[openssl-project] update on sporadic test failures
Bernd Edlinger
bernd.edlinger at hotmail.de
Wed Jan 10 20:31:49 UTC 2018
Hi Ben,
I was able to reproduce it on my laptop, so at least you are not alone.
trunk rev. a41a6120cdcb7e883481bc1bed55e7157c9255c4 (unpatched)
./config enable-tls1_3
make
N=0; while make test TESTS=test_sslsigalgs V=1; do N=$((N+1)); done;
echo count=$N
stopped after 338 repetitions:
Message type: ClientHello
Message Length: 292
Client Version:771
Session ID Len:32
Ciphersuite len:62
Compression Method Len:1
Extensions Len:157
Forwarded packet length = 265
Received server packet
Packet length = 1406
Processing flight 1
Record 1 (server -> client)
Content type: HANDSHAKE
Version: TLS1.2
Length: 69
Message type: ServerHello
Message Length: 65
Server Version:771
Session ID Len:0
Ciphersuite:49171
Compression Method:0
Extensions Len:25
Record 2 (server -> client)
Content type: HANDSHAKE
Version: TLS1.2
Length: 1013
Message type: Certificate
Message Length: 1009
Certificate List Len:1006
Certificate Len:1003
Record 3 (server -> client)
Content type: HANDSHAKE
Version: TLS1.2
Length: 300
Message type: ServerKeyExchange
Message Length: 296
Record 4 (server -> client)
Content type: HANDSHAKE
Version: TLS1.2
Length: 4
Message type: ServerHelloDone
Message Length: 0
Forwarded packet length = 1406
depth=0 C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN =
Test Server Cert
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN =
Test Server Cert
verify error:num=21:unable to verify the first certificate
verify return:1
Received client packet
Packet length = 121
Processing flight 2
Record 1 (client -> server)
Content type: HANDSHAKE
Version: TLS1.2
Length: 37
Message type: ClientKeyExchange
Message Length: 33
Record 2 (client -> server)
Content type: CCS
Version: TLS1.2
Length: 1
Record 3 (client -> server)
Content type: HANDSHAKE
Version: TLS1.2
Length: 68
Message type: Finished
Message Length: 12
Forwarded packet length = 121
CONNECTION ESTABLISHED
Protocol version: TLSv1.2
Client cipher list:
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256Received
server packet
:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384Packet length = 270
:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:Processing
flight 3
DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA
Record 1:AES256-GCM-SHA384: (server -> client)
AES128-GCM-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:TLS_EMPTY_RENEGOTIATION_INFO_SCSV
Ciphersuite: ECDHE-RSA-AES128-SHA
Signature Algorithms: RSA-PSS+SHA256
No peer certificate
Supported Elliptic Curve Point Formats:
uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2
Supported Elliptic Groups: Content type: HANDSHAKE
X25519: Version: TLS1.2
P-256:P-521 Length: 186:P-384
Message type: NewSessionTicket
Message Length: 182
Record 2 (server -> client)
Content type: CCS
Version: TLS1.2
Length: 1
Record 3 (server -> client)
Content type: HANDSHAKE
Version: TLS1.2
Length: 68
Message type: Finished
Message Length: 12
Forwarded packet length = 270
CONNECTED(00000003)
---
Certificate chain
