Dr. Stephen Henson wrote:
>
> On Wed, Jan 20, 2010, Shotton, Fred wrote:
>
> > I'm running apache 2.2.14 with mod_ssl using OpenSSL 0.98m-beta1.
> When renegotiating a client session, I get an error from apache:
> "Re-negotiation handshake failed: Not accepted by client" and a fatal
> "unexpected_message" alert in OpenSSL s_client. Below you will find
> log output for the renegotiation failure and log output for a
> successful legacy renegotiation against OpenSSL 0.98k.
> >
> > Here's the log output of Apache:
> >
>
> Does the s_client output indicate that secure renegotiation is supported?
>
> What Apache configuration are you using to produce renegotiation?
>
> Can you also include the complete outut of s_client with the -state
> switch and
> no -debug switch.
>
> Steve.
> --
> Dr Stephen N. Henson. OpenSSL project core developer.
> Commercial tech support now available see: http://www.openssl.org
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-users@openssl.org
> Automated List Manager majord...@openssl.org
>
Hi Steve,
The s_client output does indicate secure renegotiation is supported. I
am using 0.98m for both s_client and Apache.
The Apache configuration used is this:
./configure --prefix=/usr/local/apache2 --enable-ssl
--with-ssl=../openssl-0.9.8m-beta1
The website configuration is:
<VirtualHost x.x.x.x:443>
DocumentRoot "/usr/local/apache2/htdocs"
ServerName xxxxxx.ssltest.aaaaaa.com
SSLEngine on
SSLCipherSuite
ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /usr/local/apache2/conf/ssl.crt/ssltest_good1.crt
<Directory "/usr/local/apache2/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
<Directory "/usr/local/apache2/cgi-bin/client-cert-reneg">
SSLOptions +StdEnvVars
</Directory>
SSLCACertificateFile /usr/local/apache2/conf/ssl.crt/calist.pem
<Location /cgi-bin/client-cert-reneg/>
SSLVerifyClient optional_no_ca
SSLVerifyDepth 5
</Location>
</VirtualHost>
The complete log output of s_client is:
fshot...@x.x.x.x:~/projects/apache/openssl-0.9.8m-beta1/apps$ ./openssl
s_client -connect x.x.x.x:443 -debug -cert client1.crt -key client1.key
-state -legacy_renegotiation
CONNECTED(00000003)
SSL_connect:before/connect initialization
write to 0x80bff20 [0x80c1260] (127 bytes => 127 (0x7F))
0000 - 80 7d 01 03 01 00 54 00-00 00 20 00 00 39 00 00 .}....T... ..9..
0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0 8..5............
0020 - 00 00 33 00 00 32 00 00-2f 00 00 07 05 00 80 03 ..3..2../.......
0030 - 00 80 00 00 05 00 00 04-01 00 80 00 00 15 00 00 ................
0040 - 12 00 00 09 06 00 40 00-00 14 00 00 11 00 00 08 ......@.........
0050 - 00 00 06 04 00 80 00 00-03 02 00 80 00 00 ff cd ................
0060 - 32 09 50 72 e1 82 9e 85-8f 47 92 fb d3 6e 57 38 2.Pr.....G...nW8
0070 - 21 40 b0 a6 42 26 ad ac-df 7c 40 0c a9 58 e8 !...@..b&...|@..X.
SSL_connect:SSLv2/v3 write client hello A
read from 0x80bff20 [0x80c67c0] (7 bytes => 7 (0x7))
0000 - 16 03 01 00 51 02 ....Q.
0007 - <SPACES/NULS>
read from 0x80bff20 [0x80c67c7] (79 bytes => 79 (0x4F))
0000 - 00 4d 03 01 4b 58 94 12-9f 41 0d c1 04 4f 9c 10 .M..KX...A...O..
0010 - 75 d2 9c 85 52 2c 2c b7-d2 cc a0 14 3e 23 2b 0e u...R,,.....>#+.
0020 - 18 cf 56 99 20 e4 00 8b-ee 2b 02 6a 72 c4 4b 53 ..V. ....+.jr.KS
0030 - 00 0e d5 0c 3b 89 04 cf-b6 a2 38 e9 9d 85 25 c3 ....;.....8...%.
0040 - 02 96 c5 0c ff 00 39 00-00 05 ff 01 00 01 ......9.......
004f - <SPACES/NULS>
SSL_connect:SSLv3 read server hello A
read from 0x80bff20 [0x80c67c0] (5 bytes => 5 (0x5))
0000 - 16 03 01 08 0e .....
read from 0x80bff20 [0x80c67c5] (2062 bytes => 2062 (0x80E))
0000 - 0b 00 08 0a 00 08 07 00-03 e9 30 82 03 e5 30 82 ..........0...0.
0010 - 02 cd a0 03 02 01 02 02-02 00 bd 30 0d 06 09 2a ...........0...*
0020 - 86 48 86 f7 0d 01 01 04-05 00 30 69 31 0b 30 09 .H........0i1.0.
