[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
FW: LDAP SSL session reuse
- To: <openldap-software@OpenLDAP.org>
- Subject: FW: LDAP SSL session reuse
- From: "Davidson, Stuart" <Stuart.Davidson@hp.com>
- Date: Thu, 23 May 2002 18:29:13 +0100
- Content-class: urn:content-classes:message
- Thread-index: AcICfa9oIgbunkbIQQyVzVG6/E8itAAAUXpA
- Thread-topic: LDAP SSL session reuse
> This maybe a general LDAP, SSL problem and since there are experts on this list who maybe able to help, please don't flame.
>
> We are using an LDAP server, Active Directory, over SSL which appears to default to CertificateRequest in the ServerHello.
>
> I do not see why the CertificateRequest is included but I've modified nss_ldap and pam_ldap to use ldapssl_clientauth_init and ldapssl_enable_clientauth. The following ssldump trace shows that the client certificate is now sent in response to the ServerHello.
>
> However, when the client attempts to reuse an SSL session (e.g. packet "4 1") it appears to result in an error following the ChangeCipherSpec dialog (e.g. packet "4 7" application_data is followed by packet "4 8" HelloRequest).
>
> The application data following the ChangeCipherSpec is always the same (e.g. packets "1 8", "2 8", "3 8", "4 7") and is the result of an ldap_simple_bind, although I've observed the same behaviour with ldap_sasl_bind_s.
>
> Note, the above behaviour occurs even if client certificates are NOT sent e.g. using standard pam_ldap and nss_ldap.
>
> I maybe 2 + 2 = 5... but I have the following questions:
>
> 1. any idea why the dialog fails at packet "4 8"?
> 2. is it OK to call ldap_*_bind when an SSL session is reused?
> 3. just because I'm curious is it possible to prevent SSL session reuse?
> 4. any other ideas why this is failing?
>
> I'd really like to get this fixed so any help would be appreciated.
>
> Thanks,
> Stuart
>
> Environment: Solaris 5.8, Windows 2K + SP2, Active Directory, PADL pam_ldap nss_ldap, iPlanet LDAP C SDK 5.08
>
> Script started on Thu 23 May 2002 11:17:02 AM BST
> #
> # ssldump -i hme0 -ANd -p Flapjack -k cpqunix_test2.pem
> New TCP connection #1: sun6.reo.cpqcorp.net(33091) <-> cpqtestdc1.cpqunix.net(636)
> 1 1 0.0028 (0.0028) C>S SSLv2 compatible client hello
> Version 3.1
> cipher suites
> TLS_DHE_DSS_WITH_RC4_128_SHA
> TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
> TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
> TLS_RSA_WITH_RC4_128_MD5
> Unknown value 0xfeff
> TLS_RSA_WITH_3DES_EDE_CBC_SHA
> Unknown value 0xfefe
> TLS_DHE_RSA_WITH_DES_CBC_SHA
> TLS_DHE_DSS_WITH_DES_CBC_SHA
> TLS_RSA_WITH_DES_CBC_SHA
> TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
> TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
> TLS_RSA_EXPORT_WITH_RC4_40_MD5
> TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
> 1 2 0.0043 (0.0014) S>CV3.1(3915) Handshake
> ServerHello
> Version 3.1
> random[32]=
> d8 6c f2 d0 e2 f2 d3 a0 92 b6 02 1e c9 61 ae fe
> 0c 01 94 21 ea fe dd 49 27 e7 fe fe d0 80 bf 61
> session_id[32]=
> 9b 04 00 00 ff 49 71 4b a5 f9 a5 41 e4 ea 87 4f
> 23 72 1a a8 a7 65 06 62 fd 23 cf 96 8d 39 f8 32
> cipherSuite TLS_RSA_WITH_RC4_128_MD5
> compressionMethod NULL
> Certificate
> Subject
> C=GB
> ST=Berks
> L=Reading
> O=CPQ UNIX ENTERPRISE CA
> OU=NAP DP
> CN=cpqtestdc1.cpqunix.net
> Issuer
> C=UK
> ST=Berks
> L=Reading
> O=UNIX LAND
> OU=NAP DP
> CN=CPQ UNIX ENTERPRISE CA
> Serial 61 3c 1f a9 00 00 00 00 00 08
> Extensions
> Extension: X509v3 Key Usage
> Extension: X509v3 Extended Key Usage
> Extension: X509v3 Subject Key Identifier
> Extension: X509v3 Authority Key Identifier
> Extension: X509v3 CRL Distribution Points
> Extension: Authority Information Access
> Extension: 1.3.6.1.4.1.311.20.2
> CertificateRequest
> certificate_types rsa_sign
> certificate_authority
> C=US
> O=VeriSign, Inc.
