Question

HANDSHAKE ERROR 40 occurs when we try to connect to a local server from an COAP client application running on NORDIC NRF52840 Development board.

There should be no error from server end because application built from ssl_client2.c connects to our local server without any glitch.

The following is my client side ssl code, config[mbedtls_config_NORDIC.h] for reference :

void tls_init()
{

    NRF_LOG_INFO("tls_init \n");
    int res;
    uint8_t sn = 0;
    int ret;
    int ret_con;
    int i;
    int cnt;
    char http_get[]= "GET /index.html HTTP/1.1\r\n"
        "Host: www.eff.org\r\n"
        "\r\n";
        char http_get_resp[200];

    //const  int cipher_list[3] = {MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA,0};
    const  int cipher_list[] = {MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA,0};

     //int cipher_list[] = {MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA,0};

/**Creation and initialization of the mbed TLS structures**/

    mbedtls_ssl_context ssl;
    mbedtls_ssl_config conf;
    mbedtls_x509_crt cacert;

    mbedtls_ssl_init( &ssl );
    mbedtls_ssl_config_init( &conf );
    mbedtls_x509_crt_init( &cacert );

    res=mbedtls_ssl_config_defaults(
            &conf,
            MBEDTLS_SSL_IS_CLIENT,
            MBEDTLS_SSL_TRANSPORT_STREAM,
            MBEDTLS_SSL_PRESET_DEFAULT);

    if( res != 0 ){ 
        NRF_LOG_INFO("mbedtls_ssl_config_defaults \r\n ",res);
        NRF_LOG_FLUSH();
        return 1;
    }
    mbedtls_ssl_conf_ciphersuites( &conf, cipher_list);
     mbedtls_ssl_conf_rng(&conf, wrap_rng, NULL);
    res = mbedtls_ssl_setup( &ssl, &conf);
    if( res != 0 ){
        NRF_LOG_INFO("mbedtls_ssl_setup %d \r\n ",res);
        return 1;
    }

    res = mbedtls_x509_crt_parse(&cacert, (const unsigned char*)http_clientcert, strlen(http_clientcert) + 1);
    if( res != 0 ){
        NRF_LOG_INFO("mbedtls_x509_crt_parse %d \r\n ",res);
        return 1;
    }
     mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );
     //swarm-iot.com
    res = mbedtls_ssl_set_hostname( &ssl,"35.154.156.51");

    if( res != 0 ){
        NRF_LOG_INFO( "mbedtls_ssl_set_hostname \r\n ",res);
        return 1;
    }

    /*get sock id and connect it*/
    if(getSn_SR(sn) != SOCK_CLOSED){
            close(sn);
            disconnect(sn);
    }
    while(getSn_SR(sn) != SOCK_CLOSED);

    if( ret = socket(sn, Sn_MR_TCP, any_port++, 0x00) != sn ){
            NRF_LOG_INFO("[PUBLISH]: Socket open failed, reason %d \r\n", ret);
            return;
    }

    for(i=0;i<=10;i++){
      ret_con=connect(sn,ec2_server_ip, 443);

    if(ret_con==SOCK_OK){
        i=10;  
        NRF_LOG_INFO("Socket Connection succ   reason %d \r\n",ret_con);
    }
    nrf_delay_ms(1000);
    NRF_LOG_INFO("Socket Connection    reason %d \r\n",ret_con);
    }

/* TLS connect */
    mbedtls_ssl_set_bio( &ssl, &sn, wrap_send, wrap_recv,NULL);
     ret = mbedtls_ssl_handshake( &ssl );
    if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
        {
            NRF_LOG_INFO( " failed\n  ! mbedtls_ssl_handshake returned -0x%x\n", -ret );
            if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED )
                NRF_LOG_INFO(
                    "    Unable to verify the server's certificate. "
                        "Either it is invalid,\n"
                    "    or you didn't set ca_file or ca_path "
                        "to an appropriate value.\n"
                    "    Alternatively, you may want to use "
                        "auth_mode=optional for testing purposes.\n" );
                        close(sn);
                        return;
        }
        else
        {
            NRF_LOG_INFO(">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> mbedtls_ssl_handshake returned 0x%x\n",ret);
            }

   do
    {
        const mbedtls_x509_crt *peer_cert;
        peer_cert = mbedtls_ssl_get_peer_cert(&ssl);
        if (peer_cert == NULL)
        {
            NRF_LOG_INFO("no peer cert \r\n");
        }
        else
        {
            int n;
            char info_str[200];
            n = mbedtls_x509_crt_info(info_str, sizeof(info_str), "", peer_cert);
            NRF_LOG_INFO("mbedtls_x509_crt_info  %d \r\n",n);
            fputs("Certificate:\n", stderr);
            fputs(info_str, stderr);
            fputs("\n", stderr);  
        }          
    }while(0);

    if (res != 0)
    {
        NRF_LOG_INFO("mbedtls_ssl_handshake  %d \r\n",res);
        close(sn);
        return 1;
    }  

    res = mbedtls_ssl_write(&ssl, (unsigned char *)http_get, strlen(http_get));
    if (res <= 0)
    {
        NRF_LOG_INFO("mbedtls_ssl_write \r\n",res);
        close(sn);
        return 1;
    }
    do
    {
        res = mbedtls_ssl_read(&ssl, (unsigned char *)http_get_resp, sizeof(http_get_resp));
        if (res <= 0){
            NRF_LOG_INFO("mbedtls_ssl_read \r\n",res);
            close(sn);
            return 1;
        }
        fwrite(http_get_resp, res, 1, stdout);
    } while(res == sizeof(http_get_resp)); //TODO: cleaner

    /* TLS disconnect */
    mbedtls_ssl_free(&ssl);
    mbedtls_ssl_config_free(&conf);
    close(sn);
}

============================================================= There could be configuration errors so I have also attached the config.h mbedtls_config_NORDIC.h.zip

Please do let me know how to rectify the error...........

RonEld commented 6 years ago

Hi @tmtpune I have noticed in your configuration file, that you have MBEDTLS_KEY_EXCHANGE_RSA_ENABLED disabled. This means that you can not use MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA as a ciphersuite. Note that using RSA key exchange is not recommended, as it doesn't protect from future secrecy. Of course, there could other issues that cause the server to send the Fatal alert. You should check the logs of your client, and if possible, also server logs.

tmtpune commented 6 years ago

Thank u RonEld...........The suggestion worked.

tmtpune commented 6 years ago

But now i am facing new error.........Earlier i tested the client with a local server with HTTPS connection. Now i am trying to connect to AWS MQTT server using AWS(Amazon web service) issued certificates and keys. I get certificate verification error -0x2700. The error log is as follows:

:INFO:  . Loading the CA root certificate ....... 
:INFO: ok (0 skipped)
:INFO: ..Loading the client cert. and key... 
:INFO: ..strlen(CLcrt) + 1  1221... 
:INFO:ok!
:INFO:In client state:MBEDTLS_SSL_SERVER_CERTIFICATE:ret -9984 
:INFO: failed
  ! mbedtls_ssl_handshake returned -0x2700  ----> MBEDTLS_ERR_X509_CERT_VERIFY_FAILED

Few forums suggest, memory issues could cause such errors or may be certificates might be faulty. But with same certificates, aws python sdk for mqtt client connection is successful without errors. Ant suggestion is appreciated

RonEld commented 6 years ago

Hi @tmtpune I suggest you run the sslclient2 application with debug_level=5. This way you will have more debug information for you to understand reason for certificate failure. there could be several reasons: hostname is not as CN in the server certificate, the certificate is not signed by the proper CA root certificate(check that http_clientcert is valid), your time functions are not set correct so the server certificate validity is expired\future, and more. Once you set the debug_level, you will see the verification flags error. Of course, it could also be a memory issue

tmtpune commented 6 years ago

Hello RinEId,

Please Find Below log.

 ./ssl_client2 server_name=iot.ap-southeast-1.amazonaws.com server_addr=52.76.22.221 server_port=8883 ca_file="VeriSign-Class%203-Public-Primary-Certification-Authority-G5.pem" crt_file="be79e31fd3-certificate.pem.crt" key_file="be79e31fd3-private.pem.key" debug_level=5

