sa-cloud commented 5 years ago

Read the FAQ first: https://github.com/edenhill/librdkafka/wiki/FAQ

Description

I followed the link https://github.com/edenhill/librdkafka/wiki/Using-SSL-with-librdkafka exactly to create all of the described files. I used broker_???????server.keystore.jks and broker????????_server.truststore.jks to install kafka. Tested the kafka with kafka-console-producer and kafka-console-consumer and it is working.

Now I try to connect to it from node-rdkafka client using the pem files, exactly the way it is described in the link in Configure librdkafka client section and only get "broker transport failure".

Using debug='security,broker' got this:

{"message":"Producer event.log: '{\"severity\":7,\"fac\":\"CONNECT\",\"message\":\"[thrd:sasl_ssl://dh-kafka-0.dh-kafka-headless.cert-manager.svc.cluste]: sasl_ssl://dh-kafka-0.dh-kafka-headless.cert-manager.svc.cluster.local:9092/bootstrap: Connected to ipv4#10.1.132.106:9092\"}'","instanceId":"SystemId","module":"Producer","execTime_date":"2019-06-11T13:03:56.679Z","logLevel":"DEBUG"}
{"message":"Producer event.log: '{\"severity\":7,\"fac\":\"BRKMAIN\",\"message\":\"[thrd::0/internal]: :0/internal: Enter main broker thread\"}'","instanceId":"SystemId","module":"Producer","execTime_date":"2019-06-11T13:03:56.679Z","logLevel":"DEBUG"}
  message: '[thrd:sasl_ssl://dh-kafka-0.dh-kafka-headless.cert-manager.svc.cluste]: sasl_ssl://dh-kafka-0.dh-kafka-headless.cert-manager.svc.cluster.local:9092/bootstrap: Connecting to ipv4#10.1.132.106:9092 (sasl_ssl) with socket 14' }
{ severity: 7,
  fac: 'CONNECT',
  message: '[thrd:sasl_ssl://dh-kafka-0.dh-kafka-headless.cert-manager.svc.cluste]: sasl_ssl://dh-kafka-0.dh-kafka-headless.cert-manager.svc.cluster.local:9092/bootstrap: Connected to ipv4#10.1.132.106:9092' }
{ severity: 7,
  fac: 'BRKMAIN',
  message: '[thrd::0/internal]: :0/internal: Enter main broker thread' }
{"message":"Producer event.log: '{\"severity\":7,\"fac\":\"CONNECT\",\"message\":\"[thrd:app]: Not selecting any broker for cluster connection: still suppressed for 38ms: application metadata request\"}'","instanceId":"SystemId","module":"Producer","execTime_date":"2019-06-11T13:03:56.680Z","logLevel":"DEBUG"}
{ severity: 7,
  fac: 'CONNECT',
  message: '[thrd:app]: Not selecting any broker for cluster connection: still suppressed for 38ms: application metadata request' }
{"message":"Producer event.log: '{\"severity\":7,\"fac\":\"CONNECT\",\"message\":\"[thrd:app]: Not selecting any broker for cluster connection: still suppressed for 38ms: application metadata request\"}'","instanceId":"SystemId","module":"Producer","execTime_date":"2019-06-11T13:03:56.680Z","logLevel":"DEBUG"}
{ severity: 7,
  fac: 'CONNECT',
  message: '[thrd:app]: Not selecting any broker for cluster connection: still suppressed for 38ms: application metadata request' }
{"message":"Producer event.log: '{\"severity\":7,\"fac\":\"BROKERFAIL\",\"message\":\"[thrd:sasl_ssl://dh-kafka-0.dh-kafka-headless.cert-manager.svc.cluste]: sasl_ssl://dh-kafka-0.dh-kafka-headless.cert-manager.svc.cluster.local:9092/bootstrap: failed: err: Local: SSL error: (errno: No error information)\"}'","instanceId":"SystemId","module":"Producer","execTime_date":"2019-06-11T13:03:56.680Z","logLevel":"DEBUG"}
{ severity: 7,
  fac: 'BROKERFAIL',
  message: '[thrd:sasl_ssl://dh-kafka-0.dh-kafka-headless.cert-manager.svc.cluste]: sasl_ssl://dh-kafka-0.dh-kafka-headless.cert-manager.svc.cluster.local:9092/bootstrap: failed: err: Local: SSL error: (errno: No error information)' }
{ severity: 7,
  fac: 'STATE',
  message: '[thrd:sasl_ssl://dh-kafka-0.dh-kafka-headless.cert-manager.svc.cluste]: sasl_ssl://dh-kafka-0.dh-kafka-headless.cert-manager.svc.cluster.local:9092/bootstrap: Broker changed state CONNECT -> DOWN' }

Tested with openssl:
openssl s_client -host dh-kafka-0.dh-kafka-headless.cert-manager.svc.cluster.local -port 9092 -CAfile ./certs/ca-cert -cert ./certs/kafka.client.pem -key ./certs/kafka.client.key -pass "pass:test1234" -state -debug

