AndreaPateru
commented
1 month ago Here are verbose logs from the OpenSSL side To me, it seems like it really receives gibberish data
Under TLS1.2 everything works as expected
$ openssl s_server -key server-new.priv -cert server-new.crt -CAfile client-new.crt -verify 2 -trace -no_tls1_3 -accept 9000
verify depth is 2
Using default temp DH parameters
ACCEPT
Received Record
Header:
Version = TLS 1.2 (0x303)
Content Type = Handshake (22)
Length = 187
ClientHello, Length=183
client_version=0x303 (TLS 1.2)
Random:
gmt_unix_time=0x66E92455
random_bytes (len=28): 8995D56F9D5831697EE0C51777BB0A0BC616AF512F13EE1D26773A3B
session_id (len=0):
cipher_suites (len=20)
{0x13, 0x01} TLS_AES_128_GCM_SHA256
{0x13, 0x04} TLS_AES_128_CCM_SHA256
{0x13, 0x05} TLS_AES_128_CCM_8_SHA256
{0xC0, 0x2B} TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
{0xC0, 0x2F} TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
{0xC0, 0x23} TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
{0xC0, 0x27} TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
{0x00, 0x9C} TLS_RSA_WITH_AES_128_GCM_SHA256
{0x00, 0x3D} TLS_RSA_WITH_AES_256_CBC_SHA256
{0x00, 0x3C} TLS_RSA_WITH_AES_128_CBC_SHA256
compression_methods (len=1)
No Compression (0x00)
extensions, length = 122
extension_type=supported_groups(10), length=8
secp256r1 (P-256) (23)
secp384r1 (P-384) (24)
secp521r1 (P-521) (25)
extension_type=ec_point_formats(11), length=2
uncompressed (0)
extension_type=supported_versions(43), length=5
TLS 1.3 (772)
TLS 1.2 (771)
extension_type=key_share(51), length=71
NamedGroup: secp256r1 (P-256) (23)
key_exchange: (len=65): 04A6342F2B5920ED167B1EAF11849DA511735FA70797FFA46EDE7EB30F8900AF601D930E5F9C199EFE8624B4A430D13628243BD12F6B21FC539B476D1A2A9C5A40
extension_type=signature_algorithms(13), length=16
ecdsa_secp256r1_sha256 (0x0403)
ecdsa_secp384r1_sha384 (0x0503)
ecdsa_secp521r1_sha512 (0x0603)
rsa_pkcs1_sha256 (0x0401)
rsa_pkcs1_sha384 (0x0501)
rsa_pkcs1_sha512 (0x0601)
ecdsa_sha224 (0x0303)
Sent Record
Header:
Version = TLS 1.2 (0x303)
Content Type = Handshake (22)
Length = 84
ServerHello, Length=80
server_version=0x303 (TLS 1.2)
Random:
gmt_unix_time=0x4AB3C6A2
random_bytes (len=28): AC10B882233B01BE6EE847A1E0034BF06E6D71B39722764E787C450E
session_id (len=32): 5EB07BEFF8E19739A29720897B71349CFDD4799C9DB947ABE8C800AA3F5B1389
cipher_suite {0xC0, 0x2B} TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
compression_method: No Compression (0x00)
extensions, length = 8
extension_type=ec_point_formats(11), length=4
uncompressed (0)
ansiX962_compressed_prime (1)
ansiX962_compressed_char2 (2)
Sent Record
Header:
Version = TLS 1.2 (0x303)
Content Type = Handshake (22)
Length = 661
Certificate, Length=657
certificate_list, length=654
ASN.1Cert, length=651
------details-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
79:9a:0e:08:dc:14:22:09:63:a0:bb:05:d3:a6:1e:7d:d7:60:28:85
Signature Algorithm: ecdsa-with-SHA256
