Rustls server aborts TLS 1.3 connection if OpenSSL client prefers P-521 #1373
Description
HelloRetryRequest seems to be broken.
Ctrl+F key_share
Error when connecting to Stalwart mail server which uses Rustls 0.21.5:
openssl s_client trace:
$ openssl s_client -starttls smtp -connect mx.h.terrax.net:26 -curves P-521:P-384 -state -trace -tls1_3
CONNECTED(00000003)
SSL_connect:before SSL initialization
Sent Record
Header:
Version = TLS 1.0 (0x301)
Content Type = Handshake (22)
Length = 329
ClientHello, Length=325
client_version=0x303 (TLS 1.2)
Random:
gmt_unix_time=0x480C1DB4
random_bytes (len=28): 5274740FA4A682BD07BC0730AAF721516234628FB3311B1ADE05A35A
session_id (len=32): 59889883016F9E56CA33009F5241A25C0FFC7A069F6217A2C7B62BAF339D4D43
cipher_suites (len=8)
{0x13, 0x02} TLS_AES_256_GCM_SHA384
{0x13, 0x03} TLS_CHACHA20_POLY1305_SHA256
{0x13, 0x01} TLS_AES_128_GCM_SHA256
{0x00, 0xFF} TLS_EMPTY_RENEGOTIATION_INFO_SCSV
compression_methods (len=1)
No Compression (0x00)
extensions, length = 244
extension_type=server_name(0), length=20
0000 - 00 12 00 00 0f 6d 78 2e-68 2e 74 65 72 72 61 .....mx.h.terra
000f - 78 2e 6e 65 74 x.net
extension_type=ec_point_formats(11), length=4
uncompressed (0)
ansiX962_compressed_prime (1)
ansiX962_compressed_char2 (2)
extension_type=supported_groups(10), length=6
secp521r1 (P-521) (25)
secp384r1 (P-384) (24)
extension_type=session_ticket(35), length=0
extension_type=encrypt_then_mac(22), length=0
extension_type=extended_master_secret(23), length=0
extension_type=signature_algorithms(13), length=30
ecdsa_secp256r1_sha256 (0x0403)
ecdsa_secp384r1_sha384 (0x0503)
ecdsa_secp521r1_sha512 (0x0603)
ed25519 (0x0807)
ed448 (0x0808)
rsa_pss_pss_sha256 (0x0809)
rsa_pss_pss_sha384 (0x080a)
rsa_pss_pss_sha512 (0x080b)
rsa_pss_rsae_sha256 (0x0804)
rsa_pss_rsae_sha384 (0x0805)
rsa_pss_rsae_sha512 (0x0806)
rsa_pkcs1_sha256 (0x0401)
rsa_pkcs1_sha384 (0x0501)
rsa_pkcs1_sha512 (0x0601)
extension_type=supported_versions(43), length=3
TLS 1.3 (772)
extension_type=psk_key_exchange_modes(45), length=2
psk_dhe_ke (1)
extension_type=key_share(51), length=139
NamedGroup: secp521r1 (P-521) (25)
key_exchange: (len=133): 040182006BF4833CFA0EDF096459CC66B8467CB3B7895CD2B16ADC4C209424D08A518F3FC552C73116E3092C43E95D1C34E149F0B239740A605506DC930BE28AC272E8018D07A506BB9E2D997DC2558F0DEC557D049AC83C7E327C2E7A4B2C59C4897734166BFA115F78DA7DC8E91220369D2E7D6F968838322728684E426E0C8FCE3B71C8
SSL_connect:SSLv3/TLS write client hello
Received Record
Header:
Version = TLS 1.2 (0x303)
Content Type = Handshake (22)
Length = 56
SSL_connect:SSLv3/TLS write client hello
ServerHello, Length=52
server_version=0x303 (TLS 1.2)
Random:
gmt_unix_time=0xCF21AD74
random_bytes (len=28): E59A6111BE1D8C021E65B891C2A211167ABB8C5E079E09E2C8A8339C
session_id (len=0):
cipher_suite {0x13, 0x02} TLS_AES_256_GCM_SHA384
compression_method: No Compression (0x00)
extensions, length = 12
extension_type=key_share(51), length=2
NamedGroup: secp384r1 (P-384) (24)
extension_type=supported_versions(43), length=2
TLS 1.3 (772)
Sent Record
Header:
Version = TLS 1.2 (0x303)
Content Type = Alert (21)
Length = 2
Level=fatal(2), description=illegal parameter(47)
SSL3 alert write:fatal:illegal parameter
SSL_connect:error in error
40275589077F0000:error:0A0003E7:SSL routines:tls_process_server_hello:invalid session id:../ssl/statem/statem_clnt.c:1473:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 324 bytes and written 374 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
No error when connecting to Postfix (tls_eecdh_auto_curves=X448,secp384r1,X25519,prime256v1) which uses OpenSSL 3.0.8:
openssl s_client trace:
