GnuTLS Re-Handshake Fails

Dash Shendy admin at dash.za.net
Mon May 23 04:38:47 CEST 2011


 Machine Spec.:
============================================================
Fedora Core 14
Dual PIII Katmai CPU @500Mhz
1002 MB DIMM PC133 RAM
16 GB SCSI HDD
GnuTLS 2.12.5
mod_gnutls 0.5.9
Apache 2.2.18
============================================================
# gnutls-cli -e -V dash.za.net
Resolving 'dash.za.net'...
Connecting to '192.168.0.254:443'...
- Ephemeral Diffie-Hellman parameters
 - Using prime: 2048 bits
 - Secret key: 2046 bits
 - Peer's public key: 2048 bits
- Certificate type: X.509
 - Got a certificate list of 1 certificates.
 - Certificate[0] info:
  - X.509 Certificate Information:
        Version: 3
        Serial Number (hex): 07
        Issuer: C=ZA,O=Technical Advisory Group,OU=Certificate
Authority,CN=TAG Certificate Authority,UID=0
        Validity:
                Not Before: Sun Apr 24 11:07:01 UTC 2011
                Not After: Mon Apr 23 11:07:04 UTC 2012
        Subject: C=ZA,O=Dash Shendy,OU=Curriculum Vitae,L=Cape
Town,ST=WP,CN=dash.za.net,UID=7
        Subject Public Key Algorithm: RSA
        Certificate Security Level: Normal
                Modulus (bits 2432):
                        00:c4:fd:51:16:52:62:27:c1:71:3c:06:ee:22:a0:25
                        fc:d7:73:9e:af:dd:e5:e8:8f:0a:d3:18:93:dd:54:e3
                        a7:39:9e:87:84:44:f8:cf:12:db:dc:d1:58:de:de:dd
                        23:15:0e:81:ca:e6:f1:82:1f:ea:f7:31:bf:8a:de:24
                        33:4c:d2:79:83:9f:9f:1c:25:57:48:33:a6:de:99:b0
                        b0:b9:44:53:70:ee:bc:1d:0b:de:ee:6d:2a:06:1c:d9
                        d7:9e:01:04:bd:96:4e:1a:03:07:e8:21:3e:4e:d8:62
                        83:ea:d8:04:f2:ef:6f:b6:d2:bc:bf:cc:68:19:b5:74
                        78:82:b3:52:96:9d:e6:ef:f6:6e:c8:77:b4:5a:e9:04
                        47:55:03:b7:e8:a8:e1:41:a9:58:48:70:40:d6:76:62
                        10:41:b8:7d:d9:28:24:4b:05:16:1c:4a:0c:b0:37:2c
                        e0:d9:e5:a3:3f:5f:37:a1:30:7b:b3:3d:d0:75:3e:db
                        fa:b8:4c:17:30:62:52:a0:07:0f:4c:4c:ce:bc:2f:52
                        38:b6:d6:4e:b3:ef:ad:88:9a:41:6c:d4:01:1a:89:a8
                        d8:a0:a5:c1:98:b6:77:53:6c:c9:24:bd:0f:d2:0e:c4
                        16:19:ec:73:e8:85:97:88:a7:52:09:53:3b:83:b3:a3
                        af:42:0a:6c:ce:09:cf:b7:75:51:15:68:9c:1a:11:ea
                        8c:d4:26:38:e5:53:4d:8c:21:2d:a8:84:90:c7:72:eb
                        81:dc:69:04:06:9d:1c:94:a2:bd:9c:40:9e:87:44:09
                        97
                Exponent (bits 24):
                        01:00:01
        Extensions:
                Basic Constraints (critical):
                        Certificate Authority (CA): FALSE
                Key Purpose (not critical):
                        TLS WWW Server.
                Key Usage (critical):
                        Digital signature.
                        Key encipherment.
                Subject Key Identifier (not critical):
                        e3fc11752c6e51303b269e36d283c5aadc33a5cc
                Authority Key Identifier (not critical):
                        af16d0a14f4cf894f51e7ed33cfa3b369de65223
                CRL Distribution points (not critical):
                        URI: tag.za.net/crl
        Signature Algorithm: RSA-SHA256
        Signature:
                30:03:1d:ed:05:96:b7:70:71:95:57:b1:d6:98:fc:3a
                a8:08:a6:be:97:20:dd:38:61:f7:ea:46:2f:4c:92:d3
                a2:44:e1:02:6a:6c:15:ff:2a:1f:2e:44:b6:96:5a:61
                3d:8f:a9:86:c9:48:4b:ad:6c:d7:1e:88:a8:50:9c:38
                0c:6a:96:1f:d9:df:55:cb:92:34:20:d3:52:af:50:f8
                96:49:68:16:f7:19:d3:f3:ce:20:fd:7d:4b:6d:0f:88
                3f:dc:8d:5d:b4:66:08:bf:41:84:e2:45:e6:7b:fe:08
                93:85:62:ed:55:ab:7e:df:ec:95:61:c1:bb:c1:8e:40
                9f:d0:63:01:aa:d0:bf:40:c2:5c:5e:49:06:ab:39:c8
                1b:b8:fc:07:89:a9:b8:7a:d5:3e:68:9d:99:5f:05:c7
                04:c9:44:34:74:51:e7:cb:d3:4f:81:aa:ba:ac:51:39
                46:6e:7f:75:e4:09:af:50:e1:0e:42:0f:b6:0d:e0:fe
                45:fd:46:b9:3f:0f:ea:e3:5c:35:c6:f6:58:0b:9e:56
                b2:95:78:13:63:dc:16:5c:c5:71:d3:86:ad:1d:8e:14
                ae:0f:56:54:13:60:c5:c4:f0:29:eb:69:a4:91:4b:79
                45:5b:9a:9d:54:8c:26:3c:18:69:b8:2c:01:4d:fa:ec
                fa:17:5e:fa:c7:0c:de:68:59:33:07:3a:c4:41:80:91
                3f:f4:d0:d7:f1:9f:5d:f3:f2:e2:3c:c3:c5:b4:62:0c
                66:58:67:21:b3:e0:5d:81:f4:70:b4:f7:b1:6b:27:58
Other Information:
        MD5 fingerprint:
                c9b7fe299eda11755b7d398aeed16013
        SHA-1 fingerprint:
                70c40367368fd39f3b0b0f5fa519f8d2e9bda22d
        Public Key Id:
                e3fc11752c6e51303b269e36d283c5aadc33a5cc

