9cf0 [0xfaf2d0] (7 bytes => 7 (0x7))
0000 - 16 03 03 00 51 02                                 ....Q.
0007 - <SPACES/NULS>
read from 0xfa9cf0 [0xfaf2da] (79 bytes => 79 (0x4F))
0000 - 00 4d 03 03 54 63 25 81-5f 7c 31 26 97 4c 67 c7   .M..Tc%._|1&.Lg.
0010 - 5d ce 0e 87 5e e0 e7 83-cc e5 27 0e c7 54 cf 11   ]...^.....'..T..
0020 - 2d 0e 20 64 20 8f b0 66-54 fc 1f 1a cc 87 a5 45   -. d ..fT......E
0030 - 9f c3 70 ff 54 82 c3 96-77 28 b0 4f 37 31 52 c6   ..p.T...w(.O71R.
0040 - bf e6 df 37 54 00 2f 00-00 05 ff 01 00 01         ...7T./.......
004f - <SPACES/NULS>
SSL_connect:SSLv3 read server hello A

Cheers
Tristan
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to