$ openssl s_client -starttls smtp -connect mx.h.terrax.net:25 -curves P-521:P-384 -state -trace -tls1_3
CONNECTED(00000003)
SSL_connect:before SSL initialization
Sent Record
Header:
Version = TLS 1.0 (0x301)
Content Type = Handshake (22)
Length = 329
ClientHello, Length=325
client_version=0x303 (TLS 1.2)
Random:
gmt_unix_time=0xB0CF04F1
random_bytes (len=28): 706C344380067A05652BEC24D6EEE482B253B5E2B8C4248D9315043E
session_id (len=32): E6E3ED9FFC239AAD3D922469B21E13122A71BDF90466EA3423BB3E3FC404708F
cipher_suites (len=8)
{0x13, 0x02} TLS_AES_256_GCM_SHA384
{0x13, 0x03} TLS_CHACHA20_POLY1305_SHA256
{0x13, 0x01} TLS_AES_128_GCM_SHA256
{0x00, 0xFF} TLS_EMPTY_RENEGOTIATION_INFO_SCSV
compression_methods (len=1)
No Compression (0x00)
extensions, length = 244
extension_type=server_name(0), length=20
0000 - 00 12 00 00 0f 6d 78 2e-68 2e 74 65 72 72 61 .....mx.h.terra
000f - 78 2e 6e 65 74 x.net
extension_type=ec_point_formats(11), length=4
uncompressed (0)
ansiX962_compressed_prime (1)
ansiX962_compressed_char2 (2)
extension_type=supported_groups(10), length=6
secp521r1 (P-521) (25)
secp384r1 (P-384) (24)
extension_type=session_ticket(35), length=0
extension_type=encrypt_then_mac(22), length=0
extension_type=extended_master_secret(23), length=0
extension_type=signature_algorithms(13), length=30
ecdsa_secp256r1_sha256 (0x0403)
ecdsa_secp384r1_sha384 (0x0503)
ecdsa_secp521r1_sha512 (0x0603)
ed25519 (0x0807)
ed448 (0x0808)
rsa_pss_pss_sha256 (0x0809)
rsa_pss_pss_sha384 (0x080a)
rsa_pss_pss_sha512 (0x080b)
rsa_pss_rsae_sha256 (0x0804)
rsa_pss_rsae_sha384 (0x0805)
rsa_pss_rsae_sha512 (0x0806)
rsa_pkcs1_sha256 (0x0401)
rsa_pkcs1_sha384 (0x0501)
rsa_pkcs1_sha512 (0x0601)
extension_type=supported_versions(43), length=3
TLS 1.3 (772)
extension_type=psk_key_exchange_modes(45), length=2
psk_dhe_ke (1)
extension_type=key_share(51), length=139
NamedGroup: secp521r1 (P-521) (25)
key_exchange: (len=133): 04003997A856ED2EA879321DA66BF1730354BEBD20996AAB6034BDA8106107EF381F9393EE11F3BCBC1F587D32DF57EC8C5F89D507995A191E4471569D3C406F84423200B347151366AD382D43D0EA1CE7CE25A0CB298ABCEB8756A32D18246133A39D4ABE695D4EABC4CADEB2B7112FE148091E1C149D03A1D7E716CF33C71387C36DECD8
SSL_connect:SSLv3/TLS write client hello
Received Record
Header:
Version = TLS 1.2 (0x303)
Content Type = Handshake (22)
Length = 88
SSL_connect:SSLv3/TLS write client hello
ServerHello, Length=84
server_version=0x303 (TLS 1.2)
Random:
gmt_unix_time=0xCF21AD74
random_bytes (len=28): E59A6111BE1D8C021E65B891C2A211167ABB8C5E079E09E2C8A8339C
session_id (len=32): E6E3ED9FFC239AAD3D922469B21E13122A71BDF90466EA3423BB3E3FC404708F
cipher_suite {0x13, 0x02} TLS_AES_256_GCM_SHA384
compression_method: No Compression (0x00)
extensions, length = 12
extension_type=supported_versions(43), length=2
TLS 1.3 (772)
extension_type=key_share(51), length=2
NamedGroup: secp384r1 (P-384) (24)
SSL_connect:SSLv3/TLS read server hello
Sent Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ChangeCipherSpec (20)
Length = 1
change_cipher_spec (1)
SSL_connect:SSLv3/TLS write change cipher spec
Sent Record
Header:
Version = TLS 1.2 (0x303)
Content Type = Handshake (22)
Length = 293
ClientHello, Length=289
client_version=0x303 (TLS 1.2)
Random:
gmt_unix_time=0xB0CF04F1
random_bytes (len=28): 706C344380067A05652BEC24D6EEE482B253B5E2B8C4248D9315043E
session_id (len=32): E6E3ED9FFC239AAD3D922469B21E13122A71BDF90466EA3423BB3E3FC404708F
cipher_suites (len=8)
{0x13, 0x02} TLS_AES_256_GCM_SHA384
{0x13, 0x03} TLS_CHACHA20_POLY1305_SHA256
{0x13, 0x01} TLS_AES_128_GCM_SHA256
{0x00, 0xFF} TLS_EMPTY_RENEGOTIATION_INFO_SCSV
compression_methods (len=1)
No Compression (0x00)
