[Date Prev][Date Next] [Chronological] [Thread] [Top]

FW: LDAP SSL session reuse



> This maybe a general LDAP, SSL problem and since there are experts on this list who maybe able to help, please don't flame.
> 
> We are using an LDAP server, Active Directory, over SSL which appears to default to CertificateRequest in the ServerHello.
> 
> I do not see why the CertificateRequest is included but I've modified nss_ldap and pam_ldap to use ldapssl_clientauth_init and ldapssl_enable_clientauth. The following ssldump trace shows that the client certificate is now sent in response to the ServerHello.
> 
> However, when the client attempts to reuse an SSL session (e.g. packet "4 1") it appears to result in an error following the ChangeCipherSpec dialog (e.g. packet "4 7" application_data is followed by packet "4 8" HelloRequest).
> 
> The application data following the ChangeCipherSpec is always the same (e.g. packets "1 8", "2 8", "3 8", "4 7") and is the result of an ldap_simple_bind, although I've observed the same behaviour with ldap_sasl_bind_s.
> 
> Note, the above behaviour occurs even if client certificates are NOT sent e.g. using standard pam_ldap and nss_ldap.
> 
> I maybe 2 + 2 = 5... but I have the following questions:
> 
> 1. any idea why the dialog fails at packet "4 8"?
> 2. is it OK to call ldap_*_bind when an SSL session is reused?
> 3. just because I'm curious is it possible to prevent SSL session reuse?
> 4. any other ideas why this is failing?
> 
> I'd really like to get this fixed so any help would be appreciated.
> 
> Thanks,
> 	Stuart
> 
> Environment: Solaris 5.8, Windows 2K + SP2, Active Directory, PADL pam_ldap nss_ldap, iPlanet LDAP C SDK 5.08
> 
> Script started on Thu 23 May 2002 11:17:02 AM BST
> # 
> # ssldump -i hme0 -ANd -p Flapjack -k cpqunix_test2.pem
> New TCP connection #1: sun6.reo.cpqcorp.net(33091) <-> cpqtestdc1.cpqunix.net(636)
> 1 1  0.0028 (0.0028)  C>S SSLv2 compatible client hello
>   Version 3.1 
>   cipher suites
>   TLS_DHE_DSS_WITH_RC4_128_SHA  
>   TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA  
>   TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA  
>   TLS_RSA_WITH_RC4_128_MD5  
>   Unknown value 0xfeff  
>   TLS_RSA_WITH_3DES_EDE_CBC_SHA  
>   Unknown value 0xfefe  
>   TLS_DHE_RSA_WITH_DES_CBC_SHA  
>   TLS_DHE_DSS_WITH_DES_CBC_SHA  
>   TLS_RSA_WITH_DES_CBC_SHA  
>   TLS_RSA_EXPORT1024_WITH_RC4_56_SHA  
>   TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA  
>   TLS_RSA_EXPORT_WITH_RC4_40_MD5  
>   TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5  
> 1 2  0.0043 (0.0014)  S>CV3.1(3915)  Handshake
>       ServerHello
>         Version 3.1 
>         random[32]=
>           d8 6c f2 d0 e2 f2 d3 a0 92 b6 02 1e c9 61 ae fe 
>           0c 01 94 21 ea fe dd 49 27 e7 fe fe d0 80 bf 61 
>         session_id[32]=
>           9b 04 00 00 ff 49 71 4b a5 f9 a5 41 e4 ea 87 4f 
>           23 72 1a a8 a7 65 06 62 fd 23 cf 96 8d 39 f8 32 
>         cipherSuite         TLS_RSA_WITH_RC4_128_MD5
>         compressionMethod                   NULL
>       Certificate
>         Subject
>           C=GB
>           ST=Berks
>           L=Reading
>           O=CPQ UNIX ENTERPRISE CA
>           OU=NAP DP
>           CN=cpqtestdc1.cpqunix.net
>         Issuer
>           C=UK
>           ST=Berks
>           L=Reading
>           O=UNIX LAND
>           OU=NAP DP
>           CN=CPQ UNIX ENTERPRISE CA
>         Serial         61 3c 1f a9 00 00 00 00 00 08 
>         Extensions
>           Extension: X509v3 Key Usage
>           Extension: X509v3 Extended Key Usage
>           Extension: X509v3 Subject Key Identifier
>           Extension: X509v3 Authority Key Identifier
>           Extension: X509v3 CRL Distribution Points
>           Extension: Authority Information Access
>           Extension: 1.3.6.1.4.1.311.20.2
>       CertificateRequest
>         certificate_types                   rsa_sign
>         certificate_authority
>           C=US
>           O=VeriSign, Inc.
