[openssl-users] What does this error mean? sslv3 alert certificate unknown:state 23

Viktor Dukhovni openssl-users at dukhovni.org
Mon Apr 24 23:26:46 UTC 2017

> On Apr 24, 2017, at 7:11 PM, Blumenthal, Uri - 0553 - MITLL <uri at ll.mit.edu> wrote:
>    Please report tshark output, not an approximate rendition.  In what direction
>    is the alert sent?
> I’m using WireShark. The IP addresses on the Alert packet show local host as the source, and the proxy as the destination. Is there another way to tell the direction? Or how to present it in a way that I can sanitize the output and post here?

I get slightly annoyed when I take the time to help, but my response is
skimmed over and not read carefully.  Upthread I said:

See my recent post: https://www.spinics.net/lists/openssl-users/msg05623.html
for instructions on how to extract SSL info from PCAP files in a way that
mostly trims away endpoint details... (of course SNI names and cert names
would still be there, so you'd need to trim those if you want to anonymize
the guilty parties).

Install tshark somewhere, and use it to decode the PCAP file.  Then post
the results.

If the alert is from the application to the proxy, then most likely the
application does not trust the proxy MiTM root CA.


More information about the openssl-users mailing list