[Help-gnutls] Re: Client auth. fails

Simon Josefsson simon at josefsson.org
Tue Oct 7 15:04:47 CEST 2008


kristian.martens at freenet.de writes:

> All,
>
> the gnutls server implementation (I am using gnutls 2.0.1) encounters a
> problem when verifying a client certificate. I saw a strange log entry
> saying " Possible PKCS #1 format attack ". What does this mean? Could
> this be the reason for the failure?  Does anyone know the root cause? 

I think it is a false alarm.  As far as I can tell, your debug log
suggests the handshake is successful, but it fails with a MAC errors
afterwards.  Possibly you are seeing the record padding bug:

http://www.gnu.org/software/gnutls/manual/html_node/On-Record-Padding.html

If so, you'll need to use a modern version of gnutls and follow the
hints in the link.

Or do you see any client certificate related errors on the server side?

/Simon


> Thanks,
> Kris 
>
> Please find attached the handshake log:
>
> 0x574f76c (t2): IN.gnutls: READ: Got 5 bytes from 166892884
> 0x574f76c (t2): IN.gnutls: READ: read 5 bytes from 166892884
> 0x574f76c (t2): IN.gnutls: 0000 - 16 03 01 00 35
> 0x574f76c (t2): IN.gnutls: RB: Have 0 bytes into buffer. Adding 5 bytes.
> 0x574f76c (t2): IN.gnutls: RB: Requested 5 bytes
> 0x574f76c (t2): IN.gnutls: REC[a1407c0]: Expected Packet[0]
> Handshake(22) with length: 1
> 0x574f76c (t2): IN.gnutls: REC[a1407c0]: Received Packet[0]
> Handshake(22) with length: 53
> 0x574f76c (t2): IN.gnutls: READ: Got 53 bytes from 166892884
> 0x574f76c (t2): IN.gnutls: READ: read 53 bytes from 166892884
> 0x574f76c (t2): IN.gnutls: 0000 - 01 00 00 31 03 01 48 d9 49 3f f7 83 70
> f9 34 0a
> 0x574f76c (t2): IN.gnutls: 0001 - c3 3f 94 57 65 47 85 12 e3 21 7e 56 da
> 07 3c ca
> 0x574f76c (t2): IN.gnutls: 0002 - 98 92 ee 83 94 be 00 00 0a 00 04 00 05
> 00 0a 00
> 0x574f76c (t2): IN.gnutls: 0003 - 2f 00 35 01 00
> 0x574f76c (t2): IN.gnutls: RB: Have 5 bytes into buffer. Adding 53
> bytes.
> 0x574f76c (t2): IN.gnutls: RB: Requested 58 bytes
> 0x574f76c (t2): IN.gnutls: REC[a1407c0]: Decrypted Packet[0]
> Handshake(22) with length: 53
> 0x574f76c (t2): IN.gnutls: BUF[HSK]: Inserted 53 bytes of Data(22)
> 0x574f76c (t2): IN.gnutls: BUF[REC][HD]: Read 1 bytes of Data(22)
> 0x574f76c (t2): IN.gnutls: BUF[REC][HD]: Read 3 bytes of Data(22)
> 0x574f76c (t2): IN.gnutls: HSK[a1407c0]: CLIENT HELLO was received [53
> bytes]
> 0x574f76c (t2): IN.gnutls: BUF[REC][HD]: Read 49 bytes of Data(22)
> 0x574f76c (t2): IN.gnutls: BUF[HSK]: Peeked 0 bytes of Data
> 0x574f76c (t2): IN.gnutls: BUF[HSK]: Emptied buffer
> 0x574f76c (t2): IN.gnutls: BUF[HSK]: Inserted 4 bytes of Data
> 0x574f76c (t2): IN.gnutls: BUF[HSK]: Inserted 49 bytes of Data
> 0x574f76c (t2): IN.gnutls: HSK[a1407c0]: Client's version: 3.1
