> On Apr 25, 2017, at 3:17 PM, Blumenthal, Uri - 0553 - MITLL <uri@xxxxxxxxxx> wrote: > Secure Sockets Layer > SSL Record Layer: Handshake Protocol: Client Hello > Content Type: Handshake (22) > Version: TLS 1.2 (0x0303) > Length: 228 > Handshake Protocol: Client Hello > Handshake Type: Client Hello (1) > Length: 224 > Version: TLS 1.2 (0x0303) > ... vanilla client hello ... > > Secure Sockets Layer > TLSv1.2 Record Layer: Handshake Protocol: Server Hello > Content Type: Handshake (22) > Version: TLS 1.2 (0x0303) > Length: 89 > Handshake Protocol: Server Hello > Handshake Type: Server Hello (2) > Length: 85 > Version: TLS 1.2 (0x0303) > Random > GMT Unix Time: Jan 12, 2043 21:01:43.000000000 EST > Random Bytes: 74befd6060b40803a1f2eeee81de721667ea45ac751fb7cd... > Session ID Length: 32 > Session ID: c07a259d71e9906c44632f6f9e885d40a647d514ef5deb8b... > Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) > ... vanilla server hello ... > > Secure Sockets Layer > TLSv1.2 Record Layer: Handshake Protocol: Certificate > Content Type: Handshake (22) > Version: TLS 1.2 (0x0303) > Length: 2017 > Handshake Protocol: Certificate > Handshake Type: Certificate (11) > Length: 2013 > Certificates Length: 2010 > Certificates (2010 bytes) > Certificate Length: 1038 > Certificate (id-at-commonName=cs.visual-paradigm.com) > signedCertificate > version: v3 (2) > serialNumber : 0x1c3d07eea2d576e83c60613e5f3c2a18e518b8a0 > signature (sha256WithRSAEncryption) > Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) EE cert sigalg is normal > issuer: rdnSequence (0) > rdnSequence: 6 items (id-at-commonName=McAfee Web Gateway,id-at-countryName=US,... > RDNSequence item: 1 item (id-at-organizationName=MIT Lincoln Laboratory) > RelativeDistinguishedName item (id-at-organizationName=MIT Lincoln Laboratory) > Id: 2.5.4.10 (id-at-organizationName) > DirectoryString: uTF8String (4) > uTF8String: MIT Lincoln Laboratory > . . . . . > RDNSequence item: 1 item (id-at-commonName=McAfee Web Gateway) > RelativeDistinguishedName item (id-at-commonName=McAfee Web Gateway) > Id: 2.5.4.3 (id-at-commonName) > DirectoryString: uTF8String (4) > uTF8String: McAfee Web Gateway EE cert issuer looks OK. > validity > notBefore: utcTime (0) > utcTime: 17-04-24 18:35:25 (UTC) > notAfter: utcTime (0) > utcTime: 18-04-24 18:35:25 (UTC) EE cert validity is one year, looks OK. > subject: rdnSequence (0) > rdnSequence: 1 item (id-at-commonName=cs.visual-paradigm.com) > RDNSequence item: 1 item (id-at-commonName=cs.visual-paradigm.com) > RelativeDistinguishedName item (id-at-commonName=cs.visual-paradigm.com) > Id: 2.5.4.3 (id-at-commonName) > DirectoryString: uTF8String (4) > uTF8String: cs.visual-paradigm.com EE cert Subject looks OK. > subjectPublicKeyInfo > algorithm (rsaEncryption) > Algorithm Id: 1.2.840.113549.1.1.1 (rsaEncryption) > Padding: 0 > subjectPublicKey: 3082010a02820101009a686b8a742ec2e4341a6f43e20f71... The EE public key is 256 octets or 2048 bits, looks OK. > extensions: 5 items > Extension (id-ce-basicConstraints) > Extension Id: 2.5.29.19 (id-ce-basicConstraints) > BasicConstraintsSyntax [0 length] EE empty basicConstraints