CONNECTED(00000003)
SSL_connect:before/connect initialization
write to 0x5604524bfe60 [0x560452572b20] (307 bytes => 307 (0x133))
0000 - 16 03 01 01 2e 01 00 01-2a 03 03 6d e9 6f 52 f2   ........*..m.oR.
0010 - fd 1a e0 cc 4e 9d c8 19-d2 38 b0 8a 27 92 aa dc   ....N....8..'...
0020 - 95 9a 1b 50 4e 73 31 80-1f 40 4b 00 00 ac c0 30   ...PNs1..@K....0
0030 - c0 2c c0 28 c0 24 c0 14-c0 0a 00 a5 00 a3 00 a1   .,.(.$..........
0040 - 00 9f 00 6b 00 6a 00 69-00 68 00 39 00 38 00 37   ...k.j.i.h.9.8.7
0050 - 00 36 00 88 00 87 00 86-00 85 c0 32 c0 2e c0 2a   .6.........2...*
0060 - c0 26 c0 0f c0 05 00 9d-00 3d 00 35 00 84 c0 2f   .&.......=.5.../
0070 - c0 2b c0 27 c0 23 c0 13-c0 09 00 a4 00 a2 00 a0   .+.'.#..........
0080 - 00 9e 00 67 00 40 00 3f-00 3e 00 33 00 32 00 31   ...g.@.?.>.3.2.1
0090 - 00 30 00 9a 00 99 00 98-00 97 00 45 00 44 00 43   .0.........E.D.C
00a0 - 00 42 c0 31 c0 2d c0 29-c0 25 c0 0e c0 04 00 9c   .B.1.-.).%......
00b0 - 00 3c 00 2f 00 96 00 41-00 07 c0 11 c0 07 c0 0c   .<./...A........
00c0 - c0 02 00 05 00 04 c0 12-c0 08 00 16 00 13 00 10   ................
00d0 - 00 0d c0 0d c0 03 00 0a-00 ff 01 00 00 55 00 0b   .............U..
00e0 - 00 04 03 00 01 02 00 0a-00 1c 00 1a 00 17 00 19   ................
00f0 - 00 1c 00 1b 00 18 00 1a-00 16 00 0e 00 0d 00 0b   ................
0100 - 00 0c 00 09 00 0a 00 23-00 00 00 0d 00 20 00 1e   .......#..... ..
0110 - 06 01 06 02 06 03 05 01-05 02 05 03 04 01 04 02   ................
0120 - 04 03 03 01 03 02 03 03-02 01 02 02 02 03 00 0f   ................
0130 - 00 01 01                                          ...
SSL_connect:SSLv2/v3 write client hello A
read from 0x5604524bfe60 [0x5604525780a0] (7 bytes => 7 (0x7))
0000 - 16 03 03 09 26 02 00                              ....&..
read from 0x5604524bfe60 [0x5604525780aa] (2340 bytes => 2340 (0x924))
0000 - 00 4d 03 03 5d 00 f2 6f-33 db 27 65 db 33 01 94   .M..]..o3.'e.3..
0010 - db ee 99 b0 23 0c 6d ec-bc 0c 05 ae 0f b8 17 30   ....#.m........0
0020 - ac e9 6e 52 20 5d 00 f2-6f 3a 48 e4 20 4d f8 76   ..nR ]..o:H. M.v
0030 - ed 3a c2 55 7d d2 e4 55-ea c4 47 13 be e3 78 7e   .:.U}..U..G...x~
0040 - c0 6a bc ae 78 c0 30 00-00 05 ff 01 00 01 00 0b   .j..x.0.........
0050 - 00 07 80 00 07 7d 00 03-90 30 82 03 8c 30 82 02   .....}...0...0..
0060 - 74 02 09 00 b1 07 3c 65-f3 50 78 68 30 0d 06 09   t.....<e.Pxh0...
0070 - 2a 86 48 86 f7 0d 01 01-0b 05 00 30 81 87 31 0b   *.H........0..1.
0080 - 30 09 06 03 55 04 06 13-02 4e 4e 31 0b 30 09 06   0...U....NN1.0..
0090 - 03 55 04 08 0c 02 4e 4e-31 0b 30 09 06 03 55 04   .U....NN1.0...U.
00a0 - 07 0c 02 4e 4e 31 0b 30-09 06 03 55 04 0a 0c 02   ...NN1.0...U....
00b0 - 4e 4e 31 0b 30 09 06 03-55 04 0b 0c 02 4e 4e 31   NN1.0...U....NN1
00c0 - 44 30 42 06 03 55 04 03-0c 3b 64 68 2d 6b 61 66   D0B..U...;dh-kaf
00d0 - 6b 61 2d 30 2e 64 68 2d-6b 61 66 6b 61 2d 68 65   ka-0.dh-kafka-he
00e0 - 61 64 6c 65 73 73 2e 63-65 72 74 2d 6d 61 6e 61   adless.cert-mana
00f0 - 67 65 72 2e 73 76 63 2e-63 6c 75 73 74 65 72 2e   ger.svc.cluster.
0100 - 6c 6f 63 61 6c 30 1e 17-0d 31 39 30 36 31 30 30   local0...1906100
0110 - 39 31 31 30 32 5a 17 0d-34 36 31 30 32 36 30 39   91102Z..46102609
0120 - 31 31 30 32 5a 30 81 87-31 0b 30 09 06 03 55 04   1102Z0..1.0...U.
0130 - 06 13 02 4e 4e 31 0b 30-09 06 03 55 04 08 13 02   ...NN1.0...U....
0140 - 4e 4e 31 0b 30 09 06 03-55 04 07 13 02 4e 4e 31   NN1.0...U....NN1
0150 - 0b 30 09 06 03 55 04 0a-13 02 4e 4e 31 0b 30 09   .0...U....NN1.0.
0160 - 06 03 55 04 0b 13 02 4e-4e 31 44 30 42 06 03 55   ..U....NN1D0B..U
0170 - 04 03 13 3b 64 68 2d 6b-61 66 6b 61 2d 30 2e 64   ...;dh-kafka-0.d
0180 - 68 2d 6b 61 66 6b 61 2d-68 65 61 64 6c 65 73 73   h-kafka-headless
0190 - 2e 63 65 72 74 2d 6d 61-6e 61 67 65 72 2e 73 76   .cert-manager.sv
01a0 - 63 2e 63 6c 75 73 74 65-72 2e 6c 6f 63 61 6c 30   c.cluster.local0
01b0 - 82 01 22 30 0d 06 09 2a-86 48 86 f7 0d 01 01 01   .."0...*.H......
01c0 - 05 00 03 82 01 0f 00 30-82 01 0a 02 82 01 01 00   .......0........
01d0 - a6 94 6e e0 13 dc c7 88-78 14 e8 2a 25 dc 58 29   ..n.....x..*%.X)
01e0 - 02 66 12 f0 ee b3 d6 0f-f6 64 7a 8b c0 20 a2 26   .f.......dz.. .&
01f0 - 37 18 eb fb d5 87 46 9f-f6 cc 28 2d 07 3e 20 a8   7.....F...(-.> .
0200 - 6e e7 03 bd 07 8f 97 0c-f0 39 a8 52 74 99 43 2a   n........9.Rt.C*
0210 - 22 e4 a6 af cc a3 74 61-16 e4 e3 41 f7 e3 46 1e   ".....ta...A..F.
0220 - 7a 55 a3 42 07 18 c2 c5-b9 2b f8 cf 2f cd 16 98   zU.B.....+../...
0230 - 05 ca 2d 38 fe 73 5f f6-09 45 4d cf f1 6e de 25   ..-8.s_..EM..n.%
0240 - f5 5c bd 8a ad 61 9f 41-50 8e c2 1d c0 b5 2d cb   .\...a.AP.....-.
0250 - 6f 7a 00 b3 ca a6 bc 60-4c 1c db 14 95 2a 75 94   oz.....`L....*u.
0260 - 46 0a e9 f2 26 3a fc e7-1a 40 e6 82 8f 0f ea d5   F...&:...@......
0270 - 59 0c 02 b6 7b b4 6c 5f-4e 2b 5b 32 1d 62 bd e2   Y...{.l_N+[2.b..
0280 - f7 f0 f9 29 a6 32 78 c3-0d 8b 0f a7 67 49 e2 db   ...).2x.....gI..
0290 - ca 30 01 22 87 77 59 a3-40 ff 6c 71 87 0d 84 a2   .0.".wY.@.lq....
02a0 - 28 57 f9 30 80 da c5 6f-5e 30 6e ee 5d 16 3c c1   (W.0...o^0n.].<.
02b0 - 32 02 a2 22 39 52 30 51-bd ff fa aa 91 f6 cc 28   2.."9R0Q.......(
02c0 - 46 06 92 3d 09 24 bc e7-b2 4a c9 ea a3 1d 28 49   F..=.$...J....(I
02d0 - 02 03 01 00 01 30 0d 06-09 2a 86 48 86 f7 0d 01   .....0...*.H....
02e0 - 01 0b 05 00 03 82 01 01-00 11 2f 7c 66 c1 25 d3   ........../|f.%.
02f0 - 3c 34 b2 0b 3f 5d 23 5e-ac 41 f6 b0 7b 8d 25 1f   <4..?]#^.A..{.%.
0300 - ba 2f b5 19 f3 eb 1d c7-3d 11 3e 13 54 0c 59 31   ./......=.>.T.Y1
0310 - 38 9c 76 b2 83 49 d6 74-1d ff 29 f2 d5 96 36 89   8.v..I.t..)...6.
0320 - af 36 ef bf 31 dd c9 10-2d f3 66 1e 15 7a 97 48   .6..1...-.f..z.H
0330 - fa 24 43 cd df 87 da 43-35 6d e0 e1 07 bf 39 88   .$C....C5m....9.
0340 - 74 c3 fa e1 34 a0 80 21-0d 6a bd 61 c6 43 12 d4   t...4..!.j.a.C..
0350 - 95 60 70 5e 0d 92 87 6b-60 0f a3 d3 27 1c ca 05   .`p^...k`...'...
0360 - 3a 46 84 b7 10 42 16 3b-97 76 83 ae 53 12 f8 fa   :F...B.;.v..S...
0370 - 2c 47 ad 8b 6d 80 d0 99-1d bd 3d 25 17 29 c3 3e   ,G..m.....=%.).>
0380 - 8a 2c 05 a7 d3 c2 61 b2-63 84 df b2 8b 1e d4 33   .,....a.c......3
0390 - 13 5f 13 61 c2 ac 02 5e-6f cb 89 1a de 17 3b 16   ._.a...^o.....;.
03a0 - d6 e8 d6 fd 5c 03 d8 14-e8 db 34 ba 8c da 03 83   ....\.....4.....
03b0 - 81 08 74 1e f6 9f ea 5c-bb 27 b7 a2 97 9f bb 6c   ..t....\.'.....l
03c0 - 8f a8 58 4e bd 49 fc da-5e f5 1e 10 4d 73 c7 16   ..XN.I..^...Ms..
03d0 - a5 ef 7d 67 5d 50 ba de-47 3b 47 52 c4 ff a4 3e   ..}g]P..G;GR...>
03e0 - 9d 4c 3a 72 3f 1d c2 49-7f 00 03 e7 30 82 03 e3   .L:r?..I....0...
03f0 - 30 82 02 cb a0 03 02 01-02 02 09 00 a7 35 0c 89   0............5..
0400 - 6e df ec 8f 30 0d 06 09-2a 86 48 86 f7 0d 01 01   n...0...*.H.....
0410 - 0b 05 00 30 81 87 31 0b-30 09 06 03 55 04 06 13   ...0..1.0...U...
0420 - 02 4e 4e 31 0b 30 09 06-03 55 04 08 0c 02 4e 4e   .NN1.0...U....NN
0430 - 31 0b 30 09 06 03 55 04-07 0c 02 4e 4e 31 0b 30   1.0...U....NN1.0
0440 - 09 06 03 55 04 0a 0c 02-4e 4e 31 0b 30 09 06 03   ...U....NN1.0...
0450 - 55 04 0b 0c 02 4e 4e 31-44 30 42 06 03 55 04 03   U....NN1D0B..U..
0460 - 0c 3b 64 68 2d 6b 61 66-6b 61 2d 30 2e 64 68 2d   .;dh-kafka-0.dh-
0470 - 6b 61 66 6b 61 2d 68 65-61 64 6c 65 73 73 2e 63   kafka-headless.c
0480 - 65 72 74 2d 6d 61 6e 61-67 65 72 2e 73 76 63 2e   ert-manager.svc.
0490 - 63 6c 75 73 74 65 72 2e-6c 6f 63 61 6c 30 1e 17   cluster.local0..
04a0 - 0d 31 39 30 36 31 30 30-39 30 39 34 36 5a 17 0d   .190610090946Z..
04b0 - 34 36 31 30 32 36 30 39-30 39 34 36 5a 30 81 87   461026090946Z0..
04c0 - 31 0b 30 09 06 03 55 04-06 13 02 4e 4e 31 0b 30   1.0...U....NN1.0
04d0 - 09 06 03 55 04 08 0c 02-4e 4e 31 0b 30 09 06 03   ...U....NN1.0...
04e0 - 55 04 07 0c 02 4e 4e 31-0b 30 09 06 03 55 04 0a   U....NN1.0...U..
04f0 - 0c 02 4e 4e 31 0b 30 09-06 03 55 04 0b 0c 02 4e   ..NN1.0...U....N
0500 - 4e 31 44 30 42 06 03 55-04 03 0c 3b 64 68 2d 6b   N1D0B..U...;dh-k
0510 - 61 66 6b 61 2d 30 2e 64-68 2d 6b 61 66 6b 61 2d   afka-0.dh-kafka-
0520 - 68 65 61 64 6c 65 73 73-2e 63 65 72 74 2d 6d 61   headless.cert-ma
0530 - 6e 61 67 65 72 2e 73 76-63 2e 63 6c 75 73 74 65   nager.svc.cluste
0540 - 72 2e 6c 6f 63 61 6c 30-82 01 22 30 0d 06 09 2a   r.local0.."0...*
0550 - 86 48 86 f7 0d 01 01 01-05 00 03 82 01 0f 00 30   .H.............0
0560 - 82 01 0a 02 82 01 01 00-c9 b3 d2 cf b2 5b 83 54   .............[.T
0570 - 49 af e2 61 52 ae fc 9c-a5 79 ee 50 a3 87 a0 89   I..aR....y.P....
0580 - 47 81 fa 38 78 b6 9a 97-06 ae 9e 90 8d 91 cb 64   G..8x..........d
0590 - c5 31 5b 2c 9f 5a 84 df-2a 31 3e 16 10 7d c3 59   .1[,.Z..*1>..}.Y
05a0 - 6e 93 aa 74 24 0b 0d 37-3f d6 95 15 0a 25 56 c6   n..t$..7?....%V.
05b0 - 75 3f 5f 58 7e e4 ab 34-1c cb 65 ea ab 58 db 29   u?_X~..4..e..X.)
05c0 - a5 f8 6e 2a bb 71 ea 0a-c8 c8 f6 23 4b f7 28 d3   ..n*.q.....#K.(.
05d0 - 69 3d 60 f1 d8 51 47 8e-63 0d 91 d0 14 05 6a 82   i=`..QG.c.....j.
05e0 - 5f f2 36 d6 e1 2a 95 54-5f e8 03 2b 5d 0e 71 0d   _.6..*.T_..+].q.
05f0 - 94 e6 34 00 37 e5 1e da-f3 4c 64 96 b1 14 b6 c8   ..4.7....Ld.....
0600 - fc 24 89 2f 1f b7 5c 80-89 35 9a dc 52 64 7f 20   .$./..\..5..Rd. 
0610 - f6 dc 9e 6b 59 f2 64 35-ce d4 d7 4f 2d df 8c 63   ...kY.d5...O-..c
0620 - de 0e 1d 37 61 97 32 87-60 d1 b6 73 0d 06 6c c2   ...7a.2.`..s..l.
0630 - dc 22 fc 2c a0 db bf 83-9a 47 cd bf a8 53 7a f6   .".,.....G...Sz.
0640 - 98 16 b8 50 79 b9 4e 48-5a e5 a6 26 62 86 52 a9   ...Py.NHZ..&b.R.
0650 - cf 91 eb 5f 18 c6 83 60-ef 3f df e2 6f 79 6a 3e   ..._...`.?..oyj>
0660 - e3 65 ed 69 3d e7 e9 ef-02 03 01 00 01 a3 50 30   .e.i=.........P0
0670 - 4e 30 1d 06 03 55 1d 0e-04 16 04 14 b6 c1 c8 ae   N0...U..........
0680 - 4f 51 99 0a 4e ff 1a 68-6a 40 1d 76 04 bd fe 21   OQ..N..hj@.v...!
0690 - 30 1f 06 03 55 1d 23 04-18 30 16 80 14 b6 c1 c8   0...U.#..0......
06a0 - ae 4f 51 99 0a 4e ff 1a-68 6a 40 1d 76 04 bd fe   .OQ..N..hj@.v...
06b0 - 21 30 0c 06 03 55 1d 13-04 05 30 03 01 01 ff 30   !0...U....0....0
06c0 - 0d 06 09 2a 86 48 86 f7-0d 01 01 0b 05 00 03 82   ...*.H..........
06d0 - 01 01 00 b2 fb ea e6 bb-d6 6d 0d 2f fa fb aa e2   .........m./....
06e0 - 7c 67 9c 1e 02 bb 58 09-d1 cd dc 80 46 0b 9e f3   |g....X.....F...
06f0 - 5b f4 fb 0b ef 09 0a 88-f2 48 11 18 29 c0 62 85   [........H..).b.
0700 - a2 0c 12 28 db 85 d1 63-c1 5b 74 06 d7 e3 35 41   ...(...c.[t...5A
0710 - f1 f4 a5 f1 b6 70 25 45-67 7b 7b b5 8e 09 30 05   .....p%Eg{{...0.
0720 - ec b7 82 7b 87 89 67 8b-55 b9 8d 5c 06 58 cd 76   ...{..g.U..\.X.v
0730 - 98 fa 26 b4 fb 69 74 09-c7 b0 12 84 d6 f4 0f f3   ..&..it.........
0740 - c5 c3 45 db 95 b0 55 88-c5 0f 0c 45 3e ac 43 d3   ..E...U....E>.C.
0750 - 2c 06 91 bd 66 d2 17 c2-fe 0d 7b 0a 40 b8 ae c8   ,...f.....{.@...
0760 - 32 b2 20 91 4c 1e 61 7e-a8 10 dd bc a4 37 ab 7e   2. .L.a~.....7.~
0770 - cf 5d b4 c8 b1 6a 18 28-66 4a 12 b2 e4 d6 a9 73   .]...j.(fJ.....s
0780 - 0d 39 f6 cb 3f 24 fd 88-45 8c f8 90 f3 07 59 a9   .9..?$..E.....Y.
0790 - 51 98 de 4d 5a 7d b9 f1-93 4f 65 2d 1b 71 01 ea   Q..MZ}...Oe-.q..
07a0 - 8b a8 76 15 13 53 df 09-8f 83 74 67 49 13 63 b8   ..v..S....tgI.c.
07b0 - 17 b7 f1 54 50 2e d9 d0-13 e1 15 ef 18 42 1d 7d   ...TP........B.}
07c0 - 49 74 1a 0c 6a da c7 f9-35 24 51 62 bd bf 8c a9   It..j...5$Qb....
07d0 - d0 e3 5a 0c 00 01 49 03-00 17 41 04 99 a6 ad d3   ..Z...I...A.....
07e0 - 80 a6 28 fa 60 f2 b7 98-be 99 4b 11 b1 ba a1 e7   ..(.`.....K.....
07f0 - 81 aa e4 e8 71 1b 45 e4-d4 9f e5 76 32 b7 1b d6   ....q.E....v2...
0800 - 4c 24 a4 f8 e1 ac 90 d2-e5 52 9f cf 55 25 1e a7   L$.......R..U%..
0810 - d5 77 b8 f8 60 11 16 b4-65 6f 5e 9f 06 01 01 00   .w..`...eo^.....
0820 - a2 11 a5 33 99 c7 d6 1a-97 8f 51 cf 03 12 7f ef   ...3......Q.....
0830 - ab 19 4a 96 4f e3 46 af-54 39 04 23 61 a4 96 60   ..J.O.F.T9.#a..`
0840 - 60 3c eb f4 3e 67 7e e0-33 db 75 02 d7 16 d0 c1   `<..>g~.3.u.....
0850 - da bf 4a 27 2d 4d a6 b5-e1 3c 52 f7 00 93 3e b3   ..J'-M...<R...>.
0860 - 27 e6 26 7c 8a 04 9b 7f-f8 06 4e 0e d8 2a 8b af   '.&|......N..*..
0870 - 17 34 e6 49 6a a7 6f 3f-e9 94 29 cd d7 f1 3e d1   .4.Ij.o?..)...>.
0880 - d3 d5 fe 8c 9d 95 c8 af-d5 b0 76 2b b6 80 9e af   ..........v+....
0890 - 82 81 0e 59 33 7a ba 19-be 9d 7f a2 89 ea 63 8d   ...Y3z........c.
08a0 - a5 e2 8a 03 ef fc 8f 69-1e 70 bd 14 68 8d a5 55   .......i.p..h..U
08b0 - 99 6e 55 87 8d b9 93 a0-77 f5 48 e6 78 a4 a7 56   .nU.....w.H.x..V
08c0 - 5c ca c2 eb 59 f1 8b b1-c4 2d 47 7f 9e 24 bf ec   \...Y....-G..$..
08d0 - 99 ed b9 21 bb fd cf 35-3d 74 28 35 8f 34 e3 27   ...!...5=t(5.4.'
08e0 - 07 99 e4 80 b8 63 53 70-0b d7 ae b8 a5 bb 3d 91   .....cSp......=.
08f0 - 41 e4 28 76 46 fe 56 57-c5 4d 04 ae d4 38 d9 79   A.(vF.VW.M...8.y
0900 - 41 de 0a 7f 61 df 9e b1-20 ed 06 0d 88 33 4a 8c   A...a... ....3J.
0910 - 47 77 d0 7a 72 85 3c 81-bd 32 7a 2b b6 f2 5c ce   Gw.zr.<..2z+..\.
0920 - 0e 00 00 00                                       ....
SSL_connect:SSLv3 read server hello A
depth=0 C = NN, ST = NN, L = NN, O = NN, OU = NN, CN = dh-kafka-0.dh-kafka-headless.cert-manager.svc.cluster.local
verify error:num=18:self signed certificate
verify return:1
depth=0 C = NN, ST = NN, L = NN, O = NN, OU = NN, CN = dh-kafka-0.dh-kafka-headless.cert-manager.svc.cluster.local
verify return:1
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server key exchange A
SSL_connect:SSLv3 read server done A
write to 0x5604524bfe60 [0x560452581ae0] (75 bytes => 75 (0x4B))
0000 - 16 03 03 00 46 10 00 00-42 41 04 24 ca 03 f6 4b   ....F...BA.$...K
0010 - ff e8 ab ed 9e 34 bc 84-9c 09 89 c3 85 d0 13 b1   .....4..........
0020 - 8c c2 a9 27 b4 89 bf 8d-5f df c8 6b 8e 4b c7 31   ...'...._..k.K.1
0030 - 11 75 23 ba 05 7c ef 0a-3c 9d 1b 05 9e ed 34 6b   .u#..|..<.....4k
0040 - 43 06 80 87 7b 55 1f b9-43 50 f8                  C...{U..CP.
SSL_connect:SSLv3 write client key exchange A
write to 0x5604524bfe60 [0x560452581ae0] (6 bytes => 6 (0x6))
0000 - 14 03 03 00 01 01                                 ......
SSL_connect:SSLv3 write change cipher spec A
write to 0x5604524bfe60 [0x560452581ae0] (45 bytes => 45 (0x2D))
0000 - 16 03 03 00 28 aa a5 f7-d3 a6 d0 02 be 84 e1 01   ....(...........
0010 - ea f5 15 38 06 5f 60 85-1b 96 16 34 2d 47 0a 47   ...8._`....4-G.G
0020 - 86 f4 b3 3a f0 23 17 43-99 7a 75 93 26            ...:.#.C.zu.&
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
read from 0x5604524bfe60 [0x5604525780a3] (5 bytes => 5 (0x5))
0000 - 14 03 03 00 01                                    .....
read from 0x5604524bfe60 [0x5604525780a8] (1 bytes => 1 (0x1))
0000 - 01                                                .
read from 0x5604524bfe60 [0x5604525780a3] (5 bytes => 5 (0x5))
0000 - 16 03 03 00 28                                    ....(
read from 0x5604524bfe60 [0x5604525780a8] (40 bytes => 40 (0x28))
0000 - 00 00 00 00 00 00 00 00-c1 ec 9e 75 da 3a 3f 78   ...........u.:?x
0010 - c8 68 b0 36 13 92 7d 7d-21 de 78 44 f2 f6 24 57   .h.6..}}!.xD..$W
0020 - 0b b0 84 93 c3 20 47 ff-                          ..... G.
SSL_connect:SSLv3 read finished A
---
Certificate chain
 0 s:/C=NN/ST=NN/L=NN/O=NN/OU=NN/CN=dh-kafka-0.dh-kafka-headless.cert-manager.svc.cluster.local
   i:/C=NN/ST=NN/L=NN/O=NN/OU=NN/CN=dh-kafka-0.dh-kafka-headless.cert-manager.svc.cluster.local
 1 s:/C=NN/ST=NN/L=NN/O=NN/OU=NN/CN=dh-kafka-0.dh-kafka-headless.cert-manager.svc.cluster.local
   i:/C=NN/ST=NN/L=NN/O=NN/OU=NN/CN=dh-kafka-0.dh-kafka-headless.cert-manager.svc.cluster.local
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDjDCCAnQCCQCxBzxl81B4aDANBgkqhkiG9w0BAQsFADCBhzELMAkGA1UEBhMC
Tk4xCzAJBgNVBAgMAk5OMQswCQYDVQQHDAJOTjELMAkGA1UECgwCTk4xCzAJBgNV
BAsMAk5OMUQwQgYDVQQDDDtkaC1rYWZrYS0wLmRoLWthZmthLWhlYWRsZXNzLmNl
cnQtbWFuYWdlci5zdmMuY2x1c3Rlci5sb2NhbDAeFw0xOTA2MTAwOTExMDJaFw00
NjEwMjYwOTExMDJaMIGHMQswCQYDVQQGEwJOTjELMAkGA1UECBMCTk4xCzAJBgNV
BAcTAk5OMQswCQYDVQQKEwJOTjELMAkGA1UECxMCTk4xRDBCBgNVBAMTO2RoLWth
ZmthLTAuZGgta2Fma2EtaGVhZGxlc3MuY2VydC1tYW5hZ2VyLnN2Yy5jbHVzdGVy
LmxvY2FsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAppRu4BPcx4h4
FOgqJdxYKQJmEvDus9YP9mR6i8AgoiY3GOv71YdGn/bMKC0HPiCobucDvQePlwzw
OahSdJlDKiLkpq/Mo3RhFuTjQffjRh56VaNCBxjCxbkr+M8vzRaYBcotOP5zX/YJ
RU3P8W7eJfVcvYqtYZ9BUI7CHcC1LctvegCzyqa8YEwc2xSVKnWURgrp8iY6/Oca
QOaCjw/q1VkMArZ7tGxfTitbMh1iveL38PkppjJ4ww2LD6dnSeLbyjABIod3WaNA
/2xxhw2EoihX+TCA2sVvXjBu7l0WPMEyAqIiOVIwUb3/+qqR9swoRgaSPQkkvOey
Ssnqox0oSQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQARL3xmwSXTPDSyCz9dI16s
Qfawe40lH7ovtRnz6x3HPRE+E1QMWTE4nHayg0nWdB3/KfLVljaJrzbvvzHdyRAt
82YeFXqXSPokQ83fh9pDNW3g4Qe/OYh0w/rhNKCAIQ1qvWHGQxLUlWBwXg2Sh2tg
D6PTJxzKBTpGhLcQQhY7l3aDrlMS+PosR62LbYDQmR29PSUXKcM+iiwFp9PCYbJj
hN+yix7UMxNfE2HCrAJeb8uJGt4XOxbW6Nb9XAPYFOjbNLqM2gODgQh0Hvaf6ly7
J7eil5+7bI+oWE69SfzaXvUeEE1zxxal731nXVC63kc7R1LE/6Q+nUw6cj8dwkl/
-----END CERTIFICATE-----
subject=/C=NN/ST=NN/L=NN/O=NN/OU=NN/CN=dh-kafka-0.dh-kafka-headless.cert-manager.svc.cluster.local
issuer=/C=NN/ST=NN/L=NN/O=NN/OU=NN/CN=dh-kafka-0.dh-kafka-headless.cert-manager.svc.cluster.local
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 2398 bytes and written 433 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: 5D00F26F3A48E4204DF876ED3AC2557DD2E455EAC44713BEE3787EC06ABCAE78
    Session-ID-ctx: 
    Master-Key: 9276451837CE04CE5CEDBE157DD5ED060C1623AB3F089FC4A2FD26CE358F516EE2C6ECF98BC21AF87E9CCB1279CBFE91
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1560343151
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)
---
read from 0x5604524bfe60 [0x5604525780a3] (5 bytes => 5 (0x5))
0000 - 15 03 03 00 1a                                    .....
read from 0x5604524bfe60 [0x5604525780a8] (26 bytes => 26 (0x1A))
0000 - 00 00 00 00 00 00 00 01-e5 fb ad 34 4b a9 9e 38   ...........4K..8
0010 - b9 c8 12 3e 95 89 65 e9-2b af                     ...>..e.+.
SSL3 alert read:warning:close notify
closed
write to 0x5604524bfe60 [0x56045257c603] (31 bytes => 31 (0x1F))
0000 - 15 03 03 00 1a aa a5 f7-d3 a6 d0 02 bf eb e0 f6   ................
0010 - fc e0 b3 c5 85 af d3 bb-d7 b7 cf db 21 ce 76      ............!.v
SSL3 alert write:warning:close notify