  . Seeding the random number generator... ok
  . Loading the CA root certificate ... ok (0 skipped)
  . Loading the client cert. and key... ok
  . Connecting to tcp/52.76.22.221/8883... ok
  . Setting up the SSL/TLS structure...ssl_tls.c:0082: |3| set_timer to 0 ms
 ok
  . Performing the SSL/TLS handshake...ssl_tls.c:6557: |2| => handshake
ssl_cli.c:3363: |2| client state: 0
ssl_tls.c:2416: |2| => flush output
ssl_tls.c:2428: |2| <= flush output
ssl_cli.c:3363: |2| client state: 1
ssl_tls.c:2416: |2| => flush output
ssl_tls.c:2428: |2| <= flush output
ssl_cli.c:0719: |2| => write client hello
ssl_cli.c:0757: |3| client hello, max version: [3:3]
ssl_cli.c:0695: |3| client hello, current time: 1514818798
ssl_cli.c:0766: |3| dumping 'client hello, random bytes' (32 bytes)
ssl_cli.c:0766: |3| 0000:  5a 4a 4c ee 16 ed 49 b3 a2 dc e6 86 78 e6 e8 32  ZJL...I.....x..2
ssl_cli.c:0766: |3| 0010:  cc 8d d1 66 04 47 f1 1b c2 46 89 0e 13 72 b9 8f  ...f.G...F...r..
ssl_cli.c:0819: |3| client hello, session id len.: 0
ssl_cli.c:0820: |3| dumping 'client hello, session id' (0 bytes)
ssl_cli.c:0887: |3| client hello, add ciphersuite: c02c
ssl_cli.c:0887: |3| client hello, add ciphersuite: c030
ssl_cli.c:0887: |3| client hello, add ciphersuite: 009f
ssl_cli.c:0887: |3| client hello, add ciphersuite: c0ad
ssl_cli.c:0887: |3| client hello, add ciphersuite: c09f
ssl_cli.c:0887: |3| client hello, add ciphersuite: c024
ssl_cli.c:0887: |3| client hello, add ciphersuite: c028
ssl_cli.c:0887: |3| client hello, add ciphersuite: 006b
ssl_cli.c:0887: |3| client hello, add ciphersuite: c00a
ssl_cli.c:0887: |3| client hello, add ciphersuite: c014
ssl_cli.c:0887: |3| client hello, add ciphersuite: 0039
ssl_cli.c:0887: |3| client hello, add ciphersuite: c0af
ssl_cli.c:0887: |3| client hello, add ciphersuite: c0a3
ssl_cli.c:0887: |3| client hello, add ciphersuite: c087
ssl_cli.c:0887: |3| client hello, add ciphersuite: c08b
ssl_cli.c:0887: |3| client hello, add ciphersuite: c07d
ssl_cli.c:0887: |3| client hello, add ciphersuite: c073
ssl_cli.c:0887: |3| client hello, add ciphersuite: c077
ssl_cli.c:0887: |3| client hello, add ciphersuite: 00c4
ssl_cli.c:0887: |3| client hello, add ciphersuite: 0088
ssl_cli.c:0887: |3| client hello, add ciphersuite: c02b
ssl_cli.c:0887: |3| client hello, add ciphersuite: c02f
ssl_cli.c:0887: |3| client hello, add ciphersuite: 009e
ssl_cli.c:0887: |3| client hello, add ciphersuite: c0ac
ssl_cli.c:0887: |3| client hello, add ciphersuite: c09e
ssl_cli.c:0887: |3| client hello, add ciphersuite: c023
ssl_cli.c:0887: |3| client hello, add ciphersuite: c027
ssl_cli.c:0887: |3| client hello, add ciphersuite: 0067
ssl_cli.c:0887: |3| client hello, add ciphersuite: c009
ssl_cli.c:0887: |3| client hello, add ciphersuite: c013
ssl_cli.c:0887: |3| client hello, add ciphersuite: 0033
ssl_cli.c:0887: |3| client hello, add ciphersuite: c0ae
ssl_cli.c:0887: |3| client hello, add ciphersuite: c0a2
ssl_cli.c:0887: |3| client hello, add ciphersuite: c086
ssl_cli.c:0887: |3| client hello, add ciphersuite: c08a
ssl_cli.c:0887: |3| client hello, add ciphersuite: c07c
ssl_cli.c:0887: |3| client hello, add ciphersuite: c072
ssl_cli.c:0887: |3| client hello, add ciphersuite: c076
ssl_cli.c:0887: |3| client hello, add ciphersuite: 00be
ssl_cli.c:0887: |3| client hello, add ciphersuite: 0045
ssl_cli.c:0887: |3| client hello, add ciphersuite: c008
ssl_cli.c:0887: |3| client hello, add ciphersuite: c012
ssl_cli.c:0887: |3| client hello, add ciphersuite: 0016
ssl_cli.c:0887: |3| client hello, add ciphersuite: 00ab
ssl_cli.c:0887: |3| client hello, add ciphersuite: c0a7
ssl_cli.c:0887: |3| client hello, add ciphersuite: c038
ssl_cli.c:0887: |3| client hello, add ciphersuite: 00b3
ssl_cli.c:0887: |3| client hello, add ciphersuite: c036
ssl_cli.c:0887: |3| client hello, add ciphersuite: 0091
ssl_cli.c:0887: |3| client hello, add ciphersuite: c091
ssl_cli.c:0887: |3| client hello, add ciphersuite: c09b
ssl_cli.c:0887: |3| client hello, add ciphersuite: c097
ssl_cli.c:0887: |3| client hello, add ciphersuite: c0ab
ssl_cli.c:0887: |3| client hello, add ciphersuite: 00aa
ssl_cli.c:0887: |3| client hello, add ciphersuite: c0a6
ssl_cli.c:0887: |3| client hello, add ciphersuite: c037
ssl_cli.c:0887: |3| client hello, add ciphersuite: 00b2
ssl_cli.c:0887: |3| client hello, add ciphersuite: c035
ssl_cli.c:0887: |3| client hello, add ciphersuite: 0090
ssl_cli.c:0887: |3| client hello, add ciphersuite: c090
ssl_cli.c:0887: |3| client hello, add ciphersuite: c096
ssl_cli.c:0887: |3| client hello, add ciphersuite: c09a
ssl_cli.c:0887: |3| client hello, add ciphersuite: c0aa
ssl_cli.c:0887: |3| client hello, add ciphersuite: c034
ssl_cli.c:0887: |3| client hello, add ciphersuite: 008f
ssl_cli.c:0887: |3| client hello, add ciphersuite: 009d
ssl_cli.c:0887: |3| client hello, add ciphersuite: c09d
ssl_cli.c:0887: |3| client hello, add ciphersuite: 003d
ssl_cli.c:0887: |3| client hello, add ciphersuite: 0035
ssl_cli.c:0887: |3| client hello, add ciphersuite: c032
ssl_cli.c:0887: |3| client hello, add ciphersuite: c02a
ssl_cli.c:0887: |3| client hello, add ciphersuite: c00f
ssl_cli.c:0887: |3| client hello, add ciphersuite: c02e
ssl_cli.c:0887: |3| client hello, add ciphersuite: c026
ssl_cli.c:0887: |3| client hello, add ciphersuite: c005
ssl_cli.c:0887: |3| client hello, add ciphersuite: c0a1
ssl_cli.c:0887: |3| client hello, add ciphersuite: c07b
ssl_cli.c:0887: |3| client hello, add ciphersuite: 00c0
ssl_cli.c:0887: |3| client hello, add ciphersuite: 0084
ssl_cli.c:0887: |3| client hello, add ciphersuite: c08d
ssl_cli.c:0887: |3| client hello, add ciphersuite: c079
ssl_cli.c:0887: |3| client hello, add ciphersuite: c089
ssl_cli.c:0887: |3| client hello, add ciphersuite: c075
ssl_cli.c:0887: |3| client hello, add ciphersuite: 009c
ssl_cli.c:0887: |3| client hello, add ciphersuite: c09c
ssl_cli.c:0887: |3| client hello, add ciphersuite: 003c
ssl_cli.c:0887: |3| client hello, add ciphersuite: 002f
ssl_cli.c:0887: |3| client hello, add ciphersuite: c031
ssl_cli.c:0887: |3| client hello, add ciphersuite: c029
ssl_cli.c:0887: |3| client hello, add ciphersuite: c00e
ssl_cli.c:0887: |3| client hello, add ciphersuite: c02d
ssl_cli.c:0887: |3| client hello, add ciphersuite: c025
ssl_cli.c:0887: |3| client hello, add ciphersuite: c004
ssl_cli.c:0887: |3| client hello, add ciphersuite: c0a0
ssl_cli.c:0887: |3| client hello, add ciphersuite: c07a
ssl_cli.c:0887: |3| client hello, add ciphersuite: 00ba
ssl_cli.c:0887: |3| client hello, add ciphersuite: 0041
ssl_cli.c:0887: |3| client hello, add ciphersuite: c08c
ssl_cli.c:0887: |3| client hello, add ciphersuite: c078
ssl_cli.c:0887: |3| client hello, add ciphersuite: c088
ssl_cli.c:0887: |3| client hello, add ciphersuite: c074
ssl_cli.c:0887: |3| client hello, add ciphersuite: 000a
ssl_cli.c:0887: |3| client hello, add ciphersuite: c00d
ssl_cli.c:0887: |3| client hello, add ciphersuite: c003
ssl_cli.c:0887: |3| client hello, add ciphersuite: 00ad
ssl_cli.c:0887: |3| client hello, add ciphersuite: 00b7
ssl_cli.c:0887: |3| client hello, add ciphersuite: 0095
ssl_cli.c:0887: |3| client hello, add ciphersuite: c093
ssl_cli.c:0887: |3| client hello, add ciphersuite: c099
ssl_cli.c:0887: |3| client hello, add ciphersuite: 00ac
ssl_cli.c:0887: |3| client hello, add ciphersuite: 00b6
ssl_cli.c:0887: |3| client hello, add ciphersuite: 0094
ssl_cli.c:0887: |3| client hello, add ciphersuite: c092
ssl_cli.c:0887: |3| client hello, add ciphersuite: c098
ssl_cli.c:0887: |3| client hello, add ciphersuite: 0093
ssl_cli.c:0887: |3| client hello, add ciphersuite: 00a9
ssl_cli.c:0887: |3| client hello, add ciphersuite: c0a5
ssl_cli.c:0887: |3| client hello, add ciphersuite: 00af
ssl_cli.c:0887: |3| client hello, add ciphersuite: 008d
ssl_cli.c:0887: |3| client hello, add ciphersuite: c08f
ssl_cli.c:0887: |3| client hello, add ciphersuite: c095
ssl_cli.c:0887: |3| client hello, add ciphersuite: c0a9
ssl_cli.c:0887: |3| client hello, add ciphersuite: 00a8
ssl_cli.c:0887: |3| client hello, add ciphersuite: c0a4
ssl_cli.c:0887: |3| client hello, add ciphersuite: 00ae
ssl_cli.c:0887: |3| client hello, add ciphersuite: 008c
ssl_cli.c:0887: |3| client hello, add ciphersuite: c08e
ssl_cli.c:0887: |3| client hello, add ciphersuite: c094
ssl_cli.c:0887: |3| client hello, add ciphersuite: c0a8
ssl_cli.c:0887: |3| client hello, add ciphersuite: 008b
ssl_cli.c:0920: |3| client hello, got 131 ciphersuites
ssl_cli.c:0951: |3| client hello, compress len.: 1
ssl_cli.c:0953: |3| client hello, compress alg.: 0
ssl_cli.c:0072: |3| client hello, adding server name extension: iot.ap-southeast-1.amazonaws.com
ssl_cli.c:0178: |3| client hello, adding signature_algorithms extension
ssl_cli.c:0263: |3| client hello, adding supported_elliptic_curves extension
ssl_cli.c:0328: |3| client hello, adding supported_point_formats extension
ssl_cli.c:0510: |3| client hello, adding encrypt_then_mac extension
ssl_cli.c:0544: |3| client hello, adding extended_master_secret extension
ssl_cli.c:0577: |3| client hello, adding session ticket extension
ssl_cli.c:1025: |3| client hello, total extension length: 113
ssl_tls.c:2701: |2| => write record
ssl_tls.c:2838: |3| output record: msgtype = 22, version = [3:1], msglen = 420
ssl_tls.c:2841: |4| dumping 'output record sent to network' (425 bytes)
ssl_tls.c:2841: |4| 0000:  16 03 01 01 a4 01 00 01 a0 03 03 5a 4a 4c ee 16  ...........ZJL..
ssl_tls.c:2841: |4| 0010:  ed 49 b3 a2 dc e6 86 78 e6 e8 32 cc 8d d1 66 04  .I.....x..2...f.
ssl_tls.c:2841: |4| 0020:  47 f1 1b c2 46 89 0e 13 72 b9 8f 00 01 06 c0 2c  G...F...r......,
ssl_tls.c:2841: |4| 0030:  c0 30 00 9f c0 ad c0 9f c0 24 c0 28 00 6b c0 0a  .0.......$.(.k..
ssl_tls.c:2841: |4| 0040:  c0 14 00 39 c0 af c0 a3 c0 87 c0 8b c0 7d c0 73  ...9.........}.s
ssl_tls.c:2841: |4| 0050:  c0 77 00 c4 00 88 c0 2b c0 2f 00 9e c0 ac c0 9e  .w.....+./......
ssl_tls.c:2841: |4| 0060:  c0 23 c0 27 00 67 c0 09 c0 13 00 33 c0 ae c0 a2  .#.'.g.....3....
ssl_tls.c:2841: |4| 0070:  c0 86 c0 8a c0 7c c0 72 c0 76 00 be 00 45 c0 08  .....|.r.v...E..
ssl_tls.c:2841: |4| 0080:  c0 12 00 16 00 ab c0 a7 c0 38 00 b3 c0 36 00 91  .........8...6..
ssl_tls.c:2841: |4| 0090:  c0 91 c0 9b c0 97 c0 ab 00 aa c0 a6 c0 37 00 b2  .............7..
ssl_tls.c:2841: |4| 00a0:  c0 35 00 90 c0 90 c0 96 c0 9a c0 aa c0 34 00 8f  .5...........4..
ssl_tls.c:2841: |4| 00b0:  00 9d c0 9d 00 3d 00 35 c0 32 c0 2a c0 0f c0 2e  .....=.5.2.*....
ssl_tls.c:2841: |4| 00c0:  c0 26 c0 05 c0 a1 c0 7b 00 c0 00 84 c0 8d c0 79  .&.....{.......y
ssl_tls.c:2841: |4| 00d0:  c0 89 c0 75 00 9c c0 9c 00 3c 00 2f c0 31 c0 29  ...u.....<./.1.)
ssl_tls.c:2841: |4| 00e0:  c0 0e c0 2d c0 25 c0 04 c0 a0 c0 7a 00 ba 00 41  ...-.%.....z...A
ssl_tls.c:2841: |4| 00f0:  c0 8c c0 78 c0 88 c0 74 00 0a c0 0d c0 03 00 ad  ...x...t........
ssl_tls.c:2841: |4| 0100:  00 b7 00 95 c0 93 c0 99 00 ac 00 b6 00 94 c0 92  ................
ssl_tls.c:2841: |4| 0110:  c0 98 00 93 00 a9 c0 a5 00 af 00 8d c0 8f c0 95  ................
ssl_tls.c:2841: |4| 0120:  c0 a9 00 a8 c0 a4 00 ae 00 8c c0 8e c0 94 c0 a8  ................
ssl_tls.c:2841: |4| 0130:  00 8b 00 ff 01 00 00 71 00 00 00 25 00 23 00 00  .......q...%.#..
ssl_tls.c:2841: |4| 0140:  20 69 6f 74 2e 61 70 2d 73 6f 75 74 68 65 61 73   iot.ap-southeas
ssl_tls.c:2841: |4| 0150:  74 2d 31 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f  t-1.amazonaws.co
ssl_tls.c:2841: |4| 0160:  6d 00 0d 00 16 00 14 06 03 06 01 05 03 05 01 04  m...............
ssl_tls.c:2841: |4| 0170:  03 04 01 03 03 03 01 02 03 02 01 00 0a 00 18 00  ................
ssl_tls.c:2841: |4| 0180:  16 00 19 00 1c 00 18 00 1b 00 17 00 16 00 1a 00  ................
ssl_tls.c:2841: |4| 0190:  15 00 14 00 13 00 12 00 0b 00 02 01 00 00 16 00  ................
ssl_tls.c:2841: |4| 01a0:  00 00 17 00 00 00 23 00 00                       ......#..
ssl_tls.c:2416: |2| => flush output
ssl_tls.c:2435: |2| message length: 425, out_left: 425
ssl_tls.c:2441: |2| ssl->f_send() returned 425 (-0xfffffe57)
ssl_tls.c:2460: |2| <= flush output
ssl_tls.c:2850: |2| <= write record
ssl_cli.c:1051: |2| <= write client hello
ssl_cli.c:3363: |2| client state: 2
ssl_tls.c:2416: |2| => flush output
ssl_tls.c:2428: |2| <= flush output
ssl_cli.c:1447: |2| => parse server hello
ssl_tls.c:3721: |2| => read record
ssl_tls.c:2208: |2| => fetch input
ssl_tls.c:2366: |2| in_left: 0, nb_want: 5
ssl_tls.c:2390: |2| in_left: 0, nb_want: 5
ssl_tls.c:2391: |2| ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
ssl_tls.c:2403: |2| <= fetch input
ssl_tls.c:3478: |4| dumping 'input record header' (5 bytes)
ssl_tls.c:3478: |4| 0000:  16 03 03 0a 6f                                   ....o
ssl_tls.c:3487: |3| input record: msgtype = 22, version = [3:3], msglen = 2671
ssl_tls.c:2208: |2| => fetch input
ssl_tls.c:2366: |2| in_left: 5, nb_want: 2676
ssl_tls.c:2390: |2| in_left: 5, nb_want: 2676
ssl_tls.c:2391: |2| ssl->f_recv(_timeout)() returned 2671 (-0xfffff591)
ssl_tls.c:2403: |2| <= fetch input
ssl_tls.c:3650: |4| dumping 'input record from network' (2676 bytes)
ssl_tls.c:3650: |4| 0000:  16 03 03 0a 6f 02 00 00 4d 03 03 5a 4a 4c ee 86  ....o...M..ZJL..
ssl_tls.c:3650: |4| 0010:  40 d8 4c 5d bb 40 00 9c c3 c8 4c b9 9f e0 cc 17  @.L].@....L.....
ssl_tls.c:3650: |4| 0020:  4e 4f 2b dd 23 0c a8 74 da 13 b5 20 5a 4a 4c ee  NO+.#..t... ZJL.
ssl_tls.c:3650: |4| 0030:  f2 6a 36 72 fa 7c bc 01 b2 e2 4f 56 a0 7c cc 2b  .j6r.|....OV.|.+
ssl_tls.c:3650: |4| 0040:  7e 10 fc 43 98 b5 f7 fa c7 d5 06 25 c0 2c 00 00  ~..C.......%.,..
ssl_tls.c:3650: |4| 0050:  05 ff 01 00 01 00 0b 00 09 18 00 09 15 00 04 a1  ................
ssl_tls.c:3650: |4| 0060:  30 82 04 9d 30 82 04 43 a0 03 02 01 02 02 10 20  0...0..C....... 
ssl_tls.c:3650: |4| 0070:  f1 8e ac 7a 4c 33 e9 b8 ad 83 09 87 98 61 d5 30  ...zL3.......a.0
ssl_tls.c:3650: |4| 0080:  0a 06 08 2a 86 48 ce 3d 04 03 02 30 81 80 31 0b  ...*.H.=...0..1.
ssl_tls.c:3650: |4| 0090:  30 09 06 03 55 04 06 13 02 55 53 31 1d 30 1b 06  0...U....US1.0..
ssl_tls.c:3650: |4| 00a0:  03 55 04 0a 13 14 53 79 6d 61 6e 74 65 63 20 43  .U....Symantec C
ssl_tls.c:3650: |4| 00b0:  6f 72 70 6f 72 61 74 69 6f 6e 31 1f 30 1d 06 03  orporation1.0...
ssl_tls.c:3650: |4| 00c0:  55 04 0b 13 16 53 79 6d 61 6e 74 65 63 20 54 72  U....Symantec Tr
ssl_tls.c:3650: |4| 00d0:  75 73 74 20 4e 65 74 77 6f 72 6b 31 31 30 2f 06  ust Network110/.
ssl_tls.c:3650: |4| 00e0:  03 55 04 03 13 28 53 79 6d 61 6e 74 65 63 20 43  .U...(Symantec C
ssl_tls.c:3650: |4| 00f0:  6c 61 73 73 20 33 20 45 43 43 20 32 35 36 20 62  lass 3 ECC 256 b
ssl_tls.c:3650: |4| 0100:  69 74 20 53 53 4c 20 43 41 20 2d 20 47 32 30 1e  it SSL CA - G20.
ssl_tls.c:3650: |4| 0110:  17 0d 31 37 30 33 30 37 30 30 30 30 30 30 5a 17  ..170307000000Z.
ssl_tls.c:3650: |4| 0120:  0d 31 38 30 33 30 38 32 33 35 39 35 39 5a 30 7c  .180308235959Z0|
ssl_tls.c:3650: |4| 0130:  31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30  1.0...U....US1.0
ssl_tls.c:3650: |4| 0140:  11 06 03 55 04 08 0c 0a 57 61 73 68 69 6e 67 74  ...U....Washingt
ssl_tls.c:3650: |4| 0150:  6f 6e 31 10 30 0e 06 03 55 04 07 0c 07 53 65 61  on1.0...U....Sea
ssl_tls.c:3650: |4| 0160:  74 74 6c 65 31 19 30 17 06 03 55 04 0a 0c 10 41  ttle1.0...U....A
ssl_tls.c:3650: |4| 0170:  6d 61 7a 6f 6e 2e 63 6f 6d 2c 20 49 6e 63 2e 31  mazon.com, Inc.1
ssl_tls.c:3650: |4| 0180:  2b 30 29 06 03 55 04 03 0c 22 2a 2e 69 6f 74 2e  +0)..U..."*.iot.
ssl_tls.c:3650: |4| 0190:  61 70 2d 73 6f 75 74 68 65 61 73 74 2d 31 2e 61  ap-southeast-1.a
ssl_tls.c:3650: |4| 01a0:  6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 30 59 30 13  mazonaws.com0Y0.
ssl_tls.c:3650: |4| 01b0:  06 07 2a 86 48 ce 3d 02 01 06 08 2a 86 48 ce 3d  ..*.H.=....*.H.=
ssl_tls.c:3650: |4| 01c0:  03 01 07 03 42 00 04 8d 14 06 12 da fe 33 36 58  ....B........36X
ssl_tls.c:3650: |4| 01d0:  2c 72 e1 31 aa 54 c2 5b 19 1c d7 66 4f 7f 02 bf  ,r.1.T.[...fO...
ssl_tls.c:3650: |4| 01e0:  b0 e4 48 01 ca 65 ba e2 55 9b 16 b8 9f c3 0d 52  ..H..e..U......R
ssl_tls.c:3650: |4| 01f0:  ef f5 31 25 85 4d 63 e0 74 95 81 ce ba b2 39 fe  ..1%.Mc.t.....9.
