TLSv.1.3 interropt problems with OpenSSL 1.1.1 when used on the client side with mutual auth
Norman Maurer
norman.maurer at googlemail.com
Sat Sep 15 06:18:34 UTC 2018
Ok will try to find time today.
> Am 15.09.2018 um 08:08 schrieb Xuelei Fan <xuelei.fan at oracle.com>:
>
> Hi Norman,
>
> I have not had a chance to look into the details. But sure, it helps a lot if you can provide a java client to reproduce the issue.
>
> Thanks,
> Xuelei
>
>> On 9/14/2018 10:29 PM, Norman Maurer wrote:
>> Is there any more details you need ?
>> Just wondering. If you say so I can also provide a pure jdk client (without the Netty wrapper) that shows the problem when used with OpenSSL on the server in the next days.
>> Bye
>> Norman
>>> Am 13.09.2018 um 21:07 schrieb Norman Maurer <norman.maurer at googlemail.com>:
>>>
>>> Hi all,
>>>
>>> I am currently in the process of adding TLS 1.3 support into netty-tcnative[1] which uses JNI to make use of OpenSSL for it. During this work I noticed that I received test-failures when mutual auth is used and the JDK implementation is used on the client side. When using the JDK implementation on the server and client side all works as expected. Also if I use another protocol (like TLSv1.2) all works as expected.
>>>
>>> The problem I am observing is that the client seems to sent the certificate “too late” and so the server (which uses openssl) will report and error that the client did not provide an certificate (even when it was required).
>>>
>>> To reproduce this you can use openssl s_server like this and just create your usual SSLSocket with a KeyManagerFactory configured.
>>>
>>> ./bin/openssl s_server -tls1_3 -cert ~/Documents/workspace/netty/handler/src/test/resources/io/netty/handler/ssl/test.crt -key ~/Documents/workspace/netty/handler/src/test/resources/io/netty/handler/ssl/test_unencrypted.pem -4 -accept localhost:8443 -state -debug -Verify 1
>>>
>>> When now try to connect to it via the JDK TLS1.3 implementation I see the following output:
>>> SSL_accept:before SSL initialization
>>> read from 0x7fe400f050c0 [0x7fe40300f603] (5 bytes => 5 (0x5))
>>> 0000 - 16 03 03 01 60 ....`
>>> read from 0x7fe400f050c0 [0x7fe40300f608] (352 bytes => 352 (0x160))
>>> 0000 - 01 00 01 5c 03 03 22 da-02 d7 86 40 6e 7d c5 a7 ...\..".... at n}..
>>> 0010 - ea 34 47 a4 fa d0 bb 92-f5 62 ec f6 21 e5 ec da .4G......b..!...
>>> 0020 - d6 6b 75 aa b9 34 20 b7-57 a6 83 7b c8 bc a2 0f .ku..4 .W..{....
>>> 0030 - 52 82 11 6f a3 1a 84 c5-4b fd e0 80 58 3c 2a bf R..o....K...X<*.
>>> 0040 - af 54 32 4c 7d 4f fe 00-14 c0 2c c0 2b c0 2f c0 .T2L}O....,.+./.
>>> 0050 - 13 c0 14 00 9c 00 2f 00-35 13 01 13 02 01 00 00 ....../.5.......
>>> 0060 - ff 00 05 00 05 01 00 00-00 00 00 0a 00 20 00 1e ............. ..
>>> 0070 - 00 17 00 18 00 19 00 09-00 0a 00 0b 00 0c 00 0d ................
>>> 0080 - 00 0e 00 16 01 00 01 01-01 02 01 03 01 04 00 0b ................
>>> 0090 - 00 02 01 00 00 0d 00 28-00 26 04 03 05 03 06 03 .......(.&......
>>> 00a0 - 08 04 08 05 08 06 08 09-08 0a 08 0b 04 01 05 01 ................
>>> 00b0 - 06 01 04 02 03 03 03 01-03 02 02 03 02 01 02 02 ................
>>> 00c0 - 00 32 00 28 00 26 04 03-05 03 06 03 08 04 08 05 .2.(.&..........
>>> 00d0 - 08 06 08 09 08 0a 08 0b-04 01 05 01 06 01 04 02 ................
>>> 00e0 - 03 03 03 01 03 02 02 03-02 01 02 02 00 11 00 09 ................
>>> 00f0 - 00 07 02 00 04 00 00 00-00 00 17 00 00 00 2b 00 ..............+.
>>> 0100 - 09 08 03 04 03 03 03 02-03 01 00 2d 00 02 01 01 ...........-....
>>> 0110 - 00 33 00 47 00 45 00 17-00 41 04 4e da b3 f2 63 .3.G.E...A.N...c
>>> 0120 - ee 6e bf e3 af 73 be c9-92 c5 ec 70 ff c7 64 b8 .n...s.....p..d.
>>> 0130 - 8a 9a cc fd f9 d6 36 ef-ce e0 dc 81 01 2f 87 57 ......6....../.W
>>> 0140 - 56 f0 e4 2d 8b c8 73 14-eb 5f 21 0a 5e 94 46 ba V..-..s.._!.^.F.
>>> 0150 - de d1 33 57 4c b5 b3 66-c9 26 fb ff 01 00 01 00 ..3WL..f.&......
>>> SSL_accept:before SSL initialization
>>> SSL_accept:SSLv3/TLS read client hello
>>> SSL_accept:SSLv3/TLS write server hello
>>> SSL_accept:SSLv3/TLS write change cipher spec
>>> SSL_accept:TLSv1.3 write encrypted extensions
>>> SSL_accept:SSLv3/TLS write certificate request
>>> SSL_accept:SSLv3/TLS write certificate
>>> SSL_accept:TLSv1.3 write server certificate verify
>>> write to 0x7fe400f050c0 [0x7fe403018a00] (1430 bytes => 1430 (0x596))
>>> 0000 - 16 03 03 00 9b 02 00 00-97 03 03 bc 7f 3b 07 ad .............;..
