Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Random TLS error on bugs.python.org #4

Closed
vstinner opened this issue Oct 5, 2017 · 24 comments

Comments

Projects
None yet
8 participants
@vstinner
Copy link
Member

commented Oct 5, 2017

I get random TLS errors while trying to connect to bugs.python.org.

I get the same error on IPv4 and IPv6.

OpenSSL client:

openssl s_client -host bugs.python.org -port 443 -debug -msg  -state

Interesting part of the output:

SSL3 alert write:fatal:decrypt error
SSL_connect:error in error
140059459471104:error:0407008A:rsa routines:RSA_padding_check_PKCS1_type_1:invalid padding:crypto/rsa/rsa_pk1.c:67:
140059459471104:error:04067072:rsa routines:rsa_ossl_public_decrypt:padding check failed:crypto/rsa/rsa_ossl.c:644:
140059459471104:error:1416D07B:SSL routines:tls_process_key_exchange:bad signature:ssl/statem/statem_clnt.c:1724:
(...)
New, (NONE), Cipher is (NONE)

The full verbose output:

SSL_connect:before SSL initialization
CONNECTED(00000003)
>>> ??? [length 0005]
    16 03 01 00 f9
>>> TLS 1.2Handshake [length 00f9], ClientHello
    01 00 00 f5 03 03 d3 f6 1a a9 52 7e ae 23 f4 86
    8c dc 4b e9 56 22 e9 a5 8a 6e e3 f3 9b 11 06 4c
    03 c7 c6 86 11 f8 00 00 86 c0 2c c0 30 cc a9 cc
    a8 c0 af c0 ad c0 2b c0 2f c0 ae c0 ac c0 24 c0
    28 c0 73 c0 77 c0 23 c0 27 c0 72 c0 76 c0 0a c0
    14 c0 09 c0 13 c0 08 c0 12 00 9d c0 a1 c0 9d 00
    9c c0 a0 c0 9c 00 3d 00 c0 00 3c 00 ba 00 35 00
    84 00 2f 00 41 00 0a 00 a3 00 9f cc aa c0 a3 c0
    9f 00 a2 00 9e c0 a2 c0 9e 00 6b 00 6a 00 c4 00
    c3 00 67 00 40 00 be 00 bd 00 39 00 38 00 88 00
    87 00 33 00 32 00 45 00 44 00 16 00 13 00 ff 01
    00 00 46 00 0b 00 04 03 00 01 02 00 0a 00 0a 00
    08 00 1d 00 17 00 19 00 18 00 23 00 00 00 0d 00
    20 00 1e 06 01 06 02 06 03 05 01 05 02 05 03 04
    01 04 02 04 03 03 01 03 02 03 03 02 01 02 02 02
    03 00 16 00 00 00 17 00 00
SSL_connect:SSLv3/TLS write client hello
write to 0x221a2f0 [0x2245a70] (254 bytes => 254 (0xFE))
0000 - 16 03 01 00 f9 01 00 00-f5 03 03 d3 f6 1a a9 52   ...............R
0010 - 7e ae 23 f4 86 8c dc 4b-e9 56 22 e9 a5 8a 6e e3   ~.#....K.V"...n.
0020 - f3 9b 11 06 4c 03 c7 c6-86 11 f8 00 00 86 c0 2c   ....L..........,
0030 - c0 30 cc a9 cc a8 c0 af-c0 ad c0 2b c0 2f c0 ae   .0.........+./..
0040 - c0 ac c0 24 c0 28 c0 73-c0 77 c0 23 c0 27 c0 72   ...$.(.s.w.#.'.r
0050 - c0 76 c0 0a c0 14 c0 09-c0 13 c0 08 c0 12 00 9d   .v..............
0060 - c0 a1 c0 9d 00 9c c0 a0-c0 9c 00 3d 00 c0 00 3c   ...........=...<
0070 - 00 ba 00 35 00 84 00 2f-00 41 00 0a 00 a3 00 9f   ...5.../.A......
0080 - cc aa c0 a3 c0 9f 00 a2-00 9e c0 a2 c0 9e 00 6b   ...............k
0090 - 00 6a 00 c4 00 c3 00 67-00 40 00 be 00 bd 00 39   .j.....g.@.....9
00a0 - 00 38 00 88 00 87 00 33-00 32 00 45 00 44 00 16   .8.....3.2.E.D..
00b0 - 00 13 00 ff 01 00 00 46-00 0b 00 04 03 00 01 02   .......F........
00c0 - 00 0a 00 0a 00 08 00 1d-00 17 00 19 00 18 00 23   ...............#
00d0 - 00 00 00 0d 00 20 00 1e-06 01 06 02 06 03 05 01   ..... ..........
00e0 - 05 02 05 03 04 01 04 02-04 03 03 01 03 02 03 03   ................
00f0 - 02 01 02 02 02 03 00 16-00 00 00 17               ............
00fe - <SPACES/NULS>
read from 0x221a2f0 [0x223c7d3] (5 bytes => 5 (0x5))
0000 - 16 03 01 00 35                                    ....5
<<< ??? [length 0005]
    16 03 01 00 35
SSL_connect:SSLv3/TLS write client hello
read from 0x221a2f0 [0x223c7d8] (53 bytes => 53 (0x35))
0000 - 02 00 00 31 03 01 59 d6-4f bb 83 b6 d5 58 3d e0   ...1..Y.O....X=.
0010 - 5b 2b 03 be 04 3b ac 5c-6c d6 7a 75 b0 71 a8 6e   [+...;.\l.zu.q.n
0020 - db 62 6a 0a 99 77 00 00-39 00 00 09 ff 01 00 01   .bj..w..9.......
0030 - 00 00 23                                          ..#
0035 - <SPACES/NULS>
<<< TLS 1.2Handshake [length 0035], ServerHello
    02 00 00 31 03 01 59 d6 4f bb 83 b6 d5 58 3d e0
    5b 2b 03 be 04 3b ac 5c 6c d6 7a 75 b0 71 a8 6e
    db 62 6a 0a 99 77 00 00 39 00 00 09 ff 01 00 01
    00 00 23 00 00
read from 0x221a2f0 [0x223c7d3] (5 bytes => 5 (0x5))
0000 - 16 03 01 10 79                                    ....y
<<< ??? [length 0005]
    16 03 01 10 79
read from 0x221a2f0 [0x223c7d8] (4217 bytes => 2793 (0xAE9))
0000 - 0b 00 10 75 00 10 72 00-05 01 30 82 04 fd 30 82   ...u..r...0...0.
0010 - 03 e5 a0 03 02 01 02 02-11 00 e1 1e 46 83 eb bc   ............F...
0020 - 9c 06 5a 72 8c aa 15 07-15 59 30 0d 06 09 2a 86   ..Zr.....Y0...*.
0030 - 48 86 f7 0d 01 01 0b 05-00 30 5f 31 0b 30 09 06   H........0_1.0..
0040 - 03 55 04 06 13 02 46 52-31 0e 30 0c 06 03 55 04   .U....FR1.0...U.
0050 - 08 13 05 50 61 72 69 73-31 0e 30 0c 06 03 55 04   ...Paris1.0...U.
0060 - 07 13 05 50 61 72 69 73-31 0e 30 0c 06 03 55 04   ...Paris1.0...U.
0070 - 0a 13 05 47 61 6e 64 69-31 20 30 1e 06 03 55 04   ...Gandi1 0...U.
0080 - 03 13 17 47 61 6e 64 69-20 53 74 61 6e 64 61 72   ...Gandi Standar
0090 - 64 20 53 53 4c 20 43 41-20 32 30 1e 17 0d 31 37   d SSL CA 20...17
00a0 - 30 32 31 31 30 30 30 30-30 30 5a 17 0d 32 30 30   0211000000Z..200
00b0 - 32 31 31 32 33 35 39 35-39 5a 30 5a 31 21 30 1f   211235959Z0Z1!0.
00c0 - 06 03 55 04 0b 13 18 44-6f 6d 61 69 6e 20 43 6f   ..U....Domain Co
00d0 - 6e 74 72 6f 6c 20 56 61-6c 69 64 61 74 65 64 31   ntrol Validated1
00e0 - 1b 30 19 06 03 55 04 0b-13 12 47 61 6e 64 69 20   .0...U....Gandi 
00f0 - 53 74 61 6e 64 61 72 64-20 53 53 4c 31 18 30 16   Standard SSL1.0.
0100 - 06 03 55 04 03 13 0f 62-75 67 73 2e 70 79 74 68   ..U....bugs.pyth
0110 - 6f 6e 2e 6f 72 67 30 82-01 22 30 0d 06 09 2a 86   on.org0.."0...*.
0120 - 48 86 f7 0d 01 01 01 05-00 03 82 01 0f 00 30 82   H.............0.
0130 - 01 0a 02 82 01 01 00 a0-17 c0 2b 08 cb 37 a2 38   ..........+..7.8
0140 - f0 5c f4 dc ab 9b 0c 27-c5 29 5d 02 75 20 7d d3   .\.....'.)].u }.
0150 - fa 87 46 44 dc b8 8e c9-89 67 a0 63 7e 51 3d cf   ..FD.....g.c~Q=.
0160 - db e8 30 9e 35 31 d0 4f-e3 e8 07 98 c3 27 21 f8   ..0.51.O.....'!.
0170 - f0 65 06 51 29 97 da 14-28 df 10 62 0f 29 bc 79   .e.Q)...(..b.).y
0180 - 4e 5a 4e 89 32 b6 38 74-a8 61 50 95 95 68 5c 7f   NZN.2.8t.aP..h\.
0190 - 60 31 f5 a6 26 80 42 f1-47 03 12 1a 3f a7 4e 26   `1..&.B.G...?.N&
01a0 - 85 4b f6 a3 ba 83 8f 18-36 4a c1 7e 5c 48 30 bf   .K......6J.~\H0.
01b0 - 14 e6 e5 32 54 c4 32 18-ed fc b0 2c 9e a4 cf 57   ...2T.2....,...W
01c0 - 0a ed 77 dd ae f3 81 06-44 0f 87 19 8b de b1 6d   ..w.....D......m
01d0 - 6f 56 e1 26 0c 47 87 00-90 f2 33 52 46 f4 25 0c   oV.&.G....3RF.%.
01e0 - cc d4 5a 66 49 e2 d4 b1-64 c5 cc b7 85 e0 68 cd   ..ZfI...d.....h.
01f0 - 7d 92 a9 b5 65 76 64 fc-f9 e1 30 66 82 c9 03 f8   }...evd...0f....
0200 - 98 33 fd 47 76 00 21 a7-39 7a d1 26 2d 47 36 05   .3.Gv.!.9z.&-G6.
0210 - 35 b7 ae bf d5 d1 e7 ab-db 66 90 82 13 e9 c4 62   5........f.....b
0220 - 42 51 1d db 3c de 1b c8-42 d6 cc 65 5b e9 11 a5   BQ..<...B..e[...
0230 - 43 c8 47 0f bf c2 5d 02-03 01 00 01 a3 82 01 b7   C.G...].........
0240 - 30 82 01 b3 30 1f 06 03-55 1d 23 04 18 30 16 80   0...0...U.#..0..
0250 - 14 b3 90 a7 d8 c9 af 4e-cd 61 3c 9f 7c ad 5d 7f   .......N.a<.|.].
0260 - 41 fd 69 30 ea 30 1d 06-03 55 1d 0e 04 16 04 14   A.i0.0...U......
0270 - 94 61 fe 04 4e 2a 71 94-3a 23 3f a8 c1 7f 02 c6   .a..N*q.:#?.....
0280 - d8 c9 03 89 30 0e 06 03-55 1d 0f 01 01 ff 04 04   ....0...U.......
0290 - 03 02 05 a0 30 0c 06 03-55 1d 13 01 01 ff 04 02   ....0...U.......
02a0 - 30 00 30 1d 06 03 55 1d-25 04 16 30 14 06 08 2b   0.0...U.%..0...+
02b0 - 06 01 05 05 07 03 01 06-08 2b 06 01 05 05 07 03   .........+......
02c0 - 02 30 4b 06 03 55 1d 20-04 44 30 42 30 36 06 0b   .0K..U. .D0B06..
02d0 - 2b 06 01 04 01 b2 31 01-02 02 1a 30 27 30 25 06   +.....1....0'0%.