Issuer: CN = .local, O = Schneider Electric Industries SAS, OU = Global Operations, L = Rueil Malmaison, ST = Ile-de-France, C = FR
Validity
Not Before: Sep 16 17:47:23 2024 GMT
Not After : Sep 14 17:47:23 2034 GMT
Subject: CN = .local, O = Schneider Electric Industries SAS, OU = Global Operations, L = Rueil Malmaison, ST = Ile-de-France, C = FR
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:ba:0c:6f:92:93:7f:da:61:e7:ee:fa:85:38:32:
06:19:df:d2:10:11:df:fc:40:16:00:c1:75:c9:9d:
14:3b:45:b9:f3:3c:ad:6d:5d:37:43:f4:29:21:47:
a9:35:87:79:e1:15:b8:19:61:62:d2:13:9b:68:2f:
d8:9b:2d:92:ed
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Subject Key Identifier:
F2:B9:F0:2A:2F:CB:38:45:E8:C1:3C:D9:CC:D4:E4:57:42:DD:D7:4E
X509v3 Authority Key Identifier:
F2:B9:F0:2A:2F:CB:38:45:E8:C1:3C:D9:CC:D4:E4:57:42:DD:D7:4E
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: ecdsa-with-SHA256
Signature Value:
30:45:02:20:38:99:18:e5:31:b0:a2:98:e9:c1:01:3e:94:68:
25:5f:4d:96:a5:13:9f:eb:4a:2e:39:73:94:73:64:d8:00:4b:
02:21:00:bc:9a:69:16:bc:d8:f8:1d:4c:00:70:87:2a:e1:e5:
d5:31:58:3a:98:9d:5e:24:00:ee:78:1b:c9:06:88:c0:f2
-----BEGIN CERTIFICATE-----
MIIChzCCAi2gAwIBAgIUeZoOCNwUIgljoLsF06YefddgKIUwCgYIKoZIzj0EAwIw
gZgxDzANBgNVBAMMBi5sb2NhbDEqMCgGA1UECgwhU2NobmVpZGVyIEVsZWN0cmlj
IEluZHVzdHJpZXMgU0FTMRowGAYDVQQLDBFHbG9iYWwgT3BlcmF0aW9uczEYMBYG
A1UEBwwPUnVlaWwgTWFsbWFpc29uMRYwFAYDVQQIDA1JbGUtZGUtRnJhbmNlMQsw
CQYDVQQGEwJGUjAeFw0yNDA5MTYxNzQ3MjNaFw0zNDA5MTQxNzQ3MjNaMIGYMQ8w
DQYDVQQDDAYubG9jYWwxKjAoBgNVBAoMIVNjaG5laWRlciBFbGVjdHJpYyBJbmR1
c3RyaWVzIFNBUzEaMBgGA1UECwwRR2xvYmFsIE9wZXJhdGlvbnMxGDAWBgNVBAcM
D1J1ZWlsIE1hbG1haXNvbjEWMBQGA1UECAwNSWxlLWRlLUZyYW5jZTELMAkGA1UE
BhMCRlIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAS6DG+Sk3/aYefu+oU4MgYZ
39IQEd/8QBYAwXXJnRQ7RbnzPK1tXTdD9CkhR6k1h3nhFbgZYWLSE5toL9ibLZLt
o1MwUTAdBgNVHQ4EFgQU8rnwKi/LOEXowTzZzNTkV0Ld104wHwYDVR0jBBgwFoAU
8rnwKi/LOEXowTzZzNTkV0Ld104wDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQD
AgNIADBFAiA4mRjlMbCimOnBAT6UaCVfTZalE5/rSi45c5RzZNgASwIhALyaaRa8
2PgdTABwhyrh5dUxWDqYnV4kAO54G8kGiMDy
-----END CERTIFICATE-----
------------------
Sent Record
Header:
Version = TLS 1.2 (0x303)
Content Type = Handshake (22)
Length = 148
ServerKeyExchange, Length=144
KeyExchangeAlgorithm=ECDHE
named_curve: secp256r1 (P-256) (23)
point (len=65): 044D2C1189B8DB8C621EDB2336CF307843E7EB04B664277D2F3F65A195B0D24FF5DD8F501E0AE62F11691E0B02491D215D5847CAF73A4B450669203FB0399A0BE0
Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)
Signature (len=71): 3045022069F1015C0450D9616D804D1A2AD11DB0274CABEADF5C357868ABABA543D3035202210096EC6318BD70128FAC63C13FD4C057FB36A16C46B42D8023E0E41D89D3E609AD
Sent Record
Header:
Version = TLS 1.2 (0x303)
Content Type = Handshake (22)
Length = 209
CertificateRequest, Length=205
certificate_types (len=3)
rsa_sign (1)
dss_sign (2)
ecdsa_sign (64)
signature_algorithms (len=40)
ecdsa_secp256r1_sha256 (0x0403)
ecdsa_secp384r1_sha384 (0x0503)