0 s:C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN =
Test Server Cert
i:C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN =
OpenSSL Test Intermediate CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIID5zCCAs+gAwIBAgIJALnu1NlVpZ6zMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV
BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT
VElORyBQVVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJt
ZWRpYXRlIENBMB4XDTExMTIwODE0MDE0OFoXDTIxMTAxNjE0MDE0OFowZDELMAkG
A1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBU
RVNUSU5HIFBVUlBPU0VTIE9OTFkxGTAXBgNVBAMMEFRlc3QgU2VydmVyIENlcnQw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDzhPOSNtyyRspmeuUpxfNJ
KCLTuf7g3uQ4zu4iHOmRO5TQci+HhVlLZrHF9XqFXcIP0y4pWDbMSGuiorUmzmfi
R7bfSdI/+qIQt8KXRH6HNG1t8ou0VSvWId5TS5Dq/er5ODUr9OaaDva7EquHIcMv
vPQGuI+OEAcnleVCy9HVEIySrO4P3CNIicnGkwwiAud05yUAq/gPXBC1hTtmlPD7
TVcGVSEiJdvzqqlgv02qedGrkki6GY4S7GjZxrrf7Foc2EP+51LJzwLQx3/JfrCU
41NEWAsu/Sl0tQabXESN+zJ1pDqoZ3uHMgpQjeGiE0olr+YcsSW/tJmiU9OiAr8R
AgMBAAGjgY8wgYwwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwLAYJYIZI
AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
BBSCvM8AABPR9zklmifnr9LvIBturDAfBgNVHSMEGDAWgBQ2w2yI55X+sL3szj49
hqshgYfa2jANBgkqhkiG9w0BAQUFAAOCAQEAqb1NV0B0/pbpK9Z4/bNjzPQLTRLK
WnSNm/Jh5v0GEUOE/Beg7GNjNrmeNmqxAlpqWz9qoeoFZax+QBpIZYjROU3TS3fp
yLsrnlr0CDQ5R7kCCDGa8dkXxemmpZZLbUCpW2Uoy8sAA4JjN9OtsZY7dvUXFgJ7
vVNTRnI01ghknbtD+2SxSQd3CWF6QhcRMAzZJ1z1cbbwGDDzfvGFPzJ+Sq+zEPds
xoVLLSetCiBc+40ZcDS5dV98h9XD7JMTQfxzA7mNGv73JoZJA6nFgj+ADSlJsY/t
JBv+z1iQRueoh9Qeee+ZbRifPouCB8FDx+AltvHTANdAq0t/K3o+pplMVA==
-----END CERTIFICATE-----
subject=C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN =
Test Server Cert
issuer=C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN =
OpenSSL Test Intermediate CA
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 1676 bytes and written 422 bytes
Verification error: unable to verify the first certificate
---
New, TLSv1.0, Cipher is ECDHE-RSA-AES128-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-SHA
Session-ID:
000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
Session-ID-ctx:
Master-Key:
000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F000102030405060708090A0B0C0D0E0F
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 01 02 03 04 05 06 07 08-09 0a 0b 0c 0d 0e 0f 10
................
0010 - 01 02 03 04 05 06 07 08-09 0a 0b 0c 0d 0e 0f 10
................
0020 - 82 48 f7 82 0f 7f 21 bf-f4 19 28 80 63 9f da 52
.H....!...(.c..R
0030 - 3a 16 a9 85 de 2f 41 96-90 4d f7 f1 b1 11 b8 63
:..../A..M.....c
0040 - 2d c5 62 f7 e3 da be 90-aa 50 3c 9b e7 ad 41 35
-.b......P<...A5
0050 - c7 76 8d 18 a6 f7 9a 73-6b 25 4a 90 c7 ca 70 ef
.v.....sk%J...p.
0060 - a3 46 51 7b 22 47 d9 ef-10 43 11 7b 1f 26 4e c4
.FQ{"G...C.{.&N.
0070 - 74 d9 f2 5e 6a 05 65 fa-e4 e7 f3 c5 36 af 1c b0
t..^j.e.....6...
0080 - ed b7 ba 5d e6 d3 3e 38-e0 63 53 30 89 37 bd 38
...]..>8.cS0.7.8
0090 - 00 01 02 03 04 05 06 07-08 09 0a 0b 0c 0d 0e 0f
................
00a0 - 10 11 12 13 14 15 16 17-18 19 1a 1b 1c 1d 1e 1f
................