02e0 - 08 2b 06 01 05 05 07 02-01 16 19 68 74 74 70 73   .+.........https
02f0 - 3a 2f 2f 63 70 73 2e 75-73 65 72 74 72 75 73 74   ://cps.usertrust
0300 - 2e 63 6f 6d 30 08 06 06-67 81 0c 01 02 01 30 41   .com0...g.....0A
0310 - 06 03 55 1d 1f 04 3a 30-38 30 36 a0 34 a0 32 86   ..U...:0806.4.2.
0320 - 30 68 74 74 70 3a 2f 2f-63 72 6c 2e 75 73 65 72   0http://crl.user
0330 - 74 72 75 73 74 2e 63 6f-6d 2f 47 61 6e 64 69 53   trust.com/GandiS
0340 - 74 61 6e 64 61 72 64 53-53 4c 43 41 32 2e 63 72   tandardSSLCA2.cr
0350 - 6c 30 73 06 08 2b 06 01-05 05 07 01 01 04 67 30   l0s..+........g0
0360 - 65 30 3c 06 08 2b 06 01-05 05 07 30 02 86 30 68   e0<..+.....0..0h
0370 - 74 74 70 3a 2f 2f 63 72-74 2e 75 73 65 72 74 72   ttp://crt.usertr
0380 - 75 73 74 2e 63 6f 6d 2f-47 61 6e 64 69 53 74 61   ust.com/GandiSta
0390 - 6e 64 61 72 64 53 53 4c-43 41 32 2e 63 72 74 30   ndardSSLCA2.crt0
03a0 - 25 06 08 2b 06 01 05 05-07 30 01 86 19 68 74 74   %..+.....0...htt
03b0 - 70 3a 2f 2f 6f 63 73 70-2e 75 73 65 72 74 72 75   p://ocsp.usertru
03c0 - 73 74 2e 63 6f 6d 30 2f-06 03 55 1d 11 04 28 30   st.com0/..U...(0
03d0 - 26 82 0f 62 75 67 73 2e-70 79 74 68 6f 6e 2e 6f   &..bugs.python.o
03e0 - 72 67 82 13 77 77 77 2e-62 75 67 73 2e 70 79 74   rg..www.bugs.pyt
03f0 - 68 6f 6e 2e 6f 72 67 30-0d 06 09 2a 86 48 86 f7   hon.org0...*.H..
0400 - 0d 01 01 0b 05 00 03 82-01 01 00 2e 02 63 08 83   .............c..
0410 - e4 8c 0d c6 fd 2b 8f 48-7f f9 ea 47 f4 d3 18 ad   .....+.H...G....
0420 - 29 8f 89 8d 4d 38 d9 b5-de cd 52 bc aa 56 cc f6   )...M8....R..V..
0430 - 68 15 c0 17 49 12 65 d3-1f 56 b6 73 fa 0f 77 23   h...I.e..V.s..w#
0440 - b0 e7 94 57 d6 ab 47 bc-b0 84 fa e1 c8 13 4a 06   ...W..G.......J.
0450 - c1 c9 96 d8 9e 34 58 e5-b0 d7 a2 cf 92 20 29 d8   .....4X...... ).
0460 - 4f b4 52 f8 dd 00 72 57-26 ac 31 6f 97 3f 5d fb   O.R...rW&.1o.?].
0470 - 75 85 b5 5c 85 16 b6 27-80 27 42 f2 97 c5 51 b8   u..\...'.'B...Q.
0480 - 2e 58 7a cf 37 87 b9 a6-90 78 ea ee ee 7c c6 4e   .Xz.7....x...|.N
0490 - fb 61 c5 9a a3 da af 40-eb dc 20 ef 1d 02 7f 29   .a.....@.. ....)
04a0 - 1d d7 20 7a 3a 75 e6 41-1b 4b c5 00 49 56 d6 51   .. z:u.A.K..IV.Q
04b0 - ac 9f b5 ec 83 36 6b 0d-38 54 95 c7 e6 c7 1b c5   .....6k.8T......
04c0 - 14 4d 97 92 24 e2 32 fe-e4 b0 f0 ba d7 df 6c bf   .M..$.2.......l.
04d0 - 8f cb 90 4a 42 31 ba b7-3f ae 85 3f a0 ca 29 25   ...JB1..?..?..)%
04e0 - 58 56 d1 45 ab 29 8f 8d-c3 ba 9c d7 99 34 d2 17   XV.E.).......4..
04f0 - 3a f6 eb f0 85 57 cc 08-1a 68 b6 fd 53 fa 04 1a   :....W...h..S...
0500 - d5 95 3e 95 01 0a 04 d9-97 00 b8 00 05 ed 30 82   ..>...........0.
0510 - 05 e9 30 82 03 d1 a0 03-02 01 02 02 10 05 e4 dc   ..0.............
0520 - 3b 94 38 ab 3b 85 97 cb-a6 a1 98 50 e3 30 0d 06   ;.8.;......P.0..
0530 - 09 2a 86 48 86 f7 0d 01-01 0c 05 00 30 81 88 31   .*.H........0..1
0540 - 0b 30 09 06 03 55 04 06-13 02 55 53 31 13 30 11   .0...U....US1.0.
0550 - 06 03 55 04 08 13 0a 4e-65 77 20 4a 65 72 73 65   ..U....New Jerse
0560 - 79 31 14 30 12 06 03 55-04 07 13 0b 4a 65 72 73   y1.0...U....Jers
0570 - 65 79 20 43 69 74 79 31-1e 30 1c 06 03 55 04 0a   ey City1.0...U..
0580 - 13 15 54 68 65 20 55 53-45 52 54 52 55 53 54 20   ..The USERTRUST 
0590 - 4e 65 74 77 6f 72 6b 31-2e 30 2c 06 03 55 04 03   Network1.0,..U..
05a0 - 13 25 55 53 45 52 54 72-75 73 74 20 52 53 41 20   .%USERTrust RSA 
05b0 - 43 65 72 74 69 66 69 63-61 74 69 6f 6e 20 41 75   Certification Au
05c0 - 74 68 6f 72 69 74 79 30-1e 17 0d 31 34 30 39 31   thority0...14091
05d0 - 32 30 30 30 30 30 30 5a-17 0d 32 34 30 39 31 31   2000000Z..240911
05e0 - 32 33 35 39 35 39 5a 30-5f 31 0b 30 09 06 03 55   235959Z0_1.0...U
05f0 - 04 06 13 02 46 52 31 0e-30 0c 06 03 55 04 08 13   ....FR1.0...U...
0600 - 05 50 61 72 69 73 31 0e-30 0c 06 03 55 04 07 13   .Paris1.0...U...
0610 - 05 50 61 72 69 73 31 0e-30 0c 06 03 55 04 0a 13   .Paris1.0...U...
0620 - 05 47 61 6e 64 69 31 20-30 1e 06 03 55 04 03 13   .Gandi1 0...U...
0630 - 17 47 61 6e 64 69 20 53-74 61 6e 64 61 72 64 20   .Gandi Standard 
0640 - 53 53 4c 20 43 41 20 32-30 82 01 22 30 0d 06 09   SSL CA 20.."0...
0650 - 2a 86 48 86 f7 0d 01 01-01 05 00 03 82 01 0f 00   *.H.............
0660 - 30 82 01 0a 02 82 01 01-00 94 04 2d a6 79 95 74   0..........-.y.t
0670 - ff d5 00 3c f5 ae d8 94-b1 29 7c c0 8f 0b 0b 89   ...<.....)|.....
0680 - b9 82 83 97 6e 37 28 f5-a2 1a cf d2 92 0b 9b a8   ....n7(.........
0690 - d3 87 94 73 84 10 9f dc-35 cb c2 2d 92 ac 21 b9   ...s....5..-..!.
06a0 - cb 3b fc 40 c1 c1 83 21-f0 bf f8 f6 9c fa 9c 82   .;.@...!........
06b0 - 10 c0 d0 8e 4e e5 0d 4c-b0 91 5c 90 b4 a4 40 51   ....N..L..\...@Q
06c0 - 16 da e4 84 12 2d 05 5c-a1 1f 17 19 24 51 aa 7a   .....-.\....$Q.z
06d0 - ea e1 07 1b 86 8d 01 72-f2 e7 d4 83 23 39 9e e0   .......r....#9..
06e0 - e1 4c 1f 6b 22 a3 b4 10-66 b0 ed 82 96 d7 6e 6a   .L.k"...f.....nj
06f0 - b4 f2 3f b5 42 fc dd 8a-b5 ab ba 2d 1d 3a 75 9b   ..?.B......-.:u.
0700 - 31 dc 3e 9d ac 5b d3 41-0d 6c b0 1b f5 3a f5 79   1.>..[.A.l...:.y
0710 - ea 21 a2 f8 f4 33 52 4b-24 2d 1e a4 99 b1 6d 48   .!...3RK$-....mH
0720 - bc b8 12 fe 72 70 7c f7-fb 02 75 f4 8d de d6 da   ....rp|...u.....
0730 - c0 a0 32 1a 52 df 38 6b-2e 45 38 3f 3f 04 96 00   ..2.R.8k.E8??...
0740 - fd a1 f4 a2 bb d5 17 d6-27 7c 1b 58 59 95 5e 8a   ........'|.XY.^.
0750 - 12 fd 9c ab 81 3e 52 28-48 51 85 6b f3 91 b2 86   .....>R(HQ.k....
0760 - 3f 29 b5 6e 03 62 ee d6-05 02 03 01 00 01 a3 82   ?).n.b..........
0770 - 01 75 30 82 01 71 30 1f-06 03 55 1d 23 04 18 30   .u0..q0...U.#..0
0780 - 16 80 14 53 79 bf 5a aa-2b 4a cf 54 80 e1 d8 9b   ...Sy.Z.+J.T....
0790 - c0 9d f2 b2 03 66 cb 30-1d 06 03 55 1d 0e 04 16   .....f.0...U....
07a0 - 04 14 b3 90 a7 d8 c9 af-4e cd 61 3c 9f 7c ad 5d   ........N.a<.|.]
07b0 - 7f 41 fd 69 30 ea 30 0e-06 03 55 1d 0f 01 01 ff   .A.i0.0...U.....
07c0 - 04 04 03 02 01 86 30 12-06 03 55 1d 13 01 01 ff   ......0...U.....
07d0 - 04 08 30 06 01 01 ff 02-01 00 30 1d 06 03 55 1d   ..0.......0...U.
07e0 - 25 04 16 30 14 06 08 2b-06 01 05 05 07 03 01 06   %..0...+........
07f0 - 08 2b 06 01 05 05 07 03-02 30 22 06 03 55 1d 20   .+.......0"..U. 
0800 - 04 1b 30 19 30 0d 06 0b-2b 06 01 04 01 b2 31 01   ..0.0...+.....1.
0810 - 02 02 1a 30 08 06 06 67-81 0c 01 02 01 30 50 06   ...0...g.....0P.
0820 - 03 55 1d 1f 04 49 30 47-30 45 a0 43 a0 41 86 3f   .U...I0G0E.C.A.?
0830 - 68 74 74 70 3a 2f 2f 63-72 6c 2e 75 73 65 72 74   http://crl.usert
0840 - 72 75 73 74 2e 63 6f 6d-2f 55 53 45 52 54 72 75   rust.com/USERTru
0850 - 73 74 52 53 41 43 65 72-74 69 66 69 63 61 74 69   stRSACertificati
0860 - 6f 6e 41 75 74 68 6f 72-69 74 79 2e 63 72 6c 30   onAuthority.crl0
0870 - 76 06 08 2b 06 01 05 05-07 01 01 04 6a 30 68 30   v..+........j0h0
0880 - 3f 06 08 2b 06 01 05 05-07 30 02 86 33 68 74 74   ?..+.....0..3htt
0890 - 70 3a 2f 2f 63 72 74 2e-75 73 65 72 74 72 75 73   p://crt.usertrus
08a0 - 74 2e 63 6f 6d 2f 55 53-45 52 54 72 75 73 74 52   t.com/USERTrustR
08b0 - 53 41 41 64 64 54 72 75-73 74 43 41 2e 63 72 74   SAAddTrustCA.crt
08c0 - 30 25 06 08 2b 06 01 05-05 07 30 01 86 19 68 74   0%..+.....0...ht
08d0 - 74 70 3a 2f 2f 6f 63 73-70 2e 75 73 65 72 74 72   tp://ocsp.usertr
08e0 - 75 73 74 2e 63 6f 6d 30-0d 06 09 2a 86 48 86 f7   ust.com0...*.H..
08f0 - 0d 01 01 0c 05 00 03 82-02 01 00 58 67 fd 72 b2   ...........Xg.r.
0900 - 6a d7 7c 61 96 19 7e d9-43 46 d1 26 7d c8 53 fa   j.|a..~.CF.&}.S.
0910 - 66 b0 6b 2d a7 d3 aa 56-f7 3a 88 d0 3b 72 c9 50   f.k-...V.:..;r.P
0920 - fd f7 59 b2 aa 68 f5 8c-73 03 bb 95 65 17 ce 2f   ..Y..h..s...e../
0930 - 1c dd 98 13 a2 91 c9 ee-a1 40 6e 3c 98 d6 5c f3   .........@n<..\.
0940 - b2 22 3c 2d ee 1b a4 e1-de 20 24 16 f2 8c 11 73   ."<-..... $....s
0950 - 91 3a f6 fa ce 24 02 87-ca 93 ec b4 b6 c8 16 17   .:...$..........