defaults to CA:FALSE, OK > Extension (id-ce-subjectKeyIdentifier) > Extension Id: 2.5.29.14 (id-ce-subjectKeyIdentifier) > SubjectKeyIdentifier: 749037cb5eef9dc9b52ade1c2c465c61f1a63206 Not interesting for an EE cert. > Extension (id-ce-authorityKeyIdentifier) > Extension Id: 2.5.29.35 (id-ce-authorityKeyIdentifier) > AuthorityKeyIdentifier > authorityCertIssuer: 1 item > GeneralName: directoryName (4) > directoryName: rdnSequence (0) > rdnSequence: 6 items (id-at-commonName=McAfee Web Gateway,... > RDNSequence item: 1 item (id-at-organizationName=MIT Lincoln Laboratory) > RelativeDistinguishedName item (id-at-organizationName=MIT Lincoln Laboratory) > Id: 2.5.4.10 (id-at-organizationName) > DirectoryString: uTF8String (4) > uTF8String: MIT Lincoln Laboratory > . . . . . > RDNSequence item: 1 item (id-at-commonName=McAfee Web Gateway) > RelativeDistinguishedName item (id-at-commonName=McAfee Web Gateway) > Id: 2.5.4.3 (id-at-commonName) > DirectoryString: uTF8String (4) > uTF8String: McAfee Web Gateway > authorityCertSerialNumber: 1 EE authority key id has DN and serial > Extension (id-ce-keyUsage) > Extension Id: 2.5.29.15 (id-ce-keyUsage) > Padding: 5 > KeyUsage: a0 (digitalSignature, keyEncipherment) > 1... .... = digitalSignature: True > .0.. .... = contentCommitment: False > ..1. .... = keyEncipherment: True > ...0 .... = dataEncipherment: False > .... 0... = keyAgreement: False > .... .0.. = keyCertSign: False > .... ..0. = cRLSign: False > .... ...0 = encipherOnly: False > 0... .... = decipherOnly: False EE ku is OK. > Extension (id-ce-extKeyUsage) > Extension Id: 2.5.29.37 (id-ce-extKeyUsage) > KeyPurposeIDs: 1 item > KeyPurposeId: 1.3.6.1.5.5.7.3.1 (id-kp-serverAuth) EE eku is OK > algorithmIdentifier (sha256WithRSAEncryption) > Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) > Padding: 0 > encrypted: 76a83746f5faf96fe7911ad7fd57c7240262fcec5439075e... EE cert fine overall. > Certificate Length: 966 > Certificate (id-at-commonName=McAfee Web Gateway,. . . > signedCertificate > version: v3 (2) > serialNumber: 1 Issuer serial matches EE cert issuer and authority key id. > signature (shaWithRSAEncryption) > Algorithm Id: 1.2.840.113549.1.1.5 (shaWithRSAEncryption) Self-signature is SHA1, but should be OK on root CA certs. > issuer: rdnSequence (0) > rdnSequence: 6 items (id-at-commonName=McAfee Web Gateway,... > RDNSequence item: 1 item (id-at-organizationName=MIT Lincoln Laboratory) > RelativeDistinguishedName item (id-at-organizationName=MIT Lincoln Laboratory) > Id: 2.5.4.10 (id-at-organizationName) > DirectoryString: uTF8String (4) > uTF8String: MIT Lincoln Laboratory > . . . . . > RDNSequence item: 1 item (id-at-commonName=McAfee Web Gateway) > RelativeDistinguishedName item (id-at-commonName=McAfee Web Gateway) > Id: 2.5.4.3 (id-at-commonName) > DirectoryString: uTF8String (4) > uTF8String: McAfee Web Gateway Issuer is self-signed, see below > validity > notBefore: utcTime (0) > utcTime: 12-08-07 21:51:05 (UTC) > notAfter: utcTime (0) > utcTime: 22-08-07 21:51:05 (UTC) Issuer 10 year validity is fine. > subject: rdnSequence (0) > rdnSequence: 6 items (id-at-commonName=McAfee