gnutls 2.9.10 breaks exim4 TLS (Denying unsafe (re)negotiation.)

Andreas Metzler ametzler at downhill.at.eu.org
Sat May 8 09:29:54 CEST 2010


Hello,

introduction of safe (re)negotiation in 2.9.10 has broken TLS for
exim4. The interesting bits when running in debug mode seem to be
these:

---------------------------------------------
09:01:12 31398   SMTP>> STARTTLS
09:01:12 31398 waiting for data on socket
09:01:12 31398 read response data: size=18
09:01:12 31398   SMTP<< 220 TLS go ahead
09:01:12 31398 initializing GnuTLS as a client
09:01:12 31398 read D-H parameters from file
09:01:12 31398 initialized D-H parameters
09:01:12 31398 no TLS client certificate is specified
09:01:12 31398 initialized certificate stuff
09:01:12 31398 initialized GnuTLS session
|<3>| HSK[0x8126dd0]: Keeping ciphersuite: RSA_AES_256_CBC_SHA1
|<3>| HSK[0x8126dd0]: Keeping ciphersuite: RSA_AES_128_CBC_SHA1
|<3>| HSK[0x8126dd0]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[0x8126dd0]: Keeping ciphersuite: RSA_ARCFOUR_SHA1
|<3>| HSK[0x8126dd0]: Keeping ciphersuite: RSA_ARCFOUR_MD5
|<3>| HSK[0x8126dd0]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA1
|<3>| HSK[0x8126dd0]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA1
|<3>| HSK[0x8126dd0]: Keeping ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1
|<3>| HSK[0x8126dd0]: Keeping ciphersuite: DHE_DSS_ARCFOUR_SHA1
|<3>| HSK[0x8126dd0]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA1
|<3>| HSK[0x8126dd0]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA1
|<3>| HSK[0x8126dd0]: Keeping ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1
|<2>| EXT[0x8126dd0]: Sending extension SAFE_RENEGOTIATION
|<3>| HSK[0x8126dd0]: CLIENT HELLO was sent [74 bytes]
|<6>| BUF[HSK]: Inserted 74 bytes of Data
|<4>| REC[0x8126dd0]: Sending Packet[0] Handshake(22) with length: 74
|<7>| WRITE: Will write 79 bytes to 0x6.
|<7>| WRITE: wrote 79 bytes to 0x6. Left 0 bytes. Total 79 bytes.
|<7>| 0000 - 16 03 01 00 4a 01 00 00 46 03 01 4b e5 0c 38 0e 
|<7>| 0001 - 93 39 29 cb 86 99 68 28 eb 45 82 6c 9a b4 2b c6 
|<7>| 0002 - 6d 47 c7 6f b5 a8 72 a4 16 ba 97 00 00 18 00 35 
|<7>| 0003 - 00 2f 00 0a 00 05 00 04 00 38 00 32 00 13 00 66 
|<7>| 0004 - 00 39 00 33 00 16 01 00 00 05 ff 01 00 01 00 
|<4>| REC[0x8126dd0]: Sent Packet[1] Handshake(22) with length: 79
|<7>| READ: Got 5 bytes from 0x6
|<7>| READ: read 5 bytes from 0x6
|<7>| 0000 - 16 03 01 00 4a 
|<7>| RB: Have 0 bytes into buffer. Adding 5 bytes.
|<7>| RB: Requested 5 bytes
|<4>| REC[0x8126dd0]: Expected Packet[0] Handshake(22) with length: 1
|<4>| REC[0x8126dd0]: Received Packet[0] Handshake(22) with length: 74
|<7>| READ: Got 74 bytes from 0x6
|<7>| READ: read 74 bytes from 0x6
|<7>| 0000 - 02 00 00 46 03 01 4b e5 0c 3a dd 97 c9 48 e3 12 
|<7>| 0001 - 7f 61 d9 12 53 17 cd 69 94 24 26 34 ce 68 46 ad 
|<7>| 0002 - 0a c8 8b b9 2d a0 20 d6 25 41 21 ae 93 61 3f 1d 
|<7>| 0003 - e1 22 7c 86 f0 08 74 55 af ff 2c 60 bc ae 41 b4 
|<7>| 0004 - b7 3f 32 76 a9 03 12 00 35 00 
|<7>| RB: Have 5 bytes into buffer. Adding 74 bytes.
