- mbed-tls - lists.trustedfirmware.org

by Nathan Sircombe

Hi Mbed TLS list, I’d just like to introduce myself to the wider Mbed TLS community. I’ve recently joined the Mbed TLS team as the Engineering Manager for the Arm team. Although I’m new to this project, I’m not new to Arm having worked here for a while on a number of closed and open source library projects. I look forward to working with you, and meeting some of you on our regular community calls. Cheers, Nathan. p.s. my GitHub usid is nSircombe (https://github.com/nSircombe)

1 year, 2 months

1
0
0 0

Ask about using mbedtls

by blaine

hello： Recently, I am transplanting mbedtls from a 32-bit system to a 64-bit system. The compilation operating system is ubuntu20.4. The screenshot below is the code I use mbedtls(version number: 2.24.0). In the API mbedtls_rsa_gen_key implementation, there is a line of code that is ""MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &ctx ->E, exponent ) );"", the program crashed at the memset in mbedtls_mpi_set during execution. This has not happened on 32-bit platforms before, so I would like to ask whether it has something to do with the platform used or whether I call the API. It’s a question about how to use it, thank you very much

1 year, 2 months

2
1
0 0

Exports from the shared libraries vs API

by Zaki, Ahmed

Hi, I am trying to identify the API available by looking up exported symbols from the built shared libraries libmbedcrypto.so ,libmbedtls.so and libmbedx509.so. I noticed that many of the exported functions are not documented here https://mbed-tls.readthedocs.io/projects/api/en/development/ . My question really is, are those functions exported through the shared libraries intended to be so ? For example, function mbedtls_mpi_core_add does not seem to be part of the API but it is exported. Is this intentional ? It's not uncommon that functions would be exported but not part of the API, I just wanted to get some clarification if possible regarding the reasons for doing so in the case of MbedTLS. Thanks Ahmed

1 year, 2 months

2
1
0 0

MbedTLS Test Cases

by Satya Prakash Prasad

Hi, I am sorry but I need to know test case scenarios to verify what is supported in the recent MBedTLS stack - what should be tested. Objective is that we cover MBedTLS code the maximum. Since I am a new learner, I need to build the test cases from scratch. So I thought to first find from stack what TLS ciphers suites / digest it supports, what are the different keysize, and protocols - TLSvX (where x=1,2 or 3). Then build certificates related to the same and verify the data as found. Are there other ways to find different features in the current MBedTLs stack and verify each one of them? Is this approach the right way - do we have known test case scenarios to verify? Any other additional help will aid us out. Thanks in advance. Regards, Prakash