> 0x574f76c (t2): IN.gnutls: ASSERT: gnutls_db.c:239
> 0x574f76c (t2): IN.gnutls: ASSERT: gnutls_algorithms.c:1627
> 0x574f76c (t2): IN.gnutls: HSK[a1407c0]: Selected Compression Method:
> NULL
> 0x574f76c (t2): IN.gnutls: ASSERT: gnutls_extensions.c:162
> 0x574f76c (t2): IN.gnutls: HSK[a1407c0]: Keeping ciphersuite:
> PSK_SHA_ARCFOUR_SHA1
> 0x574f76c (t2): IN.gnutls: HSK[a1407c0]: Keeping ciphersuite:
> PSK_SHA_3DES_EDE_CBC_SHA1
> 0x574f76c (t2): IN.gnutls: HSK[a1407c0]: Keeping ciphersuite:
> PSK_SHA_AES_128_CBC_SHA1
> 0x574f76c (t2): IN.gnutls: HSK[a1407c0]: Keeping ciphersuite:
> PSK_SHA_AES_256_CBC_SHA1
> 0x574f76c (t2): IN.gnutls: HSK[a1407c0]: Keeping ciphersuite:
> DHE_PSK_SHA_ARCFOUR_SHA1
> 0x574f76c (t2): IN.gnutls: HSK[a1407c0]: Keeping ciphersuite:
> DHE_PSK_SHA_3DES_EDE_CBC_SHA1
> 0x574f76c (t2): IN.gnutls: HSK[a1407c0]: Keeping ciphersuite:
> DHE_PSK_SHA_AES_128_CBC_SHA1
> 0x574f76c (t2): IN.gnutls: HSK[a1407c0]: Keeping ciphersuite:
> DHE_PSK_SHA_AES_256_CBC_SHA1
> 0x574f76c (t2): IN.gnutls: HSK[a1407c0]: Removing ciphersuite:
> DHE_DSS_ARCFOUR_SHA1
> 0x574f76c (t2): IN.gnutls: HSK[a1407c0]: Removing ciphersuite:
> DHE_DSS_3DES_EDE_CBC_SHA1
> 0x574f76c (t2): IN.gnutls: HSK[a1407c0]: Removing ciphersuite:
> DHE_DSS_AES_128_CBC_SHA1
> 0x574f76c (t2): IN.gnutls: HSK[a1407c0]: Removing ciphersuite:
> DHE_DSS_AES_256_CBC_SHA1
> 0x574f76c (t2): IN.gnutls: HSK[a1407c0]: Keeping ciphersuite:
> DHE_RSA_3DES_EDE_CBC_SHA1
> 0x574f76c (t2): IN.gnutls: HSK[a1407c0]: Keeping ciphersuite:
> DHE_RSA_AES_128_CBC_SHA1
> 0x574f76c (t2): IN.gnutls: HSK[a1407c0]: Keeping ciphersuite:
> DHE_RSA_AES_256_CBC_SHA1
> 0x574f76c (t2): IN.gnutls: HSK[a1407c0]: Keeping ciphersuite:
> RSA_ARCFOUR_SHA1
> 0x574f76c (t2): IN.gnutls: HSK[a1407c0]: Keeping ciphersuite:
> RSA_ARCFOUR_MD5
> 0x574f76c (t2): IN.gnutls: HSK[a1407c0]: Keeping ciphersuite:
> RSA_3DES_EDE_CBC_SHA1
> 0x574f76c (t2): IN.gnutls: HSK[a1407c0]: Keeping ciphersuite:
> RSA_AES_128_CBC_SHA1
> 0x574f76c (t2): IN.gnutls: HSK[a1407c0]: Keeping ciphersuite:
> RSA_AES_256_CBC_SHA1
> 0x574f76c (t2): IN.gnutls: HSK[a1407c0]: Selected cipher suite:
> RSA_ARCFOUR_MD5
> 0x574f76c (t2): IN.gnutls: ASSERT: ext_authz.c:180
> 0x574f76c (t2): IN.gnutls: ASSERT: ext_authz.c:237
> 0x574f76c (t2): IN.gnutls: HSK[a1407c0]: SessionID:
> ef942f18006dd557b97a576e795123ee917aa9947461f0380ff19870338e7fe9
> 0x574f76c (t2): IN.gnutls: HSK[a1407c0]: SERVER HELLO was send [74
> bytes]
> 0x574f76c (t2): IN.gnutls: BUF[HSK]: Peeked 53 bytes of Data
> 0x574f76c (t2): IN.gnutls: BUF[HSK]: Emptied buffer
> 0x574f76c (t2): IN.gnutls: REC[a1407c0]: Sending Packet[0] Handshake(22)
> with length: 74
> 0x574f76c (t2): IN.gnutls: WRITE: Will write 79 bytes to 166892884.
> 0x574f76c (t2): IN.gnutls: WRITE: wrote 79 bytes to 166892884. Left 0
> bytes. Total 79 bytes.
