Openssl and tls 1.2
Somshekar C Kadam
somkadam76 at gmail.com
Wed Aug 14 03:29:25 UTC 2019
Hi ,
we are running java 1.6 (older build) and java 1.8(newer build) on the same
arm target board with different builds.
On 1.6 java we have Linux Kernel 2.6.35 and with Java 1.8 Linux kernel 4.x.
version. so 2 environments and 2 use cases newer and older build.
while we access https website link
https://transparencyreport.google.com/https/overview?hl=en
we see it takes less than 2 seconds using java 1.6. (older build)
we see it takes 10 seconds using java 1.8 (newer build)
On Java 1.8 did try disabling GCM ciphers and trying still we get the same
10 seconds delay.
Attaching log of tls handshake for both. Not sure its to do with tls, may
be java is causing the delay.
I am not sure, please provide any pointers or feedback to rootcause it that
will help to understand why we get 10seconds delay.
One more info if just use curl on on newer build setup, it works fine
within 2 seconds to access the https link.
Regards
Somshekar C Kadam
9036660538
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190814/9f3add6e/attachment-0001.html>
-------------- next part --------------
trigger seeding of SecureRandom
done seeding SecureRandom
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1565589724 bytes = { 28, 22, 178, 239, 29, 7, 47, 174, 250, 171, 197, 25, 93, 255, 194, 202, 106, 235, 247, 232, 181, 51, 10, 143, 1, 145, 240, 220 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
***
main, WRITE: TLSv1 Handshake, length = 81
main, WRITE: SSLv2 client hello message, length = 110
main, READ: TLSv1 Handshake, length = 81
*** ServerHello, TLSv1
RandomCookie: GMT: 1565589726 bytes = { 95, 183, 13, 179, 158, 139, 220, 121, 126, 177, 252, 92, 190, 70, 216, 42, 44, 211, 170, 12, 68, 79, 87, 78, 71, 82, 68, 0 }
Session ID: {218, 176, 53, 135, 9, 102, 98, 200, 249, 250, 100, 210, 61, 85, 125, 213, 80, 185, 85, 50, 109, 140, 181, 243, 66, 73, 21, 167, 101, 144, 37, 142}
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
%% Created: [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]
** TLS_RSA_WITH_AES_128_CBC_SHA
main, READ: TLSv1 Handshake, length = 3404
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=*.google.com, O=Google LLC, L=Mountain View, ST=California, C=US
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
modulus: 24518014405162799800514059581807559995512519444155672709007122525608686599568979665780560905894859791170019462635081390454603906293405253903613762262663681232770891710819918152806000474026296132824236721211250098971359223037306490837258618004444391463235080498129497922762630417537181179971236829563281164338680992821081781099108672248557754696819438647721111035897640898641778595308067540309939544912886565922473092234490442592589841706182290746974282686920486312604695195928067536451594810730756448614586986400482653133247203222853000557785259166528637871490302752850099518899633231236493795050081835001646811083199
public exponent: 65537
Validity: [From: Tue Jul 30 00:14:13 GMT+05:30 2019,
To: Mon Oct 21 23:53:00 GMT+05:30 2019]
Issuer: CN=Google Internet Authority G3, O=Google Trust Services, C=US
SerialNumber: [ 1b0b4c01 0d429a9d 993930f3 79310ee0]
Certificate Extensions: 8
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 4D 8A E9 66 E7 F5 44 6E 4F 22 BA DC 57 7B 00 26 M..f..DnO"..W..&
0010: 21 FE 73 91 !.s.
]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 77 C2 B8 50 9A 67 76 76 B1 2D C2 86 D0 83 A0 7E w..P.gvv.-......