Checklist

IMPORTANT: We will close issues where the checklist has not been completed.

Please provide the following information:

[x] librdkafka version (release number or git tag): <REPLACE with e.g., v0.10.5 or a git sha. NOT "latest" or "current">
[ ] Apache Kafka version: <REPLACE with e.g., 0.10.2.3>
[ ] librdkafka client configuration: <REPLACE with e.g., message.timeout.ms=123, auto.reset.offset=earliest, ..>
[ ] Operating system: <REPLACE with e.g., Centos 5 (x64)>
[ ] Provide logs (with debug=.. as necessary) from librdkafka
[ ] Provide broker log excerpts
[ ] Critical issue

edenhill commented 5 years ago

I'm happy you got it working!

sa-cloud commented 5 years ago

Not that fast :) - updated the issue

edenhill commented 5 years ago

Verify return code: 18 (self signed certificate)

That typically means the broker certificate was not signed by a root CA, nor the CA-cert you explicitly pass (-CAfile)

sa-cloud commented 5 years ago

Given that used the script gen-ssl-certs.sh to generate my server jks, and the client pems, and the ca-cert, and given the kafka server works (verified with console tools and able to produce and consume messages), and I re-checked and reinstalled it with the jks generated above and still getting the same result with openssl s_client -host dh-kafka-0.dh-kafka-headless.cert-manager.svc.cluster.local -port 9092 -CAfile ./certs/ca-cert -cert ./certs/kafka.client.pem -key ./certs/kafka.client.key -pass "pass:test1234" -state -debug

Actually as kafka console tools work (they use clent jks files instead of pems) and able to connect, then all the certificates, except the pem files, are proven to be correct.

update:

There is a problem with the https://github.com/edenhill/librdkafka/tree/master/tests/gen-ssl-certs.sh script found in your repository. The pem files it generates are incorrect. When I converted the client keystore jks into pem this way it worked:

Extract signed client certificate

keytool -noprompt -keystore kafka.client.keystore.jks -exportcert -alias localhost -rfc -storepass test1234 -file client_cert.pem

Extract client key

keytool -noprompt -srckeystore kafka.client.keystore.jks -importkeystore -srcalias localhost -destkeystore cert_and_key.p12 -deststoretype PKCS12 -srcstorepass test1234 -storepass test1234 openssl pkcs12 -in cert_and_key.p12 -nocerts -nodes -passin pass:test1234 -out client_key.pem

edenhill commented 5 years ago

Would you care to submit a PR to fix the script? Thanks

senalw commented 5 years ago

@edenhill

I setup SSL between librdkafa producer and java KafkaBroker which is using JKS instead of .pem files.

I'm getting below error on producer side, ssl://172.25.93.195:11307/bootstrap: SSL handshake failed: s23_clnt.c:601: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol: (after 4ms in state CONNECT)

Then I took a TCP dump and analyzed it. It gives below output. (librdkafka - 172.25.31.43, KafkaBroker- 172.25.31.42),

"1","0.000000","172.25.31.43","172.25.31.42","TCP","74","59116 → 26307 [SYN] Seq=0 Win=14600 Len=0 MSS=1460 SACK_PERM=1 TSval=523149518 TSecr=0 WS=128" "2","0.000007","172.25.31.42","172.25.31.43","TCP","74","26307 → 59116 [SYN, ACK] Seq=0 Ack=1 Win=14480 Len=0 MSS=1460 SACK_PERM=1 TSval=523134399 TSecr=523149518 WS=128" "3","0.000086","172.25.31.43","172.25.31.42","TCP","66","59116 → 26307 [ACK] Seq=1 Ack=1 Win=14720 Len=0 TSval=523149518 TSecr=523134399" "4","0.000169","172.25.31.43","172.25.31.42","SSLv2","205","Client Hello" "5","0.000171","172.25.31.42","172.25.31.43","TCP","66","26307 → 59116 [ACK] Seq=1 Ack=140 Win=15616 Len=0 TSval=523134399 TSecr=523149518" "6","0.000762","172.25.31.42","172.25.31.43","TLSv1.2","73","Alert (Level: Fatal, Description: Unexpected Message)" "7","0.000773","172.25.31.42","172.25.31.43","TCP","66","26307 → 59116 [FIN, ACK] Seq=8 Ack=140 Win=15616 Len=0 TSval=523134399 TSecr=523149518"

Consider about line number 4 and 6, it shows that librdkafka sending "Client Hello" via SSLv2 and KafkaBroker send ack with "TLSv1.2".