> OU=Class 1 Public Primary Certification Authority - G2
> OU=(c) 1998 VeriSign, Inc. - For authorized use only>
> OU=VeriSign Trust Network
> certificate_authority
> C=US
> O=VeriSign, Inc.
> OU=Class 4 Public Primary Certification Authority - G2
> OU=(c) 1998 VeriSign, Inc. - For authorized use only
> OU=VeriSign Trust Network
> certificate_authority
> C=ZA
> ST=Western Cape
> L=Cape Town
> O=Thawte Consulting
> OU=Certification Services Division
> CN=Thawte Personal Freemail CA
> Email=personal-freemail@thawte.com
> certificate_authority
> C=UK
> ST=Berks
> L=Reading
> O=UNIX LAND
> OU=NAP DP
> CN=CPQ UNIX ENTERPRISE CA
> certificate_authority
> C=ZA
> ST=Western Cape
> L=Cape Town
> O=Thawte Consulting
> OU=Certification Services Division
> CN=Thawte Personal Premium CA
> Email=personal-premium@thawte.com
> certificate_authority
> C=US
> O=First Data Digital Certificates Inc.
> CN=First Data Digital Certificates Inc. Certification Authority
> certificate_authority
> C=ZA
> ST=Western Cape
> L=Cape Town
> O=Thawte Consulting
> OU=Certification Services Division
> CN=Thawte Personal Basic CA
> Email=personal-basic@thawte.com
> certificate_authority
> C=US
> O=VeriSign, Inc.
> OU=Class 3 Public Primary Certification Authority
> certificate_authority
> C=US
> O=VeriSign, Inc.
> OU=Class 2 Public Primary Certification Authority
> certificate_authority
> C=US
> O=VeriSign, Inc.
> OU=Class 1 Public Primary Certification Authority
> certificate_authority
> C=US
> O=VeriSign, Inc.
> OU=Class 3 Public Primary Certification Authority - G2
> OU=(c) 1998 VeriSign, Inc. - For authorized use only
> OU=VeriSign Trust Network
> certificate_authority
> C=US
> O=GTE Corporation
> CN=GTE CyberTrust Root
> certificate_authority
> C=US
> O=GTE Corporation
> OU=GTE CyberTrust Solutions, Inc.
> CN=GTE CyberTrust Global Root
> certificate_authority
> OU=Copyright (c) 1997 Microsoft Corp.
> OU=Microsoft Corporation
> CN=Microsoft Root Authority
> certificate_authority
> C=US
> O=VeriSign, Inc.
> OU=Class 2 Public Primary Certification Authority - G2
> OU=(c) 1998 VeriSign, Inc. - For authorized use only
> OU=VeriSign Trust Network
> certificate_authority
> C=US
> O=GTE Corporation
> OU=GTE CyberTrust Solutions, Inc.