0030 - 06 03 55 04 06 13 02 55-53 31 13 30 11 06 03 55 ..U....US1.0...U
0040 - 04 08 13 0a 43 61 6c 69-66 6f 72 6e 69 61 31 12 ....California1.
0050 - 30 10 06 03 55 04 07 13-09 53 61 6e 20 4d 61 74 0...U....San Mat
0060 - 65 6f 31 1c 30 1a 06 03-55 04 0a 13 13 41 6b 61 eo1.0...U....aaa
0070 - 6d 61 69 20 54 65 63 68-6e 6f 6c 6f 67 69 65 73 aaa Technologies
0080 - 31 13 30 11 06 03 55 04-0b 13 0a 47 68 6f 73 74 1.0...U....ggggg
0090 - 20 43 41 20 32 30 1e 17-0d 30 36 30 31 31 37 30 CA 20...0601170
00a0 - 31 35 36 35 34 5a 17 0d-33 36 30 31 31 37 30 31 15654Z..36011701
00b0 - 35 36 35 34 5a 30 81 91-31 0b 30 09 06 03 55 04 5654Z0..1.0...U.
00c0 - 06 13 02 55 53 31 13 30-11 06 03 55 04 08 13 0a ...US1.0...U....
00d0 - 43 61 6c 69 66 6f 72 6e-69 61 31 12 30 10 06 03 California1.0...
00e0 - 55 04 07 13 09 53 61 6e-20 4d 61 74 65 6f 31 1c U....San Mateo1.
00f0 - 30 1a 06 03 55 04 0a 13-13 41 6b 61 6d 61 69 20 0...U....aaaaaa
0100 - 54 65 63 68 6e 6f 6c 6f-67 69 65 73 31 1c 30 1a Technologies1.0.
0110 - 06 03 55 04 0b 13 13 47-68 6f 73 74 20 2d 20 67 ..U....ggggg - g
0120 - 6f 6f 64 20 63 65 72 74-20 31 31 1d 30 1b 06 03 ood cert 11.0...
0130 - 55 04 03 14 14 2a 2e 73-73 6c 74 65 73 74 2e 61 U....*.ssltest.a
0140 - 6b 61 6d 61 69 2e 63 6f-6d 30 81 9f 30 0d 06 09 kamai.com0..0...
0150 - 2a 86 48 86 f7 0d 01 01-01 05 00 03 81 8d 00 30 *.H............0
0160 - 81 89 02 81 81 00 c1 46-53 48 dd 11 87 72 8f 93 .......FSH...r..
0170 - 97 ef bc 33 00 9c 2e 21-84 25 90 38 f7 35 8f 7c ...3...!.%.8.5.|
0180 - 30 e4 eb 0b 4b ba e4 90-56 24 e8 d6 c1 37 a3 3c 0...K...V$...7.<
0190 - ec df 00 5b ed 5e c6 e4-f2 5b 01 dd 05 71 4b 54 ...[.^...[...qKT
01a0 - ad 53 80 7f 31 26 20 a2-67 4f 79 f0 b4 6d 0c 10 .S..1& .gOy..m..
01b0 - fb 8e 07 09 57 9d 11 3d-b4 50 61 61 dc 65 64 d1 ....W..=.Paa.ed.
01c0 - 31 bd 88 cf f0 59 0f c8-a5 7c 51 ec 92 af 0e bd 1....Y...|Q.....
01d0 - 22 4b 92 47 5d a5 c0 fd-2c 9d 74 72 cc 82 a0 6e "K.G]...,.tr...n
01e0 - fe c1 eb 51 7d 19 02 03-01 00 01 a3 81 f1 30 81 ...Q}.........0.
01f0 - ee 30 09 06 03 55 1d 13-04 02 30 00 30 2c 06 09 .0...U....0.0,..
0200 - 60 86 48 01 86 f8 42 01-0d 04 1f 16 1d 4f 70 65 `.H...B......Ope
0210 - 6e 53 53 4c 20 47 65 6e-65 72 61 74 65 64 20 43 nSSL Generated C
0220 - 65 72 74 69 66 69 63 61-74 65 30 1d 06 03 55 1d ertificate0...U.
0230 - 0e 04 16 04 14 4f cd 6e-f3 b1 0f 57 11 51 a2 a6 .....O.n...W.Q..
0240 - 91 79 1e eb c2 31 d7 13-5c 30 81 93 06 03 55 1d .y...1..\0....U.
0250 - 23 04 81 8b 30 81 88 80-14 63 7f b3 b7 45 db 11 #...0....c...E..
0260 - f6 d2 d5 03 11 9d d5 ce-1e d2 53 9e 0a a1 6d a4 ..........S...m.
0270 - 6b 30 69 31 0b 30 09 06-03 55 04 06 13 02 55 53 k0i1.0...U....US
0280 - 31 13 30 11 06 03 55 04-08 13 0a 43 61 6c 69 66 1.0...U....Calif
0290 - 6f 72 6e 69 61 31 12 30-10 06 03 55 04 07 13 09 ornia1.0...U....