>>> 0010 - fb 21 9c 6f 7c 4a 9d 84-9a 82 6e 9c 1a b4 e3 5d .!.o|J....n....]
>>> 0020 - a8 d3 9d 52 a7 e1 93 c3-cc 8c 82 20 b7 57 a6 83 ...R....... .W..
>>> 0030 - 7b c8 bc a2 0f 52 82 11-6f a3 1a 84 c5 4b fd e0 {....R..o....K..
>>> 0040 - 80 58 3c 2a bf af 54 32-4c 7d 4f fe 13 01 00 00 .X<*..T2L}O.....
>>> 0050 - 4f 00 2b 00 02 03 04 00-33 00 45 00 17 00 41 04 O.+.....3.E...A.
>>> 0060 - 7d 81 11 ab ff a6 60 e7-5f 23 82 ed 22 35 76 24 }.....`._#.."5v$
>>> 0070 - b0 47 09 25 0c 79 b9 07-5b 3e 28 b7 3c d8 d3 ce .G.%.y..[>(.<...
>>> 0080 - 6b 89 c6 01 21 28 c9 97-ae 50 a5 e7 43 35 ae c7 k...!(...P..C5..
>>> 0090 - 73 10 60 62 57 25 9b c9-f1 93 28 70 03 44 e1 a0 s.`bW%....(p.D..
>>> 00a0 - 14 03 03 00 01 01 17 03-03 00 27 0f 8b fb 2d 33 ..........'...-3
>>> 00b0 - 72 c6 a8 28 0b 7d e1 c3-b7 d0 f3 d9 18 5b ca e0 r..(.}.......[..
>>> 00c0 - 56 09 74 48 ba 28 16 1c-15 11 d9 fa 6e b3 bc b9 V.tH.(......n...
>>> 00d0 - 4d 54 17 03 03 00 42 35-53 5b 9a 8e 09 df 86 c4 MT....B5S[......
>>> 00e0 - 00 28 05 6d a8 c9 bb 38-e2 77 72 73 25 26 e3 65 .(.m...8.wrs%&.e
>>> 00f0 - 58 d8 fd 15 8a ce ea 97-8a 50 1e e3 f9 c5 dc 96 X........P......
>>> 0100 - f0 3b 3c 0a 12 41 58 9d-ab f8 3a 28 0a 1f 61 e9 .;<..AX...:(..a.
>>> 0110 - df 68 a9 1f 84 66 f7 5b-d7 17 03 03 03 20 8f b5 .h...f.[..... ..
>>> 0120 - b4 52 44 80 d0 b9 63 3d-80 9c 8b 02 fc f3 d5 bb .RD...c=........
>>> 0130 - a9 2a 4f 5b 4a cc 77 78-96 75 95 20 b8 12 c4 a6 .*O[J.wx.u. ....
>>> 0140 - e6 82 ea 56 56 e2 5f 97-65 99 7e 6e 3d b1 66 ee ...VV._.e.~n=.f.
>>> 0150 - 10 4c f7 6d 9b 73 86 14-7a 81 f8 b1 27 af 08 ee .L.m.s..z...'...
>>> 0160 - ce 26 90 34 73 3d b7 45-8d 85 29 a8 65 19 e7 02 .&.4s=.E..).e...
>>> 0170 - e5 55 4a 27 f1 b1 6a a4-11 cc 6c af 78 6d 22 5c .UJ'..j...l.xm"\
>>> 0180 - 33 73 e3 ad 7f 8d 1b d3-75 95 66 64 2d 0e f1 3e 3s......u.fd-..>
>>> 0190 - c2 30 df a1 7e ce a3 50-c3 4e 68 f6 36 b3 4e 45 .0..~..P.Nh.6.NE
>>> 01a0 - 9c ac e9 f2 0d 7c e3 73-6a 40 ab 6e 6e f9 d8 20 .....|.sj at .nn..
>>> 01b0 - 9c f3 04 32 cd 1d df 18-e5 4d e3 e8 b1 38 59 f8 ...2.....M...8Y.
>>> 01c0 - 28 67 2e ca af a2 8b 88-ce ca 48 a6 07 2b a6 9a (g........H..+..
>>> 01d0 - 0e 88 5b d7 0b d9 31 77-97 8d 6c 2b f5 60 24 61 ..[...1w..l+.`$a
>>> 01e0 - a8 5c 47 5d 7c 66 f0 9b-1f e4 76 93 38 f6 78 3e .\G]|f....v.8.x>
>>> 01f0 - 69 29 72 f9 d9 4b cb 05-03 e4 f2 d6 24 e1 91 ee i)r..K......$...
>>> 0200 - 85 37 d7 7b c3 5c 35 90-08 cd b1 cc 76 11 fc 00 .7.{.\5.....v...
>>> 0210 - 12 7e 89 7b 70 e6 ca fe-0b 26 b6 bb ac fe 4b 9f .~.{p....&....K.
>>> 0220 - ec cf 41 69 42 3a 3e 41-f9 b0 c0 93 5b 70 1f c7 ..AiB:>A....[p..
>>> 0230 - 11 00 3d ec 66 5a 1a ca-31 89 22 27 02 dd a0 cb ..=.fZ..1."'....
>>> 0240 - 39 14 25 ee 30 44 e8 62-97 bf 8e 16 63 40 c4 11 9.%.0D.b....c at ..
>>> 0250 - a6 d9 32 b1 3c 86 35 bb-9f f1 4d 71 9f a5 4f 78 ..2.<.5...Mq..Ox
>>> 0260 - 0a e8 96 dd 4d 10 c3 48-f2 db 67 57 2d cd dc 23 ....M..H..gW-..#
>>> 0270 - 3a 8d 6a 61 47 20 ff c8-33 cd e9 f7 47 4c 68 4f :.jaG ..3...GLhO
>>> 0280 - 19 2f 8b e3 b1 90 ac 66-a7 cf 5c e6 d2 05 21 25 ./.....f..\...!%
>>> 0290 - d2 d8 f0 43 8c 55 01 ef-d6 8f c0 27 87 0d 21 d5 ...C.U.....'..!.
