7
Mam problem z nawiązaniem połączenia z usługą z uwierzytelnianiem klienta. Usługa ("SecureService") działa na AWS. Klienci są na maszynie wirtualnej Linux na moim Macu. Nginx na SecureService wymusza uwierzytelnianie klienta na zasobie, do którego uzyskuję dostęp na porcie 443. Mogę uzyskać pomyślną odpowiedź łączącą się z tej samej maszyny wirtualnej do tej samej usługi SecureService, przy użyciu sprawdzonej koncepcji autonomicznej aplikacji Java (openjdk 1.8.0_60) lub innych klientów (wget, openssl), ale nie z tego samego kodu Java hostowanego w Websphere AS (co prawda opiera się na starszych bibliotekach i maszynie IBM J9 VM, build 2.6, JRE 1.6.0). Podczas zmiany nazwy hosta SecureService na 127.0.0.1 w/etc/hosts, ten sam kod Java na serwerze Websphere AS łączy się pomyślnie z lokalnym serwerem openSSL, wymagającym uwierzytelnienia klienta z tego samego urzędu certyfikacji. Odpowiedź z SecureServer na nieudane raporty połączeń "400 Nie wysłano wymaganego certyfikatu SSL" ... "400 złe żądanie", ale przechwytywanie pakietów tcpdump pokazuje, że NIE wysyła żądania certyfikatu, podczas gdy we wszystkich innych przypadkach. Jest to zagadkowe i prowadzi mnie do myślenia, że coś jest w wiadomości ClientHello, której serwer nie lubi, chociaż komunikaty ClientHello w udanych i niedziałających połączeniach są bardzo podobne.Niepowodzenie połączenia SSL bez żądania certyfikatu z serwera, łączenie się z Nginx na AWS z lokalnej witryny sieci Web AS działającej w środowisku Java 6
Dosyć dziwnym szczegółem jest również to, że tcpdump nigdy nie przechwytuje pierwszego pakietu TCP SYN z mojego klienta do serwera w przypadku awarii komunikacji, podczas gdy przechwytuje resztę (SYN + ACK z serwera, następnie ACK od klienta) i wszystkie pakiety (SYN, SYN + ACK, ACK) we wszystkich innych połączeniach.
Cała komunikacja używa TLSv1.2 we wszystkich swoich częściach.
przeciwnym razie gra:
(client <--> server)
<-- SYN, ACK
--> ACK
--> Client Hello
<-- ACK
<-- Server Hello, Certificate, Server Hello Done
--> ACK
--> Client Key Exchange
<-- ACK
--> Change Cypher Spec
<-- ACK
--> Encrypted Handshake Message
<-- ACK
<-- Change Cypher Spec, Encrypted Handshake Message
--> Application Data
...
Udane połączenie z dowodu koncepcji aplikacji Java: (klient < -> serwer)
--> SYN
<-- SYN, ACK
--> ACK
--> Client Hello
<-- ACK
<-- Server Hello
<-- Certificate
<-- Certificate Request, Server Hello Done
--> ACK
--> ACK
--> [TCP segment of a reassembled PDU]
--> Certificate, Client Key Exchange
<-- ACK
--> Certificate Verify
--> Change Cypher Spec
--> Hello Request, Hello Request
<-- ACK
<-- Change Cypher Spec, Encrypted Handshake Message
--> Application Data
...
Udane połączenie z Websphere AS lokalnym OpenSSL: (klient < -> serwer)
--> SYN
<-- SYN, ACK
--> ACK
--> Client Hello
<-- ACK
<-- Server Hello, Certificate, Certificate Request, Server Hello Done
--> ACK
--> Certificate, Client Key Exchange
<-- ACK
--> Certificate Verify
--> Change Cypher Spec
--> Encrypted Handshake Message
<-- ACK
<-- Change Cypher Spec, Encrypted Handshake Message
--> Application Data
...