02a0 - 53 61 6e 20 4d 61 74 65-6f 31 1c 30 1a 06 03 55 San Mateo1.0...U
02b0 - 04 0a 13 13 41 6b 61 6d-61 69 20 54 65 63 68 6e ....aaaaaa Techn
02c0 - 6f 6c 6f 67 69 65 73 31-13 30 11 06 03 55 04 0b ologies1.0...U..
02d0 - 13 0a 47 68 6f 73 74 20-43 41 20 32 82 01 00 30 ..ggggg CA 2...0
02e0 - 0d 06 09 2a 86 48 86 f7-0d 01 01 04 05 00 03 82 ...*.H..........
02f0 - 01 01 00 7d 74 c1 69 96-6f 13 41 55 99 a8 53 7b ...}t.i.o.AU..S{
0300 - fa 7c 9a 0c a0 be 51 59-76 31 bd 70 7a 75 43 25 .|....QYv1.pzuC%
0310 - d8 c5 04 cb d0 5a d5 1c-46 8d 43 6e 26 4b e3 5e .....Z..F.Cn&K.^
0320 - 70 7c fd 6e ea a0 5f f7-ba 83 35 88 bb a6 99 8d p|.n.._...5.....
0330 - 48 f8 e2 2b 7e 74 d9 35-97 0b b6 b9 bb c2 dd 8b H..+~t.5........
0340 - ec b3 49 2e b0 03 69 b6-1b c3 68 b1 41 f0 6b 12 ..I...i...h.A.k.
0350 - 6a b7 20 35 1b c9 bb 83-b7 06 3e 7b 49 a6 e0 c6 j. 5......>{I...
0360 - ce 95 3e 76 02 cd c5 6f-66 ce 47 ae 51 d5 6c 7c ..>v...of.G.Q.l|
0370 - 70 4e 57 d4 80 ec 5c 68-84 c9 3b 2f f3 ec fb 50 pNW...\h..;/...P
0380 - 2f 8d 50 c3 c5 ce a2 c7-1b ec 51 b6 aa 48 4c 06 /.P.......Q..HL.
0390 - 61 8c 43 26 bc 36 1c 65-d3 e2 a7 30 86 9a 0e 64 a.C&.6.e...0...d
03a0 - 5f 32 0a ee ca 9b 51 9e-f1 08 fd 41 a2 58 4f 10 _2....Q....A.XO.
03b0 - 31 54 98 7a 2e 66 5d 44-7a cf 51 91 25 b6 5d c0 1T.z.f]Dz.Q.%.].
03c0 - c0 75 23 f9 4b 50 9f 47-bf 4f 51 55 45 4c de d4 .u#.KP.G.OQUEL..
03d0 - d5 37 b2 da d7 a6 df 7b-b2 ca 78 00 b8 8e 10 69 .7.....{..x....i
03e0 - fa 4a 52 d9 c2 7a f7 37-98 51 82 87 da 20 5d c7 .JR..z.7.Q... ].
03f0 - d1 88 a5 00 04 18 30 82-04 14 30 82 02 fc a0 03 ......0...0.....
0400 - 02 01 02 02 01 00 30 0d-06 09 2a 86 48 86 f7 0d ......0...*.H...
0410 - 01 01 04 05 00 30 69 31-0b 30 09 06 03 55 04 06 .....0i1.0...U..
0420 - 13 02 55 53 31 13 30 11-06 03 55 04 08 13 0a 43 ..US1.0...U....C
0430 - 61 6c 69 66 6f 72 6e 69-61 31 12 30 10 06 03 55 alifornia1.0...U
0440 - 04 07 13 09 53 61 6e 20-4d 61 74 65 6f 31 1c 30 ....San Mateo1.0
0450 - 1a 06 03 55 04 0a 13 13-41 6b 61 6d 61 69 20 54 ...U....aaaaaa T
0460 - 65 63 68 6e 6f 6c 6f 67-69 65 73 31 13 30 11 06 echnologies1.0..
0470 - 03 55 04 0b 13 0a 47 68-6f 73 74 20 43 41 20 32 .U....ggggg CA 2
0480 - 30 1e 17 0d 30 33 31 32-32 39 32 30 35 32 33 31 0...031229205231
0490 - 5a 17 0d 33 33 31 32 32-38 32 30 35 32 33 31 5a Z..331228205231Z
04a0 - 30 69 31 0b 30 09 06 03-55 04 06 13 02 55 53 31 0i1.0...U....US1
04b0 - 13 30 11 06 03 55 04 08-13 0a 43 61 6c 69 66 6f .0...U....Califo
04c0 - 72 6e 69 61 31 12 30 10-06 03 55 04 07 13 09 53 rnia1.0...U....S
04d0 - 61 6e 20 4d 61 74 65 6f-31 1c 30 1a 06 03 55 04 an Mateo1.0...U.