>           OU=Class 1 Public Primary Certification Authority - G2
>           OU=(c) 1998 VeriSign, Inc. - For authorized use only> 
>           OU=VeriSign Trust Network
>         certificate_authority
>           C=US
>           O=VeriSign, Inc.
>           OU=Class 4 Public Primary Certification Authority - G2
>           OU=(c) 1998 VeriSign, Inc. - For authorized use only
>           OU=VeriSign Trust Network
>         certificate_authority
>           C=ZA
>           ST=Western Cape
>           L=Cape Town
>           O=Thawte Consulting
>           OU=Certification Services Division
>           CN=Thawte Personal Freemail CA
>           Email=personal-freemail@thawte.com
>         certificate_authority
>           C=UK
>           ST=Berks
>           L=Reading
>           O=UNIX LAND
>           OU=NAP DP
>           CN=CPQ UNIX ENTERPRISE CA
>         certificate_authority
>           C=ZA
>           ST=Western Cape
>           L=Cape Town
>           O=Thawte Consulting
>           OU=Certification Services Division
>           CN=Thawte Personal Premium CA
>           Email=personal-premium@thawte.com
>         certificate_authority
>           C=US
>           O=First Data Digital Certificates Inc.
>           CN=First Data Digital Certificates Inc. Certification Authority
>         certificate_authority
>           C=ZA
>           ST=Western Cape
>           L=Cape Town
>           O=Thawte Consulting
>           OU=Certification Services Division
>           CN=Thawte Personal Basic CA
>           Email=personal-basic@thawte.com
>         certificate_authority
>           C=US
>           O=VeriSign, Inc.
>           OU=Class 3 Public Primary Certification Authority
>         certificate_authority
>           C=US
>           O=VeriSign, Inc.
>           OU=Class 2 Public Primary Certification Authority
>         certificate_authority
>           C=US
>           O=VeriSign, Inc.
>           OU=Class 1 Public Primary Certification Authority
>         certificate_authority
>           C=US
>           O=VeriSign, Inc.
>           OU=Class 3 Public Primary Certification Authority - G2
>           OU=(c) 1998 VeriSign, Inc. - For authorized use only
>           OU=VeriSign Trust Network
>         certificate_authority
>           C=US
>           O=GTE Corporation
>           CN=GTE CyberTrust Root
>         certificate_authority
>           C=US
>           O=GTE Corporation
>           OU=GTE CyberTrust Solutions, Inc.
>           CN=GTE CyberTrust Global Root
>         certificate_authority
>           OU=Copyright (c) 1997 Microsoft Corp.
>           OU=Microsoft Corporation
>           CN=Microsoft Root Authority
>         certificate_authority
>           C=US
>           O=VeriSign, Inc.
>           OU=Class 2 Public Primary Certification Authority - G2
>           OU=(c) 1998 VeriSign, Inc. - For authorized use only
>           OU=VeriSign Trust Network
>         certificate_authority
>           C=US
>           O=GTE Corporation
>           OU=GTE CyberTrust Solutions, Inc.
