[openssl-dev] [openssl.org #3712] TLS Renegotiation with Java is broken

Hubert Kario via RT rt at openssl.org
Mon Oct 19 15:00:18 UTC 2015 

On Monday 19 October 2015 10:19:09 Albe Laurenz via RT wrote:

> 7 0.189902000    10.155.6.40           10.153.93.229         TLSv1    259    Client Hello 
> 8 0.192699000    10.153.93.229         10.155.6.40           TLSv1    1485   Server Hello, Certificate, Server Key Exchange, Server Hello Done 

so we know that 10.155.6.40 is the client while 10.153.93.229 is the server

>     38 0.237265000    10.153.93.229         10.155.6.40           TLSv1    91     Encrypted Handshake Message

Server is sending Hello Request

>     39 0.237265000    10.153.93.229         10.155.6.40           TLSv1    1008   Application Data, Application Data

Server is continuing sending the data

>     41 0.241914000    10.155.6.40           10.153.93.229         TLSv1    331    Encrypted Handshake Message

Client is sending Client Hello

>     42 0.244284000    10.153.93.229         10.155.6.40           TLSv1    1514   Encrypted Handshake Message, Encrypted Handshake Message
>     43 0.244285000    10.153.93.229         10.155.6.40           TLSv1    150    Encrypted Handshake Message

Server replies with Server Hello, Certificate and Server Hello Done

>     45 0.248419000    10.155.6.40           10.153.93.229         TLSv1    91     Application Data
>     46 0.248492000    10.155.6.40           10.153.93.229         TLSv1    155    Application Data

Client continues sending data

>     48 0.253568000    10.155.6.40           10.153.93.229         TLSv1    155    Encrypted Handshake Message

Client replies to Server Hello Done with Client Key Exchange...

>     49 0.257257000    10.155.6.40           10.153.93.229         TLSv1    91     Change Cipher Spec
>     50 0.257494000    10.155.6.40           10.153.93.229         TLSv1    107    Encrypted Handshake Message

...Change Cipher Spec and Finished

>     52 0.257939000    10.153.93.229         10.155.6.40           TLSv1    144    Change Cipher Spec, Encrypted Handshake Message

server replies with Change Cipher Spec and Finished

>     53 0.258048000    10.153.93.229         10.155.6.40           TLSv1    1514   Application Data
>     59 0.258282000    10.153.93.229         10.155.6.40           TLSv1    1020   Application Data

server replies with data to client

> Ist that good enough? Can you infer from context which "Encrypted
> Handshake Message" is what?

yes, thank you, if that exchange is typical, then it's enough to allow
application data between Client Hello and Certificate/Client Key Exchange
to at least "patch up" this issue

-- 
Regards,
Hubert Kario
Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20151019/8769d48e/attachment.sig>

More information about the openssl-dev mailing list