Niezastosowanie Client Witaj
Frame 3: 332 bytes on wire (2656 bits), 332 bytes captured (2656 bits)
Encapsulation type: Linux cooked-mode capture (25)
Arrival Time: Feb 25, 2016 13:29:15.353437000 GMT
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1456406955.353437000 seconds
[Time delta from previous captured frame: 0.004839000 seconds]
[Time delta from previous displayed frame: 0.004839000 seconds]
[Time since reference or first frame: 0.004868000 seconds]
Frame Number: 3
Frame Length: 332 bytes (2656 bits)
Capture Length: 332 bytes (2656 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: sll:ethertype:ip:tcp:ssl]
[Coloring Rule Name: TCP]
[Coloring Rule String: tcp]
Linux cooked capture
Packet type: Sent by us (4)
Link-layer address type: 1
Link-layer address length: 6
Source: CadmusCo_67:0a:c1 (08:00:27:67:0a:c1)
Protocol: IPv4 (0x0800)
Internet Protocol Version 4, Src: (OMITTED FOR SECURITY REASONS), Dst: (OMITTED FOR SECURITY REASONS)
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 316
Identification: 0xf29d (62109)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (6)
Header checksum: 0xc7f8 [validation disabled]
[Good: False]
[Bad: False]
Source: (OMITTED FOR SECURITY REASONS)
Destination: (OMITTED FOR SECURITY REASONS)
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: 51512 (51512), Dst Port: 443 (443), Seq: 1, Ack: 1, Len: 276
Source Port: 51512
Destination Port: 443
[Stream index: 0]
[TCP Segment Len: 276]
Sequence number: 1 (relative sequence number)
[Next sequence number: 277 (relative sequence number)]
Acknowledgment number: 1 (relative ack number)
Header Length: 20 bytes
Flags: 0x018 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgment: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
[TCP Flags: *******AP***]
Window size value: 14600
[Calculated window size: 14600]
[Window size scaling factor: -2 (no window scaling used)]
Checksum: 0x8054 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Urgent pointer: 0
[SEQ/ACK analysis]
[Bytes in flight: 276]
Secure Sockets Layer
TLSv1.2 Record Layer: Handshake Protocol: Client Hello
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 271
Handshake Protocol: Client Hello
Handshake Type: Client Hello (1)
Length: 267
Version: TLS 1.2 (0x0303)
Random
GMT Unix Time: Feb 25, 2016 13:29:15.000000000 GMT
Random Bytes: 2ca99e72b66289fcd3f11bf2dc3ef464709b197e6dd6cdd5...
Session ID Length: 32
Session ID: 28eef056a41440e760eaa9e3358a9cd56d8823fa130e9100...
Cipher Suites Length: 128
Cipher Suites (64 suites)
Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004)
Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
Cipher Suite: SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA (0xfeff)
Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)
Cipher Suite: TLS_DHE_DSS_WITH_RC4_128_SHA (0x0066)
Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 (0x00a2)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (0x0040)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
Cipher Suite: TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA (0x0011)
Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (0x0040)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 (0x00a2)
Cipher Suite: TLS_DHE_DSS_WITH_DES_CBC_SHA (0x0012)
Cipher Suite: TLS_DHE_DSS_WITH_RC4_128_SHA (0x0066)
Cipher Suite: TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA (0x0014)
Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e)