>           CN=GTE CyberTrust Root
>       ServerHelloDone
> 1 3  0.0430 (0.0387)  C>SV3.1(1688)  Handshake
>       Certificate
>         Subject
>           CN=Administrator
>         Issuer
>           C=UK
>           ST=Berks
>           L=Reading
>           O=UNIX LAND
>           OU=NAP DP
>           CN=CPQ UNIX ENTERPRISE CA
>         Serial         0f 1b 79 5d 00 00 00 00 00 10 
>         Extensions
>           Extension: X509v3 Subject Key Identifier
>           Extension: X509v3 Authority Key Identifier
>           Extension: X509v3 CRL Distribution Points
>           Extension: Authority Information Access
>           Extension: X509v3 Basic Constraints
>                     Critical
>           Extension: X509v3 Key Usage
>           Extension: X509v3 Extended Key Usage
>           Extension: 1.3.6.1.4.1.311.20.2
>           Extension: X509v3 Subject Alternative Name
>       ClientKeyExchange
>         EncryptedPreMasterSecret[64]=
>           18 77 68 ca 8a f6 71 71 84 2c b4 74 e6 ad c6 17 
>           92 f5 1a 77 be d7 b2 98 14 12 ad 12 b6 4a cd 17 > 
>           81 92 77 07 49 fd 8b 4b 1a 7d 39 5d de 19 11 f4 
>           08 54 62 51 91 49 d3 cd 12 0e 58 10 35 0c 68 a7 
>       CertificateVerify
>         Signature[128]=
>           0b 0b e1 0a 14 f9 16 04 88 fc 3e 3f b6 7e cb 20 
>           8a 41 f2 46 f5 d0 3b c8 8d fe 50 8b ba 88 73 13 
>           56 17 44 16 43 87 4f 6b 7a 7c 84 0d ed 51 f2 a2 
>           d0 2b 02 23 aa e5 9f 68 5c f5 b9 ae 63 98 26 4e 
>           85 a0 b4 5a 0b bb 5f dd 42 46 45 57 50 32 8d 87 
>           bc 5c 4a bc 7c 78 67 3c fc f2 85 ac cf 39 b6 76 
>           53 ff 51 5b 8d 71 a0 42 cd 73 8f 7b c9 23 d0 2c 
>           e0 3b bd f2 64 b6 8a e9 62 83 4e f0 f3 85 e9 a8 
> 1 4  0.0430 (0.0000)  C>SV3.1(1)  ChangeCipherSpec
> 1 5  0.0430 (0.0000)  C>SV3.1(32)  Handshake
>       Finished
>         verify_data[12]=
>           65 3c 74 ed 4e da c3 7d 18 73 82 ac 
> 
> 1 6  0.0510 (0.0079)  S>CV3.1(1)  ChangeCipherSpec
> 1 7  0.0510 (0.0000)  S>CV3.1(32)  Handshake
>       Finished
>         verify_data[12]=
>           5f 7e c8 3b c3 23 5e ea 47 b3 2a 18 
> 
> 1 8  0.0523 (0.0012)  C>SV3.1(81)  application_data
>     ---------------------------------------------------------------
>     30 3f 02 01 01 60 3a 02 01 03 04 2b 63 6e 3d 61    0?...`:....+cn=a
>     64 6d 69 6e 69 73 74 72 61 74 6f 72 2c 63 6e 3d    dministrator,cn=
>     75 73 65 72 73 2c 64 63 3d 63 70 71 75 6e 69 78    users,dc=cpqunix
>     2c 64 63 3d 6e 65 74 80 08 6a 61 63 6b 66 6c 61    ,dc=net..jackfla
>     70                                                 p
>     ---------------------------------------------------------------
> 1 9  0.0557 (0.0033)  S>CV3.1(38)  application_data
>     ---------------------------------------------------------------
>     30 84 00 00 00 10 02 01 01 61 84 00 00 00 07 0a    0........a......
>     01 00 04 00 04 00                                  ......
>     ---------------------------------------------------------------
> 1 10 0.0583 (0.0026)  C>SV3.1(228)  application_data
>     ---------------------------------------------------------------
>     30 81 d1 02 01 02 63 81 cb 04 1a 63 6e 3d 75 73    0.....c....cn=us
>     65 72 73 2c 64 63 3d 63 70 71 75 6e 69 78 2c 64    ers,dc=cpqunix,d
>     63 3d 6e 65 74 0a 01 02 0a 01 00 02 01 01 02 01    c=net...........
>     00 01 01 00 a0 27 a3 13 04 0b 6f 62 6a 65 63 74    .....'....object
>     63 6c 61 73 73 04 04 55 73 65 72 a3 10 04 09 6d    class..User....m
>     73 53 46 55 4e 61 6d 65 04 03 64 61 76 30 75 04    sSFUName..dav0u.
>     09 6d 73 53 46 55 4e 61 6d 65 04 0d 6d 73 53 46    .msSFUName..msSF
>     55 50 61 73 73 77 6f 72 64 04 09 75 69 64 4e 75    UPassword..uidNu
>     6d 62 65 72 04 09 67 69 64 4e 75 6d 62 65 72 04    mber..gidNumber.