ssl_tls.c:3650: |4| 0200:  b9 1b f3 8a 6d 81 e5 a3 82 02 a0 30 82 02 9c 30  ....m......0...0
ssl_tls.c:3650: |4| 0210:  4f 06 03 55 1d 11 04 48 30 46 82 20 69 6f 74 2e  O..U...H0F. iot.
ssl_tls.c:3650: |4| 0220:  61 70 2d 73 6f 75 74 68 65 61 73 74 2d 31 2e 61  ap-southeast-1.a
ssl_tls.c:3650: |4| 0230:  6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 82 22 2a 2e  mazonaws.com."*.
ssl_tls.c:3650: |4| 0240:  69 6f 74 2e 61 70 2d 73 6f 75 74 68 65 61 73 74  iot.ap-southeast
ssl_tls.c:3650: |4| 0250:  2d 31 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d  -1.amazonaws.com
ssl_tls.c:3650: |4| 0260:  30 09 06 03 55 1d 13 04 02 30 00 30 0e 06 03 55  0...U....0.0...U
ssl_tls.c:3650: |4| 0270:  1d 0f 01 01 ff 04 04 03 02 07 80 30 1d 06 03 55  ...........0...U
ssl_tls.c:3650: |4| 0280:  1d 25 04 16 30 14 06 08 2b 06 01 05 05 07 03 01  .%..0...+.......
ssl_tls.c:3650: |4| 0290:  06 08 2b 06 01 05 05 07 03 02 30 61 06 03 55 1d  ..+.......0a..U.
ssl_tls.c:3650: |4| 02a0:  20 04 5a 30 58 30 56 06 06 67 81 0c 01 02 02 30   .Z0X0V..g.....0
ssl_tls.c:3650: |4| 02b0:  4c 30 23 06 08 2b 06 01 05 05 07 02 01 16 17 68  L0#..+.........h
ssl_tls.c:3650: |4| 02c0:  74 74 70 73 3a 2f 2f 64 2e 73 79 6d 63 62 2e 63  ttps://d.symcb.c
ssl_tls.c:3650: |4| 02d0:  6f 6d 2f 63 70 73 30 25 06 08 2b 06 01 05 05 07  om/cps0%..+.....
ssl_tls.c:3650: |4| 02e0:  02 02 30 19 0c 17 68 74 74 70 73 3a 2f 2f 64 2e  ..0...https://d.
ssl_tls.c:3650: |4| 02f0:  73 79 6d 63 62 2e 63 6f 6d 2f 72 70 61 30 1f 06  symcb.com/rpa0..
ssl_tls.c:3650: |4| 0300:  03 55 1d 23 04 18 30 16 80 14 25 f0 8a e1 4b 7a  .U.#..0...%...Kz
ssl_tls.c:3650: |4| 0310:  d9 01 95 0a ed c6 53 f1 8c 78 1f d9 f3 f8 30 2b  ......S..x....0+
ssl_tls.c:3650: |4| 0320:  06 03 55 1d 1f 04 24 30 22 30 20 a0 1e a0 1c 86  ..U...$0"0 .....
ssl_tls.c:3650: |4| 0330:  1a 68 74 74 70 3a 2f 2f 72 63 2e 73 79 6d 63 62  .http://rc.symcb
ssl_tls.c:3650: |4| 0340:  2e 63 6f 6d 2f 72 63 2e 63 72 6c 30 57 06 08 2b  .com/rc.crl0W..+
ssl_tls.c:3650: |4| 0350:  06 01 05 05 07 01 01 04 4b 30 49 30 1f 06 08 2b  ........K0I0...+
ssl_tls.c:3650: |4| 0360:  06 01 05 05 07 30 01 86 13 68 74 74 70 3a 2f 2f  .....0...http://
ssl_tls.c:3650: |4| 0370:  72 63 2e 73 79 6d 63 64 2e 63 6f 6d 30 26 06 08  rc.symcd.com0&..
ssl_tls.c:3650: |4| 0380:  2b 06 01 05 05 07 30 02 86 1a 68 74 74 70 3a 2f  +.....0...http:/
ssl_tls.c:3650: |4| 0390:  2f 72 63 2e 73 79 6d 63 62 2e 63 6f 6d 2f 72 63  /rc.symcb.com/rc
ssl_tls.c:3650: |4| 03a0:  2e 63 72 74 30 82 01 03 06 0a 2b 06 01 04 01 d6  .crt0.....+.....
ssl_tls.c:3650: |4| 03b0:  79 02 04 02 04 81 f4 04 81 f1 00 ef 00 76 00 dd  y............v..
ssl_tls.c:3650: |4| 03c0:  eb 1d 2b 7a 0d 4f a6 20 8b 81 ad 81 68 70 7e 2e  ..+z.O. ....hp~.
ssl_tls.c:3650: |4| 03d0:  8e 9d 01 d5 5c 88 8d 3d 11 c4 cd b6 ec be cc 00  ....\..=........
ssl_tls.c:3650: |4| 03e0:  00 01 5a a8 89 8d 57 00 00 04 03 00 47 30 45 02  ..Z...W.....G0E.
ssl_tls.c:3650: |4| 03f0:  21 00 db 11 0d 1d 3e b9 54 ef 99 35 eb 8f d1 da  !.....>.T..5....
ssl_tls.c:3650: |4| 0400:  44 5c 92 84 a0 cc de 55 69 98 24 e0 f0 9f ec a2  D\.....Ui.$.....
ssl_tls.c:3650: |4| 0410:  fa 19 02 20 3c f4 d5 7b b1 18 87 e3 d3 06 b3 45  ... <..{.......E
ssl_tls.c:3650: |4| 0420:  42 66 db d3 5d 4e 9e 07 35 93 16 05 0e c3 68 dd  Bf..]N..5.....h.
ssl_tls.c:3650: |4| 0430:  94 e3 76 e0 00 75 00 a4 b9 09 90 b4 18 58 14 87  ..v..u.......X..
ssl_tls.c:3650: |4| 0440:  bb 13 a2 cc 67 70 0a 3c 35 98 04 f9 1b df b8 e3  ....gp.<5.......
ssl_tls.c:3650: |4| 0450:  77 cd 0e c8 0d dc 10 00 00 01 5a a8 89 8e 0b 00  w.........Z.....
ssl_tls.c:3650: |4| 0460:  00 04 03 00 46 30 44 02 20 4d bc a2 45 9b 21 9e  ....F0D. M..E.!.
ssl_tls.c:3650: |4| 0470:  64 7f 4b d7 95 87 a0 26 4a 25 33 54 78 2c e1 ea  d.K....&J%3Tx,..
ssl_tls.c:3650: |4| 0480:  a0 f2 dd 30 3c 58 27 d9 99 02 20 2f b1 7e 48 a8  ...0<X'... /.~H.
ssl_tls.c:3650: |4| 0490:  54 7f 81 08 9c 22 1a 20 3f 22 70 d0 95 47 5b c8  T....". ?"p..G[.
ssl_tls.c:3650: |4| 04a0:  a5 41 2b f4 17 f0 af e4 28 d7 1e 30 0a 06 08 2a  .A+.....(..0...*
ssl_tls.c:3650: |4| 04b0:  86 48 ce 3d 04 03 02 03 48 00 30 45 02 20 57 85  .H.=....H.0E. W.
ssl_tls.c:3650: |4| 04c0:  ef 04 bf 57 6b d8 b1 13 b4 c2 39 98 24 63 e8 57  ...Wk.....9.$c.W
ssl_tls.c:3650: |4| 04d0:  0d 40 e4 04 00 8b f7 3c b8 df 76 61 e3 1b 02 21  .@.....<..va...!
ssl_tls.c:3650: |4| 04e0:  00 80 97 fd 3d 87 a4 d8 ad e5 1d cb c9 79 d9 f9  ....=........y..
ssl_tls.c:3650: |4| 04f0:  9a ef c1 c9 a7 0c 68 cc 70 7f 33 0e 60 0a 99 9a  ......h.p.3.`...
ssl_tls.c:3650: |4| 0500:  91 00 04 6e 30 82 04 6a 30 82 03 52 a0 03 02 01  ...n0..j0..R....
ssl_tls.c:3650: |4| 0510:  02 02 10 3f 92 87 be 9d 1d a4 a3 7a 9d f6 28 2e  ...?.......z..(.
ssl_tls.c:3650: |4| 0520:  77 5a c4 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b  wZ.0...*.H......
ssl_tls.c:3650: |4| 0530:  05 00 30 81 ca 31 0b 30 09 06 03 55 04 06 13 02  ..0..1.0...U....
ssl_tls.c:3650: |4| 0540:  55 53 31 17 30 15 06 03 55 04 0a 13 0e 56 65 72  US1.0...U....Ver
ssl_tls.c:3650: |4| 0550:  69 53 69 67 6e 2c 20 49 6e 63 2e 31 1f 30 1d 06  iSign, Inc.1.0..
ssl_tls.c:3650: |4| 0560:  03 55 04 0b 13 16 56 65 72 69 53 69 67 6e 20 54  .U....VeriSign T
ssl_tls.c:3650: |4| 0570:  72 75 73 74 20 4e 65 74 77 6f 72 6b 31 3a 30 38  rust Network1:08
ssl_tls.c:3650: |4| 0580:  06 03 55 04 0b 13 31 28 63 29 20 32 30 30 36 20  ..U...1(c) 2006 
ssl_tls.c:3650: |4| 0590:  56 65 72 69 53 69 67 6e 2c 20 49 6e 63 2e 20 2d  VeriSign, Inc. -
ssl_tls.c:3650: |4| 05a0:  20 46 6f 72 20 61 75 74 68 6f 72 69 7a 65 64 20   For authorized 
ssl_tls.c:3650: |4| 05b0:  75 73 65 20 6f 6e 6c 79 31 45 30 43 06 03 55 04  use only1E0C..U.
ssl_tls.c:3650: |4| 05c0:  03 13 3c 56 65 72 69 53 69 67 6e 20 43 6c 61 73  ..<VeriSign Clas
ssl_tls.c:3650: |4| 05d0:  73 20 33 20 50 75 62 6c 69 63 20 50 72 69 6d 61  s 3 Public Prima
ssl_tls.c:3650: |4| 05e0:  72 79 20 43 65 72 74 69 66 69 63 61 74 69 6f 6e  ry Certification
ssl_tls.c:3650: |4| 05f0:  20 41 75 74 68 6f 72 69 74 79 20 2d 20 47 35 30   Authority - G50
ssl_tls.c:3650: |4| 0600:  1e 17 0d 31 35 30 35 31 32 30 30 30 30 30 30 5a  ...150512000000Z
ssl_tls.c:3650: |4| 0610:  17 0d 32 35 30 35 31 31 32 33 35 39 35 39 5a 30  ..250511235959Z0
ssl_tls.c:3650: |4| 0620:  81 80 31 0b 30 09 06 03 55 04 06 13 02 55 53 31  ..1.0...U....US1
ssl_tls.c:3650: |4| 0630:  1d 30 1b 06 03 55 04 0a 13 14 53 79 6d 61 6e 74  .0...U....Symant
ssl_tls.c:3650: |4| 0640:  65 63 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 1f  ec Corporation1.
ssl_tls.c:3650: |4| 0650:  30 1d 06 03 55 04 0b 13 16 53 79 6d 61 6e 74 65  0...U....Symante
ssl_tls.c:3650: |4| 0660:  63 20 54 72 75 73 74 20 4e 65 74 77 6f 72 6b 31  c Trust Network1
ssl_tls.c:3650: |4| 0670:  31 30 2f 06 03 55 04 03 13 28 53 79 6d 61 6e 74  10/..U...(Symant
ssl_tls.c:3650: |4| 0680:  65 63 20 43 6c 61 73 73 20 33 20 45 43 43 20 32  ec Class 3 ECC 2
ssl_tls.c:3650: |4| 0690:  35 36 20 62 69 74 20 53 53 4c 20 43 41 20 2d 20  56 bit SSL CA - 
ssl_tls.c:3650: |4| 06a0:  47 32 30 59 30 13 06 07 2a 86 48 ce 3d 02 01 06  G20Y0...*.H.=...
ssl_tls.c:3650: |4| 06b0:  08 2a 86 48 ce 3d 03 01 07 03 42 00 04 0f 1b a4  .*.H.=....B.....
ssl_tls.c:3650: |4| 06c0:  91 d7 e7 ac e7 d1 4e 4e b7 64 5b e1 8f 7f 6e 04  ......NN.d[...n.
ssl_tls.c:3650: |4| 06d0:  d3 ab 38 db 44 b7 40 5c 6d bd 96 96 37 df 79 89  ..8.D.@\m...7.y.
ssl_tls.c:3650: |4| 06e0:  86 67 f7 b1 1f 08 9e fd 63 3b 46 8c 9f bd 53 e8  .g......c;F...S.
ssl_tls.c:3650: |4| 06f0:  15 dc 97 3e 2b 81 46 ad 86 7f 0e 01 39 a3 82 01  ...>+.F.....9...
ssl_tls.c:3650: |4| 0700:  5d 30 82 01 59 30 2e 06 08 2b 06 01 05 05 07 01  ]0..Y0...+......
ssl_tls.c:3650: |4| 0710:  01 04 22 30 20 30 1e 06 08 2b 06 01 05 05 07 30  .."0 0...+.....0
ssl_tls.c:3650: |4| 0720:  01 86 12 68 74 74 70 3a 2f 2f 73 2e 73 79 6d 63  ...http://s.symc
ssl_tls.c:3650: |4| 0730:  64 2e 63 6f 6d 30 12 06 03 55 1d 13 01 01 ff 04  d.com0...U......
ssl_tls.c:3650: |4| 0740:  08 30 06 01 01 ff 02 01 00 30 65 06 03 55 1d 20  .0.......0e..U. 
ssl_tls.c:3650: |4| 0750:  04 5e 30 5c 30 5a 06 0a 60 86 48 01 86 f8 45 01  .^0\0Z..`.H...E.
ssl_tls.c:3650: |4| 0760:  07 36 30 4c 30 23 06 08 2b 06 01 05 05 07 02 01  .60L0#..+.......
ssl_tls.c:3650: |4| 0770:  16 17 68 74 74 70 73 3a 2f 2f 64 2e 73 79 6d 63  ..https://d.symc
ssl_tls.c:3650: |4| 0780:  62 2e 63 6f 6d 2f 63 70 73 30 25 06 08 2b 06 01  b.com/cps0%..+..
ssl_tls.c:3650: |4| 0790:  05 05 07 02 02 30 19 1a 17 68 74 74 70 73 3a 2f  .....0...https:/
ssl_tls.c:3650: |4| 07a0:  2f 64 2e 73 79 6d 63 62 2e 63 6f 6d 2f 72 70 61  /d.symcb.com/rpa
ssl_tls.c:3650: |4| 07b0:  30 2f 06 03 55 1d 1f 04 28 30 26 30 24 a0 22 a0  0/..U...(0&0$.".
ssl_tls.c:3650: |4| 07c0:  20 86 1e 68 74 74 70 3a 2f 2f 73 2e 73 79 6d 63   ..http://s.symc
ssl_tls.c:3650: |4| 07d0:  62 2e 63 6f 6d 2f 70 63 61 33 2d 67 35 2e 63 72  b.com/pca3-g5.cr
ssl_tls.c:3650: |4| 07e0:  6c 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 01  l0...U..........
ssl_tls.c:3650: |4| 07f0:  06 30 2b 06 03 55 1d 11 04 24 30 22 a4 20 30 1e  .0+..U...$0". 0.
ssl_tls.c:3650: |4| 0800:  31 1c 30 1a 06 03 55 04 03 13 13 53 59 4d 43 2d  1.0...U....SYMC-
ssl_tls.c:3650: |4| 0810:  45 43 43 2d 43 41 2d 70 32 35 36 2d 32 32 30 1d  ECC-CA-p256-220.
ssl_tls.c:3650: |4| 0820:  06 03 55 1d 0e 04 16 04 14 25 f0 8a e1 4b 7a d9  ..U......%...Kz.
ssl_tls.c:3650: |4| 0830:  01 95 0a ed c6 53 f1 8c 78 1f d9 f3 f8 30 1f 06  .....S..x....0..
ssl_tls.c:3650: |4| 0840:  03 55 1d 23 04 18 30 16 80 14 7f d3 65 a7 c2 dd  .U.#..0.....e...
ssl_tls.c:3650: |4| 0850:  ec bb f0 30 09 f3 43 39 fa 02 af 33 31 33 30 0d  ...0..C9...3130.
ssl_tls.c:3650: |4| 0860:  06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01  ..*.H...........
ssl_tls.c:3650: |4| 0870:  01 00 0c 30 65 17 05 a5 93 75 a2 f1 b1 31 ad 70  ...0e....u...1.p
ssl_tls.c:3650: |4| 0880:  1f e7 6a a8 c8 42 b2 ef a1 5f 4d 1b ee cc a0 7a  ..j..B..._M....z
ssl_tls.c:3650: |4| 0890:  46 77 fe bd 75 9f e1 db 33 b2 ee c1 85 50 7a 06  Fw..u...3....Pz.
ssl_tls.c:3650: |4| 08a0:  ff 41 c6 44 0f 6b c5 3f f9 c3 91 a4 11 52 15 93  .A.D.k.?.....R..
ssl_tls.c:3650: |4| 08b0:  1b 56 c8 85 96 ab aa ec e0 24 d9 b7 c0 5e 8f f2  .V.......$...^..
ssl_tls.c:3650: |4| 08c0:  87 61 16 e8 8e d1 03 52 40 93 65 24 cb 88 2b e0  .a.....R@.e$..+.
ssl_tls.c:3650: |4| 08d0:  b8 fc af 8a 75 e0 c7 2f 8b 1d 3f 8f 99 db 44 7d  ....u../..?...D}
ssl_tls.c:3650: |4| 08e0:  7b 2f 71 d6 de 05 25 94 62 93 ac 0d 8b c3 da 13  {/q...%.b.......
ssl_tls.c:3650: |4| 08f0:  6d cf d7 70 39 de 67 06 8b 0c 02 99 9d c6 df b3  m..p9.g.........
ssl_tls.c:3650: |4| 0900:  ec b4 32 66 ef 30 32 77 c8 d5 4e 88 30 ef 91 5a  ..2f.02w..N.0..Z
ssl_tls.c:3650: |4| 0910:  8c 31 67 cb b2 d2 8b 30 74 56 1d df 69 7d c5 ef  .1g....0tV..i}..
ssl_tls.c:3650: |4| 0920:  9a 00 4f e4 cb d6 a5 2e ef cc f6 9b f1 89 42 ae  ..O...........B.
ssl_tls.c:3650: |4| 0930:  7e a1 c9 46 00 c1 28 0e ae 0e 31 cb 30 f5 fe fe  ~..F..(...1.0...
ssl_tls.c:3650: |4| 0940:  7c 57 68 d0 8f 5f 74 88 e0 a5 59 d6 cb 47 43 f5  |Wh.._t...Y..GC.
ssl_tls.c:3650: |4| 0950:  39 a0 d9 4c 74 73 7d ba 60 2f 95 4d f5 de 0d 08  9..Lts}.`/.M....
ssl_tls.c:3650: |4| 0960:  80 9a e3 b1 0d a7 21 d7 fd 76 c7 4f fb a9 6b 98  ......!..v.O..k.
ssl_tls.c:3650: |4| 0970:  fe ec 0c 00 00 d4 03 00 19 85 04 01 7e ef c8 ff  ............~...
ssl_tls.c:3650: |4| 0980:  40 0a be 76 99 0d 4c 50 0f d6 4b 35 99 98 92 d9  @..v..LP..K5....
ssl_tls.c:3650: |4| 0990:  4b ef fe 61 48 5d 3d 9a 3e a2 4d 7b 6c 0f f4 6f  K..aH]=.>.M{l..o
ssl_tls.c:3650: |4| 09a0:  5f 55 ed d2 b3 53 98 7c 12 83 d4 9b c9 4b 15 80  _U...S.|.....K..
ssl_tls.c:3650: |4| 09b0:  d2 ba b2 0f 8c cd 9d 07 c4 82 33 13 52 01 a9 9d  ..........3.R...
ssl_tls.c:3650: |4| 09c0:  3f 99 56 cf e6 f6 96 89 0f 77 1d ba 06 43 a9 64  ?.V......w...C.d
ssl_tls.c:3650: |4| 09d0:  1d 34 7a 66 4b 2a 97 50 fe 6f 05 f3 1d a4 e7 af  .4zfK*.P.o......
ssl_tls.c:3650: |4| 09e0:  8a 83 f5 63 d0 34 16 35 d7 b5 fb 79 51 48 85 12  ...c.4.5...yQH..
ssl_tls.c:3650: |4| 09f0:  0d 69 2f 1c 05 04 11 84 f3 35 53 c9 95 34 46 06  .i/......5S..4F.
ssl_tls.c:3650: |4| 0a00:  03 00 47 30 45 02 20 2d 96 cc 6b 82 41 ce 1b 55  ..G0E. -..k.A..U
ssl_tls.c:3650: |4| 0a10:  ff 8a 66 2a d3 bd 1d d0 b6 2e b7 62 d0 a0 1f a2  ..f*.......b....
ssl_tls.c:3650: |4| 0a20:  e5 44 d7 6c 74 65 a2 02 21 00 9b 30 ae 91 90 1c  .D.lte..!..0....
ssl_tls.c:3650: |4| 0a30:  63 5c 81 fd ec b3 ab e0 6c 33 31 a3 cc 81 91 bc  c\......l31.....
ssl_tls.c:3650: |4| 0a40:  95 84 3a 29 2d 93 a4 9f 93 c2 0d 00 00 22 03 01  ..:)-........"..
ssl_tls.c:3650: |4| 0a50:  02 40 00 1a 06 03 06 01 05 03 05 01 04 03 04 01  .@..............
ssl_tls.c:3650: |4| 0a60:  04 02 03 03 03 01 03 02 02 03 02 01 02 02 00 00  ................
ssl_tls.c:3650: |4| 0a70:  0e 00 00 00                                      ....
ssl_tls.c:3089: |3| handshake message: msglen = 2671, type = 2, hslen = 81
ssl_tls.c:3754: |2| <= read record
ssl_cli.c:1527: |3| dumping 'server hello, version' (2 bytes)
ssl_cli.c:1527: |3| 0000:  03 03                                            ..
ssl_cli.c:1553: |3| server hello, current time: 1514818798
ssl_cli.c:1560: |3| dumping 'server hello, random bytes' (32 bytes)
ssl_cli.c:1560: |3| 0000:  5a 4a 4c ee 86 40 d8 4c 5d bb 40 00 9c c3 c8 4c  ZJL..@.L].@....L
ssl_cli.c:1560: |3| 0010:  b9 9f e0 cc 17 4e 4f 2b dd 23 0c a8 74 da 13 b5  .....NO+.#..t...
ssl_cli.c:1640: |3| server hello, session id len.: 32
ssl_cli.c:1641: |3| dumping 'server hello, session id' (32 bytes)
ssl_cli.c:1641: |3| 0000:  5a 4a 4c ee f2 6a 36 72 fa 7c bc 01 b2 e2 4f 56  ZJL..j6r.|....OV
ssl_cli.c:1641: |3| 0010:  a0 7c cc 2b 7e 10 fc 43 98 b5 f7 fa c7 d5 06 25  .|.+~..C.......%
ssl_cli.c:1679: |3| no session has been resumed
ssl_cli.c:1681: |3| server hello, chosen ciphersuite: c02c
ssl_cli.c:1682: |3| server hello, compress alg.: 0
ssl_cli.c:1698: |3| server hello, chosen ciphersuite: TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
ssl_cli.c:1733: |2| server hello, total extension length: 5
ssl_cli.c:1753: |3| found renegotiation extension
ssl_cli.c:1922: |2| <= parse server hello
ssl_cli.c:3363: |2| client state: 3
ssl_tls.c:2416: |2| => flush output
ssl_tls.c:2428: |2| <= flush output
ssl_tls.c:4320: |2| => parse certificate
ssl_tls.c:3721: |2| => read record
ssl_tls.c:3832: |4| dumping 'remaining content in record' (2590 bytes)
ssl_tls.c:3832: |4| 0000:  0b 00 09 18 00 09 15 00 04 a1 30 82 04 9d 30 82  ..........0...0.
ssl_tls.c:3832: |4| 0010:  04 43 a0 03 02 01 02 02 10 20 f1 8e ac 7a 4c 33  .C....... ...zL3
ssl_tls.c:3832: |4| 0020:  e9 b8 ad 83 09 87 98 61 d5 30 0a 06 08 2a 86 48  .......a.0...*.H
ssl_tls.c:3832: |4| 0030:  ce 3d 04 03 02 30 81 80 31 0b 30 09 06 03 55 04  .=...0..1.0...U.
ssl_tls.c:3832: |4| 0040:  06 13 02 55 53 31 1d 30 1b 06 03 55 04 0a 13 14  ...US1.0...U....
ssl_tls.c:3832: |4| 0050:  53 79 6d 61 6e 74 65 63 20 43 6f 72 70 6f 72 61  Symantec Corpora
ssl_tls.c:3832: |4| 0060:  74 69 6f 6e 31 1f 30 1d 06 03 55 04 0b 13 16 53  tion1.0...U....S
ssl_tls.c:3832: |4| 0070:  79 6d 61 6e 74 65 63 20 54 72 75 73 74 20 4e 65  ymantec Trust Ne
ssl_tls.c:3832: |4| 0080:  74 77 6f 72 6b 31 31 30 2f 06 03 55 04 03 13 28  twork110/..U...(
ssl_tls.c:3832: |4| 0090:  53 79 6d 61 6e 74 65 63 20 43 6c 61 73 73 20 33  Symantec Class 3
ssl_tls.c:3832: |4| 00a0:  20 45 43 43 20 32 35 36 20 62 69 74 20 53 53 4c   ECC 256 bit SSL
ssl_tls.c:3832: |4| 00b0:  20 43 41 20 2d 20 47 32 30 1e 17 0d 31 37 30 33   CA - G20...1703
ssl_tls.c:3832: |4| 00c0:  30 37 30 30 30 30 30 30 5a 17 0d 31 38 30 33 30  07000000Z..18030
ssl_tls.c:3832: |4| 00d0:  38 32 33 35 39 35 39 5a 30 7c 31 0b 30 09 06 03  8235959Z0|1.0...
ssl_tls.c:3832: |4| 00e0:  55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08  U....US1.0...U..
ssl_tls.c:3832: |4| 00f0:  0c 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e  ..Washington1.0.
ssl_tls.c:3832: |4| 0100:  06 03 55 04 07 0c 07 53 65 61 74 74 6c 65 31 19  ..U....Seattle1.
ssl_tls.c:3832: |4| 0110:  30 17 06 03 55 04 0a 0c 10 41 6d 61 7a 6f 6e 2e  0...U....Amazon.
