[openssl-users] Browsers SSL handshake issues with https://wiki.openssl.org

Bubnov Dmitriy buba at luna-78.com
Fri Sep 25 19:37:26 UTC 2015


Hello, All.

I have met an issue with different browsers behavior when opening a link https://wiki.openssl.org/. Investigations shows that it is SSL handshake issues.

Is it possible to correct situation for Safari browser?

Below is 'ssldump's and 'openssl version -a' logs.

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

>>> osx10.6.8 + chrome 45.0.2454.101; SSL session is OK
>>>
New TCP connection #1: 192.168.0.1(59718) <-> 194.97.150.234(443)
1 1  0.0506 (0.0506)  C>S V3.1(512)  Handshake
      ClientHello
        Version 3.3 
        random[32]=
          d2 e1 13 ee 12 ed 4a cd 48 ab 9a 84 89 5e 68 65 
          6c 74 d1 47 16 b6 a8 59 20 78 1e 73 1c 29 08 40 
        resume [32]=
          96 63 75 db a1 7d 41 71 5c 80 22 ae b0 2f 5d 8e 
          3c fc e8 0a d3 1d 0e 16 ea 17 17 de 30 29 f1 6d 
        cipher suites
        Unknown value 0xcc14
        Unknown value 0xcc13
        Unknown value 0xcc15
        TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
        TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
        TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
        TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
        TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
        TLS_DHE_RSA_WITH_AES_256_CBC_SHA
        TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
        TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
        TLS_DHE_RSA_WITH_AES_128_CBC_SHA
        TLS_RSA_WITH_AES_128_GCM_SHA256
        TLS_RSA_WITH_AES_256_CBC_SHA
        TLS_RSA_WITH_AES_128_CBC_SHA
        TLS_RSA_WITH_3DES_EDE_CBC_SHA
        TLS_EMPTY_RENEGOTIATION_INFO_SCSV
        compression methods
                  NULL
1 2  0.1002 (0.0496)  S>C V3.3(81)  Handshake
      ServerHello
        Version 3.3 
        random[32]=
          25 b5 71 fa 69 9c 64 26 91 48 e5 c1 6f 07 6c 4b 
          12 b7 22 a6 20 e6 fb 6d 80 00 dd a1 99 43 70 dc 
        session_id[32]=
          96 63 75 db a1 7d 41 71 5c 80 22 ae b0 2f 5d 8e 
          3c fc e8 0a d3 1d 0e 16 ea 17 17 de 30 29 f1 6d 
        cipherSuite         TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
        compressionMethod                   NULL
1 3  0.1002 (0.0000)  S>C V3.3(1)  ChangeCipherSpec
1 4  0.1002 (0.0000)  S>C V3.3(40)  Handshake
1 5  0.1017 (0.0014)  C>S V3.3(1)  ChangeCipherSpec
1 6  0.1017 (0.0000)  C>S V3.3(40)  Handshake
1 7  0.1024 (0.0006)  C>S V3.3(521)  application_data
1 8  0.2268 (0.1244)  S>C V3.3(299)  application_data
1 9  4.0905 (3.8636)  C>S V3.3(426)  application_data
1 10 4.1691 (0.0786)  S>C V3.3(598)  application_data
1 11 4.1737 (0.0046)  C>S V3.3(495)  application_data
1 12 4.2673 (0.0935)  S>C V3.3(298)  application_data
1    9.2750 (5.0077)  S>C  TCP FIN
1   14.2687 (4.9936)  C>S  TCP FIN