To verify the generated keys, I tired to connect from openssl s_client, Its output was as below,

openssl s_client -debug -msg -connect 172.25.31.42:26307 -tls1 -CAfile $SYSTEM_CONFIGS/MHV/ca-cert -key $SYSTEM_CONFIGS/MHV/producer_client.key -pass "pass:abc123" -cert $SYSTEM_CONFIGS/MHV/producer_client.pem

CONNECTED(00000003)
write to 0x696e00 [0x6a1aa0] (106 bytes => 106 (0x6A))
0000 - 16 03 01 00 65 01 00 00-61 03 01 5d 24 cd 2d 07   ....e...a..]$.-.
0010 - d9 81 f1 47 60 f1 0e 95-a5 28 fe 65 4e 02 80 14   ...G`....(.eN...
0020 - 0f c2 75 b1 97 87 c5 92-6f f4 05 00 00 34 00 39   ..u.....o....4.9
0030 - 00 38 00 35 00 88 00 87-00 84 00 16 00 13 00 0a   .8.5............
0040 - 00 33 00 32 00 2f 00 45-00 44 00 41 00 05 00 04   .3.2./.E.D.A....
0050 - 00 15 00 12 00 09 00 14-00 11 00 08 00 06 00 03   ................
0060 - 00 ff 01 00 00 04 00 23-                          .......#
006a - <SPACES/NULS>
>>> TLS 1.0 Handshake [length 0065], ClientHello
    01 00 00 61 03 01 5d 24 cd 2d 07 d9 81 f1 47 60
    f1 0e 95 a5 28 fe 65 4e 02 80 14 0f c2 75 b1 97
    87 c5 92 6f f4 05 00 00 34 00 39 00 38 00 35 00
    88 00 87 00 84 00 16 00 13 00 0a 00 33 00 32 00
    2f 00 45 00 44 00 41 00 05 00 04 00 15 00 12 00
    09 00 14 00 11 00 08 00 06 00 03 00 ff 01 00 00
    04 00 23 00 00
read from 0x696e00 [0x69d290] (5 bytes => 5 (0x5))
0000 - 16 03 01 08 e0                                    .....
read from 0x696e00 [0x69d295] (2272 bytes => 2272 (0x8E0))
0000 - 02 00 00 4d 03 01 5d 24-cd 2d 81 85 73 4a 5e 08   ...M..]$.-..sJ^.
0010 - 6a 16 00 19 dc 63 70 54-6a cc 2f 9a 02 cb 62 38   j....cpTj./...b8
0020 - d0 13 32 b9 46 44 20 5d-24 cd 2d eb ec 23 f1 d7   ..2.FD ]$.-..#..
0030 - b7 4c 62 4d 0d dd 25 ff-38 0f cb 0f ff cd 0e d9   .LbM..%.8.......
0040 - 9e 8b 7b 1d 6c f4 ed 00-38 00 00 05 ff 01 00 01   ..{.l...8.......
0050 - 00 0b 00 06 c5 00 06 c2-00 03 69 30 82 03 65 30   ..........i0..e0
0060 - 82 02 ce 02 09 00 81 18-b9 7d f3 57 e6 fd 30 0d   .........}.W..0.
0070 - 06 09 2a 86 48 86 f7 0d-01 01 05 05 00 30 79 31   ..*.H........0y1
0080 - 0b 30 09 06 03 55 04 06-13 02 55 4b 31 0f 30 0d   .0...U....UK1.0.
0090 - 06 03 55 04 08 13 06 4c-6f 6e 64 6f 6e 31 0f 30   ..U....London1.0
00a0 - 0d 06 03 55 04 07 13 06-4c 6f 6e 64 6f 6e 31 0d   ...U....London1.
00b0 - 30 0b 06 03 55 04 0a 13-04 4c 53 45 47 31 0b 30   0...U....LSEG1.0
00c0 - 09 06 03 55 04 0b 13 02-49 54 31 0e 30 0c 06 03   ...U....IT1.0...
00d0 - 55 04 03 13 05 73 65 6e-61 6c 31 1c 30 1a 06 09   U....senal1.0...
00e0 - 2a 86 48 86 f7 0d 01 09-01 16 0d 6c 73 65 67 40   *.H........lseg@
00f0 - 6c 73 65 67 2e 63 6f 6d-30 1e 17 0d 31 39 30 37   lseg.com0...1907
0100 - 30 39 30 35 34 39 34 31-5a 17 0d 32 30 30 37 30   09054941Z..20070
0110 - 38 30 35 34 39 34 31 5a-30 5b 31 0b 30 09 06 03   8054941Z0[1.0...
0120 - 55 04 06 13 02 55 4b 31-0f 30 0d 06 03 55 04 08   U....UK1.0...U..
0130 - 13 06 4c 6f 6e 64 6f 6e-31 0f 30 0d 06 03 55 04   ..London1.0...U.
0140 - 07 13 06 4c 6f 6e 64 6f-6e 31 0b 30 09 06 03 55   ...London1.0...U
0150 - 04 0b 13 02 49 54 31 0d-30 0b 06 03 55 04 0a 13   ....IT1.0...U...
0160 - 04 4c 53 45 47 31 0e 30-0c 06 03 55 04 03 13 05   .LSEG1.0...U....
0170 - 73 65 6e 61 6c 30 82 01-b8 30 82 01 2c 06 07 2a   senal0...0..,..*
0180 - 86 48 ce 38 04 01 30 82-01 1f 02 81 81 00 fd 7f   .H.8..0.........
0190 - 53 81 1d 75 12 29 52 df-4a 9c 2e ec e4 e7 f6 11   S..u.)R.J.......
01a0 - b7 52 3c ef 44 00 c3 1e-3f 80 b6 51 26 69 45 5d   .R<.D...?..Q&iE]
01b0 - 40 22 51 fb 59 3d 8d 58-fa bf c5 f5 ba 30 f6 cb   @"Q.Y=.X.....0..
01c0 - 9b 55 6c d7 81 3b 80 1d-34 6f f2 66 60 b7 6b 99   .Ul..;..4o.f`.k.
01d0 - 50 a5 a4 9f 9f e8 04 7b-10 22 c2 4f bb a9 d7 fe   P......{.".O....
01e0 - b7 c6 1b f8 3b 57 e7 c6-a8 a6 15 0f 04 fb 83 f6   ....;W..........
01f0 - d3 c5 1e c3 02 35 54 13-5a 16 91 32 f6 75 f3 ae   .....5T.Z..2.u..
0200 - 2b 61 d7 2a ef f2 22 03-19 9d d1 48 01 c7 02 15   +a.*.."....H....
0210 - 00 97 60 50 8f 15 23 0b-cc b2 92 b9 82 a2 eb 84   ..`P..#.........
0220 - 0b f0 58 1c f5 02 81 81-00 f7 e1 a0 85 d6 9b 3d   ..X............=
0230 - de cb bc ab 5c 36 b8 57-b9 79 94 af bb fa 3a ea   ....\6.W.y....:.
0240 - 82 f9 57 4c 0b 3d 07 82-67 51 59 57 8e ba d4 59   ..WL.=..gQYW...Y
0250 - 4f e6 71 07 10 81 80 b4-49 16 71 23 e8 4c 28 16   O.q.....I.q#.L(.
0260 - 13 b7 cf 09 32 8c c8 a6-e1 3c 16 7a 8b 54 7c 8d   ....2....<.z.T|.
0270 - 28 e0 a3 ae 1e 2b b3 a6-75 91 6e a3 7f 0b fa 21   (....+..u.n....!
0280 - 35 62 f1 fb 62 7a 01 24-3b cc a4 f1 be a8 51 90   5b..bz.$;.....Q.
0290 - 89 a8 83 df e1 5a e5 9f-06 92 8b 66 5e 80 7b 55   .....Z.....f^.{U
02a0 - 25 64 01 4c 3b fe cf 49-2a 03 81 85 00 02 81 81   %d.L;..I*.......
02b0 - 00 d0 29 d7 e8 c1 c0 74-f0 76 64 8a 71 88 82 04   ..)....t.vd.q...
02c0 - a0 15 09 5a e9 c7 12 39-67 34 52 71 5f 74 ec 42   ...Z...9g4Rq_t.B
02d0 - de aa 07 65 ab 43 21 98-28 d8 4d 62 f3 40 80 e6   ...e.C!.(.Mb.@..
02e0 - ad bc 06 d3 e5 41 ed 25-eb 1a 68 60 ad b7 c9 a0   .....A.%..h`....
02f0 - 5b 36 ac 5f de 00 10 6e-28 d4 e6 69 54 40 17 4a   [6._...n(..iT@.J
0300 - b8 1e df 8b 05 e3 34 62-6b 6f d0 30 fe 3b 07 00   ......4bko.0.;..
0310 - 3d 68 94 4b c0 69 84 d1-ac c9 c6 d4 dd 04 71 a9   =h.K.i........q.
0320 - ef 1f ef fd 28 66 3f c9-fa 0d a6 11 f5 98 d3 59   ....(f?........Y
0330 - 3f 30 0d 06 09 2a 86 48-86 f7 0d 01 01 05 05 00   ?0...*.H........
0340 - 03 81 81 00 72 7d 4f 4a-bd 3a 50 90 e6 9a 13 f7   ....r}OJ.:P.....
0350 - 7e 70 4c ab f6 ad 33 43-6f 1e 3d 67 ba d5 a7 6d   ~pL...3Co.=g...m
0360 - 51 05 d7 fe 75 40 32 19-38 1a 00 ed 3a 1a cf 64   Q...u@2.8...:..d
0370 - b6 a0 38 5d 08 5d c4 20-37 47 c5 ca 89 22 64 42   ..8].]. 7G..."dB
0380 - 9d 94 f6 3e b6 9a 8f f6-e5 80 21 cc b0 f3 8c aa   ...>......!.....
0390 - ae 06 dd 7d 19 e9 c4 44-42 84 12 39 cd 81 03 d4   ...}...DB..9....
03a0 - f1 d1 77 4f 0f 7d 5e 3f-7d 37 fa 17 9f 87 e7 84   ..wO.}^?}7......
03b0 - b7 bd 40 1e e8 73 1b 7e-20 12 ae cb 8d bf fe 14   ..@..s.~ .......
03c0 - 96 e3 15 7a 00 03 53 30-82 03 4f 30 82 02 b8 a0   ...z..S0..O0....
03d0 - 03 02 01 02 02 09 00 e0-b7 e9 bc b0 65 10 4f 30   ............e.O0
03e0 - 0d 06 09 2a 86 48 86 f7-0d 01 01 05 05 00 30 79   ...*.H........0y
03f0 - 31 0b 30 09 06 03 55 04-06 13 02 55 4b 31 0f 30   1.0...U....UK1.0
0400 - 0d 06 03 55 04 08 13 06-4c 6f 6e 64 6f 6e 31 0f   ...U....London1.
0410 - 30 0d 06 03 55 04 07 13-06 4c 6f 6e 64 6f 6e 31   0...U....London1
0420 - 0d 30 0b 06 03 55 04 0a-13 04 4c 53 45 47 31 0b   .0...U....LSEG1.
0430 - 30 09 06 03 55 04 0b 13-02 49 54 31 0e 30 0c 06   0...U....IT1.0..
0440 - 03 55 04 03 13 05 73 65-6e 61 6c 31 1c 30 1a 06   .U....senal1.0..
0450 - 09 2a 86 48 86 f7 0d 01-09 01 16 0d 6c 73 65 67   .*.H........lseg
0460 - 40 6c 73 65 67 2e 63 6f-6d 30 1e 17 0d 31 39 30   @lseg.com0...190
0470 - 37 30 39 30 35 34 39 34-30 5a 17 0d 31 39 30 38   709054940Z..1908
0480 - 30 38 30 35 34 39 34 30-5a 30 79 31 0b 30 09 06   08054940Z0y1.0..
0490 - 03 55 04 06 13 02 55 4b-31 0f 30 0d 06 03 55 04   .U....UK1.0...U.
04a0 - 08 13 06 4c 6f 6e 64 6f-6e 31 0f 30 0d 06 03 55   ...London1.0...U
04b0 - 04 07 13 06 4c 6f 6e 64-6f 6e 31 0d 30 0b 06 03   ....London1.0...
04c0 - 55 04 0a 13 04 4c 53 45-47 31 0b 30 09 06 03 55   U....LSEG1.0...U
04d0 - 04 0b 13 02 49 54 31 0e-30 0c 06 03 55 04 03 13   ....IT1.0...U...
04e0 - 05 73 65 6e 61 6c 31 1c-30 1a 06 09 2a 86 48 86   .senal1.0...*.H.
04f0 - f7 0d 01 09 01 16 0d 6c-73 65 67 40 6c 73 65 67   .......lseg@lseg
0500 - 2e 63 6f 6d 30 81 9f 30-0d 06 09 2a 86 48 86 f7   .com0..0...*.H..
0510 - 0d 01 01 01 05 00 03 81-8d 00 30 81 89 02 81 81   ..........0.....
0520 - 00 a6 44 15 3f 31 a9 21-cc fb 92 51 a6 8b 2c a2   ..D.?1.!...Q..,.
0530 - 0d b6 b6 fa 5c 60 21 41-53 80 83 c0 b8 a8 16 c4   ....\`!AS.......
0540 - 4a 8e 19 e2 fe 7d 4f f4-e0 3d 8b b1 55 0e 67 73   J....}O..=..U.gs
0550 - ac 1a f8 43 cc 11 fe 37-8c 20 56 e7 ad 71 c8 77   ...C...7. V..q.w
0560 - 5f 93 52 31 34 92 34 be-33 98 89 88 60 f5 e7 24   _.R14.4.3...`..$
0570 - 7d 85 62 75 56 00 2d 15-7b 1d 44 56 ae 4a b1 ed   }.buV.-.{.DV.J..
0580 - 3e aa 47 67 85 60 1c d1-02 a2 1e 92 4f 93 50 c1   >.Gg.`......O.P.
0590 - 74 ee 0c 6e b8 c6 93 ae-20 72 ef 4b 8f ef a9 29   t..n.... r.K...)
05a0 - 3d 02 03 01 00 01 a3 81-de 30 81 db 30 1d 06 03   =........0..0...
05b0 - 55 1d 0e 04 16 04 14 4c-28 e6 f0 3a 2e 2a 2b 59   U......L(..:.*+Y
05c0 - ea 0e 87 78 cf a6 71 b8-a7 5a c9 30 81 ab 06 03   ...x..q..Z.0....
05d0 - 55 1d 23 04 81 a3 30 81-a0 80 14 4c 28 e6 f0 3a   U.#...0....L(..:
05e0 - 2e 2a 2b 59 ea 0e 87 78-cf a6 71 b8 a7 5a c9 a1   .*+Y...x..q..Z..
05f0 - 7d a4 7b 30 79 31 0b 30-09 06 03 55 04 06 13 02   }.{0y1.0...U....
0600 - 55 4b 31 0f 30 0d 06 03-55 04 08 13 06 4c 6f 6e   UK1.0...U....Lon
0610 - 64 6f 6e 31 0f 30 0d 06-03 55 04 07 13 06 4c 6f   don1.0...U....Lo
0620 - 6e 64 6f 6e 31 0d 30 0b-06 03 55 04 0a 13 04 4c   ndon1.0...U....L
0630 - 53 45 47 31 0b 30 09 06-03 55 04 0b 13 02 49 54   SEG1.0...U....IT