extensions, length = 208
extension_type=server_name(0), length=20
0000 - 00 12 00 00 0f 6d 78 2e-68 2e 74 65 72 72 61 .....mx.h.terra
000f - 78 2e 6e 65 74 x.net
extension_type=ec_point_formats(11), length=4
uncompressed (0)
ansiX962_compressed_prime (1)
ansiX962_compressed_char2 (2)
extension_type=supported_groups(10), length=6
secp521r1 (P-521) (25)
secp384r1 (P-384) (24)
extension_type=session_ticket(35), length=0
extension_type=encrypt_then_mac(22), length=0
extension_type=extended_master_secret(23), length=0
extension_type=signature_algorithms(13), length=30
ecdsa_secp256r1_sha256 (0x0403)
ecdsa_secp384r1_sha384 (0x0503)
ecdsa_secp521r1_sha512 (0x0603)
ed25519 (0x0807)
ed448 (0x0808)
rsa_pss_pss_sha256 (0x0809)
rsa_pss_pss_sha384 (0x080a)
rsa_pss_pss_sha512 (0x080b)
rsa_pss_rsae_sha256 (0x0804)
rsa_pss_rsae_sha384 (0x0805)
rsa_pss_rsae_sha512 (0x0806)
rsa_pkcs1_sha256 (0x0401)
rsa_pkcs1_sha384 (0x0501)
rsa_pkcs1_sha512 (0x0601)
extension_type=supported_versions(43), length=3
TLS 1.3 (772)
extension_type=psk_key_exchange_modes(45), length=2
psk_dhe_ke (1)
extension_type=key_share(51), length=103
NamedGroup: secp384r1 (P-384) (24)
key_exchange: (len=97): 04BFF82C32414CCBCD2E859689DB770A3760C90F2DA25C3FB4B5CEC5F741F0E274C83183385B27022D096993D7DB40DEF01DB984D1EE4B346539C38267E55AB0AF47148C7E48E05912431B8A4650105AF1B902EA8225EC9299AAC186392A32F01C
SSL_connect:SSLv3/TLS write client hello
Received Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ChangeCipherSpec (20)
Length = 1
Received Record
Header:
Version = TLS 1.2 (0x303)
Content Type = Handshake (22)
Length = 187
SSL_connect:SSLv3/TLS write client hello
ServerHello, Length=183
server_version=0x303 (TLS 1.2)
Random:
gmt_unix_time=0x3F7AA6B3
random_bytes (len=28): B26FDD172520337E0FC9ADF30549AEE26131143D3C3651C6AB13421C
session_id (len=32): E6E3ED9FFC239AAD3D922469B21E13122A71BDF90466EA3423BB3E3FC404708F
cipher_suite {0x13, 0x02} TLS_AES_256_GCM_SHA384
compression_method: No Compression (0x00)
extensions, length = 111
extension_type=supported_versions(43), length=2
TLS 1.3 (772)
extension_type=key_share(51), length=101
NamedGroup: secp384r1 (P-384) (24)
key_exchange: (len=97): 0421215C22CE64570CF0F930E2C174732D4E1852EF5BDD9CF7553103204222C1C74896B7F18F55DC1D64F107DE6C91AE5D4ADDC997828AB7A70D17AC1D33831D1771A9B056E5DB5ED25DB3D9A6AF969065B2FFE24153A4B79BF3A366522684C73D
Received Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ApplicationData (23)
Length = 37
Inner Content Type = Handshake (22)
SSL_connect:SSLv3/TLS read server hello
EncryptedExtensions, Length=16
extensions, length = 14
extension_type=supported_groups(10), length=10
ecdh_x448 (30)
secp384r1 (P-384) (24)
ecdh_x25519 (29)
secp256r1 (P-256) (23)
Received Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ApplicationData (23)
Length = 14558
Inner Content Type = Handshake (22)
SSL_connect:TLSv1.3 read encrypted extensions
CertificateRequest, Length=14537
request_context (len=0):
extensions, length = 14534
extension_type=signature_algorithms(13), length=38
ecdsa_secp256r1_sha256 (0x0403)
ecdsa_secp384r1_sha384 (0x0503)
ecdsa_secp521r1_sha512 (0x0603)
ed25519 (0x0807)
ed448 (0x0808)
rsa_pss_pss_sha256 (0x0809)
rsa_pss_pss_sha384 (0x080a)
rsa_pss_pss_sha512 (0x080b)
rsa_pss_rsae_sha256 (0x0804)
rsa_pss_rsae_sha384 (0x0805)
rsa_pss_rsae_sha512 (0x0806)
rsa_pkcs1_sha256 (0x0401)
rsa_pkcs1_sha384 (0x0501)
rsa_pkcs1_sha512 (0x0601)
ecdsa_sha224 (0x0303)
ecdsa_sha1 (0x0203)
rsa_pkcs1_sha224 (0x0301)
rsa_pkcs1_sha1 (0x0201)
extension_type=certificate_authorities(47), length=14488
0000 - 38 96 00 44 30 42 31 12-30 10 06 03 55 04 03 8..D0B1.0...U..
