[openssl-1.1.1l] TLS1.2 Server responses with Alert

Ma Zhenhua mazhh at outlook.com
Fri Dec 31 00:31:32 UTC 2021


Hi Team,

I have 2 clients trying to access the same TLS server, one is successful, while the other fails. I've done some research but still have no idea. Could someone please give me some suggestions?  Many thanks in advance.

Failed one:
TLSv1.2 Record Layer: Handshake Protocol: Client Hello
    Content Type: Handshake (22)
    Version: TLS 1.2 (0x0303)
    Length: 382
    Handshake Protocol: Client Hello
        Handshake Type: Client Hello (1)
        Length: 378
        Version: TLS 1.2 (0x0303)
        Random: b0efd2874f3054e038316193e70d6cb0214514dd9624edefeac53f29b36284b1
        Session ID Length: 32
        Session ID: 77aea747f7dbf1b377aea747f7dbf1b377aea747f7dbf1b377aea747f7dbf1b3
        Cipher Suites Length: 66
        Cipher Suites (33 suites)
            Cipher Suite: TLS_AES_128_GCM_SHA256 (0x1301)
            Cipher Suite: TLS_AES_256_GCM_SHA384 (0x1302)
            Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)
            Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
            Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
            Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)
            Cipher Suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009f)
            Cipher Suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 (0x00a3)
            Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
            Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
            Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e)
            Cipher Suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 (0x00a2)
            Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024)
            Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
            Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)
            Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006b)
            Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (0x006a)
            Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
            Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
            Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
            Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
            Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)
            Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)
            Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
            Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
            Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067)
            Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (0x0040)
            Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
            Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
            Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
            Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
            Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
            Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
        Compression Methods Length: 1
        Compression Methods (1 method)
            Compression Method: null (0)
        Extensions Length: 239
        Extension: supported_versions (len=9)
            Type: supported_versions (43)
            Length: 9
            Supported Versions length: 8
            Supported Version: TLS 1.3 (0x0304)
            Supported Version: TLS 1.2 (0x0303)
            Supported Version: TLS 1.1 (0x0302)
            Supported Version: TLS 1.0 (0x0301)
        Extension: ec_point_formats (len=2)
            Type: ec_point_formats (11)
            Length: 2
            EC point formats Length: 1
            Elliptic curves point formats (1)
                EC point format: uncompressed (0)
        Extension: supported_groups (len=18)
            Type: supported_groups (10)
            Length: 18
            Supported Groups List Length: 16
            Supported Groups (8 groups)
                Supported Group: secp256r1 (0x0017)
                Supported Group: secp384r1 (0x0018)
                Supported Group: secp521r1 (0x0019)
                Supported Group: ffdhe2048 (0x0100)
                Supported Group: ffdhe3072 (0x0101)
                Supported Group: ffdhe4096 (0x0102)
                Supported Group: ffdhe6144 (0x0103)
                Supported Group: ffdhe8192 (0x0104)
        Extension: server_name (len=38)
            Type: server_name (0)
            Length: 38
            Server Name Indication extension
                Server Name list length: 36
                Server Name Type: host_name (0)
                Server Name length: 33
                Server Name: obfuscated
        Extension: status_request (len=5)
            Type: status_request (5)
            Length: 5
            Certificate Status Type: OCSP (1)
            Responder ID list Length: 0
            Request Extensions Length: 0
        Extension: signature_algorithms (len=40)
            Type: signature_algorithms (13)
            Length: 40
            Signature Hash Algorithms Length: 38
            Signature Hash Algorithms (19 algorithms)
                Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)
                Signature Algorithm: ecdsa_secp384r1_sha384 (0x0503)
                Signature Algorithm: ecdsa_secp521r1_sha512 (0x0603)
                Signature Algorithm: rsa_pss_rsae_sha256 (0x0804)
                Signature Algorithm: rsa_pss_rsae_sha384 (0x0805)
                Signature Algorithm: rsa_pss_rsae_sha512 (0x0806)
                Signature Algorithm: rsa_pss_pss_sha256 (0x0809)
                Signature Algorithm: rsa_pss_pss_sha384 (0x080a)
                Signature Algorithm: rsa_pss_pss_sha512 (0x080b)
                Signature Algorithm: rsa_pkcs1_sha256 (0x0401)
                Signature Algorithm: rsa_pkcs1_sha384 (0x0501)
                Signature Algorithm: rsa_pkcs1_sha512 (0x0601)
                Signature Algorithm: SHA256 DSA (0x0402)
                Signature Algorithm: SHA224 ECDSA (0x0303)
                Signature Algorithm: SHA224 RSA (0x0301)
                Signature Algorithm: SHA224 DSA (0x0302)
                Signature Algorithm: ecdsa_sha1 (0x0203)
                Signature Algorithm: rsa_pkcs1_sha1 (0x0201)
                Signature Algorithm: SHA1 DSA (0x0202)
        Extension: signature_algorithms_cert (len=20)
            Type: signature_algorithms_cert (50)
            Length: 20
            Signature Hash Algorithms Length: 18
            Signature Hash Algorithms (9 algorithms)
                Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)
                Signature Algorithm: ecdsa_secp384r1_sha384 (0x0503)
                Signature Algorithm: ecdsa_secp521r1_sha512 (0x0603)
                Signature Algorithm: rsa_pss_rsae_sha256 (0x0804)
                Signature Algorithm: rsa_pss_rsae_sha384 (0x0805)
                Signature Algorithm: rsa_pss_rsae_sha512 (0x0806)
                Signature Algorithm: rsa_pss_pss_sha256 (0x0809)
                Signature Algorithm: rsa_pss_pss_sha384 (0x080a)
                Signature Algorithm: rsa_pss_pss_sha512 (0x080b)
        Extension: extended_master_secret (len=0)
            Type: extended_master_secret (23)
            Length: 0
        Extension: key_share (len=71)
            Type: key_share (51)
            Length: 71
            Key Share extension
                Client Key Share Length: 69
                Key Share Entry: Group: secp256r1, Key Exchange length: 65
                    Group: secp256r1 (23)
                    Key Exchange Length: 65
                    Key Exchange: 0495dee022bd4c73837e893b9f79c38ff38028d8b3bd75356f7d3f198be3017a573650da…