0960 - c5 72 fc 27 40 f6 13 fe-93 a6 9d 51 ef 3c 2b d8   .r.'@......Q.<+.
0970 - 77 57 9b 8c 65 3a 35 25-36 b7 b5 8a 63 6f 07 27   wW..e:5%6...co.'
0980 - 93 b1 60 8d 80 db 96 d4-7a 8f 2d ab 1c 88 c9 6e   ..`.....z.-....n
0990 - 7e d6 65 1f af 5d ca 16-3f 28 46 dc a0 35 e5 f9   ~.e..]..?(F..5..
09a0 - e9 e5 d5 96 88 0c 4f c6-b7 77 67 48 84 27 b6 1f   ......O..wgH.'..
09b0 - b0 68 db ac bf 77 b0 90-b8 a2 c9 1c 32 5d 02 ba   .h...w......2]..
09c0 - 25 43 81 42 47 bb d8 e1-8f 0c 0c 46 5f ee 46 33   %C.BG......F_.F3
09d0 - 6b 03 14 82 d3 7e cd 8f-af 90 d6 8e 24 7d 40 42   k....~......$}@B
09e0 - b4 6a 6a 17 c6 95 97 e1-f2 38 cd a7 ed b4 27 40   .jj......8....'@
09f0 - 93 df 72 a9 b8 c6 66 63-37 38 64 22 30 a2 3b f1   ..r...fc78d"0.;.
0a00 - b9 c8 7b c8 fb 29 3a ab-1a 72 d2 06 12 4e f6 82   ..{..):..r...N..
0a10 - d4 23 6f 3e c3 93 e5 d8-b6 c0 de dc 23 16 d6 13   .#o>........#...
0a20 - 30 b7 a0 9a 0e 2c 55 06-00 70 01 cf ea 39 1d 80   0....,U..p...9..
0a30 - db 88 f7 a5 20 b8 5b fd-31 26 69 8f 2d 0a 61 83   .... .[.1&i.-.a.
0a40 - 3a 47 a6 13 54 2c 1e e3-ed 44 ca bc 6a 1f 28 0e   :G..T,...D..j.(.
0a50 - 51 d9 de 0e 9f 75 cd 0e-03 95 ca f9 c5 a9 2a 2d   Q....u........*-
0a60 - fe 41 a4 a1 47 ae 0d c2-f9 39 66 33 4a 5b e1 84   .A..G....9f3J[..
0a70 - 28 59 6c 7d 94 17 76 e4-45 82 ad 70 20 fd d2 6f   (Yl}..v.E..p ..o
0a80 - 63 a8 d7 fa a0 33 fa 37-cb f7 b2 65 9e da 50 6f   c....3.7...e..Po
0a90 - 3f e4 a7 f3 8e 5d 58 32-97 70 23 2e e7 fd c4 15   ?....]X2.p#.....
0aa0 - 9b 9c 27 8f 32 ed 17 ad-58 81 31 29 11 1a 9b d4   ..'.2...X.1)....
0ab0 - fc 6c 95 28 c7 4e 05 07-a6 fd 1d bc 19 e2 e8 b7   .l.(.N..........
0ac0 - b9 11 8a 2d 70 12 52 85-8d 8c 33 4a 0f fc 99 92   ...-p.R...3J....
0ad0 - e0 63 70 da a5 94 47 63-07 e7 58 c7 31 5f 05 3d   .cp...Gc..X.1_.=
0ae0 - 36 55 fe 83 b2 e8 a6 ad-d7                        6U.......
read from 0x221a2f0 [0x223d2c1] (1424 bytes => 1424 (0x590))
0000 - e9 e6 02 74 88 74 5c da-34 db 90 d2 6d 51 0a 23   ...t.t\.4...mQ.#
0010 - d6 23 00 05 7b 30 82 05-77 30 82 04 5f a0 03 02   .#..{0..w0.._...
0020 - 01 02 02 10 13 ea 28 70-5b f4 ec ed 0c 36 63 09   ......(p[....6c.
0030 - 80 61 43 36 30 0d 06 09-2a 86 48 86 f7 0d 01 01   .aC60...*.H.....
0040 - 0c 05 00 30 6f 31 0b 30-09 06 03 55 04 06 13 02   ...0o1.0...U....
0050 - 53 45 31 14 30 12 06 03-55 04 0a 13 0b 41 64 64   SE1.0...U....Add
0060 - 54 72 75 73 74 20 41 42-31 26 30 24 06 03 55 04   Trust AB1&0$..U.
0070 - 0b 13 1d 41 64 64 54 72-75 73 74 20 45 78 74 65   ...AddTrust Exte
0080 - 72 6e 61 6c 20 54 54 50-20 4e 65 74 77 6f 72 6b   rnal TTP Network
0090 - 31 22 30 20 06 03 55 04-03 13 19 41 64 64 54 72   1"0 ..U....AddTr
00a0 - 75 73 74 20 45 78 74 65-72 6e 61 6c 20 43 41 20   ust External CA 
00b0 - 52 6f 6f 74 30 1e 17 0d-30 30 30 35 33 30 31 30   Root0...00053010
00c0 - 34 38 33 38 5a 17 0d 32-30 30 35 33 30 31 30 34   4838Z..200530104
00d0 - 38 33 38 5a 30 81 88 31-0b 30 09 06 03 55 04 06   838Z0..1.0...U..
00e0 - 13 02 55 53 31 13 30 11-06 03 55 04 08 13 0a 4e   ..US1.0...U....N
00f0 - 65 77 20 4a 65 72 73 65-79 31 14 30 12 06 03 55   ew Jersey1.0...U
0100 - 04 07 13 0b 4a 65 72 73-65 79 20 43 69 74 79 31   ....Jersey City1
0110 - 1e 30 1c 06 03 55 04 0a-13 15 54 68 65 20 55 53   .0...U....The US
0120 - 45 52 54 52 55 53 54 20-4e 65 74 77 6f 72 6b 31   ERTRUST Network1
0130 - 2e 30 2c 06 03 55 04 03-13 25 55 53 45 52 54 72   .0,..U...%USERTr
0140 - 75 73 74 20 52 53 41 20-43 65 72 74 69 66 69 63   ust RSA Certific
0150 - 61 74 69 6f 6e 20 41 75-74 68 6f 72 69 74 79 30   ation Authority0
0160 - 82 02 22 30 0d 06 09 2a-86 48 86 f7 0d 01 01 01   .."0...*.H......
0170 - 05 00 03 82 02 0f 00 30-82 02 0a 02 82 02 01 00   .......0........
0180 - 80 12 65 17 36 0e c3 db-08 b3 d0 ac 57 0d 76 ed   ..e.6.......W.v.
0190 - cd 27 d3 4c ad 50 83 61-e2 aa 20 4d 09 2d 64 09   .'.L.P.a.. M.-d.
01a0 - dc ce 89 9f cc 3d a9 ec-f6 cf c1 dc f1 d3 b1 d6   .....=..........
01b0 - 7b 37 28 11 2b 47 da 39-c6 bc 3a 19 b4 5f a6 bd   {7(.+G.9..:.._..
01c0 - 7d 9d a3 63 42 b6 76 f2-a9 3b 2b 91 f8 e2 6f d0   }..cB.v..;+...o.
01d0 - ec 16 20 90 09 3e e2 e8-74 c9 18 b4 91 d4 62 64   .. ..>..t.....bd
01e0 - db 7f a3 06 f1 88 18 6a-90 22 3c bc fe 13 f0 87   .......j."<.....
01f0 - 14 7b f6 e4 1f 8e d4 e4-51 c6 11 67 46 08 51 cb   .{......Q..gF.Q.
0200 - 86 14 54 3f bc 33 fe 7e-6c 9c ff 16 9d 18 bd 51   ..T?.3.~l......Q
0210 - 8e 35 a6 a7 66 c8 72 67-db 21 66 b1 d4 9b 78 03   .5..f.rg.!f...x.
0220 - c0 50 3a e8 cc f0 dc bc-9e 4c fe af 05 96 35 1f   .P:......L....5.
0230 - 57 5a b7 ff ce f9 3d b7-2c b6 f6 54 dd c8 e7 12   WZ....=.,..T....
0240 - 3a 4d ae 4c 8a b7 5c 9a-b4 b7 20 3d ca 7f 22 34   :M.L..\... =.."4
0250 - ae 7e 3b 68 66 01 44 e7-01 4e 46 53 9b 33 60 f7   .~;hf.D..NFS.3`.
0260 - 94 be 53 37 90 73 43 f3-32 c3 53 ef db aa fe 74   ..S7.sC.2.S....t
0270 - 4e 69 c7 6b 8c 60 93 de-c4 c7 0c df e1 32 ae cc   Ni.k.`.......2..
0280 - 93 3b 51 78 95 67 8b ee-3d 56 fe 0c d0 69 0f 1b   .;Qx.g..=V...i..
0290 - 0f f3 25 26 6b 33 6d f7-6e 47 fa 73 43 e5 7e 0e   ..%&k3m.nG.sC.~.
02a0 - a5 66 b1 29 7c 32 84 63-55 89 c4 0d c1 93 54 30   .f.)|2.cU.....T0
02b0 - 19 13 ac d3 7d 37 a7 eb-5d 3a 6c 35 5c db 41 d7   ....}7..]:l5\.A.
02c0 - 12 da a9 49 0b df d8 80-8a 09 93 62 8e b5 66 cf   ...I..SSL_connect:SSLv3/TLS read server hello
.....b..f.
02d0 - 25 88 cd 84 b8 b1 3f a4-39 0f d9 02 9e eb 12 4c   %.....?.9......L
02e0 - 95 7c f3 6b 05 a9 5e 16-83 cc b8 67 e2 e8 13 9d   .|.k..^....g....
02f0 - cc 5b 82 d3 4c b3 ed 5b-ff de e5 73 ac 23 3b 2d   .[..L..[...s.#;-
0300 - 00 bf 35 55 74 09 49 d8-49 58 1a 7f 92 36 e6 51   ..5Ut.I.IX...6.Q
0310 - 92 0e f3 26 7d 1c 4d 17-bc c9 ec 43 26 d0 bf 41   ...&}.M....C&..A
0320 - 5f 40 a9 44 44 f4 99 e7-57 87 9e 50 1f 57 54 a8   _@.DD...W..P.WT.
0330 - 3e fd 74 63 2f b1 50 65-09 e6 58 42 2e 43 1a 4c   >.tc/.Pe..XB.C.L
0340 - b4 f0 25 47 59 fa 04 1e-93 d4 26 46 4a 50 81 b2   ..%GY.....&FJP..
0350 - de be 78 b7 fc 67 15 e1-c9 57 84 1e 0f 63 d6 e9   ..x..g...W...c..
0360 - 62 ba d6 5f 55 2e ea 5c-c6 28 08 04 25 39 b8 0e   b.._U..\.(..%9..
0370 - 2b a9 f2 4c 97 1c 07 3f-0d 52 f5 ed ef 2f 82 0f   +..L...?.R.../..
0380 - 02 03 01 00 01 a3 81 f4-30 81 f1 30 1f 06 03 55   ........0..0...U
0390 - 1d 23 04 18 30 16 80 14-ad bd 98 7a 34 b4 26 f7   .#..0......z4.&.
03a0 - fa c4 26 54 ef 03 bd e0-24 cb 54 1a 30 1d 06 03   ..&T....$.T.0...
03b0 - 55 1d 0e 04 16 04 14 53-79 bf 5a aa 2b 4a cf 54   U......Sy.Z.+J.T
03c0 - 80 e1 d8 9b c0 9d f2 b2-03 66 cb 30 0e 06 03 55   .........f.0...U
03d0 - 1d 0f 01 01 ff 04 04 03-02 01 86 30 0f 06 03 55   ...........0...U
03e0 - 1d 13 01 01 ff 04 05 30-03 01 01 ff 30 11 06 03   .......0....0...
03f0 - 55 1d 20 04 0a 30 08 30-06 06 04 55 1d 20 00 30   U. ..0.0...U. .0
0400 - 44 06 03 55 1d 1f 04 3d-30 3b 30 39 a0 37 a0 35   D..U...=0;09.7.5
0410 - 86 33 68 74 74 70 3a 2f-2f 63 72 6c 2e 75 73 65   .3http://crl.use
0420 - 72 74 72 75 73 74 2e 63-6f 6d 2f 41 64 64 54 72   rtrust.com/AddTr
0430 - 75 73 74 45 78 74 65 72-6e 61 6c 43 41 52 6f 6f   ustExternalCARoo
0440 - 74 2e 63 72 6c 30 35 06-08 2b 06 01 05 05 07 01   t.crl05..+......
0450 - 01 04 29 30 27 30 25 06-08 2b 06 01 05 05 07 30   ..)0'0%..+.....0
0460 - 01 86 19 68 74 74 70 3a-2f 2f 6f 63 73 70 2e 75   ...http://ocsp.u
0470 - 73 65 72 74 72 75 73 74-2e 63 6f 6d 30 0d 06 09   sertrust.com0...
0480 - 2a 86 48 86 f7 0d 01 01-0c 05 00 03 82 01 01 00   *.H.............
0490 - 93 65 f6 37 83 95 0f 5e-c3 82 1c 1f d6 77 e7 3c   .e.7...^.....w.<
04a0 - 8a c0 aa 09 f0 e9 0b 26-f1 e0 c2 6a 75 a1 c7 79   .......&...ju..y
04b0 - c9 b9 52 60 c8 29 12 0e-f0 ad 03 d6 09 c4 76 df   ..R`.)........v.
04c0 - e5 a6 81 95 a7 46 da 82-57 a9 95 92 c5 b6 8f 03   .....F..W.......