0010: A6 7E BA 4B ...K
]
]
[3]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.pki.goog/GTSGIAG3.crl]
]]
[4]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: *.google.com
DNSName: *.android.com
DNSName: *.appengine.google.com
DNSName: *.cloud.google.com
DNSName: *.crowdsource.google.com
DNSName: *.g.co
DNSName: *.gcp.gvt2.com
DNSName: *.gcpcdn.gvt1.com
DNSName: *.ggpht.cn
DNSName: *.google-analytics.com
DNSName: *.google.ca
DNSName: *.google.cl
DNSName: *.google.co.in
DNSName: *.google.co.jp
DNSName: *.google.co.uk
DNSName: *.google.com.ar
DNSName: *.google.com.au
DNSName: *.google.com.br
DNSName: *.google.com.co
DNSName: *.google.com.mx
DNSName: *.google.com.tr
DNSName: *.google.com.vn
DNSName: *.google.de
DNSName: *.google.es
DNSName: *.google.fr
DNSName: *.google.hu
DNSName: *.google.it
DNSName: *.google.nl
DNSName: *.google.pl
DNSName: *.google.pt
DNSName: *.googleadapis.com
DNSName: *.googleapis.cn
DNSName: *.googlecnapps.cn
DNSName: *.googlecommerce.com
DNSName: *.googlevideo.com
DNSName: *.gstatic.cn
DNSName: *.gstatic.com
DNSName: *.gstaticcnapps.cn
DNSName: *.gvt1.com
DNSName: *.gvt2.com
DNSName: *.metric.gstatic.com
DNSName: *.urchin.com
DNSName: *.url.google.com
DNSName: *.youtube-nocookie.com
DNSName: *.youtube.com
DNSName: *.youtubeeducation.com
DNSName: *.youtubekids.com
DNSName: *.yt.be
DNSName: *.ytimg.com
DNSName: android.clients.google.com
DNSName: android.com
DNSName: developer.android.google.cn
DNSName: developers.android.google.cn
DNSName: g.co
DNSName: ggpht.cn
DNSName: goo.gl
DNSName: google-analytics.com
DNSName: google.com
DNSName: googlecnapps.cn
DNSName: googlecommerce.com
DNSName: source.android.google.cn
DNSName: urchin.com
DNSName: www.goo.gl
DNSName: youtu.be
DNSName: youtube.com
DNSName: youtubeeducation.com
DNSName: youtubekids.com
DNSName: yt.be
]
[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [1.3.6.1.4.1.11129.2.5.3]
[] ]
[CertificatePolicyId: [2.23.140.1.2.2]
[] ]
]
[6]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
]
[7]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
]
[8]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: caIssuers
accessLocation: URIName: http://pki.goog/gsr2/GTSGIAG3.crt,
accessMethod: ocsp
accessLocation: URIName: http://ocsp.pki.goog/GTSGIAG3]
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: C5 6B 58 EA 3E 77 D3 57 B2 14 66 87 51 44 F2 57 .kX.>w.W..f.QD.W
0010: C8 30 4C E1 66 53 80 D9 1D 45 BA 4A E8 A2 7A 0E .0L.fS...E.J..z.
0020: AD 2A EE 81 C1 DD 53 CE 4D 1A 34 E2 C7 76 74 22 .*....S.M.4..vt"
0030: 4A 3B 33 E8 81 64 E2 7C 0D D4 89 77 7D 25 A6 8E J;3..d.....w.%..
0040: 4C BA 62 E8 96 95 13 F3 98 C4 BB D9 84 39 AC 49 L.b..........9.I
0050: 10 A2 21 53 7A 55 D6 FB 0C F5 7F 0D 49 16 62 7E ..!SzU......I.b.
0060: 78 12 55 30 56 6F 6F 26 44 F8 9A 8E A7 95 C2 20 x.U0Voo&D......
0070: 14 0B 6F 97 41 35 AD AD 38 66 4D 22 4C 3F E7 6C ..o.A5..8fM"L?.l
0080: A0 EE 26 1C 30 42 2D FD AF 2B 4B FD 5F 5F 4D B1 ..&.0B-..+K.__M.
0090: B0 02 5F BF 90 2E 4D EF B0 80 B3 32 12 24 4D 40 .._...M....2.$M@
00A0: C7 29 5B 69 F8 96 B1 0E 86 91 9D 39 84 8B E4 46 .)[i.......9...F
00B0: EB E6 5B CC CE 4E 60 86 8E A2 B8 31 11 DF 77 62 ..[..N`....1..wb
00C0: C9 92 67 EE B6 6C CA 7A 6C 76 25 4F 3F C8 43 EB ..g..l.zlv%O?.C.
00D0: 1B 18 AB AD F9 9A 32 71 8E A4 A4 CF 53 1A F0 A2 ......2q....S...