ecdsa_secp521r1_sha512 (0x0603)
ed25519 (0x0807)
ed448 (0x0808)
rsa_pss_pss_sha256 (0x0809)
rsa_pss_pss_sha384 (0x080a)
rsa_pss_pss_sha512 (0x080b)
rsa_pss_rsae_sha256 (0x0804)
rsa_pss_rsae_sha384 (0x0805)
rsa_pss_rsae_sha512 (0x0806)
rsa_pkcs1_sha256 (0x0401)
rsa_pkcs1_sha384 (0x0501)
rsa_pkcs1_sha512 (0x0601)
ecdsa_sha224 (0x0303)
rsa_pkcs1_sha224 (0x0301)
dsa_sha224 (0x0302)
dsa_sha256 (0x0402)
dsa_sha384 (0x0502)
dsa_sha512 (0x0602)
certificate_authorities (len=157)
DistinguishedName (len=155): CN = .local, O = Schneider Electric Industries SAS, OU = Global Operations, L = Rueil Malmaison, ST = Ile-de-France, C = FR
Sent Record
Header:
Version = TLS 1.2 (0x303)
Content Type = Handshake (22)
Length = 4
ServerHelloDone, Length=0
Received Record
Header:
Version = TLS 1.2 (0x303)
Content Type = Handshake (22)
Length = 660
Certificate, Length=656
certificate_list, length=653
ASN.1Cert, length=650
------details-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4a:dc:5d:19:07:ba:f6:7a:c0:a0:5f:b1:da:69:e1:08:4e:8e:c6:ec
Signature Algorithm: ecdsa-with-SHA256
Issuer: CN = .local, O = Schneider Electric Industries SAS, OU = Global Operations, L = Rueil Malmaison, ST = Ile-de-France, C = FR
Validity
Not Before: Sep 16 17:47:13 2024 GMT
Not After : Sep 14 17:47:13 2034 GMT
Subject: CN = .local, O = Schneider Electric Industries SAS, OU = Global Operations, L = Rueil Malmaison, ST = Ile-de-France, C = FR
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:c6:b4:a6:a1:7a:7e:df:80:4f:55:83:ee:b6:4c:
e4:af:71:a9:02:66:6a:f9:de:89:84:a1:e3:90:04:
f8:7e:21:a7:48:42:59:5c:4d:3f:66:e6:e4:c6:33:
82:e5:0d:45:29:28:38:eb:48:23:a9:c3:c2:56:4a:
be:6e:7f:6b:d8
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Subject Key Identifier:
AC:5E:2E:B5:E9:BC:71:42:F3:0A:BE:BE:E1:D6:2E:69:7B:75:A3:10
X509v3 Authority Key Identifier:
AC:5E:2E:B5:E9:BC:71:42:F3:0A:BE:BE:E1:D6:2E:69:7B:75:A3:10
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: ecdsa-with-SHA256
Signature Value:
30:44:02:20:5c:43:d5:a9:e3:b1:77:b9:82:e7:f2:ff:b6:3a:
40:c2:66:70:51:e7:35:2f:48:2c:19:74:2c:e1:f5:5f:24:09:
02:20:15:71:a9:21:4d:9c:3b:fb:57:90:65:97:63:0c:f8:4e:
53:e3:82:af:2c:d1:b1:17:0d:29:f0:c3:29:b0:8c:6c
-----BEGIN CERTIFICATE-----
MIIChjCCAi2gAwIBAgIUStxdGQe69nrAoF+x2mnhCE6OxuwwCgYIKoZIzj0EAwIw
gZgxDzANBgNVBAMMBi5sb2NhbDEqMCgGA1UECgwhU2NobmVpZGVyIEVsZWN0cmlj
IEluZHVzdHJpZXMgU0FTMRowGAYDVQQLDBFHbG9iYWwgT3BlcmF0aW9uczEYMBYG
A1UEBwwPUnVlaWwgTWFsbWFpc29uMRYwFAYDVQQIDA1JbGUtZGUtRnJhbmNlMQsw
CQYDVQQGEwJGUjAeFw0yNDA5MTYxNzQ3MTNaFw0zNDA5MTQxNzQ3MTNaMIGYMQ8w
DQYDVQQDDAYubG9jYWwxKjAoBgNVBAoMIVNjaG5laWRlciBFbGVjdHJpYyBJbmR1
c3RyaWVzIFNBUzEaMBgGA1UECwwRR2xvYmFsIE9wZXJhdGlvbnMxGDAWBgNVBAcM
D1J1ZWlsIE1hbG1haXNvbjEWMBQGA1UECAwNSWxlLWRlLUZyYW5jZTELMAkGA1UE
BhMCRlIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATGtKahen7fgE9Vg+62TOSv
cakCZmr53omEoeOQBPh+IadIQllcTT9m5uTGM4LlDUUpKDjrSCOpw8JWSr5uf2vY
o1MwUTAdBgNVHQ4EFgQUrF4utem8cULzCr6+4dYuaXt1oxAwHwYDVR0jBBgwFoAU