04d0 - 22 6c 33 77 c1 7b 32 17-6e 07 ce 5a 14 41 3a 05   "l3w.{2.n..Z.A:.
04e0 - 24 1b f6 14 06 3b a8 25-24 0e bb cc 2a 75 dd b9   $....;.%$...*u..
04f0 - 70 41 3f 7c d0 63 36 21-07 1f 46 ff 60 a4 91 e1   pA?|.c6!..F.`...
0500 - 67 bc de 1f 7e 19 14 c9-63 67 91 ea 67 07 6b b4   g...~...cg..g.k.
0510 - 8f 8b c0 6e 43 7d c3 a1-80 6c b2 1e bc 53 85 7d   ...nC}...l...S.}
0520 - dc 90 a1 a4 bc 2d ef 46-72 57 35 05 bf bb 46 bb   .....-.FrW5...F.
0530 - 6e 6d 37 99 b6 ff 23 92-91 c6 6e 40 f8 8f 29 56   nm7...#...n@..)V
0540 - ea 5f d5 5f 14 53 ac f0-4f 61 ea f7 22 cc a7 56   ._._.S..Oa.."..V
0550 - 0b e2 b8 34 1f 26 d9 7b-19 05 68 3f ba 3c d4 38   ...4.&.{..h?.<.8
0560 - 06 a2 d3 e6 8f 0e e3 b4-71 6d 40 42 c5 84 b4 40   ........qm@B...@
0570 - 95 2b f4 65 a0 48 79 f6-1d 81 63 96 9d 4f 75 e0   .+.e.Hy...c..Ou.
0580 - f8 7c e4 8e a9 d1 f2 ad-8a b3 8c c7 21 cd c2 ef   .|..........!...
<<< TLS 1.0Handshake [length 1079], Certificate
    0b 00 10 75 00 10 72 00 05 01 30 82 04 fd 30 82
    03 e5 a0 03 02 01 02 02 11 00 e1 1e 46 83 eb bc
    9c 06 5a 72 8c aa 15 07 15 59 30 0d 06 09 2a 86
    48 86 f7 0d 01 01 0b 05 00 30 5f 31 0b 30 09 06
    03 55 04 06 13 02 46 52 31 0e 30 0c 06 03 55 04
    08 13 05 50 61 72 69 73 31 0e 30 0c 06 03 55 04
    07 13 05 50 61 72 69 73 31 0e 30 0c 06 03 55 04
    0a 13 05 47 61 6e 64 69 31 20 30 1e 06 03 55 04
    03 13 17 47 61 6e 64 69 20 53 74 61 6e 64 61 72
    64 20 53 53 4c 20 43 41 20 32 30 1e 17 0d 31 37
    30 32 31 31 30 30 30 30 30 30 5a 17 0d 32 30 30
    32 31 31 32 33 35 39 35 39 5a 30 5a 31 21 30 1f
    06 03 55 04 0b 13 18 44 6f 6d 61 69 6e 20 43 6f
    6e 74 72 6f 6c 20 56 61 6c 69 64 61 74 65 64 31
    1b 30 19 06 03 55 04 0b 13 12 47 61 6e 64 69 20
    53 74 61 6e 64 61 72 64 20 53 53 4c 31 18 30 16
    06 03 55 04 03 13 0f 62 75 67 73 2e 70 79 74 68
    6f 6e 2e 6f 72 67 30 82 01 22 30 0d 06 09 2a 86
    48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82
    01 0a 02 82 01 01 00 a0 17 c0 2b 08 cb 37 a2 38
    f0 5c f4 dc ab 9b 0c 27 c5 29 5d 02 75 20 7d d3
    fa 87 46 44 dc b8 8e c9 89 67 a0 63 7e 51 3d cf
    db e8 30 9e 35 31 d0 4f e3 e8 07 98 c3 27 21 f8
    f0 65 06 51 29 97 da 14 28 df 10 62 0f 29 bc 79
    4e 5a 4e 89 32 b6 38 74 a8 61 50 95 95 68 5c 7f
    60 31 f5 a6 26 80 42 f1 47 03 12 1a 3f a7 4e 26
    85 4b f6 a3 ba 83 8f 18 36 4a c1 7e 5c 48 30 bf
    14 e6 e5 32 54 c4 32 18 ed fc b0 2c 9e a4 cf 57
    0a ed 77 dd ae f3 81 06 44 0f 87 19 8b de b1 6d
    6f 56 e1 26 0c 47 87 00 90 f2 33 52 46 f4 25 0c
    cc d4 5a 66 49 e2 d4 b1 64 c5 cc b7 85 e0 68 cd
    7d 92 a9 b5 65 76 64 fc f9 e1 30 66 82 c9 03 f8
    98 33 fd 47 76 00 21 a7 39 7a d1 26 2d 47 36 05
    35 b7 ae bf d5 d1 e7 ab db 66 90 82 13 e9 c4 62
    42 51 1d db 3c de 1b c8 42 d6 cc 65 5b e9 11 a5
    43 c8 47 0f bf c2 5d 02 03 01 00 01 a3 82 01 b7
    30 82 01 b3 30 1f 06 03 55 1d 23 04 18 30 16 80
    14 b3 90 a7 d8 c9 af 4e cd 61 3c 9f 7c ad 5d 7f
    41 fd 69 30 ea 30 1d 06 03 55 1d 0e 04 16 04 14
    94 61 fe 04 4e 2a 71 94 3a 23 3f a8 c1 7f 02 c6
    d8 c9 03 89 30 0e 06 03 55 1d 0f 01 01 ff 04 04
    03 02 05 a0 30 0c 06 03 55 1d 13 01 01 ff 04 02
    30 00 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b
    06 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03
    02 30 4b 06 03 55 1d 20 04 44 30 42 30 36 06 0b
    2b 06 01 04 01 b2 31 01 02 02 1a 30 27 30 25 06
    08 2b 06 01 05 05 07 02 01 16 19 68 74 74 70 73
    3a 2f 2f 63 70 73 2e 75 73 65 72 74 72 75 73 74
    2e 63 6f 6d 30 08 06 06 67 81 0c 01 02 01 30 41
    06 03 55 1d 1f 04 3a 30 38 30 36 a0 34 a0 32 86
    30 68 74 74 70 3a 2f 2f 63 72 6c 2e 75 73 65 72
    74 72 75 73 74 2e 63 6f 6d 2f 47 61 6e 64 69 53
    74 61 6e 64 61 72 64 53 53 4c 43 41 32 2e 63 72
    6c 30 73 06 08 2b 06 01 05 05 07 01 01 04 67 30
    65 30 3c 06 08 2b 06 01 05 05 07 30 02 86 30 68
    74 74 70 3a 2f 2f 63 72 74 2e 75 73 65 72 74 72
    75 73 74 2e 63 6f 6d 2f 47 61 6e 64 69 53 74 61
    6e 64 61 72 64 53 53 4c 43 41 32 2e 63 72 74 30
    25 06 08 2b 06 01 05 05 07 30 01 86 19 68 74 74
    70 3a 2f 2f 6f 63 73 70 2e 75 73 65 72 74 72 75
    73 74 2e 63 6f 6d 30 2f 06 03 55 1d 11 04 28 30
    26 82 0f 62 75 67 73 2e 70 79 74 68 6f 6e 2e 6f
    72 67 82 13 77 77 77 2e 62 75 67 73 2e 70 79 74
    68 6f 6e 2e 6f 72 67 30 0d 06 09 2a 86 48 86 f7
    0d 01 01 0b 05 00 03 82 01 01 00 2e 02 63 08 83
    e4 8c 0d c6 fd 2b 8f 48 7f f9 ea 47 f4 d3 18 ad
    29 8f 89 8d 4d 38 d9 b5 de cd 52 bc aa 56 cc f6
    68 15 c0 17 49 12 65 d3 1f 56 b6 73 fa 0f 77 23
    b0 e7 94 57 d6 ab 47 bc b0 84 fa e1 c8 13 4a 06
    c1 c9 96 d8 9e 34 58 e5 b0 d7 a2 cf 92 20 29 d8
    4f b4 52 f8 dd 00 72 57 26 ac 31 6f 97 3f 5d fb
    75 85 b5 5c 85 16 b6 27 80 27 42 f2 97 c5 51 b8
    2e 58 7a cf 37 87 b9 a6 90 78 ea ee ee 7c c6 4e
    fb 61 c5 9a a3 da af 40 eb dc 20 ef 1d 02 7f 29
    1d d7 20 7a 3a 75 e6 41 1b 4b c5 00 49 56 d6 51
    ac 9f b5 ec 83 36 6b 0d 38 54 95 c7 e6 c7 1b c5
    14 4d 97 92 24 e2 32 fe e4 b0 f0 ba d7 df 6c bf
    8f cb 90 4a 42 31 ba b7 3f ae 85 3f a0 ca 29 25
    58 56 d1 45 ab 29 8f 8d c3 ba 9c d7 99 34 d2 17
    3a f6 eb f0 85 57 cc 08 1a 68 b6 fd 53 fa 04 1a
    d5 95 3e 95 01 0a 04 d9 97 00 b8 00 05 ed 30 82
    05 e9 30 82 03 d1 a0 03 02 01 02 02 10 05 e4 dc
    3b 94 38 ab 3b 85 97 cb a6 a1 98 50 e3 30 0d 06
    09 2a 86 48 86 f7 0d 01 01 0c 05 00 30 81 88 31
    0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11
    06 03 55 04 08 13 0a 4e 65 77 20 4a 65 72 73 65
    79 31 14 30 12 06 03 55 04 07 13 0b 4a 65 72 73
    65 79 20 43 69 74 79 31 1e 30 1c 06 03 55 04 0a
    13 15 54 68 65 20 55 53 45 52 54 52 55 53 54 20
    4e 65 74 77 6f 72 6b 31 2e 30 2c 06 03 55 04 03
    13 25 55 53 45 52 54 72 75 73 74 20 52 53 41 20
    43 65 72 74 69 66 69 63 61 74 69 6f 6e 20 41 75
    74 68 6f 72 69 74 79 30 1e 17 0d 31 34 30 39 31
    32 30 30 30 30 30 30 5a 17 0d 32 34 30 39 31 31
    32 33 35 39 35 39 5a 30 5f 31 0b 30 09 06 03 55
    04 06 13 02 46 52 31 0e 30 0c 06 03 55 04 08 13
    05 50 61 72 69 73 31 0e 30 0c 06 03 55 04 07 13
    05 50 61 72 69 73 31 0e 30 0c 06 03 55 04 0a 13
    05 47 61 6e 64 69 31 20 30 1e 06 03 55 04 03 13
    17 47 61 6e 64 69 20 53 74 61 6e 64 61 72 64 20
    53 53 4c 20 43 41 20 32 30 82 01 22 30 0d 06 09
    2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00
    30 82 01 0a 02 82 01 01 00 94 04 2d a6 79 95 74
    ff d5 00 3c f5 ae d8 94 b1 29 7c c0 8f 0b 0b 89
    b9 82 83 97 6e 37 28 f5 a2 1a cf d2 92 0b 9b a8
    d3 87 94 73 84 10 9f dc 35 cb c2 2d 92 ac 21 b9
    cb 3b fc 40 c1 c1 83 21 f0 bf f8 f6 9c fa 9c 82
    10 c0 d0 8e 4e e5 0d 4c b0 91 5c 90 b4 a4 40 51
    16 da e4 84 12 2d 05 5c a1 1f 17 19 24 51 aa 7a
    ea e1 07 1b 86 8d 01 72 f2 e7 d4 83 23 39 9e e0
    e1 4c 1f 6b 22 a3 b4 10 66 b0 ed 82 96 d7 6e 6a
    b4 f2 3f b5 42 fc dd 8a b5 ab ba 2d 1d 3a 75 9b
    31 dc 3e 9d ac 5b d3 41 0d 6c b0 1b f5 3a f5 79
    ea 21 a2 f8 f4 33 52 4b 24 2d 1e a4 99 b1 6d 48
    bc b8 12 fe 72 70 7c f7 fb 02 75 f4 8d de d6 da
    c0 a0 32 1a 52 df 38 6b 2e 45 38 3f 3f 04 96 00
    fd a1 f4 a2 bb d5 17 d6 27 7c 1b 58 59 95 5e 8a
    12 fd 9c ab 81 3e 52 28 48 51 85 6b f3 91 b2 86
    3f 29 b5 6e 03 62 ee d6 05 02 03 01 00 01 a3 82
    01 75 30 82 01 71 30 1f 06 03 55 1d 23 04 18 30
    16 80 14 53 79 bf 5a aa 2b 4a cf 54 80 e1 d8 9b
    c0 9d f2 b2 03 66 cb 30 1d 06 03 55 1d 0e 04 16
    04 14 b3 90 a7 d8 c9 af 4e cd 61 3c 9f 7c ad 5d
    7f 41 fd 69 30 ea 30 0e 06 03 55 1d 0f 01 01 ff
    04 04 03 02 01 86 30 12 06 03 55 1d 13 01 01 ff
    04 08 30 06 01 01 ff 02 01 00 30 1d 06 03 55 1d
    25 04 16 30 14 06 08 2b 06 01 05 05 07 03 01 06