Cipher Suite: TLS_DHE_RSA_WITH_DES_CBC_SHA (0x0015)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA (0xc007)
Cipher Suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
Cipher Suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011)
Cipher Suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc003)
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004)
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 (0xc025)
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02d)
Cipher Suite: TLS_ECDH_ECDSA_WITH_RC4_128_SHA (0xc002)
Cipher Suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA (0xc00d)
Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e)
Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 (0xc029)
Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 (0xc031)
Cipher Suite: TLS_ECDH_RSA_WITH_RC4_128_SHA (0xc00c)
Cipher Suite: TLS_RSA_EXPORT_WITH_DES40_CBC_SHA (0x0008)
Cipher Suite: TLS_RSA_EXPORT_WITH_RC4_40_MD5 (0x0003)
Cipher Suite: SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA (0xfeff)
Cipher Suite: SSL_RSA_FIPS_WITH_DES_CBC_SHA (0xfefe)
Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
Cipher Suite: TLS_RSA_WITH_DES_CBC_SHA (0x0009)
Cipher Suite: TLS_RSA_WITH_NULL_MD5 (0x0001)
Cipher Suite: TLS_RSA_WITH_NULL_SHA (0x0002)
Cipher Suite: TLS_RSA_WITH_NULL_SHA256 (0x003b)
Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004)
Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005)
Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
Compression Methods Length: 1
Compression Methods (1 method)
Compression Method: null (0)
Extensions Length: 66
Extension: elliptic_curves
Type: elliptic_curves (0x000a)
Length: 24
Elliptic Curves Length: 22
Elliptic curves (11 curves)
Elliptic curve: secp256r1 (0x0017)
Elliptic curve: secp192r1 (0x0013)
Elliptic curve: secp224r1 (0x0015)
Elliptic curve: secp384r1 (0x0018)
Elliptic curve: secp521r1 (0x0019)
Elliptic curve: secp160k1 (0x000f)
Elliptic curve: secp160r1 (0x0010)
Elliptic curve: secp160r2 (0x0011)
Elliptic curve: secp192k1 (0x0012)
Elliptic curve: secp224k1 (0x0014)
Elliptic curve: secp256k1 (0x0016)
Extension: ec_point_formats
Type: ec_point_formats (0x000b)
Length: 2
EC point formats Length: 1
Elliptic curves point formats (1)
EC point format: uncompressed (0)
Extension: signature_algorithms
Type: signature_algorithms (0x000d)
Length: 28
Signature Hash Algorithms Length: 26
Signature Hash Algorithms (13 algorithms)
Signature Hash Algorithm: 0x0603
Signature Hash Algorithm Hash: SHA512 (6)
Signature Hash Algorithm Signature: ECDSA (3)
Signature Hash Algorithm: 0x0601
Signature Hash Algorithm Hash: SHA512 (6)
Signature Hash Algorithm Signature: RSA (1)
Signature Hash Algorithm: 0x0503
Signature Hash Algorithm Hash: SHA384 (5)
Signature Hash Algorithm Signature: ECDSA (3)
Signature Hash Algorithm: 0x0501
Signature Hash Algorithm Hash: SHA384 (5)
Signature Hash Algorithm Signature: RSA (1)
Signature Hash Algorithm: 0x0403
Signature Hash Algorithm Hash: SHA256 (4)
Signature Hash Algorithm Signature: ECDSA (3)
Signature Hash Algorithm: 0x0401
Signature Hash Algorithm Hash: SHA256 (4)
Signature Hash Algorithm Signature: RSA (1)
Signature Hash Algorithm: 0x0303
Signature Hash Algorithm Hash: SHA224 (3)
Signature Hash Algorithm Signature: ECDSA (3)
Signature Hash Algorithm: 0x0301
Signature Hash Algorithm Hash: SHA224 (3)
Signature Hash Algorithm Signature: RSA (1)
Signature Hash Algorithm: 0x0203
Signature Hash Algorithm Hash: SHA1 (2)
Signature Hash Algorithm Signature: ECDSA (3)
Signature Hash Algorithm: 0x0201