00E0: 5E 8D 4E 27 55 F5 75 2B 9A 5A 41 70 7A 6D 1D 4D ^.N'U.u+.ZApzm.M
00F0: 13 5A A5 4B B0 0E 12 73 80 6E 9E AC CA 47 5C 92 .Z.K...s.n...G\.
]
chain [1] = [
[
Version: V3
Subject: CN=Google Internet Authority G3, O=Google Trust Services, C=US
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
modulus: 25540719540096549801967532215622388028057340978592080609141732382164154646816296526083121741669679112385237833865384918487699354232562775118368146858293595735927525741548199921580705526790385577846106238921439103492392479618335857028746954930496648766472236039621875919970487709839673576509420299423776077274146396625683921324935984297937024355312712214769839608906726548857225274820644855735385444361318783494335259738982362137265282486277074790515499222682891121616563234042637263891559249011361734853144492241992433528066411156317991355405830410464673595997849166914573354017491657353926030969623191808378512203827
public exponent: 65537
Validity: [From: Thu Jun 15 05:30:42 GMT+05:30 2017,
To: Wed Dec 15 05:30:42 GMT+05:30 2021]
Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
SerialNumber: [ 01e3a930 1cfc7206 383f9a53 1d]
Certificate Extensions: 8
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 77 C2 B8 50 9A 67 76 76 B1 2D C2 86 D0 83 A0 7E w..P.gvv.-......
0010: A6 7E BA 4B ...K
]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 9B E2 07 57 67 1C 1E C0 6A 06 DE 59 B4 9A 2D DF ...Wg...j..Y..-.
0010: DC 19 86 2E ....
]
]
[3]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.pki.goog/gsr2/gsr2.crl]
]]
[4]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.23.140.1.2.2]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1C 68 74 74 70 73 3A 2F 2F 70 6B 69 2E 67 6F ..https://pki.go
0010: 6F 67 2F 72 65 70 6F 73 69 74 6F 72 79 2F og/repository/
]] ]
]
[5]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
]
[6]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
]
[7]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: ocsp
accessLocation: URIName: http://ocsp.pki.goog/gsr2]
]
[8]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:0
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 1C B7 89 96 E4 53 ED BB EC DB A8 32 01 9F 2C A3 .....S.....2..,.
0010: CD 6D AD 42 12 77 B3 B8 E6 C9 03 52 60 20 7B 57 .m.B.w.....R` .W
0020: 27 C6 11 B5 3F 67 0D 99 2C 5B 5A CA 22 0A DD 9E '...?g..,[Z."...
0030: BB 1F 4B 48 3F 8F 02 3D 8B 21 84 45 1D 6D F5 FF ..KH?..=.!.E.m..
0040: AC 68 89 CD 64 E2 D6 D6 5E 40 C2 8E 2A F7 EF 14 .h..d...^@..*...
0050: D3 36 A4 40 30 F5 32 15 15 92 76 FB 7E 9E 53 EA .6. at 0.2...v...S.
0060: C2 76 FC 39 AD 88 FE 66 92 26 E9 1C C4 38 CD 49 .v.9...f.&...8.I
0070: FA 43 87 F0 5D D6 56 4D 81 D7 7F F1 C2 DD B0 4D .C..].VM.......M
0080: FE C3 2A 6E 7C 9F 6E 5C ED 62 42 99 E1 F7 36 EE ..*n..n\.bB...6.
0090: 14 8C 2C 20 E3 46 97 5A 77 03 C0 A0 C6 4A 88 FD .., .F.Zw....J..
00A0: 40 22 87 72 5A 18 EA 9C A5 C7 5A 08 8C E4 05 A4 @".rZ.....Z.....
00B0: 7D B9 84 35 5F 89 36 56 0E 40 3D 12 E8 BB 35 72 ...5_.6V.@=...5r
00C0: ED AF 08 56 4E B0 BB 2E A9 9B E4 FB 1D 3E 0B 63 ...VN........>.c
00D0: C8 9B 4B 91 44 66 57 C0 14 B4 96 F0 DC 2C 57 3F ..K.DfW......,W?
00E0: 52 04 AD 95 AA 7D 4D D0 F2 0C 9F 9C 40 E8 D6 55 R.....M..... at ..U
00F0: 73 BA 3C DF 90 CB 00 5B 21 11 67 C2 ED 32 1E DE s.<....[!.g..2..