>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>


>>> osx10.6.8 safari5.1.10(6534.59.10); SSL session is BROKEN
>>>
New TCP connection #1: 192.168.0.1(59771) <-> 194.97.150.234(443)
1 1  0.0598 (0.0598)  C>S V3.1(158)  Handshake
      ClientHello
        Version 3.1 
        random[32]=
          56 05 6d 21 f6 ef c5 31 be 10 7d ef e8 b4 78 cf 
          a5 47 61 7a 23 42 29 30 a2 6e c3 dc e3 0f 67 4b 
        cipher suites
        TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
        TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
        TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
        TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
        TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
        TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
        TLS_ECDHE_RSA_WITH_RC4_128_SHA
        TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
        TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
        TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
        TLS_ECDH_ECDSA_WITH_RC4_128_SHA
        TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
        TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
        TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
        TLS_ECDH_RSA_WITH_RC4_128_SHA
        TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
        TLS_RSA_WITH_AES_128_CBC_SHA
        TLS_RSA_WITH_RC4_128_SHA
        TLS_RSA_WITH_RC4_128_MD5
        TLS_RSA_WITH_AES_256_CBC_SHA
        TLS_RSA_WITH_3DES_EDE_CBC_SHA
        TLS_RSA_WITH_DES_CBC_SHA
        TLS_RSA_EXPORT_WITH_RC4_40_MD5
        TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
        TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
        TLS_DHE_DSS_WITH_AES_128_CBC_SHA
        TLS_DHE_RSA_WITH_AES_128_CBC_SHA
        TLS_DHE_DSS_WITH_AES_256_CBC_SHA
        TLS_DHE_RSA_WITH_AES_256_CBC_SHA
        TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
        TLS_DHE_RSA_WITH_DES_CBC_SHA
        TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
        TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
        TLS_DHE_DSS_WITH_DES_CBC_SHA
        TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
        compression methods
                  NULL
1    0.1143 (0.0545)  S>C  TCP FIN
1    0.1158 (0.0014)  C>S  TCP FIN
New TCP connection #2: 192.168.0.1(59773) <-> 194.97.150.234(443)
2 1  0.0569 (0.0569)  C>S V3.0(81)  Handshake
      ClientHello
        Version 3.0 
        random[32]=
          56 05 6d 21 d2 ca b5 6f 97 90 79 52 f9 c6 af 40 
          20 77 73 28 de 7d 60 48 c0 58 fc d8 a8 df 9d d0 
        cipher suites
        SSL_RSA_WITH_AES_128_CBC_SHA
        SSL_RSA_WITH_RC4_128_SHA
        SSL_RSA_WITH_RC4_128_MD5
        SSL_RSA_WITH_AES_256_CBC_SHA
        SSL_RSA_WITH_3DES_EDE_CBC_SHA
        SSL_RSA_WITH_DES_CBC_SHA
        SSL_RSA_EXPORT_WITH_RC4_40_MD5
        SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
        SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5
        SSL_DHE_DSS_WITH_AES_128_CBC_SHA
        SSL_DHE_RSA_WITH_AES_128_CBC_SHA
        SSL_DHE_DSS_WITH_AES_256_CBC_SHA
        SSL_DHE_RSA_WITH_AES_256_CBC_SHA
        SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
        SSL_DHE_RSA_WITH_DES_CBC_SHA
        SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
        SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
        SSL_DHE_DSS_WITH_DES_CBC_SHA
        SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
        compression methods
                  NULL
2    0.1077 (0.0507)  S>C  TCP FIN
2    0.1094 (0.0017)  C>S  TCP FIN


>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>


$ openssl version -a
OpenSSL 1.0.1 14 Mar 2012
built on: Sun Mar 25 19:01:41 MSK 2012
platform: darwin64-x86_64-cc
options:  bn(64,64) rc4(ptr,char) des(idx,cisc,16,int) idea(int) blowfish(idx) 
compiler: /usr/bin/llvm-gcc-4.2 -fPIC -fno-common -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -arch x86_64 -O3 -DL_ENDIAN -Wall
OPENSSLDIR: "/opt/local/etc/openssl"

--
С уважением ⁄ Mit freundlichen Grüßen ⁄ Best regards,
Dmitriy Bubnov




More information about the openssl-users mailing list