|<7>| RB: Requested 79 bytes
|<4>| REC[0x8126dd0]: Decrypted Packet[0] Handshake(22) with length: 74
|<6>| BUF[HSK]: Inserted 74 bytes of Data(22)
|<6>| BUF[REC][HD]: Read 1 bytes of Data(22)
|<6>| BUF[REC][HD]: Read 3 bytes of Data(22)
|<3>| HSK[0x8126dd0]: SERVER HELLO was received [74 bytes]
|<6>| BUF[REC][HD]: Read 70 bytes of Data(22)
|<6>| BUF[HSK]: Inserted 4 bytes of Data
|<6>| BUF[HSK]: Inserted 70 bytes of Data
|<3>| HSK[0x8126dd0]: Server's version: 3.1
|<3>| HSK[0x8126dd0]: SessionID length: 32
|<3>| HSK[0x8126dd0]: SessionID: d6254121ae93613f1de1227c86f0087455afff2c60bcae41b4b73f3276a90312
|<3>| HSK[0x8126dd0]: Selected cipher suite: RSA_AES_256_CBC_SHA1
|<2>| ASSERT: gnutls_extensions.c:140
|<2>| ASSERT: gnutls_handshake.c:2404
|<3>| Denying unsafe (re)negotiation.
|<2>| ASSERT: gnutls_handshake.c:2776
|<6>| BUF[HSK]: Cleared Data from buffer
09:01:12 31398 LOG: MAIN
09:01:12 31398   TLS error on connection to merkel.debian.org [192.25.206.16] (gnutls_handshake): Safe renegotiation failed.
---------------------------------------------

2.9.9 succeeds (log attached). Counterpart (merkel.debian.org) is
running gnutls 2.4.x.

I have not managed to reproduce the error with gnutls-cli. When
looking at exim's tls code
http://git.exim.org/exim.git/blob_plain/HEAD:/exim-src/src/tls-gnu.c
one big difference to gnutls-cli is that exim only uses the specific
gnutls_*_set_priority() functions while gnutls-cli *always* invokes
gnutls_priority_set_direct() in the first place. Perhaps an
unintended dependency on gnutls_priority_*() was introduced?

This is http://bugs.debian.org/579831 FWIW.

cu andreas

-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
-------------- next part --------------
09:08:33 31518   SMTP>> STARTTLS
09:08:33 31518 waiting for data on socket
09:08:33 31518 read response data: size=18
09:08:33 31518   SMTP<< 220 TLS go ahead
09:08:33 31518 initializing GnuTLS as a client
09:08:33 31518 read D-H parameters from file
09:08:33 31518 initialized D-H parameters
09:08:33 31518 no TLS client certificate is specified
09:08:33 31518 initialized certificate stuff
09:08:33 31518 initialized GnuTLS session
|<3>| HSK[0x8126bf0]: Keeping ciphersuite: RSA_AES_256_CBC_SHA1
|<3>| HSK[0x8126bf0]: Keeping ciphersuite: RSA_AES_128_CBC_SHA1
|<3>| HSK[0x8126bf0]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[0x8126bf0]: Keeping ciphersuite: RSA_ARCFOUR_SHA1
|<3>| HSK[0x8126bf0]: Keeping ciphersuite: RSA_ARCFOUR_MD5
|<3>| HSK[0x8126bf0]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA1
|<3>| HSK[0x8126bf0]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA1
|<3>| HSK[0x8126bf0]: Keeping ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1
|<3>| HSK[0x8126bf0]: Keeping ciphersuite: DHE_DSS_ARCFOUR_SHA1
|<3>| HSK[0x8126bf0]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA1
|<3>| HSK[0x8126bf0]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA1
|<3>| HSK[0x8126bf0]: Keeping ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[0x8126bf0]: CLIENT HELLO was send [67 bytes]
|<6>| BUF[HSK]: Inserted 67 bytes of Data
|<4>| REC[0x8126bf0]: Sending Packet[0] Handshake(22) with length: 67
|<7>| WRITE: Will write 72 bytes to 0x6.
|<7>| WRITE: wrote 72 bytes to 0x6. Left 0 bytes. Total 72 bytes.
|<7>| 0000 - 16 03 01 00 43 01 00 00 3f 03 01 4b e5 0d f1 d7 
|<7>| 0001 - ad 63 90 9c 0c ab b1 2c 8f 21 5d fa 57 a0 8c 91 
|<7>| 0002 - 21 05 dc ec 87 d9 a4 d8 29 81 8e 00 00 18 00 35 
|<7>| 0003 - 00 2f 00 0a 00 05 00 04 00 38 00 32 00 13 00 66 
|<7>| 0004 - 00 39 00 33 00 16 01 00 
|<4>| REC[0x8126bf0]: Sent Packet[1] Handshake(22) with length: 72
|<7>| READ: Got 5 bytes from 0x6
|<7>| READ: read 5 bytes from 0x6
|<7>| 0000 - 16 03 01 00 4a 
|<7>| RB: Have 0 bytes into buffer. Adding 5 bytes.