Signature Hash Algorithm Hash: SHA1 (2)
Signature Hash Algorithm Signature: RSA (1)
Signature Hash Algorithm: 0x0402
Signature Hash Algorithm Hash: SHA256 (4)
Signature Hash Algorithm Signature: DSA (2)
Signature Hash Algorithm: 0x0202
Signature Hash Algorithm Hash: SHA1 (2)
Signature Hash Algorithm Signature: DSA (2)
Signature Hash Algorithm: 0x0101
Signature Hash Algorithm Hash: MD5 (1)
Signature Hash Algorithm Signature: RSA (1)
Udane Client Hello from dowód koncepcji SecureServer:
Frame 62: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0
Interface id: 0 (en0)
Encapsulation type: Ethernet (1)
Arrival Time: Feb 24, 2016 17:20:21.803009000 GMT
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1456334421.803009000 seconds
[Time delta from previous captured frame: 0.119948000 seconds]
[Time delta from previous displayed frame: 0.119948000 seconds]
[Time since reference or first frame: 17.897514000 seconds]
Frame Number: 62
Frame Length: 306 bytes (2448 bits)
Capture Length: 306 bytes (2448 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:tcp:ssl]
[Coloring Rule Name: TCP]
[Coloring Rule String: tcp]
Ethernet II, Src: Apple_bc:c7:11 (a4:5e:60:bc:c7:11), Dst: CiscoInc_76:28:80 (a4:4c:11:76:28:80)
Destination: CiscoInc_76:28:80 (a4:4c:11:76:28:80)
Address: CiscoInc_76:28:80 (a4:4c:11:76:28:80)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: Apple_bc:c7:11 (a4:5e:60:bc:c7:11)
Address: Apple_bc:c7:11 (a4:5e:60:bc:c7:11)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: (OMITTED FOR SECURITY REASONS), Dst: (OMITTED FOR SECURITY REASONS)
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 292
Identification: 0xa8b7 (43191)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (6)
Header checksum: 0x279c [validation disabled]
[Good: False]
[Bad: False]
Source: (OMITTED FOR SECURITY REASONS)
Destination: (OMITTED FOR SECURITY REASONS)
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: 62197 (62197), Dst Port: 443 (443), Seq: 1, Ack: 1, Len: 240
Source Port: 62197
Destination Port: 443
[Stream index: 9]
[TCP Segment Len: 240]
Sequence number: 1 (relative sequence number)
[Next sequence number: 241 (relative sequence number)]
Acknowledgment number: 1 (relative ack number)
Header Length: 32 bytes
Flags: 0x018 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgment: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
[TCP Flags: *******AP***]
Window size value: 4122
[Calculated window size: 131904]
[Window size scaling factor: 32]
Checksum: 0xc3c5 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Urgent pointer: 0
Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps
No-Operation (NOP)
Type: 1
0... .... = Copy on fragmentation: No
.00. .... = Class: Control (0)
...0 0001 = Number: No-Operation (NOP) (1)
No-Operation (NOP)
Type: 1
0... .... = Copy on fragmentation: No
.00. .... = Class: Control (0)
...0 0001 = Number: No-Operation (NOP) (1)
Timestamps: TSval 928661973, TSecr 546145009
Kind: Time Stamp Option (8)
Length: 10
Timestamp value: 928661973
Timestamp echo reply: 546145009
[SEQ/ACK analysis]
[iRTT: 0.016102000 seconds]
[Bytes in flight: 240]
Secure Sockets Layer
TLSv1.2 Record Layer: Handshake Protocol: Client Hello
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 235
Handshake Protocol: Client Hello
Handshake Type: Client Hello (1)
Length: 231
Version: TLS 1.2 (0x0303)
Random
GMT Unix Time: Feb 24, 2016 17:20:21.000000000 GMT
Random Bytes: fbb67137e8cde6609cb570685f6c9b5a62eefbc12973b545...