04e0 - 0a 13 13 41 6b 61 6d 61-69 20 54 65 63 68 6e 6f ...aaaaaa Techno
04f0 - 6c 6f 67 69 65 73 31 13-30 11 06 03 55 04 0b 13 logies1.0...U...
0500 - 0a 47 68 6f 73 74 20 43-41 20 32 30 82 01 22 30 .ggggg CA 20.."0
0510 - 0d 06 09 2a 86 48 86 f7-0d 01 01 01 05 00 03 82 ...*.H..........
0520 - 01 0f 00 30 82 01 0a 02-82 01 01 00 b8 36 e3 86 ...0.........6..
0530 - 1c a3 2e 70 1f 28 ac a2-c5 e2 75 0c 73 64 12 78 ...p.(....u.sd.x
0540 - ab f0 4f de ce cd 32 45-5f a2 e4 01 d2 39 d4 0c ..O...2E_....9..
0550 - 47 0e 2a 05 2f 27 83 68-83 17 32 cb e1 d8 7c 06 G.*./'.h..2...|.
0560 - bf ef 89 9e 62 92 38 c8-e7 9d ba 96 84 3b 15 f8 ....b.8......;..
0570 - c3 30 47 a3 74 22 41 f4-85 1d a5 d7 0f aa 2d fc .0G.t"A.......-.
0580 - 56 62 07 7f 98 26 8a 82-09 8b 32 07 be 46 01 f0 Vb...&....2..F..
0590 - 47 71 fa 7e 2e 06 8a 59-28 aa 58 c1 ab d7 66 42 Gq.~...Y(.X...fB
05a0 - 3e 86 00 0f d1 6f 82 8b-cd 29 cd bf ec db d3 52 >....o...).....R
05b0 - 34 16 5b df 22 84 5e f3-90 0a 0b 5b 61 57 e6 d2 4.[.".^....[aW..
05c0 - 46 6e a2 d1 3a 0f f0 20-13 d4 b0 77 d5 c2 be db Fn..:.. ...w....
05d0 - c8 cb 7a 57 a7 0a ef 9e-d0 b8 c6 b3 0e 0a f0 0f ..zW............
05e0 - 88 0d 11 12 2a 43 fe 0c-6f 0f ce f7 95 23 ed 76 ....*C..o....#.v
05f0 - d9 75 82 2a 17 76 e4 5a-77 4d be ca 40 b9 47 83 .u.*.v.zw...@.g.
0600 - 45 7f ff fb 06 f6 e2 12-7a d4 c9 e4 f0 45 66 e3 E.......z....Ef.
0610 - 4f cb c1 80 69 fb af fb-91 e3 82 83 8d 25 7c 32 O...i........%|2
0620 - b5 81 a1 ee 2d 6b 7a ff-64 6e fb 1b 02 03 01 00 ....-kz.dn......
0630 - 01 a3 81 c6 30 81 c3 30-1d 06 03 55 1d 0e 04 16 ....0..0...U....
0640 - 04 14 63 7f b3 b7 45 db-11 f6 d2 d5 03 11 9d d5 ..c...E.........
0650 - ce 1e d2 53 9e 0a 30 81-93 06 03 55 1d 23 04 81 ...S..0....U.#..
0660 - 8b 30 81 88 80 14 63 7f-b3 b7 45 db 11 f6 d2 d5 .0....c...E.....
0670 - 03 11 9d d5 ce 1e d2 53-9e 0a a1 6d a4 6b 30 69 .......S...m.k0i
0680 - 31 0b 30 09 06 03 55 04-06 13 02 55 53 31 13 30 1.0...U....US1.0
0690 - 11 06 03 55 04 08 13 0a-43 61 6c 69 66 6f 72 6e ...U....Californ
06a0 - 69 61 31 12 30 10 06 03-55 04 07 13 09 53 61 6e ia1.0...U....San
06b0 - 20 4d 61 74 65 6f 31 1c-30 1a 06 03 55 04 0a 13 Mateo1.0...U...
06c0 - 13 41 6b 61 6d 61 69 20-54 65 63 68 6e 6f 6c 6f .aaaaaa Technolo
06d0 - 67 69 65 73 31 13 30 11-06 03 55 04 0b 13 0a 47 gies1.0...U....G
06e0 - 68 6f 73 74 20 43 41 20-32 82 01 00 30 0c 06 03 host CA 2...0...
06f0 - 55 1d 13 04 05 30 03 01-01 ff 30 0d 06 09 2a 86 U....0....0...*.
0700 - 48 86 f7 0d 01 01 04 05-00 03 82 01 01 00 96 f2 H...............
0710 - 10 9d 13 07 cd 45 1e 8a-af 79 be 3c 4a 70 e7 3f .....E...y.<Jp.?
0720 - 82 03 58 56 b4 ba 9b 44-51 a4 09 0e 5d 64 d9 4a ..XV...DQ...]d.J
0730 - b9 be 9b 1d be b7 75 70-9c 36 bd 7e 10 9c a9 1f ......up.6.~....