>     02 63 6e 04 12 6d 73 53 46 55 48 6f 6d 65 44 69    .cn..msSFUHomeDi
>     72 65 63 74 6f 72 79 04 0a 6c 6f 67 69 6e 53 68    rectory..loginSh
>     65 6c 6c 04 05 67 65 63 6f 73 04 0b 64 65 73 63    ell..gecos..desc
>     72 69 70 74 69 6f 6e 04 0b 6f 62 6a 65 63 74 43    ription..objectC
>     6c 61 73 73                                        lass
>     ---------------------------------------------------------------
> 1 11 0.0620 (0.0037)  S>CV3.1(415)  application_data
>     ---------------------------------------------------------------
>     30 84 00 00 01 73 02 01 02 64 84 00 00 01 6a 04    0....s...d....j.
>     2d 43 4e 3d 53 74 75 61 72 74 20 44 61 76 69 64    -CN=Stuart David
>     73 6f 6e 2c 43 4e 3d 55 73 65 72 73 2c 44 43 3d    son,CN=Users,DC=
>     63 70 71 75 6e 69 78 2c 44 43 3d 6e 65 74 30 84    cpqunix,DC=net0.
>     00 00 01 35 30 84 00 00 00 1b 04 02 63 6e 31 84    ...50.......cn1.
>     00 00 00 11 04 0f 53 74 75 61 72 74 20 44 61 76    ......Stuart Dav
>     69 64 73 6f 6e 30 84 00 00 00 3c 04 0b 6f 62 6a    idson0....<..obj
>     65 63 74 43 6c 61 73 73 31 84 00 00 00 29 04 03    ectClass1....)..
>     74 6f 70 04 06 70 65 72 73 6f 6e 04 14 6f 72 67    top..person..org> 
>     61 6e 69 7a 61 74 69 6f 6e 61 6c 50 65 72 73 6f    anizationalPerso
>     6e 04 04 75 73 65 72 30 84 00 00 00 16 04 09 67    n..user0.......g
>     69 64 4e 75 6d 62 65 72 31 84 00 00 00 05 04 03    idNumber1.......
>     34 30 31 30 84 00 00 00 1b 04 0a 6c 6f 67 69 6e    4010.......login
>     53 68 65 6c 6c 31 84 00 00 00 09 04 07 2f 62 69    Shell1......./bi
>     6e 2f 73 68 30 84 00 00 00 2c 04 12 6d 73 53 46    n/sh0....,..msSF
>     55 48 6f 6d 65 44 69 72 65 63 74 6f 72 79 31 84    UHomeDirectory1.
>     00 00 00 12 04 10 2f 65 78 70 6f 72 74 2f 68 6f    ....../export/ho
>     6d 65 2f 64 61 76 30 84 00 00 00 16 04 09 6d 73    me/dav0.......ms
>     53 46 55 4e 61 6d 65 31 84 00 00 00 05 04 03 64    SFUName1.......d
>     61 76 30 84 00 00 00 24 04 0d 6d 73 53 46 55 50    av0....$..msSFUP
>     61 73 73 77 6f 72 64 31 84 00 00 00 0f 04 0d 68    assword1.......h
>     37 64 6b 30 6b 7a 79 65 69 41 44 45 30 84 00 00    7dk0kzyeiADE0...
>     00 17 04 09 75 69 64 4e 75 6d 62 65 72 31 84 00    ....uidNumber1..
>     00 00 06 04 04 34 30 30 31 30 84 00 00 00 10 02    .....40010......
>     01 02 65 84 00 00 00 07 0a 01 00 04 00 04 00       ..e............
>     ---------------------------------------------------------------
> 1 12 0.0851 (0.0230)  C>SV3.1(228)  application_data
>     ---------------------------------------------------------------
>     30 81 d1 02 01 03 63 81 cb 04 1a 63 6e 3d 75 73    0.....c....cn=us
>     65 72 73 2c 64 63 3d 63 70 71 75 6e 69 78 2c 64    ers,dc=cpqunix,d
>     63 3d 6e 65 74 0a 01 02 0a 01 00 02 01 01 02 01    c=net...........
>     00 01 01 00 a0 27 a3 13 04 0b 6f 62 6a 65 63 74    .....'....object
>     63 6c 61 73 73 04 04 55 73 65 72 a3 10 04 09 6d    class..User....m
>     73 53 46 55 4e 61 6d 65 04 03 64 61 76 30 75 04    sSFUName..dav0u.