]
***
main, READ: TLSv1 Handshake, length = 4
*** ServerHelloDone
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
main, WRITE: TLSv1 Handshake, length = 262
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 5A 46 75 DA BD 1D DA 18 4B 6E 1B 5C CC 54 ..ZFu.....Kn.\.T
0010: 63 08 65 EE 1B ED A7 AC 81 85 14 E3 22 FD 66 10 c.e.........".f.
0020: 65 3D 61 C2 AA FD B8 12 21 D9 D0 5C 28 D3 33 F0 e=a.....!..\(.3.
CONNECTION KEYGEN:
Client Nonce:
0000: 5D 51 01 DC 1C 16 B2 EF 1D 07 2F AE FA AB C5 19 ]Q......../.....
0010: 5D FF C2 CA 6A EB F7 E8 B5 33 0A 8F 01 91 F0 DC ]...j....3......
Server Nonce:
0000: 5D 51 01 DE 5F B7 0D B3 9E 8B DC 79 7E B1 FC 5C ]Q.._......y...\
0010: BE 46 D8 2A 2C D3 AA 0C 44 4F 57 4E 47 52 44 00 .F.*,...DOWNGRD.
Master Secret:
0000: 3B 6B C9 EC 18 09 83 C0 27 5F E5 E0 95 8C 4C F3 ;k......'_....L.
0010: EF E7 FC 9E C4 BA DD 2C E1 24 32 3B 70 1D A4 77 .......,.$2;p..w
0020: CE F1 33 FB D4 0D 3D F1 D4 E7 27 91 9E 84 4F 93 ..3...=...'...O.
Client MAC write Secret:
0000: 63 C0 F6 BD 6E 04 E4 81 11 7F 66 E7 58 EC FB 13 c...n.....f.X...
0010: 0B 6C 01 42 .l.B
Server MAC write Secret:
0000: 5D 71 C4 47 78 35 48 C5 BA 0F FB 35 AE 1B D0 F7 ]q.Gx5H....5....
0010: 69 D4 28 17 i.(.
Client write key:
0000: EB AF 42 FE B7 7B 96 1D C5 42 87 2B A7 9C 7C 44 ..B......B.+...D
Server write key:
0000: 2F EE 19 AF 30 BA B3 07 5E FA AA 26 DE BF E7 63 /...0...^..&...c
Client write IV:
0000: FE E7 8E 6D 99 AD 42 46 A2 1D 78 4E F4 AE 1F 81 ...m..BF..xN....
Server write IV:
0000: 2D 0B 1C B0 10 38 AB 21 81 24 7A 9D 4D 64 E5 E1 -....8.!.$z.Md..
main, WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
verify_data: { 7, 117, 76, 136, 80, 45, 35, 181, 237, 107, 142, 147 }
***
main, WRITE: TLSv1 Handshake, length = 48
main, READ: TLSv1 Change Cipher Spec, length = 1
main, READ: TLSv1 Handshake, length = 48
*** Finished
verify_data: { 165, 216, 82, 187, 250, 22, 139, 115, 28, 13, 50, 89 }
***
%% Cached client session: [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]
main, WRITE: TLSv1 Application Data, length = 224
main, READ: TLSv1 Application Data, length = 1408
Succesfull connected.