rF4utem8cULzCr6+4dYuaXt1oxAwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQD
AgNHADBEAiBcQ9Wp47F3uYLn8v+2OkDCZnBR5zUvSCwZdCzh9V8kCQIgFXGpIU2c
O/tXkGWXYwz4TlPjgq8s0bEXDSnwwymwjGw=
-----END CERTIFICATE-----
------------------
depth=0 CN = .local, O = Schneider Electric Industries SAS, OU = Global Operations, L = Rueil Malmaison, ST = Ile-de-France, C = FR
verify return:1
Received Record
Header:
Version = TLS 1.2 (0x303)
Content Type = Handshake (22)
Length = 70
ClientKeyExchange, Length=66
KeyExchangeAlgorithm=ECDHE
ecdh_Yc (len=65): 042B1D935F0D94EF7C0A4DE9265F068088E89311FD7C5D314157A45D7204AE97A5F0FD565D7CEF923CD0759A8C34434000D1461F0BEDD320B4DBB00D6D2F321E5A
Received Record
Header:
Version = TLS 1.2 (0x303)
Content Type = Handshake (22)
Length = 78
CertificateVerify, Length=74
Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)
Signature (len=70): 3044022073342DB77C9641EDC92CE6C6FCC913FC3AC66D89FAC0753A6243BF8EE225078D022016F978D5DB84F1D64CC19179B30644B5AB62618D8190263CB6FDFBEAB8B8FC42
Received Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ChangeCipherSpec (20)
Length = 1
Received Record
Header:
Version = TLS 1.2 (0x303)
Content Type = Handshake (22)
Length = 40
Finished, Length=12
verify_data (len=12): 5763D6B3D8E57BAC9C666F09
Sent Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ChangeCipherSpec (20)
Length = 1
change_cipher_spec (1)
Sent Record
Header:
Version = TLS 1.2 (0x303)
Content Type = Handshake (22)
Length = 40
Finished, Length=12
verify_data (len=12): 3DD77479769A18A1AC41D85E
-----BEGIN SSL SESSION PARAMETERS-----
MIIDCAIBAQICAwMEAsArBCBesHvv+OGXOaKXIIl7cTSc/dR5nJ25R6voyACqP1sT
iQQwMtabpzNc/0di/FHmTHAL8/IrHF0VUO3IFm0GlHlpVy3MQw3ne7TTDW+/PvsO
Q5CSoQYCBGbqoymiBAICHCCjggKKMIIChjCCAi2gAwIBAgIUStxdGQe69nrAoF+x
2mnhCE6OxuwwCgYIKoZIzj0EAwIwgZgxDzANBgNVBAMMBi5sb2NhbDEqMCgGA1UE
CgwhU2NobmVpZGVyIEVsZWN0cmljIEluZHVzdHJpZXMgU0FTMRowGAYDVQQLDBFH
bG9iYWwgT3BlcmF0aW9uczEYMBYGA1UEBwwPUnVlaWwgTWFsbWFpc29uMRYwFAYD
VQQIDA1JbGUtZGUtRnJhbmNlMQswCQYDVQQGEwJGUjAeFw0yNDA5MTYxNzQ3MTNa
Fw0zNDA5MTQxNzQ3MTNaMIGYMQ8wDQYDVQQDDAYubG9jYWwxKjAoBgNVBAoMIVNj
aG5laWRlciBFbGVjdHJpYyBJbmR1c3RyaWVzIFNBUzEaMBgGA1UECwwRR2xvYmFs
IE9wZXJhdGlvbnMxGDAWBgNVBAcMD1J1ZWlsIE1hbG1haXNvbjEWMBQGA1UECAwN
SWxlLWRlLUZyYW5jZTELMAkGA1UEBhMCRlIwWTATBgcqhkjOPQIBBggqhkjOPQMB
BwNCAATGtKahen7fgE9Vg+62TOSvcakCZmr53omEoeOQBPh+IadIQllcTT9m5uTG
M4LlDUUpKDjrSCOpw8JWSr5uf2vYo1MwUTAdBgNVHQ4EFgQUrF4utem8cULzCr6+
4dYuaXt1oxAwHwYDVR0jBBgwFoAUrF4utem8cULzCr6+4dYuaXt1oxAwDwYDVR0T
AQH/BAUwAwEB/zAKBggqhkjOPQQDAgNHADBEAiBcQ9Wp47F3uYLn8v+2OkDCZnBR
5zUvSCwZdCzh9V8kCQIgFXGpIU2cO/tXkGWXYwz4TlPjgq8s0bEXDSnwwymwjGyk
BgQEAQAAALMDAgEX
-----END SSL SESSION PARAMETERS-----
Client certificate
-----BEGIN CERTIFICATE-----
MIIChjCCAi2gAwIBAgIUStxdGQe69nrAoF+x2mnhCE6OxuwwCgYIKoZIzj0EAwIw
gZgxDzANBgNVBAMMBi5sb2NhbDEqMCgGA1UECgwhU2NobmVpZGVyIEVsZWN0cmlj
IEluZHVzdHJpZXMgU0FTMRowGAYDVQQLDBFHbG9iYWwgT3BlcmF0aW9uczEYMBYG
A1UEBwwPUnVlaWwgTWFsbWFpc29uMRYwFAYDVQQIDA1JbGUtZGUtRnJhbmNlMQsw