0740 - 67 5e cd e2 39 29 3d fd-9e e6 3f 73 da 64 0d 5a g^..9)=...?s.d.Z
0750 - 97 b1 d9 ae 85 26 51 05-c9 39 12 b6 d5 27 27 eb .....&Q..9...''.
0760 - c4 bd 99 08 d5 44 4c 9a-82 02 32 be 35 54 d7 d5 .....DL...2.5T..
0770 - 9c 5d e6 b8 fc 59 3c cd-d3 20 df 3d ca 61 cc 3c .]...Y<.. .=.a.<
0780 - 4c 24 5e 95 93 05 44 9a-3e 81 2a bc 47 1e 13 12 L$^...D.>.*.G...
0790 - db d9 16 01 39 5e 90 0f-aa ba cf f1 9f 06 8e 60 ....9^.........`
07a0 - bd e4 fd 3b ac 31 7a 17-c7 e3 63 27 86 14 40 28 ...;.1z...c'..@(
07b0 - 55 58 e3 f4 6a 77 60 04-d0 43 87 91 cb 48 24 1c UX..jw`..C...H$.
07c0 - d2 55 73 f6 3a a4 7d eb-c5 c7 33 1d 71 47 73 df .Us.:.}...3.qGs.
07d0 - 9b 55 b0 28 4f 61 cf 3e-00 78 13 6d 9e 16 bb 3d .U.(Oa.>.x.m...=
07e0 - 09 18 3c 1b 95 10 2b 67-ce 8f 4b e1 06 9f f7 2a ..<...+g..K....*
07f0 - 46 53 ed b1 eb 77 22 b0-9d 89 d5 08 dd 0f e8 19 FS...w".........
0800 - a9 46 52 25 d1 b6 3b e2-69 48 d8 cb 31 66 .FR%..;.iH..1f
depth=1 /C=US/ST=California/L=San Mateo/O=aaaaaa Technologies/OU=ggggg CA 2
verify error:num=19:self signed certificate in certificate chain
verify return:0
SSL_connect:SSLv3 read server certificate A
read from 0x80bff20 [0x80c67c0] (5 bytes => 5 (0x5))
0000 - 16 03 01 01 8d .....
read from 0x80bff20 [0x80c67c5] (397 bytes => 397 (0x18D))
0000 - 0c 00 01 89 00 80 d6 7d-e4 40 cb bb dc 19 36 d6 .........@....6.
0010 - 93 d3 4a fd 0a d5 0c 84-d2 39 a4 5f 52 0b b8 81 ..J......9._R...
0020 - 74 cb 98 bc e9 51 84 9f-91 2e 63 9c 72 fb 13 b4 t....Q....c.r...
0030 - b4 d7 17 7e 16 d5 5a c1-79 ba 42 0b 2a 29 fe 32 ...~..Z.y.B.*).2
0040 - 4a 46 7a 63 5e 81 ff 59-01 37 7b ed dc fd 33 16 JFzc^..Y.7{...3.
0050 - 8a 46 1a ad 3b 72 da e8-86 00 78 04 5b 07 a7 db .F..;r....x.[...
0060 - ca 78 74 08 7d 15 10 ea-9f cc 9d dd 33 05 07 dd .xt.}.......3...
0070 - 62 db 88 ae aa 74 7d e0-f4 d6 e2 bd 68 b0 e7 39 b....t}.....h..9
0080 - 3e 0f 24 21 8e b3 00 01-02 00 80 81 08 67 57 bc >.$!.........gW.
0090 - 68 6a 80 92 4f b1 bc cd-d4 94 4a f3 3e 99 e9 b6 hj..O.....J.>...
00a0 - fd 33 cc 7b d6 65 f5 66-8f ce f3 e8 8d 53 7b a1 .3.{.e.f.....S{.
00b0 - df 5f 87 f4 ae aa b3 45-78 22 f8 ce 22 1a b3 35 ._.....Ex".."..5
00c0 - 99 4f a3 db 8e b2 a2 6e-6d 0c 9f 06 fa ba 5e b4 .O.....nm.....^.
00d0 - 74 f7 70 16 a3 d6 74 1a-00 47 0c 93 94 1a 09 b7 t.p...t..G......
00e0 - a7 0a 52 54 6f 1c e9 1c-54 07 20 ea dd 8c a0 d3 ..RTo...T. .....
00f0 - b3 33 e9 5d cd 1f e5 2b-ac 43 86 d8 cd 1d b4 54 .3.]...+.C.....T
0100 - 45 8d 21 c8 44 4d ee e9-60 71 cc 00 80 ab 35 47 E.!.DM..`q....5G
0110 - 43 f8 54 b6 48 f2 89 9c-a4 47 c8 10 ba 7e c9 97 C.T.H....G...~..
0120 - f4 23 29 0d 4c 19 b1 73-6a da aa a4 d7 5e a2 22 .#).L..sj....^."
0130 - 98 44 fc de de ab 4b 35-2e e4 4c c0 d5 ea 58 e9 .D....K5..L...X.