Start Time: 1515615760
Timeout : 7200 (sec)
Verify return code: 21 (unable to verify the first certificate)
Extended master secret: yes
---
DONE
Received client packet
Packet length = 114
Processing flight 4
Record 1 (client -> server)
Content type: APPLICATION DATA
Version: TLS1.2
Length: 52
[ENCRYPTED APPLICATION DATA]
[test
]
Record 2 (client -> server)
Content type: ALERT
Version: TLS1.2
Length: 52
Forwarded packet length = 114
Connection closed
Waiting for server process to close: 10002
CONNECTION CLOSED
0 items in the session cache
0 client connects (SSL_connect())
0 client renegotiates (SSL_connect())
0 client connects that finished
1 server accepts (SSL_accept())
0 server renegotiates (SSL_accept())
1 server accepts that finished
0 session cache hits
1 session cache misses
0 session cache timeouts
0 callback cache hits
0 cache full overflows (128 allowed)
Waiting for client process to close: 10003
ok 13 - PSS only sigalgs in TLSv1.2
Proxy started on port 4453
Server command: ../../util/shlib_wrap.sh ../../apps/openssl s_server
-no_comp -rev -engine ossltest -accept 4443 -cert ../../apps/server.pem
-cert2 ../../apps/server.pem -naccept 1 -cipher
ECDHE-RSA-AES128-SHA:TLS13-AES-128-GCM-SHA256
Client command: echo test | ../../util/shlib_wrap.sh ../../apps/openssl
s_client -engine ossltest -connect localhost:4453 -no_tls1_3 -sigalgs
RSA+SHA256
engine "ossltest" set.
engine "ossltest" set.
Using default temp DH parameters
ACCEPT
Connection opened
Received client packet
Packet length = 152
Processing flight 0
Record 1 (client -> server)
Content type: HANDSHAKE
Version: TLS1.0
Length: 147
Message type: ClientHello
Message Length: 143
Client Version:771
Session ID Len:0
Ciphersuite len:42
Compression Method Len:1
Extensions Len:60
Forwarded packet length = 152
Received server packet
Packet length = 1406
Processing flight 1
Record 1 (server -> client)
Content type: HANDSHAKE
Version: TLS1.2
Length: 69
Message type: ServerHello
Message Length: 65
Server Version:771
Session ID Len:0
Ciphersuite:49171
Compression Method:0
Extensions Len:25
Record 2 (server -> client)
Content type: HANDSHAKE
Version: TLS1.2
Length: 1013
Message type: Certificate
Message Length: 1009
Certificate List Len:1006
Certificate Len:1003
Record 3 (server -> client)
Content type: HANDSHAKE
Version: TLS1.2
Length: 300
Message type: ServerKeyExchange
Message Length: 296
Record 4 (server -> client)
Content type: HANDSHAKE
Version: TLS1.2
Length: 4
Message type: ServerHelloDone
Message Length: 0
Forwarded packet length = 1406
depth=0 C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN =
Test Server Cert
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN =
Test Server Cert
verify error:num=21:unable to verify the first certificate
verify return:1
47111746565952:error:1414D172:SSL routines:tls12_check_peer_sigalg:wrong
signature type:ssl/t1_lib.c:996:
Received client packet
Packet length = 7
Processing flight 2
Record 1 (client -> server)
Content type: ALERT
Version: TLS1.2
Length: 2
Forwarded packet length = 7
Connection closed
CONNECTED(00000003)
---
Certificate chain
0 s:C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN =
Test Server Cert
i:C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN =
OpenSSL Test Intermediate CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIID5zCCAs+gAwIBAgIJALnu1NlVpZ6zMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV
BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT
VElORyBQVVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJt
ZWRpYXRlIENBMB4XDTExMTIwODE0MDE0OFoXDTIxMTAxNjE0MDE0OFowZDELMAkG
A1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBU
RVNUSU5HIFBVUlBPU0VTIE9OTFkxGTAXBgNVBAMMEFRlc3QgU2VydmVyIENlcnQw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDzhPOSNtyyRspmeuUpxfNJ
KCLTuf7g3uQ4zu4iHOmRO5TQci+HhVlLZrHF9XqFXcIP0y4pWDbMSGuiorUmzmfi
R7bfSdI/+qIQt8KXRH6HNG1t8ou0VSvWId5TS5Dq/er5ODUr9OaaDva7EquHIcMv
vPQGuI+OEAcnleVCy9HVEIySrO4P3CNIicnGkwwiAud05yUAq/gPXBC1hTtmlPD7
TVcGVSEiJdvzqqlgv02qedGrkki6GY4S7GjZxrrf7Foc2EP+51LJzwLQx3/JfrCU
41NEWAsu/Sl0tQabXESN+zJ1pDqoZ3uHMgpQjeGiE0olr+YcsSW/tJmiU9OiAr8R
AgMBAAGjgY8wgYwwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwLAYJYIZI
AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