> CN=GTE CyberTrust Root
> ServerHelloDone
> 1 3 0.0430 (0.0387) C>SV3.1(1688) Handshake
> Certificate
> Subject
> CN=Administrator
> Issuer
> C=UK
> ST=Berks
> L=Reading
> O=UNIX LAND
> OU=NAP DP
> CN=CPQ UNIX ENTERPRISE CA
> Serial 0f 1b 79 5d 00 00 00 00 00 10
> Extensions
> Extension: X509v3 Subject Key Identifier
> Extension: X509v3 Authority Key Identifier
> Extension: X509v3 CRL Distribution Points
> Extension: Authority Information Access
> Extension: X509v3 Basic Constraints
> Critical
> Extension: X509v3 Key Usage
> Extension: X509v3 Extended Key Usage
> Extension: 1.3.6.1.4.1.311.20.2
> Extension: X509v3 Subject Alternative Name
> ClientKeyExchange
> EncryptedPreMasterSecret[64]=
> 18 77 68 ca 8a f6 71 71 84 2c b4 74 e6 ad c6 17
> 92 f5 1a 77 be d7 b2 98 14 12 ad 12 b6 4a cd 17 >
> 81 92 77 07 49 fd 8b 4b 1a 7d 39 5d de 19 11 f4
> 08 54 62 51 91 49 d3 cd 12 0e 58 10 35 0c 68 a7
> CertificateVerify
> Signature[128]=
> 0b 0b e1 0a 14 f9 16 04 88 fc 3e 3f b6 7e cb 20
> 8a 41 f2 46 f5 d0 3b c8 8d fe 50 8b ba 88 73 13
> 56 17 44 16 43 87 4f 6b 7a 7c 84 0d ed 51 f2 a2
> d0 2b 02 23 aa e5 9f 68 5c f5 b9 ae 63 98 26 4e
> 85 a0 b4 5a 0b bb 5f dd 42 46 45 57 50 32 8d 87
> bc 5c 4a bc 7c 78 67 3c fc f2 85 ac cf 39 b6 76
> 53 ff 51 5b 8d 71 a0 42 cd 73 8f 7b c9 23 d0 2c
> e0 3b bd f2 64 b6 8a e9 62 83 4e f0 f3 85 e9 a8
> 1 4 0.0430 (0.0000) C>SV3.1(1) ChangeCipherSpec
> 1 5 0.0430 (0.0000) C>SV3.1(32) Handshake
> Finished
> verify_data[12]=
> 65 3c 74 ed 4e da c3 7d 18 73 82 ac
>
> 1 6 0.0510 (0.0079) S>CV3.1(1) ChangeCipherSpec
> 1 7 0.0510 (0.0000) S>CV3.1(32) Handshake
> Finished
> verify_data[12]=
> 5f 7e c8 3b c3 23 5e ea 47 b3 2a 18
>
> 1 8 0.0523 (0.0012) C>SV3.1(81) application_data
> ---------------------------------------------------------------
> 30 3f 02 01 01 60 3a 02 01 03 04 2b 63 6e 3d 61 0?...`:....+cn=a
> 64 6d 69 6e 69 73 74 72 61 74 6f 72 2c 63 6e 3d dministrator,cn=
> 75 73 65 72 73 2c 64 63 3d 63 70 71 75 6e 69 78 users,dc=cpqunix
> 2c 64 63 3d 6e 65 74 80 08 6a 61 63 6b 66 6c 61 ,dc=net..jackfla
> 70 p
> ---------------------------------------------------------------
> 1 9 0.0557 (0.0033) S>CV3.1(38) application_data
> ---------------------------------------------------------------
> 30 84 00 00 00 10 02 01 01 61 84 00 00 00 07 0a 0........a......
> 01 00 04 00 04 00 ......
> ---------------------------------------------------------------
> 1 10 0.0583 (0.0026) C>SV3.1(228) application_data
> ---------------------------------------------------------------
> 30 81 d1 02 01 02 63 81 cb 04 1a 63 6e 3d 75 73 0.....c....cn=us
> 65 72 73 2c 64 63 3d 63 70 71 75 6e 69 78 2c 64 ers,dc=cpqunix,d
> 63 3d 6e 65 74 0a 01 02 0a 01 00 02 01 01 02 01 c=net...........
> 00 01 01 00 a0 27 a3 13 04 0b 6f 62 6a 65 63 74 .....'....object
> 63 6c 61 73 73 04 04 55 73 65 72 a3 10 04 09 6d class..User....m
> 73 53 46 55 4e 61 6d 65 04 03 64 61 76 30 75 04 sSFUName..dav0u.
> 09 6d 73 53 46 55 4e 61 6d 65 04 0d 6d 73 53 46 .msSFUName..msSF
> 55 50 61 73 73 77 6f 72 64 04 09 75 69 64 4e 75 UPassword..uidNu
> 6d 62 65 72 04 09 67 69 64 4e 75 6d 62 65 72 04 mber..gidNumber.