ssl_tls.c:3832: |4| 0120:  63 6f 6d 2c 20 49 6e 63 2e 31 2b 30 29 06 03 55  com, Inc.1+0)..U
ssl_tls.c:3832: |4| 0130:  04 03 0c 22 2a 2e 69 6f 74 2e 61 70 2d 73 6f 75  ..."*.iot.ap-sou
ssl_tls.c:3832: |4| 0140:  74 68 65 61 73 74 2d 31 2e 61 6d 61 7a 6f 6e 61  theast-1.amazona
ssl_tls.c:3832: |4| 0150:  77 73 2e 63 6f 6d 30 59 30 13 06 07 2a 86 48 ce  ws.com0Y0...*.H.
ssl_tls.c:3832: |4| 0160:  3d 02 01 06 08 2a 86 48 ce 3d 03 01 07 03 42 00  =....*.H.=....B.
ssl_tls.c:3832: |4| 0170:  04 8d 14 06 12 da fe 33 36 58 2c 72 e1 31 aa 54  .......36X,r.1.T
ssl_tls.c:3832: |4| 0180:  c2 5b 19 1c d7 66 4f 7f 02 bf b0 e4 48 01 ca 65  .[...fO.....H..e
ssl_tls.c:3832: |4| 0190:  ba e2 55 9b 16 b8 9f c3 0d 52 ef f5 31 25 85 4d  ..U......R..1%.M
ssl_tls.c:3832: |4| 01a0:  63 e0 74 95 81 ce ba b2 39 fe b9 1b f3 8a 6d 81  c.t.....9.....m.
ssl_tls.c:3832: |4| 01b0:  e5 a3 82 02 a0 30 82 02 9c 30 4f 06 03 55 1d 11  .....0...0O..U..
ssl_tls.c:3832: |4| 01c0:  04 48 30 46 82 20 69 6f 74 2e 61 70 2d 73 6f 75  .H0F. iot.ap-sou
ssl_tls.c:3832: |4| 01d0:  74 68 65 61 73 74 2d 31 2e 61 6d 61 7a 6f 6e 61  theast-1.amazona
ssl_tls.c:3832: |4| 01e0:  77 73 2e 63 6f 6d 82 22 2a 2e 69 6f 74 2e 61 70  ws.com."*.iot.ap
ssl_tls.c:3832: |4| 01f0:  2d 73 6f 75 74 68 65 61 73 74 2d 31 2e 61 6d 61  -southeast-1.ama
ssl_tls.c:3832: |4| 0200:  7a 6f 6e 61 77 73 2e 63 6f 6d 30 09 06 03 55 1d  zonaws.com0...U.
ssl_tls.c:3832: |4| 0210:  13 04 02 30 00 30 0e 06 03 55 1d 0f 01 01 ff 04  ...0.0...U......
ssl_tls.c:3832: |4| 0220:  04 03 02 07 80 30 1d 06 03 55 1d 25 04 16 30 14  .....0...U.%..0.
ssl_tls.c:3832: |4| 0230:  06 08 2b 06 01 05 05 07 03 01 06 08 2b 06 01 05  ..+.........+...
ssl_tls.c:3832: |4| 0240:  05 07 03 02 30 61 06 03 55 1d 20 04 5a 30 58 30  ....0a..U. .Z0X0
ssl_tls.c:3832: |4| 0250:  56 06 06 67 81 0c 01 02 02 30 4c 30 23 06 08 2b  V..g.....0L0#..+
ssl_tls.c:3832: |4| 0260:  06 01 05 05 07 02 01 16 17 68 74 74 70 73 3a 2f  .........https:/
ssl_tls.c:3832: |4| 0270:  2f 64 2e 73 79 6d 63 62 2e 63 6f 6d 2f 63 70 73  /d.symcb.com/cps
ssl_tls.c:3832: |4| 0280:  30 25 06 08 2b 06 01 05 05 07 02 02 30 19 0c 17  0%..+.......0...
ssl_tls.c:3832: |4| 0290:  68 74 74 70 73 3a 2f 2f 64 2e 73 79 6d 63 62 2e  https://d.symcb.
ssl_tls.c:3832: |4| 02a0:  63 6f 6d 2f 72 70 61 30 1f 06 03 55 1d 23 04 18  com/rpa0...U.#..
ssl_tls.c:3832: |4| 02b0:  30 16 80 14 25 f0 8a e1 4b 7a d9 01 95 0a ed c6  0...%...Kz......
ssl_tls.c:3832: |4| 02c0:  53 f1 8c 78 1f d9 f3 f8 30 2b 06 03 55 1d 1f 04  S..x....0+..U...
ssl_tls.c:3832: |4| 02d0:  24 30 22 30 20 a0 1e a0 1c 86 1a 68 74 74 70 3a  $0"0 ......http:
ssl_tls.c:3832: |4| 02e0:  2f 2f 72 63 2e 73 79 6d 63 62 2e 63 6f 6d 2f 72  //rc.symcb.com/r
ssl_tls.c:3832: |4| 02f0:  63 2e 63 72 6c 30 57 06 08 2b 06 01 05 05 07 01  c.crl0W..+......
ssl_tls.c:3832: |4| 0300:  01 04 4b 30 49 30 1f 06 08 2b 06 01 05 05 07 30  ..K0I0...+.....0
ssl_tls.c:3832: |4| 0310:  01 86 13 68 74 74 70 3a 2f 2f 72 63 2e 73 79 6d  ...http://rc.sym
ssl_tls.c:3832: |4| 0320:  63 64 2e 63 6f 6d 30 26 06 08 2b 06 01 05 05 07  cd.com0&..+.....
ssl_tls.c:3832: |4| 0330:  30 02 86 1a 68 74 74 70 3a 2f 2f 72 63 2e 73 79  0...http://rc.sy
ssl_tls.c:3832: |4| 0340:  6d 63 62 2e 63 6f 6d 2f 72 63 2e 63 72 74 30 82  mcb.com/rc.crt0.
ssl_tls.c:3832: |4| 0350:  01 03 06 0a 2b 06 01 04 01 d6 79 02 04 02 04 81  ....+.....y.....
ssl_tls.c:3832: |4| 0360:  f4 04 81 f1 00 ef 00 76 00 dd eb 1d 2b 7a 0d 4f  .......v....+z.O
ssl_tls.c:3832: |4| 0370:  a6 20 8b 81 ad 81 68 70 7e 2e 8e 9d 01 d5 5c 88  . ....hp~.....\.
ssl_tls.c:3832: |4| 0380:  8d 3d 11 c4 cd b6 ec be cc 00 00 01 5a a8 89 8d  .=..........Z...
ssl_tls.c:3832: |4| 0390:  57 00 00 04 03 00 47 30 45 02 21 00 db 11 0d 1d  W.....G0E.!.....
ssl_tls.c:3832: |4| 03a0:  3e b9 54 ef 99 35 eb 8f d1 da 44 5c 92 84 a0 cc  >.T..5....D\....
ssl_tls.c:3832: |4| 03b0:  de 55 69 98 24 e0 f0 9f ec a2 fa 19 02 20 3c f4  .Ui.$........ <.
ssl_tls.c:3832: |4| 03c0:  d5 7b b1 18 87 e3 d3 06 b3 45 42 66 db d3 5d 4e  .{.......EBf..]N
ssl_tls.c:3832: |4| 03d0:  9e 07 35 93 16 05 0e c3 68 dd 94 e3 76 e0 00 75  ..5.....h...v..u
ssl_tls.c:3832: |4| 03e0:  00 a4 b9 09 90 b4 18 58 14 87 bb 13 a2 cc 67 70  .......X......gp
ssl_tls.c:3832: |4| 03f0:  0a 3c 35 98 04 f9 1b df b8 e3 77 cd 0e c8 0d dc  .<5.......w.....
ssl_tls.c:3832: |4| 0400:  10 00 00 01 5a a8 89 8e 0b 00 00 04 03 00 46 30  ....Z.........F0
ssl_tls.c:3832: |4| 0410:  44 02 20 4d bc a2 45 9b 21 9e 64 7f 4b d7 95 87  D. M..E.!.d.K...
ssl_tls.c:3832: |4| 0420:  a0 26 4a 25 33 54 78 2c e1 ea a0 f2 dd 30 3c 58  .&J%3Tx,.....0<X
ssl_tls.c:3832: |4| 0430:  27 d9 99 02 20 2f b1 7e 48 a8 54 7f 81 08 9c 22  '... /.~H.T...."
ssl_tls.c:3832: |4| 0440:  1a 20 3f 22 70 d0 95 47 5b c8 a5 41 2b f4 17 f0  . ?"p..G[..A+...
ssl_tls.c:3832: |4| 0450:  af e4 28 d7 1e 30 0a 06 08 2a 86 48 ce 3d 04 03  ..(..0...*.H.=..
ssl_tls.c:3832: |4| 0460:  02 03 48 00 30 45 02 20 57 85 ef 04 bf 57 6b d8  ..H.0E. W....Wk.
ssl_tls.c:3832: |4| 0470:  b1 13 b4 c2 39 98 24 63 e8 57 0d 40 e4 04 00 8b  ....9.$c.W.@....
ssl_tls.c:3832: |4| 0480:  f7 3c b8 df 76 61 e3 1b 02 21 00 80 97 fd 3d 87  .<..va...!....=.
ssl_tls.c:3832: |4| 0490:  a4 d8 ad e5 1d cb c9 79 d9 f9 9a ef c1 c9 a7 0c  .......y........
ssl_tls.c:3832: |4| 04a0:  68 cc 70 7f 33 0e 60 0a 99 9a 91 00 04 6e 30 82  h.p.3.`......n0.
ssl_tls.c:3832: |4| 04b0:  04 6a 30 82 03 52 a0 03 02 01 02 02 10 3f 92 87  .j0..R.......?..
ssl_tls.c:3832: |4| 04c0:  be 9d 1d a4 a3 7a 9d f6 28 2e 77 5a c4 30 0d 06  .....z..(.wZ.0..
ssl_tls.c:3832: |4| 04d0:  09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 ca 31  .*.H........0..1
ssl_tls.c:3832: |4| 04e0:  0b 30 09 06 03 55 04 06 13 02 55 53 31 17 30 15  .0...U....US1.0.
ssl_tls.c:3832: |4| 04f0:  06 03 55 04 0a 13 0e 56 65 72 69 53 69 67 6e 2c  ..U....VeriSign,
ssl_tls.c:3832: |4| 0500:  20 49 6e 63 2e 31 1f 30 1d 06 03 55 04 0b 13 16   Inc.1.0...U....
ssl_tls.c:3832: |4| 0510:  56 65 72 69 53 69 67 6e 20 54 72 75 73 74 20 4e  VeriSign Trust N
ssl_tls.c:3832: |4| 0520:  65 74 77 6f 72 6b 31 3a 30 38 06 03 55 04 0b 13  etwork1:08..U...
ssl_tls.c:3832: |4| 0530:  31 28 63 29 20 32 30 30 36 20 56 65 72 69 53 69  1(c) 2006 VeriSi
ssl_tls.c:3832: |4| 0540:  67 6e 2c 20 49 6e 63 2e 20 2d 20 46 6f 72 20 61  gn, Inc. - For a
ssl_tls.c:3832: |4| 0550:  75 74 68 6f 72 69 7a 65 64 20 75 73 65 20 6f 6e  uthorized use on
ssl_tls.c:3832: |4| 0560:  6c 79 31 45 30 43 06 03 55 04 03 13 3c 56 65 72  ly1E0C..U...<Ver
ssl_tls.c:3832: |4| 0570:  69 53 69 67 6e 20 43 6c 61 73 73 20 33 20 50 75  iSign Class 3 Pu
ssl_tls.c:3832: |4| 0580:  62 6c 69 63 20 50 72 69 6d 61 72 79 20 43 65 72  blic Primary Cer
ssl_tls.c:3832: |4| 0590:  74 69 66 69 63 61 74 69 6f 6e 20 41 75 74 68 6f  tification Autho
ssl_tls.c:3832: |4| 05a0:  72 69 74 79 20 2d 20 47 35 30 1e 17 0d 31 35 30  rity - G50...150
ssl_tls.c:3832: |4| 05b0:  35 31 32 30 30 30 30 30 30 5a 17 0d 32 35 30 35  512000000Z..2505
ssl_tls.c:3832: |4| 05c0:  31 31 32 33 35 39 35 39 5a 30 81 80 31 0b 30 09  11235959Z0..1.0.
ssl_tls.c:3832: |4| 05d0:  06 03 55 04 06 13 02 55 53 31 1d 30 1b 06 03 55  ..U....US1.0...U
ssl_tls.c:3832: |4| 05e0:  04 0a 13 14 53 79 6d 61 6e 74 65 63 20 43 6f 72  ....Symantec Cor
ssl_tls.c:3832: |4| 05f0:  70 6f 72 61 74 69 6f 6e 31 1f 30 1d 06 03 55 04  poration1.0...U.
ssl_tls.c:3832: |4| 0600:  0b 13 16 53 79 6d 61 6e 74 65 63 20 54 72 75 73  ...Symantec Trus
ssl_tls.c:3832: |4| 0610:  74 20 4e 65 74 77 6f 72 6b 31 31 30 2f 06 03 55  t Network110/..U
ssl_tls.c:3832: |4| 0620:  04 03 13 28 53 79 6d 61 6e 74 65 63 20 43 6c 61  ...(Symantec Cla
ssl_tls.c:3832: |4| 0630:  73 73 20 33 20 45 43 43 20 32 35 36 20 62 69 74  ss 3 ECC 256 bit
ssl_tls.c:3832: |4| 0640:  20 53 53 4c 20 43 41 20 2d 20 47 32 30 59 30 13   SSL CA - G20Y0.
ssl_tls.c:3832: |4| 0650:  06 07 2a 86 48 ce 3d 02 01 06 08 2a 86 48 ce 3d  ..*.H.=....*.H.=
ssl_tls.c:3832: |4| 0660:  03 01 07 03 42 00 04 0f 1b a4 91 d7 e7 ac e7 d1  ....B...........
ssl_tls.c:3832: |4| 0670:  4e 4e b7 64 5b e1 8f 7f 6e 04 d3 ab 38 db 44 b7  NN.d[...n...8.D.
ssl_tls.c:3832: |4| 0680:  40 5c 6d bd 96 96 37 df 79 89 86 67 f7 b1 1f 08  @\m...7.y..g....
ssl_tls.c:3832: |4| 0690:  9e fd 63 3b 46 8c 9f bd 53 e8 15 dc 97 3e 2b 81  ..c;F...S....>+.
ssl_tls.c:3832: |4| 06a0:  46 ad 86 7f 0e 01 39 a3 82 01 5d 30 82 01 59 30  F.....9...]0..Y0
ssl_tls.c:3832: |4| 06b0:  2e 06 08 2b 06 01 05 05 07 01 01 04 22 30 20 30  ...+........"0 0
ssl_tls.c:3832: |4| 06c0:  1e 06 08 2b 06 01 05 05 07 30 01 86 12 68 74 74  ...+.....0...htt
ssl_tls.c:3832: |4| 06d0:  70 3a 2f 2f 73 2e 73 79 6d 63 64 2e 63 6f 6d 30  p://s.symcd.com0
ssl_tls.c:3832: |4| 06e0:  12 06 03 55 1d 13 01 01 ff 04 08 30 06 01 01 ff  ...U.......0....
ssl_tls.c:3832: |4| 06f0:  02 01 00 30 65 06 03 55 1d 20 04 5e 30 5c 30 5a  ...0e..U. .^0\0Z
ssl_tls.c:3832: |4| 0700:  06 0a 60 86 48 01 86 f8 45 01 07 36 30 4c 30 23  ..`.H...E..60L0#
ssl_tls.c:3832: |4| 0710:  06 08 2b 06 01 05 05 07 02 01 16 17 68 74 74 70  ..+.........http
ssl_tls.c:3832: |4| 0720:  73 3a 2f 2f 64 2e 73 79 6d 63 62 2e 63 6f 6d 2f  s://d.symcb.com/
ssl_tls.c:3832: |4| 0730:  63 70 73 30 25 06 08 2b 06 01 05 05 07 02 02 30  cps0%..+.......0
ssl_tls.c:3832: |4| 0740:  19 1a 17 68 74 74 70 73 3a 2f 2f 64 2e 73 79 6d  ...https://d.sym
ssl_tls.c:3832: |4| 0750:  63 62 2e 63 6f 6d 2f 72 70 61 30 2f 06 03 55 1d  cb.com/rpa0/..U.
ssl_tls.c:3832: |4| 0760:  1f 04 28 30 26 30 24 a0 22 a0 20 86 1e 68 74 74  ..(0&0$.". ..htt
ssl_tls.c:3832: |4| 0770:  70 3a 2f 2f 73 2e 73 79 6d 63 62 2e 63 6f 6d 2f  p://s.symcb.com/
ssl_tls.c:3832: |4| 0780:  70 63 61 33 2d 67 35 2e 63 72 6c 30 0e 06 03 55  pca3-g5.crl0...U
ssl_tls.c:3832: |4| 0790:  1d 0f 01 01 ff 04 04 03 02 01 06 30 2b 06 03 55  ...........0+..U
ssl_tls.c:3832: |4| 07a0:  1d 11 04 24 30 22 a4 20 30 1e 31 1c 30 1a 06 03  ...$0". 0.1.0...
ssl_tls.c:3832: |4| 07b0:  55 04 03 13 13 53 59 4d 43 2d 45 43 43 2d 43 41  U....SYMC-ECC-CA
ssl_tls.c:3832: |4| 07c0:  2d 70 32 35 36 2d 32 32 30 1d 06 03 55 1d 0e 04  -p256-220...U...
ssl_tls.c:3832: |4| 07d0:  16 04 14 25 f0 8a e1 4b 7a d9 01 95 0a ed c6 53  ...%...Kz......S
ssl_tls.c:3832: |4| 07e0:  f1 8c 78 1f d9 f3 f8 30 1f 06 03 55 1d 23 04 18  ..x....0...U.#..
ssl_tls.c:3832: |4| 07f0:  30 16 80 14 7f d3 65 a7 c2 dd ec bb f0 30 09 f3  0.....e......0..
ssl_tls.c:3832: |4| 0800:  43 39 fa 02 af 33 31 33 30 0d 06 09 2a 86 48 86  C9...3130...*.H.
ssl_tls.c:3832: |4| 0810:  f7 0d 01 01 0b 05 00 03 82 01 01 00 0c 30 65 17  .............0e.
ssl_tls.c:3832: |4| 0820:  05 a5 93 75 a2 f1 b1 31 ad 70 1f e7 6a a8 c8 42  ...u...1.p..j..B
ssl_tls.c:3832: |4| 0830:  b2 ef a1 5f 4d 1b ee cc a0 7a 46 77 fe bd 75 9f  ..._M....zFw..u.
ssl_tls.c:3832: |4| 0840:  e1 db 33 b2 ee c1 85 50 7a 06 ff 41 c6 44 0f 6b  ..3....Pz..A.D.k
ssl_tls.c:3832: |4| 0850:  c5 3f f9 c3 91 a4 11 52 15 93 1b 56 c8 85 96 ab  .?.....R...V....
ssl_tls.c:3832: |4| 0860:  aa ec e0 24 d9 b7 c0 5e 8f f2 87 61 16 e8 8e d1  ...$...^...a....
ssl_tls.c:3832: |4| 0870:  03 52 40 93 65 24 cb 88 2b e0 b8 fc af 8a 75 e0  .R@.e$..+.....u.
ssl_tls.c:3832: |4| 0880:  c7 2f 8b 1d 3f 8f 99 db 44 7d 7b 2f 71 d6 de 05  ./..?...D}{/q...
ssl_tls.c:3832: |4| 0890:  25 94 62 93 ac 0d 8b c3 da 13 6d cf d7 70 39 de  %.b.......m..p9.
ssl_tls.c:3832: |4| 08a0:  67 06 8b 0c 02 99 9d c6 df b3 ec b4 32 66 ef 30  g...........2f.0
ssl_tls.c:3832: |4| 08b0:  32 77 c8 d5 4e 88 30 ef 91 5a 8c 31 67 cb b2 d2  2w..N.0..Z.1g...
ssl_tls.c:3832: |4| 08c0:  8b 30 74 56 1d df 69 7d c5 ef 9a 00 4f e4 cb d6  .0tV..i}....O...
ssl_tls.c:3832: |4| 08d0:  a5 2e ef cc f6 9b f1 89 42 ae 7e a1 c9 46 00 c1  ........B.~..F..
ssl_tls.c:3832: |4| 08e0:  28 0e ae 0e 31 cb 30 f5 fe fe 7c 57 68 d0 8f 5f  (...1.0...|Wh.._
ssl_tls.c:3832: |4| 08f0:  74 88 e0 a5 59 d6 cb 47 43 f5 39 a0 d9 4c 74 73  t...Y..GC.9..Lts
ssl_tls.c:3832: |4| 0900:  7d ba 60 2f 95 4d f5 de 0d 08 80 9a e3 b1 0d a7  }.`/.M..........
ssl_tls.c:3832: |4| 0910:  21 d7 fd 76 c7 4f fb a9 6b 98 fe ec 0c 00 00 d4  !..v.O..k.......
ssl_tls.c:3832: |4| 0920:  03 00 19 85 04 01 7e ef c8 ff 40 0a be 76 99 0d  ......~...@..v..
ssl_tls.c:3832: |4| 0930:  4c 50 0f d6 4b 35 99 98 92 d9 4b ef fe 61 48 5d  LP..K5....K..aH]
ssl_tls.c:3832: |4| 0940:  3d 9a 3e a2 4d 7b 6c 0f f4 6f 5f 55 ed d2 b3 53  =.>.M{l..o_U...S
ssl_tls.c:3832: |4| 0950:  98 7c 12 83 d4 9b c9 4b 15 80 d2 ba b2 0f 8c cd  .|.....K........
ssl_tls.c:3832: |4| 0960:  9d 07 c4 82 33 13 52 01 a9 9d 3f 99 56 cf e6 f6  ....3.R...?.V...
ssl_tls.c:3832: |4| 0970:  96 89 0f 77 1d ba 06 43 a9 64 1d 34 7a 66 4b 2a  ...w...C.d.4zfK*
ssl_tls.c:3832: |4| 0980:  97 50 fe 6f 05 f3 1d a4 e7 af 8a 83 f5 63 d0 34  .P.o.........c.4
ssl_tls.c:3832: |4| 0990:  16 35 d7 b5 fb 79 51 48 85 12 0d 69 2f 1c 05 04  .5...yQH...i/...
ssl_tls.c:3832: |4| 09a0:  11 84 f3 35 53 c9 95 34 46 06 03 00 47 30 45 02  ...5S..4F...G0E.
ssl_tls.c:3832: |4| 09b0:  20 2d 96 cc 6b 82 41 ce 1b 55 ff 8a 66 2a d3 bd   -..k.A..U..f*..
ssl_tls.c:3832: |4| 09c0:  1d d0 b6 2e b7 62 d0 a0 1f a2 e5 44 d7 6c 74 65  .....b.....D.lte
ssl_tls.c:3832: |4| 09d0:  a2 02 21 00 9b 30 ae 91 90 1c 63 5c 81 fd ec b3  ..!..0....c\....
ssl_tls.c:3832: |4| 09e0:  ab e0 6c 33 31 a3 cc 81 91 bc 95 84 3a 29 2d 93  ..l31.......:)-.
ssl_tls.c:3832: |4| 09f0:  a4 9f 93 c2 0d 00 00 22 03 01 02 40 00 1a 06 03  ......."...@....
ssl_tls.c:3832: |4| 0a00:  06 01 05 03 05 01 04 03 04 01 04 02 03 03 03 01  ................
ssl_tls.c:3832: |4| 0a10:  03 02 02 03 02 01 02 02 00 00 0e 00 00 00        ..............
ssl_tls.c:3089: |3| handshake message: msglen = 2590, type = 11, hslen = 2332
ssl_tls.c:3754: |2| <= read record
ssl_tls.c:4524: |3| peer certificate #1:
ssl_tls.c:4524: |3| cert. version     : 3
ssl_tls.c:4524: |3| serial number     : 20:F1:8E:AC:7A:4C:33:E9:B8:AD:83:09:87:98:61:D5
ssl_tls.c:4524: |3| issuer name       : C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 ECC 256 bit SSL CA - G2
ssl_tls.c:4524: |3| subject name      : C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=*.iot.ap-southeast-1.amazonaws.com
ssl_tls.c:4524: |3| issued  on        : 2017-03-07 00:00:00
ssl_tls.c:4524: |3| expires on        : 2018-03-08 23:59:59
ssl_tls.c:4524: |3| signed using      : ECDSA with SHA256
ssl_tls.c:4524: |3| EC key size       : 256 bits
ssl_tls.c:4524: |3| basic constraints : CA=false
ssl_tls.c:4524: |3| subject alt name  : iot.ap-southeast-1.amazonaws.com, *.iot.ap-southeast-1.amazonaws.com
ssl_tls.c:4524: |3| key usage         : Digital Signature
ssl_tls.c:4524: |3| ext key usage     : TLS Web Server Authentication, TLS Web Client Authentication
ssl_tls.c:4524: |3| value of 'crt->eckey.Q(X)' (256 bits) is:
ssl_tls.c:4524: |3|  8d 14 06 12 da fe 33 36 58 2c 72 e1 31 aa 54 c2
ssl_tls.c:4524: |3|  5b 19 1c d7 66 4f 7f 02 bf b0 e4 48 01 ca 65 ba
ssl_tls.c:4524: |3| value of 'crt->eckey.Q(Y)' (256 bits) is:
ssl_tls.c:4524: |3|  e2 55 9b 16 b8 9f c3 0d 52 ef f5 31 25 85 4d 63
ssl_tls.c:4524: |3|  e0 74 95 81 ce ba b2 39 fe b9 1b f3 8a 6d 81 e5
ssl_tls.c:4524: |3| peer certificate #2:
ssl_tls.c:4524: |3| cert. version     : 3
ssl_tls.c:4524: |3| serial number     : 3F:92:87:BE:9D:1D:A4:A3:7A:9D:F6:28:2E:77:5A:C4
ssl_tls.c:4524: |3| issuer name       : C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
ssl_tls.c:4524: |3| subject name      : C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 ECC 256 bit SSL CA - G2
ssl_tls.c:4524: |3| issued  on        : 2015-05-12 00:00:00
ssl_tls.c:4524: |3| expires on        : 2025-05-11 23:59:59
ssl_tls.c:4524: |3| signed using      : RSA with SHA-256
ssl_tls.c:4524: |3| EC key size       : 256 bits
ssl_tls.c:4524: |3| basic constraints : CA=true, max_pathlen=0
ssl_tls.c:4524: |3| subject alt name  : 
ssl_tls.c:4524: |3| key usage         : Key Cert Sign, CRL Sign
ssl_tls.c:4524: |3| value of 'crt->eckey.Q(X)' (252 bits) is:
ssl_tls.c:4524: |3|  0f 1b a4 91 d7 e7 ac e7 d1 4e 4e b7 64 5b e1 8f
ssl_tls.c:4524: |3|  7f 6e 04 d3 ab 38 db 44 b7 40 5c 6d bd 96 96 37
ssl_tls.c:4524: |3| value of 'crt->eckey.Q(Y)' (256 bits) is:
ssl_tls.c:4524: |3|  df 79 89 86 67 f7 b1 1f 08 9e fd 63 3b 46 8c 9f
ssl_tls.c:4524: |3|  bd 53 e8 15 dc 97 3e 2b 81 46 ad 86 7f 0e 01 39