BBSCvM8AABPR9zklmifnr9LvIBturDAfBgNVHSMEGDAWgBQ2w2yI55X+sL3szj49
hqshgYfa2jANBgkqhkiG9w0BAQUFAAOCAQEAqb1NV0B0/pbpK9Z4/bNjzPQLTRLK
WnSNm/Jh5v0GEUOE/Beg7GNjNrmeNmqxAlpqWz9qoeoFZax+QBpIZYjROU3TS3fp
yLsrnlr0CDQ5R7kCCDGa8dkXxemmpZZLbUCpW2Uoy8sAA4JjN9OtsZY7dvUXFgJ7
vVNTRnI01ghknbtD+2SxSQd3CWF6QhcRMAzZJ1z1cbbwGDDzfvGFPzJ+Sq+zEPds
xoVLLSetCiBc+40ZcDS5dV98h9XD7JMTQfxzA7mNGv73JoZJA6nFgj+ADSlJsY/t
JBv+z1iQRueoh9Qeee+ZbRifPouCB8FDx+AltvHTANdAq0t/K3o+pplMVA==
-----END CERTIFICATE-----
subject=C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN =
Test Server Cert
issuer=C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN =
OpenSSL Test Intermediate CA
---
No client certificate CA names sent
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 1397 bytes and written 159 bytes
Verification error: unable to verify the first certificate
---
New, (NONE), Cipher is (NONE)
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1515615760
Timeout : 7200 (sec)
Verify return code: 21 (unable to verify the first certificate)
Extended master secret: yes
---
Waiting for server process to close: 10026
CONNECTION FAILURE
47243456800576:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert
handshake failure:ssl/record/rec_layer_s3.c:1587:SSL alert number 40
0 items in the session cache
0 client connects (SSL_connect())
0 client renegotiates (SSL_connect())
0 client connects that finished
1 server accepts (SSL_accept())
0 server renegotiates (SSL_accept())
0 server accepts that finished
0 session cache hits
0 session cache misses
0 session cache timeouts
0 callback cache hits
0 cache full overflows (128 allowed)
Waiting for client process to close: 10027
ok 14 - Sigalg we did not send in TLSv1.2
Server command: ../../util/shlib_wrap.sh ../../apps/openssl s_server
-no_comp -rev -engine ossltest -accept 4443 -cert ../../apps/server.pem
-cert2 ../../apps/server.pem -naccept 1 -cipher
ECDHE-RSA-AES128-SHA:TLS13-AES-128-GCM-SHA256
Proxy started on port 4453
Client command: echo test | ../../util/shlib_wrap.sh ../../apps/openssl
s_client -engine ossltest -connect localhost:4453 -no_tls1_3 -sigalgs
ECDSA+SHA256
engine "ossltest" set.
engine "ossltest" set.
Using default temp DH parameters
ACCEPT
Connection opened
Received client packet
Packet length = 126
Processing flight 0
Record 1 (client -> server)
Content type: HANDSHAKE
Version: TLS1.0
Length: 121
Message type: ClientHello
Message Length: 117
Client Version:771
Session ID Len:0
Ciphersuite len:16
Compression Method Len:1
Extensions Len:60
Forwarded packet length = 126
CONNECTION FAILURE
Received server packet
Packet length = 7
Processing flight 1
Record 147986366047872:error:1417A0C1:SSL
routines:tls_post_process_client_hello:no shared
cipher:ssl/statem/statem_srvr.c:2131:
(server -> client)
Content type: ALERT
Version: TLS1.2
Length: 2
Forwarded packet length = 7
Connection closed
Waiting for server process to close: 10050
47262213985920:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert
handshake failure:ssl/record/rec_layer_s3.c:1587:SSL alert number 40
0 items in the session cache
0 client connects (SSL_connect())
0 client renegotiates (SSL_connect())
0 client connects that finished
1 server accepts (SSL_accept())
0 server renegotiates (SSL_accept())
0 server accepts that finished
0 session cache hits
0 session cache misses
0 session cache timeouts
0 callback cache hits
0 cache full overflows (128 allowed)
CONNECTED(00000003)
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 126 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1515615760
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
---
Waiting for client process to close: 10051
ok 15 - No matching TLSv1.2 sigalgs
Proxy started on port 4453
Server command: ../../util/shlib_wrap.sh ../../apps/openssl s_server
-no_comp -rev -engine ossltest -accept 4443 -cert ../../apps/server.pem
-cert2 ../../apps/server.pem -naccept 1 -cipher
ECDHE-ECDSA-AES128-SHA:TLS13-AES-128-GCM-SHA256 -cert
../../test/certs/server-ecdsa-cert.pem -key
../../test/certs/server-ecdsa-key.pem
Client command: echo test | ../../util/shlib_wrap.sh ../../apps/openssl
s_client -engine ossltest -connect localhost:4453 -no_tls1_3
engine "ossltest" set.