0640 - 31 0e 30 0c 06 03 55 04-03 13 05 73 65 6e 61 6c   1.0...U....senal
0650 - 31 1c 30 1a 06 09 2a 86-48 86 f7 0d 01 09 01 16   1.0...*.H.......
0660 - 0d 6c 73 65 67 40 6c 73-65 67 2e 63 6f 6d 82 09   .lseg@lseg.com..
0670 - 00 e0 b7 e9 bc b0 65 10-4f 30 0c 06 03 55 1d 13   ......e.O0...U..
0680 - 04 05 30 03 01 01 ff 30-0d 06 09 2a 86 48 86 f7   ..0....0...*.H..
0690 - 0d 01 01 05 05 00 03 81-81 00 7f 33 7f 42 29 f4   ...........3.B).
06a0 - 16 4c 22 19 67 87 bc e6-9f e1 8d 37 be bf ba aa   .L".g......7....
06b0 - 2e f7 b8 34 c8 af b0 52-65 30 ed 67 4e d9 f1 90   ...4...Re0.gN...
06c0 - 4c ee 7a fd a7 bb 76 14-00 53 e9 f5 6c 3e 61 3b   L.z...v..S..l>a;
06d0 - 3c 4f a0 f9 fe ea 4c 11-18 46 83 85 43 1e 59 39   <O....L..F..C.Y9
06e0 - 26 d0 30 81 8a f5 12 75-ca 19 53 49 c5 b1 33 5d   &.0....u..SI..3]
06f0 - ef d7 98 55 54 52 fa f5-ae d3 ea 47 ba 26 2d e3   ...UTR.....G.&-.
0700 - b5 4d 6e d6 fa e0 92 b3-9b 43 db 01 0b 91 f6 45   .Mn......C.....E
0710 - 46 03 09 99 1a f3 fe 39-0d de 0c 00 01 37 00 80   F......9.....7..
0720 - ff ff ff ff ff ff ff ff-c9 0f da a2 21 68 c2 34   ............!h.4
0730 - c4 c6 62 8b 80 dc 1c d1-29 02 4e 08 8a 67 cc 74   ..b.....).N..g.t
0740 - 02 0b be a6 3b 13 9b 22-51 4a 08 79 8e 34 04 dd   ....;.."QJ.y.4..
0750 - ef 95 19 b3 cd 3a 43 1b-30 2b 0a 6d f2 5f 14 37   .....:C.0+.m._.7
0760 - 4f e1 35 6d 6d 51 c2 45-e4 85 b5 76 62 5e 7e c6   O.5mmQ.E...vb^~.
0770 - f4 4c 42 e9 a6 37 ed 6b-0b ff 5c b6 f4 06 b7 ed   .LB..7.k..\.....
0780 - ee 38 6b fb 5a 89 9f a5-ae 9f 24 11 7c 4b 1f e6   .8k.Z.....$.|K..
0790 - 49 28 66 51 ec e6 53 81-ff ff ff ff ff ff ff ff   I(fQ..S.........
07a0 - 00 01 02 00 80 33 32 ef-8e 09 5b 8d 5b 18 ad b2   .....32...[.[...
07b0 - 37 3f fa f8 54 00 66 89-77 c8 44 98 4c 16 85 7a   7?..T.f.w.D.L..z
07c0 - 89 90 3d ca cc 1c f7 74-ad 87 ac 13 9a be 09 86   ..=....t........
07d0 - 02 40 0a 1f 16 92 2a a1-24 2e 62 e1 16 f5 77 3e   .@....*.$.b...w>
07e0 - 1f df 42 4d 87 ff 06 52-99 10 d6 62 5b 21 40 72   ..BM...R...b[!@r
07f0 - 1a c1 f0 81 ca 65 af 27-7d e2 14 54 26 37 c8 97   .....e.'}..T&7..
0800 - 14 a2 0e 06 42 cd 0f a5-e9 34 74 46 f4 84 7d fb   ....B....4tF..}.
0810 - 49 3a bd e1 ec 16 a0 e0-2a b8 a4 3f 4e 09 20 c5   I:......*..?N. .
0820 - 42 09 6a a7 66 00 2e 30-2c 02 14 7b f8 62 5e c9   B.j.f..0,..{.b^.
0830 - 9e 32 f7 bb f8 2a 72 1c-be 75 51 4f 38 c0 2a 02   .2...*r..uQO8.*.
0840 - 14 5b e6 98 30 8f 56 50-09 66 59 92 77 b6 93 59   .[..0.VP.fY.w..Y
0850 - a2 d2 5e f2 ba 0d 00 00-83 03 01 02 40 00 7d 00   ..^.........@.}.
0860 - 7b 30 79 31 0b 30 09 06-03 55 04 06 13 02 55 4b   {0y1.0...U....UK
0870 - 31 0f 30 0d 06 03 55 04-08 13 06 4c 6f 6e 64 6f   1.0...U....Londo
0880 - 6e 31 0f 30 0d 06 03 55-04 07 13 06 4c 6f 6e 64   n1.0...U....Lond
0890 - 6f 6e 31 0d 30 0b 06 03-55 04 0a 13 04 4c 53 45   on1.0...U....LSE
08a0 - 47 31 0b 30 09 06 03 55-04 0b 13 02 49 54 31 0e   G1.0...U....IT1.
08b0 - 30 0c 06 03 55 04 03 13-05 73 65 6e 61 6c 31 1c   0...U....senal1.
08c0 - 30 1a 06 09 2a 86 48 86-f7 0d 01 09 01 16 0d 6c   0...*.H........l
08d0 - 73 65 67 40 6c 73 65 67-2e 63 6f 6d 0e            seg@lseg.com.
08e0 - <SPACES/NULS>
<<< TLS 1.0 Handshake [length 0051], ServerHello
    02 00 00 4d 03 01 5d 24 cd 2d 81 85 73 4a 5e 08
    6a 16 00 19 dc 63 70 54 6a cc 2f 9a 02 cb 62 38
    d0 13 32 b9 46 44 20 5d 24 cd 2d eb ec 23 f1 d7
    b7 4c 62 4d 0d dd 25 ff 38 0f cb 0f ff cd 0e d9
    9e 8b 7b 1d 6c f4 ed 00 38 00 00 05 ff 01 00 01
    00
<<< TLS 1.0 Handshake [length 06c9], Certificate
    0b 00 06 c5 00 06 c2 00 03 69 30 82 03 65 30 82
    02 ce 02 09 00 81 18 b9 7d f3 57 e6 fd 30 0d 06
    09 2a 86 48 86 f7 0d 01 01 05 05 00 30 79 31 0b
    30 09 06 03 55 04 06 13 02 55 4b 31 0f 30 0d 06
    03 55 04 08 13 06 4c 6f 6e 64 6f 6e 31 0f 30 0d
    06 03 55 04 07 13 06 4c 6f 6e 64 6f 6e 31 0d 30
    0b 06 03 55 04 0a 13 04 4c 53 45 47 31 0b 30 09
    06 03 55 04 0b 13 02 49 54 31 0e 30 0c 06 03 55
    04 03 13 05 73 65 6e 61 6c 31 1c 30 1a 06 09 2a
    86 48 86 f7 0d 01 09 01 16 0d 6c 73 65 67 40 6c
    73 65 67 2e 63 6f 6d 30 1e 17 0d 31 39 30 37 30
    39 30 35 34 39 34 31 5a 17 0d 32 30 30 37 30 38
    30 35 34 39 34 31 5a 30 5b 31 0b 30 09 06 03 55
    04 06 13 02 55 4b 31 0f 30 0d 06 03 55 04 08 13
    06 4c 6f 6e 64 6f 6e 31 0f 30 0d 06 03 55 04 07
    13 06 4c 6f 6e 64 6f 6e 31 0b 30 09 06 03 55 04
    0b 13 02 49 54 31 0d 30 0b 06 03 55 04 0a 13 04
    4c 53 45 47 31 0e 30 0c 06 03 55 04 03 13 05 73
    65 6e 61 6c 30 82 01 b8 30 82 01 2c 06 07 2a 86
    48 ce 38 04 01 30 82 01 1f 02 81 81 00 fd 7f 53
    81 1d 75 12 29 52 df 4a 9c 2e ec e4 e7 f6 11 b7
    52 3c ef 44 00 c3 1e 3f 80 b6 51 26 69 45 5d 40
    22 51 fb 59 3d 8d 58 fa bf c5 f5 ba 30 f6 cb 9b
    55 6c d7 81 3b 80 1d 34 6f f2 66 60 b7 6b 99 50
    a5 a4 9f 9f e8 04 7b 10 22 c2 4f bb a9 d7 fe b7
    c6 1b f8 3b 57 e7 c6 a8 a6 15 0f 04 fb 83 f6 d3
    c5 1e c3 02 35 54 13 5a 16 91 32 f6 75 f3 ae 2b
    61 d7 2a ef f2 22 03 19 9d d1 48 01 c7 02 15 00
    97 60 50 8f 15 23 0b cc b2 92 b9 82 a2 eb 84 0b
    f0 58 1c f5 02 81 81 00 f7 e1 a0 85 d6 9b 3d de
    cb bc ab 5c 36 b8 57 b9 79 94 af bb fa 3a ea 82
    f9 57 4c 0b 3d 07 82 67 51 59 57 8e ba d4 59 4f
    e6 71 07 10 81 80 b4 49 16 71 23 e8 4c 28 16 13
    b7 cf 09 32 8c c8 a6 e1 3c 16 7a 8b 54 7c 8d 28
    e0 a3 ae 1e 2b b3 a6 75 91 6e a3 7f 0b fa 21 35
    62 f1 fb 62 7a 01 24 3b cc a4 f1 be a8 51 90 89
    a8 83 df e1 5a e5 9f 06 92 8b 66 5e 80 7b 55 25
    64 01 4c 3b fe cf 49 2a 03 81 85 00 02 81 81 00
    d0 29 d7 e8 c1 c0 74 f0 76 64 8a 71 88 82 04 a0
    15 09 5a e9 c7 12 39 67 34 52 71 5f 74 ec 42 de
    aa 07 65 ab 43 21 98 28 d8 4d 62 f3 40 80 e6 ad
    bc 06 d3 e5 41 ed 25 eb 1a 68 60 ad b7 c9 a0 5b
    36 ac 5f de 00 10 6e 28 d4 e6 69 54 40 17 4a b8
    1e df 8b 05 e3 34 62 6b 6f d0 30 fe 3b 07 00 3d
    68 94 4b c0 69 84 d1 ac c9 c6 d4 dd 04 71 a9 ef
    1f ef fd 28 66 3f c9 fa 0d a6 11 f5 98 d3 59 3f
    30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03
    81 81 00 72 7d 4f 4a bd 3a 50 90 e6 9a 13 f7 7e
    70 4c ab f6 ad 33 43 6f 1e 3d 67 ba d5 a7 6d 51
    05 d7 fe 75 40 32 19 38 1a 00 ed 3a 1a cf 64 b6
    a0 38 5d 08 5d c4 20 37 47 c5 ca 89 22 64 42 9d
    94 f6 3e b6 9a 8f f6 e5 80 21 cc b0 f3 8c aa ae
    06 dd 7d 19 e9 c4 44 42 84 12 39 cd 81 03 d4 f1
    d1 77 4f 0f 7d 5e 3f 7d 37 fa 17 9f 87 e7 84 b7
    bd 40 1e e8 73 1b 7e 20 12 ae cb 8d bf fe 14 96
    e3 15 7a 00 03 53 30 82 03 4f 30 82 02 b8 a0 03
    02 01 02 02 09 00 e0 b7 e9 bc b0 65 10 4f 30 0d
    06 09 2a 86 48 86 f7 0d 01 01 05 05 00 30 79 31
    0b 30 09 06 03 55 04 06 13 02 55 4b 31 0f 30 0d
    06 03 55 04 08 13 06 4c 6f 6e 64 6f 6e 31 0f 30
    0d 06 03 55 04 07 13 06 4c 6f 6e 64 6f 6e 31 0d
    30 0b 06 03 55 04 0a 13 04 4c 53 45 47 31 0b 30
    09 06 03 55 04 0b 13 02 49 54 31 0e 30 0c 06 03
    55 04 03 13 05 73 65 6e 61 6c 31 1c 30 1a 06 09
    2a 86 48 86 f7 0d 01 09 01 16 0d 6c 73 65 67 40
    6c 73 65 67 2e 63 6f 6d 30 1e 17 0d 31 39 30 37
    30 39 30 35 34 39 34 30 5a 17 0d 31 39 30 38 30
    38 30 35 34 39 34 30 5a 30 79 31 0b 30 09 06 03
    55 04 06 13 02 55 4b 31 0f 30 0d 06 03 55 04 08
    13 06 4c 6f 6e 64 6f 6e 31 0f 30 0d 06 03 55 04
    07 13 06 4c 6f 6e 64 6f 6e 31 0d 30 0b 06 03 55
    04 0a 13 04 4c 53 45 47 31 0b 30 09 06 03 55 04
    0b 13 02 49 54 31 0e 30 0c 06 03 55 04 03 13 05
    73 65 6e 61 6c 31 1c 30 1a 06 09 2a 86 48 86 f7
    0d 01 09 01 16 0d 6c 73 65 67 40 6c 73 65 67 2e
    63 6f 6d 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d
    01 01 01 05 00 03 81 8d 00 30 81 89 02 81 81 00
    a6 44 15 3f 31 a9 21 cc fb 92 51 a6 8b 2c a2 0d
    b6 b6 fa 5c 60 21 41 53 80 83 c0 b8 a8 16 c4 4a
    8e 19 e2 fe 7d 4f f4 e0 3d 8b b1 55 0e 67 73 ac
    1a f8 43 cc 11 fe 37 8c 20 56 e7 ad 71 c8 77 5f
    93 52 31 34 92 34 be 33 98 89 88 60 f5 e7 24 7d
    85 62 75 56 00 2d 15 7b 1d 44 56 ae 4a b1 ed 3e
    aa 47 67 85 60 1c d1 02 a2 1e 92 4f 93 50 c1 74
    ee 0c 6e b8 c6 93 ae 20 72 ef 4b 8f ef a9 29 3d
    02 03 01 00 01 a3 81 de 30 81 db 30 1d 06 03 55
    1d 0e 04 16 04 14 4c 28 e6 f0 3a 2e 2a 2b 59 ea
    0e 87 78 cf a6 71 b8 a7 5a c9 30 81 ab 06 03 55
    1d 23 04 81 a3 30 81 a0 80 14 4c 28 e6 f0 3a 2e
    2a 2b 59 ea 0e 87 78 cf a6 71 b8 a7 5a c9 a1 7d
    a4 7b 30 79 31 0b 30 09 06 03 55 04 06 13 02 55
    4b 31 0f 30 0d 06 03 55 04 08 13 06 4c 6f 6e 64
    6f 6e 31 0f 30 0d 06 03 55 04 07 13 06 4c 6f 6e
    64 6f 6e 31 0d 30 0b 06 03 55 04 0a 13 04 4c 53
    45 47 31 0b 30 09 06 03 55 04 0b 13 02 49 54 31
    0e 30 0c 06 03 55 04 03 13 05 73 65 6e 61 6c 31
    1c 30 1a 06 09 2a 86 48 86 f7 0d 01 09 01 16 0d
    6c 73 65 67 40 6c 73 65 67 2e 63 6f 6d 82 09 00
    e0 b7 e9 bc b0 65 10 4f 30 0c 06 03 55 1d 13 04
    05 30 03 01 01 ff 30 0d 06 09 2a 86 48 86 f7 0d
    01 01 05 05 00 03 81 81 00 7f 33 7f 42 29 f4 16
    4c 22 19 67 87 bc e6 9f e1 8d 37 be bf ba aa 2e
    f7 b8 34 c8 af b0 52 65 30 ed 67 4e d9 f1 90 4c
    ee 7a fd a7 bb 76 14 00 53 e9 f5 6c 3e 61 3b 3c