000f - 0c 09 41 43 43 56 52 41-49 5a 31 31 10 30 0e ..ACCVRAIZ11.0.
001e - 06 03 55 04 0b 0c 07 50-4b 49 41 43 43 56 31 ..U....PKIACCV1
002d - 0d 30 0b 06 03 55 04 0a-0c 04 41 43 43 56 31 .0...U....ACCV1
003c - 0b 30 09 06 03 55 04 06-13 02 45 53 00 3d 30 .0...U....ES.=0
004b - 3b 31 0b 30 09 06 03 55-04 06 13 02 45 53 31 ;1.0...U....ES1
005a - 11 30 0f 06 03 55 04 0a-0c 08 46 4e 4d 54 2d .0...U....FNMT-
0069 - 52 43 4d 31 19 30 17 06-03 55 04 0b 0c 10 41 RCM1.0...U....A
0078 - 43 20 52 41 49 5a 20 46-4e 4d 54 2d 52 43 4d C RAIZ FNMT-RCM
[.......etc.....]
Received Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ApplicationData (23)
Length = 3831
Inner Content Type = Handshake (22)
SSL_connect:SSLv3/TLS read server certificate request
Certificate, Length=3810
context (len=0):
certificate_list, length=3806
ASN.1Cert, length=1105
------details-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:98:57:48:34:52:68:92:1b:97:fa:56:50:ba:7c:ee:dd:59
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, O = Let's Encrypt, CN = R3
Validity
Not Before: Jul 19 19:57:27 2023 GMT
Not After : Oct 17 19:57:26 2023 GMT
Subject: CN = mx.h.terrax.net
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
pub:
04:30:f0:f5:0d:1c:31:0c:a1:58:7d:e9:47:01:4a:
5a:fb:12:e3:9f:e0:eb:76:01:a2:df:0f:e7:c6:61:
42:ea:37:2e:a3:08:8b:80:9d:40:e7:21:a4:3f:5c:
d2:20:e5:78:cd:54:0f:a1:f6:2f:05:45:1f:24:a9:
ad:40:b4:a6:0f:fa:04:1d:d7:74:a8:ac:6d:3f:2a:
bf:c5:e0:7c:62:3a:57:0a:89:8d:f2:c4:20:a7:bc:
f9:08:b3:e7:c7:2d:0d
ASN1 OID: secp384r1
NIST CURVE: P-384
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
9D:81:18:4D:87:EA:12:2D:94:9F:04:3B:B1:51:BA:92:F7:B1:48:DC
X509v3 Authority Key Identifier:
14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:mua.terrax.net, DNS:mx.h.terrax.net
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
Timestamp : Jul 19 20:57:27.724 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:96:74:4A:EE:CD:4F:C6:1F:1E:E9:09:
4A:52:EE:FA:01:B9:51:F2:F0:7F:26:5A:26:FD:82:8F:
74:A3:B6:57:C8:02:21:00:95:A5:A9:0D:80:28:F9:58:
CC:72:AA:5A:4F:10:11:C3:49:BF:30:F8:2D:73:CB:E4:
91:E7:45:A5:84:74:1B:66
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9:
03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E
Timestamp : Jul 19 20:57:27.714 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:50:4C:D4:82:08:17:2D:66:F1:1A:2F:71:
18:E3:A0:48:58:27:70:16:78:00:AA:FF:6C:E3:85:9F:
85:B3:D9:2B:02:20:37:D2:D0:1B:08:D2:0F:F9:8B:79:
8B:79:31:EC:BF:16:48:05:31:AE:7F:08:16:9E:D0:F7:
CA:CB:D9:38:B1:C2
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
0f:67:2c:41:ab:75:53:a1:17:e5:fe:23:34:4b:9e:bb:ec:3c:
e6:f3:fd:43:d0:ea:e0:9b:f9:89:76:6c:b2:7c:5d:a9:0f:0d:
4e:95:e5:c5:a8:9d:56:82:b2:ed:46:24:1a:a8:79:88:c5:45:
21:67:56:37:fc:9d:b1:aa:54:82:69:9c:ad:d0:0f:a4:ba:cb:
32:83:34:58:db:54:b9:91:a1:ad:c7:08:06:81:5a:f3:d1:c1:
9b:a6:98:d1:b5:ae:fe:37:f1:71:53:0b:ba:4f:90:bd:c5:54:
fb:99:03:b5:5b:1f:bb:d5:12:9f:d3:60:34:0f:8e:0b:ab:4e:
06:16:d8:0c:08:54:0b:b6:8f:d8:85:aa:09:5a:4d:49:81:18:
7c:1e:04:d2:76:06:9e:2d:d7:c1:5e:9d:5a:f8:ef:6f:2a:51:
06:d4:45:2a:79:b4:06:d6:3e:ee:c6:4a:0c:f8:04:f9:d1:80:
8d:3d:82:69:5b:03:bb:90:68:42:0a:2b:fb:48:e6:70:ab:3e:
34:dc:34:53:cf:d9:01:37:8b:fc:17:7f:2b:58:01:ef:5c:12:
57:55:9f:58:56:34:3a:47:53:7c:0e:b9:35:64:7e:9d:72:00:
1b:b9:38:a7:8d:17:60:2e:aa:fa:10:d5:4f:83:cf:b8:18:5f:
13:18:12:90
-----BEGIN CERTIFICATE-----
[.......etc.....]