The server responses with an alert.
TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Handshake Failure)
    Content Type: Alert (21)
    Version: TLS 1.2 (0x0303)
    Length: 2
    Alert Message
        Level: Fatal (2)
        Description: Handshake Failure (40)


The successfully one:
TLSv1.2 Record Layer: Handshake Protocol: Client Hello
    Content Type: Handshake (22)
    Version: TLS 1.0 (0x0301)
    Length: 554
    Handshake Protocol: Client Hello
        Handshake Type: Client Hello (1)
        Length: 550
        Version: TLS 1.2 (0x0303)
        Random: ddea3965c1e8f65720c191798f92ca8b81b7a661a485466cd1587096bb095dd4
        Session ID Length: 32
        Session ID: e418f6c36e699a505175e452251ef3d4d48fada371d4bc9c1be4638a15f512d1
        Cipher Suites Length: 32
        Cipher Suites (16 suites)
            Cipher Suite: Reserved (GREASE) (0x8a8a)
            Cipher Suite: TLS_AES_128_GCM_SHA256 (0x1301)
            Cipher Suite: TLS_AES_256_GCM_SHA384 (0x1302)
            Cipher Suite: TLS_CHACHA20_POLY1305_SHA256 (0x1303)
            Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
            Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
            Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)
            Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
            Cipher Suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9)
            Cipher Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8)
            Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
            Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
            Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
            Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)
            Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
            Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
        Compression Methods Length: 1
        Compression Methods (1 method)
            Compression Method: null (0)
        Extensions Length: 445
        Extension: Reserved (GREASE) (len=0)
            Type: Reserved (GREASE) (27242)
            Length: 0
            Data: <MISSING>
        Extension: server_name (len=38)
            Type: server_name (0)
            Length: 38
            Server Name Indication extension
                Server Name list length: 36
                Server Name Type: host_name (0)
                Server Name length: 33
                Server Name: obfuscated
        Extension: extended_master_secret (len=0)
            Type: extended_master_secret (23)
            Length: 0
        Extension: renegotiation_info (len=1)
            Type: renegotiation_info (65281)
            Length: 1
            Renegotiation Info extension
                Renegotiation info extension length: 0
        Extension: supported_groups (len=10)
            Type: supported_groups (10)
            Length: 10
            Supported Groups List Length: 8
            Supported Groups (4 groups)
                Supported Group: Reserved (GREASE) (0x4a4a)
                Supported Group: x25519 (0x001d)
                Supported Group: secp256r1 (0x0017)
                Supported Group: secp384r1 (0x0018)
        Extension: ec_point_formats (len=2)
            Type: ec_point_formats (11)
            Length: 2
            EC point formats Length: 1
            Elliptic curves point formats (1)
                EC point format: uncompressed (0)
        Extension: session_ticket (len=224)
            Type: session_ticket (35)
            Length: 224
            Data (224 bytes)
        Extension: application_layer_protocol_negotiation (len=14)
            Type: application_layer_protocol_negotiation (16)
            Length: 14
            ALPN Extension Length: 12
            ALPN Protocol
                ALPN string length: 2
                ALPN Next Protocol: h2
                ALPN string length: 8
                ALPN Next Protocol: http/1.1
        Extension: status_request (len=5)
            Type: status_request (5)
            Length: 5
            Certificate Status Type: OCSP (1)
            Responder ID list Length: 0
            Request Extensions Length: 0
        Extension: signature_algorithms (len=18)
            Type: signature_algorithms (13)
            Length: 18
            Signature Hash Algorithms Length: 16
            Signature Hash Algorithms (8 algorithms)
                Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)
                    Signature Hash Algorithm Hash: SHA256 (4)
                    Signature Hash Algorithm Signature: ECDSA (3)
                Signature Algorithm: rsa_pss_rsae_sha256 (0x0804)
                    Signature Hash Algorithm Hash: Unknown (8)
                    Signature Hash Algorithm Signature: Unknown (4)