    4f a0 f9 fe ea 4c 11 18 46 83 85 43 1e 59 39 26
    d0 30 81 8a f5 12 75 ca 19 53 49 c5 b1 33 5d ef
    d7 98 55 54 52 fa f5 ae d3 ea 47 ba 26 2d e3 b5
    4d 6e d6 fa e0 92 b3 9b 43 db 01 0b 91 f6 45 46
    03 09 99 1a f3 fe 39 0d de
depth=1 /C=UK/ST=London/L=London/O=LSEG/OU=IT/CN=senal/emailAddress=lseg@lseg.com
verify return:1
depth=0 /C=UK/ST=London/L=London/OU=IT/O=LSEG/CN=senal
verify return:1
<<< TLS 1.0 Handshake [length 013b], ServerKeyExchange
    0c 00 01 37 00 80 ff ff ff ff ff ff ff ff c9 0f
    da a2 21 68 c2 34 c4 c6 62 8b 80 dc 1c d1 29 02
    4e 08 8a 67 cc 74 02 0b be a6 3b 13 9b 22 51 4a
    08 79 8e 34 04 dd ef 95 19 b3 cd 3a 43 1b 30 2b
    0a 6d f2 5f 14 37 4f e1 35 6d 6d 51 c2 45 e4 85
    b5 76 62 5e 7e c6 f4 4c 42 e9 a6 37 ed 6b 0b ff
    5c b6 f4 06 b7 ed ee 38 6b fb 5a 89 9f a5 ae 9f
    24 11 7c 4b 1f e6 49 28 66 51 ec e6 53 81 ff ff
    ff ff ff ff ff ff 00 01 02 00 80 33 32 ef 8e 09
    5b 8d 5b 18 ad b2 37 3f fa f8 54 00 66 89 77 c8
    44 98 4c 16 85 7a 89 90 3d ca cc 1c f7 74 ad 87
    ac 13 9a be 09 86 02 40 0a 1f 16 92 2a a1 24 2e
    62 e1 16 f5 77 3e 1f df 42 4d 87 ff 06 52 99 10
    d6 62 5b 21 40 72 1a c1 f0 81 ca 65 af 27 7d e2
    14 54 26 37 c8 97 14 a2 0e 06 42 cd 0f a5 e9 34
    74 46 f4 84 7d fb 49 3a bd e1 ec 16 a0 e0 2a b8
    a4 3f 4e 09 20 c5 42 09 6a a7 66 00 2e 30 2c 02
    14 7b f8 62 5e c9 9e 32 f7 bb f8 2a 72 1c be 75
    51 4f 38 c0 2a 02 14 5b e6 98 30 8f 56 50 09 66
    59 92 77 b6 93 59 a2 d2 5e f2 ba
<<< TLS 1.0 Handshake [length 0087], CertificateRequest
    0d 00 00 83 03 01 02 40 00 7d 00 7b 30 79 31 0b
    30 09 06 03 55 04 06 13 02 55 4b 31 0f 30 0d 06
    03 55 04 08 13 06 4c 6f 6e 64 6f 6e 31 0f 30 0d
    06 03 55 04 07 13 06 4c 6f 6e 64 6f 6e 31 0d 30
    0b 06 03 55 04 0a 13 04 4c 53 45 47 31 0b 30 09
    06 03 55 04 0b 13 02 49 54 31 0e 30 0c 06 03 55
    04 03 13 05 73 65 6e 61 6c 31 1c 30 1a 06 09 2a
    86 48 86 f7 0d 01 09 01 16 0d 6c 73 65 67 40 6c
    73 65 67 2e 63 6f 6d
<<< TLS 1.0 Handshake [length 0004], ServerHelloDone
    0e 00 00 00
>>> TLS 1.0 Handshake [length 02fb], Certificate
    0b 00 02 f7 00 02 f4 00 02 f1 30 82 02 ed 30 82
    02 56 02 09 00 81 18 b9 7d f3 57 e6 fe 30 0d 06
    09 2a 86 48 86 f7 0d 01 01 05 05 00 30 79 31 0b
    30 09 06 03 55 04 06 13 02 55 4b 31 0f 30 0d 06
    03 55 04 08 13 06 4c 6f 6e 64 6f 6e 31 0f 30 0d
    06 03 55 04 07 13 06 4c 6f 6e 64 6f 6e 31 0d 30
    0b 06 03 55 04 0a 13 04 4c 53 45 47 31 0b 30 09
    06 03 55 04 0b 13 02 49 54 31 0e 30 0c 06 03 55
    04 03 13 05 73 65 6e 61 6c 31 1c 30 1a 06 09 2a
    86 48 86 f7 0d 01 09 01 16 0d 6c 73 65 67 40 6c
    73 65 67 2e 63 6f 6d 30 1e 17 0d 31 39 30 37 30
    39 30 35 34 39 34 31 5a 17 0d 32 30 30 37 30 38
    30 35 34 39 34 31 5a 30 79 31 0b 30 09 06 03 55
    04 06 13 02 55 4b 31 0f 30 0d 06 03 55 04 08 13
    06 4c 6f 6e 64 6f 6e 31 0f 30 0d 06 03 55 04 07
    13 06 4c 6f 6e 64 6f 6e 31 0d 30 0b 06 03 55 04
    0a 13 04 4c 53 45 47 31 0b 30 09 06 03 55 04 0b
    13 02 49 54 31 0e 30 0c 06 03 55 04 03 13 05 73
    65 6e 61 6c 31 1c 30 1a 06 09 2a 86 48 86 f7 0d
    01 09 01 16 0d 6c 73 65 67 40 6c 73 65 67 2e 63
    6f 6d 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d
    01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82
    01 01 00 a4 8b 97 a8 06 65 32 85 ec 26 46 cd 2b
    99 9b 8d 76 ea 6f af 29 ea 18 64 d2 69 b3 3f 80
    cb 4f 64 7f f5 cb a5 d6 3f 60 43 bb d4 c1 f2 60
    72 4e f9 f9 9e 2f eb 94 cc 39 d6 8c 82 7e 1b 9f
    73 23 0c d8 d2 a0 72 2b 9e 37 19 f5 3a ed 12 d6
    aa b2 0c 1b ff 04 2e c1 b0 14 23 8c f1 04 4e 7d
    bd 38 42 cd 65 8a 2a 9c f4 44 0b 44 81 11 89 f6
    85 9c df 2a b4 6b ce 70 89 dd f6 d0 e5 09 51 d9
    40 01 e6 b6 22 07 a4 7e 1c 7d 00 82 58 6f f6 bc
    54 c8 47 d6 b6 07 c8 e9 d0 d7 30 3d e7 88 64 29
    74 91 4f 06 17 07 99 05 db 78 49 3d 91 b0 06 98
    cc 4a a7 62 e1 9e 84 b0 7f c1 8e 6f 75 95 ad 46
    4b 5b 9f 35 95 7f 70 46 96 9f 32 f1 36 75 39 9b
    d0 83 8f 3e 78 7c 07 c3 d6 f9 70 b2 c6 39 d0 4d
    b5 83 47 b0 4a 46 d4 1e 97 f7 dc e0 1a 2c c2 7c
    af 34 2d ad a1 6c 0f 54 1e b0 9a cc ad 44 18 b8
    b2 2d 93 02 03 01 00 01 30 0d 06 09 2a 86 48 86
    f7 0d 01 01 05 05 00 03 81 81 00 3c 92 dd 2f 68
    da d2 20 cf ce 0e 6d 55 24 b8 03 61 88 ee 0f d3
    17 5e b2 28 2b e5 c7 89 49 14 3f a6 aa 7a b7 f5
    07 6c 04 c5 e5 32 5e fa 60 82 f2 76 4d 62 09 63
    71 6f b5 b2 ab 29 b4 0e 3e d6 7f 90 9b a4 ad 75
    52 50 fb a2 58 4c ea 81 dc 91 1c 06 02 63 16 89
    f7 ac cd 4c d5 1f b0 1a 66 32 8f 18 25 d0 8d 8b
    c2 b6 3e c1 85 07 f9 ec 87 88 9b b5 0e 00 00 fa
    3e cd b3 6b 92 ea 6b b3 bc f4 92
write to 0x696e00 [0x6a73d0] (768 bytes => 768 (0x300))
0000 - 16 03 01 02 fb 0b 00 02-f7 00 02 f4 00 02 f1 30   ...............0
0010 - 82 02 ed 30 82 02 56 02-09 00 81 18 b9 7d f3 57   ...0..V......}.W
0020 - e6 fe 30 0d 06 09 2a 86-48 86 f7 0d 01 01 05 05   ..0...*.H.......
0030 - 00 30 79 31 0b 30 09 06-03 55 04 06 13 02 55 4b   .0y1.0...U....UK
0040 - 31 0f 30 0d 06 03 55 04-08 13 06 4c 6f 6e 64 6f   1.0...U....Londo
0050 - 6e 31 0f 30 0d 06 03 55-04 07 13 06 4c 6f 6e 64   n1.0...U....Lond
0060 - 6f 6e 31 0d 30 0b 06 03-55 04 0a 13 04 4c 53 45   on1.0...U....LSE
0070 - 47 31 0b 30 09 06 03 55-04 0b 13 02 49 54 31 0e   G1.0...U....IT1.
0080 - 30 0c 06 03 55 04 03 13-05 73 65 6e 61 6c 31 1c   0...U....senal1.
0090 - 30 1a 06 09 2a 86 48 86-f7 0d 01 09 01 16 0d 6c   0...*.H........l
00a0 - 73 65 67 40 6c 73 65 67-2e 63 6f 6d 30 1e 17 0d   seg@lseg.com0...
00b0 - 31 39 30 37 30 39 30 35-34 39 34 31 5a 17 0d 32   190709054941Z..2
00c0 - 30 30 37 30 38 30 35 34-39 34 31 5a 30 79 31 0b   00708054941Z0y1.
00d0 - 30 09 06 03 55 04 06 13-02 55 4b 31 0f 30 0d 06   0...U....UK1.0..
00e0 - 03 55 04 08 13 06 4c 6f-6e 64 6f 6e 31 0f 30 0d   .U....London1.0.
00f0 - 06 03 55 04 07 13 06 4c-6f 6e 64 6f 6e 31 0d 30   ..U....London1.0
0100 - 0b 06 03 55 04 0a 13 04-4c 53 45 47 31 0b 30 09   ...U....LSEG1.0.
0110 - 06 03 55 04 0b 13 02 49-54 31 0e 30 0c 06 03 55   ..U....IT1.0...U
0120 - 04 03 13 05 73 65 6e 61-6c 31 1c 30 1a 06 09 2a   ....senal1.0...*
0130 - 86 48 86 f7 0d 01 09 01-16 0d 6c 73 65 67 40 6c   .H........lseg@l
0140 - 73 65 67 2e 63 6f 6d 30-82 01 22 30 0d 06 09 2a   seg.com0.."0...*
0150 - 86 48 86 f7 0d 01 01 01-05 00 03 82 01 0f 00 30   .H.............0
0160 - 82 01 0a 02 82 01 01 00-a4 8b 97 a8 06 65 32 85   .............e2.
0170 - ec 26 46 cd 2b 99 9b 8d-76 ea 6f af 29 ea 18 64   .&F.+...v.o.)..d
0180 - d2 69 b3 3f 80 cb 4f 64-7f f5 cb a5 d6 3f 60 43   .i.?..Od.....?`C
0190 - bb d4 c1 f2 60 72 4e f9-f9 9e 2f eb 94 cc 39 d6   ....`rN.../...9.
01a0 - 8c 82 7e 1b 9f 73 23 0c-d8 d2 a0 72 2b 9e 37 19   ..~..s#....r+.7.
01b0 - f5 3a ed 12 d6 aa b2 0c-1b ff 04 2e c1 b0 14 23   .:.............#
01c0 - 8c f1 04 4e 7d bd 38 42-cd 65 8a 2a 9c f4 44 0b   ...N}.8B.e.*..D.
01d0 - 44 81 11 89 f6 85 9c df-2a b4 6b ce 70 89 dd f6   D.......*.k.p...
01e0 - d0 e5 09 51 d9 40 01 e6-b6 22 07 a4 7e 1c 7d 00   ...Q.@..."..~.}.
01f0 - 82 58 6f f6 bc 54 c8 47-d6 b6 07 c8 e9 d0 d7 30   .Xo..T.G.......0
0200 - 3d e7 88 64 29 74 91 4f-06 17 07 99 05 db 78 49   =..d)t.O......xI
0210 - 3d 91 b0 06 98 cc 4a a7-62 e1 9e 84 b0 7f c1 8e   =.....J.b.......
0220 - 6f 75 95 ad 46 4b 5b 9f-35 95 7f 70 46 96 9f 32   ou..FK[.5..pF..2
0230 - f1 36 75 39 9b d0 83 8f-3e 78 7c 07 c3 d6 f9 70   .6u9....>x|....p
0240 - b2 c6 39 d0 4d b5 83 47-b0 4a 46 d4 1e 97 f7 dc   ..9.M..G.JF.....
0250 - e0 1a 2c c2 7c af 34 2d-ad a1 6c 0f 54 1e b0 9a   ..,.|.4-..l.T...
0260 - cc ad 44 18 b8 b2 2d 93-02 03 01 00 01 30 0d 06   ..D...-......0..
0270 - 09 2a 86 48 86 f7 0d 01-01 05 05 00 03 81 81 00   .*.H............
0280 - 3c 92 dd 2f 68 da d2 20-cf ce 0e 6d 55 24 b8 03   <../h.. ...mU$..
0290 - 61 88 ee 0f d3 17 5e b2-28 2b e5 c7 89 49 14 3f   a.....^.(+...I.?
02a0 - a6 aa 7a b7 f5 07 6c 04-c5 e5 32 5e fa 60 82 f2   ..z...l...2^.`..
02b0 - 76 4d 62 09 63 71 6f b5-b2 ab 29 b4 0e 3e d6 7f   vMb.cqo...)..>..
02c0 - 90 9b a4 ad 75 52 50 fb-a2 58 4c ea 81 dc 91 1c   ....uRP..XL.....
02d0 - 06 02 63 16 89 f7 ac cd-4c d5 1f b0 1a 66 32 8f   ..c.....L....f2.
02e0 - 18 25 d0 8d 8b c2 b6 3e-c1 85 07 f9 ec 87 88 9b   .%.....>........
02f0 - b5 0e 00 00 fa 3e cd b3-6b 92 ea 6b b3 bc f4 92   .....>..k..k....
>>> TLS 1.0 Handshake [length 0086], ClientKeyExchange
    10 00 00 82 00 80 e8 a9 4b a4 1c ed 04 19 f6 03
    8a b3 69 e0 fb c2 20 29 1d fd 40 cf 2d 29 d0 7f
    05 7f 35 26 c5 b9 f4 0e f4 c8 a0 23 40 08 48 ac
    0c 06 9f 1d 92 f2 48 83 99 48 06 97 1c 22 46 75
    0b 21 a3 74 4a bf 1f 1a 4b c2 07 51 92 ba 70 34
    e8 46 01 6b 2b 59 f0 6a e7 d8 38 a6 b1 db d0 fb
    da 7f 77 ca f9 b3 5e fa be f8 69 fd ed eb 3e 6d
    2e f3 d8 85 03 a6 2d 9d 28 11 ba 6a 4f 1f 66 ff
    45 d0 d2 a9 51 b5
write to 0x696e00 [0x6a73d0] (139 bytes => 139 (0x8B))
0000 - 16 03 01 00 86 10 00 00-82 00 80 e8 a9 4b a4 1c   .............K..