CQYDVQQGEwJGUjAeFw0yNDA5MTYxNzQ3MTNaFw0zNDA5MTQxNzQ3MTNaMIGYMQ8w
DQYDVQQDDAYubG9jYWwxKjAoBgNVBAoMIVNjaG5laWRlciBFbGVjdHJpYyBJbmR1
c3RyaWVzIFNBUzEaMBgGA1UECwwRR2xvYmFsIE9wZXJhdGlvbnMxGDAWBgNVBAcM
D1J1ZWlsIE1hbG1haXNvbjEWMBQGA1UECAwNSWxlLWRlLUZyYW5jZTELMAkGA1UE
BhMCRlIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATGtKahen7fgE9Vg+62TOSv
cakCZmr53omEoeOQBPh+IadIQllcTT9m5uTGM4LlDUUpKDjrSCOpw8JWSr5uf2vY
o1MwUTAdBgNVHQ4EFgQUrF4utem8cULzCr6+4dYuaXt1oxAwHwYDVR0jBBgwFoAU
rF4utem8cULzCr6+4dYuaXt1oxAwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQD
AgNHADBEAiBcQ9Wp47F3uYLn8v+2OkDCZnBR5zUvSCwZdCzh9V8kCQIgFXGpIU2c
O/tXkGWXYwz4TlPjgq8s0bEXDSnwwymwjGw=
-----END CERTIFICATE-----
subject=CN = .local, O = Schneider Electric Industries SAS, OU = Global Operations, L = Rueil Malmaison, ST = Ile-de-France, C = FR
issuer=CN = .local, O = Schneider Electric Industries SAS, OU = Global Operations, L = Rueil Malmaison, ST = Ile-de-France, C = FR
Shared ciphers:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256
Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224
Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224
Peer signing digest: SHA256
Peer signature type: ECDSA
Supported Elliptic Curve Point Formats: uncompressed
Supported groups: secp256r1:secp384r1:secp521r1
Shared groups: secp256r1:secp384r1:secp521r1
CIPHER is ECDHE-ECDSA-AES128-GCM-SHA256
Secure Renegotiation IS NOT supported
Received Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ApplicationData (23)
Length = 212
GET / HTTP/1.1
Host: wss://10.6.6.23:9000
Upgrade: websocket
Connection: UpgradeBut in TLS1.3 mode it seems that something really goes wrong
$ openssl s_server -key server-new.priv -cert server-new.crt -CAfile client-new.crt -verify 2 -trace -accept 9000
verify depth is 2
Using default temp DH parameters
ACCEPT
Received Record
Header:
Version = TLS 1.2 (0x303)
Content Type = Handshake (22)
Length = 187
ClientHello, Length=183
client_version=0x303 (TLS 1.2)
Random:
gmt_unix_time=0x66E92455
random_bytes (len=28): 8995D56F9D5831697EE0C51777BB0A0BC616AF512F13EE1D26773A3B
session_id (len=0):
cipher_suites (len=20)
{0x13, 0x01} TLS_AES_128_GCM_SHA256
{0x13, 0x04} TLS_AES_128_CCM_SHA256
{0x13, 0x05} TLS_AES_128_CCM_8_SHA256
{0xC0, 0x2B} TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
{0xC0, 0x2F} TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
{0xC0, 0x23} TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
{0xC0, 0x27} TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
{0x00, 0x9C} TLS_RSA_WITH_AES_128_GCM_SHA256
{0x00, 0x3D} TLS_RSA_WITH_AES_256_CBC_SHA256
{0x00, 0x3C} TLS_RSA_WITH_AES_128_CBC_SHA256
compression_methods (len=1)
No Compression (0x00)
extensions, length = 122
extension_type=supported_groups(10), length=8
secp256r1 (P-256) (23)
secp384r1 (P-384) (24)
secp521r1 (P-521) (25)
extension_type=ec_point_formats(11), length=2
uncompressed (0)