> 0x574f76c (t2): IN.gnutls: 0000 - 16 03 01 00 4a 02 00 00 46 03 01 48 eb
> 8c fa ef
> 0x574f76c (t2): IN.gnutls: 0001 - 94 2f 18 00 6d d5 57 b9 7a 57 6e 79 51
> 23 ee 91
> 0x574f76c (t2): IN.gnutls: 0002 - 7a a9 94 74 61 f0 38 0f f1 98 70 20 ef
> 94 2f 18
> 0x574f76c (t2): IN.gnutls: 0003 - 00 6d d5 57 b9 7a 57 6e 79 51 23 ee 91
> 7a a9 94
> 0x574f76c (t2): IN.gnutls: 0004 - 74 61 f0 38 0f f1 98 70 33 8e 7f e9 00
> 04 00
> 0x574f76c (t2): IN.gnutls: REC[a1407c0]: Sent Packet[1] Handshake(22)
> with length: 79
> 0x574f76c (t2): IN.gnutls: HSK[a1407c0]: CERTIFICATE was send [623
> bytes]
> 0x574f76c (t2): IN.gnutls: BUF[HSK]: Peeked 0 bytes of Data
> 0x574f76c (t2): IN.gnutls: BUF[HSK]: Emptied buffer
> 0x574f76c (t2): IN.gnutls: REC[a1407c0]: Sending Packet[1] Handshake(22)
> with length: 623
> 0x574f76c (t2): IN.gnutls: WRITE: Will write 628 bytes to 166892884.
> 0x574f76c (t2): IN.gnutls: WRITE: wrote 628 bytes to 166892884. Left 0
> bytes. Total 628 bytes.
> 0x574f76c (t2): IN.gnutls: 0000 - 16 03 01 02 6f 0b 00 02 6b 00 02 68 00
> 02 65 30
> 0x574f76c (t2): IN.gnutls: 0001 - 82 02 61 30 82 01 cc a0 03 02 01 02 02
> 04 47 27
> 0x574f76c (t2): IN.gnutls: 0002 - 2d 2d 30 0b 06 09 2a 86 48 86 f7 0d 01
> 01 05 30
> 0x574f76c (t2): IN.gnutls: 0003 - 17 31 15 30 13 06 03 55 04 03 13 0c 54
> 65 6b 74
> 0x574f76c (t2): IN.gnutls: 0004 - 72 6f 6e 69 78 20 43 41 30 1e 17 0d 30
> 37 31 30
> 0x574f76c (t2): IN.gnutls: 0005 - 33 30 31 33 31 30 30 35 5a 17 0d 31 37
> 31 30 32
> 0x574f76c (t2): IN.gnutls: 0006 - 37 31 33 31 30 30 35 5a 30 42 31 0b 30
> 09 06 03
> 0x574f76c (t2): IN.gnutls: 0007 - 55 04 06 13 02 55 53 31 17 30 15 06 03
> 55 04 0a
> 0x574f76c (t2): IN.gnutls: 0008 - 13 0e 54 65 6b 74 72 6f 6e 69 78 20 49
> 6e 63 2e
> 0x574f76c (t2): IN.gnutls: 0009 - 31 1a 30 18 06 03 55 04 03 13 11 77 77
> 77 2e 74
> 0x574f76c (t2): IN.gnutls: 000a - 65 6b 74 72 6f 6e 69 78 2e 63 6f 6d 30
> 81 9c 30
> 0x574f76c (t2): IN.gnutls: 000b - 0b 06 09 2a 86 48 86 f7 0d 01 01 01 03
> 81 8c 00
> 0x574f76c (t2): IN.gnutls: 000c - 30 81 88 02 81 80 ad a5 a5 12 74 ee 3d
> a3 ad ee
> 0x574f76c (t2): IN.gnutls: 000d - e7 00 40 c1 ad a2 7d 85 d8 e4 9f 68 9c
> fd 3f c1
> 0x574f76c (t2): IN.gnutls: 000e - 57 f4 a8 21 2f 7c fc 43 12 41 ec d9 cb
> f1 0e 10
> 0x574f76c (t2): IN.gnutls: 000f - fd b1 ca 9a af da 6c 69 1d 06 f2 7b 61
> 9c 26 23
> 0x574f76c (t2): IN.gnutls: 0010 - a7 dd 11 16 1f 93 2f b4 f5 a9 e2 a7 33
> 3d ea 81
> 0x574f76c (t2): IN.gnutls: 0011 - 44 b4 ef 26 35 46 62 b2 42 9b c3 f9 fd
> f1 71 e0
> 0x574f76c (t2): IN.gnutls: 0012 - 31 2e 54 aa f8 7c bb 3a 1f 49 51 6e 29
> 93 27 bc
> 0x574f76c (t2): IN.gnutls: 0013 - 40 9c f5 0a da 28 94 b8 06 33 61 ae 60
> 68 3d 52
> 0x574f76c (t2): IN.gnutls: 0014 - 85 da 09 fc 70 85 02 03 01 00 01 a3 81
> 95 30 81
