[openssl-dev] [openssl.org #3712] TLS Renegotiation with Java is broken
Hubert Kario via RT
rt at openssl.org
Mon Oct 19 15:00:18 UTC 2015
On Monday 19 October 2015 10:19:09 Albe Laurenz via RT wrote:
> 7 0.189902000 10.155.6.40 10.153.93.229 TLSv1 259 Client Hello
> 8 0.192699000 10.153.93.229 10.155.6.40 TLSv1 1485 Server Hello, Certificate, Server Key Exchange, Server Hello Done
so we know that 10.155.6.40 is the client while 10.153.93.229 is the server
> 38 0.237265000 10.153.93.229 10.155.6.40 TLSv1 91 Encrypted Handshake Message
Server is sending Hello Request
> 39 0.237265000 10.153.93.229 10.155.6.40 TLSv1 1008 Application Data, Application Data
Server is continuing sending the data
> 41 0.241914000 10.155.6.40 10.153.93.229 TLSv1 331 Encrypted Handshake Message
Client is sending Client Hello
> 42 0.244284000 10.153.93.229 10.155.6.40 TLSv1 1514 Encrypted Handshake Message, Encrypted Handshake Message
> 43 0.244285000 10.153.93.229 10.155.6.40 TLSv1 150 Encrypted Handshake Message
Server replies with Server Hello, Certificate and Server Hello Done
> 45 0.248419000 10.155.6.40 10.153.93.229 TLSv1 91 Application Data
> 46 0.248492000 10.155.6.40 10.153.93.229 TLSv1 155 Application Data
Client continues sending data
> 48 0.253568000 10.155.6.40 10.153.93.229 TLSv1 155 Encrypted Handshake Message
Client replies to Server Hello Done with Client Key Exchange...
> 49 0.257257000 10.155.6.40 10.153.93.229 TLSv1 91 Change Cipher Spec
> 50 0.257494000 10.155.6.40 10.153.93.229 TLSv1 107 Encrypted Handshake Message
...Change Cipher Spec and Finished
> 52 0.257939000 10.153.93.229 10.155.6.40 TLSv1 144 Change Cipher Spec, Encrypted Handshake Message
server replies with Change Cipher Spec and Finished
> 53 0.258048000 10.153.93.229 10.155.6.40 TLSv1 1514 Application Data
> 59 0.258282000 10.153.93.229 10.155.6.40 TLSv1 1020 Application Data
server replies with data to client
> Ist that good enough? Can you infer from context which "Encrypted
> Handshake Message" is what?
yes, thank you, if that exchange is typical, then it's enough to allow
application data between Client Hello and Certificate/Client Key Exchange
to at least "patch up" this issue
--
Regards,
Hubert Kario
Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20151019/8769d48e/attachment.sig>
More information about the openssl-dev
mailing list