Session ID Length: 0
Cipher Suites Length: 58
Cipher Suites (29 suites)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 (0xc025)
Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 (0xc029)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (0x0040)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004)
Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02d)
Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 (0xc031)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 (0x00a2)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008)
Cipher Suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012)
Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
Cipher Suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc003)
Cipher Suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA (0xc00d)
Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)
Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
Compression Methods Length: 1
Compression Methods (1 method)
Compression Method: null (0)
Extensions Length: 132
Extension: elliptic_curves
Type: elliptic_curves (0x000a)
Length: 52
Elliptic Curves Length: 50
Elliptic curves (25 curves)
Elliptic curve: secp256r1 (0x0017)
Elliptic curve: sect163k1 (0x0001)
Elliptic curve: sect163r2 (0x0003)
Elliptic curve: secp192r1 (0x0013)
Elliptic curve: secp224r1 (0x0015)
Elliptic curve: sect233k1 (0x0006)
Elliptic curve: sect233r1 (0x0007)
Elliptic curve: sect283k1 (0x0009)
Elliptic curve: sect283r1 (0x000a)
Elliptic curve: secp384r1 (0x0018)
Elliptic curve: sect409k1 (0x000b)
Elliptic curve: sect409r1 (0x000c)
Elliptic curve: secp521r1 (0x0019)
Elliptic curve: sect571k1 (0x000d)
Elliptic curve: sect571r1 (0x000e)
Elliptic curve: secp160k1 (0x000f)
Elliptic curve: secp160r1 (0x0010)
Elliptic curve: secp160r2 (0x0011)
Elliptic curve: sect163r1 (0x0002)
Elliptic curve: secp192k1 (0x0012)
Elliptic curve: sect193r1 (0x0004)
Elliptic curve: sect193r2 (0x0005)
Elliptic curve: secp224k1 (0x0014)
Elliptic curve: sect239k1 (0x0008)
Elliptic curve: secp256k1 (0x0016)
Extension: ec_point_formats
Type: ec_point_formats (0x000b)
Length: 2
EC point formats Length: 1
Elliptic curves point formats (1)
EC point format: uncompressed (0)
Extension: signature_algorithms
Type: signature_algorithms (0x000d)
Length: 26
Signature Hash Algorithms Length: 24
Signature Hash Algorithms (12 algorithms)
Signature Hash Algorithm: 0x0603
Signature Hash Algorithm Hash: SHA512 (6)
Signature Hash Algorithm Signature: ECDSA (3)
Signature Hash Algorithm: 0x0601
Signature Hash Algorithm Hash: SHA512 (6)
Signature Hash Algorithm Signature: RSA (1)
Signature Hash Algorithm: 0x0503
Signature Hash Algorithm Hash: SHA384 (5)
Signature Hash Algorithm Signature: ECDSA (3)
Signature Hash Algorithm: 0x0501
Signature Hash Algorithm Hash: SHA384 (5)
Signature Hash Algorithm Signature: RSA (1)
Signature Hash Algorithm: 0x0403
Signature Hash Algorithm Hash: SHA256 (4)
Signature Hash Algorithm Signature: ECDSA (3)
Signature Hash Algorithm: 0x0401
Signature Hash Algorithm Hash: SHA256 (4)
Signature Hash Algorithm Signature: RSA (1)
Signature Hash Algorithm: 0x0303
Signature Hash Algorithm Hash: SHA224 (3)
Signature Hash Algorithm Signature: ECDSA (3)
Signature Hash Algorithm: 0x0301
Signature Hash Algorithm Hash: SHA224 (3)
Signature Hash Algorithm Signature: RSA (1)
Signature Hash Algorithm: 0x0203
Signature Hash Algorithm Hash: SHA1 (2)
Signature Hash Algorithm Signature: ECDSA (3)
Signature Hash Algorithm: 0x0201
Signature Hash Algorithm Hash: SHA1 (2)
Signature Hash Algorithm Signature: RSA (1)
Signature Hash Algorithm: 0x0202
Signature Hash Algorithm Hash: SHA1 (2)
Signature Hash Algorithm Signature: DSA (2)
Signature Hash Algorithm: 0x0101
Signature Hash Algorithm Hash: MD5 (1)
Signature Hash Algorithm Signature: RSA (1)
Extension: server_name
Type: server_name (0x0000)
Length: 36
Server Name Indication extension
Server Name list length: 34
Server Name Type: host_name (0)
Server Name length: 31
Server Name: (OMITTED FOR SECURITY REASONS - IT CORRESPONDS TO THE DESTINATION HOSTNAME)
wiersz polecenia tcpdump:
sudo tcpdump -s 0 -n "port 443" -w /Repo/security/capture.cap -i any
Ma ktoś jakiś pomysł co może być dzieje źle? Nie mam uprawnień administracyjnych, a nawet konta do zalogowania się na serwerze, w tej chwili.