                Signature Algorithm: rsa_pkcs1_sha256 (0x0401)
                    Signature Hash Algorithm Hash: SHA256 (4)
                    Signature Hash Algorithm Signature: RSA (1)
                Signature Algorithm: ecdsa_secp384r1_sha384 (0x0503)
                    Signature Hash Algorithm Hash: SHA384 (5)
                    Signature Hash Algorithm Signature: ECDSA (3)
                Signature Algorithm: rsa_pss_rsae_sha384 (0x0805)
                    Signature Hash Algorithm Hash: Unknown (8)
                    Signature Hash Algorithm Signature: Unknown (5)
                Signature Algorithm: rsa_pkcs1_sha384 (0x0501)
                    Signature Hash Algorithm Hash: SHA384 (5)
                    Signature Hash Algorithm Signature: RSA (1)
                Signature Algorithm: rsa_pss_rsae_sha512 (0x0806)
                    Signature Hash Algorithm Hash: Unknown (8)
                    Signature Hash Algorithm Signature: Unknown (6)
                Signature Algorithm: rsa_pkcs1_sha512 (0x0601)
                    Signature Hash Algorithm Hash: SHA512 (6)
                    Signature Hash Algorithm Signature: RSA (1)
        Extension: signed_certificate_timestamp (len=0)
            Type: signed_certificate_timestamp (18)
            Length: 0
        Extension: key_share (len=43)
            Type: key_share (51)
            Length: 43
            Key Share extension
                Client Key Share Length: 41
                Key Share Entry: Group: Reserved (GREASE), Key Exchange length: 1
                    Group: Reserved (GREASE) (19018)
                    Key Exchange Length: 1
                    Key Exchange: 00
                Key Share Entry: Group: x25519, Key Exchange length: 32
                    Group: x25519 (29)
                    Key Exchange Length: 32
                    Key Exchange: 214ea0d076a8a37371cef86b831b27583be9d4dd8b4aaef9b88652f730903457
        Extension: psk_key_exchange_modes (len=2)
            Type: psk_key_exchange_modes (45)
            Length: 2
            PSK Key Exchange Modes Length: 1
            PSK Key Exchange Mode: PSK with (EC)DHE key establishment (psk_dhe_ke) (1)
        Extension: supported_versions (len=11)
            Type: supported_versions (43)
            Length: 11
            Supported Versions length: 10
            Supported Version: Unknown (0xfafa)
            Supported Version: TLS 1.3 (0x0304)
            Supported Version: TLS 1.2 (0x0303)
            Supported Version: TLS 1.1 (0x0302)
            Supported Version: TLS 1.0 (0x0301)
        Extension: compress_certificate (len=3)
            Type: compress_certificate (27)
            Length: 3
            Algorithms Length: 2
            Algorithm: brotli (2)
        Extension: Unknown type 17513 (len=5)
            Type: Unknown (17513)
            Length: 5
            Data: 0003026832
        Extension: Reserved (GREASE) (len=1)
            Type: Reserved (GREASE) (14906)
            Length: 1
            Data: 00


Server responses:
1.
TLSv1.2 Record Layer: Handshake Protocol: Server Hello
    Content Type: Handshake (22)
    Version: TLS 1.2 (0x0303)
    Length: 84
    Handshake Protocol: Server Hello
        Handshake Type: Server Hello (2)
        Length: 80
        Version: TLS 1.2 (0x0303)
        Random: 61c38ddb53f3dada22fa85c8e552a5498b0dcddde563d93489693a669025da01
        Session ID Length: 0
        Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
        Compression Method: null (0)
        Extensions Length: 40
        Extension: renegotiation_info (len=1)
            Type: renegotiation_info (65281)
            Length: 1
            Renegotiation Info extension
                Renegotiation info extension length: 0
        Extension: server_name (len=0)
            Type: server_name (0)
            Length: 0
        Extension: ec_point_formats (len=4)
            Type: ec_point_formats (11)
            Length: 4
            EC point formats Length: 3
            Elliptic curves point formats (3)
                EC point format: uncompressed (0)
                EC point format: ansiX962_compressed_prime (1)
                EC point format: ansiX962_compressed_char2 (2)
        Extension: session_ticket (len=0)
            Type: session_ticket (35)
            Length: 0
            Data (0 bytes)
        Extension: application_layer_protocol_negotiation (len=11)
            Type: application_layer_protocol_negotiation (16)
            Length: 11
            ALPN Extension Length: 9
            ALPN Protocol
                ALPN string length: 8
                ALPN Next Protocol: http/1.1
        Extension: extended_master_secret (len=0)
            Type: extended_master_secret (23)
            Length: 0