Data:
main, READ: TLSv1 Application Data, length = 1408
main, READ: TLSv1 Application Data, length = 512
<!DOCTYPE html><html><head><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta charset="utf-8"><meta name="google-site-verification" content="ur_4noneF2gwXvKEuAE5xnKunbVtB_pHoC9TZ227s9c"/><title>Google Transparency Report</title><link href="https://fonts.googleapis.com/css?family=Roboto:700,500,400,300|Product+Sans:400" rel="stylesheet" type="text/css"><link href="https://fonts.googleapis.com/icon?family=Material+Icons" rel="stylesheet"><!-- Add the extended Material icon library --><link href="https://fonts.googleapis.com/icon?family=Material+Icons+Extended" rel="stylesheet"><link rel="shortcut icon" href="https://www.google.com/favicon.ico?v1"><script async="" defer="" src="//www.google.com/insights/consumersurveys/async_survey?site=n5lt72widmih6r4qse43dbf444" nonce="qwqfHBsoSjWFjLmwP6G5ig"></script></head><body><app></app><script nonce="qwqfHBsoSjWFjLmwP6G5ig">window.google = window.google || {}; window.TR_clientConfig = "\x5bnull,\x22https:\/\/www.gstatic.com\/transparencyreport\/261876099\/assets\/\x22,\x22https:\/\/transparencyreport.google.com\/transparencyreport\/\x22,\x22https:\/\/storage.googleapis.com\/transparencyreport\/\x22,\x5b\x22de\x22,\x22hi\x22,\x22no\x22,\x22ru\x22,\x22fi\x22,\x22bg\x22,\x22fil\x22,\x22lt\x22,\x22hr\x22,\x22lv\x22,\x22pt_BR\x22,\x22fr\x22,\x22hu\x22,\x22es_419\x22,\x22zh_TW\x22,\x22uk\x22,\x22sk\x22,\x22sl\x22,\x22id\x22,\x22ca\x22,\x22sr\x22,\x22sv\x22,\x22ko\x22,\x22el\x22,\x22en\x22,\x22it\x22,\x22es\x22,\x22iw\x22,\x22cs\x22,\x22ar\x22,\x22en_GB\x22,\x22vi\x22,\x22th\x22,\x22ja\x22,\x22zh_CN\x22,\x22fa\x22,\x22pl\x22,\x22da\x22,\x22ro\x22,\x22nl\x22,\x22tr\x22,\x22pt_PT\x22\x5d\n,\x22https:\/\/support.google.com\/transparencyreport\/\x22,null,0\x5d\n";</script><script id="base-js" src="//www.gstatic.com/_/transparencyreport/_/js/k=transparencyreport.tr.en.PIrebN0JAt0.O/am=9____x8F/d=1/rs=ABbJ37WwGgZE1sejClUG36vHhWflqy3SyA/m=m" async nonce="qwqfHBsoSjWFjLmwP6G5ig"></script><script nonce="qwqfHBsoSjWFjLmwP6G5ig">
window.ga=window.ga||function(){(ga.q=ga.q||[]).push(arguments)};ga.l=+new Date;
ga('create', 'UA-81678134-1', 'auto');
main, READ: TLSv1 Application Data, length = 32
</script><script async src="https://www.google-analytics.com/analytics.js" nonce="qwqfHBsoSjWFjLmwP6G5ig"></script></body></html>
-------------- next part --------------
Level: 4
trigger seeding of SecureRandom
done seeding SecureRandom
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
main, setSoTimeout(0) called
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1
%% No cached client session
*** ClientHello, TLSv1.2
RandomCookie: GMT: 1565523786 bytes = { 179, 93, 102, 222, 25, 182, 105, 17, 224, 14, 150, 154, 195, 24, 3, 14, 135, 190, 45, 60, 238, 209, 7}
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDS]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, se}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256wA
Extension renegotiation_info, renegotiated_connection: <empty>
***
main, WRITE: TLSv1.2 Handshake, length = 186
main, READ: TLSv1.2 Handshake, length = 87
*** ServerHello, TLSv1.2
RandomCookie: GMT: 1565523608 bytes = { 177, 25, 113, 195, 253, 50, 165, 172, 165, 35, 182, 83, 48, 169, 8, 77, 185, 126, 47, 27, 68, 79, 87,}
Session ID: {49, 49, 2, 186, 216, 122, 147, 53, 84, 145, 221, 31, 92, 226, 216, 81, 148, 17, 250, 198, 213, 142, 188, 231, 215, 106, 37, 187,}
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
Extension ec_point_formats, formats: [uncompressed]
***
%% Initialized: [Session-1, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
** TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
main, READ: TLSv1.2 Handshake, length = 3404
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=*.google.com, O=Google LLC, L=Mountain View, ST=California, C=US
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
modulus: 245180144051627998005140595818075599955125194441556727090071225256086865995689796657805609058948597911700194626350813904546039062939
public exponent: 65537
Validity: [From: Mon Jul 29 18:44:13 UTC 2019,
To: Mon Oct 21 18:23:00 UTC 2019]
Issuer: CN=Google Internet Authority G3, O=Google Trust Services, C=US
SerialNumber: [ 1b0b4c01 0d429a9d 993930f3 79310ee0]
Certificate Extensions: 8
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: caIssuers
accessLocation: URIName: http://pki.goog/gsr2/GTSGIAG3.crt
,
accessMethod: ocsp
accessLocation: URIName: http://ocsp.pki.goog/GTSGIAG3
]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 77 C2 B8 50 9A 67 76 76 B1 2D C2 86 D0 83 A0 7E w..P.gvv.-......