    08 2b 06 01 05 05 07 03 02 30 22 06 03 55 1d 20
    04 1b 30 19 30 0d 06 0b 2b 06 01 04 01 b2 31 01
    02 02 1a 30 08 06 06 67 81 0c 01 02 01 30 50 06
    03 55 1d 1f 04 49 30 47 30 45 a0 43 a0 41 86 3f
    68 74 74 70 3a 2f 2f 63 72 6c 2e 75 73 65 72 74
    72 75 73 74 2e 63 6f 6d 2f 55 53 45 52 54 72 75
    73 74 52 53 41 43 65 72 74 69 66 69 63 61 74 69
    6f 6e 41 75 74 68 6f 72 69 74 79 2e 63 72 6c 30
    76 06 08 2b 06 01 05 05 07 01 01 04 6a 30 68 30
    3f 06 08 2b 06 01 05 05 07 30 02 86 33 68 74 74
    70 3a 2f 2f 63 72 74 2e 75 73 65 72 74 72 75 73
    74 2e 63 6f 6d 2f 55 53 45 52 54 72 75 73 74 52
    53 41 41 64 64 54 72 75 73 74 43 41 2e 63 72 74
    30 25 06 08 2b 06 01 05 05 07 30 01 86 19 68 74
    74 70 3a 2f 2f 6f 63 73 70 2e 75 73 65 72 74 72
    75 73 74 2e 63 6f 6d 30 0d 06 09 2a 86 48 86 f7
    0d 01 01 0c 05 00 03 82 02 01 00 58 67 fd 72 b2
    6a d7 7c 61 96 19 7e d9 43 46 d1 26 7d c8 53 fa
    66 b0 6b 2d a7 d3 aa 56 f7 3a 88 d0 3b 72 c9 50
    fd f7 59 b2 aa 68 f5 8c 73 03 bb 95 65 17 ce 2f
    1c dd 98 13 a2 91 c9 ee a1 40 6e 3c 98 d6 5c f3
    b2 22 3c 2d ee 1b a4 e1 de 20 24 16 f2 8c 11 73
    91 3a f6 fa ce 24 02 87 ca 93 ec b4 b6 c8 16 17
    c5 72 fc 27 40 f6 13 fe 93 a6 9d 51 ef 3c 2b d8
    77 57 9b 8c 65 3a 35 25 36 b7 b5 8a 63 6f 07 27
    93 b1 60 8d 80 db 96 d4 7a 8f 2d ab 1c 88 c9 6e
    7e d6 65 1f af 5d ca 16 3f 28 46 dc a0 35 e5 f9
    e9 e5 d5 96 88 0c 4f c6 b7 77 67 48 84 27 b6 1f
    b0 68 db ac bf 77 b0 90 b8 a2 c9 1c 32 5d 02 ba
    25 43 81 42 47 bb d8 e1 8f 0c 0c 46 5f ee 46 33
    6b 03 14 82 d3 7e cd 8f af 90 d6 8e 24 7d 40 42
    b4 6a 6a 17 c6 95 97 e1 f2 38 cd a7 ed b4 27 40
    93 df 72 a9 b8 c6 66 63 37 38 64 22 30 a2 3b f1
    b9 c8 7b c8 fb 29 3a ab 1a 72 d2 06 12 4e f6 82
    d4 23 6f 3e c3 93 e5 d8 b6 c0 de dc 23 16 d6 13
    30 b7 a0 9a 0e 2c 55 06 00 70 01 cf ea 39 1d 80
    db 88 f7 a5 20 b8 5b fd 31 26 69 8f 2d 0a 61 83
    3a 47 a6 13 54 2c 1e e3 ed 44 ca bc 6a 1f 28 0e
    51 d9 de 0e 9f 75 cd 0e 03 95 ca f9 c5 a9 2a 2d
    fe 41 a4 a1 47 ae 0d c2 f9 39 66 33 4a 5b e1 84
    28 59 6c 7d 94 17 76 e4 45 82 ad 70 20 fd d2 6f
    63 a8 d7 fa a0 33 fa 37 cb f7 b2 65 9e da 50 6f
    3f e4 a7 f3 8e 5d 58 32 97 70 23 2e e7 fd c4 15
    9b 9c 27 8f 32 ed 17 ad 58 81 31 29 11 1a 9b d4
    fc 6c 95 28 c7 4e 05 07 a6 fd 1d bc 19 e2 e8 b7
    b9 11 8a 2d 70 12 52 85 8d 8c 33 4a 0f fc 99 92
    e0 63 70 da a5 94 47 63 07 e7 58 c7 31 5f 05 3d
    36 55 fe 83 b2 e8 a6 ad d7 e9 e6 02 74 88 74 5c
    da 34 db 90 d2 6d 51 0a 23 d6 23 00 05 7b 30 82
    05 77 30 82 04 5f a0 03 02 01 02 02 10 13 ea 28
    70 5b f4 ec ed 0c 36 63 09 80 61 43 36 30 0d 06
    09 2a 86 48 86 f7 0d 01 01 0c 05 00 30 6f 31 0b
    30 09 06 03 55 04 06 13 02 53 45 31 14 30 12 06
    03 55 04 0a 13 0b 41 64 64 54 72 75 73 74 20 41
    42 31 26 30 24 06 03 55 04 0b 13 1d 41 64 64 54
    72 75 73 74 20 45 78 74 65 72 6e 61 6c 20 54 54
    50 20 4e 65 74 77 6f 72 6b 31 22 30 20 06 03 55
    04 03 13 19 41 64 64 54 72 75 73 74 20 45 78 74
    65 72 6e 61 6c 20 43 41 20 52 6f 6f 74 30 1e 17
    0d 30 30 30 35 33 30 31 30 34 38 33 38 5a 17 0d
    32 30 30 35 33 30 31 30 34 38 33 38 5a 30 81 88
    31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30
    11 06 03 55 04 08 13 0a 4e 65 77 20 4a 65 72 73
    65 79 31 14 30 12 06 03 55 04 07 13 0b 4a 65 72
    73 65 79 20 43 69 74 79 31 1e 30 1c 06 03 55 04
    0a 13 15 54 68 65 20 55 53 45 52 54 52 55 53 54
    20 4e 65 74 77 6f 72 6b 31 2e 30 2c 06 03 55 04
    03 13 25 55 53 45 52 54 72 75 73 74 20 52 53 41
    20 43 65 72 74 69 66 69 63 61 74 69 6f 6e 20 41
    75 74 68 6f 72 69 74 79 30 82 02 22 30 0d 06 09
    2a 86 48 86 f7 0d 01 01 01 05 00 03 82 02 0f 00
    30 82 02 0a 02 82 02 01 00 80 12 65 17 36 0e c3
    db 08 b3 d0 ac 57 0d 76 ed cd 27 d3 4c ad 50 83
    61 e2 aa 20 4d 09 2d 64 09 dc ce 89 9f cc 3d a9
    ec f6 cf c1 dc f1 d3 b1 d6 7b 37 28 11 2b 47 da
    39 c6 bc 3a 19 b4 5f a6 bd 7d 9d a3 63 42 b6 76
    f2 a9 3b 2b 91 f8 e2 6f d0 ec 16 20 90 09 3e e2
    e8 74 c9 18 b4 91 d4 62 64 db 7f a3 06 f1 88 18
    6a 90 22 3c bc fe 13 f0 87 14 7b f6 e4 1f 8e d4
    e4 51 c6 11 67 46 08 51 cb 86 14 54 3f bc 33 fe
    7e 6c 9c ff 16 9d 18 bd 51 8e 35 a6 a7 66 c8 72
    67 db 21 66 b1 d4 9b 78 03 c0 50 3a e8 cc f0 dc
    bc 9e 4c fe af 05 96 35 1f 57 5a b7 ff ce f9 3d
    b7 2c b6 f6 54 dd c8 e7 12 3a 4d ae 4c 8a b7 5c
    9a b4 b7 20 3d ca 7f 22 34 ae 7e 3b 68 66 01 44
    e7 01 4e 46 53 9b 33 60 f7 94 be 53 37 90 73 43
    f3 32 c3 53 ef db aa fe 74 4e 69 c7 6b 8c 60 93
    de c4 c7 0c df e1 32 ae cc 93 3b 51 78 95 67 8b
    ee 3d 56 fe 0c d0 69 0f 1b 0f f3 25 26 6b 33 6d
    f7 6e 47 fa 73 43 e5 7e 0e a5 66 b1 29 7c 32 84
    63 55 89 c4 0d c1 93 54 30 19 13 ac d3 7d 37 a7
    eb 5d 3a 6c 35 5c db 41 d7 12 da a9 49 0b df d8
    80 8a 09 93 62 8e b5 66 cf 25 88 cd 84 b8 b1 3f
    a4 39 0f d9 02 9e eb 12 4c 95 7c f3 6b 05 a9 5e
    16 83 cc b8 67 e2 e8 13 9d cc 5b 82 d3 4c b3 ed
    5b ff de e5 73 ac 23 3b 2d 00 bf 35 55 74 09 49
    d8 49 58 1a 7f 92 36 e6 51 92 0e f3 26 7d 1c 4d
    17 bc c9 ec 43 26 d0 bf 41 5f 40 a9 44 44 f4 99
    e7 57 87 9e 50 1f 57 54 a8 3e fd 74 63 2f b1 50
    65 09 e6 58 42 2e 43 1a 4c b4 f0 25 47 59 fa 04
    1e 93 d4 26 46 4a 50 81 b2 de be 78 b7 fc 67 15
    e1 c9 57 84 1e 0f 63 d6 e9 62 ba d6 5f 55 2e ea
    5c c6 28 08 04 25 39 b8 0e 2b a9 f2 4c 97 1c 07
    3f 0d 52 f5 ed ef 2f 82 0f 02 03 01 00 01 a3 81
    f4 30 81 f1 30 1f 06 03 55 1d 23 04 18 30 16 80
    14 ad bd 98 7a 34 b4 26 f7 fa c4 26 54 ef 03 bd
    e0 24 cb 54 1a 30 1d 06 03 55 1d 0e 04 16 04 14
    53 79 bf 5a aa 2b 4a cf 54 80 e1 d8 9b c0 9d f2
    b2 03 66 cb 30 0e 06 03 55 1d 0f 01 01 ff 04 04
    03 02 01 86 30 0f 06 03 55 1d 13 01 01 ff 04 05
    30 03 01 01 ff 30 11 06 03 55 1d 20 04 0a 30 08
    30 06 06 04 55 1d 20 00 30 44 06 03 55 1d 1f 04
    3d 30 3b 30 39 a0 37 a0 35 86 33 68 74 74 70 3a
    2f 2f 63 72 6c 2e 75 73 65 72 74 72 75 73 74 2e
    63 6f 6d 2f 41 64 64 54 72 75 73 74 45 78 74 65
    72 6e 61 6c 43 41 52 6f 6f 74 2e 63 72 6c 30 35
    06 08 2b 06 01 05 05 07 01 01 04 29 30 27 30 25
    06 08 2b 06 01 05 05 07 30 01 86 19 68 74 74 70
    3a 2f 2f 6f 63 73 70 2e 75 73 65 72 74 72 75 73
    74 2e 63 6f 6d 30 0d 06 09 2a 86 48 86 f7 0d 01
    01 0c 05 00 03 82 01 01 00 93 65 f6 37 83 95 0f
    5e c3 82 1c 1f d6 77 e7 3c 8a c0 aa 09 f0 e9 0b
    26 f1 e0 c2 6a 75 a1 c7 79 c9 b9 52 60 c8 29 12
    0e f0 ad 03 d6 09 c4 76 df e5 a6 81 95 a7 46 da
    82 57 a9 95 92 c5 b6 8f 03 22 6c 33 77 c1 7b 32
    17 6e 07 ce 5a 14 41 3a 05 24 1b f6 14 06 3b a8
    25 24 0e bb cc 2a 75 dd b9 70 41 3f 7c d0 63 36
    21 07 1f 46 ff 60 a4 91 e1 67 bc de 1f 7e 19 14
    c9 63 67 91 ea 67 07 6b b4 8f 8b c0 6e 43 7d c3
    a1 80 6c b2 1e bc 53 85 7d dc 90 a1 a4 bc 2d ef
    46 72 57 35 05 bf bb 46 bb 6e 6d 37 99 b6 ff 23
    92 91 c6 6e 40 f8 8f 29 56 ea 5f d5 5f 14 53 ac
    f0 4f 61 ea f7 22 cc a7 56 0b e2 b8 34 1f 26 d9
    7b 19 05 68 3f ba 3c d4 38 06 a2 d3 e6 8f 0e e3
    b4 71 6d 40 42 c5 84 b4 40 95 2b f4 65 a0 48 79
    f6 1d 81 63 96 9d 4f 75 e0 f8 7c e4 8e a9 d1 f2
    ad 8a b3 8c c7 21 cd c2 ef
depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
verify return:1
depth=1 C = FR, ST = Paris, L = Paris, O = Gandi, CN = Gandi Standard SSL CA 2
verify return:1
depth=0 OU = Domain Control Validated, OU = Gandi Standard SSL, CN = bugs.python.org
verify return:1
read from 0x221a2f0 [0x223c7d3] (5 bytes => 4 (0x4))
0000 - 16 03 01 02                                       ....
read from 0x221a2f0 [0x223c7d7] (1 bytes => 1 (0x1))
0000 - 0d                                                .
<<< ??? [length 0005]
    16 03 01 02 0d