Verify requested for (Depth 2):
cert. version     : 3
serial number     : 18:DA:D1:9E:26:7D:E8:BB:4A:21:58:CD:CC:6B:3B:4A
issuer name       : C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
subject name      : C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
issued  on        : 2006-11-08 00:00:00
expires on        : 2036-07-16 23:59:59
signed using      : RSA with SHA1
RSA key size      : 2048 bits
basic constraints : CA=true
key usage         : Key Cert Sign, CRL Sign
  This certificate has no flags

Verify requested for (Depth 1):
cert. version     : 3
serial number     : 3F:92:87:BE:9D:1D:A4:A3:7A:9D:F6:28:2E:77:5A:C4
issuer name       : C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
subject name      : C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 ECC 256 bit SSL CA - G2
issued  on        : 2015-05-12 00:00:00
expires on        : 2025-05-11 23:59:59
signed using      : RSA with SHA-256
EC key size       : 256 bits
basic constraints : CA=true, max_pathlen=0
subject alt name  : 
key usage         : Key Cert Sign, CRL Sign
  This certificate has no flags

Verify requested for (Depth 0):
cert. version     : 3
serial number     : 20:F1:8E:AC:7A:4C:33:E9:B8:AD:83:09:87:98:61:D5
issuer name       : C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 ECC 256 bit SSL CA - G2
subject name      : C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=*.iot.ap-southeast-1.amazonaws.com
issued  on        : 2017-03-07 00:00:00
expires on        : 2018-03-08 23:59:59
signed using      : ECDSA with SHA256
EC key size       : 256 bits
basic constraints : CA=false
subject alt name  : iot.ap-southeast-1.amazonaws.com, *.iot.ap-southeast-1.amazonaws.com
key usage         : Digital Signature
ext key usage     : TLS Web Server Authentication, TLS Web Client Authentication
  This certificate has no flags
ssl_tls.c:4679: |3| Certificate verification flags clear
ssl_tls.c:4684: |2| <= parse certificate
ssl_cli.c:3363: |2| client state: 4
ssl_tls.c:2416: |2| => flush output
ssl_tls.c:2428: |2| <= flush output
ssl_cli.c:2263: |2| => parse server key exchange
ssl_tls.c:3721: |2| => read record
ssl_tls.c:3832: |4| dumping 'remaining content in record' (258 bytes)
ssl_tls.c:3832: |4| 0000:  0c 00 00 d4 03 00 19 85 04 01 7e ef c8 ff 40 0a  ..........~...@.
ssl_tls.c:3832: |4| 0010:  be 76 99 0d 4c 50 0f d6 4b 35 99 98 92 d9 4b ef  .v..LP..K5....K.
ssl_tls.c:3832: |4| 0020:  fe 61 48 5d 3d 9a 3e a2 4d 7b 6c 0f f4 6f 5f 55  .aH]=.>.M{l..o_U
ssl_tls.c:3832: |4| 0030:  ed d2 b3 53 98 7c 12 83 d4 9b c9 4b 15 80 d2 ba  ...S.|.....K....
ssl_tls.c:3832: |4| 0040:  b2 0f 8c cd 9d 07 c4 82 33 13 52 01 a9 9d 3f 99  ........3.R...?.
ssl_tls.c:3832: |4| 0050:  56 cf e6 f6 96 89 0f 77 1d ba 06 43 a9 64 1d 34  V......w...C.d.4
ssl_tls.c:3832: |4| 0060:  7a 66 4b 2a 97 50 fe 6f 05 f3 1d a4 e7 af 8a 83  zfK*.P.o........
ssl_tls.c:3832: |4| 0070:  f5 63 d0 34 16 35 d7 b5 fb 79 51 48 85 12 0d 69  .c.4.5...yQH...i
ssl_tls.c:3832: |4| 0080:  2f 1c 05 04 11 84 f3 35 53 c9 95 34 46 06 03 00  /......5S..4F...
ssl_tls.c:3832: |4| 0090:  47 30 45 02 20 2d 96 cc 6b 82 41 ce 1b 55 ff 8a  G0E. -..k.A..U..
ssl_tls.c:3832: |4| 00a0:  66 2a d3 bd 1d d0 b6 2e b7 62 d0 a0 1f a2 e5 44  f*.......b.....D
ssl_tls.c:3832: |4| 00b0:  d7 6c 74 65 a2 02 21 00 9b 30 ae 91 90 1c 63 5c  .lte..!..0....c\
ssl_tls.c:3832: |4| 00c0:  81 fd ec b3 ab e0 6c 33 31 a3 cc 81 91 bc 95 84  ......l31.......
ssl_tls.c:3832: |4| 00d0:  3a 29 2d 93 a4 9f 93 c2 0d 00 00 22 03 01 02 40  :)-........"...@
ssl_tls.c:3832: |4| 00e0:  00 1a 06 03 06 01 05 03 05 01 04 03 04 01 04 02  ................
ssl_tls.c:3832: |4| 00f0:  03 03 03 01 03 02 02 03 02 01 02 02 00 00 0e 00  ................
ssl_tls.c:3832: |4| 0100:  00 00                                            ..
ssl_tls.c:3089: |3| handshake message: msglen = 258, type = 12, hslen = 216
ssl_tls.c:3754: |2| <= read record
ssl_cli.c:2337: |3| dumping 'server key exchange' (212 bytes)
ssl_cli.c:2337: |3| 0000:  03 00 19 85 04 01 7e ef c8 ff 40 0a be 76 99 0d  ......~...@..v..
ssl_cli.c:2337: |3| 0010:  4c 50 0f d6 4b 35 99 98 92 d9 4b ef fe 61 48 5d  LP..K5....K..aH]
ssl_cli.c:2337: |3| 0020:  3d 9a 3e a2 4d 7b 6c 0f f4 6f 5f 55 ed d2 b3 53  =.>.M{l..o_U...S
ssl_cli.c:2337: |3| 0030:  98 7c 12 83 d4 9b c9 4b 15 80 d2 ba b2 0f 8c cd  .|.....K........
ssl_cli.c:2337: |3| 0040:  9d 07 c4 82 33 13 52 01 a9 9d 3f 99 56 cf e6 f6  ....3.R...?.V...
ssl_cli.c:2337: |3| 0050:  96 89 0f 77 1d ba 06 43 a9 64 1d 34 7a 66 4b 2a  ...w...C.d.4zfK*
ssl_cli.c:2337: |3| 0060:  97 50 fe 6f 05 f3 1d a4 e7 af 8a 83 f5 63 d0 34  .P.o.........c.4
ssl_cli.c:2337: |3| 0070:  16 35 d7 b5 fb 79 51 48 85 12 0d 69 2f 1c 05 04  .5...yQH...i/...
ssl_cli.c:2337: |3| 0080:  11 84 f3 35 53 c9 95 34 46 06 03 00 47 30 45 02  ...5S..4F...G0E.
ssl_cli.c:2337: |3| 0090:  20 2d 96 cc 6b 82 41 ce 1b 55 ff 8a 66 2a d3 bd   -..k.A..U..f*..
ssl_cli.c:2337: |3| 00a0:  1d d0 b6 2e b7 62 d0 a0 1f a2 e5 44 d7 6c 74 65  .....b.....D.lte
ssl_cli.c:2337: |3| 00b0:  a2 02 21 00 9b 30 ae 91 90 1c 63 5c 81 fd ec b3  ..!..0....c\....
ssl_cli.c:2337: |3| 00c0:  ab e0 6c 33 31 a3 cc 81 91 bc 95 84 3a 29 2d 93  ..l31.......:)-.
ssl_cli.c:2337: |3| 00d0:  a4 9f 93 c2                                      ....
ssl_cli.c:1982: |2| ECDH curve: secp521r1
ssl_cli.c:1992: |3| value of 'ECDH: Qp(X)' (521 bits) is:
ssl_cli.c:1992: |3|  01 7e ef c8 ff 40 0a be 76 99 0d 4c 50 0f d6 4b
ssl_cli.c:1992: |3|  35 99 98 92 d9 4b ef fe 61 48 5d 3d 9a 3e a2 4d
ssl_cli.c:1992: |3|  7b 6c 0f f4 6f 5f 55 ed d2 b3 53 98 7c 12 83 d4
ssl_cli.c:1992: |3|  9b c9 4b 15 80 d2 ba b2 0f 8c cd 9d 07 c4 82 33
ssl_cli.c:1992: |3|  13 52
ssl_cli.c:1992: |3| value of 'ECDH: Qp(Y)' (521 bits) is:
ssl_cli.c:1992: |3|  01 a9 9d 3f 99 56 cf e6 f6 96 89 0f 77 1d ba 06
ssl_cli.c:1992: |3|  43 a9 64 1d 34 7a 66 4b 2a 97 50 fe 6f 05 f3 1d
ssl_cli.c:1992: |3|  a4 e7 af 8a 83 f5 63 d0 34 16 35 d7 b5 fb 79 51
ssl_cli.c:1992: |3|  48 85 12 0d 69 2f 1c 05 04 11 84 f3 35 53 c9 95
ssl_cli.c:1992: |3|  34 46
ssl_cli.c:2205: |2| Server used SignatureAlgorithm 3
ssl_cli.c:2206: |2| Server used HashAlgorithm 6
ssl_cli.c:2484: |3| dumping 'signature' (71 bytes)
ssl_cli.c:2484: |3| 0000:  30 45 02 20 2d 96 cc 6b 82 41 ce 1b 55 ff 8a 66  0E. -..k.A..U..f
ssl_cli.c:2484: |3| 0010:  2a d3 bd 1d d0 b6 2e b7 62 d0 a0 1f a2 e5 44 d7  *.......b.....D.
ssl_cli.c:2484: |3| 0020:  6c 74 65 a2 02 21 00 9b 30 ae 91 90 1c 63 5c 81  lte..!..0....c\.
ssl_cli.c:2484: |3| 0030:  fd ec b3 ab e0 6c 33 31 a3 cc 81 91 bc 95 84 3a  .....l31.......:
ssl_cli.c:2484: |3| 0040:  29 2d 93 a4 9f 93 c2                             )-.....
ssl_cli.c:2572: |3| dumping 'parameters hash' (64 bytes)
ssl_cli.c:2572: |3| 0000:  79 9d 0a 4f 88 df a5 90 9d 1a 06 20 bc 55 4d b3  y..O....... .UM.
ssl_cli.c:2572: |3| 0010:  3d f4 ef fa 74 40 50 e5 ac b1 5b 0f 97 ec 89 8b  =...t@P...[.....
ssl_cli.c:2572: |3| 0020:  f0 9c 5a a3 89 b2 16 12 d2 6a 4f 22 93 78 d2 9a  ..Z......jO".x..
ssl_cli.c:2572: |3| 0030:  ee fd ee f1 44 f8 5b 6e 9b 11 28 e1 34 91 3d b6  ....D.[n..(.4.=.
ssl_cli.c:2607: |2| <= parse server key exchange
ssl_cli.c:3363: |2| client state: 5
ssl_tls.c:2416: |2| => flush output
ssl_tls.c:2428: |2| <= flush output
ssl_cli.c:2640: |2| => parse certificate request
ssl_tls.c:3721: |2| => read record
ssl_tls.c:3832: |4| dumping 'remaining content in record' (42 bytes)
ssl_tls.c:3832: |4| 0000:  0d 00 00 22 03 01 02 40 00 1a 06 03 06 01 05 03  ..."...@........
ssl_tls.c:3832: |4| 0010:  05 01 04 03 04 01 04 02 03 03 03 01 03 02 02 03  ................
ssl_tls.c:3832: |4| 0020:  02 01 02 02 00 00 0e 00 00 00                    ..........
ssl_tls.c:3089: |3| handshake message: msglen = 42, type = 13, hslen = 38
ssl_tls.c:3754: |2| <= read record
ssl_cli.c:2667: |3| got a certificate request
ssl_cli.c:2727: |3| Supported Signature Algorithm found: 6,3
ssl_cli.c:2727: |3| Supported Signature Algorithm found: 6,1
ssl_cli.c:2727: |3| Supported Signature Algorithm found: 5,3
ssl_cli.c:2727: |3| Supported Signature Algorithm found: 5,1
ssl_cli.c:2727: |3| Supported Signature Algorithm found: 4,3
ssl_cli.c:2727: |3| Supported Signature Algorithm found: 4,1
ssl_cli.c:2727: |3| Supported Signature Algorithm found: 4,2
ssl_cli.c:2727: |3| Supported Signature Algorithm found: 3,3
ssl_cli.c:2727: |3| Supported Signature Algorithm found: 3,1
ssl_cli.c:2727: |3| Supported Signature Algorithm found: 3,2
ssl_cli.c:2727: |3| Supported Signature Algorithm found: 2,3
ssl_cli.c:2727: |3| Supported Signature Algorithm found: 2,1
ssl_cli.c:2727: |3| Supported Signature Algorithm found: 2,2
ssl_cli.c:2757: |2| <= parse certificate request
ssl_cli.c:3363: |2| client state: 6
ssl_tls.c:2416: |2| => flush output
ssl_tls.c:2428: |2| <= flush output
ssl_cli.c:2767: |2| => parse server hello done
ssl_tls.c:3721: |2| => read record
ssl_tls.c:3832: |4| dumping 'remaining content in record' (4 bytes)
ssl_tls.c:3832: |4| 0000:  0e 00 00 00                                      ....
ssl_tls.c:3089: |3| handshake message: msglen = 4, type = 14, hslen = 4
ssl_tls.c:3754: |2| <= read record
ssl_cli.c:2797: |2| <= parse server hello done
ssl_cli.c:3363: |2| client state: 7
ssl_tls.c:2416: |2| => flush output
ssl_tls.c:2428: |2| <= flush output
ssl_tls.c:4203: |2| => write certificate
ssl_tls.c:4255: |3| own certificate #1:
ssl_tls.c:4255: |3| cert. version     : 3
ssl_tls.c:4255: |3| serial number     : 85:55:31:96:C2:98:D4:60:03:BF:98:39:C2:A6:5B:54:18:55:0E:8F
ssl_tls.c:4255: |3| issuer name       : OU=Amazon Web Services O=Amazon.com Inc. L=Seattle ST=Washington C=US
ssl_tls.c:4255: |3| subject name      : CN=AWS IoT Certificate
ssl_tls.c:4255: |3| issued  on        : 2018-01-01 09:31:27
ssl_tls.c:4255: |3| expires on        : 2049-12-31 23:59:59
ssl_tls.c:4255: |3| signed using      : RSA with SHA-256
ssl_tls.c:4255: |3| RSA key size      : 2048 bits
ssl_tls.c:4255: |3| basic constraints : CA=false
ssl_tls.c:4255: |3| key usage         : Digital Signature
ssl_tls.c:4255: |3| value of 'crt->rsa.N' (2048 bits) is:
ssl_tls.c:4255: |3|  c6 bd ac 42 11 a0 82 e7 cd d7 81 ba 47 db de 62
ssl_tls.c:4255: |3|  66 cd 17 1a d2 a5 26 76 31 ed 0f ec 71 96 64 6a
ssl_tls.c:4255: |3|  14 0f b5 62 81 39 7e 10 76 f8 cb 74 53 04 ab 2f
ssl_tls.c:4255: |3|  89 05 3a 85 0e 00 20 61 12 a6 a4 69 c5 c6 97 60
ssl_tls.c:4255: |3|  63 a3 d7 1e 71 1c 37 6d 4a 1c 19 eb a7 5a dc 61
ssl_tls.c:4255: |3|  59 5b 65 da 08 e6 d0 66 c7 90 04 37 93 25 e9 3a
ssl_tls.c:4255: |3|  1f e0 83 2e e7 2c 26 4b f0 93 a0 a3 51 0d b6 8e
ssl_tls.c:4255: |3|  62 3d a7 8c 6d cb a2 03 30 8a 30 04 6f e9 61 f9
ssl_tls.c:4255: |3|  8b 1e 7b eb b0 f9 1b 14 14 ef cb 05 92 d0 d7 07
ssl_tls.c:4255: |3|  80 f9 5f 72 73 4c 60 c4 85 f3 37 f8 63 d1 e0 50
ssl_tls.c:4255: |3|  76 c7 40 45 98 7d 99 18 ed cc e3 90 9b aa f8 7c
ssl_tls.c:4255: |3|  53 7e b1 ad f5 fa 4e aa 17 ab d8 9e ca 2f a5 8a
ssl_tls.c:4255: |3|  01 48 c9 9c 5f 94 74 e7 08 c3 bf d9 19 93 05 da
ssl_tls.c:4255: |3|  b8 2c 9f 66 2f ad 7b ee a0 ef 53 43 0c 42 20 1b
ssl_tls.c:4255: |3|  47 3b 81 45 72 2e 4e 7f 78 66 f8 b8 55 0f 09 40
ssl_tls.c:4255: |3|  36 95 16 58 05 82 dc 2b 92 59 27 6c 9d 94 c1 f3
ssl_tls.c:4255: |3| value of 'crt->rsa.E' (17 bits) is:
ssl_tls.c:4255: |3|  01 00 01
ssl_tls.c:2701: |2| => write record
ssl_tls.c:2838: |3| output record: msgtype = 22, version = [3:3], msglen = 872
ssl_tls.c:2841: |4| dumping 'output record sent to network' (877 bytes)
ssl_tls.c:2841: |4| 0000:  16 03 03 03 68 0b 00 03 64 00 03 61 00 03 5e 30  ....h...d..a..^0
ssl_tls.c:2841: |4| 0010:  82 03 5a 30 82 02 42 a0 03 02 01 02 02 15 00 85  ..Z0..B.........
ssl_tls.c:2841: |4| 0020:  55 31 96 c2 98 d4 60 03 bf 98 39 c2 a6 5b 54 18  U1....`...9..[T.
ssl_tls.c:2841: |4| 0030:  55 0e 8f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b  U..0...*.H......
ssl_tls.c:2841: |4| 0040:  05 00 30 4d 31 4b 30 49 06 03 55 04 0b 0c 42 41  ..0M1K0I..U...BA
ssl_tls.c:2841: |4| 0050:  6d 61 7a 6f 6e 20 57 65 62 20 53 65 72 76 69 63  mazon Web Servic
ssl_tls.c:2841: |4| 0060:  65 73 20 4f 3d 41 6d 61 7a 6f 6e 2e 63 6f 6d 20  es O=Amazon.com 
ssl_tls.c:2841: |4| 0070:  49 6e 63 2e 20 4c 3d 53 65 61 74 74 6c 65 20 53  Inc. L=Seattle S
ssl_tls.c:2841: |4| 0080:  54 3d 57 61 73 68 69 6e 67 74 6f 6e 20 43 3d 55  T=Washington C=U
ssl_tls.c:2841: |4| 0090:  53 30 1e 17 0d 31 38 30 31 30 31 30 39 33 31 32  S0...18010109312
ssl_tls.c:2841: |4| 00a0:  37 5a 17 0d 34 39 31 32 33 31 32 33 35 39 35 39  7Z..491231235959
ssl_tls.c:2841: |4| 00b0:  5a 30 1e 31 1c 30 1a 06 03 55 04 03 0c 13 41 57  Z0.1.0...U....AW
ssl_tls.c:2841: |4| 00c0:  53 20 49 6f 54 20 43 65 72 74 69 66 69 63 61 74  S IoT Certificat
ssl_tls.c:2841: |4| 00d0:  65 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01  e0.."0...*.H....
ssl_tls.c:2841: |4| 00e0:  01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01  .........0......
ssl_tls.c:2841: |4| 00f0:  01 00 c6 bd ac 42 11 a0 82 e7 cd d7 81 ba 47 db  .....B........G.
ssl_tls.c:2841: |4| 0100:  de 62 66 cd 17 1a d2 a5 26 76 31 ed 0f ec 71 96  .bf.....&v1...q.
ssl_tls.c:2841: |4| 0110:  64 6a 14 0f b5 62 81 39 7e 10 76 f8 cb 74 53 04  dj...b.9~.v..tS.
ssl_tls.c:2841: |4| 0120:  ab 2f 89 05 3a 85 0e 00 20 61 12 a6 a4 69 c5 c6  ./..:... a...i..
ssl_tls.c:2841: |4| 0130:  97 60 63 a3 d7 1e 71 1c 37 6d 4a 1c 19 eb a7 5a  .`c...q.7mJ....Z
ssl_tls.c:2841: |4| 0140:  dc 61 59 5b 65 da 08 e6 d0 66 c7 90 04 37 93 25  .aY[e....f...7.%
ssl_tls.c:2841: |4| 0150:  e9 3a 1f e0 83 2e e7 2c 26 4b f0 93 a0 a3 51 0d  .:.....,&K....Q.
ssl_tls.c:2841: |4| 0160:  b6 8e 62 3d a7 8c 6d cb a2 03 30 8a 30 04 6f e9  ..b=..m...0.0.o.
ssl_tls.c:2841: |4| 0170:  61 f9 8b 1e 7b eb b0 f9 1b 14 14 ef cb 05 92 d0  a...{...........
ssl_tls.c:2841: |4| 0180:  d7 07 80 f9 5f 72 73 4c 60 c4 85 f3 37 f8 63 d1  ...._rsL`...7.c.
ssl_tls.c:2841: |4| 0190:  e0 50 76 c7 40 45 98 7d 99 18 ed cc e3 90 9b aa  .Pv.@E.}........
ssl_tls.c:2841: |4| 01a0:  f8 7c 53 7e b1 ad f5 fa 4e aa 17 ab d8 9e ca 2f  .|S~....N....../
ssl_tls.c:2841: |4| 01b0:  a5 8a 01 48 c9 9c 5f 94 74 e7 08 c3 bf d9 19 93  ...H.._.t.......
ssl_tls.c:2841: |4| 01c0:  05 da b8 2c 9f 66 2f ad 7b ee a0 ef 53 43 0c 42  ...,.f/.{...SC.B
ssl_tls.c:2841: |4| 01d0:  20 1b 47 3b 81 45 72 2e 4e 7f 78 66 f8 b8 55 0f   .G;.Er.N.xf..U.
ssl_tls.c:2841: |4| 01e0:  09 40 36 95 16 58 05 82 dc 2b 92 59 27 6c 9d 94  .@6..X...+.Y'l..
ssl_tls.c:2841: |4| 01f0:  c1 f3 02 03 01 00 01 a3 60 30 5e 30 1f 06 03 55  ........`0^0...U
ssl_tls.c:2841: |4| 0200:  1d 23 04 18 30 16 80 14 2e 37 eb 92 81 cd f6 ec  .#..0....7......
ssl_tls.c:2841: |4| 0210:  c0 77 b8 0f e8 d0 58 6f a6 2f d0 72 30 1d 06 03  .w....Xo./.r0...
ssl_tls.c:2841: |4| 0220:  55 1d 0e 04 16 04 14 29 d5 c3 7f 29 11 6c e7 f3  U......)...).l..
ssl_tls.c:2841: |4| 0230:  06 c2 78 04 c1 07 00 72 54 36 d9 30 0c 06 03 55  ..x....rT6.0...U
ssl_tls.c:2841: |4| 0240:  1d 13 01 01 ff 04 02 30 00 30 0e 06 03 55 1d 0f  .......0.0...U..
ssl_tls.c:2841: |4| 0250:  01 01 ff 04 04 03 02 07 80 30 0d 06 09 2a 86 48  .........0...*.H
ssl_tls.c:2841: |4| 0260:  86 f7 0d 01 01 0b 05 00 03 82 01 01 00 76 f4 ab  .............v..
ssl_tls.c:2841: |4| 0270:  2e 87 ad 3d a5 e5 fc 35 11 a3 dc f4 ac 59 73 d5  ...=...5.....Ys.
ssl_tls.c:2841: |4| 0280:  5b 51 d9 b4 6d 60 57 00 c8 c5 bf 9a d9 4b fc 14  [Q..m`W......K..
ssl_tls.c:2841: |4| 0290:  72 b8 66 aa 8e f3 6e d3 fb 54 c4 fd 5b ac f4 80  r.f...n..T..[...
ssl_tls.c:2841: |4| 02a0:  27 6d 8c 22 52 78 f3 d2 b8 fc 8a 68 b5 e4 1a f4  'm."Rx.....h....
ssl_tls.c:2841: |4| 02b0:  f1 ad 49 b9 9e 6c 9d 37 13 e0 1e 78 6a d1 fe 22  ..I..l.7...xj.."
ssl_tls.c:2841: |4| 02c0:  5e 77 86 66 b7 0b ea db 56 12 ed 59 e3 c1 5f 4d  ^w.f....V..Y.._M
ssl_tls.c:2841: |4| 02d0:  fb 4d 15 a3 21 f3 58 e8 f1 2a 2b 79 11 66 63 24  .M..!.X..*+y.fc$
ssl_tls.c:2841: |4| 02e0:  81 7c cc c6 3d 14 cc 37 68 12 ef 92 54 64 38 ff  .|..=..7h...Td8.
ssl_tls.c:2841: |4| 02f0:  30 cc c7 2b ac 66 32 93 09 a2 ea a5 87 8b 40 9e  0..+.f2.......@.
ssl_tls.c:2841: |4| 0300:  01 09 cd 70 a7 ec af fa 81 a8 4a b0 51 e9 2f d8  ...p......J.Q./.
ssl_tls.c:2841: |4| 0310:  ea e8 d9 e1 70 10 54 3e fa 42 fc d5 f1 9a 03 c6  ....p.T>.B......
ssl_tls.c:2841: |4| 0320:  5e 4c d0 e3 41 05 68 d7 be d2 e0 c7 66 1c 2b 38  ^L..A.h.....f.+8
ssl_tls.c:2841: |4| 0330:  0b 07 be f4 65 28 b9 a9 a5 59 b4 2a 0f 2e 5a 02  ....e(...Y.*..Z.
ssl_tls.c:2841: |4| 0340:  d0 8d 51 35 29 10 c3 a5 fb 27 34 cb de 26 ae 2b  ..Q5)....'4..&.+
ssl_tls.c:2841: |4| 0350:  f7 a3 f4 79 4d f1 90 fa 47 e3 dd f3 01 bc 4c e1  ...yM...G.....L.
ssl_tls.c:2841: |4| 0360:  30 1f 87 cd 17 38 b1 95 6f a3 04 d8 fc           0....8..o....
ssl_tls.c:2416: |2| => flush output
ssl_tls.c:2435: |2| message length: 877, out_left: 877
ssl_tls.c:2441: |2| ssl->f_send() returned 877 (-0xfffffc93)
ssl_tls.c:2460: |2| <= flush output
ssl_tls.c:2850: |2| <= write record