> 02 63 6e 04 12 6d 73 53 46 55 48 6f 6d 65 44 69 .cn..msSFUHomeDi
> 72 65 63 74 6f 72 79 04 0a 6c 6f 67 69 6e 53 68 rectory..loginSh
> 65 6c 6c 04 05 67 65 63 6f 73 04 0b 64 65 73 63 ell..gecos..desc
> 72 69 70 74 69 6f 6e 04 0b 6f 62 6a 65 63 74 43 ription..objectC
> 6c 61 73 73 lass
> ---------------------------------------------------------------
> 1 11 0.0620 (0.0037) S>CV3.1(415) application_data
> ---------------------------------------------------------------
> 30 84 00 00 01 73 02 01 02 64 84 00 00 01 6a 04 0....s...d....j.
> 2d 43 4e 3d 53 74 75 61 72 74 20 44 61 76 69 64 -CN=Stuart David
> 73 6f 6e 2c 43 4e 3d 55 73 65 72 73 2c 44 43 3d son,CN=Users,DC=
> 63 70 71 75 6e 69 78 2c 44 43 3d 6e 65 74 30 84 cpqunix,DC=net0.
> 00 00 01 35 30 84 00 00 00 1b 04 02 63 6e 31 84 ...50.......cn1.
> 00 00 00 11 04 0f 53 74 75 61 72 74 20 44 61 76 ......Stuart Dav
> 69 64 73 6f 6e 30 84 00 00 00 3c 04 0b 6f 62 6a idson0....<..obj
> 65 63 74 43 6c 61 73 73 31 84 00 00 00 29 04 03 ectClass1....)..
> 74 6f 70 04 06 70 65 72 73 6f 6e 04 14 6f 72 67 top..person..org>
> 61 6e 69 7a 61 74 69 6f 6e 61 6c 50 65 72 73 6f anizationalPerso
> 6e 04 04 75 73 65 72 30 84 00 00 00 16 04 09 67 n..user0.......g
> 69 64 4e 75 6d 62 65 72 31 84 00 00 00 05 04 03 idNumber1.......
> 34 30 31 30 84 00 00 00 1b 04 0a 6c 6f 67 69 6e 4010.......login
> 53 68 65 6c 6c 31 84 00 00 00 09 04 07 2f 62 69 Shell1......./bi
> 6e 2f 73 68 30 84 00 00 00 2c 04 12 6d 73 53 46 n/sh0....,..msSF
> 55 48 6f 6d 65 44 69 72 65 63 74 6f 72 79 31 84 UHomeDirectory1.
> 00 00 00 12 04 10 2f 65 78 70 6f 72 74 2f 68 6f ....../export/ho
> 6d 65 2f 64 61 76 30 84 00 00 00 16 04 09 6d 73 me/dav0.......ms
> 53 46 55 4e 61 6d 65 31 84 00 00 00 05 04 03 64 SFUName1.......d
> 61 76 30 84 00 00 00 24 04 0d 6d 73 53 46 55 50 av0....$..msSFUP
> 61 73 73 77 6f 72 64 31 84 00 00 00 0f 04 0d 68 assword1.......h
> 37 64 6b 30 6b 7a 79 65 69 41 44 45 30 84 00 00 7dk0kzyeiADE0...
> 00 17 04 09 75 69 64 4e 75 6d 62 65 72 31 84 00 ....uidNumber1..
> 00 00 06 04 04 34 30 30 31 30 84 00 00 00 10 02 .....40010......
> 01 02 65 84 00 00 00 07 0a 01 00 04 00 04 00 ..e............
> ---------------------------------------------------------------
> 1 12 0.0851 (0.0230) C>SV3.1(228) application_data
> ---------------------------------------------------------------
> 30 81 d1 02 01 03 63 81 cb 04 1a 63 6e 3d 75 73 0.....c....cn=us
> 65 72 73 2c 64 63 3d 63 70 71 75 6e 69 78 2c 64 ers,dc=cpqunix,d
> 63 3d 6e 65 74 0a 01 02 0a 01 00 02 01 01 02 01 c=net...........
> 00 01 01 00 a0 27 a3 13 04 0b 6f 62 6a 65 63 74 .....'....object
> 63 6c 61 73 73 04 04 55 73 65 72 a3 10 04 09 6d class..User....m
> 73 53 46 55 4e 61 6d 65 04 03 64 61 76 30 75 04 sSFUName..dav0u.