|<7>| RB: Requested 5 bytes
|<4>| REC[0x8126bf0]: Expected Packet[0] Handshake(22) with length: 1
|<4>| REC[0x8126bf0]: Received Packet[0] Handshake(22) with length: 74
|<7>| READ: Got 74 bytes from 0x6
|<7>| READ: read 74 bytes from 0x6
|<7>| 0000 - 02 00 00 46 03 01 4b e5 0d f3 8d 5c 68 19 db b4 
|<7>| 0001 - 3e 94 78 f8 77 3d b8 fd fd aa ea c5 e1 c2 c2 12 
|<7>| 0002 - 9e ff c7 3a 4a f5 20 2d ab d0 6a ee 83 3b 45 02 
|<7>| 0003 - 94 e8 aa 38 e5 e4 09 b1 28 23 f8 46 02 49 7a 81 
|<7>| 0004 - e8 ca 19 6c ca ba 16 00 35 00 
|<7>| RB: Have 5 bytes into buffer. Adding 74 bytes.
|<7>| RB: Requested 79 bytes
|<4>| REC[0x8126bf0]: Decrypted Packet[0] Handshake(22) with length: 74
|<6>| BUF[HSK]: Inserted 74 bytes of Data(22)
|<6>| BUF[REC][HD]: Read 1 bytes of Data(22)
|<6>| BUF[REC][HD]: Read 3 bytes of Data(22)
|<3>| HSK[0x8126bf0]: SERVER HELLO was received [74 bytes]
|<6>| BUF[REC][HD]: Read 70 bytes of Data(22)
|<6>| BUF[HSK]: Inserted 4 bytes of Data
|<6>| BUF[HSK]: Inserted 70 bytes of Data
|<3>| HSK[0x8126bf0]: Server's version: 3.1
|<3>| HSK[0x8126bf0]: SessionID length: 32
|<3>| HSK[0x8126bf0]: SessionID: 2dabd06aee833b450294e8aa38e5e409b12823f84602497a81e8ca196ccaba16
|<3>| HSK[0x8126bf0]: Selected cipher suite: RSA_AES_256_CBC_SHA1
|<2>| ASSERT: gnutls_extensions.c:137
|<7>| READ: Got 5 bytes from 0x6
|<7>| READ: read 5 bytes from 0x6
|<7>| 0000 - 16 03 01 05 42 
|<7>| RB: Have 0 bytes into buffer. Adding 5 bytes.
|<7>| RB: Requested 5 bytes
|<4>| REC[0x8126bf0]: Expected Packet[1] Handshake(22) with length: 1
|<4>| REC[0x8126bf0]: Received Packet[1] Handshake(22) with length: 1346
|<7>| READ: Got 1346 bytes from 0x6
|<7>| READ: read 1346 bytes from 0x6
|<7>| 0000 - 0b 00 05 3e 00 05 3b 00 05 38 30 82 05 34 30 82 
|<7>| 0001 - 04 1c a0 03 02 01 02 02 02 00 9b 30 0d 06 09 2a 
|<7>| 0002 - 86 48 86 f7 0d 01 01 05 05 00 30 81 a6 31 0b 30 
|<7>| 0003 - 09 06 03 55 04 06 13 02 4e 41 31 0b 30 09 06 03 
|<7>| 0004 - 55 04 08 13 02 4e 41 31 15 30 13 06 03 55 04 07 
|<7>| 0005 - 13 0c 41 6e 6b 68 20 4d 6f 72 70 6f 72 6b 31 14 
|<7>| 0006 - 30 12 06 03 55 04 0a 13 0b 44 65 62 69 61 6e 20 
|<7>| 0007 - 53 4d 54 50 31 17 30 15 06 03 55 04 0b 13 0e 44 
|<7>| 0008 - 65 62 69 61 6e 20 53 4d 54 50 20 43 41 31 17 30 
|<7>| 0009 - 15 06 03 55 04 03 13 0e 44 65 62 69 61 6e 20 53 
|<7>| 000a - 4d 54 50 20 43 41 31 2b 30 29 06 09 2a 86 48 86 
|<7>| 000b - f7 0d 01 09 01 16 1c 68 6f 73 74 6d 61 73 74 65 
|<7>| 000c - 72 40 70 75 70 70 65 74 2e 64 65 62 69 61 6e 2e 
|<7>| 000d - 6f 72 67 30 1e 17 0d 31 30 30 33 30 36 30 30 30 