2.
TLSv1.2 Record Layer: Handshake Protocol: Certificate
    Content Type: Handshake (22)
    Version: TLS 1.2 (0x0303)
    Length: 2849
    Handshake Protocol: Certificate
        Handshake Type: Certificate (11)
        Length: 2845
        Certificates Length: 2842
        Certificates (2842 bytes)
            Certificate Length: 1631
            Certificate: 3082065b30820543a00302010202100904f167bad09145fe9010dd2479ff0b300d06092a… (id-at-commonName=obfuscated)
                signedCertificate
                    version: v3 (2)
                    serialNumber: 0x0904f167bad09145fe9010dd2479ff0b
                    signature (sha256WithRSAEncryption)
                        Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
                    issuer: rdnSequence (0)
                    validity
                    subject: rdnSequence (0)
                    subjectPublicKeyInfo
                    extensions: 10 items
                        Extension (id-ce-authorityKeyIdentifier)
                        Extension (id-ce-subjectKeyIdentifier)
                        Extension (id-ce-subjectAltName)
                        Extension (id-ce-keyUsage)
                        Extension (id-ce-extKeyUsage)
                        Extension (id-ce-cRLDistributionPoints)
                        Extension (id-ce-certificatePolicies)
                        Extension (id-pe-authorityInfoAccess)
                        Extension (id-ce-basicConstraints)
                        Extension (SignedCertificateTimestampList)
                algorithmIdentifier (sha256WithRSAEncryption)
                    Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
                Padding: 0
                encrypted: cc532c30948077551b364b33fccfc4b7bc568c55e0f79997f057ed77b6d46a345f3c4540…
            Certificate Length: 1205
            Certificate: 308204b130820399a003020102021008a5a246cd4b5c8c83d702b4bbab5349300d06092a… (id-at-commonName=RapidSSL RSA CA 2018,id-at-organizationalUnitName=www.digicert.com,id-at-organizationName=DigiCert Inc,id-at-countryName=US)
                signedCertificate
                    version: v3 (2)
                    serialNumber: 0x08a5a246cd4b5c8c83d702b4bbab5349
                    signature (sha256WithRSAEncryption)
                        Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
                    issuer: rdnSequence (0)
                    validity
                    subject: rdnSequence (0)
                    subjectPublicKeyInfo
                    extensions: 8 items
                        Extension (id-ce-subjectKeyIdentifier)
                        Extension (id-ce-authorityKeyIdentifier)
                        Extension (id-ce-keyUsage)
                        Extension (id-ce-extKeyUsage)
                        Extension (id-ce-basicConstraints)
                        Extension (id-pe-authorityInfoAccess)
                        Extension (id-ce-cRLDistributionPoints)
                        Extension (id-ce-certificatePolicies)
                algorithmIdentifier (sha256WithRSAEncryption)
                    Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
                Padding: 0
                encrypted: 7e23c7f2ca356e5992515c616b3c1236e6d27cb329e642d8a395611ecff207af2b2b255a…

3.
TLSv1.2 Record Layer: Handshake Protocol: Server Key Exchange
    Content Type: Handshake (22)
    Version: TLS 1.2 (0x0303)
    Length: 333
    Handshake Protocol: Server Key Exchange
        Handshake Type: Server Key Exchange (12)
        Length: 329
        EC Diffie-Hellman Server Params
            Curve Type: named_curve (0x03)
            Named Curve: secp256r1 (0x0017)
            Pubkey Length: 65
            Pubkey: 0451ab773cb0ac556a3edc28eace1456adbe8c785072408c54260c65777341cce07968cc…
            Signature Algorithm: rsa_pss_rsae_sha256 (0x0804)
                Signature Hash Algorithm Hash: Unknown (8)
                Signature Hash Algorithm Signature: Unknown (4)
            Signature Length: 256
            Signature: 789ae4a120858bc3b5a03d41b42bf9735aa43ff450f0819e89d1a862374bdb3e5ad32118…

4.
Server Hello Done ommitted

Client packets ommitted.

Thanks,
Allen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20211231/04d28554/attachment-0001.htm>


More information about the openssl-users mailing list