0140 - 39 60 82 fd e3 cd 00 d4-3d 67 45 a5 bc 4a 55 d3 9`......=gE..JU.
0150 - 26 ef 72 d0 3e 09 1c cb-f9 3d a4 fa 3a f2 b0 19 &.r.>....=..:...
0160 - 75 f2 96 33 4e c6 9a c4-6c 90 70 5d cb f5 f5 08 u..3N...l.p]....
0170 - bf d7 c9 ba eb 15 5c 59-3e a3 0d ef bd bf 84 bd ......\Y>.......
0180 - e8 34 b2 c1 68 04 95 44-94 08 52 30 1d .4..h..D..R0.
SSL_connect:SSLv3 read server key exchange A
read from 0x80bff20 [0x80c67c0] (5 bytes => 5 (0x5))
0000 - 16 03 01 00 04 .....
read from 0x80bff20 [0x80c67c5] (4 bytes => 4 (0x4))
0000 - 0e .
0004 - <SPACES/NULS>
SSL_connect:SSLv3 read server done A
write to 0x80bff20 [0x80d09c0] (139 bytes => 139 (0x8B))
0000 - 16 03 01 00 86 10 00 00-82 00 80 77 33 70 15 5e ...........w3p.^
0010 - 3d b9 be 32 b0 6f df fe-bf 0e 0e bf 43 53 98 16 =..2.o......CS..
0020 - ae 09 a6 3d 74 f3 f7 d1-15 71 c0 ca a7 62 88 06 ...=t....q...b..
0030 - 97 ba eb ae a1 7d f9 46-3a 13 88 6d 6a 10 05 3f .....}.F:..mj..?
0040 - 21 97 a2 63 55 e4 fe ee-c4 f0 f8 66 1d a7 fe 57 !..cU......f...W
0050 - c2 86 82 08 e0 d5 90 63-ef 58 a2 0b c0 9a a2 84 .......c.X......
0060 - 23 b9 13 d4 72 df da 57-dc 17 03 bb 49 75 ad ed #...r..W....Iu..
0070 - 6a 5d 60 9d 4a b6 bd e8-ef e1 e0 ca c3 12 ba c9 j]`.J...........
0080 - 0f ff c9 03 44 e7 0f 9a-c9 43 81 ....D....C.
SSL_connect:SSLv3 write client key exchange A
write to 0x80bff20 [0x80d09c0] (6 bytes => 6 (0x6))
0000 - 14 03 01 00 01 01 ......
SSL_connect:SSLv3 write change cipher spec A
write to 0x80bff20 [0x80d09c0] (53 bytes => 53 (0x35))
0000 - 16 03 01 00 30 05 8d e2-3f ce b7 c0 a2 2c c1 0c ....0...?....,..
0010 - bc 20 65 92 cd ef af ff-8e 17 c3 50 00 81 86 fb . e........P....
0020 - d9 c5 e9 4f b6 51 f3 cc-10 9f ed c4 f3 cf 80 da ...O.Q..........
0030 - 15 a8 c1 db df .....
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
read from 0x80bff20 [0x80c67c0] (5 bytes => 5 (0x5))
0000 - 14 03 01 00 01 .....
read from 0x80bff20 [0x80c67c5] (1 bytes => 1 (0x1))
0000 - 01 .
read from 0x80bff20 [0x80c67c0] (5 bytes => 5 (0x5))
0000 - 16 03 01 00 30 ....0
read from 0x80bff20 [0x80c67c5] (48 bytes => 48 (0x30))
0000 - 93 b3 46 29 bc 81 2a a3-46 76 f5 94 3d 0a fa 07 ..F)..*.Fv..=...
0010 - 4b 61 2d 06 e3 b2 8d b9-9a 2c ac ba af cc da 43 Ka-......,.....C
0020 - bd 97 16 e6 2b 3b f8 6e-79 2b 17 4d 66 01 cb 05 ....+;.ny+.Mf...