|<7>| 000e - 30 30 37 5a 17 0d 31 31 30 33 30 36 30 30 30 30 
|<7>| 000f - 30 37 5a 30 81 a9 31 0b 30 09 06 03 55 04 06 13 
|<7>| 0010 - 02 4e 41 31 0b 30 09 06 03 55 04 08 13 02 4e 41 
|<7>| 0011 - 31 15 30 13 06 03 55 04 07 13 0c 41 6e 6b 68 20 
|<7>| 0012 - 4d 6f 72 70 6f 72 6b 31 14 30 12 06 03 55 04 0a 
|<7>| 0013 - 13 0b 44 65 62 69 61 6e 20 53 4d 54 50 31 17 30 
|<7>| 0014 - 15 06 03 55 04 0b 13 0e 44 65 62 69 61 6e 20 53 
|<7>| 0015 - 4d 54 50 20 43 41 31 1a 30 18 06 03 55 04 03 13 
|<7>| 0016 - 11 6d 65 72 6b 65 6c 2e 64 65 62 69 61 6e 2e 6f 
|<7>| 0017 - 72 67 31 2b 30 29 06 09 2a 86 48 86 f7 0d 01 09 
|<7>| 0018 - 01 16 1c 68 6f 73 74 6d 61 73 74 65 72 40 6d 65 
|<7>| 0019 - 72 6b 65 6c 2e 64 65 62 69 61 6e 2e 6f 72 67 30 
|<7>| 001a - 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 
|<7>| 001b - 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 
|<7>| 001c - c5 2f 32 1b 0a 72 72 48 4d ea bb 4e 3b 86 db 90 
|<7>| 001d - 96 9b 1e d6 c0 fd cd 65 63 84 2b 93 0b 09 73 ec 
|<7>| 001e - 37 89 fb 1f 5b 1a 1c 33 d7 f3 5a 98 fd b2 77 6b 
|<7>| 001f - fb ad 2d ee c5 b6 f5 5d f8 b4 6e 78 bd 12 93 c1 
|<7>| 0020 - ff af 06 55 52 1f fc 5b ee 9f d7 37 4e 02 58 7d 
|<7>| 0021 - 77 9a 02 7b 5b 3b 40 fa f1 20 68 e8 29 d3 91 e8 
|<7>| 0022 - e9 64 d5 55 23 89 83 a5 4e a9 d4 23 5b 7e 7b b1 
|<7>| 0023 - 44 0e 3d 7f ab f4 3f e3 13 58 8d cc df d8 5b c6 
|<7>| 0024 - 51 8f 7d a9 1a 1a 44 67 52 2f 82 42 90 d7 8b 81 
|<7>| 0025 - bc 06 97 0f 67 28 b5 cc 16 55 d9 21 c3 d6 51 02 
|<7>| 0026 - 9d 54 d6 c0 6a e3 47 f9 07 49 e6 0a 91 e1 5c b2 
|<7>| 0027 - 21 ab 59 b0 11 9d 4e a6 a5 47 c2 00 d7 e7 df e2 
|<7>| 0028 - 1a 0d 95 8a 6f f3 47 dc 56 54 44 1a f4 7f 35 08 
|<7>| 0029 - cc 95 99 32 7c 2a b0 b9 bf 3c ba b2 04 95 39 4d 
|<7>| 002a - 24 8c 22 db 2e 81 fa 6f d9 af 42 21 a2 ed dd e2 
|<7>| 002b - 86 68 0e a3 0b a1 db 01 93 25 b2 13 c6 38 33 e3 
|<7>| 002c - 02 03 01 00 01 a3 82 01 65 30 82 01 61 30 09 06 
|<7>| 002d - 03 55 1d 13 04 02 30 00 30 11 06 09 60 86 48 01 
|<7>| 002e - 86 f8 42 01 01 04 04 03 02 06 40 30 22 06 09 60 
|<7>| 002f - 86 48 01 86 f8 42 01 0d 04 15 16 13 44 65 62 69 
|<7>| 0030 - 61 6e 20 53 4d 54 50 20 43 41 20 63 65 72 74 30 
|<7>| 0031 - 1d 06 03 55 1d 0e 04 16 04 14 40 c6 80 45 60 5f 
|<7>| 0032 - 90 8a 8c 08 c8 b2 ff b8 51 5b a8 c3 c7 ec 30 81 
|<7>| 0033 - db 06 03 55 1d 23 04 81 d3 30 81 d0 80 14 5f 6a 
|<7>| 0034 - 6c 52 01 d1 e6 9b 45 78 e9 b5 79 41 1b b7 80 ca 
|<7>| 0035 - d8 c6 a1 81 ac a4 81 a9 30 81 a6 31 0b 30 09 06 
|<7>| 0036 - 03 55 04 06 13 02 4e 41 31 0b 30 09 06 03 55 04 