SSL_connect:SSLv3/TLS read server certificate
read from 0x221a2f0 [0x223c7d8] (525 bytes => 525 (0x20D))
0000 - 0c 00 02 09 00 80 d6 7d-e4 40 cb bb dc 19 36 d6   .......}.@....6.
0010 - 93 d3 4a fd 0a d5 0c 84-d2 39 a4 5f 52 0b b8 81   ..J......9._R...
0020 - 74 cb 98 bc e9 51 84 9f-91 2e 63 9c 72 fb 13 b4   t....Q....c.r...
0030 - b4 d7 17 7e 16 d5 5a c1-79 ba 42 0b 2a 29 fe 32   ...~..Z.y.B.*).2
0040 - 4a 46 7a 63 5e 81 ff 59-01 37 7b ed dc fd 33 16   JFzc^..Y.7{...3.
0050 - 8a 46 1a ad 3b 72 da e8-86 00 78 04 5b 07 a7 db   .F..;r....x.[...
0060 - ca 78 74 08 7d 15 10 ea-9f cc 9d dd 33 05 07 dd   .xt.}.......3...
0070 - 62 db 88 ae aa 74 7d e0-f4 d6 e2 bd 68 b0 e7 39   b....t}.....h..9
0080 - 3e 0f 24 21 8e b3 00 01-02 00 80 29 fe a4 bf bc   >.$!.......)....
0090 - 4f 50 3a ab 41 16 b1 75-18 6e 2f da 2c af 55 cd   OP:.A..u.n/.,.U.
00a0 - bc dc 1d eb 7e 09 e1 8e-9b e6 d0 16 e3 52 24 28   ....~........R$(
00b0 - dc 4d b7 b3 8a 1c 1c 3f-c5 00 a0 9c 98 13 9d bb   .M.....?........
00c0 - 9f 11 1a 89 73 c9 15 5e-a5 b1 e2 fb 17 af 40 68   ....s..^......@h
00d0 - e5 b7 27 3a e8 5b f0 bd-8b f6 cc e0 44 cc 77 6d   ..':.[......D.wm
00e0 - 81 ce 60 f9 c4 0c db 98-cc 33 03 37 76 30 9f 29   ..`......3.7v0.)
00f0 - 1f c7 c5 8c bd be 7e 6f-67 a4 19 4a b3 14 f8 74   ......~og..J...t
0100 - 46 10 02 18 92 97 5a 9d-16 61 97 01 00 51 2c 2d   F.....Z..a...Q,-
0110 - e1 a8 88 f8 68 95 dc 1d-21 a9 7f 26 41 50 f0 b1   ....h...!..&AP..
0120 - 27 3a 07 cc 56 ba 34 d1-97 7d 61 77 a4 ff 2e b9   ':..V.4..}aw....
0130 - a9 37 4a cc 65 5d 67 29-8f 98 82 26 7e 22 8c 8d   .7J.e]g)...&~"..
0140 - 54 ad eb 13 ca e8 2e 58-0e 53 95 ef d4 ef 57 e0   T......X.S....W.
0150 - e8 3e a6 0e 63 ad dd 98-a0 3a 88 e4 2e 08 b5 82   .>..c....:......
0160 - da 91 91 ba e7 d6 5c 6f-68 74 0b 27 d2 77 f8 0d   ......\oht.'.w..
0170 - c7 84 ac 24 12 d2 50 d4-03 82 7e c5 00 11 1d 07   ...$..P...~.....
0180 - 96 80 4d 73 d3 51 9d 0f-b6 de 77 64 f1 d7 54 4c   ..Ms.Q....wd..TL
0190 - a2 ff 6a 0b 7d 10 ff 5a-ff 2e 6d ac df 3f 92 de   ..j.}..Z..m..?..
01a0 - 35 97 7b ba ee 87 1f 7d-22 ec 18 3f d3 69 52 3f   5.{....}"..?.iR?
01b0 - 4c f9 c0 83 b6 03 7d 94-fa 7e de ca ac 12 e1 d2   L.....}..~......
01c0 - 52 82 1d 90 1d 39 a3 08-5b 1e 87 42 1d 7d b0 6e   R....9..[..B.}.n
01d0 - 25 89 33 66 60 19 38 7c-25 ec b6 3d 14 e5 59 d2   %.3f`.8|%..=..Y.
01e0 - 09 28 11 f0 6b e4 0d 90-1c e9 b9 59 42 40 b7 4c   .(..k......YB@.L
01f0 - 2c 0d aa 96 9a ea c6 80-b9 11 18 54 9b a5 fb 2d   ,..........T...-
0200 - 19 6d 48 82 6d a6 8c f0-f0 01 08 92 75            .mH.m.......u
<<< TLS 1.0Handshake [length 020d], ServerKeyExchange
    0c 00 02 09 00 80 d6 7d e4 40 cb bb dc 19 36 d6
    93 d3 4a fd 0a d5 0c 84 d2 39 a4 5f 52 0b b8 81
    74 cb 98 bc e9 51 84 9f 91 2e 63 9c 72 fb 13 b4
    b4 d7 17 7e 16 d5 5a c1 79 ba 42 0b 2a 29 fe 32
    4a 46 7a 63 5e 81 ff 59 01 37 7b ed dc fd 33 16
    8a 46 1a ad 3b 72 da e8 86 00 78 04 5b 07 a7 db
    ca 78 74 08 7d 15 10 ea 9f cc 9d dd 33 05 07 dd
    62 db 88 ae aa 74 7d e0 f4 d6 e2 bd 68 b0 e7 39
    3e 0f 24 21 8e b3 00 01 02 00 80 29 fe a4 bf bc
    4f 50 3a ab 41 16 b1 75 18 6e 2f da 2c af 55 cd
    bc dc 1d eb 7e 09 e1 8e 9b e6 d0 16 e3 52 24 28
    dc 4d b7 b3 8a 1c 1c 3f c5 00 a0 9c 98 13 9d bb
    9f 11 1a 89 73 c9 15 5e a5 b1 e2 fb 17 af 40 68
    e5 b7 27 3a e8 5b f0 bd 8b f6 cc e0 44 cc 77 6d
    81 ce 60 f9 c4 0c db 98 cc 33 03 37 76 30 9f 29
    1f c7 c5 8c bd be 7e 6f 67 a4 19 4a b3 14 f8 74
    46 10 02 18 92 97 5a 9d 16 61 97 01 00 51 2c 2d
    e1 a8 88 f8 68 95 dc 1d 21 a9 7f 26 41 50 f0 b1
    27 3a 07 cc 56 ba 34 d1 97 7d 61 77 a4 ff 2e b9
    a9 37 4a cc 65 5d 67 29 8f 98 82 26 7e 22 8c 8d
    54 ad eb 13 ca e8 2e 58 0e 53 95 ef d4 ef 57 e0
    e8 3e a6 0e 63 ad dd 98 a0 3a 88 e4 2e 08 b5 82
    da 91 91 ba e7 d6 5c 6f 68 74 0b 27 d2 77 f8 0d
    c7 84 ac 24 12 d2 50 d4 03 82 7e c5 00 11 1d 07
    96 80 4d 73 d3 51 9d 0f b6 de 77 64 f1 d7 54 4c
    a2 ff 6a 0b 7d 10 ff 5a ff 2e 6d ac df 3f 92 de
    35 97 7b ba ee 87 1f 7d 22 ec 18 3f d3 69 52 3f
    4c f9 c0 83 b6 03 7d 94 fa 7e de ca ac 12 e1 d2
    52 82 1d 90 1d 39 a3 08 5b 1e 87 42 1d 7d b0 6e
    25 89 33 66 60 19 38 7c 25 ec b6 3d 14 e5 59 d2
    09 28 11 f0 6b e4 0d 90 1c e9 b9 59 42 40 b7 4c
    2c 0d aa 96 9a ea c6 80 b9 11 18 54 9b a5 fb 2d
    19 6d 48 82 6d a6 8c f0 f0 01 08 92 75
>>> ??? [length 0005]
    15 03 01 00 02
write to 0x221a2f0 [0x2245a70] (7 bytes => 7 (0x7))
0000 - 15 03 01 00 02 02 33                              ......3
>>> TLS 1.0Alert [length 0002], fatal decrypt_error
    02 33
SSL3 alert write:fatal:decrypt error
SSL_connect:error in error
140059459471104:error:0407008A:rsa routines:RSA_padding_check_PKCS1_type_1:invalid padding:crypto/rsa/rsa_pk1.c:67:
140059459471104:error:04067072:rsa routines:rsa_ossl_public_decrypt:padding check failed:crypto/rsa/rsa_ossl.c:644:
140059459471104:error:1416D07B:SSL routines:tls_process_key_exchange:bad signature:ssl/statem/statem_clnt.c:1724:
---
Certificate chain
 0 s:/OU=Domain Control Validated/OU=Gandi Standard SSL/CN=bugs.python.org
   i:/C=FR/ST=Paris/L=Paris/O=Gandi/CN=Gandi Standard SSL CA 2
 1 s:/C=FR/ST=Paris/L=Paris/O=Gandi/CN=Gandi Standard SSL CA 2
   i:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
 2 s:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
   i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgIRAOEeRoPrvJwGWnKMqhUHFVkwDQYJKoZIhvcNAQELBQAw
XzELMAkGA1UEBhMCRlIxDjAMBgNVBAgTBVBhcmlzMQ4wDAYDVQQHEwVQYXJpczEO
MAwGA1UEChMFR2FuZGkxIDAeBgNVBAMTF0dhbmRpIFN0YW5kYXJkIFNTTCBDQSAy
MB4XDTE3MDIxMTAwMDAwMFoXDTIwMDIxMTIzNTk1OVowWjEhMB8GA1UECxMYRG9t
YWluIENvbnRyb2wgVmFsaWRhdGVkMRswGQYDVQQLExJHYW5kaSBTdGFuZGFyZCBT
U0wxGDAWBgNVBAMTD2J1Z3MucHl0aG9uLm9yZzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKAXwCsIyzeiOPBc9NyrmwwnxSldAnUgfdP6h0ZE3LiOyYln
oGN+UT3P2+gwnjUx0E/j6AeYwych+PBlBlEpl9oUKN8QYg8pvHlOWk6JMrY4dKhh
UJWVaFx/YDH1piaAQvFHAxIaP6dOJoVL9qO6g48YNkrBflxIML8U5uUyVMQyGO38
sCyepM9XCu133a7zgQZED4cZi96xbW9W4SYMR4cAkPIzUkb0JQzM1FpmSeLUsWTF
zLeF4GjNfZKptWV2ZPz54TBmgskD+Jgz/Ud2ACGnOXrRJi1HNgU1t66/1dHnq9tm
kIIT6cRiQlEd2zzeG8hC1sxlW+kRpUPIRw+/wl0CAwEAAaOCAbcwggGzMB8GA1Ud
IwQYMBaAFLOQp9jJr07NYTyffK1df0H9aTDqMB0GA1UdDgQWBBSUYf4ETipxlDoj
P6jBfwLG2MkDiTAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUE
FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwSwYDVR0gBEQwQjA2BgsrBgEEAbIxAQIC
GjAnMCUGCCsGAQUFBwIBFhlodHRwczovL2Nwcy51c2VydHJ1c3QuY29tMAgGBmeB
DAECATBBBgNVHR8EOjA4MDagNKAyhjBodHRwOi8vY3JsLnVzZXJ0cnVzdC5jb20v
R2FuZGlTdGFuZGFyZFNTTENBMi5jcmwwcwYIKwYBBQUHAQEEZzBlMDwGCCsGAQUF
BzAChjBodHRwOi8vY3J0LnVzZXJ0cnVzdC5jb20vR2FuZGlTdGFuZGFyZFNTTENB
Mi5jcnQwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wLwYD
VR0RBCgwJoIPYnVncy5weXRob24ub3JnghN3d3cuYnVncy5weXRob24ub3JnMA0G
CSqGSIb3DQEBCwUAA4IBAQAuAmMIg+SMDcb9K49If/nqR/TTGK0pj4mNTTjZtd7N
UryqVsz2aBXAF0kSZdMfVrZz+g93I7DnlFfWq0e8sIT64cgTSgbByZbYnjRY5bDX
os+SICnYT7RS+N0AclcmrDFvlz9d+3WFtVyFFrYngCdC8pfFUbguWHrPN4e5ppB4
6u7ufMZO+2HFmqPar0Dr3CDvHQJ/KR3XIHo6deZBG0vFAElW1lGsn7XsgzZrDThU
lcfmxxvFFE2XkiTiMv7ksPC6199sv4/LkEpCMbq3P66FP6DKKSVYVtFFqymPjcO6
nNeZNNIXOvbr8IVXzAgaaLb9U/oEGtWVPpUBCgTZlwC4
-----END CERTIFICATE-----
subject=/OU=Domain Control Validated/OU=Gandi Standard SSL/CN=bugs.python.org
issuer=/C=FR/ST=Paris/L=Paris/O=Gandi/CN=Gandi Standard SSL CA 2
---
No client certificate CA names sent
Server Temp Key: DH, 1024 bits
---
SSL handshake has read 4810 bytes and written 261 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1
    Cipher    : 0000
    Session-ID: 
    Session-ID-ctx: 
    Master-Key: 
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1507217339
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
---
@vstinner