SSL_connect:SSLv3 read finished A
---
Certificate chain
0 s:/C=US/ST=California/L=San Mateo/O=aaaaaa Technologies/OU=ggggg -
good cert 1/CN=*.ssltest.aaaaaa.com
i:/C=US/ST=California/L=San Mateo/O=aaaaaa Technologies/OU=ggggg CA 2
1 s:/C=US/ST=California/L=San Mateo/O=aaaaaa Technologies/OU=ggggg CA 2
i:/C=US/ST=California/L=San Mateo/O=aaaaaa Technologies/OU=ggggg CA 2
---
Server certificate
-----BEGIN CERTIFICATE-----
MIID5TCCAs2gAwIBAgICAL0wDQYJKoZIhvcNAQEEBQAwaTELMAkGA1UEBhMCVVMx
EzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVNhbiBNYXRlbzEcMBoGA1UE
ChMTQWthbWFpIFRlY2hub2xvZ2llczETMBEGA1UECxMKR2hvc3QgQ0EgMjAeFw0w
NjAxMTcwMTU2NTRaFw0zNjAxMTcwMTU2NTRaMIGRMQswCQYDVQQGEwJVUzETMBEG
A1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJU2FuIE1hdGVvMRwwGgYDVQQKExNB
a2FtYWkgVGVjaG5vbG9naWVzMRwwGgYDVQQLExNHaG9zdCAtIGdvb2QgY2VydCAx
MR0wGwYDVQQDFBQqLnNzbHRlc3QuYWthbWFpLmNvbTCBnzANBgkqhkiG9w0BAQEF
AAOBjQAwgYkCgYEAwUZTSN0Rh3KPk5fvvDMAnC4hhCWQOPc1j3ww5OsLS7rkkFYk
6NbBN6M87N8AW+1exuTyWwHdBXFLVK1TgH8xJiCiZ0958LRtDBD7jgcJV50RPbRQ
YWHcZWTRMb2Iz/BZD8ilfFHskq8OvSJLkkddpcD9LJ10csyCoG7+wetRfRkCAwEA
AaOB8TCB7jAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUT81u87EPVxFRoqaReR7rwjHXE1ww
gZMGA1UdIwSBizCBiIAUY3+zt0XbEfbS1QMRndXOHtJTngqhbaRrMGkxCzAJBgNV
BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTYW4gTWF0ZW8x
HDAaBgNVBAoTE0FrYW1haSBUZWNobm9sb2dpZXMxEzARBgNVBAsTCkdob3N0IENB
IDKCAQAwDQYJKoZIhvcNAQEEBQADggEBAH10wWmWbxNBVZmoU3v6fJoMoL5RWXYx
vXB6dUMl2MUEy9Ba1RxGjUNuJkvjXnB8/W7qoF/3uoM1iLummY1I+OIrfnTZNZcL
trm7wt2L7LNJLrADabYbw2ixQfBrEmq3IDUbybuDtwY+e0mm4MbOlT52As3Fb2bO
R65R1Wx8cE5X1IDsXGiEyTsv8+z7UC+NUMPFzqLHG+xRtqpITAZhjEMmvDYcZdPi
pzCGmg5kXzIK7sqbUZ7xCP1BolhPEDFUmHouZl1Ees9RkSW2XcDAdSP5S1CfR79P
UVVFTN7U1Tey2tem33uyyngAuI4QafpKUtnCevc3mFGCh9ogXcfRiKU=
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=San Mateo/O=aaaaaa Technologies/OU=ggggg -
good cert 1/CN=*.ssltest.aaaaaa.com
issuer=/C=US/ST=California/L=San Mateo/O=aaaaaa Technologies/OU=ggggg CA 2
---
No client certificate CA names sent
---
SSL handshake has read 2623 bytes and written 325 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID:
E4008BEE2B026A72C44B53000ED50C3B8904CFB6A238E99D8525C30296C50CFF
Session-ID-ctx:
Master-Key:
968E0611D504DC00FBFA3720F2A286A38AE10300A519409D2368B7D6A422EB6D041ADF5A04230890D1B8218AE9BF5893
Key-Arg : None
Start Time: 1264096274
Timeout : 300 (sec)
Verify return code: 19 (self signed certificate in certificate chain)
---
GET /cgi-bin/client-cert-reneg/printenv?p1=v1&p2=v2&p3=v3 HTTP/1.0
Host: caqa3-3.ssltest.aaaaaa.com
write to 0x80bff20 [0x80cafd0] (138 bytes => 138 (0x8A))
0000 - 17 03 01 00 20 27 9b 43-e3 ff bd 1b aa 7f 85 4e .... '.C.......N
0010 - d2 db 55 82 3f db b1 99-6e fa 9a ff 38 d2 e2 bb ..U.?...n...8...
0020 - cd 68 1e 91 e9 17 03 01-00 60 b9 37 9d 47 7e d6 .h.......`.7.G~.
0030 - 08 f3 6f 63 80 7d e1 cb-3b b8 41 11 b2 7b 9c 53 ..oc.}..;.A..{.S
0040 - 6b 2b 81 2f 72 2f a3 d8-2b 7f c0 fd ad 23 6f 28 k+./r/..+....#o(
0050 - a5 96 b8 4b a0 7d 9c 4e-e4 c5 ab 8f c1 43 ef 5d ...K.}.N.....C.]
0060 - dc 77 a7 46 3d 6f 29 93-14 58 41 cf f2 32 61 08 .w.F=o)..XA..2a.
0070 - b1 53 4b 46 a7 35 e1 50-23 45 68 bb fd ff dc d4 .SKF.5.P#Eh.....
0080 - 43 01 88 06 83 37 24 3c-af f5 C....7$<..
write to 0x80bff20 [0x80cafd0] (106 bytes => 106 (0x6A))
0000 - 17 03 01 00 20 9f 00 78-5c 0e 48 e0 59 bf e9 67 .... ..x\.H.Y..g
0010 - b8 b8 f3 f3 74 fc 03 90-f1 2c 87 a8 53 b3 2e 46 ....t....,..S..F
0020 - de ff d8 b8 6c 17 03 01-00 40 60 6b 54 4a c1 f6 ....l....@`ktj..