1 year, 2 months

1
0
0 0

MbedTLS 3.6.0 - Memory or other issue

by Satya Prakash Prasad

Hi, We are using MbedTLS 3.6.0 in an embedded device which has limited memory available. Since we are implementing the same for the first time hence from the logs please confirm if it is coding integration issue (like caught in infinite loop, not correct integration etc) or the flow errors out because of unavailable of memory. In our embedded device we have allocated .5 MB (half MB) of space for TLS thread stack. How much do we actually need - 1 MB or 2 MB. Is there any memory leak issue? Please find the logs below and let me know is there is any issue in integration or memory issue. Thanks in advance. Regards, Prakash ssl_tls.c 1327 The SSL configuration is tls12 only. ssl_tls.c 1327 The SSL configuration is tls12 only. ssl_tls.c 1327 The SSL configuration is tls12 only. ssl_tls.c 1327 The SSL configuration is tls12 only. ssl_tls.c 4622 => handshake ssl_msg.c 2353 => flush output ssl_msg.c 2362 <= flush output ssl_tls.c 4529 client state: MBEDTLS_SSL_HELLO_REQUEST ssl_msg.c 2353 => flush output ssl_msg.c 2362 <= flush output ssl_tls.c 4529 client state: MBEDTLS_SSL_CLIENT_HELLO ssl_client.c 919 => write client hello ssl_client.c 725 client hello, current time: 1714521657 ssl_client.c 487 dumping 'client hello, random bytes' (32 bytes) ssl_client.c 487 0000: 66 31 86 39 78 bc 58 af ec e1 20 b2 82 67 fb 9b f1.9x.X... ..g.. ssl_client.c 487 0010: 2f 56 40 0f b1 35 c1 b9 27 f1 e5 06 89 c2 23 69 /V@..5..'.....#i ssl_client.c 512 dumping 'session id' (0 bytes) ssl_client.c 371 client hello, add ciphersuite: cca8, TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 ssl_client.c 371 client hello, add ciphersuite: cca9, TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 ssl_client.c 371 client hello, add ciphersuite: ccaa, TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 ssl_client.c 371 client hello, add ciphersuite: c0ad, TLS-ECDHE-ECDSA-WITH-AES-256-CCM ssl_client.c 371 client hello, add ciphersuite: c09f, TLS-DHE-RSA-WITH-AES-256-CCM ssl_client.c 371 client hello, add ciphersuite: 006b, TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 ssl_client.c 371 client hello, add ciphersuite: c00a, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA ssl_client.c 371 client hello, add ciphersuite: c014, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA ssl_client.c 371 client hello, add ciphersuite: 0039, TLS-DHE-RSA-WITH-AES-256-CBC-SHA ssl_client.c 371 client hello, add ciphersuite: c0af, TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8 ssl_client.c 371 client hello, add ciphersuite: c0a3, TLS-DHE-RSA-WITH-AES-256-CCM-8 ssl_client.c 371 client hello, add ciphersuite: c02b, TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 ssl_client.c 371 client hello, add ciphersuite: c02f, TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 ssl_client.c 371 client hello, add ciphersuite: 009e, TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 ssl_client.c 371 client hello, add ciphersuite: c0ac, TLS-ECDHE-ECDSA-WITH-AES-128-CCM ssl_client.c 371 client hello, add ciphersuite: c09e, TLS-DHE-RSA-WITH-AES-128-CCM ssl_client.c 371 client hello, add ciphersuite: c023, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 ssl_client.c 371 client hello, add ciphersuite: c027, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 ssl_client.c 371 client hello, add ciphersuite: 0067, TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 ssl_client.c 371 client hello, add ciphersuite: c009, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA ssl_client.c 371 client hello, add ciphersuite: c013, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA ssl_client.c 371 client hello, add ciphersuite: 0033, TLS-DHE-RSA-WITH-AES-128-CBC-SHA ssl_client.c 371 client hello, add ciphersuite: c0ae, TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8 ssl_client.c 371 client hello, add ciphersuite: c0a2, TLS-DHE-RSA-WITH-AES-128-CCM-8 ssl_client.c 371 client hello, add ciphersuite: c09d, TLS-RSA-WITH-AES-256-CCM ssl_client.c 371 client hello, add ciphersuite: 003d, TLS-RSA-WITH-AES-256-CBC-SHA256 ssl_client.c 371 client hello, add ciphersuite: 0035, TLS-RSA-WITH-AES-256-CBC-SHA ssl_client.c 371 client hello, add ciphersuite: c0a1, TLS-RSA-WITH-AES-256-CCM-8 ssl_client.c 371 client hello, add ciphersuite: 009c, TLS-RSA-WITH-AES-128-GCM-SHA256 ssl_client.c 371 client hello, add ciphersuite: c09c, TLS-RSA-WITH-AES-128-CCM ssl_client.c 371 client hello, add ciphersuite: 003c, TLS-RSA-WITH-AES-128-CBC-SHA256 ssl_client.c 371 client hello, add ciphersuite: 002f, TLS-RSA-WITH-AES-128-CBC-SHA ssl_client.c 371 client hello, add ciphersuite: c0a0, TLS-RSA-WITH-AES-128-CCM-8 ssl_client.c 387 adding EMPTY_RENEGOTIATION_INFO_SCSV ssl_client.c 398 client hello, got 34 cipher suites ssl_client.c 230 client hello, adding supported_groups extension ssl_client.c 249 got supported group(001d) ssl_client.c 283 NamedGroup: x25519 ( 1d ) ssl_client.c 249 got supported group(0017) ssl_client.c 283 NamedGroup: secp256r1 ( 17 ) ssl_client.c 249 got supported group(0018) ssl_client.c 283 NamedGroup: secp384r1 ( 18 ) ssl_client.c 249 got supported group(001e) ssl_client.c 283 NamedGroup: x448 ( 1e ) ssl_client.c 249 got supported group(0019) ssl_client.c 283 NamedGroup: secp521r1 ( 19 ) ssl_client.c 249 got supported group(001a) ssl_client.c 283 NamedGroup: bp256r1 ( 1a ) ssl_client.c 249 got supported group(001b) ssl_client.c 283 NamedGroup: bp384r1 ( 1b ) ssl_client.c 249 got supported group(001c) ssl_client.c 283 NamedGroup: bp512r1 ( 1c ) ssl_client.c 302 dumping 'Supported groups extension' (18 bytes) ssl_client.c 302 0000: 00 10 00 1d 00 17 00 18 00 1e 00 19 00 1a 00 1b ................ ssl_client.c 302 0010: 00 1c .. ssl_tls.c 9611 adding signature_algorithms extension ssl_tls.c 9633 got signature scheme [603] ecdsa_secp521r1_sha512 ssl_tls.c 9642 sent signature scheme [603] ecdsa_secp521r1_sha512 ssl_tls.c 9633 got signature scheme [806] rsa_pss_rsae_sha512 ssl_tls.c 9633 got signature scheme [601] rsa_pkcs1_sha512 ssl_tls.c 9642 sent signature scheme [601] rsa_pkcs1_sha512 ssl_tls.c 9633 got signature scheme [403] ecdsa_secp256r1_sha256 ssl_tls.c 9642 sent signature scheme [403] ecdsa_secp256r1_sha256 ssl_tls.c 9633 got signature scheme [804] rsa_pss_rsae_sha256 ssl_tls.c 9633 got signature scheme [401] rsa_pkcs1_sha256 ssl_tls.c 9642 sent signature scheme [401] rsa_pkcs1_sha256 