On 4/24/17, 7:26 PM, "openssl-users on behalf of Viktor Dukhovni" <openssl-users-bounces@xxxxxxxxxxx on behalf of openssl-users@xxxxxxxxxxxx> wrote:
I get slightly annoyed when I take the time to help, but my response is
skimmed over and not read carefully. Upthread I said:
See my recent post: https://www.spinics.net/lists/openssl-users/msg05623.html
for instructions on how to extract SSL info from PCAP files in a way that
mostly trims away endpoint details...
My apologies. Please find attached the tshark-processed (as instructed) PCAPNG file. I’d love to learn what one can glean from it.
If the alert is from the application to the proxy, then most likely the
application does not trust the proxy MiTM root CA.
Thanks!
Secure Sockets Layer
SSL Record Layer: Handshake Protocol: Client Hello
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 228
Handshake Protocol: Client Hello
Handshake Type: Client Hello (1)
Length: 224
Version: TLS 1.2 (0x0303)
Random
GMT Unix Time: Apr 24, 2017 17:59:40.000000000 EDT
Random Bytes: 010124d7b6a3fcc51f5495bfaeb11c0be284472c54217e63...
Session ID Length: 0
Cipher Suites Length: 58
Cipher Suites (29 suites)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 (0xc025)
Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 (0xc029)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (0x0040)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004)
Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02d)
Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 (0xc031)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 (0x00a2)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008)
Cipher Suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012)
Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
Cipher Suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc003)
Cipher Suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA (0xc00d)
Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)
Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
Compression Methods Length: 1
Compression Methods (1 method)
Compression Method: null (0)
Extensions Length: 125
Extension: elliptic_curves
Type: elliptic_curves (0x000a)
Length: 52
Elliptic Curves Length: 50
Elliptic curves (25 curves)
Elliptic curve: secp256r1 (0x0017)
Elliptic curve: sect163k1 (0x0001)
Elliptic curve: sect163r2 (0x0003)
Elliptic curve: secp192r1 (0x0013)
Elliptic curve: secp224r1 (0x0015)
Elliptic curve: sect233k1 (0x0006)
Elliptic curve: sect233r1 (0x0007)
Elliptic curve: sect283k1 (0x0009)
Elliptic curve: sect283r1 (0x000a)
Elliptic curve: secp384r1 (0x0018)
Elliptic curve: sect409k1 (0x000b)
Elliptic curve: sect409r1 (0x000c)
Elliptic curve: secp521r1 (0x0019)
Elliptic curve: sect571k1 (0x000d)
Elliptic curve: sect571r1 (0x000e)
Elliptic curve: secp160k1 (0x000f)
Elliptic curve: secp160r1 (0x0010)
Elliptic curve: secp160r2 (0x0011)
Elliptic curve: sect163r1 (0x0002)
Elliptic curve: secp192k1 (0x0012)
Elliptic curve: sect193r1 (0x0004)
Elliptic curve: sect193r2 (0x0005)
Elliptic curve: secp224k1 (0x0014)
Elliptic curve: sect239k1 (0x0008)
Elliptic curve: secp256k1 (0x0016)
Extension: ec_point_formats
Type: ec_point_formats (0x000b)
Length: 2
EC point formats Length: 1
Elliptic curves point formats (1)
EC point format: uncompressed (0)
Extension: signature_algorithms
Type: signature_algorithms (0x000d)
Length: 28
Signature Hash Algorithms Length: 26
Signature Hash Algorithms (13 algorithms)
Signature Hash Algorithm: 0x0603
Signature Hash Algorithm Hash: SHA512 (6)