>>> 02a0 - 2b 2b 6f db e8 85 ea cd-6e 9c 5d 56 d5 31 c1 f2 ++o.....n.]V.1..
>>> 02b0 - 97 2f 5a 83 7a 2b 71 03-65 e0 b6 4a 56 37 de e1 ./Z.z+q.e..JV7..
>>> 02c0 - 80 3a c4 cc 5a ac 3b 9a-7a bf f7 6b fe a8 69 e9 .:..Z.;.z..k..i.
>>> 02d0 - 58 09 59 bd 46 bd d2 a3-bc ad 1c 10 53 c8 29 7b X.Y.F.......S.){
>>> 02e0 - be 63 00 d6 e5 a8 d6 ab-b2 bc 8b e1 2c 0e 24 2a .c..........,.$*
>>> 02f0 - c2 31 2d d8 6e 1f 19 93-d7 54 e1 1e 28 ce 72 83 .1-.n....T..(.r.
>>> 0300 - ff 05 18 f2 fc e9 0c b3-0c 1b d5 96 c2 d8 fc 76 ...............v
>>> 0310 - 37 a9 5a ef 8e e9 b6 71-21 f3 bd c1 85 23 85 22 7.Z....q!....#."
>>> 0320 - 3d c4 1c c9 31 8b 7e 00-8f 8e b4 9f 05 d4 80 6b =...1.~........k
>>> 0330 - 98 4c a8 82 68 ff 1a a5-28 e2 9b 03 a1 a7 b1 00 .L..h...(.......
>>> 0340 - 02 2b 2d e2 e1 87 8c e8-0a fb 0b 79 54 ca 3d d5 .+-........yT.=.
>>> 0350 - 6a dd b7 b7 87 42 2b 47-49 da e9 0a 82 0a c9 8f j....B+GI.......
>>> 0360 - 57 f7 1e 03 ca 8d 16 bc-21 3a 6a ee b9 b8 fa f0 W.......!:j.....
>>> 0370 - d9 18 35 9f 35 ac d8 6e-9a 8a 0d 56 10 1e 1f 5a ..5.5..n...V...Z
>>> 0380 - ba ec e4 fe 1a 92 b4 31-35 43 1d 99 b9 12 fa ff .......15C......
>>> 0390 - 99 2b 88 e0 58 ec 9c dc-8f 67 ef 2a c2 e2 64 5d .+..X....g.*..d]
>>> 03a0 - 66 76 1c d0 aa 00 30 59-b1 f5 b1 55 9f ad 60 e9 fv....0Y...U..`.
>>> 03b0 - 3d 03 1e d0 8b 4d bf 74-ac bc bb 1c 83 14 c5 e0 =....M.t........
>>> 03c0 - f4 fc 70 9e f4 22 a0 78-04 fe c8 b1 17 65 f6 94 ..p..".x.....e..
>>> 03d0 - 47 82 50 4a b6 32 74 ae-5b 38 5a 2e d9 b0 6a 45 G.PJ.2t.[8Z...jE
>>> 03e0 - 74 e8 f0 22 fe d3 b0 11-c3 fd 72 4f da 77 7a ba t.."......rO.wz.
>>> 03f0 - 26 3e 61 0c 63 21 17 a6-b2 13 6e 71 5c f2 0d ad &>a.c!....nq\...
>>> 0400 - f2 d1 19 71 51 9e a4 1b-b0 30 24 e0 71 7d 87 80 ...qQ....0$.q}..
>>> 0410 - a9 5a e9 bc db e4 4f 50-4d a1 bc bc 2c 4b 66 98 .Z....OPM...,Kf.
>>> 0420 - d4 e4 b0 76 0f d2 db a5-a5 39 9e f2 5b ea 34 c1 ...v.....9..[.4.
>>> 0430 - 62 ab 47 51 3b 37 17 45-54 31 18 f3 f1 ca 17 03 b.GQ;7.ET1......
>>> 0440 - 03 01 19 dd 50 50 f5 0c-f2 c9 3c b4 8f 63 cc 4a ....PP....<..c.J
>>> 0450 - a7 50 c9 91 9b 79 9a 2a-5c 47 d3 77 f6 56 69 90 .P...y.*\G.w.Vi.
>>> 0460 - 98 cd ff bd c1 2a 49 fc-0d d4 7e cc 7e 44 af c4 .....*I...~.~D..
>>> 0470 - 61 47 e0 c1 76 b1 8c 2e-df 7e d0 82 e1 89 1f 04 aG..v....~......
>>> 0480 - ae 64 bd 71 4d ae 1c 3c-e3 d3 39 5d 61 2a ea 70 .d.qM..<..9]a*.p
>>> 0490 - 8c 31 6d a0 b1 72 a8 7a-5c 9c 11 08 b8 4d a5 c4 .1m..r.z\....M..
>>> 04a0 - ad 1b 38 4a 6a 02 28 d4-d1 0f c8 9f 0b b3 02 18 ..8Jj.(.........
>>> 04b0 - 82 2b bd 46 82 04 64 f0-41 b2 da f5 cd 9c f7 f3 .+.F..d.A.......
>>> 04c0 - 73 30 58 ca 12 ec ea 90-85 1c 75 09 0a 70 b8 80 s0X.......u..p..
>>> 04d0 - 3d 02 17 3e 9b 83 04 b5-dd 9e e6 18 17 65 83 a5 =..>.........e..
>>> 04e0 - 59 7d 4b 98 da bd 8b aa-d6 aa c5 1c 7d 87 56 e3 Y}K.........}.V.
>>> 04f0 - 74 d8 e9 7b eb b3 3d f7-7c 3c 0a e9 a8 2e 04 0d t..{..=.|<......