ssl_tls12_client.c 106 client hello, adding supported_point_formats extension ssl_tls12_client.c 307 client hello, adding encrypt_then_mac extension ssl_tls12_client.c 339 client hello, adding extended_master_secret extension ssl_tls12_client.c 372 client hello, adding session ticket extension ssl_client.c 689 client hello, total extension length: 54 ssl_client.c 691 dumping 'client hello extensions' (54 bytes) ssl_client.c 691 0000: 00 36 00 0a 00 12 00 10 00 1d 00 17 00 18 00 1e .6.............. ssl_client.c 691 0010: 00 19 00 1a 00 1b 00 1c 00 0d 00 0a 00 08 06 03 ................ ssl_client.c 691 0020: 06 01 04 03 04 01 00 0b 00 02 01 00 00 16 00 00 ................ ssl_client.c 691 0030: 00 17 00 00 00 23 .....# ssl_msg.c 2783 => write handshake message ssl_msg.c 2943 => write record ssl_msg.c 3030 output record: msgtype = 22, version = [3:3], msglen = 167 ssl_msg.c 3033 dumping 'output record sent to network' (172 bytes) ssl_msg.c 3033 0000: 16 03 03 00 a7 01 00 00 a3 03 03 66 31 86 39 78 ...........f1.9x ssl_msg.c 3033 0010: bc 58 af ec e1 20 b2 82 67 fb 9b 2f 56 40 0f b1 .X... ..g../V@.. ssl_msg.c 3033 0020: 35 c1 b9 27 f1 e5 06 89 c2 23 69 00 00 44 cc a8 5..'.....#i..D.. ssl_msg.c 3033 0030: cc a9 cc aa c0 ad c0 9f 00 6b c0 0a c0 14 00 39 .........k.....9 ssl_msg.c 3033 0040: c0 af c0 a3 c0 2b c0 2f 00 9e c0 ac c0 9e c0 23 .....+./.......# ssl_msg.c 3033 0050: c0 27 00 67 c0 09 c0 13 00 33 c0 ae c0 a2 c0 9d .'.g.....3...... ssl_msg.c 3033 0060: 00 3d 00 35 c0 a1 00 9c c0 9c 00 3c 00 2f c0 a0 .=.5.......<./.. ssl_msg.c 3033 0070: 00 ff 01 00 00 36 00 0a 00 12 00 10 00 1d 00 17 .....6.......... ssl_msg.c 3033 0080: 00 18 00 1e 00 19 00 1a 00 1b 00 1c 00 0d 00 0a ................ ssl_msg.c 3033 0090: 00 08 06 03 06 01 04 03 04 01 00 0b 00 02 01 00 ................ ssl_msg.c 3033 00a0: 00 16 00 00 00 17 00 00 00 23 00 00 .........#.. ssl_msg.c 3080 <= write record ssl_msg.c 2904 <= write handshake message ssl_client.c 1012 <= write client hello ssl_msg.c 2353 => flush output ssl_msg.c 2369 message length: 172, out_left: 172 ssl_msg.c 2374 ssl->f_send() returned 172 (-0xffffff54) ssl_msg.c 2401 <= flush output ssl_tls.c 4529 client state: MBEDTLS_SSL_SERVER_HELLO ssl_tls12_client.c 1193 => parse server hello ssl_msg.c 4189 => read record ssl_msg.c 2155 => fetch input ssl_msg.c 2297 in_left: 0, nb_want: 5 ssl_msg.c 2317 in_left: 0, nb_want: 5 ssl_msg.c 2318 ssl->f_recv(_timeout)() returned 0 (-0x0000) ssl_msg.c 4861 mbedtls_ssl_fetch_input() returned -29312 (-0x7280) ssl_msg.c 4220 ssl_get_next_record() returned -29312 (-0x7280) ssl_tls12_client.c 1197 mbedtls_ssl_read_record() returned -29312 (-0x7280) ssl_tls.c 4635 <= handshake ssl_tls.c 4622 => handshake ssl_msg.c 2353 => flush output ssl_msg.c 2362 <= flush output ssl_tls.c 4529 client state: MBEDTLS_SSL_SERVER_HELLO ssl_tls12_client.c 1193 => parse server hello ssl_msg.c 4189 => read record ssl_msg.c 2155 => fetch input ssl_msg.c 2297 in_left: 0, nb_want: 5 ssl_msg.c 2317 in_left: 0, nb_want: 5 ssl_msg.c 2318 ssl->f_recv(_timeout)() returned 5 (-0xfffffffb) ssl_msg.c 2340 <= fetch input ssl_msg.c 3855 dumping 'input record header' (5 bytes) ssl_msg.c 3855 0000: 16 03 03 00 3d ....