ssl_tls.c:4307: |2| <= write certificate
ssl_cli.c:3363: |2| client state: 8
ssl_tls.c:2416: |2| => flush output
ssl_tls.c:2428: |2| <= flush output
ssl_cli.c:2809: |2| => write client key exchange
ssl_cli.c:2874: |3| value of 'ECDH: Q(X)' (521 bits) is:
ssl_cli.c:2874: |3|  01 10 e6 91 4f 87 fc bd 21 ae 35 4f 3c d3 54 37
ssl_cli.c:2874: |3|  f8 c2 d9 dd c1 34 3a d0 60 91 03 ca 49 dd 97 1b
ssl_cli.c:2874: |3|  86 9f 90 b0 1a d4 a0 77 28 39 7d 58 81 c1 28 44
ssl_cli.c:2874: |3|  c6 29 a3 13 af 79 32 21 89 da 9f c8 02 0c 09 6e
ssl_cli.c:2874: |3|  6e 8d
ssl_cli.c:2874: |3| value of 'ECDH: Q(Y)' (521 bits) is:
ssl_cli.c:2874: |3|  01 66 d9 c8 14 81 9d ee a4 56 97 10 4d 51 67 d1
ssl_cli.c:2874: |3|  e3 ee b6 34 d3 cc 67 31 ad 1b af d9 80 49 b2 82
ssl_cli.c:2874: |3|  28 1c ef 52 b0 51 c4 41 dd 49 d3 c9 d4 6c f2 24
ssl_cli.c:2874: |3|  e9 31 12 bf 47 13 c3 d6 8d 8d 98 f5 9c 23 45 01
ssl_cli.c:2874: |3|  f4 76
ssl_cli.c:2886: |3| value of 'ECDH: z' (518 bits) is:
ssl_cli.c:2886: |3|  32 f6 0c 0d 69 32 83 42 de 0d f0 bd b0 9d fa 25
ssl_cli.c:2886: |3|  d9 32 e2 e0 f6 7b 61 2f 8b d3 d9 e6 d6 62 a3 fd
ssl_cli.c:2886: |3|  7b 54 74 7b 77 05 a9 52 92 e2 13 7d 76 81 19 d8
ssl_cli.c:2886: |3|  9a dc 8b 60 04 5c 1f 26 53 9c be 64 02 83 01 5f
ssl_cli.c:2886: |3|  0d
ssl_tls.c:2701: |2| => write record
ssl_tls.c:2838: |3| output record: msgtype = 22, version = [3:3], msglen = 138
ssl_tls.c:2841: |4| dumping 'output record sent to network' (143 bytes)
ssl_tls.c:2841: |4| 0000:  16 03 03 00 8a 10 00 00 86 85 04 01 10 e6 91 4f  ...............O
ssl_tls.c:2841: |4| 0010:  87 fc bd 21 ae 35 4f 3c d3 54 37 f8 c2 d9 dd c1  ...!.5O<.T7.....
ssl_tls.c:2841: |4| 0020:  34 3a d0 60 91 03 ca 49 dd 97 1b 86 9f 90 b0 1a  4:.`...I........
ssl_tls.c:2841: |4| 0030:  d4 a0 77 28 39 7d 58 81 c1 28 44 c6 29 a3 13 af  ..w(9}X..(D.)...
ssl_tls.c:2841: |4| 0040:  79 32 21 89 da 9f c8 02 0c 09 6e 6e 8d 01 66 d9  y2!.......nn..f.
ssl_tls.c:2841: |4| 0050:  c8 14 81 9d ee a4 56 97 10 4d 51 67 d1 e3 ee b6  ......V..MQg....
ssl_tls.c:2841: |4| 0060:  34 d3 cc 67 31 ad 1b af d9 80 49 b2 82 28 1c ef  4..g1.....I..(..
ssl_tls.c:2841: |4| 0070:  52 b0 51 c4 41 dd 49 d3 c9 d4 6c f2 24 e9 31 12  R.Q.A.I...l.$.1.
ssl_tls.c:2841: |4| 0080:  bf 47 13 c3 d6 8d 8d 98 f5 9c 23 45 01 f4 76     .G........#E..v
ssl_tls.c:2416: |2| => flush output
ssl_tls.c:2435: |2| message length: 143, out_left: 143
ssl_tls.c:2441: |2| ssl->f_send() returned 143 (-0xffffff71)
ssl_tls.c:2460: |2| <= flush output
ssl_tls.c:2850: |2| <= write record
ssl_cli.c:3051: |2| <= write client key exchange
ssl_cli.c:3363: |2| client state: 9
ssl_tls.c:2416: |2| => flush output
ssl_tls.c:2428: |2| <= flush output
ssl_cli.c:3102: |2| => write certificate verify
ssl_tls.c:0501: |2| => derive keys
ssl_tls.c:0579: |3| dumping 'premaster secret' (66 bytes)
ssl_tls.c:0579: |3| 0000:  00 32 f6 0c 0d 69 32 83 42 de 0d f0 bd b0 9d fa  .2...i2.B.......
ssl_tls.c:0579: |3| 0010:  25 d9 32 e2 e0 f6 7b 61 2f 8b d3 d9 e6 d6 62 a3  %.2...{a/.....b.
ssl_tls.c:0579: |3| 0020:  fd 7b 54 74 7b 77 05 a9 52 92 e2 13 7d 76 81 19  .{Tt{w..R...}v..
ssl_tls.c:0579: |3| 0030:  d8 9a dc 8b 60 04 5c 1f 26 53 9c be 64 02 83 01  ....`.\.&S..d...
ssl_tls.c:0579: |3| 0040:  5f 0d                                            _.
ssl_tls.c:0667: |3| ciphersuite = TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
ssl_tls.c:0668: |3| dumping 'master secret' (48 bytes)
ssl_tls.c:0668: |3| 0000:  6c f0 28 b2 dc 90 21 54 8b ff 94 27 60 40 c4 a2  l.(...!T...'`@..
ssl_tls.c:0668: |3| 0010:  55 5c 81 47 e3 8d a5 f0 e3 63 fa a6 af c8 44 ea  U\.G.....c....D.
ssl_tls.c:0668: |3| 0020:  23 6f 53 66 91 71 fc 8b bf 9b 3b 9b 8a 74 f8 f8  #oSf.q....;..t..
ssl_tls.c:0669: |4| dumping 'random bytes' (64 bytes)
ssl_tls.c:0669: |4| 0000:  5a 4a 4c ee 86 40 d8 4c 5d bb 40 00 9c c3 c8 4c  ZJL..@.L].@....L
ssl_tls.c:0669: |4| 0010:  b9 9f e0 cc 17 4e 4f 2b dd 23 0c a8 74 da 13 b5  .....NO+.#..t...
ssl_tls.c:0669: |4| 0020:  5a 4a 4c ee 16 ed 49 b3 a2 dc e6 86 78 e6 e8 32  ZJL...I.....x..2
ssl_tls.c:0669: |4| 0030:  cc 8d d1 66 04 47 f1 1b c2 46 89 0e 13 72 b9 8f  ...f.G...F...r..
ssl_tls.c:0670: |4| dumping 'key block' (256 bytes)
ssl_tls.c:0670: |4| 0000:  ad 56 70 53 d1 15 62 f9 71 0b a2 41 39 d3 a2 3f  .VpS..b.q..A9..?
ssl_tls.c:0670: |4| 0010:  b4 c0 ce 7c a4 34 db 8a 2f 4c 7d d7 1a 1a f2 1c  ...|.4../L}.....
ssl_tls.c:0670: |4| 0020:  90 47 40 f8 84 7e 32 c9 0a 63 56 d2 61 50 b3 42  .G@..~2..cV.aP.B
ssl_tls.c:0670: |4| 0030:  09 da 33 72 ba 3f 8d 1f 72 ba 1b 77 af cb 4d 0c  ..3r.?..r..w..M.
ssl_tls.c:0670: |4| 0040:  a9 8c 57 6d 80 8d e4 79 bf f1 3f 32 c6 72 df aa  ..Wm...y..?2.r..
ssl_tls.c:0670: |4| 0050:  23 8f 1e f4 51 09 b1 3f a7 71 db 17 4c c4 be 48  #...Q..?.q..L..H
ssl_tls.c:0670: |4| 0060:  e3 6f dc dd 7a 50 7b 9a 48 93 2e 52 9b 17 22 c5  .o..zP{.H..R..".
ssl_tls.c:0670: |4| 0070:  08 25 37 0a ec 36 02 f5 4e d6 e8 ec 7f 94 88 2c  .%7..6..N......,
ssl_tls.c:0670: |4| 0080:  1e f3 c9 8d 0e 1f 71 7e 88 ea 80 32 1c ed ff f1  ......q~...2....
ssl_tls.c:0670: |4| 0090:  9f 51 bf c3 78 60 bb 21 e5 c7 8a 36 9f b1 0f bb  .Q..x`.!...6....
ssl_tls.c:0670: |4| 00a0:  6d b6 c3 d3 fb 1a d9 e8 50 ce dd bd 6a 20 48 e0  m.......P...j H.
ssl_tls.c:0670: |4| 00b0:  a2 fd 95 9f e2 ff c0 c8 c0 b3 56 bd d9 ce b8 e5  ..........V.....
ssl_tls.c:0670: |4| 00c0:  a9 e6 cf 81 d2 47 b7 a4 bf 50 91 23 11 52 84 12  .....G...P.#.R..
ssl_tls.c:0670: |4| 00d0:  51 8b d9 0c dc d0 8f 88 cc b1 56 8a 90 3f 5f 43  Q.........V..?_C
ssl_tls.c:0670: |4| 00e0:  ca 2d 1d dd a1 6b 2f ad 98 6a c5 98 53 31 d3 a4  .-...k/..j..S1..
ssl_tls.c:0670: |4| 00f0:  80 52 15 9d 4f 8a d5 24 c0 a9 81 37 9e f8 32 10  .R..O..$...7..2.
ssl_tls.c:0767: |3| keylen: 32, minlen: 24, ivlen: 12, maclen: 0
ssl_tls.c:0957: |2| <= derive keys
ssl_tls.c:1067: |2| => calc verify sha384
ssl_tls.c:1072: |3| dumping 'calculated verify result' (48 bytes)
ssl_tls.c:1072: |3| 0000:  ea cc f0 f6 b1 1c c0 c3 33 37 70 23 c1 63 7f 97  ........37p#.c..
ssl_tls.c:1072: |3| 0010:  70 16 93 22 a1 be 1d 29 d2 23 4f 71 46 bc b9 00  p.."...).#OqF...
ssl_tls.c:1072: |3| 0020:  a5 11 c4 7d f7 64 4f f9 cf 41 23 26 c5 7c bc 1f  ...}.dO..A#&.|..
ssl_tls.c:1073: |2| <= calc verify
ssl_tls.c:2701: |2| => write record
ssl_tls.c:2838: |3| output record: msgtype = 22, version = [3:3], msglen = 264
ssl_tls.c:2841: |4| dumping 'output record sent to network' (269 bytes)
ssl_tls.c:2841: |4| 0000:  16 03 03 01 08 0f 00 01 04 05 01 01 00 91 12 03  ................
ssl_tls.c:2841: |4| 0010:  b7 9a bb 7c 3c 28 cb d8 33 5d dd e1 36 10 36 27  ...|<(..3]..6.6'
ssl_tls.c:2841: |4| 0020:  c1 9b 3f 0d e4 9a 58 ab 0b d3 f9 2b 14 a2 20 00  ..?...X....+.. .
ssl_tls.c:2841: |4| 0030:  17 76 27 67 5a cb 97 27 26 de 1f e6 17 38 b7 d5  .v'gZ..'&....8..
ssl_tls.c:2841: |4| 0040:  7b d9 19 24 45 e9 39 cc 49 5c 5f 1d 19 21 7c 43  {..$E.9.I\_..!|C
ssl_tls.c:2841: |4| 0050:  19 ea 7c 48 72 3c 22 26 6b f0 16 5e 66 9a 59 a9  ..|Hr<"&k..^f.Y.
ssl_tls.c:2841: |4| 0060:  38 6f f9 17 58 5c 8a a2 c3 e3 83 2e dc c6 a8 ec  8o..X\..........
ssl_tls.c:2841: |4| 0070:  71 9d 26 ab 7d 0d 11 01 1c c8 99 86 19 8f 69 21  q.&.}.........i!
ssl_tls.c:2841: |4| 0080:  4c 11 ad 4c 1a 9b fc bb 90 ae 6d 18 72 ee 6a eb  L..L......m.r.j.
ssl_tls.c:2841: |4| 0090:  5f 83 41 ef cf f1 3e 3f e5 c4 0a 64 f2 45 40 ed  _.A...>?...d.E@.
ssl_tls.c:2841: |4| 00a0:  84 79 ae 48 77 8c 46 73 c0 9d 63 cc f1 de f3 22  .y.Hw.Fs..c...."
ssl_tls.c:2841: |4| 00b0:  8b 04 11 e3 97 72 a0 4b ea fc e3 4d fe 06 aa 87  .....r.K...M....
ssl_tls.c:2841: |4| 00c0:  75 5d f4 5f d1 c5 89 9e 06 5a 65 76 e3 62 6c b6  u]._.....Zev.bl.
ssl_tls.c:2841: |4| 00d0:  32 56 5b 09 f8 c5 77 2a 23 28 89 9e d9 be 53 16  2V[...w*#(....S.
ssl_tls.c:2841: |4| 00e0:  05 70 57 90 41 a8 b5 25 51 d3 50 e3 7d 16 4f a3  .pW.A..%Q.P.}.O.
ssl_tls.c:2841: |4| 00f0:  40 5e 72 88 a9 df 8b 43 25 4a 87 45 34 d6 04 36  @^r....C%J.E4..6
ssl_tls.c:2841: |4| 0100:  bb ed 47 06 19 1d 47 21 e3 a5 67 01 f5           ..G...G!..g..
ssl_tls.c:2416: |2| => flush output
ssl_tls.c:2435: |2| message length: 269, out_left: 269
ssl_tls.c:2441: |2| ssl->f_send() returned 269 (-0xfffffef3)
ssl_tls.c:2460: |2| <= flush output
ssl_tls.c:2850: |2| <= write record
ssl_cli.c:3236: |2| <= write certificate verify
ssl_cli.c:3363: |2| client state: 10
ssl_tls.c:2416: |2| => flush output
ssl_tls.c:2428: |2| <= flush output
ssl_tls.c:4700: |2| => write change cipher spec
ssl_tls.c:2701: |2| => write record
ssl_tls.c:2838: |3| output record: msgtype = 20, version = [3:3], msglen = 1
ssl_tls.c:2841: |4| dumping 'output record sent to network' (6 bytes)
ssl_tls.c:2841: |4| 0000:  14 03 03 00 01 01                                ......
ssl_tls.c:2416: |2| => flush output
ssl_tls.c:2435: |2| message length: 6, out_left: 6
ssl_tls.c:2441: |2| ssl->f_send() returned 6 (-0xfffffffa)
ssl_tls.c:2460: |2| <= flush output
ssl_tls.c:2850: |2| <= write record
ssl_tls.c:4714: |2| <= write change cipher spec
ssl_cli.c:3363: |2| client state: 11
ssl_tls.c:2416: |2| => flush output
ssl_tls.c:2428: |2| <= flush output
ssl_tls.c:5233: |2| => write finished
ssl_tls.c:5107: |2| => calc  finished tls sha384
ssl_tls.c:5119: |4| dumping 'finished sha512 state' (64 bytes)
ssl_tls.c:5119: |4| 0000:  68 b6 cb 8c 7f e7 f5 78 61 11 a9 94 f2 4e f7 1f  h......xa....N..
ssl_tls.c:5119: |4| 0010:  f5 87 32 b7 fe bc 25 99 c9 78 bf 26 b3 9d c1 98  ..2...%..x.&....
ssl_tls.c:5119: |4| 0020:  17 a3 8f 96 5e c6 10 68 21 dc 8c 48 fe ee dd 14  ....^..h!..H....
ssl_tls.c:5119: |4| 0030:  83 ad 4b 55 76 29 89 e3 4b 85 0a ce da 8b e2 b9  ..KUv)..K.......
ssl_tls.c:5131: |3| dumping 'calc finished result' (12 bytes)
ssl_tls.c:5131: |3| 0000:  09 8f 74 6c db 88 83 54 11 5c 37 38              ..tl...T.\78
ssl_tls.c:5137: |2| <= calc  finished
ssl_tls.c:5287: |3| switching to new transform spec for outbound data
ssl_tls.c:2701: |2| => write record
ssl_tls.c:1258: |2| => encrypt buf
ssl_tls.c:1269: |4| dumping 'before encrypt: output payload' (16 bytes)
ssl_tls.c:1269: |4| 0000:  14 00 00 0c 09 8f 74 6c db 88 83 54 11 5c 37 38  ......tl...T.\78
ssl_tls.c:1371: |4| dumping 'additional data used for AEAD' (13 bytes)
ssl_tls.c:1371: |4| 0000:  00 00 00 00 00 00 00 00 16 03 03 00 10           .............
ssl_tls.c:1388: |4| dumping 'IV used' (8 bytes)
ssl_tls.c:1388: |4| 0000:  00 00 00 00 00 00 00 00                          ........
ssl_tls.c:1400: |3| before encrypt: msglen = 24, including 0 bytes of padding
ssl_tls.c:1426: |4| dumping 'after encrypt: tag' (16 bytes)
ssl_tls.c:1426: |4| 0000:  0b 2b cb 7f 70 a3 6c 96 e0 fe 6e c7 e7 25 32 e5  .+..p.l...n..%2.
ssl_tls.c:1560: |2| <= encrypt buf
ssl_tls.c:2838: |3| output record: msgtype = 22, version = [3:3], msglen = 40
ssl_tls.c:2841: |4| dumping 'output record sent to network' (45 bytes)
ssl_tls.c:2841: |4| 0000:  16 03 03 00 28 00 00 00 00 00 00 00 00 71 2c aa  ....(........q,.
ssl_tls.c:2841: |4| 0010:  f2 8b 8c 73 80 23 12 ba 38 e5 01 cd 0f 0b 2b cb  ...s.#..8.....+.
ssl_tls.c:2841: |4| 0020:  7f 70 a3 6c 96 e0 fe 6e c7 e7 25 32 e5           .p.l...n..%2.
ssl_tls.c:2416: |2| => flush output
ssl_tls.c:2435: |2| message length: 45, out_left: 45
ssl_tls.c:2441: |2| ssl->f_send() returned 45 (-0xffffffd3)
ssl_tls.c:2460: |2| <= flush output
ssl_tls.c:2850: |2| <= write record
ssl_tls.c:5342: |2| <= write finished
ssl_cli.c:3363: |2| client state: 12
ssl_tls.c:2416: |2| => flush output
ssl_tls.c:2428: |2| <= flush output
ssl_tls.c:4723: |2| => parse change cipher spec
ssl_tls.c:3721: |2| => read record
ssl_tls.c:2208: |2| => fetch input
ssl_tls.c:2366: |2| in_left: 0, nb_want: 5
ssl_tls.c:2390: |2| in_left: 0, nb_want: 5
ssl_tls.c:2391: |2| ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
ssl_tls.c:2403: |2| <= fetch input
ssl_tls.c:3478: |4| dumping 'input record header' (5 bytes)
ssl_tls.c:3478: |4| 0000:  14 03 03 00 01                                   .....
ssl_tls.c:3487: |3| input record: msgtype = 20, version = [3:3], msglen = 1
ssl_tls.c:2208: |2| => fetch input
ssl_tls.c:2366: |2| in_left: 5, nb_want: 6
ssl_tls.c:2390: |2| in_left: 5, nb_want: 6
ssl_tls.c:2391: |2| ssl->f_recv(_timeout)() returned 1 (-0xffffffff)
ssl_tls.c:2403: |2| <= fetch input
ssl_tls.c:3650: |4| dumping 'input record from network' (6 bytes)
ssl_tls.c:3650: |4| 0000:  14 03 03 00 01 01                                ......
ssl_tls.c:3754: |2| <= read record
ssl_tls.c:4751: |3| switching to new transform spec for inbound data
ssl_tls.c:4801: |2| <= parse change cipher spec
ssl_cli.c:3363: |2| client state: 13
ssl_tls.c:2416: |2| => flush output
ssl_tls.c:2428: |2| <= flush output
ssl_tls.c:5359: |2| => parse finished
ssl_tls.c:5107: |2| => calc  finished tls sha384
ssl_tls.c:5119: |4| dumping 'finished sha512 state' (64 bytes)
ssl_tls.c:5119: |4| 0000:  68 b6 cb 8c 7f e7 f5 78 61 11 a9 94 f2 4e f7 1f  h......xa....N..
ssl_tls.c:5119: |4| 0010:  f5 87 32 b7 fe bc 25 99 c9 78 bf 26 b3 9d c1 98  ..2...%..x.&....
ssl_tls.c:5119: |4| 0020:  17 a3 8f 96 5e c6 10 68 21 dc 8c 48 fe ee dd 14  ....^..h!..H....
ssl_tls.c:5119: |4| 0030:  83 ad 4b 55 76 29 89 e3 4b 85 0a ce da 8b e2 b9  ..KUv)..K.......
ssl_tls.c:5131: |3| dumping 'calc finished result' (12 bytes)
ssl_tls.c:5131: |3| 0000:  ce f3 a6 b7 57 d1 80 ba aa 85 ad da              ....W.......
ssl_tls.c:5137: |2| <= calc  finished
ssl_tls.c:3721: |2| => read record
ssl_tls.c:2208: |2| => fetch input
ssl_tls.c:2366: |2| in_left: 0, nb_want: 5
ssl_tls.c:2390: |2| in_left: 0, nb_want: 5
ssl_tls.c:2391: |2| ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
ssl_tls.c:2403: |2| <= fetch input
ssl_tls.c:3478: |4| dumping 'input record header' (5 bytes)
ssl_tls.c:3478: |4| 0000:  16 03 03 00 28                                   ....(
ssl_tls.c:3487: |3| input record: msgtype = 22, version = [3:3], msglen = 40
ssl_tls.c:2208: |2| => fetch input
ssl_tls.c:2366: |2| in_left: 5, nb_want: 45
ssl_tls.c:2390: |2| in_left: 5, nb_want: 45
ssl_tls.c:2391: |2| ssl->f_recv(_timeout)() returned 40 (-0xffffffd8)
ssl_tls.c:2403: |2| <= fetch input
ssl_tls.c:3650: |4| dumping 'input record from network' (45 bytes)
ssl_tls.c:3650: |4| 0000:  16 03 03 00 28 00 00 00 00 00 00 00 00 5f 7b 55  ....(........_{U
ssl_tls.c:3650: |4| 0010:  bb 0d f7 c2 d6 b4 4e 5b f3 6f b0 52 1c 10 e5 d2  ......N[.o.R....
ssl_tls.c:3650: |4| 0020:  db 65 7d 63 92 34 51 73 a9 1f cb 06 87           .e}c.4Qs.....
ssl_tls.c:1576: |2| => decrypt buf
ssl_tls.c:1654: |4| dumping 'additional data used for AEAD' (13 bytes)
ssl_tls.c:1654: |4| 0000:  00 00 00 00 00 00 00 00 16 03 03 00 10           .............
ssl_tls.c:1661: |4| dumping 'IV used' (12 bytes)
ssl_tls.c:1661: |4| 0000:  80 8d e4 79 00 00 00 00 00 00 00 00              ...y........
ssl_tls.c:1662: |4| dumping 'TAG used' (16 bytes)
ssl_tls.c:1662: |4| 0000:  10 e5 d2 db 65 7d 63 92 34 51 73 a9 1f cb 06 87  ....e}c.4Qs.....
ssl_tls.c:1912: |4| dumping 'raw buffer after decryption' (16 bytes)
ssl_tls.c:1912: |4| 0000:  14 00 00 0c ce f3 a6 b7 57 d1 80 ba aa 85 ad da  ........W.......
ssl_tls.c:2051: |2| <= decrypt buf
ssl_tls.c:3677: |4| dumping 'input payload after decrypt' (16 bytes)
ssl_tls.c:3677: |4| 0000:  14 00 00 0c ce f3 a6 b7 57 d1 80 ba aa 85 ad da  ........W.......
ssl_tls.c:3089: |3| handshake message: msglen = 16, type = 20, hslen = 16
ssl_tls.c:3754: |2| <= read record
ssl_tls.c:5427: |2| <= parse finished
ssl_cli.c:3363: |2| client state: 14
ssl_tls.c:2416: |2| => flush output
ssl_tls.c:2428: |2| <= flush output
ssl_cli.c:3474: |2| handshake: done
ssl_cli.c:3363: |2| client state: 15
ssl_tls.c:2416: |2| => flush output
ssl_tls.c:2428: |2| <= flush output
ssl_tls.c:5171: |3| => handshake wrapup
ssl_tls.c:5144: |3| => handshake wrapup: final free
ssl_tls.c:5164: |3| <= handshake wrapup: final free
ssl_tls.c:5226: |3| <= handshake wrapup
ssl_tls.c:6567: |2| <= handshake
 ok
    [ Protocol is TLSv1.2 ]
    [ Ciphersuite is TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 ]
    [ Record expansion is 29 ]
    [ Maximum fragment length is 16384 ]
  . Verifying peer X.509 certificate... ok
  . Peer certificate information    ...
      cert. version     : 3
      serial number     : 20:F1:8E:AC:7A:4C:33:E9:B8:AD:83:09:87:98:61:D5
      issuer name       : C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 ECC 256 bit SSL CA - G2
      subject name      : C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=*.iot.ap-southeast-1.amazonaws.com
      issued  on        : 2017-03-07 00:00:00
      expires on        : 2018-03-08 23:59:59
      signed using      : ECDSA with SHA256
      EC key size       : 256 bits
      basic constraints : CA=false
      subject alt name  : iot.ap-southeast-1.amazonaws.com, *.iot.ap-southeast-1.amazonaws.com
      key usage         : Digital Signature
      ext key usage     : TLS Web Server Authentication, TLS Web Client Authentication