extension_type=supported_versions(43), length=5
TLS 1.3 (772)
TLS 1.2 (771)
extension_type=key_share(51), length=71
NamedGroup: secp256r1 (P-256) (23)
key_exchange: (len=65): 04A6342F2B5920ED167B1EAF11849DA511735FA70797FFA46EDE7EB30F8900AF601D930E5F9C199EFE8624B4A430D13628243BD12F6B21FC539B476D1A2A9C5A40
extension_type=signature_algorithms(13), length=16
ecdsa_secp256r1_sha256 (0x0403)
ecdsa_secp384r1_sha384 (0x0503)
ecdsa_secp521r1_sha512 (0x0603)
rsa_pkcs1_sha256 (0x0401)
rsa_pkcs1_sha384 (0x0501)
rsa_pkcs1_sha512 (0x0601)
ecdsa_sha224 (0x0303)
Sent Record
Header:
Version = TLS 1.2 (0x303)
Content Type = Handshake (22)
Length = 123
ServerHello, Length=119
server_version=0x303 (TLS 1.2)
Random:
gmt_unix_time=0x9B6A4850
random_bytes (len=28): 94583727622853D031969068BF839543D2C7BEC47C722A39502E3DDF
session_id (len=0):
cipher_suite {0x13, 0x01} TLS_AES_128_GCM_SHA256
compression_method: No Compression (0x00)
extensions, length = 79
extension_type=supported_versions(43), length=2
TLS 1.3 (772)
extension_type=key_share(51), length=69
NamedGroup: secp256r1 (P-256) (23)
key_exchange: (len=65): 045B1B5ECCAB185A15D3B52DE56A30185CA867925E3EA4075489F078FE613BCEBE5CD2F3A73B45C2BDFE1A88C43840D9A8602212E738825D4733C931F1F1026DEF
Sent Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ChangeCipherSpec (20)
Length = 1
change_cipher_spec (1)
Sent Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ApplicationData (23)
Length = 49
Inner Content Type = Handshake (22)
EncryptedExtensions, Length=28
extensions, length = 26
extension_type=supported_groups(10), length=22
ecdh_x25519 (29)
secp256r1 (P-256) (23)
ecdh_x448 (30)
secp521r1 (P-521) (25)
secp384r1 (P-384) (24)
ffdhe2048 (256)
ffdhe3072 (257)
ffdhe4096 (258)
ffdhe6144 (259)
ffdhe8192 (260)
Sent Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ApplicationData (23)
Length = 225
Inner Content Type = Handshake (22)
CertificateRequest, Length=204
request_context (len=0):
extensions, length = 201
extension_type=signature_algorithms(13), length=34
ecdsa_secp256r1_sha256 (0x0403)
ecdsa_secp384r1_sha384 (0x0503)
ecdsa_secp521r1_sha512 (0x0603)
ed25519 (0x0807)
ed448 (0x0808)
rsa_pss_pss_sha256 (0x0809)
rsa_pss_pss_sha384 (0x080a)
rsa_pss_pss_sha512 (0x080b)
rsa_pss_rsae_sha256 (0x0804)
rsa_pss_rsae_sha384 (0x0805)
rsa_pss_rsae_sha512 (0x0806)
rsa_pkcs1_sha256 (0x0401)
rsa_pkcs1_sha384 (0x0501)
rsa_pkcs1_sha512 (0x0601)
ecdsa_sha224 (0x0303)
rsa_pkcs1_sha224 (0x0301)
extension_type=certificate_authorities(47), length=159
0000 - 00 9d 00 9b 30 81 98 31-0f 30 0d 06 03 55 04 ....0..1.0...U.
000f - 03 0c 06 2e 6c 6f 63 61-6c 31 2a 30 28 06 03 ....local1*0(..
001e - 55 04 0a 0c 21 53 63 68-6e 65 69 64 65 72 20 U...!Schneider
002d - 45 6c 65 63 74 72 69 63-20 49 6e 64 75 73 74 Electric Indust
003c - 72 69 65 73 20 53 41 53-31 1a 30 18 06 03 55 ries SAS1.0...U
004b - 04 0b 0c 11 47 6c 6f 62-61 6c 20 4f 70 65 72 ....Global Oper
005a - 61 74 69 6f 6e 73 31 18-30 16 06 03 55 04 07 ations1.0...U..