Signature Hash Algorithm Signature: ECDSA (3)
Signature Hash Algorithm: 0x0601
Signature Hash Algorithm Hash: SHA512 (6)
Signature Hash Algorithm Signature: RSA (1)
Signature Hash Algorithm: 0x0503
Signature Hash Algorithm Hash: SHA384 (5)
Signature Hash Algorithm Signature: ECDSA (3)
Signature Hash Algorithm: 0x0501
Signature Hash Algorithm Hash: SHA384 (5)
Signature Hash Algorithm Signature: RSA (1)
Signature Hash Algorithm: 0x0403
Signature Hash Algorithm Hash: SHA256 (4)
Signature Hash Algorithm Signature: ECDSA (3)
Signature Hash Algorithm: 0x0401
Signature Hash Algorithm Hash: SHA256 (4)
Signature Hash Algorithm Signature: RSA (1)
Signature Hash Algorithm: 0x0402
Signature Hash Algorithm Hash: SHA256 (4)
Signature Hash Algorithm Signature: DSA (2)
Signature Hash Algorithm: 0x0303
Signature Hash Algorithm Hash: SHA224 (3)
Signature Hash Algorithm Signature: ECDSA (3)
Signature Hash Algorithm: 0x0301
Signature Hash Algorithm Hash: SHA224 (3)
Signature Hash Algorithm Signature: RSA (1)
Signature Hash Algorithm: 0x0302
Signature Hash Algorithm Hash: SHA224 (3)
Signature Hash Algorithm Signature: DSA (2)
Signature Hash Algorithm: 0x0203
Signature Hash Algorithm Hash: SHA1 (2)
Signature Hash Algorithm Signature: ECDSA (3)
Signature Hash Algorithm: 0x0201
Signature Hash Algorithm Hash: SHA1 (2)
Signature Hash Algorithm Signature: RSA (1)
Signature Hash Algorithm: 0x0202
Signature Hash Algorithm Hash: SHA1 (2)
Signature Hash Algorithm Signature: DSA (2)
Extension: server_name
Type: server_name (0x0000)
Length: 27
Server Name Indication extension
Server Name list length: 25
Server Name Type: host_name (0)
Server Name length: 22
Server Name: cs.visual-paradigm.com
Secure Sockets Layer
TLSv1.2 Record Layer: Handshake Protocol: Server Hello
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 89
Handshake Protocol: Server Hello
Handshake Type: Server Hello (2)
Length: 85
Version: TLS 1.2 (0x0303)
Random
GMT Unix Time: Jan 12, 2043 21:01:43.000000000 EST
Random Bytes: 74befd6060b40803a1f2eeee81de721667ea45ac751fb7cd...
Session ID Length: 32
Session ID: c07a259d71e9906c44632f6f9e885d40a647d514ef5deb8b...
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
Compression Method: null (0)
Extensions Length: 13
Extension: renegotiation_info
Type: renegotiation_info (0xff01)
Length: 1
Renegotiation Info extension
Renegotiation info extension length: 0
Extension: ec_point_formats
Type: ec_point_formats (0x000b)
Length: 4
EC point formats Length: 3
Elliptic curves point formats (3)
EC point format: uncompressed (0)
EC point format: ansiX962_compressed_prime (1)
EC point format: ansiX962_compressed_char2 (2)
Secure Sockets Layer
TLSv1.2 Record Layer: Handshake Protocol: Certificate
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 2017
Handshake Protocol: Certificate
Handshake Type: Certificate (11)
Length: 2013
Certificates Length: 2010
Certificates (2010 bytes)
Certificate Length: 1038
Certificate (id-at-commonName=cs.visual-paradigm.com)
signedCertificate
version: v3 (2)
serialNumber : 0x1c3d07eea2d576e83c60613e5f3c2a18e518b8a0
signature (sha256WithRSAEncryption)
Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
issuer: rdnSequence (0)
rdnSequence: 6 items (id-at-commonName=McAfee Web Gateway,id-at-countryName=US,...
RDNSequence item: 1 item (id-at-organizationName=MIT Lincoln Laboratory)
RelativeDistinguishedName item (id-at-organizationName=MIT Lincoln Laboratory)
Id: 2.5.4.10 (id-at-organizationName)
DirectoryString: uTF8String (4)
uTF8String: MIT Lincoln Laboratory
. . . . .