Using default temp DH parameters
ACCEPT
engine "ossltest" set.
Connection opened
Received client packet
Packet length = 202
Processing flight 0
Record 1 (client -> server)
Content type: HANDSHAKE
Version: TLS1.0
Length: 197
Message type: ClientHello
Message Length: 193
Client Version:771
Session ID Len:0
Ciphersuite len:56
Compression Method Len:1
Extensions Len:96
Forwarded packet length = 158
Received server packet
Packet length = 831
Processing flight 1
Record 1 (server -> client)
Content type: HANDSHAKE
Version: TLS1.2
Length: 69
Message type: ServerHello
Message Length: 65
Server Version:771
Session ID Len:0
Ciphersuite:49161
Compression Method:0
Extensions Len:25
Record 2 (server -> client)
Content type: HANDSHAKE
Version: TLS1.2
Length: 623
Message type: Certificate
Message Length: 619
Certificate List Len:616
Certificate Len:613
Record 3 (server -> client)
Content type: HANDSHAKE
Version: TLS1.2
Length: 115
Message type: ServerKeyExchange
Message Length: 111
Record 4 (server -> client)
Content type: HANDSHAKE
Version: TLS1.2
Length: 4
Message type: ServerHelloDone
Message Length: 0
Forwarded packet length = 831
depth=0 CN = Server ECDSA cert
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = Server ECDSA cert
verify error:num=21:unable to verify the first certificate
verify return:1
Received client packet
Packet length = 121
Processing flight 2
Record 1 (client -> server)
Content type: HANDSHAKE
Version: TLS1.2
Length: 37
Message type: ClientKeyExchange
Message Length: 33
Record 2 (client -> server)
Content type: CCS
Version: TLS1.2
Length: 1
Record 3 (client -> server)
Content type: HANDSHAKE
Version: TLS1.2
Length: 68
Message type: Finished
Message Length: 12
Forwarded packet length = 121
CONNECTION ESTABLISHED
Protocol version: TLSv1.2
Client cipher list:
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHAReceived
server packet
:ECDHE-RSA-AES128-SHA:Packet length = 270
DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:TLS_EMPTY_RENEGOTIATION_INFO_SCSV
Ciphersuite: ECDHE-ECDSA-AES128-SHA
No peer certificate
Supported Elliptic Curve Point Formats:
uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2
Supported Elliptic Groups: Processing flight 3
X25519:P-256:P-521:P-384 Record 1
(server -> client)
Content type: HANDSHAKE
Version: TLS1.2
Length: 186
Message type: NewSessionTicket
Message Length: 182
Record 2 (server -> client)
Content type: CCS
Version: TLS1.2
Length: 1
Record 3 (server -> client)
Content type: HANDSHAKE
Version: TLS1.2
Length: 68
Message type: Finished
Message Length: 12
Forwarded packet length = 270
CONNECTED(00000003)
---
Certificate chain
0 s:CN = Server ECDSA cert
i:CN = Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICYTCCAUmgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
IENBMCAXDTE3MDExMjE0NDUwMVoYDzIxMTcwMTEzMTQ0NTAxWjAcMRowGAYDVQQD
DBFTZXJ2ZXIgRUNEU0EgY2VydDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOI7
NNxE483tJyIKT6KOQM5Zlfrigh12BEcHxnzpudgVHYA4aL5D5JulYGFzL0LQ5Q55
GpCub1V2j+AhyBMKPQqjgYAwfjAdBgNVHQ4EFgQUSDzlr0Ayx22BljPtY6YRLTes
qgwwHwYDVR0jBBgwFoAUcH8uroNoWZgEIyrN6z4XzSTdAUkwCQYDVR0TBAIwADAT
BgNVHSUEDDAKBggrBgEFBQcDATAcBgNVHREEFTATghFTZXJ2ZXIgRUNEU0EgY2Vy
dDANBgkqhkiG9w0BAQsFAAOCAQEAOJDgr1hRNuxW1D93yDWFwP1o2KuaI0BMZVFS