This comment has been minimized.

Copy link
Member Author

commented Oct 5, 2017

I'm using Firefox 56 and OpenSSL 1.1.0f-fips 25 May 2017 on Fedora 26. Tell me if you need more information.

@vstinner

This comment has been minimized.

Copy link
Member Author

commented Oct 5, 2017

I'm using bugs.python.org almost everyday (especially monday-friday), and I'm quite sure that it worked perfectly well until today. I don't know when exactly.

@vstinner

This comment has been minimized.

Copy link
Member Author

commented Oct 5, 2017

Short shell script to test if you have the bug: run "openssl s_client" in a loop until it gets an error:

while true; do echo -ne "GET /\n\n" | openssl s_client -host bugs.python.org -port 443 -debug -msg  -state 2>&1| tee out; grep -q 'New.*NONE' out && break; done

The script ends when the TLS connection fails and writes the full output into the file "out".

I tested from a different compute on a different network, but still in France: I reproduced the bug at the first connection!

EDIT: I removed the unneeded "-6" s_client option.

@ezio-melotti

This comment has been minimized.

Copy link
Member

commented Oct 5, 2017

I tried to run the command and got a failure after 5-6 iteration. The error I got is:

$ grep -B2 -A2 error out 
write to 0x559c05604f80 [0x559c05616a20] (7 bytes => 7 (0x7))
0000 - 15 03 01 00 02 02 33                              ......3
>>> TLS 1.0 Alert [length 0002], fatal decrypt_error
    02 33
SSL3 alert write:fatal:decrypt error
SSL_connect:error in error
SSL_connect:error in error
140367670800088:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01:rsa_pk1.c:103:
140367670800088:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay.c:705:
140367670800088:error:1408D07B:SSL routines:ssl3_get_key_exchange:bad signature:s3_clnt.c:1991:

I did a second attempt with the same result after 12-13 iterations.

@vstinner

This comment has been minimized.

Copy link
Member Author

commented Dec 12, 2017

I'm still getting this error :-(

@ewdurbin

This comment has been minimized.

Copy link
Member

commented Dec 12, 2017

I've got no idea what's going on here. @MarkMangoba can you help us understand what the timeline looks like for the hosting migration of b.p.o? If it's nearing completion... we may be able to ride it out.

FWIW the reproduction case (openssl -s_client running in a loop) hasn't failed yet for me over the course of a about 10 minutes 😕

Alternatively we could ask the hosting company currently supporting b.p.o. to take a look?

@ewdurbin

This comment has been minimized.

Copy link
Member

commented Dec 12, 2017

i decided to go take a look at least, but don't have any privileges on bugs.python.org to view apache logs or configs

@JulienPalard

This comment has been minimized.

Copy link
Member

commented Dec 12, 2017

I'm using OpenSSL 1.1.0f 25 May 2017 on a Debian 9.1, tried the loop a long time and I can't reproduce the issue on my side.

@ned-deily

This comment has been minimized.

Copy link
Member

commented Mar 26, 2018

There have been recent repeated TLS failures on bugs.python.org and ones that were having a serious negative impact today on python-dev workflow: causing failures in our Github webhooks for the python/cpython repo to update bugs.python.org. For more details, see the "Intermittent SSL signature issues" issue opened on the b.p.o metatracker here: http://psf.upfronthosting.co.za/roundup/meta/issue649

Try running the certificate checker repeatedly; I see occasional failures. And note that only TLS1.0 is supported.

CCing: @ezio-melotti

@MarkMangoba

This comment has been minimized.

Copy link

commented Mar 26, 2018

I’m going to take a look what we can do. @soltysh has been working on the new bugs infra, and we recently just got over a blocker. Will post an update on the new infra this week.