- The hostname in the certificate matches 'dash.za.net'.
- Peer's certificate issuer is unknown
- Peer's certificate is NOT trusted
- Version: TLS1.1
- Key Exchange: DHE-RSA
- Cipher: AES-128-CBC
- MAC: SHA1
- Compression: NULL
- Session ID:
6E:34:B9:7E:A3:0A:E0:6E:6D:58:04:02:67:5F:AE:94:12:FA:B7:EC:99:11:64:31:24:B9:77:EB:27:EF:76:93
- Channel binding 'tls-unique': deb8b928402edf74283cdf9c
- Handshake was completed

- Simple Client Mode:

*** Fatal error: A TLS packet with unexpected length was received.
*** ReHandshake has failed
GnuTLS error: A TLS packet with unexpected length was received.
============================================================
Any Help/Info would be appreciated.

Thank you,
Hacker Emblem <http://catb.org/hacker-emblem/> *Dash Shendy*
Coder/Pentester
Security Analyst/Consultant
URL : http://dash.za.net/
SMTP: admin at dash.za.net <mailto:admin at dash.za.net>
VOIP: dashula2006 <skype:dashula2006>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20110523/ad704cb8/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 2Q==
Type: image/gif
Size: 6184 bytes
Desc: not available
URL: </pipermail/attachments/20110523/ad704cb8/attachment.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 292 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110523/ad704cb8/attachment.pgp>


More information about the Gnutls-help mailing list