|<7>| 0037 - 08 13 02 4e 41 31 15 30 13 06 03 55 04 07 13 0c 
|<7>| 0038 - 41 6e 6b 68 20 4d 6f 72 70 6f 72 6b 31 14 30 12 
|<7>| 0039 - 06 03 55 04 0a 13 0b 44 65 62 69 61 6e 20 53 4d 
|<7>| 003a - 54 50 31 17 30 15 06 03 55 04 0b 13 0e 44 65 62 
|<7>| 003b - 69 61 6e 20 53 4d 54 50 20 43 41 31 17 30 15 06 
|<7>| 003c - 03 55 04 03 13 0e 44 65 62 69 61 6e 20 53 4d 54 
|<7>| 003d - 50 20 43 41 31 2b 30 29 06 09 2a 86 48 86 f7 0d 
|<7>| 003e - 01 09 01 16 1c 68 6f 73 74 6d 61 73 74 65 72 40 
|<7>| 003f - 70 75 70 70 65 74 2e 64 65 62 69 61 6e 2e 6f 72 
|<7>| 0040 - 67 82 09 00 f6 08 13 4a 49 f7 da d3 30 13 06 03 
|<7>| 0041 - 55 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 
|<7>| 0042 - 01 30 0b 06 03 55 1d 0f 04 04 03 02 05 a0 30 0d 
|<7>| 0043 - 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 82 01 
|<7>| 0044 - 01 00 83 96 70 97 ea 14 cc ee d0 f4 d5 62 19 b0 
|<7>| 0045 - dd 90 bf 5c 7d f8 34 a7 67 44 65 5f 77 be 24 e5 
|<7>| 0046 - b2 23 2b 58 18 b1 4e e7 1f 37 3d 37 f0 32 7c f0 
|<7>| 0047 - 04 77 ec 9b ec f0 b0 3e 4d d8 05 ae 3c 5d 54 14 
|<7>| 0048 - 33 ea f1 99 8b e8 20 c1 28 ca d5 45 e7 ca d7 96 
|<7>| 0049 - 7f 8e e5 65 8e ae 69 14 bf e8 e3 3c 3f 1c 43 ef 
|<7>| 004a - 5e 14 82 4e c4 db f2 c8 3e f5 f1 e2 b1 f0 16 f5 
|<7>| 004b - d5 be 94 cd f4 c6 24 88 0b fe 30 22 7b 96 0a ff 
|<7>| 004c - a3 cc fc a4 41 e8 9a 86 7a c4 d2 9a 9c 13 54 38 
|<7>| 004d - b3 cc 8d 61 6b 8b 8c 1d 96 6b eb 70 9c bc e7 9e 
|<7>| 004e - ef 9d 96 81 71 04 20 1c 7a e8 e6 20 f5 b4 5f b9 
|<7>| 004f - 06 35 fb 01 90 cd cd 5c 30 73 b1 4b db 1d f5 ff 
|<7>| 0050 - b9 1f 95 f8 87 3b a2 09 38 7b 7f b5 6f e7 c1 5f 
|<7>| 0051 - 1b 92 ae 17 6d f6 39 7a 3e ed cb a9 05 a6 d3 3b 
|<7>| 0052 - 1d c8 31 de 0e 62 fa 6e 5f 56 a8 23 b6 e3 f7 8c 
|<7>| 0053 - 1f 6c 58 24 76 0f 67 18 b4 3a 08 81 b1 5b af 1c 
|<7>| 0054 - e8 4d 
|<7>| RB: Have 5 bytes into buffer. Adding 1346 bytes.
|<7>| RB: Requested 1351 bytes
|<4>| REC[0x8126bf0]: Decrypted Packet[1] Handshake(22) with length: 1346
|<6>| BUF[HSK]: Inserted 1346 bytes of Data(22)
|<6>| BUF[REC][HD]: Read 1 bytes of Data(22)
|<6>| BUF[REC][HD]: Read 3 bytes of Data(22)
|<3>| HSK[0x8126bf0]: CERTIFICATE was received [1346 bytes]
|<6>| BUF[REC][HD]: Read 1342 bytes of Data(22)
|<6>| BUF[HSK]: Peeked 141 bytes of Data
|<6>| BUF[HSK]: Emptied buffer
|<6>| BUF[HSK]: Inserted 4 bytes of Data
|<6>| BUF[HSK]: Inserted 1342 bytes of Data
|<7>| READ: Got 5 bytes from 0x6
|<7>| READ: read 5 bytes from 0x6
|<7>| 0000 - 16 03 01 00 b4 
|<7>| RB: Have 0 bytes into buffer. Adding 5 bytes.