>     09 6d 73 53 46 55 4e 61 6d 65 04 0d 6d 73 53 46    .msSFUName..msSF
>     55 50 61 73 73 77 6f 72 64 04 09 75 69 64 4e 75    UPassword..uidNu
>     6d 62 65 72 04 09 67 69 64 4e 75 6d 62 65 72 04    mber..gidNumber.
>     02 63 6e 04 12 6d 73 53 46 55 48 6f 6d 65 44 69    .cn..msSFUHomeDi
>     72 65 63 74 6f 72 79 04 0a 6c 6f 67 69 6e 53 68    rectory..loginSh
>     65 6c 6c 04 05 67 65 63 6f 73 04 0b 64 65 73 63    ell..gecos..desc
>     72 69 70 74 69 6f 6e 04 0b 6f 62 6a 65 63 74 43    ription..objectC
>     6c 61 73 73                                        lass
>     ---------------------------------------------------------------
> 1 13 0.0875 (0.0024)  S>CV3.1(415)  application_data
>     ---------------------------------------------------------------
>     30 84 00 00 01 73 02 01 03 64 84 00 00 01 6a 04    0....s...d....j.
>     2d 43 4e 3d 53 74 75 61 72 74 20 44 61 76 69 64    -CN=Stuart David
>     73 6f 6e 2c 43 4e 3d 55 73 65 72 73 2c 44 43 3d    son,CN=Users,DC=
>     63 70 71 75 6e 69 78 2c 44 43 3d 6e 65 74 30 84    cpqunix,DC=net0.
>     00 00 01 35 30 84 00 00 00 1b 04 02 63 6e 31 84    ...50.......cn1.
>     00 00 00 11 04 0f 53 74 75 61 72 74 20 44 61 76    ......Stuart Dav
>     69 64 73 6f 6e 30 84 00 00 00 3c 04 0b 6f 62 6a    idson0....<..obj
>     65 63 74 43 6c 61 73 73 31 84 00 00 00 29 04 03    ectClass1....)..
>     74 6f 70 04 06 70 65 72 73 6f 6e 04 14 6f 72 67    top..person..org
>     61 6e 69 7a 61 74 69 6f 6e 61 6c 50 65 72 73 6f    anizationalPerso
>     6e 04 04 75 73 65 72 30 84 00 00 00 16 04 09 67    n..user0.......g
>     69 64 4e 75 6d 62 65 72 31 84 00 00 00 05 04 03    idNumber1.......
>     34 30 31 30 84 00 00 00 1b 04 0a 6c 6f 67 69 6e    4010.......login
>     53 68 65 6c 6c 31 84 00 00 00 09 04 07 2f 62 69    Shell1......./bi
>     6e 2f 73 68 30 84 00 00 00 2c 04 12 6d 73 53 46    n/sh0....,..msSF
>     55 48 6f 6d 65 44 69 72 65 63 74 6f 72 79 31 84    UHomeDirectory1.
>     00 00 00 12 04 10 2f 65 78 70 6f 72 74 2f 68 6f    ....../export/ho
>     6d 65 2f 64 61 76 30 84 00 00 00 16 04 09 6d 73    me/dav0.......ms> 
>     53 46 55 4e 61 6d 65 31 84 00 00 00 05 04 03 64    SFUName1.......d
>     61 76 30 84 00 00 00 24 04 0d 6d 73 53 46 55 50    av0....$..msSFUP
>     61 73 73 77 6f 72 64 31 84 00 00 00 0f 04 0d 68    assword1.......h
>     37 64 6b 30 6b 7a 79 65 69 41 44 45 30 84 00 00    7dk0kzyeiADE0...
>     00 17 04 09 75 69 64 4e 75 6d 62 65 72 31 84 00    ....uidNumber1..
>     00 00 06 04 04 34 30 30 31 30 84 00 00 00 10 02    .....40010......
>     01 03 65 84 00 00 00 07 0a 01 00 04 00 04 00       ..e............
>     ---------------------------------------------------------------
> 1 14 0.1875 (0.0999)  C>SV3.1(153)  application_data
>     ---------------------------------------------------------------
>     30 81 86 02 01 04 63 81 80 04 1a 63 6e 3d 75 73    0.....c....cn=us
>     65 72 73 2c 64 63 3d 63 70 71 75 6e 69 78 2c 64    ers,dc=cpqunix,d
>     63 3d 6e 65 74 0a 01 02 0a 01 00 02 01 01 02 01    c=net...........