>>> 0500 - 6a e7 83 e0 ec 99 43 6a-8b 1c 73 59 7a c8 cd 6e j.....Cj..sYz..n
>>> 0510 - 4a 14 73 ff 9a fb 71 94-d5 50 a9 d9 e0 dd 02 4c J.s...q..P.....L
>>> 0520 - 2b 67 9e da 9e fa 2d 67-49 df 13 10 ed 35 3e 73 +g....-gI....5>s
>>> 0530 - 07 20 17 fb 0b ef f6 d0-b7 68 1c 65 21 a6 e3 3b . .......h.e!..;
>>> 0540 - bf 7b 84 cd 9e f5 76 2a-0d 4f b8 c3 c8 15 08 e9 .{....v*.O......
>>> 0550 - 0f 3c 50 49 12 97 a8 d7-f1 a3 16 da 17 03 03 00 .<PI............
>>> 0560 - 35 22 dd a2 9d 25 98 2c-35 b8 00 29 fa a1 dd ba 5"...%.,5..)....
>>> 0570 - 72 b9 fe e5 85 85 f0 f1-3b 4e f5 7c 58 c8 2a da r.......;N.|X.*.
>>> 0580 - d2 75 94 3b c1 7a 7c 7e-db 5b fe 8a 2d 3f 8c 9a .u.;.z|~.[..-?..
>>> 0590 - 6e 79 ab 2b ff 1a ny.+..
>>> SSL_accept:SSLv3/TLS write finished
>>> SSL_accept:TLSv1.3 early data
>>> read from 0x7fe400f050c0 [0x7fe40300f603] (5 bytes => 5 (0x5))
>>> 0000 - 14 03 03 00 01 .....
>>> read from 0x7fe400f050c0 [0x7fe40300f608] (1 bytes => 1 (0x1))
>>> 0000 - 01 .
>>> read from 0x7fe400f050c0 [0x7fe40300f603] (5 bytes => 5 (0x5))
>>> 0000 - 17 03 03 00 3d ....=
>>> read from 0x7fe400f050c0 [0x7fe40300f608] (61 bytes => 61 (0x3D))
>>> 0000 - 38 e7 bb 2c 5b af b6 5f-37 d8 3e 7e bb f4 04 f5 8..,[.._7.>~....
>>> 0010 - e1 28 b5 e5 07 5a ec ce-da 2f f3 b6 45 61 cf ef .(...Z.../..Ea..
>>> 0020 - 90 fb 57 b8 f3 20 45 27-60 d4 26 51 38 77 e4 bc ..W.. E'`.&Q8w..
>>> 0030 - b7 64 d4 8b 73 25 41 9e-fe d3 9d 5f 53 .d..s%A...._S
>>> SSL_accept:TLSv1.3 early data
>>> write to 0x7fe400f050c0 [0x7fe403018a00] (24 bytes => 24 (0x18))
>>> 0000 - 17 03 03 00 13 25 85 60-eb 7d c1 a8 15 49 d5 63 .....%.`.}...I.c
>>> 0010 - 18 7f c6 ac ed 7f df 77- .......w
>>> SSL3 alert write:fatal:unknown
>>> SSL_accept:error in error
>>> ERROR
>>> 140736092021632:error:1417C0C7:SSL routines:tls_process_client_certificate:peer did not return a certificate:ssl/statem/statem_srvr.c:3654:
>>> shutting down SSL
>>> CONNECTION CLOSED
>>>
>>>
>>>
>>> When using openssl s_client all works as expected tho (thats also true if I use my native implementation on the client and server side that uses openssl):
>>>
>>> ./bin/openssl s_client -cert ~/Documents/workspace/netty/handler/src/test/resources/io/netty/handler/ssl/test.crt -key ~/Documents/workspace/netty/handler/src/test/resources/io/netty/handler/ssl/test_unencrypted.pem -state -tls1_3 -connect localhost:8443
>>>
>>> The interesting thing is if I use “-verify 1” and not “-Verify 1” with openssl which tells it I want to request a certificate but will also process if none is provided I receive the certificate at some point as seen here:
>>>
>>> SSL_accept:before SSL initialization
>>> read from 0x7fdc58809fb0 [0x7fdc5901da03] (5 bytes => 5 (0x5))
>>> 0000 - 16 03 03 01 60 ....`
>>> read from 0x7fdc58809fb0 [0x7fdc5901da08] (352 bytes => 352 (0x160))
>>> 0000 - 01 00 01 5c 03 03 61 c0-b3 ed 88 65 e6 cf 11 3f ...\..a....e...?
>>> 0010 - c0 e0 f8 df a6 63 32 c2-ab 3d 61 6f 41 ed b1 4b .....c2..=aoA..K
>>> 0020 - 53 0e 83 e5 a1 b8 20 c7-1b 8c b8 e6 b5 da 4e 4e S..... .......NN
>>> 0030 - 3f 3c 61 7a ad 58 23 94-a7 32 79 2f db 9f 21 c0 ?<az.X#..2y/..!.
>>> 0040 - 8e 0c c5 ce b1 c2 a4 00-14 c0 2c c0 2b c0 2f c0 ..........,.+./.
>>> 0050 - 13 c0 14 00 9c 00 2f 00-35 13 01 13 02 01 00 00 ....../.5.......
>>> 0060 - ff 00 05 00 05 01 00 00-00 00 00 0a 00 20 00 1e ............. ..
>>> 0070 - 00 17 00 18 00 19 00 09-00 0a 00 0b 00 0c 00 0d ................
>>> 0080 - 00 0e 00 16 01 00 01 01-01 02 01 03 01 04 00 0b ................
>>> 0090 - 00 02 01 00 00 0d 00 28-00 26 04 03 05 03 06 03 .......(.&......
>>> 00a0 - 08 04 08 05 08 06 08 09-08 0a 08 0b 04 01 05 01 ................
>>> 00b0 - 06 01 04 02 03 03 03 01-03 02 02 03 02 01 02 02 ................
>>> 00c0 - 00 32 00 28 00 26 04 03-05 03 06 03 08 04 08 05 .2.(.&..........
>>> 00d0 - 08 06 08 09 08 0a 08 0b-04 01 05 01 06 01 04 02 ................