|<7>| RB: Requested 5 bytes
|<4>| REC[0x8126bf0]: Expected Packet[2] Handshake(22) with length: 1
|<4>| REC[0x8126bf0]: Received Packet[2] Handshake(22) with length: 180
|<7>| READ: Got 180 bytes from 0x6
|<7>| READ: read 180 bytes from 0x6
|<7>| 0000 - 0d 00 00 b0 02 01 02 00 ab 00 a9 30 81 a6 31 0b 
|<7>| 0001 - 30 09 06 03 55 04 06 13 02 4e 41 31 0b 30 09 06 
|<7>| 0002 - 03 55 04 08 13 02 4e 41 31 15 30 13 06 03 55 04 
|<7>| 0003 - 07 13 0c 41 6e 6b 68 20 4d 6f 72 70 6f 72 6b 31 
|<7>| 0004 - 14 30 12 06 03 55 04 0a 13 0b 44 65 62 69 61 6e 
|<7>| 0005 - 20 53 4d 54 50 31 17 30 15 06 03 55 04 0b 13 0e 
|<7>| 0006 - 44 65 62 69 61 6e 20 53 4d 54 50 20 43 41 31 17 
|<7>| 0007 - 30 15 06 03 55 04 03 13 0e 44 65 62 69 61 6e 20 
|<7>| 0008 - 53 4d 54 50 20 43 41 31 2b 30 29 06 09 2a 86 48 
|<7>| 0009 - 86 f7 0d 01 09 01 16 1c 68 6f 73 74 6d 61 73 74 
|<7>| 000a - 65 72 40 70 75 70 70 65 74 2e 64 65 62 69 61 6e 
|<7>| 000b - 2e 6f 72 67 
|<7>| RB: Have 5 bytes into buffer. Adding 180 bytes.
|<7>| RB: Requested 185 bytes
|<4>| REC[0x8126bf0]: Decrypted Packet[2] Handshake(22) with length: 180
|<6>| BUF[HSK]: Inserted 180 bytes of Data(22)
|<6>| BUF[REC][HD]: Read 1 bytes of Data(22)
|<6>| BUF[REC][HD]: Read 3 bytes of Data(22)
|<3>| HSK[0x8126bf0]: CERTIFICATE REQUEST was received [180 bytes]
|<6>| BUF[REC][HD]: Read 176 bytes of Data(22)
|<6>| BUF[HSK]: Peeked 1346 bytes of Data
|<6>| BUF[HSK]: Emptied buffer
|<6>| BUF[HSK]: Inserted 4 bytes of Data
|<6>| BUF[HSK]: Inserted 176 bytes of Data
|<2>| ASSERT: auth_cert.c:232
|<7>| READ: Got 5 bytes from 0x6
|<7>| READ: read 5 bytes from 0x6
|<7>| 0000 - 16 03 01 00 04 
|<7>| RB: Have 0 bytes into buffer. Adding 5 bytes.
|<7>| RB: Requested 5 bytes
|<4>| REC[0x8126bf0]: Expected Packet[3] Handshake(22) with length: 1
|<4>| REC[0x8126bf0]: Received Packet[3] Handshake(22) with length: 4
|<7>| READ: Got 4 bytes from 0x6
|<7>| READ: read 4 bytes from 0x6
|<7>| 0000 - 0e 00 00 00 
|<7>| RB: Have 5 bytes into buffer. Adding 4 bytes.
|<7>| RB: Requested 9 bytes
|<4>| REC[0x8126bf0]: Decrypted Packet[3] Handshake(22) with length: 4
|<6>| BUF[HSK]: Inserted 4 bytes of Data(22)
|<6>| BUF[REC][HD]: Read 1 bytes of Data(22)
|<6>| BUF[REC][HD]: Read 3 bytes of Data(22)
|<3>| HSK[0x8126bf0]: SERVER HELLO DONE was received [4 bytes]
|<6>| BUF[HSK]: Peeked 180 bytes of Data
|<6>| BUF[HSK]: Emptied buffer
|<6>| BUF[HSK]: Inserted 4 bytes of Data
|<3>| HSK[0x8126bf0]: CERTIFICATE was send [7 bytes]
|<6>| BUF[HSK]: Peeked 4 bytes of Data
|<6>| BUF[HSK]: Emptied buffer
|<4>| REC[0x8126bf0]: Sending Packet[1] Handshake(22) with length: 7
|<7>| WRITE: Will write 12 bytes to 0x6.
|<7>| WRITE: wrote 12 bytes to 0x6. Left 0 bytes. Total 12 bytes.