> 0x574f76c (t2): IN.gnutls: 0015 - 92 30 0c 06 03 55 1d 13 01 01 ff 04 02
> 30 00 30
> 0x574f76c (t2): IN.gnutls: 0016 - 1c 06 03 55 1d 11 04 15 30 13 82 11 77
> 77 77 2e
> 0x574f76c (t2): IN.gnutls: 0017 - 74 65 6b 74 72 6f 6e 69 78 2e 63 6f 6d
> 30 13 06
> 0x574f76c (t2): IN.gnutls: 0018 - 03 55 1d 25 04 0c 30 0a 06 08 2b 06 01
> 05 05 07
> 0x574f76c (t2): IN.gnutls: 0019 - 03 01 30 0f 06 03 55 1d 0f 01 01 ff 04
> 05 03 03
> 0x574f76c (t2): IN.gnutls: 001a - 07 a0 00 30 1d 06 03 55 1d 0e 04 16 04
> 14 3b a3
> 0x574f76c (t2): IN.gnutls: 001b - 48 d6 06 19 dd 51 cf 77 4f dd ed 11 31
> a1 62 0c
> 0x574f76c (t2): IN.gnutls: 001c - 68 dd 30 1f 06 03 55 1d 23 04 18 30 16
> 80 14 57
> 0x574f76c (t2): IN.gnutls: 001d - aa bc 0a b5 e1 f9 b9 11 76 21 35 6f fa
> 77 4a ff
> 0x574f76c (t2): IN.gnutls: 001e - a6 c6 a0 30 0b 06 09 2a 86 48 86 f7 0d
> 01 01 05
> 0x574f76c (t2): IN.gnutls: 001f - 03 81 81 00 99 b1 37 f1 23 22 95 85 54
> aa 5b ad
> 0x574f76c (t2): IN.gnutls: 0020 - d1 da 6d 77 71 c1 bb 32 a5 6f 6b 6e b3
> 33 39 0e
> 0x574f76c (t2): IN.gnutls: 0021 - 06 73 ea e7 1a 13 05 01 8a 96 1f 73 4d
> 3a 90 7a
> 0x574f76c (t2): IN.gnutls: 0022 - 75 dd ec 12 54 86 cc 2d 36 eb f3 57 e9
> 83 64 fe
> 0x574f76c (t2): IN.gnutls: 0023 - 8f 65 66 84 a9 d8 75 fc 45 b4 10 d5 74
> c2 b1 d3
> 0x574f76c (t2): IN.gnutls: 0024 - ec b8 78 bb 9b dc b7 bc 48 89 fc db 59
> 63 fa fa
> 0x574f76c (t2): IN.gnutls: 0025 - fc 66 f6 46 c4 32 7a 2c 81 ac 93 41 ca
> 24 43 17
> 0x574f76c (t2): IN.gnutls: 0026 - 12 81 93 0a 8b 0b 0c 78 a1 f1 a5 b3 93
> 62 8a cf
> 0x574f76c (t2): IN.gnutls: 0027 - 53 82 5b 06
> 0x574f76c (t2): IN.gnutls: REC[a1407c0]: Sent Packet[2] Handshake(22)
> with length: 628
> 0x574f76c (t2): IN.gnutls: HSK[a1407c0]: CERTIFICATE REQUEST was send
> [36 bytes]
> 0x574f76c (t2): IN.gnutls: BUF[HSK]: Peeked 0 bytes of Data
> 0x574f76c (t2): IN.gnutls: BUF[HSK]: Emptied buffer
> 0x574f76c (t2): IN.gnutls: REC[a1407c0]: Sending Packet[2] Handshake(22)
> with length: 36
> 0x574f76c (t2): IN.gnutls: WRITE: Will write 41 bytes to 166892884.
> 0x574f76c (t2): IN.gnutls: WRITE: wrote 41 bytes to 166892884. Left 0
> bytes. Total 41 bytes.
> 0x574f76c (t2): IN.gnutls: 0000 - 16 03 01 00 24 0d 00 00 20 02 01 02 00
> 1b 00 19
> 0x574f76c (t2): IN.gnutls: 0001 - 30 17 31 15 30 13 06 03 55 04 03 13 0c
> 54 65 6b
> 0x574f76c (t2): IN.gnutls: 0002 - 74 72 6f 6e 69 78 20 43 41
> 0x574f76c (t2): IN.gnutls: REC[a1407c0]: Sent Packet[3] Handshake(22)
> with length: 41
> 0x574f76c (t2): IN.gnutls: HSK[a1407c0]: SERVER HELLO DONE was send [4
> bytes]
> 0x574f76c (t2): IN.gnutls: BUF[HSK]: Peeked 0 bytes of Data
> 0x574f76c (t2): IN.gnutls: BUF[HSK]: Emptied buffer
> 0x574f76c (t2): IN.gnutls: REC[a1407c0]: Sending Packet[3] Handshake(22)
> with length: 4
> 0x574f76c (t2): IN.gnutls: WRITE: Will write 9 bytes to 166892884.