Web Gateway,. . . > RDNSequence item: 1 item (id-at-organizationName=MIT Lincoln Laboratory) > RelativeDistinguishedName item (id-at-organizationName=MIT Lincoln Laboratory) > Id: 2.5.4.10 (id-at-organizationName) > DirectoryString: uTF8String (4) > uTF8String: MIT Lincoln Laboratory > . . . . . > RDNSequence item: 1 item (id-at-commonName=McAfee Web Gateway) > RelativeDistinguishedName item (id-at-commonName=McAfee Web Gateway) > Id: 2.5.4.3 (id-at-commonName) > DirectoryString: uTF8String (4) > uTF8String: McAfee Web Gateway Same subject/issuer and issuer subject name matches EE cert issuer name, ... > subjectPublicKeyInfo > algorithm (rsaEncryption) > Algorithm Id: 1.2.840.113549.1.1.1 (rsaEncryption) > Padding: 0 > subjectPublicKey: 3082010a028201010085b3b7c94a1150fdde952428b6a343... Issuer cert also 2048-bits. > extensions: 4 items > Extension (ns_cert_exts.comment) > Extension Id: 2.16.840.1.113730.1.13 (ns_cert_exts.comment) > BER Error: String with tag=22 expected but class:UNIVERSAL(0) primitive tag:12 was unexpected > [Expert Info (Warn/Malformed): BER Error: String expected] > [BER Error: String expected] > [Severity level: Warn] > [Group: Malformed] This is odd, is tshark buggy, too picky, or is the issuer cert actually malformed? > Extension (id-ce-subjectAltName) > Extension Id: 2.5.29.17 (id-ce-subjectAltName) > GeneralNames: 1 item > GeneralName: rfc822Name (1) > rfc822Name: help@xxxxxxxxxx > Extension (id-ce-basicConstraints) > Extension Id: 2.5.29.19 (id-ce-basicConstraints) > BasicConstraintsSyntax > cA: True Good, issuer is a CA > Extension (id-ce-keyUsage) > Extension Id: 2.5.29.15 (id-ce-keyUsage) > Padding: 1 > KeyUsage: 06 (keyCertSign, cRLSign) > 0... .... = digitalSignature: False > .0.. .... = contentCommitment: False > ..0. .... = keyEncipherment: False > ...0 .... = dataEncipherment: False > .... 0... = keyAgreement: False > .... .1.. = keyCertSign: True > .... ..1. = cRLSign: True > .... ...0 = encipherOnly: False > 0... .... = decipherOnly: False Issuer ku is OK > algorithmIdentifier (shaWithRSAEncryption) > Algorithm Id: 1.2.840.113549.1.1.5 (shaWithRSAEncryption) > Padding: 0 > encrypted: 408fc9a991e6cebbec05fa6b2463d89bcb8b2dc888c1a1b6... Issuer cert is an MiTM proxy, and possibly has encoding errors. > Secure Sockets Layer > TLSv1.2 Record Layer: Handshake Protocol: Server Key Exchange > Content Type: Handshake (22) > Version: TLS 1.2 (0x0303) > Length: 333 > Handshake Protocol: Server Key Exchange > Handshake Type: Server Key Exchange (12) > Length: 329 > EC Diffie-Hellman Server Params ECDHE, no problem. > TLSv1.2 Record Layer: Handshake Protocol: Server Hello Done Fine, no request for client cert. > Secure Sockets Layer > TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Certificate Unknown) > Content Type: Alert (21) > Version: TLS 1.2 (0x0303) > Length: 2 > Alert Message > Level: Fatal (2) > Description: Certificate Unknown (46) Client objects to the server chain. Either does not trust the MiTM root CA, or is unhappy about its encoding (assuming tshark is not generating an FP warning). -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users