> Thank you! So it is the *client* that breaks the connection,
> and it is unhappy either about MiTM, or the encoding. I will
> check for both (though not much I can do about either).
Presumably you've added that cert to some trust store on the system in
question.
> On Apr 25, 2017, at 4:41 PM, Blumenthal, Uri - 0553 - MITLL
> wrote:
>
>Client objects to the server chain. Either does not trust the MiTM root
> CA, or
>is unhappy about its encoding (assuming tshark is not generating an FP
> warning).
>
> Thank you! So it is the *client* that b
> extensions: 4 items
> Extension (ns_cert_exts.comment)
> Extension Id: 2.16.840.1.113730.1.13
(ns_cert_exts.comment)
> BER Error: String with tag=22 expected
but c
> On Apr 25, 2017, at 3:17 PM, Blumenthal, Uri - 0553 - MITLL
> wrote:
> Secure Sockets Layer
> SSL Record Layer: Handshake Protocol: Client Hello
> Content Type: Handshake (22)
> Version: TLS 1.2 (0x0303)
> Length: 228
> Handshake Protocol: Client Hello
>
On 4/24/17, 7:26 PM, "openssl-users on behalf of Viktor Dukhovni"
wrote:
I get slightly annoyed when I take the time to help, but my response is
skimmed over and not read carefully. Upthread I said:
See my recent post:
https://www.spinics.net/lists/openssl-users/msg05623.html
> On Apr 24, 2017, at 7:11 PM, Blumenthal, Uri - 0553 - MITLL
> wrote:
>
>Please report tshark output, not an approximate rendition. In what
> direction
>is the alert sent?
>
> I’m using WireShark. The IP addresses on the Alert packet show local host as
> the source, and the proxy a
> I went through the capture between the app (local end) and the proxy. It
appears that the sequence is:
>
> ClientHello -> (from app to proxy, with a ton of cipher suites, including
0xc02f)
> <- ServerHello (with TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 –
present in ClientH
> On Apr 24, 2017, at 6:11 PM, Blumenthal, Uri - 0553 - MITLL
> wrote:
>
> I went through the capture between the app (local end) and the proxy. It
> appears that the sequence is:
>
> ClientHello -> (from app to proxy, with a ton of cipher suites, including
> 0xc02f)
> <- ServerHello
> Handshake failed
>
> The SSL handshake could not be performed.
>
> Host: Reason: error:14094416:SSL
> routines:ssl3_read_bytes:sslv3 alert certificate unknown:state
> 23:Application response 500 handshakefailed
>
>
> generated 2017-04-24 15:28:13 by we
On 24/04/17 22:18, Blumenthal, Uri - 0553 - MITLL wrote:
> I use a 3rd-party application that is trying to update itself (so
> it’s trying to “call home”). Naturally, I’m behind a corporate
> firewall and Web proxy. The app has been configured to use that
> proxy. It fails to connect. Packet capt
> I use a 3rd-party application that is trying to update itself (so it’s
trying to “call home”).
> Naturally, I’m behind a corporate firewall and Web proxy. The app has
been configured to use
> that proxy. It fails to connect. Packet capture reveals the following:
You're noti
> On Apr 24, 2017, at 5:18 PM, Blumenthal, Uri - 0553 - MITLL
> wrote:
>
> I use a 3rd-party application that is trying to update itself (so it’s trying
> to “call home”). Naturally, I’m behind a corporate firewall and Web proxy.
> The app has been configured to use that proxy. It fails to co
I use a 3rd-party application that is trying to update itself (so it’s trying
to “call home”). Naturally, I’m behind a corporate firewall and Web proxy. The
app has been configured to use that proxy. It fails to connect. Packet capture
reveals the following:
Handshake failed
The SSL handshake
13 matches
Mail list logo