>>> 00e0 - 03 03 03 01 03 02 02 03-02 01 02 02 00 11 00 09 ................
>>> 00f0 - 00 07 02 00 04 00 00 00-00 00 17 00 00 00 2b 00 ..............+.
>>> 0100 - 09 08 03 04 03 03 03 02-03 01 00 2d 00 02 01 01 ...........-....
>>> 0110 - 00 33 00 47 00 45 00 17-00 41 04 52 dc d6 47 6e .3.G.E...A.R..Gn
>>> 0120 - a1 de 9c 71 c2 54 0e 5c-9b 57 fb c8 aa 3f 19 f7 ...q.T.\.W...?..
>>> 0130 - d3 a4 25 12 fa 3f 6c 6d-95 30 66 ca 63 b7 a1 dd ..%..?lm.0f.c...
>>> 0140 - ae 9f 99 d6 a8 6b 20 4f-29 7a 74 58 ad 58 de 12 .....k O)ztX.X..
>>> 0150 - d7 a5 9b 69 dc 27 ac ec-9e d4 04 ff 01 00 01 00 ...i.'..........
>>> SSL_accept:before SSL initialization
>>> SSL_accept:SSLv3/TLS read client hello
>>> SSL_accept:SSLv3/TLS write server hello
>>> SSL_accept:SSLv3/TLS write change cipher spec
>>> SSL_accept:TLSv1.3 write encrypted extensions
>>> SSL_accept:SSLv3/TLS write certificate request
>>> SSL_accept:SSLv3/TLS write certificate
>>> SSL_accept:TLSv1.3 write server certificate verify
>>> write to 0x7fdc58809fb0 [0x7fdc59025e00] (1430 bytes => 1430 (0x596))
>>> 0000 - 16 03 03 00 9b 02 00 00-97 03 03 8b c8 62 48 6c .............bHl
>>> 0010 - f5 7c 73 d9 17 f8 63 a2-11 27 40 93 09 26 53 06 .|s...c..'@..&S.
>>> 0020 - b3 62 df 46 26 b6 dc 59-29 b5 58 20 c7 1b 8c b8 .b.F&..Y).X ....
>>> 0030 - e6 b5 da 4e 4e 3f 3c 61-7a ad 58 23 94 a7 32 79 ...NN?<az.X#..2y
>>> 0040 - 2f db 9f 21 c0 8e 0c c5-ce b1 c2 a4 13 01 00 00 /..!............
>>> 0050 - 4f 00 2b 00 02 03 04 00-33 00 45 00 17 00 41 04 O.+.....3.E...A.
>>> 0060 - 07 63 1c 19 53 89 68 a8-0f ea 9e 4c 18 6f 2a ad .c..S.h....L.o*.
>>> 0070 - 2a df eb 17 a2 08 94 c6-e3 c5 97 ae 0f c1 1a d7 *...............
>>> 0080 - 0d d7 2e 6d 77 3d 30 a0-07 db 70 35 bb 37 dd 1e ...mw=0...p5.7..
>>> 0090 - b6 f3 4d cb 13 97 7c 11-63 98 e8 64 2d a7 e6 cc ..M...|.c..d-...
>>> 00a0 - 14 03 03 00 01 01 17 03-03 00 27 a3 73 d2 ee 2c ..........'.s..,
>>> 00b0 - 2f 9c 8f 95 7f ca a3 89-bc b4 b3 b2 3c 8b 23 ef /...........<.#.
>>> 00c0 - 36 66 23 c9 09 02 33 0d-dc 5d 36 61 44 89 8b ef 6f#...3..]6aD...
>>> 00d0 - fd 13 17 03 03 00 42 f2-5b 3c 0c 27 5e 7f 97 4f ......B.[<.'^..O
>>> 00e0 - 0f de 8c b9 0a a1 41 c7-c2 1e 92 99 6a d5 bd 12 ......A.....j...
>>> 00f0 - 38 b6 b7 93 33 e9 8e 0f-44 93 f0 69 58 b6 41 22 8...3...D..iX.A"
>>> 0100 - 46 e2 4a d5 d6 32 2b b8-a7 ae 3a c2 c5 2f e6 35 F.J..2+...:../.5
>>> 0110 - 11 0c f1 9a 35 2a 87 ed-9e 17 03 03 03 20 a7 e2 ....5*....... ..
>>> 0120 - fe ba c7 10 5b 9c cd 94-67 19 37 2d 46 59 ab 56 ....[...g.7-FY.V
>>> 0130 - 6b dd a4 10 61 cc ed f1-71 a7 2d 6a 41 2e 2b da k...a...q.-jA.+.
>>> 0140 - d1 35 fc 01 df 49 e5 90-1d 9b b2 03 0a 81 58 18 .5...I........X.
>>> 0150 - 96 a1 db 31 19 98 35 5c-87 8f 6e 32 0a e6 c0 aa ...1..5\..n2....
>>> 0160 - 9e 8e 72 e2 34 b3 b7 a3-d6 d1 66 c7 ce 93 fe 78 ..r.4.....f....x
>>> 0170 - 17 c4 71 7c 42 15 c8 af-dc 4f 50 42 51 80 fc bf ..q|B....OPBQ...
>>> 0180 - fc 54 d5 d8 59 20 9a 90-c4 78 97 9c 2d 4a d5 58 .T..Y ...x..-J.X
>>> 0190 - be 81 79 23 59 22 9d 27-f8 bd a0 b2 98 b3 47 82 ..y#Y".'......G.
>>> 01a0 - d3 52 b5 b5 91 ab 5c 76-52 c5 a5 95 2d 03 1c b7 .R....\vR...-...
>>> 01b0 - 64 4d 0b 88 7f 15 0b c8-a8 90 50 9a b6 b1 9f b7 dM........P.....
>>> 01c0 - 40 09 f2 5f 39 f8 9a 06-21 4d 67 10 0a 67 08 b6 @.._9...!Mg..g..