-----END CERTIFICATE-----
------------------
No extensions
ASN.1Cert, length=1306
------details-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
91:2b:08:4a:cf:0c:18:a7:53:f6:d6:2e:25:a7:5f:5a
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, O = Internet Security Research Group, CN = ISRG Root X1
Validity
Not Before: Sep 4 00:00:00 2020 GMT
Not After : Sep 15 16:00:00 2025 GMT
Subject: C = US, O = Let's Encrypt, CN = R3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:bb:02:15:28:cc:f6:a0:94:d3:0f:12:ec:8d:55:
92:c3:f8:82:f1:99:a6:7a:42:88:a7:5d:26:aa:b5:
2b:b9:c5:4c:b1:af:8e:6b:f9:75:c8:a3:d7:0f:47:
94:14:55:35:57:8c:9e:a8:a2:39:19:f5:82:3c:42:
a9:4e:6e:f5:3b:c3:2e:db:8d:c0:b0:5c:f3:59:38:
e7:ed:cf:69:f0:5a:0b:1b:be:c0:94:24:25:87:fa:
37:71:b3:13:e7:1c:ac:e1:9b:ef:db:e4:3b:45:52:
45:96:a9:c1:53:ce:34:c8:52:ee:b5:ae:ed:8f:de:
60:70:e2:a5:54:ab:b6:6d:0e:97:a5:40:34:6b:2b:
d3:bc:66:eb:66:34:7c:fa:6b:8b:8f:57:29:99:f8:
30:17:5d:ba:72:6f:fb:81:c5:ad:d2:86:58:3d:17:
c7:e7:09:bb:f1:2b:f7:86:dc:c1:da:71:5d:d4:46:
e3:cc:ad:25:c1:88:bc:60:67:75:66:b3:f1:18:f7:
a2:5c:e6:53:ff:3a:88:b6:47:a5:ff:13:18:ea:98:
09:77:3f:9d:53:f9:cf:01:e5:f5:a6:70:17:14:af:
63:a4:ff:99:b3:93:9d:dc:53:a7:06:fe:48:85:1d:
a1:69:ae:25:75:bb:13:cc:52:03:f5:ed:51:a1:8b:
db:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Certificate Sign, CRL Sign
X509v3 Extended Key Usage:
TLS Web Client Authentication, TLS Web Server Authentication
X509v3 Basic Constraints: critical
CA:TRUE, pathlen:0
X509v3 Subject Key Identifier:
14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
X509v3 Authority Key Identifier:
79:B4:59:E6:7B:B6:E5:E4:01:73:80:08:88:C8:1A:58:F6:E9:9B:6E
Authority Information Access:
CA Issuers - URI:http://x1.i.lencr.org/
X509v3 CRL Distribution Points:
Full Name:
URI:http://x1.c.lencr.org/
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
85:ca:4e:47:3e:a3:f7:85:44:85:bc:d5:67:78:b2:98:63:ad:
75:4d:1e:96:3d:33:65:72:54:2d:81:a0:ea:c3:ed:f8:20:bf:
5f:cc:b7:70:00:b7:6e:3b:f6:5e:94:de:e4:20:9f:a6:ef:8b:
b2:03:e7:a2:b5:16:3c:91:ce:b4:ed:39:02:e7:7c:25:8a:47:
e6:65:6e:3f:46:f4:d9:f0:ce:94:2b:ee:54:ce:12:bc:8c:27:
4b:b8:c1:98:2f:a2:af:cd:71:91:4a:08:b7:c8:b8:23:7b:04:
2d:08:f9:08:57:3e:83:d9:04:33:0a:47:21:78:09:82:27:c3:
2a:c8:9b:b9:ce:5c:f2:64:c8:c0:be:79:c0:4f:8e:6d:44:0c:
5e:92:bb:2e:f7:8b:10:e1:e8:1d:44:29:db:59:20:ed:63:b9:
21:f8:12:26:94:93:57:a0:1d:65:04:c1:0a:22:ae:10:0d:43:
97:a1:18:1f:7e:e0:e0:86:37:b5:5a:b1:bd:30:bf:87:6e:2b:
2a:ff:21:4e:1b:05:c3:f5:18:97:f0:5e:ac:c3:a5:b8:6a:f0:
2e:bc:3b:33:b9:ee:4b:de:cc:fc:e4:af:84:0b:86:3f:c0:55:
43:36:f6:68:e1:36:17:6a:8e:99:d1:ff:a5:40:a7:34:b7:c0:
d0:63:39:35:39:75:6e:f2:ba:76:c8:93:02:e9:a9:4b:6c:17:
ce:0c:02:d9:bd:81:fb:9f:b7:68:d4:06:65:b3:82:3d:77:53:
f8:8e:79:03:ad:0a:31:07:75:2a:43:d8:55:97:72:c4:29:0e:
f7:c4:5d:4e:c8:ae:46:84:30:d7:f2:85:5f:18:a1:79:bb:e7:
5e:70:8b:07:e1:86:93:c3:b9:8f:dc:61:71:25:2a:af:df:ed:
25:50:52:68:8b:92:dc:e5:d6:b5:e3:da:7d:d0:87:6c:84:21:
31:ae:82:f5:fb:b9:ab:c8:89:17:3d:e1:4c:e5:38:0e:f6:bd:
2b:bd:96:81:14:eb:d5:db:3d:20:a7:7e:59:d3:e2:f8:58:f9:
5b:b8:48:cd:fe:5c:4f:16:29:fe:1e:55:23:af:c8:11:b0:8d:
ea:7c:93:90:17:2f:fd:ac:a2:09:47:46:3f:f0:e9:b0:b7:ff:
28:4d:68:32:d6:67:5e:1e:69:a3:93:b8:f5:9d:8b:2f:0b:d2:
52:43:a6:6f:32:57:65:4d:32:81:df:38:53:85:5d:7e:5d:66:
29:ea:b8:dd:e4:95:b5:cd:b5:56:12:42:cd:c4:4e:c6:25:38:
44:50:6d:ec:ce:00:55:18:fe:e9:49:64:d4:4e:ca:97:9c:b4:
5b:c0:73:a8:ab:b8:47:c2
-----BEGIN CERTIFICATE-----
[.......etc.....]
-----END CERTIFICATE-----
------------------
No extensions
ASN.1Cert, length=1380
------details-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
40:01:77:21:37:d4:e9:42:b8:ee:76:aa:3c:64:0a:b7
Signature Algorithm: sha256WithRSAEncryption
Issuer: O = Digital Signature Trust Co., CN = DST Root CA X3
Validity
Not Before: Jan 20 19:14:03 2021 GMT
Not After : Sep 30 18:14:03 2024 GMT
Subject: C = US, O = Internet Security Research Group, CN = ISRG Root X1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:ad:e8:24:73:f4:14:37:f3:9b:9e:2b:57:28:1c:
87:be:dc:b7:df:38:90:8c:6e:3c:e6:57:a0:78:f7:
75:c2:a2:fe:f5:6a:6e:f6:00:4f:28:db:de:68:86:
6c:44:93:b6:b1:63:fd:14:12:6b:bf:1f:d2:ea:31:
9b:21:7e:d1:33:3c:ba:48:f5:dd:79:df:b3:b8:ff:
12:f1:21:9a:4b:c1:8a:86:71:69:4a:66:66:6c:8f:
7e:3c:70:bf:ad:29:22:06:f3:e4:c0:e6:80:ae:e2:
4b:8f:b7:99:7e:94:03:9f:d3:47:97:7c:99:48:23:
53:e8:38:ae:4f:0a:6f:83:2e:d1:49:57:8c:80:74:
b6:da:2f:d0:38:8d:7b:03:70:21:1b:75:f2:30:3c:
fa:8f:ae:dd:da:63:ab:eb:16:4f:c2:8e:11:4b:7e:
cf:0b:e8:ff:b5:77:2e:f4:b2:7b:4a:e0:4c:12:25:
0c:70:8d:03:29:a0:e1:53:24:ec:13:d9:ee:19:bf:
10:b3:4a:8c:3f:89:a3:61:51:de:ac:87:07:94:f4:
63:71:ec:2e:e2:6f:5b:98:81:e1:89:5c:34:79:6c:
76:ef:3b:90:62:79:e6:db:a4:9a:2f:26:c5:d0:10:
e1:0e:de:d9:10:8e:16:fb:b7:f7:a8:f7:c7:e5:02:
07:98:8f:36:08:95:e7:e2:37:96:0d:36:75:9e:fb:
0e:72:b1:1d:9b:bc:03:f9:49:05:d8:81:dd:05:b4:
2a:d6:41:e9:ac:01:76:95:0a:0f:d8:df:d5:bd:12:
1f:35:2f:28:17:6c:d2:98:c1:a8:09:64:77:6e:47:
37:ba:ce:ac:59:5e:68:9d:7f:72:d6:89:c5:06:41:
29:3e:59:3e:dd:26:f5:24:c9:11:a7:5a:a3:4c:40:
1f:46:a1:99:b5:a7:3a:51:6e:86:3b:9e:7d:72:a7:
12:05:78:59:ed:3e:51:78:15:0b:03:8f:8d:d0:2f:
05:b2:3e:7b:4a:1c:4b:73:05:12:fc:c6:ea:e0:50:
13:7c:43:93:74:b3:ca:74:e7:8e:1f:01:08:d0:30:
d4:5b:71:36:b4:07:ba:c1:30:30:5c:48:b7:82:3b:
98:a6:7d:60:8a:a2:a3:29:82:cc:ba:bd:83:04:1b:
a2:83:03:41:a1:d6:05:f1:1b:c2:b6:f0:a8:7c:86:
3b:46:a8:48:2a:88:dc:76:9a:76:bf:1f:6a:a5:3d:
19:8f:eb:38:f3:64:de:c8:2b:0d:0a:28:ff:f7:db:
e2:15:42:d4:22:d0:27:5d:e1:79:fe:18:e7:70:88:
ad:4e:e6:d9:8b:3a:c6:dd:27:51:6e:ff:bc:64:f5:
33:43:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
Authority Information Access:
CA Issuers - URI:http://apps.identrust.com/roots/dstrootcax3.p7c
X509v3 Authority Key Identifier:
C4:A7:B1:A4:7B:2C:71:FA:DB:E1:4B:90:75:FF:C4:15:60:85:89:10
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.root-x1.letsencrypt.org
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl.identrust.com/DSTROOTCAX3CRL.crl
X509v3 Subject Key Identifier:
79:B4:59:E6:7B:B6:E5:E4:01:73:80:08:88:C8:1A:58:F6:E9:9B:6E
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