= ssl_msg.c 3859 input record: msgtype = 22, version = [0x303], msglen = 61 ssl_msg.c 2155 => fetch input ssl_msg.c 2297 in_left: 5, nb_want: 66 ssl_msg.c 2317 in_left: 5, nb_want: 66 ssl_msg.c 2318 ssl->f_recv(_timeout)() returned 61 (-0xffffffc3) ssl_msg.c 2340 <= fetch input ssl_msg.c 3965 dumping 'input record from network' (66 bytes) ssl_msg.c 3965 0000: 16 03 03 00 3d 02 00 00 39 03 03 76 36 49 0c df ....=...9..v6I.. ssl_msg.c 3965 0010: c5 5f 16 59 fa a0 24 de 4f 91 1d 01 18 c4 f4 75 ._.Y..$.O......u ssl_msg.c 3965 0020: a1 f9 ee 64 aa 85 27 40 09 f4 59 00 cc a8 00 00 ...d..'@..Y..... ssl_msg.c 3965 0030: 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 ................ ssl_msg.c 3965 0040: 00 00 .. ssl_msg.c 3234 handshake message: msglen = 61, type = 2, hslen = 61 ssl_msg.c 4261 <= read record ssl_tls12_client.c 1267 dumping 'server hello, version' (2 bytes) ssl_tls12_client.c 1267 0000: 03 03 .. ssl_tls12_client.c 1292 server hello, current time: 1983269132 ssl_tls12_client.c 1298 dumping 'server hello, random bytes' (32 bytes) ssl_tls12_client.c 1298 0000: 76 36 49 0c df c5 5f 16 59 fa a0 24 de 4f 91 1d v6I..._.Y..$.O.. ssl_tls12_client.c 1298 0010: 01 18 c4 f4 75 a1 f9 ee 64 aa 85 27 40 09 f4 59 ....u...d..'@..Y ssl_tls12_client.c 1360 server hello, session id len.: 0 ssl_tls12_client.c 1361 dumping 'server hello, session id' (0 bytes) ssl_tls12_client.c 1386 no session has been resumed ssl_tls12_client.c 1388 server hello, chosen ciphersuite: cca8 ssl_tls12_client.c 1390 server hello, compress alg.: 0 ssl_tls12_client.c 1425 server hello, chosen ciphersuite: TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 ssl_tls12_client.c 1447 server hello, total extension length: 17 ssl_tls12_client.c 1463 found renegotiation extension ssl_tls12_client.c 1543 found supported_point_formats extension ssl_tls12_client.c 841 point format selected: 0 ssl_tls12_client.c 1516 found extended_master_secret extension ssl_tls12_client.c 1659 <= parse server hello ssl_msg.c 2353 => flush output ssl_msg.c 2362 <= flush output ssl_tls.c 4529 client state: MBEDTLS_SSL_SERVER_CERTIFICATE ssl_tls.c 8204 => parse certificate ssl_msg.c 4189 => read record ssl_msg.c 2155 => fetch input ssl_msg.c 2297 in_left: 0, nb_want: 5 ssl_msg.c 2317 in_left: 0, nb_want: 5 ssl_msg.c 2318 ssl->f_recv(_timeout)() returned 5 (-0xfffffffb) ssl_msg.c 2340 <= fetch input ssl_msg.c 3855 dumping 'input record header' (5 bytes) ssl_msg.c 3855 0000: 16 03 03 06 c7 ..... ssl_msg.c 3859 input record: msgtype = 22, version = [0x303], msglen = 1735 ssl_msg.c 2155 => fetch input ssl_msg.c 2297 in_left: 5, nb_want: 1740 ssl_msg.c 2317 in_left: 5, nb_want: 1740 ssl_msg.c 2318 ssl->f_recv(_timeout)() returned 1735 (-0xfffff939) ssl_msg.c 2340 <= fetch input ssl_msg.c 3965 dumping 'input record from network' (1740 bytes) ssl_msg.c 3965 0000: 16 03 03 06 c7 0b 00 06 c3 00 06 c0 00 03 2f 30 ............../0 ssl_msg.c 3965 0010: 82 03 2b 30 82 02 13 02 14 6d 4f 99 2e 33 c5 10 ..+0.....mO..3.. ssl_msg.c 3965 0020: 1e ea 27 57 74 8f cf 4d 01 60 54 51 76 30 0d 06 ..'Wt..M.`TQv0.. ssl_msg.c 3965 0030: 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 53 31 0b .