>     00 01 01 00 a0 28 a3 14 04 0b 6f 62 6a 65 63 74    .....(....object
>     63 6c 61 73 73 04 05 47 72 6f 75 70 a3 10 04 09    class..Group....
>     67 69 64 4e 75 6d 62 65 72 04 03 34 30 31 30 29    gidNumber..4010)
>     04 02 63 6e 04 0d 6d 73 53 46 55 50 61 73 73 77    ..cn..msSFUPassw
>     6f 72 64 04 09 6d 65 6d 62 65 72 55 69 64 04 09    ord..memberUid..
>     67 69 64 4e 75 6d 62 65 72                         gidNumber
>     ---------------------------------------------------------------
> 1 15 0.1925 (0.0050)  S>CV3.1(167)  application_data
>     ---------------------------------------------------------------
>     30 84 00 00 00 7b 02 01 04 64 84 00 00 00 72 04    0....{...d....r.
>     2d 43 4e 3d 74 65 73 74 5f 75 6e 69 78 5f 67 72    -CN=test_unix_gr
>     6f 75 70 2c 43 4e 3d 55 73 65 72 73 2c 44 43 3d    oup,CN=Users,DC=
>     63 70 71 75 6e 69 78 2c 44 43 3d 6e 65 74 30 84    cpqunix,DC=net0.
>     00 00 00 3d 30 84 00 00 00 1b 04 02 63 6e 31 84    ...=0.......cn1.
>     00 00 00 11 04 0f 74 65 73 74 5f 75 6e 69 78 5f    ......test_unix_
>     67 72 6f 75 70 30 84 00 00 00 16 04 09 67 69 64    group0.......gid
>     4e 75 6d 62 65 72 31 84 00 00 00 05 04 03 34 30    Number1.......40
>     31 30 84 00 00 00 10 02 01 04 65 84 00 00 00 07    10........e.....
>     0a 01 00 04 00 04 00                               .......
>     ---------------------------------------------------------------
> 1 16 0.2063 (0.0137)  C>SV3.1(153)  application_data
>     ---------------------------------------------------------------
>     30 81 86 02 01 05 63 81 80 04 1a 63 6e 3d 75 73    0.....c....cn=us
>     65 72 73 2c 64 63 3d 63 70 71 75 6e 69 78 2c 64    ers,dc=cpqunix,d
>     63 3d 6e 65 74 0a 01 02 0a 01 00 02 01 00 02 01    c=net...........
>     00 01 01 00 a0 28 a3 14 04 0b 6f 62 6a 65 63 74    .....(....object
>     63 6c 61 73 73 04 05 47 72 6f 75 70 a3 10 04 09    class..Group....
>     6d 65 6d 62 65 72 55 69 64 04 03 64 61 76 30 29    memberUid..dav0)
>     04 02 63 6e 04 0d 6d 73 53 46 55 50 61 73 73 77    ..cn..msSFUPassw
>     6f 72 64 04 09 6d 65 6d 62 65 72 55 69 64 04 09    ord..memberUid..
>     67 69 64 4e 75 6d 62 65 72                         gidNumber
>     ---------------------------------------------------------------
> 1 17 0.2081 (0.0017)  S>CV3.1(38)  application_data
>     ---------------------------------------------------------------
>     30 84 00 00 00 10 02 01 05 65 84 00 00 00 07 0a    0........e......
>     01 00 04 00 04 00                                  ......
