s_client CKE protocol version is wrong?

[jinjun gao]

Hi all,

I have a confusion for s_client CKE premaster protocol version.
Can somebody help to explain it? Thanks!

I add -DSSL_DEBUG to do debug output when compiling.

Below is my test result:

Server side:
$./openssl s_server -tls1 (server only accept TLSv1 connection)
Using default temp DH parameters
Using default temp ECDH parameters
ACCEPT
Premaster Secret:
0000 - 03 03 bd b0 7c d3 65 1b-9c f2 80 91 f7 f3 74 b0   ....|.e.......t.
<--- 03 03(TLSv12)
0010 - 47 f4 5c fe f2 d4 68 b1-fc 74 75 53 7a 45 34 d4   G.\...h..tuSzE4.
0020 - 24 56 0f 3c af 8d bf bb-1e 4f af 83 8b 46 f0 8f   $V.<.....O...F..
Client Random:
0000 - a7 17 2c 08 39 2f ae b5-51 3e 7e 6c 95 46 a9 53   ..,.9/..Q>~l.F.S
0010 - 2a 84 1a a8 db b4 f6 94-d9 91 8a e3 99 5c 5a 97   *............\Z.
Server Random:
0000 - eb b2 e3 f8 7d fb b1 a3-75 e1 05 2b 5d 9f 25 03   ....}...u..+].%.
0010 - 29 73 2e 61 87 47 95 05-3d f3 f7 75 8f 6b 16 82   )s.a.G..=..u.k..
Master Secret:
0000 - 2d 42 3b a2 30 b6 49 60-9f 37 87 5d ee 75 f1 18   -B;.0.I`.7.].u..
0010 - 0b 7b b8 b7 6d 2b 60 7c-70 44 f7 00 e2 2e 57 e0   .{..m+`|pD....W.
0020 - e6 a0 8b 0b f7 5b a0 6c-26 23 3b 91 4c b8 c8 8e   .....[.l&#;.L...

Client side:
$ ./openssl s_client -connect 10.8.2.150:4433 -cipher RC4-SHA
CONNECTED(00000003)
depth=0 C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN =
Test Server Cert
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN =
Test Server Cert
verify error:num=27:certificate not trusted
verify return:1
depth=0 C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN =
Test Server Cert
verify error:num=21:unable to verify the first certificate
verify return:1
Premaster Secret:
0000 - 03 03 bd b0 7c d3 65 1b-9c f2 80 91 f7 f3 74 b0   ....|.e.......t.
<--- 03 03(TLSv12) wrong?
0010 - 47 f4 5c fe f2 d4 68 b1-fc 74 75 53 7a 45 34 d4   G.\...h..tuSzE4.
0020 - 24 56 0f 3c af 8d bf bb-1e 4f af 83 8b 46 f0 8f   $V.<.....O...F..
Client Random:
0000 - a7 17 2c 08 39 2f ae b5-51 3e 7e 6c 95 46 a9 53   ..,.9/..Q>~l.F.S
0010 - 2a 84 1a a8 db b4 f6 94-d9 91 8a e3 99 5c 5a 97   *............\Z.
Server Random:
0000 - eb b2 e3 f8 7d fb b1 a3-75 e1 05 2b 5d 9f 25 03   ....}...u..+].%.
0010 - 29 73 2e 61 87 47 95 05-3d f3 f7 75 8f 6b 16 82   )s.a.G..=..u.k..
Master Secret:
0000 - 2d 42 3b a2 30 b6 49 60-9f 37 87 5d ee 75 f1 18   -B;.0.I`.7.].u..
0010 - 0b 7b b8 b7 6d 2b 60 7c-70 44 f7 00 e2 2e 57 e0   .{..m+`|pD....W.
0020 - e6 a0 8b 0b f7 5b a0 6c-26 23 3b 91 4c b8 c8 8e   .....[.l&#;.L...
..... certificate ignore .....
New, TLSv1/SSLv3, Cipher is RC4-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
LOCAL PORT is 41469
SSL-Session:
    Protocol  : TLSv1                    <----------Negotiating TLSv1(03
01) as protocol version.
    Cipher    : RC4-SHA
    Session-ID:
FA52422FEE594293111ABAB10129DCA3B8FB74F5958827FDD447DC657A08E6E3
    Session-ID-ctx:
    Master-Key:
2D423BA230B649609F37875DEE75F1180B7BB8B76D2B607C7044F700E22E57E0E6A08B0BF75BA06C26233B914CB8C88E
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 7200 (seconds)
    TLS session ticket:
    0000 - f0 89 3c ab 06 fc de cc-0f 94 cf be 2d 44 0d 25
..<.........-D.%
    0010 - fb 08 8f 48 8b 18 07 a1-46 ab fd 8b 02 82 68 a3
...H....F.....h.
    0020 - 0e f2 f6 6a d7 55 6b 0b-dd ed 8f ec ad 17 bb 3c
...j.Uk........<
    0030 - 09 67 05 ae 77 45 0f a2-df de 33 b6 df 8d a4 92
.g..wE....3.....
    0040 - 02 8d a0 0b 22 be 26 a4-21 51 ff f9 9d dc 60 7b
....".&.!Q....`{
    0050 - bb d3 c6 db e7 2e 54 11-8d 3c f3 0c 53 89 de 0d
......T..<..S...
    0060 - 1f 6e 50 b5 05 d2 7e ec-48 75 42 42 10 ba 89 37
.nP...~.HuBB...7
    0070 - d6 62 5c c1 34 1c b3 0e-ba f8 46 13 05 13 bf fe
.b\.4.....F.....
    0080 - 54 2f 36 f5 d2 7c cf 92-43 2d 3b 3b c0 f7 f0 2d
T/6..|..C-;;...-
    0090 - 3d 58 a9 0c 98 c3 ed b6-37 b7 18 31 76 e8 40 c5   =X......7..1v.@
.

    Start Time: 1405567904
    Timeout   : 300 (sec)
    Verify return code: 21 (unable to verify the first certificate)
---

-- 
Best Regards,
-------------------------------------
Gao Jinjun
MSN: gjin...@gmail.com

testlog
Description: Binary data