> 0x574f76c (t2): IN.gnutls: WRITE: wrote 9 bytes to 166892884. Left 0
> bytes. Total 9 bytes.
> 0x574f76c (t2): IN.gnutls: 0000 - 16 03 01 00 04 0e 00 00 00
> 0x574f76c (t2): IN.gnutls: REC[a1407c0]: Sent Packet[4] Handshake(22)
> with length: 9
> 0x574f76c (t2): IN.gnutls: READ: Got 5 bytes from 166892884
> 0x574f76c (t2): IN.gnutls: READ: read 5 bytes from 166892884
> 0x574f76c (t2): IN.gnutls: 0000 - 16 03 01 02 f8
> 0x574f76c (t2): IN.gnutls: RB: Have 0 bytes into buffer. Adding 5 bytes.
> 0x574f76c (t2): IN.gnutls: RB: Requested 5 bytes
> 0x574f76c (t2): IN.gnutls: REC[a1407c0]: Expected Packet[1]
> Handshake(22) with length: 1
> 0x574f76c (t2): IN.gnutls: REC[a1407c0]: Received Packet[1]
> Handshake(22) with length: 760
> 0x574f76c (t2): IN.gnutls: READ: Got 760 bytes from 166892884
> 0x574f76c (t2): IN.gnutls: READ: read 760 bytes from 166892884
> 0x574f76c (t2): IN.gnutls: 0000 - 0b 00 01 e8 00 01 e5 00 01 e2 30 82 01
> de 30 82
> 0x574f76c (t2): IN.gnutls: 0001 - 01 47 a0 03 02 01 02 02 04 48 d9 4f 03
> 30 0d 06
> 0x574f76c (t2): IN.gnutls: 0002 - 09 2a 86 48 86 f7 0d 01 01 05 05 00 30
> 17 31 15
> 0x574f76c (t2): IN.gnutls: 0003 - 30 13 06 03 55 04 03 13 0c 31 39 32 2e
> 31 32 38
> 0x574f76c (t2): IN.gnutls: 0004 - 2e 31 30 2e 32 30 1e 17 0d 30 38 30 39
> 32 32 32
> 0x574f76c (t2): IN.gnutls: 0005 - 30 31 38 31 31 5a 17 0d 31 31 30 39 32
> 33 32 30
> 0x574f76c (t2): IN.gnutls: 0006 - 31 38 31 31 5a 30 17 31 15 30 13 06 03
> 55 04 03
> 0x574f76c (t2): IN.gnutls: 0007 - 13 0c 31 39 32 2e 31 32 38 2e 31 30 2e
> 32 30 81
> 0x574f76c (t2): IN.gnutls: 0008 - 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01
> 01 05 00
> 0x574f76c (t2): IN.gnutls: 0009 - 03 81 8d 00 30 81 89 02 81 81 00 e1 7b
> 3d 35 49
> 0x574f76c (t2): IN.gnutls: 000a - b2 3b cf 22 16 fe ee 6f 6a 82 26 ce 25
> cc 63 bf
> 0x574f76c (t2): IN.gnutls: 000b - b4 7a f2 70 75 dd 13 ed d4 aa 5b 25 91
> 22 fd 68
> 0x574f76c (t2): IN.gnutls: 000c - 1a ec 20 1a 44 10 59 86 0f 30 c8 6d 47
> 19 12 6e
> 0x574f76c (t2): IN.gnutls: 000d - 4e a1 b4 f4 39 11 a8 5c 55 df 40 65 79
> 3a 29 4a
> 0x574f76c (t2): IN.gnutls: 000e - 76 63 60 7b af 20 c8 e2 be af fc a2 17
> 08 1c 5e
> 0x574f76c (t2): IN.gnutls: 000f - 1c 57 48 19 56 71 e3 db b6 a9 9e d3 d9
> ae 0d c7
> 0x574f76c (t2): IN.gnutls: 0010 - d4 06 d6 82 38 1a 10 9d 95 47 b4 61 d0
> 6a 76 0f
> 0x574f76c (t2): IN.gnutls: 0011 - 1f 70 66 43 d0 f2 5c da 87 56 47 02 03
> 01 00 01
> 0x574f76c (t2): IN.gnutls: 0012 - a3 37 30 35 30 0e 06 03 55 1d 0f 01 01
> 00 04 04