6rzzLThCo3FeS6X7DCrBP699PCYcKeyMDmQwg9mVMABSZzox2GBO3hoqtnUXjsK3
Qxh+4O5EmIXX4v8szdSBP14O2c5krAk4lbVWxLHE78NAc8dL94VORndyTcmaXUTn
FQeBaRJjXto3okPvwYlczPS9sq0AhuBh5hwsLOYwpLf6/loPLjl40iwPQ+iqQ1EV
m0Sac3o+0qI0cKiz4nXgd4NkFvV3G8lwd0Um8KSS/EFuZbgJNKKD6+1+90sibM4a
Y/JiO6weK/VTlqCLn7zV9LcDT4gU18UCn85UV1XlVYKXZlaXYQ==
-----END CERTIFICATE-----
subject=CN = Server ECDSA cert
issuer=CN = Root CA
---
No client certificate CA names sent
Peer signing digest: SHA1
Peer signature type: ECDSA
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 1101 bytes and written 323 bytes
Verification error: unable to verify the first certificate
---
New, TLSv1.0, Cipher is ECDHE-ECDSA-AES128-SHA
Server public key is 256 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-ECDSA-AES128-SHA
Session-ID:
000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
Session-ID-ctx:
Master-Key:
000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F000102030405060708090A0B0C0D0E0F
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 01 02 03 04 05 06 07 08-09 0a 0b 0c 0d 0e 0f 10
................
0010 - 01 02 03 04 05 06 07 08-09 0a 0b 0c 0d 0e 0f 10
................
0020 - 36 30 c1 2b b2 82 bc 0d-a7 91 be 35 cf 46 28 79
60.+.......5.F(y
0030 - c0 38 f3 ce 11 73 6b 67-9a 07 5e 15 04 2d fc 2e
.8...skg..^..-..
0040 - 95 6f e3 f8 e2 9c 25 33-21 8d 66 e9 3d 15 5b 92
.o....%3!.f.=.[.
0050 - 37 89 a0 62 4c 7e 24 17-00 ff 5a 40 75 cf a4 1a
7..bL~$...Z at u...
0060 - bc ee eb e0 c2 4a 16 e6-8a 9d bc f1 9f ae f7 42
.....J.........B
0070 - 99 52 81 43 6f ae 1d 39-fa 56 ad 3e 17 55 d0 5d
.R.Co..9.V.>.U.]
0080 - 3c 64 da f3 31 18 d2 2f-5a b2 85 13 7c 53 ff 38
<d..1../Z...|S.8
0090 - 00 01 02 03 04 05 06 07-08 09 0a 0b 0c 0d 0e 0f
................
00a0 - 10 11 12 13 14 15 16 17-18 19 1a 1b 1c 1d 1e 1f
................
Start Time: 1515615760
Timeout : 7200 (sec)
Verify return code: 21 (unable to verify the first certificate)
Extended master secret: yes
---
DONE
Received client packet
Packet length = 57
Processing flight 4
Record 1 (client -> server)
Content type: APPLICATION DATA
Version: TLS1.2
Length: 52
[ENCRYPTED APPLICATION DATA]
[test
]
Forwarded packet length = 57
Received client packet
Packet length = 57
Processing flight 5
Record 1 (client -> server)
Content type: ALERT
Version: TLS1.2
Length: 52
Forwarded packet length = 57
Connection closed
Waiting for server process to close: 10074
CONNECTION CLOSED
0 items in the session cache
0 client connects (SSL_connect())
0 client renegotiates (SSL_connect())
0 client connects that finished
1 server accepts (SSL_accept())
0 server renegotiates (SSL_accept())
1 server accepts that finished
0 session cache hits
0 session cache misses
0 session cache timeouts
0 callback cache hits
0 cache full overflows (128 allowed)
Waiting for client process to close: 10075
ok 16 - No TLSv1.2 sigalgs, ECDSA
Server command: ../../util/shlib_wrap.sh ../../apps/openssl s_server
-no_comp -rev -engine ossltest -accept 4443 -cert ../../apps/server.pem
-cert2 ../../apps/server.pem -naccept 1 -cipher
AES128-SHA:TLS13-AES-128-GCM-SHA256
Proxy started on port 4453
Client command: echo test | ../../util/shlib_wrap.sh ../../apps/openssl
s_client -engine ossltest -connect localhost:4453 -tls1_3
engine "ossltest" set.