@MarkMangoba

This comment has been minimized.

Copy link

commented Apr 4, 2018

I've put the current bugs instance behind Fastly via: https://www.bugs.python.org (https://bugs.python.org is not behind Fastly at the moment).

  • I worked with Fastly not to cache bugs.python.org. This is done via the headers.
  • Allowing only TLS connections via the request settings.
@ThomasAH

This comment has been minimized.

Copy link

commented May 22, 2018

This looks a bit like something we encountered on Apache servers on various versions of Debian serving other WSGI applications.
On those servers WSGIDaemonProcess/WSGIProcessGroup wasn't used, so the WSGI applications were running as www-data instead of a separate user.
After adding this the TLS errors vanished completely, before that they reoccurred sometimes once per week and persisted for some (but not all) of the Apache threads until Apache got restarted.

Can someone verify the Apache configuration?

@vstinner

This comment has been minimized.

Copy link
Member Author

commented Jul 5, 2018

Same issue reported at python/bugs.python.org#15

@vstinner

This comment has been minimized.

Copy link
Member Author

commented Sep 28, 2018

while true; do echo -ne "GET /\n\n" | openssl s_client -host bugs.python.org -port 443 -debug -msg  -state 2>&1| tee out; grep -q 'New.*NONE' out && break; done

Hum, I'm unable to reproduce this issue. Maybe the bug has been fixed in the meanwhile.

@vstinner

This comment has been minimized.

Copy link
Member Author

commented Dec 12, 2018

Right now, "openssl s_client" always fail, whereas Firefox has no issue to access bugs.python.org:

$ openssl s_client -state -debug -connect bugs.python.org:443
SSL_connect:before SSL initialization
SSL_connect:SSLv3/TLS write client hello
SSL3 alert read:fatal:handshake failure
SSL_connect:error in error
140529753065280:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_s3.c:1528:SSL alert number 40
CONNECTED(00000004)
write to 0x55fad9c5bce0 [0x55fad9c77d30] (299 bytes => 299 (0x12B))
0000 - 16 03 01 01 26 01 00 01-22 03 03 79 c6 26 83 83   ....&..."..y.&..
0010 - c1 a3 d7 31 97 08 44 8e-d0 89 61 90 44 67 a2 37   ...1..D...a.Dg.7
0020 - 0a 25 11 87 25 98 c3 3c-77 e7 72 20 3f f1 bd f3   .%..%..<w.r ?...
0030 - 1c 9a 9c 81 6a 19 ba da-85 58 57 fa 8f 67 6c 3c   ....j....XW..gl<
0040 - e8 e7 6d 60 9e da f8 74-c0 c6 fe e4 00 2c 13 02   ..m`...t.....,..
0050 - 13 03 13 01 13 04 c0 2c-c0 30 cc a9 cc a8 c0 ad   .......,.0......
0060 - c0 2b c0 2f c0 ac c0 23-c0 27 00 9f cc aa c0 9f   .+./...#.'......
0070 - 00 9e c0 9e 00 6b 00 67-00 ff 01 00 00 ad 00 00   .....k.g........
0080 - 00 14 00 12 00 00 0f 62-75 67 73 2e 70 79 74 68   .......bugs.pyth
0090 - 6f 6e 2e 6f 72 67 00 0b-00 04 03 00 01 02 00 0a   on.org..........
00a0 - 00 0c 00 0a 00 1d 00 17-00 1e 00 19 00 18 00 23   ...............#
00b0 - 00 00 00 16 00 00 00 17-00 00 00 0d 00 30 00 2e   .............0..
00c0 - 04 03 05 03 06 03 08 07-08 08 08 09 08 0a 08 0b   ................
00d0 - 08 04 08 05 08 06 04 01-05 01 06 01 03 03 02 03   ................
00e0 - 03 01 02 01 03 02 02 02-04 02 05 02 06 02 00 2b   ...............+
00f0 - 00 09 08 03 04 03 03 03-02 03 01 00 2d 00 02 01   ............-...
0100 - 01 00 33 00 26 00 24 00-1d 00 20 d7 7f f8 1e 85   ..3.&.$... .....
0110 - c9 e4 a2 f8 81 34 8f 13-97 98 08 3a 62 0d 2b 9d   .....4.....:b.+.
0120 - 3b 11 86 28 0e 6b f4 77-08 54 4a                  ;..(.k.w.TJ
read from 0x55fad9c5bce0 [0x55fad9c6eb13] (5 bytes => 5 (0x5))
0000 - 15 03 01 00 02                                    .....
read from 0x55fad9c5bce0 [0x55fad9c6eb18] (2 bytes => 2 (0x2))
0000 - 02 28                                             .(
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 299 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
read from 0x55fad9c5bce0 [0x55fad9ba3b60] (8192 bytes => 0 (0x0))
@vstinner

This comment has been minimized.

Copy link
Member Author

commented Dec 12, 2018

SSL Labs gives an overall rating of C:

  • "No support for TLS 1.2, which is the only secure protocol version."
  • This server supports weak Diffie-Hellman (DH) key exchange parameters. Grade capped to B.
  • The server supports only older protocols, but not the current best TLS 1.2. Grade capped to C.
  • This server does not support Forward Secrecy with the reference browsers. Grade capped to B.
  • This server does not support Authenticated encryption (AEAD) cipher suites. Grade capped to B.
  • https://www.ssllabs.com/ssltest/analyze.html?d=bugs.python.org&latest

A colleague told me "HTTP server signature: BaseHTTP/0.3 Python/2.6.6".

@vstinner

This comment has been minimized.

Copy link
Member Author

commented Dec 12, 2018

I came into this issue again because I have a script which uses XML-RPC to connect to bugs.python.org, but the TLS connection fails:

import xmlrpc.client

class SpecialTransport(xmlrpc.client.SafeTransport):
    def send_content(self, connection, request_body):
        connection.putheader("Referer", "https://bugs.python.org/")
        connection.putheader("Origin", "https://bugs.python.org")
        connection.putheader("X-Requested-With", "XMLHttpRequest")
        super().send_content(connection, request_body)


def main():
    server = xmlrpc.client.ServerProxy('https://bugs.python.org/xmlrpc',
                                       allow_none=True,
                                       transport=SpecialTransport())
    with server:
        issue = server.display('issue16039')
        print("issue title: %s" % issue['title'])

main()

Output:

Traceback (most recent call last):
  File "x.py", line 19, in <module>
    main()
  File "x.py", line 16, in main
    issue = server.display('issue16039')
  File "/usr/lib64/python3.7/xmlrpc/client.py", line 1112, in __call__
    return self.__send(self.__name, args)
  File "/usr/lib64/python3.7/xmlrpc/client.py", line 1452, in __request
    verbose=self.__verbose
  File "/usr/lib64/python3.7/xmlrpc/client.py", line 1154, in request
    return self.single_request(host, handler, request_body, verbose)
  File "/usr/lib64/python3.7/xmlrpc/client.py", line 1166, in single_request
    http_conn = self.send_request(host, handler, request_body, verbose)
  File "/usr/lib64/python3.7/xmlrpc/client.py", line 1279, in send_request
    self.send_content(connection, request_body)
  File "x.py", line 8, in send_content
    super().send_content(connection, request_body)
  File "/usr/lib64/python3.7/xmlrpc/client.py", line 1309, in send_content
    connection.endheaders(request_body)
  File "/usr/lib64/python3.7/http/client.py", line 1224, in endheaders
    self._send_output(message_body, encode_chunked=encode_chunked)
  File "/usr/lib64/python3.7/http/client.py", line 1016, in _send_output
    self.send(msg)
  File "/usr/lib64/python3.7/http/client.py", line 956, in send
    self.connect()
  File "/usr/lib64/python3.7/http/client.py", line 1392, in connect
    server_hostname=server_hostname)
  File "/usr/lib64/python3.7/ssl.py", line 412, in wrap_socket
    session=session
  File "/usr/lib64/python3.7/ssl.py", line 853, in _create
    self.do_handshake()
  File "/usr/lib64/python3.7/ssl.py", line 1117, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:1051)
@vstinner

This comment has been minimized.

Copy link
Member Author

commented Dec 12, 2018

SSL Labs gives an overall rating of C: (...)

See also #13

@vstinner

This comment has been minimized.

Copy link
Member Author

commented Dec 12, 2018

Aha, "www.bugs.python.org" ("www." prefix) works (openssl s_client says "New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256"), bug "bugs.python.org" fails (handshake fails).

@tomato42

This comment has been minimized.

Copy link

commented Dec 12, 2018

140367670800088:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01:rsa_pk1.c:103:

such errors may indicate that the key got compromised: https://lukenotricks.blogspot.com/2010/03/recovering-rsa-private-keys-using.html or https://www.cryptologie.net/article/371/fault-attacks-on-rsas-signatures/

I would strongly suggest regenerating it after the underlying issue was fixed

@vstinner

This comment has been minimized.

Copy link
Member Author

commented Dec 12, 2018

I tuned SSLContext to try to understand why the TLS handshake fails with Fedora system Python3 (/usr/bin/python3) but completes with Python 3.7 compiled manually. Fedora uses ./configure --with-ssl-default-suites=openssl so ssl.SSLContext uses OpenSSL default cipher list (Python doesn't call SSL_CTX_set_cipher_list()). It works on my manually compiled Python because in this Python, ssl.SSLContext calls SSL_CTX_set_cipher_list() with DEFAULT:!aNULL:!eNULL:!MD5:!3DES:!DES:!RC4:!IDEA:!SEED:!aDSS:!SRP:!PSK. With system Python, _ssl._DEFAULT_CIPHERS is ALL:!COMPLEMENTOFDEFAULT:!eNULL but it's not true: in fact, OpenSSL uses PROFILE=SYSTEM.

Summary:

  • Work: DEFAULT:!aNULL:!eNULL:!MD5:!3DES:!DES:!RC4:!IDEA:!SEED:!aDSS:!SRP:!PSK
  • Work: ALL:!COMPLEMENTOFDEFAULT:!eNULL
  • FAIL: PROFILE=SYSTEM

PROFILE=SYSTEM means that OpenSSL reads configuration files:

$ cat /etc/crypto-policies/back-ends/openssl.config
@SECLEVEL=1:kEECDH:-kRSA:kEDH:-AES-128-GCM:kPSK:kDHEPSK:kECDHEPSK:-aDSS:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:-SHA1:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8

$ cat /etc/crypto-policies/back-ends/opensslcnf.config
CipherString = @SECLEVEL=1:kEECDH:-kRSA:kEDH:kPSK:kDHEPSK:kECDHEPSK:-aDSS:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:-SHA1:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8
Ciphersuites = TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256
MinProtocol = TLSv1
@vstinner

This comment has been minimized.

Copy link
Member Author

commented Dec 12, 2018

Fedora 29 uses stricter security:
https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2

We update the current system-wide crypto policy to further disable legacy cryptographic protocols (TLS 1.0 and TLS 1.1) and weak Diffie-Hellman key exchange sizes (1024 bit)

I tried to find the minimum cipher list which works:

@SECLEVEL=1:kEECDH:kEDH:kPSK:kDHEPSK:kECDHEPSK::!eNULL:!aNULL

But adding -SHA1 makes the TLS connection (handshake) fail:

@SECLEVEL=1:kEECDH:kEDH:kPSK:kDHEPSK:kECDHEPSK::!eNULL:!aNULL:-SHA1
@ewdurbin

This comment has been minimized.

Copy link
Member

commented Dec 21, 2018

The migration to new infra and up to date TLS stack is complete. If this reoccurs, please open a new issue.

@ewdurbin ewdurbin closed this Dec 21, 2018

@vstinner

This comment has been minimized.

Copy link
Member Author

commented Dec 21, 2018

Great! Thank you very much! I will keep you in touch next month if something goes wrong.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.