RDNSequence item: 1 item (id-at-commonName=McAfee Web Gateway)
RelativeDistinguishedName item (id-at-commonName=McAfee Web Gateway)
Id: 2.5.4.3 (id-at-commonName)
DirectoryString: uTF8String (4)
uTF8String: McAfee Web Gateway
validity
notBefore: utcTime (0)
utcTime: 17-04-24 18:35:25 (UTC)
notAfter: utcTime (0)
utcTime: 18-04-24 18:35:25 (UTC)
subject: rdnSequence (0)
rdnSequence: 1 item (id-at-commonName=cs.visual-paradigm.com)
RDNSequence item: 1 item (id-at-commonName=cs.visual-paradigm.com)
RelativeDistinguishedName item (id-at-commonName=cs.visual-paradigm.com)
Id: 2.5.4.3 (id-at-commonName)
DirectoryString: uTF8String (4)
uTF8String: cs.visual-paradigm.com
subjectPublicKeyInfo
algorithm (rsaEncryption)
Algorithm Id: 1.2.840.113549.1.1.1 (rsaEncryption)
Padding: 0
subjectPublicKey: 3082010a02820101009a686b8a742ec2e4341a6f43e20f71...
extensions: 5 items
Extension (id-ce-basicConstraints)
Extension Id: 2.5.29.19 (id-ce-basicConstraints)
BasicConstraintsSyntax [0 length]
Extension (id-ce-subjectKeyIdentifier)
Extension Id: 2.5.29.14 (id-ce-subjectKeyIdentifier)
SubjectKeyIdentifier: 749037cb5eef9dc9b52ade1c2c465c61f1a63206
Extension (id-ce-authorityKeyIdentifier)
Extension Id: 2.5.29.35 (id-ce-authorityKeyIdentifier)
AuthorityKeyIdentifier
authorityCertIssuer: 1 item
GeneralName: directoryName (4)
directoryName: rdnSequence (0)
rdnSequence: 6 items (id-at-commonName=McAfee Web Gateway,...
RDNSequence item: 1 item (id-at-organizationName=MIT Lincoln Laboratory)
RelativeDistinguishedName item (id-at-organizationName=MIT Lincoln Laboratory)
Id: 2.5.4.10 (id-at-organizationName)
DirectoryString: uTF8String (4)
uTF8String: MIT Lincoln Laboratory
. . . . .
RDNSequence item: 1 item (id-at-commonName=McAfee Web Gateway)
RelativeDistinguishedName item (id-at-commonName=McAfee Web Gateway)
Id: 2.5.4.3 (id-at-commonName)
DirectoryString: uTF8String (4)
uTF8String: McAfee Web Gateway
authorityCertSerialNumber: 1
Extension (id-ce-keyUsage)
Extension Id: 2.5.29.15 (id-ce-keyUsage)
Padding: 5
KeyUsage: a0 (digitalSignature, keyEncipherment)
1... .... = digitalSignature: True
.0.. .... = contentCommitment: False
..1. .... = keyEncipherment: True
...0 .... = dataEncipherment: False
.... 0... = keyAgreement: False
.... .0.. = keyCertSign: False
.... ..0. = cRLSign: False
.... ...0 = encipherOnly: False
0... .... = decipherOnly: False
Extension (id-ce-extKeyUsage)
Extension Id: 2.5.29.37 (id-ce-extKeyUsage)
KeyPurposeIDs: 1 item
KeyPurposeId: 1.3.6.1.5.5.7.3.1 (id-kp-serverAuth)
algorithmIdentifier (sha256WithRSAEncryption)
Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
Padding: 0
encrypted: 76a83746f5faf96fe7911ad7fd57c7240262fcec5439075e...
Certificate Length: 966
Certificate (id-at-commonName=McAfee Web Gateway,. . .
signedCertificate
version: v3 (2)
serialNumber: 1
signature (shaWithRSAEncryption)
Algorithm Id: 1.2.840.113549.1.1.5 (shaWithRSAEncryption)
issuer: rdnSequence (0)
rdnSequence: 6 items (id-at-commonName=McAfee Web Gateway,...
RDNSequence item: 1 item (id-at-organizationName=MIT Lincoln Laboratory)
RelativeDistinguishedName item (id-at-organizationName=MIT Lincoln Laboratory)
Id: 2.5.4.10 (id-at-organizationName)
DirectoryString: uTF8String (4)
uTF8String: MIT Lincoln Laboratory
. . . . .
RDNSequence item: 1 item (id-at-commonName=McAfee Web Gateway)
RelativeDistinguishedName item (id-at-commonName=McAfee Web Gateway)
Id: 2.5.4.3 (id-at-commonName)
DirectoryString: uTF8String (4)
uTF8String: McAfee Web Gateway
validity
notBefore: utcTime (0)
utcTime: 12-08-07 21:51:05 (UTC)
notAfter: utcTime (0)
utcTime: 22-08-07 21:51:05 (UTC)
subject: rdnSequence (0)
rdnSequence: 6 items (id-at-commonName=McAfee Web Gateway,. . .