0010: A6 7E BA 4B ...K
]
]
[3]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
]
[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.pki.goog/GTSGIAG3.crl]
]]
[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [1.3.6.1.4.1.11129.2.5.3]
[] ]
[CertificatePolicyId: [2.23.140.1.2.2]
[] ]
]
[6]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
]
[7]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: *.google.com
DNSName: *.android.com
DNSName: *.appengine.google.com
DNSName: *.cloud.google.com
DNSName: *.crowdsource.google.com
DNSName: *.g.co
DNSName: *.gcp.gvt2.com
DNSName: *.gcpcdn.gvt1.com
DNSName: *.ggpht.cn
DNSName: *.google-analytics.com
DNSName: *.google.ca
DNSName: *.google.cl
DNSName: *.google.co.in
DNSName: *.google.co.jp
DNSName: *.google.co.uk
DNSName: *.google.com.ar
DNSName: *.google.com.au
DNSName: *.google.com.br
DNSName: *.google.com.co
DNSName: *.google.com.mx
DNSName: *.google.com.tr
DNSName: *.google.com.vn
DNSName: *.google.de
DNSName: *.google.es
DNSName: *.google.fr
DNSName: *.google.hu
DNSName: *.google.it
DNSName: *.google.nl
DNSName: *.google.pl
DNSName: *.google.pt
DNSName: *.googleadapis.com
DNSName: *.googleapis.cn
DNSName: *.googlecnapps.cn
DNSName: *.googlecommerce.com
DNSName: *.googlevideo.com
DNSName: *.gstatic.cn
DNSName: *.gstatic.com
DNSName: *.gstaticcnapps.cn
DNSName: *.gvt1.com
DNSName: *.gvt2.com
DNSName: *.metric.gstatic.com
DNSName: *.urchin.com
DNSName: *.url.google.com
DNSName: *.youtube-nocookie.com
DNSName: *.youtube.com
DNSName: *.youtubeeducation.com
DNSName: *.youtubekids.com
DNSName: *.yt.be
DNSName: *.ytimg.com
DNSName: android.clients.google.com
DNSName: android.com
DNSName: developer.android.google.cn
DNSName: developers.android.google.cn
DNSName: g.co
DNSName: ggpht.cn
DNSName: goo.gl
DNSName: google-analytics.com
DNSName: google.com
DNSName: googlecnapps.cn
DNSName: googlecommerce.com
DNSName: source.android.google.cn
DNSName: urchin.com
DNSName: www.goo.gl
DNSName: youtu.be
DNSName: youtube.com
DNSName: youtubeeducation.com
DNSName: youtubekids.com
DNSName: yt.be
]
[8]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 4D 8A E9 66 E7 F5 44 6E 4F 22 BA DC 57 7B 00 26 M..f..DnO"..W..&
0010: 21 FE 73 91 !.s.
]
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: C5 6B 58 EA 3E 77 D3 57 B2 14 66 87 51 44 F2 57 .kX.>w.W..f.QD.W
0010: C8 30 4C E1 66 53 80 D9 1D 45 BA 4A E8 A2 7A 0E .0L.fS...E.J..z.
0020: AD 2A EE 81 C1 DD 53 CE 4D 1A 34 E2 C7 76 74 22 .*....S.M.4..vt"
0030: 4A 3B 33 E8 81 64 E2 7C 0D D4 89 77 7D 25 A6 8E J;3..d.....w.%..
0040: 4C BA 62 E8 96 95 13 F3 98 C4 BB D9 84 39 AC 49 L.b..........9.I
0050: 10 A2 21 53 7A 55 D6 FB 0C F5 7F 0D 49 16 62 7E ..!SzU......I.b.
0060: 78 12 55 30 56 6F 6F 26 44 F8 9A 8E A7 95 C2 20 x.U0Voo&D......
0070: 14 0B 6F 97 41 35 AD AD 38 66 4D 22 4C 3F E7 6C ..o.A5..8fM"L?.l
0080: A0 EE 26 1C 30 42 2D FD AF 2B 4B FD 5F 5F 4D B1 ..&.0B-..+K.__M.