0a:73:00:6c:96:6e:ff:0e:52:d0:ae:dd:8c:e7:5a:06:ad:2f:
a8:e3:8f:bf:c9:0a:03:15:50:c2:e5:6c:42:bb:6f:9b:f4:b4:
4f:c2:44:88:08:75:cc:eb:07:9b:14:62:6e:78:de:ec:27:ba:
39:5c:f5:a2:a1:6e:56:94:70:10:53:b1:bb:e4:af:d0:a2:c3:
2b:01:d4:96:f4:c5:20:35:33:f9:d8:61:36:e0:71:8d:b4:b8:
b5:aa:82:45:95:c0:f2:a9:23:28:e7:d6:a1:cb:67:08:da:a0:
43:2c:aa:1b:93:1f:c9:de:f5:ab:69:5d:13:f5:5b:86:58:22:
ca:4d:55:e4:70:67:6d:c2:57:c5:46:39:41:cf:8a:58:83:58:
6d:99:fe:57:e8:36:0e:f0:0e:23:aa:fd:88:97:d0:e3:5c:0e:
94:49:b5:b5:17:35:d2:2e:bf:4e:85:ef:18:e0:85:92:eb:06:
3b:6c:29:23:09:60:dc:45:02:4c:12:18:3b:e9:fb:0e:de:dc:
44:f8:58:98:ae:ea:bd:45:45:a1:88:5d:66:ca:fe:10:e9:6f:
82:c8:11:42:0d:fb:e9:ec:e3:86:00:de:9d:10:e3:38:fa:a4:
7d:b1:d8:e8:49:82:84:06:9b:2b:e8:6b:4f:01:0c:38:77:2e:
f9:dd:e7:39
-----BEGIN CERTIFICATE-----
[.......etc.....]
-----END CERTIFICATE-----
------------------
No extensions
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = mx.h.terrax.net
verify return:1
Received Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ApplicationData (23)
Length = 128
Inner Content Type = Handshake (22)
SSL_connect:SSLv3/TLS read server certificate
CertificateVerify, Length=107
Signature Algorithm: ecdsa_secp384r1_sha384 (0x0503)
Signature (len=103): 306502310082549D56CF2272BE12DFB38719CAE87D6DC674B73DA1EAB2EDBAEC0541171ADC22022C81602827D4D287CBE03203482102301091717A8C4EC606FD6BED8E2FDF6344077621238AD471B88E13FA961D0958078F525309BDBF2B04AAFF722A0C1EF7D3
Received Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ApplicationData (23)
Length = 69
Inner Content Type = Handshake (22)
SSL_connect:TLSv1.3 read server certificate verify
Finished, Length=48
verify_data (len=48): D0B5B84C477B68E43A6345F3FCF4F9C5D655269644C4411A7055CA33BFFEF60812BE9914DC51D4CD80706B0D6B4BD64A
SSL_connect:SSLv3/TLS read finished
Sent Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ApplicationData (23)
Length = 25
Inner Content Type = Handshake (22)
Certificate, Length=4
context (len=0):
certificate_list, length=0
SSL_connect:SSLv3/TLS write client certificate
Sent Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ApplicationData (23)
Length = 69
Inner Content Type = Handshake (22)
Finished, Length=48
verify_data (len=48): 544A4FB83D573F7967DAE2BB94AAC4E5FE99618240B61EAB144D528029643F9054A26D878474A4941EAD5480699E2318
SSL_connect:SSLv3/TLS write finished
---
Certificate chain
0 s:CN = mx.h.terrax.net
i:C = US, O = Let's Encrypt, CN = R3
a:PKEY: id-ecPublicKey, 384 (bit); sigalg: RSA-SHA256
v:NotBefore: Jul 19 19:57:27 2023 GMT; NotAfter: Oct 17 19:57:26 2023 GMT
1 s:C = US, O = Let's Encrypt, CN = R3
i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Sep 4 00:00:00 2020 GMT; NotAfter: Sep 15 16:00:00 2025 GMT
2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
i:O = Digital Signature Trust Co., CN = DST Root CA X3
a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
v:NotBefore: Jan 20 19:14:03 2021 GMT; NotAfter: Sep 30 18:14:03 2024 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
[.......etc.....]