0069 - 0c 0f 52 75 65 69 6c 20-4d 61 6c 6d 61 69 73 ..Rueil Malmais
0078 - 6f 6e 31 16 30 14 06 03-55 04 08 0c 0d 49 6c on1.0...U....Il
0087 - 65 2d 64 65 2d 46 72 61-6e 63 65 31 0b 30 09 e-de-France1.0.
0096 - 06 03 55 04 06 13 02 46-52 ..U....FR
Sent Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ApplicationData (23)
Length = 681
Inner Content Type = Handshake (22)
Certificate, Length=660
context (len=0):
certificate_list, length=656
ASN.1Cert, length=651
------details-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
79:9a:0e:08:dc:14:22:09:63:a0:bb:05:d3:a6:1e:7d:d7:60:28:85
Signature Algorithm: ecdsa-with-SHA256
Issuer: CN = .local, O = Schneider Electric Industries SAS, OU = Global Operations, L = Rueil Malmaison, ST = Ile-de-France, C = FR
Validity
Not Before: Sep 16 17:47:23 2024 GMT
Not After : Sep 14 17:47:23 2034 GMT
Subject: CN = .local, O = Schneider Electric Industries SAS, OU = Global Operations, L = Rueil Malmaison, ST = Ile-de-France, C = FR
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:ba:0c:6f:92:93:7f:da:61:e7:ee:fa:85:38:32:
06:19:df:d2:10:11:df:fc:40:16:00:c1:75:c9:9d:
14:3b:45:b9:f3:3c:ad:6d:5d:37:43:f4:29:21:47:
a9:35:87:79:e1:15:b8:19:61:62:d2:13:9b:68:2f:
d8:9b:2d:92:ed
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Subject Key Identifier:
F2:B9:F0:2A:2F:CB:38:45:E8:C1:3C:D9:CC:D4:E4:57:42:DD:D7:4E
X509v3 Authority Key Identifier:
F2:B9:F0:2A:2F:CB:38:45:E8:C1:3C:D9:CC:D4:E4:57:42:DD:D7:4E
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: ecdsa-with-SHA256
Signature Value:
30:45:02:20:38:99:18:e5:31:b0:a2:98:e9:c1:01:3e:94:68:
25:5f:4d:96:a5:13:9f:eb:4a:2e:39:73:94:73:64:d8:00:4b:
02:21:00:bc:9a:69:16:bc:d8:f8:1d:4c:00:70:87:2a:e1:e5:
d5:31:58:3a:98:9d:5e:24:00:ee:78:1b:c9:06:88:c0:f2
-----BEGIN CERTIFICATE-----
MIIChzCCAi2gAwIBAgIUeZoOCNwUIgljoLsF06YefddgKIUwCgYIKoZIzj0EAwIw
gZgxDzANBgNVBAMMBi5sb2NhbDEqMCgGA1UECgwhU2NobmVpZGVyIEVsZWN0cmlj
IEluZHVzdHJpZXMgU0FTMRowGAYDVQQLDBFHbG9iYWwgT3BlcmF0aW9uczEYMBYG
A1UEBwwPUnVlaWwgTWFsbWFpc29uMRYwFAYDVQQIDA1JbGUtZGUtRnJhbmNlMQsw
CQYDVQQGEwJGUjAeFw0yNDA5MTYxNzQ3MjNaFw0zNDA5MTQxNzQ3MjNaMIGYMQ8w
DQYDVQQDDAYubG9jYWwxKjAoBgNVBAoMIVNjaG5laWRlciBFbGVjdHJpYyBJbmR1
c3RyaWVzIFNBUzEaMBgGA1UECwwRR2xvYmFsIE9wZXJhdGlvbnMxGDAWBgNVBAcM
D1J1ZWlsIE1hbG1haXNvbjEWMBQGA1UECAwNSWxlLWRlLUZyYW5jZTELMAkGA1UE
BhMCRlIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAS6DG+Sk3/aYefu+oU4MgYZ
39IQEd/8QBYAwXXJnRQ7RbnzPK1tXTdD9CkhR6k1h3nhFbgZYWLSE5toL9ibLZLt
o1MwUTAdBgNVHQ4EFgQU8rnwKi/LOEXowTzZzNTkV0Ld104wHwYDVR0jBBgwFoAU
8rnwKi/LOEXowTzZzNTkV0Ld104wDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQD
AgNIADBFAiA4mRjlMbCimOnBAT6UaCVfTZalE5/rSi45c5RzZNgASwIhALyaaRa8
2PgdTABwhyrh5dUxWDqYnV4kAO54G8kGiMDy
-----END CERTIFICATE-----
------------------
No extensions
Sent Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ApplicationData (23)
Length = 97
Inner Content Type = Handshake (22)
CertificateVerify, Length=76
Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)
Signature (len=72): 304602210082964C9673E72D87215BC1849DA8B21AEB1573082C15C497070D1FE52A03AAE102210093B23B3A1E2BBCCE5D31840022AC4F3AE40ED4660D96249C6A868A56DD0548A2
Sent Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ApplicationData (23)
Length = 53
Inner Content Type = Handshake (22)
Finished, Length=32
verify_data (len=32): 9C137ABE570F80121EB79E0DE39C7B873F481BCDC8FFF10E1723C3DCFF06047A
Received Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ApplicationData (23)
Length = 680
Inner Content Type = Handshake (22)
Certificate, Length=659
context (len=0):
certificate_list, length=655
ASN.1Cert, length=650<UNPARSEABLE CERTIFICATE>
<TRAILING GARBAGE AFTER CERTIFICATE>
Message length parse error!