> 09 6d 73 53 46 55 4e 61 6d 65 04 0d 6d 73 53 46 .msSFUName..msSF
> 55 50 61 73 73 77 6f 72 64 04 09 75 69 64 4e 75 UPassword..uidNu
> 6d 62 65 72 04 09 67 69 64 4e 75 6d 62 65 72 04 mber..gidNumber.
> 02 63 6e 04 12 6d 73 53 46 55 48 6f 6d 65 44 69 .cn..msSFUHomeDi
> 72 65 63 74 6f 72 79 04 0a 6c 6f 67 69 6e 53 68 rectory..loginSh
> 65 6c 6c 04 05 67 65 63 6f 73 04 0b 64 65 73 63 ell..gecos..desc
> 72 69 70 74 69 6f 6e 04 0b 6f 62 6a 65 63 74 43 ription..objectC
> 6c 61 73 73 lass
> ---------------------------------------------------------------
> 1 13 0.0875 (0.0024) S>CV3.1(415) application_data
> ---------------------------------------------------------------
> 30 84 00 00 01 73 02 01 03 64 84 00 00 01 6a 04 0....s...d....j.
> 2d 43 4e 3d 53 74 75 61 72 74 20 44 61 76 69 64 -CN=Stuart David
> 73 6f 6e 2c 43 4e 3d 55 73 65 72 73 2c 44 43 3d son,CN=Users,DC=
> 63 70 71 75 6e 69 78 2c 44 43 3d 6e 65 74 30 84 cpqunix,DC=net0.
> 00 00 01 35 30 84 00 00 00 1b 04 02 63 6e 31 84 ...50.......cn1.
> 00 00 00 11 04 0f 53 74 75 61 72 74 20 44 61 76 ......Stuart Dav
> 69 64 73 6f 6e 30 84 00 00 00 3c 04 0b 6f 62 6a idson0....<..obj
> 65 63 74 43 6c 61 73 73 31 84 00 00 00 29 04 03 ectClass1....)..
> 74 6f 70 04 06 70 65 72 73 6f 6e 04 14 6f 72 67 top..person..org
> 61 6e 69 7a 61 74 69 6f 6e 61 6c 50 65 72 73 6f anizationalPerso
> 6e 04 04 75 73 65 72 30 84 00 00 00 16 04 09 67 n..user0.......g
> 69 64 4e 75 6d 62 65 72 31 84 00 00 00 05 04 03 idNumber1.......
> 34 30 31 30 84 00 00 00 1b 04 0a 6c 6f 67 69 6e 4010.......login
> 53 68 65 6c 6c 31 84 00 00 00 09 04 07 2f 62 69 Shell1......./bi
> 6e 2f 73 68 30 84 00 00 00 2c 04 12 6d 73 53 46 n/sh0....,..msSF
> 55 48 6f 6d 65 44 69 72 65 63 74 6f 72 79 31 84 UHomeDirectory1.
> 00 00 00 12 04 10 2f 65 78 70 6f 72 74 2f 68 6f ....../export/ho
> 6d 65 2f 64 61 76 30 84 00 00 00 16 04 09 6d 73 me/dav0.......ms>
> 53 46 55 4e 61 6d 65 31 84 00 00 00 05 04 03 64 SFUName1.......d
> 61 76 30 84 00 00 00 24 04 0d 6d 73 53 46 55 50 av0....$..msSFUP
> 61 73 73 77 6f 72 64 31 84 00 00 00 0f 04 0d 68 assword1.......h
> 37 64 6b 30 6b 7a 79 65 69 41 44 45 30 84 00 00 7dk0kzyeiADE0...
> 00 17 04 09 75 69 64 4e 75 6d 62 65 72 31 84 00 ....uidNumber1..
> 00 00 06 04 04 34 30 30 31 30 84 00 00 00 10 02 .....40010......
> 01 03 65 84 00 00 00 07 0a 01 00 04 00 04 00 ..e............