Connection opened
engine "ossltest" set.
Using default temp DH parameters
ACCEPT
Received client packet
Packet length = 223
Processing flight 0
Record 1 (client -> server)
Content type: HANDSHAKE
Version: TLS1.0
Length: 218
Message type: ClientHello
Message Length: 214
Client Version:771
Session ID Len:32
Ciphersuite len:8
Compression Method Len:1
Extensions Len:133
Forwarded packet length = 223
Received server packet
Packet length = 1543
Processing flight 1
Record 1 (server -> client)
Content type: HANDSHAKE
Version: TLS1.2
Length: 122
Message type: ServerHello
Message Length: 118
Server Version:771
Session ID Len:32
Ciphersuite:4865
Compression Method:0
Extensions Len:46
Record 2 (server -> client)
Content type: CCS
Version: TLS1.2
Length: 1
Record 3 (server -> client)
Content type: APPLICATION DATA
Version: TLS1.2
Length: 23
Inner content type: HANDSHAKE
Message type: EncryptedExtensions
Message Length: 2
Extensions Len:0
Record 4 (server -> client)
Content type: APPLICATION DATA
Version: TLS1.2
Length: 1033
Inner content type: HANDSHAKE
Message type: Certificate
Message Length: 1012
Context:
Certificate List Len:1008
Certificate Len:1003
Extensions Len:0
Record 5 (server -> client)
Content type: APPLICATION DATA
Version: TLS1.2
Length: 281
Inner content type: HANDSHAKE
Message type: CertificateVerify
Message Length: 260
SigAlg:2052
Signature Len:256
Record 6 (server -> client)
Content type: APPLICATION DATA
Version: TLS1.2
Length: 53
Inner content type: HANDSHAKE
Message type: Finished
Message Length: 32
Forwarded packet length = 1547
depth=0 C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN =
Test Server Cert
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN =
Test Server Cert
verify error:num=21:unable to verify the first certificate
verify return:1
Received client packet
Packet length = 64
Processing flight 2
Record 1 (client -> server)
Content type: CCS
Version: TLS1.2
Length: 1
Record 2 (client -> server)
Content type: APPLICATION DATA
Version: TLS1.2
Length: 53
Inner content type: HANDSHAKE
Message type: Finished
Message Length: 32
Forwarded packet length = 65
CONNECTED(00000003)
---
Certificate chain
0 s:C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN =
Test Server Cert
i:C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN =
OpenSSL Test Intermediate CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIID5zCCAs+gAwIBAgIJALnu1NlVpZ6zMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV
BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT
VElORyBQVVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJt
ZWRpYXRlIENBMB4XDTExMTIwODE0MDE0OFoXDTIxMTAxNjE0MDE0OFowZDELMAkG
A1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBU
RVNUSU5HIFBVUlBPU0VTIE9OTFkxGTAXBgNVBAMMEFRlc3QgU2VydmVyIENlcnQw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDzhPOSNtyyRspmeuUpxfNJ
KCLTuf7g3uQ4zu4iHOmRO5TQci+HhVlLZrHF9XqFXcIP0y4pWDbMSGuiorUmzmfi
R7bfSdI/+qIQt8KXRH6HNG1t8ou0VSvWId5TS5Dq/er5ODUr9OaaDva7EquHIcMv
vPQGuI+OEAcnleVCy9HVEIySrO4P3CNIicnGkwwiAud05yUAq/gPXBC1hTtmlPD7
TVcGVSEiJdvzqqlgv02qedGrkki6GY4S7GjZxrrf7Foc2EP+51LJzwLQx3/JfrCU
41NEWAsu/Sl0tQabXESN+zJ1pDqoZ3uHMgpQjeGiE0olr+YcsSW/tJmiU9OiAr8R
AgMBAAGjgY8wgYwwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwLAYJYIZI
AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