RDNSequence item: 1 item (id-at-organizationName=MIT Lincoln Laboratory)
RelativeDistinguishedName item (id-at-organizationName=MIT Lincoln Laboratory)
Id: 2.5.4.10 (id-at-organizationName)
DirectoryString: uTF8String (4)
uTF8String: MIT Lincoln Laboratory
. . . . .
RDNSequence item: 1 item (id-at-commonName=McAfee Web Gateway)
RelativeDistinguishedName item (id-at-commonName=McAfee Web Gateway)
Id: 2.5.4.3 (id-at-commonName)
DirectoryString: uTF8String (4)
uTF8String: McAfee Web Gateway
subjectPublicKeyInfo
algorithm (rsaEncryption)
Algorithm Id: 1.2.840.113549.1.1.1 (rsaEncryption)
Padding: 0
subjectPublicKey: 3082010a028201010085b3b7c94a1150fdde952428b6a343...
extensions: 4 items
Extension (ns_cert_exts.comment)
Extension Id: 2.16.840.1.113730.1.13 (ns_cert_exts.comment)
BER Error: String with tag=22 expected but class:UNIVERSAL(0) primitive tag:12 was unexpected
[Expert Info (Warn/Malformed): BER Error: String expected]
[BER Error: String expected]
[Severity level: Warn]
[Group: Malformed]
Extension (id-ce-subjectAltName)
Extension Id: 2.5.29.17 (id-ce-subjectAltName)
GeneralNames: 1 item
GeneralName: rfc822Name (1)
rfc822Name: help@xxxxxxxxxx
Extension (id-ce-basicConstraints)
Extension Id: 2.5.29.19 (id-ce-basicConstraints)
BasicConstraintsSyntax
cA: True
Extension (id-ce-keyUsage)
Extension Id: 2.5.29.15 (id-ce-keyUsage)
Padding: 1
KeyUsage: 06 (keyCertSign, cRLSign)
0... .... = digitalSignature: False
.0.. .... = contentCommitment: False
..0. .... = keyEncipherment: False
...0 .... = dataEncipherment: False
.... 0... = keyAgreement: False
.... .1.. = keyCertSign: True
.... ..1. = cRLSign: True
.... ...0 = encipherOnly: False
0... .... = decipherOnly: False
algorithmIdentifier (shaWithRSAEncryption)
Algorithm Id: 1.2.840.113549.1.1.5 (shaWithRSAEncryption)
Padding: 0
encrypted: 408fc9a991e6cebbec05fa6b2463d89bcb8b2dc888c1a1b6...
Hypertext Transfer Protocol
[Proxy-Connect-Hostname: cs.visual-paradigm.com]
[Proxy-Connect-Port: 443]
Secure Sockets Layer
TLSv1.2 Record Layer: Handshake Protocol: Server Key Exchange
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 333
Handshake Protocol: Server Key Exchange
Handshake Type: Server Key Exchange (12)
Length: 329
EC Diffie-Hellman Server Params
Curve Type: named_curve (0x03)
Named Curve: secp256r1 (0x0017)
Pubkey Length: 65
Pubkey: 04ddd74a3192f97d6c0285a4af7940263ec557207e9e2382...
Signature Hash Algorithm: 0x0401
Signature Hash Algorithm Hash: SHA256 (4)
Signature Hash Algorithm Signature: RSA (1)
Signature Length: 256
Signature: 2e4a11ef3f32891a5cd389b99f556f83e1329e9d9d44da40...
TLSv1.2 Record Layer: Handshake Protocol: Server Hello Done
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 4
Handshake Protocol: Server Hello Done
Handshake Type: Server Hello Done (14)
Length: 0
Secure Sockets Layer
TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Certificate Unknown)
Content Type: Alert (21)
Version: TLS 1.2 (0x0303)
Length: 2
Alert Message
Level: Fatal (2)
Description: Certificate Unknown (46)
Secure Sockets Layer
Secure Sockets Layer
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
