Hi everyone,
I'm new to the mailing list so I apologize in advance if this issue has been
addressed.
(I searched the list archives for related posts and found none.)
essentially, i am experiencing a specific error condition and i'm unsure how to
address/resolve it. decoding the message has not proven especially helpful so far.
i have an openssl server waiting for connections. the connection accept works fine,
some
request/reply data is exchanged, and then the client send an alert message which cause
my
server to report the following:
error:140943F2:SSL routines:SSL3_READ_BYTES:sslv3 alert unexpected message
what i dont know is what the unexpected message was, why it was sent, or how to cope
with
or prevent it. since i dont have control/insight into this client (i'm in a position
where i have to treat the client like a black box), i am forced to try to resolve this
from the server side.
here is a sanitized ssldump of the conversation in question. note that the client is
not Mozilla, even if the user agent is reported that way. also note, both the HTTP
request/reply are content-length 0, but this is the intended behaviour.
New TCP connection #580: 10.10.160.37(3442) <-> champ.test.sample.com(7878)
580 1 0.0010 (0.0010) C>SV3.1(51) Handshake
ClientHello
Version 3.1
random[32]=
79 89 1d c5 7d c7 b3 25 54 3f 0e c3 27 e9 86 ea
2a 99 94 67 9e ea 42 bf 76 aa 09 40 61 59 2d 15
cipher suites
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_DES_CBC_SHA
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_MD5
compression methods
NULL
580 2 0.0013 (0.0003) S>CV3.1(74) Handshake
ServerHello
Version 3.1
random[32]=
41 12 73 e7 12 df f8 d6 0e 16 41 da 73 84 11 4b
95 a1 c8 9d 69 a9 be 6b ca 15 42 ad 21 33 7c 22
session_id[32]=
8d 04 29 95 d6 d0 b8 d1 76 7a c6 4c 97 52 50 a8
c6 c9 47 1b 0a 2f 80 ef 60 54 c7 bd 11 92 54 f3
cipherSuite TLS_RSA_WITH_3DES_EDE_CBC_SHA
compressionMethod NULL
580 3 0.0013 (0.0000) S>CV3.1(1747) Handshake
Certificate
580 4 0.0013 (0.0000) S>CV3.1(4) Handshake
ServerHelloDone
580 5 0.0046 (0.0032) C>SV3.1(134) Handshake
ClientKeyExchange
EncryptedPreMasterSecret[128]=
b1 d2 19 18 53 3d 12 7f 99 0c 7f 63 e6 6b db 3c
e2 80 73 f9 81 a6 aa e2 e1 3c 25 85 38 f2 42 50
52 ee f9 03 d9 9b a1 ec 8f 63 24 ac 81 7b f1 e0
5f d9 96 e1 16 da 0d 99 04 aa cd 82 02 85 df e4
ba 1a 74 2f 4f 63 cd 05 34 f2 87 ef 67 b6 01 c6
31 86 22 71 55 81 62 ed 08 fb d1 83 16 d6 db f3
36 9a 83 32 d9 47 6a 64 e1 ee 4c fb 0d 23 a7 66
b1 3a d6 40 34 8f 45 3a 8c 48 5e fc 25 ee 61 23
580 6 0.1005 (0.0958) C>SV3.1(1) ChangeCipherSpec
580 7 0.1005 (0.0000) C>SV3.1(40) Handshake
Finished
verify_data[12]=
31 a9 f4 dc ed 4b a8 5e ae 7e 41 f7
580 8 0.1009 (0.0004) S>CV3.1(1) ChangeCipherSpec
580 9 0.1009 (0.0000) S>CV3.1(40) Handshake
Finished
verify_data[12]=
de 4c 02 99 e2 5f fa 1e 40 92 22 d4
580 10 0.1018 (0.0009) C>SV3.1(256) application_data
---------------------------------------------------------------
GET /sanitized_request HTTP/1.1
Authorization: Basic SANITIZED
Host: 10.1.1.135
User-Agent: Mozilla/4.76 [en] (compatible; U)
Content-Length: 0
---------------------------------------------------------------
580 11 0.1381 (0.0362) S>CV3.1(24) application_data
---------------------------------------------------------------
---------------------------------------------------------------
580 12 0.1381 (0.0000) S>CV3.1(264) application_data
---------------------------------------------------------------
HTTP/1.1 200 OK
Connection: Keep-Alive
Date: Thu, 05 Aug 2004 11:04:59 UTC
Server: HTTP/1.1 compliant
Content-Length: 0
Set-Cookie: userToken=7aw7r3d3DbCQJKzaL5kriw; path=/
---------------------------------------------------------------
580 13 0.1386 (0.0004) C>SV3.1(24) Alert
level fatal
value unexpected_message
580 14 0.1387 (0.0001) C>SV3.1(24) Alert
level warning
value close_notify
580 0.1387 (0.0000) C>S TCP FIN
580 15 0.1390 (0.0002) S>CV3.1(24) Alert
level warning
value close_notify
580 0.1390 (0.0000) S>C TCP FIN
thanks in advance for any thoughts/suggestions...
joe
----
PGP KEY: http://www.sublimation.org/contact.html
PGP Key fingerprint = EC4B 0DA5 B4F6 BDDD 9176 55D6 3A6A 7D63 158F 22D2
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