  > Write to server:ssl_tls.c:7143: |2| => write
ssl_tls.c:2701: |2| => write record
ssl_tls.c:1258: |2| => encrypt buf
ssl_tls.c:1269: |4| dumping 'before encrypt: output payload' (34 bytes)
ssl_tls.c:1269: |4| 0000:  47 45 54 20 2f 20 48 54 54 50 2f 31 2e 30 0d 0a  GET / HTTP/1.0..
ssl_tls.c:1269: |4| 0010:  45 78 74 72 61 2d 68 65 61 64 65 72 3a 20 0d 0a  Extra-header: ..
ssl_tls.c:1269: |4| 0020:  0d 0a                                            ..
ssl_tls.c:1371: |4| dumping 'additional data used for AEAD' (13 bytes)
ssl_tls.c:1371: |4| 0000:  00 00 00 00 00 00 00 01 17 03 03 00 22           ............"
ssl_tls.c:1388: |4| dumping 'IV used' (8 bytes)
ssl_tls.c:1388: |4| 0000:  00 00 00 00 00 00 00 01                          ........
ssl_tls.c:1400: |3| before encrypt: msglen = 42, including 0 bytes of padding
ssl_tls.c:1426: |4| dumping 'after encrypt: tag' (16 bytes)
ssl_tls.c:1426: |4| 0000:  2c 15 d3 d9 3d 30 dc 59 19 82 28 35 3a 11 f5 5c  ,...=0.Y..(5:..\
ssl_tls.c:1560: |2| <= encrypt buf
ssl_tls.c:2838: |3| output record: msgtype = 23, version = [3:3], msglen = 58
ssl_tls.c:2841: |4| dumping 'output record sent to network' (63 bytes)
ssl_tls.c:2841: |4| 0000:  17 03 03 00 3a 00 00 00 00 00 00 00 01 e1 ef 97  ....:...........
ssl_tls.c:2841: |4| 0010:  0c d5 58 67 8f 5f 58 c8 50 9b db 68 7b 98 6b da  ..Xg._X.P..h{.k.
ssl_tls.c:2841: |4| 0020:  ae e3 47 55 d1 80 3d 51 9d 3f 0e 8b a7 e4 b9 2c  ..GU..=Q.?.....,
ssl_tls.c:2841: |4| 0030:  15 d3 d9 3d 30 dc 59 19 82 28 35 3a 11 f5 5c     ...=0.Y..(5:..\
ssl_tls.c:2416: |2| => flush output
ssl_tls.c:2435: |2| message length: 63, out_left: 63
ssl_tls.c:2441: |2| ssl->f_send() returned 63 (-0xffffffc1)
ssl_tls.c:2460: |2| <= flush output
ssl_tls.c:2850: |2| <= write record
ssl_tls.c:7171: |2| <= write
 34 bytes written in 1 fragments