> ---------------------------------------------------------------
> 1 14 0.1875 (0.0999) C>SV3.1(153) application_data
> ---------------------------------------------------------------
> 30 81 86 02 01 04 63 81 80 04 1a 63 6e 3d 75 73 0.....c....cn=us
> 65 72 73 2c 64 63 3d 63 70 71 75 6e 69 78 2c 64 ers,dc=cpqunix,d
> 63 3d 6e 65 74 0a 01 02 0a 01 00 02 01 01 02 01 c=net...........
> 00 01 01 00 a0 28 a3 14 04 0b 6f 62 6a 65 63 74 .....(....object
> 63 6c 61 73 73 04 05 47 72 6f 75 70 a3 10 04 09 class..Group....
> 67 69 64 4e 75 6d 62 65 72 04 03 34 30 31 30 29 gidNumber..4010)
> 04 02 63 6e 04 0d 6d 73 53 46 55 50 61 73 73 77 ..cn..msSFUPassw
> 6f 72 64 04 09 6d 65 6d 62 65 72 55 69 64 04 09 ord..memberUid..
> 67 69 64 4e 75 6d 62 65 72 gidNumber
> ---------------------------------------------------------------
> 1 15 0.1925 (0.0050) S>CV3.1(167) application_data
> ---------------------------------------------------------------
> 30 84 00 00 00 7b 02 01 04 64 84 00 00 00 72 04 0....{...d....r.
> 2d 43 4e 3d 74 65 73 74 5f 75 6e 69 78 5f 67 72 -CN=test_unix_gr
> 6f 75 70 2c 43 4e 3d 55 73 65 72 73 2c 44 43 3d oup,CN=Users,DC=
> 63 70 71 75 6e 69 78 2c 44 43 3d 6e 65 74 30 84 cpqunix,DC=net0.
> 00 00 00 3d 30 84 00 00 00 1b 04 02 63 6e 31 84 ...=0.......cn1.
> 00 00 00 11 04 0f 74 65 73 74 5f 75 6e 69 78 5f ......test_unix_
> 67 72 6f 75 70 30 84 00 00 00 16 04 09 67 69 64 group0.......gid
> 4e 75 6d 62 65 72 31 84 00 00 00 05 04 03 34 30 Number1.......40
> 31 30 84 00 00 00 10 02 01 04 65 84 00 00 00 07 10........e.....
> 0a 01 00 04 00 04 00 .......
> ---------------------------------------------------------------
> 1 16 0.2063 (0.0137) C>SV3.1(153) application_data
> ---------------------------------------------------------------
> 30 81 86 02 01 05 63 81 80 04 1a 63 6e 3d 75 73 0.....c....cn=us
> 65 72 73 2c 64 63 3d 63 70 71 75 6e 69 78 2c 64 ers,dc=cpqunix,d
> 63 3d 6e 65 74 0a 01 02 0a 01 00 02 01 00 02 01 c=net...........
> 00 01 01 00 a0 28 a3 14 04 0b 6f 62 6a 65 63 74 .....(....object
> 63 6c 61 73 73 04 05 47 72 6f 75 70 a3 10 04 09 class..Group....
> 6d 65 6d 62 65 72 55 69 64 04 03 64 61 76 30 29 memberUid..dav0)
> 04 02 63 6e 04 0d 6d 73 53 46 55 50 61 73 73 77 ..cn..msSFUPassw
> 6f 72 64 04 09 6d 65 6d 62 65 72 55 69 64 04 09 ord..memberUid..
> 67 69 64 4e 75 6d 62 65 72 gidNumber
> ---------------------------------------------------------------
> 1 17 0.2081 (0.0017) S>CV3.1(38) application_data
> ---------------------------------------------------------------
> 30 84 00 00 00 10 02 01 05 65 84 00 00 00 07 0a 0........e......
> 01 00 04 00 04 00 ......