0090: B0 02 5F BF 90 2E 4D EF B0 80 B3 32 12 24 4D 40 .._...M....2.$M@
00A0: C7 29 5B 69 F8 96 B1 0E 86 91 9D 39 84 8B E4 46 .)[i.......9...F
00B0: EB E6 5B CC CE 4E 60 86 8E A2 B8 31 11 DF 77 62 ..[..N`....1..wb
00C0: C9 92 67 EE B6 6C CA 7A 6C 76 25 4F 3F C8 43 EB ..g..l.zlv%O?.C.
00D0: 1B 18 AB AD F9 9A 32 71 8E A4 A4 CF 53 1A F0 A2 ......2q....S...
00E0: 5E 8D 4E 27 55 F5 75 2B 9A 5A 41 70 7A 6D 1D 4D ^.N'U.u+.ZApzm.M
00F0: 13 5A A5 4B B0 0E 12 73 80 6E 9E AC CA 47 5C 92 .Z.K...s.n...G\.
]
chain [1] = [
[
Version: V3
Subject: CN=Google Internet Authority G3, O=Google Trust Services, C=US
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
modulus: 255407195400965498019675322156223880280573409785920806091417323821641546468162965260831217416696791123852378338653849184876993542327
public exponent: 65537
Validity: [From: Thu Jun 15 00:00:42 UTC 2017,
To: Wed Dec 15 00:00:42 UTC 2021]
Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
SerialNumber: [ 01e3a930 1cfc7206 383f9a53 1d]
Certificate Extensions: 8
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: ocsp
accessLocation: URIName: http://ocsp.pki.goog/gsr2
]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 9B E2 07 57 67 1C 1E C0 6A 06 DE 59 B4 9A 2D DF ...Wg...j..Y..-.
0010: DC 19 86 2E ....
]
]
[3]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:0
]
[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.pki.goog/gsr2/gsr2.crl]
]]
[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.23.140.1.2.2]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1C 68 74 74 70 73 3A 2F 2F 70 6B 69 2E 67 6F ..https://pki.go
0010: 6F 67 2F 72 65 70 6F 73 69 74 6F 72 79 2F og/repository/
]] ]
]
[6]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
]
[7]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
]
[8]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 77 C2 B8 50 9A 67 76 76 B1 2D C2 86 D0 83 A0 7E w..P.gvv.-......
0010: A6 7E BA 4B ...K
]
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 1C B7 89 96 E4 53 ED BB EC DB A8 32 01 9F 2C A3 .....S.....2..,.
0010: CD 6D AD 42 12 77 B3 B8 E6 C9 03 52 60 20 7B 57 .m.B.w.....R` .W
0020: 27 C6 11 B5 3F 67 0D 99 2C 5B 5A CA 22 0A DD 9E '...?g..,[Z."...
0030: BB 1F 4B 48 3F 8F 02 3D 8B 21 84 45 1D 6D F5 FF ..KH?..=.!.E.m..
0040: AC 68 89 CD 64 E2 D6 D6 5E 40 C2 8E 2A F7 EF 14 .h..d...^@..*...
0050: D3 36 A4 40 30 F5 32 15 15 92 76 FB 7E 9E 53 EA .6. at 0.2...v...S.
0060: C2 76 FC 39 AD 88 FE 66 92 26 E9 1C C4 38 CD 49 .v.9...f.&...8.I
0070: FA 43 87 F0 5D D6 56 4D 81 D7 7F F1 C2 DD B0 4D .C..].VM.......M
0080: FE C3 2A 6E 7C 9F 6E 5C ED 62 42 99 E1 F7 36 EE ..*n..n\.bB...6.
0090: 14 8C 2C 20 E3 46 97 5A 77 03 C0 A0 C6 4A 88 FD .., .F.Zw....J..
00A0: 40 22 87 72 5A 18 EA 9C A5 C7 5A 08 8C E4 05 A4 @".rZ.....Z.....
00B0: 7D B9 84 35 5F 89 36 56 0E 40 3D 12 E8 BB 35 72 ...5_.6V.@=...5r
00C0: ED AF 08 56 4E B0 BB 2E A9 9B E4 FB 1D 3E 0B 63 ...VN........>.c
00D0: C8 9B 4B 91 44 66 57 C0 14 B4 96 F0 DC 2C 57 3F ..K.DfW......,W?