>>> 01d0 - b5 9a 25 8c d5 ca 31 6a-8a 6b 01 93 7d 6f 1e 52 ..%...1j.k..}o.R
>>> 01e0 - 98 96 9d fb e8 c1 07 ab-57 98 2d 1e 75 77 ef c2 ........W.-.uw..
>>> 01f0 - 49 78 e0 b9 2b 32 23 7e-95 4d 3e 27 00 61 86 0c Ix..+2#~.M>'.a..
>>> 0200 - 47 c7 79 e4 ee 9d ba c0-ea 62 f1 0d 8e 4a 91 30 G.y......b...J.0
>>> 0210 - bc 4f 5a 98 26 30 66 ec-c4 63 8f 28 d5 1c 61 23 .OZ.&0f..c.(..a#
>>> 0220 - ea e9 90 4e 36 d9 fa 31-7b 14 27 22 0a ae 9f 64 ...N6..1{.'"...d
>>> 0230 - 40 3d e5 a0 5c 9d 3c 04-71 09 b0 7a 6b 51 a0 9c @=..\.<.q..zkQ..
>>> 0240 - c0 61 32 ce 15 62 8e 29-b1 59 91 c0 17 2c b3 c5 .a2..b.).Y...,..
>>> 0250 - f9 ed 07 65 3d 11 de 98-de 62 36 50 74 37 af 2d ...e=....b6Pt7.-
>>> 0260 - 7d 86 55 c4 3e a2 83 ab-47 8d f2 b2 8d 1d 75 83 }.U.>...G.....u.
>>> 0270 - b5 e4 41 87 a7 a3 85 b0-5e 4e 2e 9c 8c b0 1b 83 ..A.....^N......
>>> 0280 - 7b 54 79 c9 60 ea 7d ed-06 fa dd 24 40 f1 53 9e {Ty.`.}....$@.S.
>>> 0290 - 43 79 25 53 9c c7 6e 95-ab 9f 96 59 cd b9 7b a8 Cy%S..n....Y..{.
>>> 02a0 - a0 23 13 69 db a9 c9 e7-1a 8e e1 9b 54 94 1c 44 .#.i........T..D
>>> 02b0 - 50 08 8b dd eb 4e 2b bb-d7 c9 c2 33 8c a1 b3 65 P....N+....3...e
>>> 02c0 - 06 e6 9d ac 11 16 21 58-40 8d 59 e6 67 e5 31 02 ......!X at .Y.g.1.
>>> 02d0 - 15 8d 29 80 20 66 ba c3-56 93 95 5c 65 4b 41 00 ..). f..V..\eKA.
>>> 02e0 - c5 71 12 12 f5 20 4f 59-be 77 06 10 6e 48 85 5c .q... OY.w..nH.\
>>> 02f0 - ff a2 c4 ae fb 4d 95 f5-cc f6 61 20 33 b7 92 1d .....M....a 3...
>>> 0300 - ac a8 f1 b2 b0 88 c6 7b-8b 00 53 30 6d 4a d1 42 .......{..S0mJ.B
>>> 0310 - b3 3e 85 f5 84 e1 c6 ab-10 9d 61 03 46 ff 2d 81 .>........a.F.-.
>>> 0320 - 15 4f 84 d1 4c ee f4 a6-a0 ec 50 60 a0 d1 ff df .O..L.....P`....
>>> 0330 - 8a 97 f6 7d fb 8f fb 60-18 d4 f1 1f 92 4d d8 69 ...}...`.....M.i
>>> 0340 - b1 92 97 44 0f 3c 8a aa-47 07 48 d4 07 2d 3e f2 ...D.<..G.H..->.
>>> 0350 - c4 a7 16 35 a7 17 71 ef-98 84 24 67 12 58 30 3b ...5..q...$g.X0;
>>> 0360 - 1d 41 8d e5 12 52 95 64-e5 88 35 99 d7 c3 58 40 .A...R.d..5...X@
>>> 0370 - f9 55 9b 9f e5 33 15 70-41 d7 45 ba a4 fc 75 ea .U...3.pA.E...u.
>>> 0380 - a4 ae f0 68 ea 64 d8 f5-06 68 a9 75 22 4d 43 cc ...h.d...h.u"MC.
>>> 0390 - ff 50 cc ac 6e fd 43 dd-eb e4 c8 dd 4b 6c 12 bb .P..n.C.....Kl..
>>> 03a0 - f1 d4 5e 11 4a 86 90 0b-f8 3a 2e 23 db 61 5a 1f ..^.J....:.#.aZ.
>>> 03b0 - 7e 11 00 92 21 68 1f b5-ab f2 f8 38 5e 62 ea f8 ~...!h.....8^b..
>>> 03c0 - da ef c2 6e a0 b8 20 e4-69 49 b3 1f 15 84 0b 9b ...n.. .iI......
>>> 03d0 - ce b0 6f 36 32 7f 7e bf-e8 d7 18 7a 58 60 f4 04 ..o62.~....zX`..
>>> 03e0 - cc 36 bf 06 cd ec e5 9b-19 03 96 09 fb af 8f c3 .6..............
>>> 03f0 - 98 b4 02 aa e8 55 81 aa-c4 fe 06 81 30 a0 c7 b2 .....U......0...
>>> 0400 - f8 e2 30 00 d7 a0 54 7f-5f d7 ef a6 f8 41 58 34 ..0...T._....AX4
>>> 0410 - f5 f0 18 69 8d e6 7a 23-78 90 8f b1 05 c5 b5 7f ...i..z#x.......
>>> 0420 - e0 f2 c7 fa c8 36 5b 53-7e cf e6 75 d3 54 b4 69 .....6[S~..u.T.i
>>> 0430 - 68 43 0d 6a d2 83 cc 13-6d ca bf 83 3c 90 17 03 hC.j....m...<...
>>> 0440 - 03 01 19 96 dc 49 26 ce-1d 8e 86 3d bd cb 00 5e .....I&....=...^
>>> 0450 - ee f6 e7 1d 16 7a ca ef-fa 6d 16 40 b6 99 d0 c1 .....z...m. at ....
