[openssl-users] Browsers SSL handshake issues with https://wiki.openssl.org
Bubnov Dmitriy
buba at luna-78.com
Fri Sep 25 19:37:26 UTC 2015
Hello, All.
I have met an issue with different browsers behavior when opening a link https://wiki.openssl.org/. Investigations shows that it is SSL handshake issues.
Is it possible to correct situation for Safari browser?
Below is 'ssldump's and 'openssl version -a' logs.
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>> osx10.6.8 + chrome 45.0.2454.101; SSL session is OK
>>>
New TCP connection #1: 192.168.0.1(59718) <-> 194.97.150.234(443)
1 1 0.0506 (0.0506) C>S V3.1(512) Handshake
ClientHello
Version 3.3
random[32]=
d2 e1 13 ee 12 ed 4a cd 48 ab 9a 84 89 5e 68 65
6c 74 d1 47 16 b6 a8 59 20 78 1e 73 1c 29 08 40
resume [32]=
96 63 75 db a1 7d 41 71 5c 80 22 ae b0 2f 5d 8e
3c fc e8 0a d3 1d 0e 16 ea 17 17 de 30 29 f1 6d
cipher suites
Unknown value 0xcc14
Unknown value 0xcc13
Unknown value 0xcc15
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_EMPTY_RENEGOTIATION_INFO_SCSV
compression methods
NULL
1 2 0.1002 (0.0496) S>C V3.3(81) Handshake
ServerHello
Version 3.3
random[32]=
25 b5 71 fa 69 9c 64 26 91 48 e5 c1 6f 07 6c 4b
12 b7 22 a6 20 e6 fb 6d 80 00 dd a1 99 43 70 dc
session_id[32]=
96 63 75 db a1 7d 41 71 5c 80 22 ae b0 2f 5d 8e
3c fc e8 0a d3 1d 0e 16 ea 17 17 de 30 29 f1 6d
cipherSuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
compressionMethod NULL
1 3 0.1002 (0.0000) S>C V3.3(1) ChangeCipherSpec
1 4 0.1002 (0.0000) S>C V3.3(40) Handshake
1 5 0.1017 (0.0014) C>S V3.3(1) ChangeCipherSpec
1 6 0.1017 (0.0000) C>S V3.3(40) Handshake
1 7 0.1024 (0.0006) C>S V3.3(521) application_data
1 8 0.2268 (0.1244) S>C V3.3(299) application_data
1 9 4.0905 (3.8636) C>S V3.3(426) application_data
1 10 4.1691 (0.0786) S>C V3.3(598) application_data
1 11 4.1737 (0.0046) C>S V3.3(495) application_data
1 12 4.2673 (0.0935) S>C V3.3(298) application_data
1 9.2750 (5.0077) S>C TCP FIN
1 14.2687 (4.9936) C>S TCP FIN
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>> osx10.6.8 safari5.1.10(6534.59.10); SSL session is BROKEN
>>>
New TCP connection #1: 192.168.0.1(59771) <-> 194.97.150.234(443)
1 1 0.0598 (0.0598) C>S V3.1(158) Handshake
ClientHello
Version 3.1
random[32]=
56 05 6d 21 f6 ef c5 31 be 10 7d ef e8 b4 78 cf
a5 47 61 7a 23 42 29 30 a2 6e c3 dc e3 0f 67 4b
cipher suites
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_RC4_128_SHA
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDH_ECDSA_WITH_RC4_128_SHA
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
TLS_ECDH_RSA_WITH_RC4_128_SHA
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_DES_CBC_SHA
TLS_RSA_EXPORT_WITH_RC4_40_MD5
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS_DHE_DSS_WITH_DES_CBC_SHA
TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
compression methods
NULL
1 0.1143 (0.0545) S>C TCP FIN
1 0.1158 (0.0014) C>S TCP FIN
New TCP connection #2: 192.168.0.1(59773) <-> 194.97.150.234(443)
2 1 0.0569 (0.0569) C>S V3.0(81) Handshake
ClientHello
Version 3.0
random[32]=
56 05 6d 21 d2 ca b5 6f 97 90 79 52 f9 c6 af 40
20 77 73 28 de 7d 60 48 c0 58 fc d8 a8 df 9d d0
cipher suites
SSL_RSA_WITH_AES_128_CBC_SHA
SSL_RSA_WITH_RC4_128_SHA
SSL_RSA_WITH_RC4_128_MD5
SSL_RSA_WITH_AES_256_CBC_SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA
SSL_RSA_WITH_DES_CBC_SHA
SSL_RSA_EXPORT_WITH_RC4_40_MD5
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5
SSL_DHE_DSS_WITH_AES_128_CBC_SHA
SSL_DHE_RSA_WITH_AES_128_CBC_SHA
SSL_DHE_DSS_WITH_AES_256_CBC_SHA
SSL_DHE_RSA_WITH_AES_256_CBC_SHA
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_RSA_WITH_DES_CBC_SHA
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
SSL_DHE_DSS_WITH_DES_CBC_SHA
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
compression methods
NULL
2 0.1077 (0.0507) S>C TCP FIN
2 0.1094 (0.0017) C>S TCP FIN
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
$ openssl version -a
OpenSSL 1.0.1 14 Mar 2012
built on: Sun Mar 25 19:01:41 MSK 2012
platform: darwin64-x86_64-cc
options: bn(64,64) rc4(ptr,char) des(idx,cisc,16,int) idea(int) blowfish(idx)
compiler: /usr/bin/llvm-gcc-4.2 -fPIC -fno-common -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -arch x86_64 -O3 -DL_ENDIAN -Wall
OPENSSLDIR: "/opt/local/etc/openssl"
--
С уважением ⁄ Mit freundlichen Grüßen ⁄ Best regards,
Dmitriy Bubnov
More information about the openssl-users
mailing list