> ---------------------------------------------------------------
>
[Davidson, Stuart]
+++ truncated for openldap-software list +++
> New TCP connection #4: sun6.reo.cpqcorp.net(33094) <-> cpqtestdc1.cpqunix.net(636)
> 4 1 0.0017 (0.0017) C>SV3.1(103) Handshake
> ClientHello
> Version 3.1 >
> random[32]=
> 00 00 12 fa c0 b7 04 d9 f1 59 ad 26 00 92 b3 0b
> 62 51 38 75 69 a8 71 45 25 45 aa d3 c7 57 62 64
> resume [32]=
> e0 12 00 00 12 b5 54 fd 38 45 f2 e3 98 24 01 50
> 48 97 02 0d f7 ae 09 29 d0 89 d5 93 93 4c 9a ac
> cipher suites
> TLS_DHE_DSS_WITH_RC4_128_SHA
> TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
> TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
> TLS_RSA_WITH_RC4_128_MD5
> Unknown value 0xfeff
> TLS_RSA_WITH_3DES_EDE_CBC_SHA
> Unknown value 0xfefe
> TLS_DHE_RSA_WITH_DES_CBC_SHA
> TLS_DHE_DSS_WITH_DES_CBC_SHA
> TLS_RSA_WITH_DES_CBC_SHA
> TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
> TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
> TLS_RSA_EXPORT_WITH_RC4_40_MD5
> TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
> compression methods
> NULL
> 4 2 0.0025 (0.0007) S>CV3.1(74) Handshake
> ServerHello
> Version 3.1
> random[32]=
> 6b b6 b6 79 54 76 65 27 2e 3e c2 04 d5 f5 5a a1
> ef f6 4c 93 1f d3 ed 6e 21 15 ff 2b f7 fd ec 0d
> session_id[32]=
> e0 12 00 00 12 b5 54 fd 38 45 f2 e3 98 24 01 50
> 48 97 02 0d f7 ae 09 29 d0 89 d5 93 93 4c 9a ac
> cipherSuite TLS_RSA_WITH_RC4_128_MD5
> compressionMethod NULL
> 4 3 0.0025 (0.0000) S>CV3.1(1) ChangeCipherSpec
> 4 4 0.0025 (0.0000) S>CV3.1(32) Handshake
> Finished
> verify_data[12]=
> 4d 20 b6 cb 05 ab 16 36 5e b4 24 b2
>
> 4 5 0.0061 (0.0035) C>SV3.1(1) ChangeCipherSpec
> 4 6 0.0061 (0.0000) C>SV3.1(32) Handshake
> Finished
> verify_data[12]=
> 2a d0 5a 82 36 83 98 45 ee ef 61 e4
>
> 4 7 0.0061 (0.0000) C>SV3.1(81) application_data
> ---------------------------------------------------------------
> 30 3f 02 01 01 60 3a 02 01 03 04 2b 63 6e 3d 61 0?...`:....+cn=a
> 64 6d 69 6e 69 73 74 72 61 74 6f 72 2c 63 6e 3d dministrator,cn=
> 75 73 65 72 73 2c 64 63 3d 63 70 71 75 6e 69 78 users,dc=cpqunix
> 2c 64 63 3d 6e 65 74 80 08 6a 61 63 6b 66 6c 61 ,dc=net..jackfla
> 70 p
> ---------------------------------------------------------------
> 4 8 0.0071 (0.0010) S>CV3.1(20) Handshake
> HelloRequest
> 4 9 0.0079 (0.0008) C>SV3.1(87) Handshake
> ClientHello
> Version 3.1
> random[32]=
> 00 00 12 fa 2a fb ff da f3 8d 18 a5 c9 e5 6f 75
> 31 e7 54 75 bd 70 cb e3 5d e0 9e 14 5e 5d 93 55
> cipher suites
> TLS_DHE_DSS_WITH_RC4_128_SHA
> TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
> TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
> TLS_RSA_WITH_RC4_128_MD5
> Unknown value 0xfeff
> TLS_RSA_WITH_3DES_EDE_CBC_SHA
> Unknown value 0xfefe
> TLS_DHE_RSA_WITH_DES_CBC_SHA
> TLS_DHE_DSS_WITH_DES_CBC_SHA
> TLS_RSA_WITH_DES_CBC_SHA
> TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
> TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
> TLS_RSA_EXPORT_WITH_RC4_40_MD5
> TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
> compression methods
> NULL
> 4 0.0099 (0.0020) S>C TCP FIN
> 3 7.6358 (7.5764) C>S TCP FIN
> 4 4.0214 (4.0115) C>S TCP FIN
> 3 7.6369 (0.0010) S>C TCP FIN
> ^C#
> # exit
>
> script done on Thu 23 May 2002 11:18:33 AM BST
>