>>> 0460 - df 0b 5f 51 60 a8 24 e0-61 82 13 40 da 88 38 3a .._Q`.$.a.. at ..8:
>>> 0470 - 26 1d 80 51 c4 b1 95 35-95 3c 91 35 28 17 49 d8 &..Q...5.<.5(.I.
>>> 0480 - c3 45 be 32 98 3e 02 07-3b 01 20 2b 51 e1 1a 94 .E.2.>..;. +Q...
>>> 0490 - b9 be 96 aa 7a 13 09 ff-d5 a9 63 d4 6f 49 cb b5 ....z.....c.oI..
>>> 04a0 - 23 ab 7f 8c e2 63 f0 5c-5c 27 1e 04 a8 71 0c c0 #....c.\\'...q..
>>> 04b0 - 89 cd ed 18 8d 5b 75 ac-af f3 68 6d cc ba 20 38 .....[u...hm.. 8
>>> 04c0 - b5 7c 09 47 29 28 e2 26-57 57 1f f0 f3 18 fd 6f .|.G)(.&WW.....o
>>> 04d0 - 27 42 a4 e3 de bb e5 d6-09 7d 25 b1 98 97 ad 33 'B.......}%....3
>>> 04e0 - 68 35 92 07 80 23 f1 66-20 5d 74 f3 02 c5 51 ff h5...#.f ]t...Q.
>>> 04f0 - 07 a9 e9 0e 3e 74 da 2e-8f 3b 16 be e6 94 1b 66 ....>t...;.....f
>>> 0500 - bb b2 a2 1e 7c 7b ff 5e-a4 36 2a ba 0b cd 7f e9 ....|{.^.6*.....
>>> 0510 - 86 bb 5e 30 f5 57 92 52-82 b6 2e da 71 b7 22 c2 ..^0.W.R....q.".
>>> 0520 - 90 c4 69 46 07 df 6c 3f-05 8b 19 3e ce b9 75 0d ..iF..l?...>..u.
>>> 0530 - 4b 97 37 ae 94 e2 d6 3c-91 e6 82 c7 a1 78 79 2c K.7....<.....xy,
>>> 0540 - 9a a3 d5 45 94 ad e2 c8-ab fd 81 ec 62 87 f7 75 ...E........b..u
>>> 0550 - e3 70 79 8e 82 3b c5 45-0d d0 33 5f 17 03 03 00 .py..;.E..3_....
>>> 0560 - 35 da e0 74 2a 06 41 5a-64 1e 54 94 29 73 43 3f 5..t*.AZd.T.)sC?
>>> 0570 - e5 24 a8 ba b2 7e 6b 26-82 fc d9 f6 dd 19 05 4a .$...~k&.......J
>>> 0580 - 2c 1a f3 bb 16 1d 38 95-a6 d3 a8 58 f6 a3 41 c7 ,.....8....X..A.
>>> 0590 - 92 44 35 24 25 0e .D5$%.
>>> SSL_accept:SSLv3/TLS write finished
>>> SSL_accept:TLSv1.3 early data
>>> read from 0x7fdc58809fb0 [0x7fdc5901da03] (5 bytes => 5 (0x5))
>>> 0000 - 14 03 03 00 01 .....
>>> read from 0x7fdc58809fb0 [0x7fdc5901da08] (1 bytes => 1 (0x1))
>>> 0000 - 01 .
>>> read from 0x7fdc58809fb0 [0x7fdc5901da03] (5 bytes => 5 (0x5))
>>> 0000 - 17 03 03 00 3d ....=
>>> read from 0x7fdc58809fb0 [0x7fdc5901da08] (61 bytes => 61 (0x3D))
>>> 0000 - ad dd 3e d9 ee ab 56 65-50 1c 72 2a d8 62 7f 90 ..>...VeP.r*.b..
>>> 0010 - 13 71 7d 37 39 40 fb 89-8f 05 4b 39 44 9d 4d 67 .q}79 at ....K9D.Mg
>>> 0020 - e3 41 29 b6 3e e8 fe 04-1b 8e eb 7a 4c e2 14 a0 .A).>......zL...
>>> 0030 - b1 c2 47 3f 94 35 ed ab-8a d1 75 3b ba ..G?.5....u;.
>>> SSL_accept:TLSv1.3 early data
>>> SSL_accept:SSLv3/TLS read client certificate
>>> SSL_accept:SSLv3/TLS read finished
>>> write to 0x7fdc58809fb0 [0x7fdc59025e00] (223 bytes => 223 (0xDF))
>>> 0000 - 17 03 03 00 da 52 1f 48-00 f4 31 13 90 7f 9c c2 .....R.H..1.....
>>> 0010 - fc 70 1a fc f7 4a 48 e7-31 ad 37 ab b5 2b 4e 5c .p...JH.1.7..+N\
>>> 0020 - e8 d8 6d e9 af 6c 4f c1-9e 7b ea ff ef b3 eb 74 ..m..lO..{.....t
>>> 0030 - 27 67 10 21 66 5b 32 13-31 bc 99 d5 1c 6c 79 55 'g.!f[2.1....lyU
>>> 0040 - f3 3e f6 4b 07 4d a9 78-3d 12 8a f5 38 ef d9 f4 .>.K.M.x=...8...
>>> 0050 - 48 e0 2c 35 94 06 4f eb-09 e6 70 fb 59 95 7a c8 H.,5..O...p.Y.z.
>>> 0060 - 24 dd 24 e2 f9 63 b9 3c-f2 66 86 c4 73 44 53 fd $.$..c.<.f..sDS.
>>> 0070 - ca 67 8f 01 d6 db 70 f9-60 bc 50 11 51 72 dc 63 .g....p.`.P.Qr.c
>>> 0080 - 12 ca 4f 23 e2 c5 d1 1d-e5 b0 d4 ec 89 ca 28 be ..O#..........(.