0010 - ed 04 19 f6 03 8a b3 69-e0 fb c2 20 29 1d fd 40   .......i... )..@
0020 - cf 2d 29 d0 7f 05 7f 35-26 c5 b9 f4 0e f4 c8 a0   .-)....5&.......
0030 - 23 40 08 48 ac 0c 06 9f-1d 92 f2 48 83 99 48 06   #@.H.......H..H.
0040 - 97 1c 22 46 75 0b 21 a3-74 4a bf 1f 1a 4b c2 07   .."Fu.!.tJ...K..
0050 - 51 92 ba 70 34 e8 46 01-6b 2b 59 f0 6a e7 d8 38   Q..p4.F.k+Y.j..8
0060 - a6 b1 db d0 fb da 7f 77-ca f9 b3 5e fa be f8 69   .......w...^...i
0070 - fd ed eb 3e 6d 2e f3 d8-85 03 a6 2d 9d 28 11 ba   ...>m......-.(..
0080 - 6a 4f 1f 66 ff 45 d0 d2-a9 51 b5                  jO.f.E...Q.
>>> TLS 1.0 Handshake [length 0106], CertificateVerify
    0f 00 01 02 01 00 a3 9a cc 63 c1 74 e6 a3 48 fc
    1f 12 14 8f bc 55 1c 20 3d 21 92 1e 31 d0 24 ce
    0c fa 7d e5 7c 1a 04 6b 26 6d c2 63 5e 2f 6e 2b
    55 82 65 05 36 0b 66 64 64 8c 3b 40 20 86 6c b1
    a8 86 39 b1 e5 2b 8a 5d 90 df a3 05 f5 c7 40 8c
    b6 8d 9f 16 29 0f fb 75 e9 07 0e e0 19 1a f5 7c
    d5 d8 98 2a 8a 87 34 d8 ec ce 0b f4 06 ea d0 6e
    65 c3 f8 e6 83 2a 2d fc bd 88 4d 9d ab c8 17 51
    27 ba 40 24 6f 3d 93 c4 ff e5 77 f5 df 1b bc 3f
    79 01 22 f6 81 47 e7 40 fd 94 74 15 a2 59 3f 67
    57 f2 2f 0a 83 47 81 0f 9b c6 44 8b 68 93 ed db
    60 37 6e 46 6c 30 3a ea 1b 97 de f9 6a 9e a4 27
    c3 c3 04 71 e2 0f bb 32 c2 2b 26 f7 c8 f3 1c bc
    5f 53 8e 90 77 24 86 a1 ee f5 9c ed cb c6 30 63
    bc a2 5b 17 d5 97 72 7f d5 05 a7 ff da 05 1d fb
    5b f4 89 f3 12 c8 c7 3e 0a 05 b0 f2 53 ce 18 73
    16 31 8b 7f 1a b5
write to 0x696e00 [0x6a73d0] (267 bytes => 267 (0x10B))
0000 - 16 03 01 01 06 0f 00 01-02 01 00 a3 9a cc 63 c1   ..............c.
0010 - 74 e6 a3 48 fc 1f 12 14-8f bc 55 1c 20 3d 21 92   t..H......U. =!.
0020 - 1e 31 d0 24 ce 0c fa 7d-e5 7c 1a 04 6b 26 6d c2   .1.$...}.|..k&m.
0030 - 63 5e 2f 6e 2b 55 82 65-05 36 0b 66 64 64 8c 3b   c^/n+U.e.6.fdd.;
0040 - 40 20 86 6c b1 a8 86 39-b1 e5 2b 8a 5d 90 df a3   @ .l...9..+.]...
0050 - 05 f5 c7 40 8c b6 8d 9f-16 29 0f fb 75 e9 07 0e   ...@.....)..u...
0060 - e0 19 1a f5 7c d5 d8 98-2a 8a 87 34 d8 ec ce 0b   ....|...*..4....
0070 - f4 06 ea d0 6e 65 c3 f8-e6 83 2a 2d fc bd 88 4d   ....ne....*-...M
0080 - 9d ab c8 17 51 27 ba 40-24 6f 3d 93 c4 ff e5 77   ....Q'.@$o=....w
0090 - f5 df 1b bc 3f 79 01 22-f6 81 47 e7 40 fd 94 74   ....?y."..G.@..t
00a0 - 15 a2 59 3f 67 57 f2 2f-0a 83 47 81 0f 9b c6 44   ..Y?gW./..G....D
00b0 - 8b 68 93 ed db 60 37 6e-46 6c 30 3a ea 1b 97 de   .h...`7nFl0:....
00c0 - f9 6a 9e a4 27 c3 c3 04-71 e2 0f bb 32 c2 2b 26   .j..'...q...2.+&
00d0 - f7 c8 f3 1c bc 5f 53 8e-90 77 24 86 a1 ee f5 9c   ....._S..w$.....
00e0 - ed cb c6 30 63 bc a2 5b-17 d5 97 72 7f d5 05 a7   ...0c..[...r....
00f0 - ff da 05 1d fb 5b f4 89-f3 12 c8 c7 3e 0a 05 b0   .....[......>...
0100 - f2 53 ce 18 73 16 31 8b-7f 1a b5                  .S..s.1....
>>> TLS 1.0 ChangeCipherSpec [length 0001]
    01
write to 0x696e00 [0x6a73d0] (6 bytes => 6 (0x6))
0000 - 14 03 01 00 01 01                                 ......
>>> TLS 1.0 Handshake [length 0010], Finished
    14 00 00 0c a9 85 e9 d3 75 78 cb 6c df 11 16 e9
write to 0x696e00 [0x6a73d0] (53 bytes => 53 (0x35))
0000 - 16 03 01 00 30 40 70 dc-03 3d c8 cb 50 79 bb 45   ....0@p..=..Py.E
0010 - 33 15 7b ea 13 c0 0c 22-52 88 86 ae 3f 78 2f f9   3.{...."R...?x/.
0020 - 38 20 5e 53 ec a7 a1 84-e9 ef 89 c8 74 ed dc d3   8 ^S........t...
0030 - 7d e5 a5 08 f9                                    }....
read from 0x696e00 [0x69d290] (5 bytes => 5 (0x5))
0000 - 14 03 01 00 01                                    .....
read from 0x696e00 [0x69d295] (1 bytes => 1 (0x1))
0000 - 01                                                .
<<< TLS 1.0 ChangeCipherSpec [length 0001]
    01
read from 0x696e00 [0x69d290] (5 bytes => 5 (0x5))
0000 - 16 03 01 00 30                                    ....0
read from 0x696e00 [0x69d295] (48 bytes => 48 (0x30))
0000 - d4 88 2f 6e e7 b2 26 f2-9b 93 4c cf 5e 96 5b 05   ../n..&...L.^.[.
0010 - 41 60 80 b8 df be d6 31-b0 37 f8 d9 73 2c f5 58   A`.....1.7..s,.X
0020 - 00 db 28 fd 11 c2 d9 79-4b 2f 6e 04 1f 8d 6b 09   ..(....yK/n...k.
<<< TLS 1.0 Handshake [length 0010], Finished
    14 00 00 0c 80 25 78 51 fa c5 1b 8c c3 b5 0b 29
---
Certificate chain
 0 s:/C=UK/ST=London/L=London/OU=IT/O=LSEG/CN=senal
   i:/C=UK/ST=London/L=London/O=LSEG/OU=IT/CN=senal/emailAddress=lseg@lseg.com
 1 s:/C=UK/ST=London/L=London/O=LSEG/OU=IT/CN=senal/emailAddress=lseg@lseg.com
   i:/C=UK/ST=London/L=London/O=LSEG/OU=IT/CN=senal/emailAddress=lseg@lseg.com
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDZTCCAs4CCQCBGLl981fm/TANBgkqhkiG9w0BAQUFADB5MQswCQYDVQQGEwJV
SzEPMA0GA1UECBMGTG9uZG9uMQ8wDQYDVQQHEwZMb25kb24xDTALBgNVBAoTBExT
RUcxCzAJBgNVBAsTAklUMQ4wDAYDVQQDEwVzZW5hbDEcMBoGCSqGSIb3DQEJARYN
bHNlZ0Bsc2VnLmNvbTAeFw0xOTA3MDkwNTQ5NDFaFw0yMDA3MDgwNTQ5NDFaMFsx
CzAJBgNVBAYTAlVLMQ8wDQYDVQQIEwZMb25kb24xDzANBgNVBAcTBkxvbmRvbjEL
MAkGA1UECxMCSVQxDTALBgNVBAoTBExTRUcxDjAMBgNVBAMTBXNlbmFsMIIBuDCC
ASwGByqGSM44BAEwggEfAoGBAP1/U4EddRIpUt9KnC7s5Of2EbdSPO9EAMMeP4C2
USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7gB00b/JmYLdrmVClpJ+f6AR7ECLC
T7up1/63xhv4O1fnxqimFQ8E+4P208UewwI1VBNaFpEy9nXzrith1yrv8iIDGZ3R
SAHHAhUAl2BQjxUjC8yykrmCouuEC/BYHPUCgYEA9+GghdabPd7LvKtcNrhXuXmU
r7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3zwkyjMim4TwW
eotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKL
Zl6Ae1UlZAFMO/7PSSoDgYUAAoGBANAp1+jBwHTwdmSKcYiCBKAVCVrpxxI5ZzRS
cV907ELeqgdlq0MhmCjYTWLzQIDmrbwG0+VB7SXrGmhgrbfJoFs2rF/eABBuKNTm
aVRAF0q4Ht+LBeM0Ymtv0DD+OwcAPWiUS8BphNGsycbU3QRxqe8f7/0oZj/J+g2m
EfWY01k/MA0GCSqGSIb3DQEBBQUAA4GBAHJ9T0q9OlCQ5poT935wTKv2rTNDbx49
Z7rVp21RBdf+dUAyGTgaAO06Gs9ktqA4XQhdxCA3R8XKiSJkQp2U9j62mo/25YAh
zLDzjKquBt19GenEREKEEjnNgQPU8dF3Tw99Xj99N/oXn4fnhLe9QB7ocxt+IBKu
y42//hSW4xV6
-----END CERTIFICATE-----
subject=/C=UK/ST=London/L=London/OU=IT/O=LSEG/CN=senal
issuer=/C=UK/ST=London/L=London/O=LSEG/OU=IT/CN=senal/emailAddress=lseg@lseg.com
---
Acceptable client certificate CA names
/C=UK/ST=London/L=London/O=LSEG/OU=IT/CN=senal/emailAddress=lseg@lseg.com
---
SSL handshake has read 2336 bytes and written 1339 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-DSS-AES256-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-DSS-AES256-SHA
    Session-ID: 5D24CD2DEBEC23F1D7B74C624D0DDD25FF380FCB0FFFCD0ED99E8B7B1D6CF4ED
    Session-ID-ctx: 
    Master-Key: 5002A628AE61DFCB6B649C9BAA5E2F7FF85C6780102EC2A7E63B2495EC9730CE0F2478F001EE30BED6812E65BD8DFE66
    Key-Arg   : None
    Start Time: 1562692909
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
---
write to 0x696e00 [0x6a1aa0] (74 bytes => 74 (0x4A))
0000 - 17 03 01 00 20 33 56 f1-ad ca 81 1d 72 10 5e c6   .... 3V.....r.^.
0010 - 4e 31 5a f2 75 93 44 7f-dc 12 9f c5 48 04 3a 68   N1Z.u.D.....H.:h
0020 - bb 4a 9e 2a 3a 17 03 01-00 20 47 31 99 5c 48 0e   .J.*:.... G1.\H.
0030 - e2 6e 4e 44 54 2e 6f 55-dd 6e 68 3a a7 f8 ae 77   .nNDT.oU.nh:...w
0040 - 48 81 31 b6 f0 cc 48 32-a0 b2                     H.1...H2..
write to 0x696e00 [0x6a1aa0] (74 bytes => 74 (0x4A))
0000 - 17 03 01 00 20 e7 7f e7-dd d5 aa 47 84 3f 8e a6   .... ......G.?..
0010 - 10 98 2c 86 ad 6c 35 e0-78 12 0d d2 0c 86 c8 62   ..,..l5.x......b
0020 - e2 fb a7 80 5a 17 03 01-00 20 1e 31 42 5b b4 d0   ....Z.... .1B[..
0030 - 5b e7 9a f3 d8 98 c4 e7-f2 90 79 5a c1 21 41 ac   [.........yZ.!A.
0040 - 3a 8b 26 a5 38 38 0a c1-d3 50                     :.&.88...P
write to 0x696e00 [0x6a1aa0] (74 bytes => 74 (0x4A))
0000 - 17 03 01 00 20 ee fc 8b-24 a7 10 05 d9 df cb cf   .... ...$.......
0010 - cf 44 69 0c dd ba 7e 28-f7 09 c3 53 c7 2a ef 54   .Di...~(...S.*.T
0020 - a0 b6 f3 14 b3 17 03 01-00 20 ef 73 35 76 5b 29   ......... .s5v[)
0030 - 33 fe 69 b6 64 cc 97 dd-bd f2 c1 e3 3d 06 d1 ad   3.i.d.......=...
0040 - e9 84 a2 90 12 0d 13 5e-5b 65                     .......^[e
write to 0x696e00 [0x6a1aa0] (74 bytes => 74 (0x4A))
0000 - 17 03 01 00 20 6e 08 a2-54 65 ce 7c 00 fb 82 63   .... n..Te.|...c
0010 - ae 49 1c 36 5d 26 e0 a3-59 82 51 f4 ae 00 21 ed   .I.6]&..Y.Q...!.
0020 - 56 27 9a fe 78 17 03 01-00 20 b4 43 c2 57 ce e9   V'..x.... .C.W..
0030 - 16 e1 8a 92 80 ad 61 c0-18 0b a8 d2 1c 67 9b a3   ......a......g..
0040 - b8 83 83 90 c2 ed e2 89-f8 0d                     ..........
read from 0x696e00 [0x69d290] (5 bytes => 5 (0x5))
0000 - 15 03 01                                          ...
0005 - <SPACES/NULS>
read from 0x696e00 [0x69d295] (32 bytes => 32 (0x20))
0000 - dd 69 6a 47 c6 9e 39 02-7a c1 9b da 2a 5a 4c 75   .ijG..9.z...*ZLu
0010 - 93 ba 86 36 30 10 43 95-c7 9c 98 52 5a a8 2e f7   ...60.C....RZ...
<<< TLS 1.0 Alert [length 0002], warning close_notify
    01 00
closed
write to 0x696e00 [0x6a1aa0] (37 bytes => 37 (0x25))
0000 - 15 03 01 00 20 67 2a bf-08 3f 1d 8a 3f 01 8e 05   .... g*..?..?...
0010 - 1c 72 5d 2a ef 96 45 37-75 46 7d 6f 4b 9f 38 47   .r]*..E7uF}oK.8G
0020 - 88 5a e5 a3 b9                                    .Z...
>>> TLS 1.0 Alert [length 0002], warning close_notify
    01 00