Sent Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ApplicationData (23)
Length = 19
Inner Content Type = Alert (21)
Level=fatal(2), description=decode error(50)
ERROR
408736B2737A0000:error:0680007B:asn1 encoding routines:ASN1_get_object:header too long:../crypto/asn1/asn1_lib.c:105:
408736B2737A0000:error:06800066:asn1 encoding routines:asn1_check_tlen:bad object header:../crypto/asn1/tasn_dec.c:1178:
408736B2737A0000:error:0688010A:asn1 encoding routines:asn1_d2i_ex_primitive:nested asn1 error:../crypto/asn1/tasn_dec.c:752:
408736B2737A0000:error:0688010A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../crypto/asn1/tasn_dec.c:676:Field=issuerUID, Type=X509_CINF
408736B2737A0000:error:0688010A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../crypto/asn1/tasn_dec.c:685:Field=cert_info, Type=X509
408736B2737A0000:error:0680007B:asn1 encoding routines:ASN1_get_object:header too long:../crypto/asn1/asn1_lib.c:105:
408736B2737A0000:error:06800066:asn1 encoding routines:asn1_check_tlen:bad object header:../crypto/asn1/tasn_dec.c:1178:
408736B2737A0000:error:0688010A:asn1 encoding routines:asn1_d2i_ex_primitive:nested asn1 error:../crypto/asn1/tasn_dec.c:752:
408736B2737A0000:error:0688010A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../crypto/asn1/tasn_dec.c:676:Field=issuerUID, Type=X509_CINF
408736B2737A0000:error:0688010A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../crypto/asn1/tasn_dec.c:685:Field=cert_info, Type=X509
408736B2737A0000:error:0A08000D:SSL routines:tls_process_client_certificate:ASN1 lib:../ssl/statem/statem_srvr.c:3463:
shutting down SSL
CONNECTION CLOSED
Weboscket client with client certificate and private key failed to connect to Websocket to server based on Lua with OpenSSL.
ThreadX version 6.2.0 provided by ST on the STM32H5 platform, compiled in CubeIDE Server side, Ubuntu Linux with OpenSSL 3.0.13 30 Jan 2024
When tlsv1_3 is changed to tlsv1_2, handshake is successful and communication works. The same when 'peer', 'fail_if_no_peer_cert' are omitted, then it works. When the same certificated are used from an OpenSSL based software client, the connection works even in tlsv1_3 mode. So the certificates and server configuration shall be right.
The server has the following options: mode = 'server', protocol = 'tlsv1_3', key = options.ssl..'/server.priv', certificate = options.ssl..'/server.crt', cafile = options.ssl..'/client.crt', verify = { 'peer', 'fail_if_no_peer_cert' }, options = { 'all', 'no_sslv2', 'no_sslv3', 'no_tlsv1', 'no_tlsv1_1' }
Used certificates are using: Signature Algorithm: ecdsa-with-SHA256 Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) ASN1 OID: prime256v1 NIST CURVE: P-256
and key: EC key Private-Key: (256 bit) ASN1 OID: prime256v1 NIST CURVE: P-256
I'm not sure if it is just some unsupported combination, something missing in my code, or some weird incompatibility. On the client side, nothing returns any error, but the socket is terminated by the server side.
Server side under TLS1.3:
Server side under TLS1.2:
On the client side is only error, that nx_websocket_client_secure_connect end with: Socket not Connected And _mqtt_client_disconnect_callback is called - yes I shall rename it
Client code is following: `VOID WebsocketThreadEntry(ULONG thread_input) { UINT status;
`