00E0: 52 04 AD 95 AA 7D 4D D0 F2 0C 9F 9C 40 E8 D6 55 R.....M..... at ..U
00F0: 73 BA 3C DF 90 CB 00 5B 21 11 67 C2 ED 32 1E DE s.<....[!.g..2..
]
***
main, READ: TLSv1.2 Handshake, length = 333
*** ECDH ServerKeyExchange
Signature Algorithm SHA256withRSA
Server key: Sun EC public key, 256 bits
public x coord: 62425338880862086862126070760967255929876848803250500731297499630365948408838
public y coord: 71786286434442664207501648716405965621228467874951735223121477290534740427215
parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7)
main, READ: TLSv1.2 Handshake, length = 4
*** ServerHelloDone
*** ECDHClientKeyExchange
ECDH Public value: { 4, 235, 156, 208, 86, 228, 75, 178, 227, 98, 189, 97, 180, 106, 55, 101, 225, 23, 141, 165, 25, 179, 85, 244, 181, 46, 1}
main, WRITE: TLSv1.2 Handshake, length = 70
SESSION KEYGEN:
PreMaster Secret:
0000: 48 A9 C2 F1 71 85 6A 7B A6 BD D9 B4 D8 F6 E9 DB H...q.j.........
0010: 2B 92 7F B3 A8 31 6A 5A D0 FD 54 0E 88 B8 64 92 +....1jZ..T...d.
CONNECTION KEYGEN:
Client Nonce:
0000: 5D 50 FF 4A B3 5D 66 DE 19 B6 69 11 E0 0E 96 9A ]P.J.]f...i.....
0010: C3 18 03 0E 87 BE 2D 3C EE D1 4E AD 0E 3F 4A 05 ......-<..N..?J.
Server Nonce:
0000: 5D 50 FF 98 B1 19 71 C3 FD 32 A5 AC A5 23 B6 53 ]P....q..2...#.S
0010: 30 A9 08 4D B9 7E 2F 1B 44 4F 57 4E 47 52 44 01 0..M../.DOWNGRD.
Master Secret:
0000: 20 BA 54 8A 11 CB 38 72 8A 5D 5D A6 3A 73 B3 91 .T...8r.]].:s..
0010: 2E 14 E6 51 11 7A 50 E8 28 C8 AD 05 02 E6 37 DD ...Q.zP.(.....7.
0020: B5 86 CF AE 7C 53 96 1E 38 22 11 18 2D C5 FE C4 .....S..8"..-...
... no MAC keys used for this cipher
Client write key:
0000: 0A EE 82 69 30 37 4E 81 3A D5 CC 18 07 FA 9C 00 ...i07N.:.......
Server write key:
0000: C6 85 DB EA DC EA D5 F1 43 9A B7 E3 F9 60 A5 6E ........C....`.n
Client write IV:
0000: DF 63 21 C8 .c!.
Server write IV:
0000: 88 B0 73 31 ..s1
main, WRITE: TLSv1.2 Change Cipher Spec, length = 1
*** Finished
verify_data: { 227, 236, 200, 235, 97, 150, 154, 160, 48, 12, 91, 139 }
***
main, WRITE: TLSv1.2 Handshake, length = 40
main, READ: TLSv1.2 Change Cipher Spec, length = 1
main, READ: TLSv1.2 Handshake, length = 40
*** Finished
verify_data: { 255, 109, 167, 115, 110, 56, 148, 28, 238, 104, 225, 186 }
***
%% Cached client session: [Session-1, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
main, WRITE: TLSv1.2 Application Data, length = 222
main, READ: TLSv1.2 Application Data, length = 1413
Succesfull connected.
Data:
main, READ: TLSv1.2 Application Data, length = 1413
main, READ: TLSv1.2 Application Data, length = 483
<!DOCTYPE html><html><head><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta charset="utf-8"><meta name="google-site>
window.ga=window.ga||function(){(ga.q=ga.q||[]).push(arguments)};ga.l=+new Date;
ga('create', 'UA-81678134-1', 'auto');
main, READ: TLSv1.2 Application Data, length = 29
</script><script async src="https://www.google-analytics.com/analytics.js" nonce="rERe7wAYhTIp26TIZCSVqw"></script></body></html>
More information about the openssl-users
mailing list