-----END CERTIFICATE-----
subject=CN = mx.h.terrax.net
issuer=C = US, O = Let's Encrypt, CN = R3
---
Acceptable client certificate CA names
CN = ACCVRAIZ1, OU = PKIACCV, O = ACCV, C = ES
C = ES, O = FNMT-RCM, OU = AC RAIZ FNMT-RCM
[.......etc.....]
Requested Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:ECDSA+SHA1:RSA+SHA224:RSA+SHA1
Shared Requested Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512
Peer signing digest: SHA384
Peer signature type: ECDSA
Server Temp Key: ECDH, secp384r1, 384 bits
---
SSL handshake has read 19146 bytes and written 775 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 384 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
250 CHUNKING
Received Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ApplicationData (23)
Length = 250
Inner Content Type = Handshake (22)
SSL_connect:SSL negotiation finished successfully
SSL_connect:SSL negotiation finished successfully
NewSessionTicket, Length=229
ticket_lifetime_hint=7200
ticket_age_add=172069078
ticket_nonce (len=8): 0000000000000000
ticket (len=208): 56F49F4790635074862D4E11774AFF947F0418F20CAE4240982F8476141C68FD3D3174E7206C442CBC13AA2813B57DFFB14F0CDD14B24976240C8F55B89B51EB72EE2B2DB9E4FCF7E83BED6038FFB6E5842C52E7BEB3512249B12D7F3EF9718A0BED223532EFB0618781347A1F4DB739C3131378E91BB6C6D4D5CD7DB937887B316154C3997D12F8227EBD06867892FDAD515F61E1DFDE2B32D121AEA9FABAB9F23C1909BF1F973A697A6C4243787F45F0D4BBD1FCE8EAA7546D4BC8B9B210AE52CDBE726A1E843EC82BE41286971CC5
No extensions
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 5527CD9C4C5069E9C4544454451BAE71F12AE8A3EB7026620D1B1C30540FCF6E
Session-ID-ctx:
Resumption PSK: 2FEF353CB837CF7CBE497360A22CFE39B653B4E292E56A0255539C9E939BBF524E8F6E05AE8D42E479DB22E40744929C
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 56 f4 9f 47 90 63 50 74-86 2d 4e 11 77 4a ff 94 V..G.cPt.-N.wJ..
0010 - 7f 04 18 f2 0c ae 42 40-98 2f 84 76 14 1c 68 fd ......B@./.v..h.
0020 - 3d 31 74 e7 20 6c 44 2c-bc 13 aa 28 13 b5 7d ff =1t. lD,...(..}.
0030 - b1 4f 0c dd 14 b2 49 76-24 0c 8f 55 b8 9b 51 eb .O....Iv$..U..Q.
0040 - 72 ee 2b 2d b9 e4 fc f7-e8 3b ed 60 38 ff b6 e5 r.+-.....;.`8...
0050 - 84 2c 52 e7 be b3 51 22-49 b1 2d 7f 3e f9 71 8a .,R...Q"I.-.>.q.
0060 - 0b ed 22 35 32 ef b0 61-87 81 34 7a 1f 4d b7 39 .."52..a..4z.M.9
0070 - c3 13 13 78 e9 1b b6 c6-d4 d5 cd 7d b9 37 88 7b ...x.......}.7.{
0080 - 31 61 54 c3 99 7d 12 f8-22 7e bd 06 86 78 92 fd 1aT..}.."~...x..
0090 - ad 51 5f 61 e1 df de 2b-32 d1 21 ae a9 fa ba b9 .Q_a...+2.!.....
00a0 - f2 3c 19 09 bf 1f 97 3a-69 7a 6c 42 43 78 7f 45 .<.....:izlBCx.E
00b0 - f0 d4 bb d1 fc e8 ea a7-54 6d 4b c8 b9 b2 10 ae ........TmK.....
00c0 - 52 cd be 72 6a 1e 84 3e-c8 2b e4 12 86 97 1c c5 R..rj..>.+......
Start Time: 1690315134
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
SSL_connect:SSLv3/TLS read server session ticket
read R BLOCK
Metadata
Metadata
Assignees
Labels
No labels