BBSCvM8AABPR9zklmifnr9LvIBturDAfBgNVHSMEGDAWgBQ2w2yI55X+sL3szj49
hqshgYfa2jANBgkqhkiG9w0BAQUFAAOCAQEAqb1NV0B0/pbpK9Z4/bNjzPQLTRLK
WnSNm/Jh5v0GEUOE/Beg7GNjNrmeNmqxAlpqWz9qoeoFZax+QBpIZYjROU3TS3fp
yLsrnlr0CDQ5R7kCCDGa8dkXxemmpZZLbUCpW2Uoy8sAA4JjN9OtsZY7dvUXFgJ7
vVNTRnI01ghknbtD+2SxSQd3CWF6QhcRMAzZJ1z1cbbwGDDzfvGFPzJ+Sq+zEPds
xoVLLSetCiBc+40ZcDS5dV98h9XD7JMTQfxzA7mNGv73JoZJA6nFgj+ADSlJsY/t
JBv+z1iQRueoh9Qeee+ZbRifPouCB8FDx+AltvHTANdAq0t/K3o+pplMVA==
-----END CERTIFICATE-----
subject=C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN =
Test Server Cert
issuer=C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN =
OpenSSL Test Intermediate CA
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 1547 bytes and written 287 bytes
Verification error: unable to verify the first certificate
---
New, TLSv1.3, Cipher is TLS13-AES-128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS13-AES-128-GCM-SHA256
Session-ID:
Session-ID-ctx:
Master-Key:
000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1515615760
Timeout : 7200 (sec)
Verify return code: 21 (unable to verify the first certificate)
Extended master secret: no
---
CONNECTION ESTABLISHED
Protocol version: TLSv1.3
Client cipher list:
TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS_EMPTY_RENEGOTIATION_INFO_SCSV
Ciphersuite: TLS13-AES-128-GCM-SHA256
Signature Algorithms:
ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512
No peer certificate
Supported Elliptic Groups: X25519:P-256:P-521:P-384
Received client packet
Packet length = 27
Processing flight 3
Record 1 (client -> server)
Content type: APPLICATION DATA
Version: TLS1.2
Length: 22
Inner content type: APPLICATION DATA
[ENCRYPTED APPLICATION DATA]
[test
]
Forwarded packet length = 28
Received server packet
Packet length = 224
Processing flight 4
Record 1 (server -> client)
Content type: APPLICATION DATA
Version: TLS1.2
Length: 219
Inner content type: HANDSHAKE
Message type: NewSessionTicket
Message Length: 198
DONE
Forwarded packet length = 225
Received client packet
Packet length = 24
Processing flight 5
Record 1 (client -> server)
Content type: APPLICATION DATA
Version: TLS1.2
Length: 19
Inner content type: ALERT
Forwarded packet length = 25
Received server packet
Packet length = 27
Processing flight 6
Record 1 (server -> client)
Content type: APPLICATION DATA
Version: TLS1.2
Length: 22
Inner content type: APPLICATION DATA
[ENCRYPTED APPLICATION DATA]
[tset
]
Forwarded packet length = 28
CONNECTION CLOSED
1 items in the session cache
0 client connects (SSL_connect())
0 client renegotiates (SSL_connect())
0 client connects that finished
1 server accepts (SSL_accept())
0 server renegotiates (SSL_accept())
1 server accepts that finished
0 session cache hits
0 session cache misses
0 session cache timeouts
0 callback cache hits
0 cache full overflows (128 allowed)
Failed 2/18 subtests
Test Summary Report
-------------------
../test/recipes/70-test_sslsigalgs.t (Wstat: 13 Tests: 16 Failed: 0)
Non-zero wait status: 13
Parse errors: Bad plan. You planned 18 tests but ran 16.
Files=1, Tests=16, 1 wallclock secs ( 0.23 usr 0.03 sys + 0.39 cusr
0.50 csys = 1.15 CPU)
Result: FAIL
make[1]: *** [_tests] Error 1
make[1]: Leaving directory `/home/ed/OPC/openssl'
make: *** [tests] Fehler 2
count=338
More information about the openssl-project
mailing list