>>> 0090 - 9c 30 83 40 02 a4 62 a8-5c b3 20 1a ab 39 b7 7b .0. at ..b.\. ..9.{
>>> 00a0 - 89 13 39 87 73 be a8 f8-60 13 31 0a 48 5c 79 b9 ..9.s...`.1.H\y.
>>> 00b0 - cc 4a 51 e3 0d d2 b4 93-c0 1f 3a 22 b3 fa 24 a0 .JQ.......:"..$.
>>> 00c0 - 7c f6 76 79 d0 2d 5b 1a-ff a6 e9 e1 40 d3 b1 8c |.vy.-[..... at ...
>>> 00d0 - 0a fa fa de f3 8e d6 ad-9a 22 6b 67 0b 88 18 ........."kg...
>>> SSL_accept:SSLv3/TLS write session ticket
>>> write to 0x7fdc58809fb0 [0x7fdc59025e00] (223 bytes => 223 (0xDF))
>>> 0000 - 17 03 03 00 da 46 aa ea-6a 37 b1 35 e8 41 c8 b3 .....F..j7.5.A..
>>> 0010 - 84 25 af 1c 36 a3 6d 78-a4 44 4a 83 52 ef 13 7c .%..6.mx.DJ.R..|
>>> 0020 - 8f 18 d3 4c f8 22 c8 b3-ad d0 d0 5b 47 a0 43 da ...L.".....[G.C.
>>> 0030 - d2 6e 04 8f dc c9 56 90-58 87 62 63 4c cc 31 ec .n....V.X.bcL.1.
>>> 0040 - b8 c9 18 be 41 32 e1 3c-00 41 2a f1 4d 5c 2d 44 ....A2.<.A*.M\-D
>>> 0050 - 8c aa e1 f0 ed 38 ee 44-64 e5 fd ea 58 3b 84 5d .....8.Dd...X;.]
>>> 0060 - 83 39 21 2e fe 79 4d 76-10 65 87 0f 3c ac df 28 .9!..yMv.e..<..(
>>> 0070 - 49 f8 60 eb be 49 e4 0a-0b 6a 03 2b 9d cf 9b a5 I.`..I...j.+....
>>> 0080 - 03 56 58 32 c2 b2 59 f9-0a 0d f0 ae af ff 20 19 .VX2..Y....... .
>>> 0090 - e5 6e e4 86 2f 5e 3f 7d-47 d5 73 ae 89 48 a7 66 .n../^?}G.s..H.f
>>> 00a0 - fb 2d 83 60 e8 8b ab 27-12 db 24 78 54 eb 14 2d .-.`...'..$xT..-
>>> 00b0 - b7 c6 17 2d 3c 91 57 ac-6e 35 b8 c3 fa c2 42 48 ...-<.W.n5....BH
>>> 00c0 - 2a cb aa 98 32 89 8a ce-0c f7 cd 5e fb bf 6d 33 *...2......^..m3
>>> 00d0 - 08 50 cf 1e 06 bb a1 98-be a4 a9 51 9a b0 34 .P.........Q..4
>>> SSL_accept:SSLv3/TLS write session ticket
>>> write to 0x7fdc58809fb0 [0x7fdc59021c03] (23 bytes => 23 (0x17))
>>> 0000 - 17 03 03 00 12 c5 9b 73-cc 91 7e 48 cb 25 31 a0 .......s..~H.%1.
>>> 0010 - 67 41 db bb 0f 62 d8 gA...b.
>>> write to 0x7fdc58809fb0 [0x7fdc59021c03] (23 bytes => 23 (0x17))
>>> 0000 - 17 03 03 00 12 0f dd 3f-c1 7c e6 b0 cc ea f0 13 .......?.|......
>>> 0010 - 00 d8 01 de ef 7c bb .....|.
>>> read from 0x7fdc58809fb0 [0x7fdc5901da03] (5 bytes => 5 (0x5))
>>> 0000 - 17 03 03 00 1e .....
>>> read from 0x7fdc58809fb0 [0x7fdc5901da08] (30 bytes => 30 (0x1E))
>>> 0000 - d6 88 44 82 cb 23 16 ba-c9 a4 fb 55 51 08 90 c1 ..D..#.....UQ...
>>> 0010 - bf bd a1 7f 0e 37 b0 b4-b5 df f1 07 6c 07 .....7......l.
>>> I am a clientwrite to 0x7fdc58809fb0 [0x7fdc59021c03] (23 bytes => 23 (0x17))
>>> 0000 - 17 03 03 00 12 c0 70 5d-14 e7 69 57 0a d8 64 16 ......p]..iW..d.
>>> 0010 - 0c 90 06 0f c3 4d 1d .....M.
>>> read from 0x7fdc58809fb0 [0x7fdc5901da03] (5 bytes => 5 (0x5))
>>> 0000 - 17 03 03 00 13 .....
>>> read from 0x7fdc58809fb0 [0x7fdc5901da08] (19 bytes => 19 (0x13))
>>> 0000 - 60 28 5b ff bb 0d 9f 96-9a 2d cb fd 60 eb 96 62 `([......-..`..b
>>> 0010 - 53 e6 25 S.%
>>> SSL3 alert read:warning:close notify
>>> DONE
>>> shutting down SSL
>>> CONNECTION CLOSED
>>>
>>>
>>> I am using the following JDK version on MacOS:
>>>
>>> ssl git:(cert_cb_openssl_1_1_1) ✗ /Library/Java/JavaVirtualMachines/jdk-11.jdk/Contents/Home/bin/java -version
>>> java version "11" 2018-09-25
>>> Java(TM) SE Runtime Environment 18.9 (build 11+28)
>>> Java HotSpot(TM) 64-Bit Server VM 18.9 (build 11+28, mixed mode)
>>>
>>> For this to work you will need to have openssl 1.1.1 installed.
>>>
>>> Any help would be welcome,
>>> Norman
>>>
>>> [1] https://github.com/netty/netty-tcnative
>>>
>>>
>>>
More information about the security-dev
mailing list