> 0x574f76c (t2): IN.gnutls: 0013 - 03 02 02 a4 30 0f 06 03 55 1d 11 04 08
> 30 06 87
> 0x574f76c (t2): IN.gnutls: 0014 - 04 c0 80 0a 02 30 12 06 03 55 1d 13 01
> 01 00 04
> 0x574f76c (t2): IN.gnutls: 0015 - 08 30 06 01 01 ff 02 01 01 30 0d 06 09
> 2a 86 48
> 0x574f76c (t2): IN.gnutls: 0016 - 86 f7 0d 01 01 05 05 00 03 81 81 00 1b
> df 75 87
> 0x574f76c (t2): IN.gnutls: 0017 - 1b 69 11 91 6a 69 a7 e1 f2 6c eb 3f 46
> 84 55 55
> 0x574f76c (t2): IN.gnutls: 0018 - b6 b9 a3 f5 8e 73 6d 9c ae 63 a1 f3 64
> f0 3a b2
> 0x574f76c (t2): IN.gnutls: 0019 - fd a7 bf c6 0f 46 17 02 f6 84 fe 1c 5e
> f3 dd 87
> 0x574f76c (t2): IN.gnutls: 001a - 3e c4 3d f3 81 d4 ce 56 26 49 13 b1 ef
> 56 c8 b4
> 0x574f76c (t2): IN.gnutls: 001b - 22 42 bb 09 83 62 0a e6 76 cd 6e 58 d3
> 09 30 8c
> 0x574f76c (t2): IN.gnutls: 001c - cb 0b 17 a4 0e 75 ae e0 02 8f b0 ea 17
> 5a fc a9
> 0x574f76c (t2): IN.gnutls: 001d - df 3d 57 c4 3d 4f 2e 0f 87 b0 34 92 18
> 71 e2 95
> 0x574f76c (t2): IN.gnutls: 001e - 7b db 8d 0d 89 f7 63 16 61 57 aa ad 10
> 00 00 82
> 0x574f76c (t2): IN.gnutls: 001f - 00 80 35 23 dd bc 98 7a f4 db 18 9a e8
> 33 37 fa
> 0x574f76c (t2): IN.gnutls: 0020 - 66 30 f7 cf 26 e5 5e 3e 0c ae d2 59 2c
> 9d 10 46
> 0x574f76c (t2): IN.gnutls: 0021 - 5b 9b 30 8e 2a de e6 fa 4a b2 8c 74 59
> ef b6 66
> 0x574f76c (t2): IN.gnutls: 0022 - e9 51 33 70 3f 45 b0 8b ad 60 07 59 ac
> df d4 04
> 0x574f76c (t2): IN.gnutls: 0023 - 71 5c 0b 8f 90 25 6d 17 5b 84 d4 44 48
> 3c 25 0c
> 0x574f76c (t2): IN.gnutls: 0024 - 56 6d 55 12 40 6b 9f 7f bc ac 26 4d 90
> eb 7f e9
> 0x574f76c (t2): IN.gnutls: 0025 - ee 43 96 11 1e aa 45 72 83 ff 11 1e ea
> b5 fb e8
> 0x574f76c (t2): IN.gnutls: 0026 - 28 45 54 6c 65 7c c3 d7 04 84 46 d5 67
> 05 49 1f
> 0x574f76c (t2): IN.gnutls: 0027 - fc 68 0f 00 00 82 00 80 03 ed 00 5d 86
> 09 69 30
> 0x574f76c (t2): IN.gnutls: 0028 - e4 c0 86 55 39 c5 08 55 32 54 5b 3d 07
> 25 09 83
> 0x574f76c (t2): IN.gnutls: 0029 - 29 62 29 d3 d2 ed b4 a6 7a ad 62 e3 c9
> 30 8e 6c
> 0x574f76c (t2): IN.gnutls: 002a - 34 1e 1b e1 3a 54 a9 4d f0 9d b3 4a c9
> c9 1a 4f
> 0x574f76c (t2): IN.gnutls: 002b - ef 92 32 47 ed c9 72 74 0a 71 45 05 46
> 13 11 42
> 0x574f76c (t2): IN.gnutls: 002c - 80 b1 49 8f db c0 35 5c bf d9 95 a1 46
> 77 71 67
> 0x574f76c (t2): IN.gnutls: 002d - 5c eb 20 99 76 45 1a 65 7a 30 a3 78 93
> ad 3b 9a
> 0x574f76c (t2): IN.gnutls: 002e - 29 6f 14 80 44 cf 14 61 22 ec 97 ac 27
> cb 96 fd
> 0x574f76c (t2): IN.gnutls: 002f - 55 92 2f 31 64 5c 82 ec
> 0x574f76c (t2): IN.gnutls: RB: Have 5 bytes into buffer. Adding 760
> bytes.