|<7>| 0000 - 16 03 01 00 07 0b 00 00 03 00 00 00 
|<4>| REC[0x8126bf0]: Sent Packet[2] Handshake(22) with length: 12
|<3>| HSK[0x8126bf0]: CLIENT KEY EXCHANGE was send [262 bytes]
|<6>| BUF[HSK]: Peeked 0 bytes of Data
|<6>| BUF[HSK]: Emptied buffer
|<4>| REC[0x8126bf0]: Sending Packet[2] Handshake(22) with length: 262
|<7>| WRITE: Will write 267 bytes to 0x6.
|<7>| WRITE: wrote 267 bytes to 0x6. Left 0 bytes. Total 267 bytes.
|<7>| 0000 - 16 03 01 01 06 10 00 01 02 01 00 20 03 a2 63 72 
|<7>| 0001 - a0 23 d3 70 03 fa ae b0 e5 f7 0c ae 35 7c 8c 1d 
|<7>| 0002 - cc cf cb 97 aa 9d 23 ea de 8c 45 68 6e bf 2e 06 
|<7>| 0003 - b2 63 14 dc b4 70 3a f8 22 3d 96 e1 d4 40 78 fc 
|<7>| 0004 - d3 12 dc a7 20 0c 24 1a a5 8d bd 6a d4 fd 37 53 
|<7>| 0005 - 2c 7e bb 4d 65 10 a6 67 a8 5c 76 fd 08 10 b4 2d 
|<7>| 0006 - 2c 22 0d b4 57 0a e4 31 05 df 9e 82 2d 3d cf a3 
|<7>| 0007 - 22 fe bc b2 6b 14 f5 4a ef 65 72 ce ec f2 c3 60 
|<7>| 0008 - d6 b4 77 ad 21 37 b6 2f da 89 44 0d e1 1e ce 2c 
|<7>| 0009 - 1a f0 8a 34 de 35 5f e1 96 0b f9 60 a2 40 f6 01 
|<7>| 000a - ed d8 f0 6e ff 5d b9 ba b8 d1 d0 1b dc 8f 25 c3 
|<7>| 000b - 3b d3 80 c4 70 1d 71 27 cd 5f d9 24 a8 d3 ff dd 
|<7>| 000c - 00 10 40 58 4a b0 6b 5a ad 67 3e 79 f9 fd 10 2e 
|<7>| 000d - f2 ee 2c 6e 51 c5 d9 6e e6 59 a4 ba f9 94 49 bc 
|<7>| 000e - 32 50 dd 1e db 09 e7 03 12 6e b8 0b cc 4f 76 c4 
|<7>| 000f - ad e4 7c 42 fb 62 5d 9a c6 68 da e5 20 7b 86 f9 
|<7>| 0010 - f8 f9 92 a2 d4 fe 7b fa f5 12 c4 
|<4>| REC[0x8126bf0]: Sent Packet[3] Handshake(22) with length: 267
|<3>| REC[0x8126bf0]: Sent ChangeCipherSpec
|<4>| REC[0x8126bf0]: Sending Packet[3] Change Cipher Spec(20) with length: 1
|<7>| WRITE: Will write 6 bytes to 0x6.
|<7>| WRITE: wrote 6 bytes to 0x6. Left 0 bytes. Total 6 bytes.
|<7>| 0000 - 14 03 01 00 01 01 
|<4>| REC[0x8126bf0]: Sent Packet[4] Change Cipher Spec(20) with length: 6
|<9>| INT: PREMASTER SECRET[48]: 03013bd89f4534935ecb4441d96cc3aa2e22fc117b8ab415733c31f64ca07e0e4b38014c0d0b6482f1e614d410717ca9
|<9>| INT: CLIENT RANDOM[32]: 4be50df1d7ad63909c0cabb12c8f215dfa57a08c912105dcec87d9a4d829818e
|<9>| INT: SERVER RANDOM[32]: 4be50df38d5c6819dbb43e9478f8773db8fdfdaaeac5e1c2c2129effc73a4af5
|<9>| INT: MASTER SECRET: 5701d21d61c6f52a84ed2c137a777e480074e19903e39a439ff2549c84c8037fe202acb594d344c22cfaee84657d048b
|<9>| INT: KEY BLOCK[136]: c5e1f2a91ce2c6a95b680d18dc17ed5e25167de982d8737499fd8f29b2063d8e
|<9>| INT: CLIENT WRITE KEY [32]: ab0eabf72abc9db75ce75e86822c682cf9b3795348fa3b46a13388b7bfd913ba
|<9>| INT: SERVER WRITE KEY [32]: c9c2edf890527d0ec6cb4e5bd576618770f0dbf9d333c58cbd101bc2d42ab15c
|<3>| HSK[0x8126bf0]: Cipher Suite: RSA_AES_256_CBC_SHA1
|<3>| HSK[0x8126bf0]: Initializing internal [write] cipher sessions
|<6>| BUF[HSK]: Peeked 0 bytes of Data
|<6>| BUF[HSK]: Emptied buffer
|<3>| HSK[0x8126bf0]: FINISHED was send [16 bytes]
|<6>| BUF[HSK]: Peeked 0 bytes of Data
|<6>| BUF[HSK]: Emptied buffer
|<4>| REC[0x8126bf0]: Sending Packet[0] Handshake(22) with length: 16
|<7>| WRITE: Will write 53 bytes to 0x6.