*.H........0S1. ssl_msg.c 3965 0040: 30 09 06 03 55 04 06 13 02 55 53 31 0b 30 09 06 0...U....US1.0.. ssl_msg.c 3965 0050: 03 55 04 08 0c 02 43 41 31 12 30 10 06 03 55 04 .U....CA1.0...U. ssl_msg.c 3965 0060: 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 10 30 0e ...Somewhere1.0. ssl_msg.c 3965 0070: 06 03 55 04 0a 0c 07 53 6f 6d 65 6f 6e 65 31 11 ..U....Someone1. ssl_msg.c 3965 0080: 30 0f 06 03 55 04 03 0c 08 46 6f 6f 62 61 72 43 0...U....FoobarC ssl_msg.c 3965 0090: 41 30 1e 17 0d 32 34 30 34 30 33 30 39 33 35 30 A0...24040309350 ssl_msg.c 3965 00a0: 30 5a 17 0d 32 35 30 34 30 33 30 39 33 35 30 30 0Z..250403093500 ssl_msg.c 3965 00b0: 5a 30 51 31 0b 30 09 06 03 55 04 06 13 02 55 53 Z0Q1.0...U....US ssl_msg.c 3965 00c0: 31 0b 30 09 06 03 55 04 08 0c 02 43 41 31 12 30 1.0...U....CA1.0 ssl_msg.c 3965 00d0: 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 ...U....Somewher ssl_msg.c 3965 00e0: 65 31 10 30 0e 06 03 55 04 0a 0c 07 53 6f 6d 65 e1.0...U....Some ssl_msg.c 3965 00f0: 6f 6e 65 31 0f 30 0d 06 03 55 04 03 0c 06 46 6f one1.0...U....Fo ssl_msg.c 3965 0100: 6f 62 61 72 30 82 01 22 30 0d 06 09 2a 86 48 86 obar0.."0...*.H. ssl_msg.c 3965 0110: f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a ............0... ssl_msg.c 3965 0120: 02 82 01 01 00 c1 9f d8 d2 15 fe e5 68 e8 fe 65 ............h..e ssl_msg.c 3965 0130: 21 e4 c4 78 ea 22 da 31 4d 08 77 df 03 d5 13 03 !..x.".1M.w..... ssl_msg.c 3965 0140: ec 36 8f d1 d3 c1 5c 15 52 fd 9d c8 27 f2 ca 51 .6....\.R...'..Q ssl_msg.c 3965 0150: 79 18 22 95 d7 6b 09 72 96 79 5a d0 cd cc ac 20 y."..k.r.yZ.... ssl_msg.c 3965 0160: 2e f2 05 cb 57 57 f3 91 07 9f 3d d7 2c e7 4e 97 ....WW....=.,.N. ssl_msg.c 3965 0170: 56 31 0a 3c 04 fd 43 9d ee 9f e7 5b d8 b7 41 0e V1.<..C....[..A. ssl_msg.c 3965 0180: d8 9b 28 8b 82 33 cd ff 7d db 8c c2 3d b6 c0 ff ..(..3..}...=... ssl_msg.c 3965 0190: 48 df dd bb 9e d6 d1 84 0a d5 f5 f5 c4 88 cc 7f H............... ssl_msg.c 3965 01a0: 2b 82 67 f0 9c 47 54 27 00 6a f0 59 0a d6 0f 84 +.g..GT'.j.Y.... ssl_msg.c 3965 01b0: a9 10 8f d2 a5 d3 26 53 3c 28 57 94 01 06 8a 1d ......&S<(W..... ssl_msg.c 3965 01c0: ff 90 e2 48 25 55 7e fd 03 cc 2c 6b e4 0e 3e 09 ...H%U~...,k..>. ssl_msg.c 3965 01d0: b2 2c 97 23 32 29 b2 55 a4 f1 37 3d 1c f8 d0 a3 .,.#2).U..7=.... ssl_msg.c 3965 01e0: 4b 6d 78 db 68 2c ac 6e 6b d6 14 2e 86 e6 0f 3d Kmx.h,.nk......= ssl_msg.c 3965 01f0: d1 61 38 de ba cb bf 4f d8 d0 af 66 b2 3f 09 0e .a8....O...f.?.. ssl_msg.c 3965 0200: 51 c5 4b c6 d2 c0 90 8a db 51 98 32 bf a3 9b e9 Q.K......Q.2.... ssl_msg.c 3965 0210: 94 a2 69 9a 0a e1 a1 6e ad 63 59 92 e2 81 4a 29 ..i....n.cY...J) ssl_msg.c 3965 0220: 36 84 36 33 2b 02 03 01 00 01 30 0d 06 09 2a 86 6.63+.....0...*. ssl_msg.c 3965 0230: 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 1d eb H............... ssl_msg.c 3965 0240: c0 c7 45 0b 99 54 89 c9 9c 6b 18 c7 22 bf d8 a1 ..E..T...k.."... ssl_msg.c 3965 0250: 30 b6 09 ca b1 8e b4 fc a1 a7 f9 27 f8 12 ff b0 0..........'.... ssl_msg.c 3965 0260: fb c8 44 b1 d8 52 40 71 05 7d 8e 1d c1 69 0f ff ..D..R@q.}...i.. ssl_msg.c 3965 0270: f4 d2 a3 8b df e1 0b f0 8c de fb 60 e1 81 87 bc ...........`.... ssl_msg.c 3965 0280: 0f 46 84 0e db 64 dd cc c0 eb 7b bd 35 ac 5d 33 .F...d....{.5.]3 ssl_msg.c 3965 0290: 9c f7 96 24 05 4d 45 27 37 6d 0c 9f 92 ea 7d fe ...$.ME'7m....