> 0x574f76c (t2): IN.gnutls: RB: Requested 765 bytes
> 0x574f76c (t2): IN.gnutls: REC[a1407c0]: Decrypted Packet[1]
> Handshake(22) with length: 760
> 0x574f76c (t2): IN.gnutls: BUF[HSK]: Inserted 760 bytes of Data(22)
> 0x574f76c (t2): IN.gnutls: BUF[REC][HD]: Read 1 bytes of Data(22)
> 0x574f76c (t2): IN.gnutls: BUF[REC][HD]: Read 3 bytes of Data(22)
> 0x574f76c (t2): IN.gnutls: HSK[a1407c0]: CERTIFICATE was received [492
> bytes]
> 0x574f76c (t2): IN.gnutls: BUF[REC][HD]: Read 488 bytes of Data(22)
> 0x574f76c (t2): IN.gnutls: BUF[HSK]: Peeked 0 bytes of Data
> 0x574f76c (t2): IN.gnutls: BUF[HSK]: Emptied buffer
> 0x574f76c (t2): IN.gnutls: BUF[HSK]: Inserted 4 bytes of Data
> 0x574f76c (t2): IN.gnutls: BUF[HSK]: Inserted 488 bytes of Data
> 0x574f76c (t2): IN.gnutls: BUF[REC][HD]: Read 1 bytes of Data(22)
> 0x574f76c (t2): IN.gnutls: BUF[REC][HD]: Read 3 bytes of Data(22)
> 0x574f76c (t2): IN.gnutls: HSK[a1407c0]: CLIENT KEY EXCHANGE was
> received [134 bytes]
> 0x574f76c (t2): IN.gnutls: BUF[REC][HD]: Read 130 bytes of Data(22)
> 0x574f76c (t2): IN.gnutls: BUF[HSK]: Peeked 492 bytes of Data
> 0x574f76c (t2): IN.gnutls: BUF[HSK]: Emptied buffer
> 0x574f76c (t2): IN.gnutls: BUF[HSK]: Inserted 4 bytes of Data
> 0x574f76c (t2): IN.gnutls: BUF[HSK]: Inserted 130 bytes of Data
> 0x574f76c (t2): IN.gnutls: ASSERT: gnutls_pk.c:283
> 0x574f76c (t2): IN.gnutls: ASSERT: auth_rsa.c:258
> 0x574f76c (t2): IN.gnutls: auth_rsa: Possible PKCS #1 format attack
> 0x574f76c (t2): IN.gnutls: BUF[REC][HD]: Read 1 bytes of Data(22)
> 0x574f76c (t2): IN.gnutls: BUF[REC][HD]: Read 3 bytes of Data(22)
> 0x574f76c (t2): IN.gnutls: HSK[a1407c0]: CERTIFICATE VERIFY was received
> [134 bytes]
> 0x574f76c (t2): IN.gnutls: BUF[REC][HD]: Read 130 bytes of Data(22)
> 0x574f76c (t2): IN.gnutls: BUF[HSK]: Peeked 134 bytes of Data
> 0x574f76c (t2): IN.gnutls: BUF[HSK]: Emptied buffer
> 0x574f76c (t2): IN.gnutls: BUF[HSK]: Inserted 4 bytes of Data
> 0x574f76c (t2): IN.gnutls: BUF[HSK]: Inserted 130 bytes of Data
> 0x574f76c (t2): IN.gnutls: READ: Got 5 bytes from 166892884
> 0x574f76c (t2): IN.gnutls: READ: read 5 bytes from 166892884
> 0x574f76c (t2): IN.gnutls: 0000 - 14 03 01 00 01
> 0x574f76c (t2): IN.gnutls: RB: Have 0 bytes into buffer. Adding 5 bytes.
> 0x574f76c (t2): IN.gnutls: RB: Requested 5 bytes
> 0x574f76c (t2): IN.gnutls: REC[a1407c0]: Expected Packet[2] Change
> Cipher Spec(20) with length: 1
> 0x574f76c (t2): IN.gnutls: REC[a1407c0]: Received Packet[2] Change
> Cipher Spec(20) with length: 1
> 0x574f76c (t2): IN.gnutls: READ: Got 1 bytes from 166892884
> 0x574f76c (t2): IN.gnutls: READ: read 1 bytes from 166892884
> 0x574f76c (t2): IN.gnutls: 0000 - 01
> 0x574f76c (t2): IN.gnutls: RB: Have 5 bytes into buffer. Adding 1 bytes.