GET / HTTP/1.0
Extra-header: 

< Read from server:ssl_tls.c:6743: |2| => read
ssl_tls.c:0082: |3| set_timer to 0 ms
ssl_tls.c:3721: |2| => read record
ssl_tls.c:2208: |2| => fetch input
ssl_tls.c:2366: |2| in_left: 0, nb_want: 5
ssl_tls.c:2391: |2| ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
ssl_tls.c:2403: |2| <= fetch input
ssl_tls.c:3478: |4| dumping 'input record header' (5 bytes)
ssl_tls.c:3478: |4| 0000:  15 03 03 00 1a                                   .....
ssl_tls.c:3487: |3| input record: msgtype = 21, version = [3:3], msglen = 26
ssl_tls.c:2208: |2| => fetch input
ssl_tls.c:2366: |2| in_left: 5, nb_want: 31
ssl_tls.c:2390: |2| in_left: 5, nb_want: 31
ssl_tls.c:2391: |2| ssl->f_recv(_timeout)() returned 26 (-0xffffffe6)
ssl_tls.c:2403: |2| <= fetch input
ssl_tls.c:3650: |4| dumping 'input record from network' (31 bytes)
ssl_tls.c:3650: |4| 0000:  15 03 03 00 1a 00 00 00 00 00 00 00 01 62 49 64  .............bId
ssl_tls.c:3650: |4| 0010:  85 dc 03 9c 2a ac 9d 3f ec 90 22 b4 56 6d c5     ....*..?..".Vm.
ssl_tls.c:1576: |2| => decrypt buf
ssl_tls.c:1654: |4| dumping 'additional data used for AEAD' (13 bytes)
ssl_tls.c:1654: |4| 0000:  00 00 00 00 00 00 00 01 15 03 03 00 02           .............
ssl_tls.c:1661: |4| dumping 'IV used' (12 bytes)
ssl_tls.c:1661: |4| 0000:  80 8d e4 79 00 00 00 00 00 00 00 01              ...y........
ssl_tls.c:1662: |4| dumping 'TAG used' (16 bytes)
ssl_tls.c:1662: |4| 0000:  64 85 dc 03 9c 2a ac 9d 3f ec 90 22 b4 56 6d c5  d....*..?..".Vm.
ssl_tls.c:1912: |4| dumping 'raw buffer after decryption' (2 bytes)
ssl_tls.c:1912: |4| 0000:  01 00                                            ..
ssl_tls.c:2051: |2| <= decrypt buf
ssl_tls.c:3677: |4| dumping 'input payload after decrypt' (2 bytes)
ssl_tls.c:3677: |4| 0000:  01 00                                            ..
ssl_tls.c:4053: |2| got an alert message, type: [1:0]
ssl_tls.c:4068: |2| is a close notify message
ssl_tls.c:3739: |1| mbedtls_ssl_read_record_layer() returned -30848 (-0x7880)
ssl_tls.c:6842: |1| mbedtls_ssl_read_record() returned -30848 (-0x7880)
 connection was closed gracefully
  . Closing the connection...ssl_tls.c:7186: |2| => write close notify
ssl_tls.c:4124: |2| => send alert message
ssl_tls.c:4125: |3| send alert level=1 message=0
ssl_tls.c:2701: |2| => write record
ssl_tls.c:1258: |2| => encrypt buf
ssl_tls.c:1269: |4| dumping 'before encrypt: output payload' (2 bytes)
ssl_tls.c:1269: |4| 0000:  01 00                                            ..
ssl_tls.c:1371: |4| dumping 'additional data used for AEAD' (13 bytes)
ssl_tls.c:1371: |4| 0000:  00 00 00 00 00 00 00 02 15 03 03 00 02           .............
ssl_tls.c:1388: |4| dumping 'IV used' (8 bytes)
ssl_tls.c:1388: |4| 0000:  00 00 00 00 00 00 00 02                          ........
ssl_tls.c:1400: |3| before encrypt: msglen = 10, including 0 bytes of padding
ssl_tls.c:1426: |4| dumping 'after encrypt: tag' (16 bytes)
ssl_tls.c:1426: |4| 0000:  bc bd f9 89 4e 80 eb 37 a1 db 64 d2 10 82 6b d0  ....N..7..d...k.
ssl_tls.c:1560: |2| <= encrypt buf
ssl_tls.c:2838: |3| output record: msgtype = 21, version = [3:3], msglen = 26
ssl_tls.c:2841: |4| dumping 'output record sent to network' (31 bytes)
ssl_tls.c:2841: |4| 0000:  15 03 03 00 1a 00 00 00 00 00 00 00 02 18 a3 bc  ................
ssl_tls.c:2841: |4| 0010:  bd f9 89 4e 80 eb 37 a1 db 64 d2 10 82 6b d0     ...N..7..d...k.
ssl_tls.c:2416: |2| => flush output
ssl_tls.c:2435: |2| message length: 31, out_left: 31
ssl_tls.c:2441: |2| ssl->f_send() returned 31 (-0xffffffe1)
ssl_tls.c:2460: |2| <= flush output
ssl_tls.c:2850: |2| <= write record
ssl_tls.c:4137: |2| <= send alert message
ssl_tls.c:7202: |2| <= write close notify
 done
ssl_tls.c:7344: |2| => free
ssl_tls.c:7409: |2| <= free

Please,Let me know if you find anything suspicious.

RonEld commented 6 years ago

Hi @tmtpune The log shows a successful TLS handshake, with the HTTPS GET command after the handshake was finished, int he client application

tmtpune commented 6 years ago

Hello RonEld,

You are right....The log we had submitted was from a successful connection using a standalone application compiled from from mbedtls/programs/ssl_client2.c (ssl_client2). In this test we were trying to prove that nothing is wrong with the server certificate we were using.

When we use the same certificate with our code(tls_init() from my first post) and your suggested config changes we get -0x2700 ssl handshake error. It seems like an issue with certificate chain.....but how does ssl_client2 work fine.

tmtpune commented 6 years ago

Hello RonEld,

We are waiting for your valuable suggestion.

RonEld commented 6 years ago

Hi @tmtpune I am not sure what is your question. I have suggested for you to look at full logs, in case of failure, and you will see the reason for the certificate verification failure. As mentioned before, it could be several reasons, but without you looking at verification flag, you won't have a lead of root cause. Since the same certificate is working on the standalone application, the I believe it is not a matter of missing CA trusted root certificate. It could be a configuration problem, memory issue, or the system clock on your platform isn't configured correct.
Regards,
Mbed TLS Team member
Ron

RonEld commented 6 years ago

Closing as I believe this issue was addressed. If you think the issue was not fully addressed, please reopen.

Mbed-TLS / mbedtls

MBEDTLS: SSL HANDSHAKE 40 ERROR #1235

Description

Question

The following is my client side ssl code, config[mbedtls_config_NORDIC.h] for reference :