>     ---------------------------------------------------------------
> 
[Davidson, Stuart]  
+++ truncated for openldap-software list +++

> New TCP connection #4: sun6.reo.cpqcorp.net(33094) <-> cpqtestdc1.cpqunix.net(636)
> 4 1  0.0017 (0.0017)  C>SV3.1(103)  Handshake
>       ClientHello
>         Version 3.1 > 
>         random[32]=
>           00 00 12 fa c0 b7 04 d9 f1 59 ad 26 00 92 b3 0b 
>           62 51 38 75 69 a8 71 45 25 45 aa d3 c7 57 62 64 
>         resume [32]=
>           e0 12 00 00 12 b5 54 fd 38 45 f2 e3 98 24 01 50 
>           48 97 02 0d f7 ae 09 29 d0 89 d5 93 93 4c 9a ac 
>         cipher suites
>         TLS_DHE_DSS_WITH_RC4_128_SHA
>         TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
>         TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
>         TLS_RSA_WITH_RC4_128_MD5
>         Unknown value 0xfeff
>         TLS_RSA_WITH_3DES_EDE_CBC_SHA
>         Unknown value 0xfefe
>         TLS_DHE_RSA_WITH_DES_CBC_SHA
>         TLS_DHE_DSS_WITH_DES_CBC_SHA
>         TLS_RSA_WITH_DES_CBC_SHA
>         TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
>         TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
>         TLS_RSA_EXPORT_WITH_RC4_40_MD5
>         TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
>         compression methods
>                   NULL
> 4 2  0.0025 (0.0007)  S>CV3.1(74)  Handshake
>       ServerHello
>         Version 3.1 
>         random[32]=
>           6b b6 b6 79 54 76 65 27 2e 3e c2 04 d5 f5 5a a1 
>           ef f6 4c 93 1f d3 ed 6e 21 15 ff 2b f7 fd ec 0d 
>         session_id[32]=
>           e0 12 00 00 12 b5 54 fd 38 45 f2 e3 98 24 01 50 
>           48 97 02 0d f7 ae 09 29 d0 89 d5 93 93 4c 9a ac 
>         cipherSuite         TLS_RSA_WITH_RC4_128_MD5
>         compressionMethod                   NULL
> 4 3  0.0025 (0.0000)  S>CV3.1(1)  ChangeCipherSpec
> 4 4  0.0025 (0.0000)  S>CV3.1(32)  Handshake
>       Finished
>         verify_data[12]=
>           4d 20 b6 cb 05 ab 16 36 5e b4 24 b2 
> 
> 4 5  0.0061 (0.0035)  C>SV3.1(1)  ChangeCipherSpec
> 4 6  0.0061 (0.0000)  C>SV3.1(32)  Handshake
>       Finished
>         verify_data[12]=
>           2a d0 5a 82 36 83 98 45 ee ef 61 e4 
> 
> 4 7  0.0061 (0.0000)  C>SV3.1(81)  application_data
>     ---------------------------------------------------------------
>     30 3f 02 01 01 60 3a 02 01 03 04 2b 63 6e 3d 61    0?...`:....+cn=a
>     64 6d 69 6e 69 73 74 72 61 74 6f 72 2c 63 6e 3d    dministrator,cn=
>     75 73 65 72 73 2c 64 63 3d 63 70 71 75 6e 69 78    users,dc=cpqunix
>     2c 64 63 3d 6e 65 74 80 08 6a 61 63 6b 66 6c 61    ,dc=net..jackfla
>     70                                                 p
>     ---------------------------------------------------------------
> 4 8  0.0071 (0.0010)  S>CV3.1(20)  Handshake
>       HelloRequest
> 4 9  0.0079 (0.0008)  C>SV3.1(87)  Handshake
>       ClientHello
>         Version 3.1 
>         random[32]=
>           00 00 12 fa 2a fb ff da f3 8d 18 a5 c9 e5 6f 75 
>           31 e7 54 75 bd 70 cb e3 5d e0 9e 14 5e 5d 93 55 
>         cipher suites
>         TLS_DHE_DSS_WITH_RC4_128_SHA
>         TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
>         TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
>         TLS_RSA_WITH_RC4_128_MD5
>         Unknown value 0xfeff
>         TLS_RSA_WITH_3DES_EDE_CBC_SHA
>         Unknown value 0xfefe
>         TLS_DHE_RSA_WITH_DES_CBC_SHA
>         TLS_DHE_DSS_WITH_DES_CBC_SHA
>         TLS_RSA_WITH_DES_CBC_SHA
>         TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
>         TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
>         TLS_RSA_EXPORT_WITH_RC4_40_MD5
>         TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
>         compression methods
>                   NULL
> 4    0.0099 (0.0020)  S>C  TCP FIN
> 3    7.6358 (7.5764)  C>S  TCP FIN
> 4    4.0214 (4.0115)  C>S  TCP FIN
> 3    7.6369 (0.0010)  S>C  TCP FIN
> ^C# 
> # exit
> 
> script done on Thu 23 May 2002 11:18:33 AM BST
>