> 0x574f76c (t2): IN.gnutls: RB: Requested 6 bytes
> 0x574f76c (t2): IN.gnutls: REC[a1407c0]: ChangeCipherSpec Packet was
> received
> 0x574f76c (t2): IN.gnutls: INT: PREMASTER SECRET[48]:
> 03012b011acc7633cd91bce5d45ffd177adf0193b22ec981f99b30f9fb805d5c409d50cdd8ec5008c058d9
> e108bbedce
> 0x574f76c (t2): IN.gnutls: INT: CLIENT RANDOM[32]:
> 48d9493ff78370f9340ac33f945765478512e3217e56da073cca9892ee8394be
> 0x574f76c (t2): IN.gnutls: INT: SERVER RANDOM[32]:
> 48eb8cfaef942f18006dd557b97a576e795123ee917aa9947461f0380ff19870
> 0x574f76c (t2): IN.gnutls: INT: MASTER SECRET:
> 0d454d81f4f5c85b0998c77cb1b469400380d2a613344d089c2646f44c4b341cdf78a3d15d4d87167b8d5385337fa
> efb
> 0x574f76c (t2): IN.gnutls: INT: KEY BLOCK[64]:
> d920b45221630b466eab7cba7ae58a86c401e3f8e6ed0fb1db35f6ae0e930cb6
> 0x574f76c (t2): IN.gnutls: INT: CLIENT WRITE KEY [16]:
> 41ff237870ee3017051853a568387b63
> 0x574f76c (t2): IN.gnutls: INT: SERVER WRITE KEY [16]:
> d4a51c4e92c663ab205cb8d5ab3eb827
> 0x574f76c (t2): IN.gnutls: HSK[a1407c0]: Cipher Suite: RSA_ARCFOUR_MD5
> 0x574f76c (t2): IN.gnutls: HSK[a1407c0]: Initializing internal [read]
> cipher sessions
> 0x574f76c (t2): IN.gnutls: READ: Got 5 bytes from 166892884
> 0x574f76c (t2): IN.gnutls: READ: read 5 bytes from 166892884
> 0x574f76c (t2): IN.gnutls: 0000 - 16 03 01 00 20
> 0x574f76c (t2): IN.gnutls: RB: Have 0 bytes into buffer. Adding 5 bytes.
> 0x574f76c (t2): IN.gnutls: RB: Requested 5 bytes
> 0x574f76c (t2): IN.gnutls: REC[a1407c0]: Expected Packet[0]
> Handshake(22) with length: 1
> 0x574f76c (t2): IN.gnutls: REC[a1407c0]: Received Packet[0]
> Handshake(22) with length: 32
> 0x574f76c (t2): IN.gnutls: READ: Got 32 bytes from 166892884
> 0x574f76c (t2): IN.gnutls: READ: read 32 bytes from 166892884
> 0x574f76c (t2): IN.gnutls: 0000 - 50 7d ba 69 15 22 e9 23 c7 e0 69 d7 8e
> a5 c7 21
> 0x574f76c (t2): IN.gnutls: 0001 - 6d 0c 23 17 8b 32 61 2a 5e f4 f7 34 a1
> 3f e7 0e
> 0x574f76c (t2): IN.gnutls: 0002 -
> 0x574f76c (t2): IN.gnutls: RB: Have 5 bytes into buffer. Adding 32
> bytes.
> 0x574f76c (t2): IN.gnutls: RB: Requested 37 bytes
> 0x574f76c (t2): IN.gnutls: ASSERT: gnutls_cipher.c:562
> 0x574f76c (t2): IN.gnutls: ASSERT: gnutls_record.c:982
> 0x574f76c (t2): IN.gnutls: ASSERT: gnutls_buffers.c:1188
> 0x574f76c (t2): IN.gnutls: ASSERT: gnutls_handshake.c:962
> 0x574f76c (t2): IN.gnutls: ASSERT: gnutls_handshake.c:525
> 0x574f76c (t2): IN.gnutls: ASSERT: gnutls_handshake.c:2472
> 0x574f76c (t2): IN.gnutls: ASSERT: gnutls_handshake.c:2608
> 0x574f76c (t2): IN.gnutls: BUF[HSK]: Cleared Data from buffer
> 0x574f76c (t2): IN.gnutls: REC: Sending Alert[2|20] - Bad record MAC
> 0x574f76c (t2): IN.gnutls: REC[a1407c0]: Sending Packet[4]  with length:
> 2
> 0x574f76c (t2): IN.gnutls: WRITE: Will write 7 bytes to 166892884.
> 0x574f76c (t2): IN.gnutls: WRITE: wrote 7 bytes to 166892884. Left 0
> bytes. Total 7 bytes.
> 0x574f76c (t2): IN.gnutls: 0000 - 15 03 01 00 02 02 14
> 0x574f76c (t2): IN.gnutls: REC[a1407c0]: Sent Packet[5]  with length: 7
> 0x574f76c (t2): IN.gnutls: ASSERT: gnutls_psk.c:309
>
>
>
>
> Gesendet von freenetMail-
> Mehr als nur eine
> E-Mail-Adresse
> http://email.freenet.de/dienste/emailoffice/produktuebersicht/basic/mail/index.html?pid=6828





More information about the Gnutls-help mailing list