|<7>| WRITE: wrote 53 bytes to 0x6. Left 0 bytes. Total 53 bytes.
|<7>| 0000 - 16 03 01 00 30 4e 0e 4f ae fc ba 8b c3 63 7e ae 
|<7>| 0001 - f7 42 67 84 a9 db 84 4a b2 87 f5 31 41 c5 d7 30 
|<7>| 0002 - a7 a7 05 91 9f c0 b9 e3 da 1e 47 51 d5 18 7c 42 
|<7>| 0003 - 7a df a8 71 7a 
|<4>| REC[0x8126bf0]: Sent Packet[1] Handshake(22) with length: 53
|<7>| READ: Got 5 bytes from 0x6
|<7>| READ: read 5 bytes from 0x6
|<7>| 0000 - 14 03 01 00 01 
|<7>| RB: Have 0 bytes into buffer. Adding 5 bytes.
|<7>| RB: Requested 5 bytes
|<4>| REC[0x8126bf0]: Expected Packet[4] Change Cipher Spec(20) with length: 1
|<4>| REC[0x8126bf0]: Received Packet[4] Change Cipher Spec(20) with length: 1
|<7>| READ: Got 1 bytes from 0x6
|<7>| READ: read 1 bytes from 0x6
|<7>| 0000 - 01 
|<7>| RB: Have 5 bytes into buffer. Adding 1 bytes.
|<7>| RB: Requested 6 bytes
|<4>| REC[0x8126bf0]: ChangeCipherSpec Packet was received
|<3>| HSK[0x8126bf0]: Cipher Suite: RSA_AES_256_CBC_SHA1
|<3>| HSK[0x8126bf0]: Initializing internal [read] cipher sessions
|<7>| READ: Got 5 bytes from 0x6
|<7>| READ: read 5 bytes from 0x6
|<7>| 0000 - 16 03 01 00 40 
|<7>| RB: Have 0 bytes into buffer. Adding 5 bytes.
|<7>| RB: Requested 5 bytes
|<4>| REC[0x8126bf0]: Expected Packet[0] Handshake(22) with length: 1
|<4>| REC[0x8126bf0]: Received Packet[0] Handshake(22) with length: 64
|<7>| READ: Got 64 bytes from 0x6
|<7>| READ: read 64 bytes from 0x6
|<7>| 0000 - c1 11 b6 69 cf 72 a6 e6 6b 4e b0 9c 52 39 91 c4 
|<7>| 0001 - b0 12 94 06 8e 94 d2 4d 5d 56 2e 30 e7 43 47 42 
|<7>| 0002 - b7 e2 73 b9 9d 95 ef d3 ac 63 19 06 4f 36 cf 70 
|<7>| 0003 - 1a b4 86 02 be d2 1b a7 40 40 f7 99 ae 5c 52 20 
|<7>| 0004 - 
|<7>| RB: Have 5 bytes into buffer. Adding 64 bytes.
|<7>| RB: Requested 69 bytes
|<4>| REC[0x8126bf0]: Decrypted Packet[0] Handshake(22) with length: 16
|<6>| BUF[HSK]: Inserted 16 bytes of Data(22)
|<6>| BUF[REC][HD]: Read 1 bytes of Data(22)
|<6>| BUF[REC][HD]: Read 3 bytes of Data(22)
|<3>| HSK[0x8126bf0]: FINISHED was received [16 bytes]
|<6>| BUF[REC][HD]: Read 12 bytes of Data(22)
|<6>| BUF[HSK]: Peeked 0 bytes of Data
|<6>| BUF[HSK]: Emptied buffer
|<6>| BUF[HSK]: Inserted 4 bytes of Data
|<6>| BUF[HSK]: Inserted 12 bytes of Data
|<6>| BUF[HSK]: Cleared Data from buffer
|<6>| BUF[HSK]: Cleared Data from buffer
09:08:33 31518 cipher: TLS1.0:RSA_AES_256_CBC_SHA1:32
09:08:33 31518   SMTP>> EHLO argenau


More information about the Gnutls-devel mailing list