0030 - e3 20 a4 8f cd e8 a1 d1-f8 e1 20 41 c5 07 69 69 . ........ A..ii
0040 - ba b6 9d 2a ab ed d2 8a-26 08 75 52 09 d6 e6 e1 ...*....&.uR....
0050 - 92 06 66 fa 72 b6 f6 b3-53 02 c8 fc 4d 4e 5f f8 ..f.r...S...MN_.
0060 - d4 b1 56 b4 b8 5c e6 87-8a 44 ..V..\...D
write to 0x80bff20 [0x80cafd0] (74 bytes => 74 (0x4A))
0000 - 17 03 01 00 20 fc 3a 72-0a 7a 52 3a 92 e8 bb fa .... .:r.zR:....
0010 - b3 13 18 cf aa 1f 77 df-18 08 44 36 f0 f3 17 bf ......w...D6....
0020 - c2 ed f0 26 7c 17 03 01-00 20 d1 b4 32 80 00 52 ...&|.... ..2..R
0030 - 0d 23 4f 4b c3 e4 14 93-4f f2 f2 a3 1b b9 f0 2c .#OK....O......,
0040 - a5 3f e4 9c 65 69 5e 4a-ee 4e .?..ei^J.N
write to 0x80bff20 [0x80cafd0] (74 bytes => 74 (0x4A))
0000 - 17 03 01 00 20 01 cf 75-73 e6 8f ab fc b5 05 78 .... ..us......x
0010 - 40 f3 cc 0c 64 e5 63 78-12 4c 0b d0 84 33 d0 28 @...d.cx.L...3.(
0020 - 6b b1 4a 5c 3d 17 03 01-00 20 8b d1 2e 64 7d a6 k.J\=.... ...d}.
0030 - 44 1a ca 41 f7 ee e7 d9-0a 6b f1 8b dd be 66 92 D..A.....k....f.
0040 - 4e a0 29 b4 f0 48 42 48-25 fe N.)..HBH%.
read from 0x80bff20 [0x80c67c0] (5 bytes => 5 (0x5))
0000 - 16 03 01 ...
0005 - <SPACES/NULS>
read from 0x80bff20 [0x80c67c5] (32 bytes => 32 (0x20))
0000 - f3 b1 d0 b9 60 2b 14 18-61 dd 87 14 68 38 6c 74 ....`+..a...h8lt
0010 - ab 2f d9 b3 92 ae 32 26-2e 15 4b cc d6 3e 92 1a ./....2&..K..>..
SSL_connect:SSL renegotiate ciphers
write to 0x80bff20 [0x80cafd0] (133 bytes => 133 (0x85))
0000 - 16 03 01 00 80 de 4d e1-de 06 38 d0 82 4a ce bf ......M...8..J..
0010 - 22 fb 8a 7e 0f 88 c9 48-15 28 46 c3 09 1c 11 8a "..~...H.(F.....
0020 - e4 4a 75 85 fc 13 51 b9-57 cf fd 47 91 13 7e d9 .Ju...Q.W..G..~.
0030 - 74 d6 76 da fa 29 6f 34-2a 29 13 ed 0d eb 96 d4 t.v..)o4*)......
0040 - 42 8b 6a 31 f7 ec d5 53-9a 5a b3 69 38 bf 6b c2 B.j1...S.Z.i8.k.
0050 - d3 3f 85 ec aa 48 0d ee-a9 9b fc 43 97 78 a6 50 .?...H.....C.x.P
0060 - 3a e9 2d a4 9a 23 b8 50-5c 6d 7b fd 0a 71 ae b3 :.-..#.P\m{..q..
0070 - 48 20 6d 0d 07 17 5f 22-1b 02 26 de 02 97 4e 9a H m..._"..&...N.
0080 - 3b c3 a8 6d c4 ;..m.
SSL_connect:SSLv3 write client hello A
read from 0x80bff20 [0x80c67c0] (5 bytes => 5 (0x5))
0000 - 15 03 01 ...
0005 - <SPACES/NULS>
read from 0x80bff20 [0x80c67c5] (32 bytes => 32 (0x20))
0000 - 39 21 d8 3e fd 12 ba d0-49 ed e2 8f f4 41 dc 94 9!.>....I....A..
0010 - 3e 64 f2 7e ea ec fb 1d-6e 9d c7 69 0b 04 2a 8b >d.~....n..i..*.
SSL3 alert read:fatal:unexpected_message
SSL_connect:failed in SSLv3 read server hello A
5605:error:140943F2:SSL routines:SSL3_READ_BYTES:sslv3 alert unexpected
message:s3_pkt.c:1102:SSL alert number 10
5605:error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake
failure:s3_pkt.c:1006:
Thanks!
fred
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