Here I need to specify the protocol that the communication would happen. If I don't specify the protocol its output would be as below,

openssl s_client -debug -msg -connect 172.25.31.42:26307  -CAfile $SYSTEM_CONFIGS/MHV/ca-cert -key $SYSTEM_CONFIGS/MHV/producer_client.key -pass "pass:abc123" -cert $SYSTEM_CONFIGS/MHV/producer_client.pem

CONNECTED(00000003)
write to 0x696e10 [0x697d40] (139 bytes => 139 (0x8B))
0000 - 80 89 01 03 01 00 60 00-00 00 20 00 00 39 00 00   ......`... ..9..
0010 - 38 00 00 35 00 00 88 00-00 87 00 00 84 00 00 16   8..5............
0020 - 00 00 13 00 00 0a 07 00-c0 00 00 33 00 00 32 00   ...........3..2.
0030 - 00 2f 00 00 45 00 00 44-00 00 41 03 00 80 00 00   ./..E..D..A.....
0040 - 05 00 00 04 01 00 80 00-00 15 00 00 12 00 00 09   ................
0050 - 06 00 40 00 00 14 00 00-11 00 00 08 00 00 06 04   ..@.............
0060 - 00 80 00 00 03 02 00 80-00 00 ff f5 99 fc 8d ca   ................
0070 - 6e e0 b8 23 d3 35 3d b9-9a 34 7a 12 93 14 b6 e5   n..#.5=..4z.....
0080 - 97 6d 0c f6 3a de c3 7a-88 bd d9                  .m..:..z...
>>> SSL 2.0 [length 0089], CLIENT-HELLO
    01 03 01 00 60 00 00 00 20 00 00 39 00 00 38 00
    00 35 00 00 88 00 00 87 00 00 84 00 00 16 00 00
    13 00 00 0a 07 00 c0 00 00 33 00 00 32 00 00 2f
    00 00 45 00 00 44 00 00 41 03 00 80 00 00 05 00
    00 04 01 00 80 00 00 15 00 00 12 00 00 09 06 00
    40 00 00 14 00 00 11 00 00 08 00 00 06 04 00 80
    00 00 03 02 00 80 00 00 ff f5 99 fc 8d ca 6e e0
    b8 23 d3 35 3d b9 9a 34 7a 12 93 14 b6 e5 97 6d
    0c f6 3a de c3 7a 88 bd d9
read from 0x696e10 [0x69d2a0] (7 bytes => 7 (0x7))
0000 - 15 03 03 00 02 02 0a                              .......
28921:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:601:

Please advise on this.

edenhill commented 5 years ago

Might be related (upgrade openssl): https://github.com/edenhill/librdkafka/issues/408#issuecomment-255922894

What OS are you on? What openssl version?

senalw commented 5 years ago

Might be related (upgrade openssl): #408 (comment)

What OS are you on? What openssl version?

Hi,

librdkafka version :- 1.1.0 OS version :- suse 11

OpenSSL version:-

openssl
OpenSSL> version
OpenSSL 0.9.8j-fips 07 Jan 2009
OpenSSL>

Linked libraries

    linux-vdso.so.1 =>  (0x00007ffcf87a2000)
    librdkafka.so.1 => /x01/devft/libs/librdkafka.so.1 (0x00007f81f77c7000)
    librdkafka++.so.1 => /x01/devft/libs/librdkafka++.so.1 (0x00007f81f75a3000)
    libavrocpp.so.1.8.3-SNAPSHOT.0 => /x01/devft/libs/libavrocpp.so.1.8.3-SNAPSHOT.0 (0x00007f81f72a3000)
    librdmacm.so.1 => /usr/lib64/librdmacm.so.1 (0x00007f81f707a000)
    libibverbs.so.1 => /usr/lib64/libibverbs.so.1 (0x00007f81f6e62000)
    libxml2.so.2 => /usr/lib64/libxml2.so.2 (0x00007f81f6b06000)
    libboost_date_time.so.1.59.0 => /x01/devft/libs/libboost_date_time.so.1.59.0 (0x00007f81f68f1000)
    libboost_filesystem.so.1.59.0 => /x01/devft/libs/libboost_filesystem.so.1.59.0 (0x00007f81f66da000)
    libboost_system.so.1.59.0 => /x01/devft/libs/libboost_system.so.1.59.0 (0x00007f81f64d6000)
    libboost_serialization.so.1.59.0 => /x01/devft/libs/libboost_serialization.so.1.59.0 (0x00007f81f6283000)
    libboost_thread.so.1.59.0 => /x01/devft/libs/libboost_thread.so.1.59.0 (0x00007f81f6060000)
    libboost_chrono.so.1.59.0 => /x01/devft/libs/libboost_chrono.so.1.59.0 (0x00007f81f5e58000)
    libclntsh.so.12.1 => /x01/app/oracle/product/12.1.0.2/client_1/lib/libclntsh.so.12.1 (0x00007f81f2e6e000)
    libnnz12.so => /x01/app/oracle/product/12.1.0.2/client_1/lib/libnnz12.so (0x00007f81f2764000)
    libgtest.so.0 => /x01/devft/libs/libgtest.so.0 (0x00007f81f24d5000)
    libz.so.1 => /lib64/libz.so.1 (0x00007f81f22be000)
    libssl.so.0.9.8 => /usr/lib64/libssl.so.0.9.8 (0x00007f81f2068000)
    libcrypto.so.0.9.8 => /usr/lib64/libcrypto.so.0.9.8 (0x00007f81f1cc9000)
    libnsl.so.1 => /lib64/libnsl.so.1 (0x00007f81f1ab0000)
    librt.so.1 => /lib64/librt.so.1 (0x00007f81f18a7000)
    libdl.so.2 => /lib64/libdl.so.2 (0x00007f81f16a3000)
    libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007f81f1467000)
    libnuma.so.1 => /usr/lib64/libnuma.so.1 (0x00007f81f125e000)
    libstdc++.so.6 => /x01/devft/libs/libstdc++.so.6 (0x00007f81f0f46000)
    libm.so.6 => /lib64/libm.so.6 (0x00007f81f0ccc000)
    libgcc_s.so.1 => /x01/devft/libs/libgcc_s.so.1 (0x00007f81f0ab5000)
    libc.so.6 => /lib64/libc.so.6 (0x00007f81f073e000)
    /lib64/ld-linux-x86-64.so.2 (0x00007f81f7ac1000)
    libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f81f0520000)
    libboost_filesystem.so.1.67.0 => /x01/devft/libs/libboost_filesystem.so.1.67.0 (0x00007f81f0307000)
    libboost_system.so.1.67.0 => /x01/devft/libs/libboost_system.so.1.67.0 (0x00007f81f0103000)
    libboost_program_options.so.1.67.0 => /x01/devft/libs/libboost_program_options.so.1.67.0 (0x00007f81efe98000)
    libboost_iostreams.so.1.67.0 => /x01/devft/libs/libboost_iostreams.so.1.67.0 (0x00007f81efc7d000)
    libnl.so.1 => /lib64/libnl.so.1 (0x00007f81efa2b000)
    libmql1.so => /x01/app/oracle/product/12.1.0.2/client_1/lib/libmql1.so (0x00007f81ef7b4000)
    libipc1.so => /x01/app/oracle/product/12.1.0.2/client_1/lib/libipc1.so (0x00007f81ef436000)
    libons.so => /x01/app/oracle/product/12.1.0.2/client_1/lib/libons.so (0x00007f81ef1f0000)
    libaio.so.1 => /lib64/libaio.so.1 (0x00007f81eefee000)
    libclntshcore.so.12.1 => /x01/app/oracle/product/12.1.0.2/client_1/lib/libclntshcore.so.12.1 (0x00007f81eea76000)

edenhill commented 5 years ago

openssl 0.9.8 is 10 years old. librdkafka requires openssl 1.0.1 or later.

confluentinc / librdkafka

Using-SSL-with-librdkafka #2357

Description

Checklist

update:

Extract signed client certificate

Extract client key