}. ssl_msg.c 3965 02a0: 4a 9b c9 54 3b 91 0f 87 7c f4 46 64 b0 3d 54 c4 J..T;...|.Fd.=T. ssl_msg.c 3965 02b0: 5f 17 bd 88 a5 07 85 24 71 44 6c be 3b 3a f8 a4 _......$qDl.;:.. ssl_msg.c 3965 02c0: 7a 2b 67 5e 3d bd 5a 12 8d 2e bd 47 8d 6f 0d 02 z+g^=.Z....G.o.. ssl_msg.c 3965 02d0: 90 af fe 8b a9 ef a8 12 73 77 29 ce fe ef 79 51 ........sw)...yQ ssl_msg.c 3965 02e0: 68 6b 2f 18 fd da f8 1e 52 eb e9 eb 38 c0 ee ee hk/.....R...8... ssl_msg.c 3965 02f0: 45 de 8f 5f 3f c4 d8 9e c4 12 87 83 5c 48 0b c9 E.._?.......\H.. ssl_msg.c 3965 0300: 5a 28 6a ec e4 28 f1 07 5b 27 7d 75 d5 2b c2 dd Z(j..(..['}u.+.. ssl_msg.c 3965 0310: ff 88 08 e3 89 14 36 6d 8b ce e3 27 d7 ef 90 bd ......6m...'.... ssl_msg.c 3965 0320: 4e da 78 f6 bf 99 4d f7 95 bf d9 d5 e8 52 f1 c8 N.x...M......R.. ssl_msg.c 3965 0330: df 5c e1 c3 fd 8e 10 0f ae cf ef bb 94 2f 00 03 .\.........../.. ssl_msg.c 3965 0340: 8b 30 82 03 87 30 82 02 6f a0 03 02 01 02 02 14 .0...0..o....... ssl_msg.c 3965 0350: 22 df a0 f5 03 ec 52 a6 04 2e 69 b4 86 56 5f 5c ".....R...i..V_\ ssl_msg.c 3965 0360: 29 ec 05 e6 30 0d 06 09 2a 86 48 86 f7 0d 01 01 )...0...*.H..... ssl_msg.c 3965 0370: 0b 05 00 30 53 31 0b 30 09 06 03 55 04 06 13 02 ...0S1.0...U.... ssl_msg.c 3965 0380: 55 53 31 0b 30 09 06 03 55 04 08 0c 02 43 41 31 US1.0...U....CA1 ssl_msg.c 3965 0390: 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 .0...U....Somewh ssl_msg.c 3965 03a0: 65 72 65 31 10 30 0e 06 03 55 04 0a 0c 07 53 6f ere1.0...U....So ssl_msg.c 3965 03b0: 6d 65 6f 6e 65 31 11 30 0f 06 03 55 04 03 0c 08 meone1.0...U.... ssl_msg.c 3965 03c0: 46 6f 6f 62 61 72 43 41 30 1e 17 0d 32 34 30 34 FoobarCA0...2404 ssl_msg.c 3965 03d0: 30 33 30 39 33 33 34 30 5a 17 0d 32 35 30 34 30 03093340Z..25040 ssl_msg.c 3965 03e0: 33 30 39 33 33 34 30 5a 30 53 31 0b 30 09 06 03 3093340Z0S1.0... ssl_msg.c 3965 03f0: 55 04 06 13 02 55 53 31 0b 30 09 06 03 55 04 08 U....US1.0...U.. ssl_msg.c 3965 0400: 0c 02 43 41 31 12 30 10 06 03 55 04 07 0c 09 53 ..CA1.0...U....S ssl_msg.c 3965 0410: 6f 6d 65 77 68 65 72 65 31 10 30 0e 06 03 55 04 omewhere1.0...U. ssl_msg.c 3965 0420: 0a 0c 07 53 6f 6d 65 6f 6e 65 31 11 30 0f 06 03 ...Someone1.0... ssl_msg.c 3965 0430: 55 04 03 0c 08 46 6f 6f 62 61 72 43 41 30 82 01 U....FoobarCA0.. ssl_msg.c 3965 0440: 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 "0...*.H........ ssl_msg.c 3965 0450: 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 c7 25 .....0.........% ssl_msg.c 3965 0460: 6d c2 a1 b4 55 87 c1 90 64 49 5f d0 b4 c3 4a 07 m...U...dI_...J. ssl_msg.c 3965 0470: b8 40 d9 ff 10 5b ea 01 fa a2 d7 06 97 af b2 1a .@...[.......... ssl_msg.c 3965 0480: 72 0f 81 14 10 18 b2 17 dc f3 70 72 18 90 00 87 r.........pr.... ssl_msg.c 3965 0490: 0c 04 bb fa 50 8c ee d6 f0 83 1e ea 97 54 cb 37 ....P........T.7 ssl_msg.c 3965 04a0: 1f 5e b8 a5 fc b8 90 5d 88 2a b4 7e a8 5f 9c dc .^.....].*.~._.. ssl_msg.c 3965 04b0: b7 e5 3c 5b c3 d0 21 0e ed 81 16 a0 81 54 42 17 ..<[..!......TB. ssl_msg.c 3965 04c0: 02 bf 79 3d b2 11 dc 3d 35 e1 36 a1 c4 55 0d 8f ..y=...=5.6..U.. ssl_msg.c 3965 04d0: c5 31 87 7c be 02 20 6e de 3e aa c5 e5 25 03 37 .1.|.. n.>...%.7 ssl_msg.c 3965 04e0: 13 c7 17 18 36 5f 80 bd d4 d7 d3 f7 60 4c 0b 04 ....6_......`L.. ssl_msg.c 3965 04f0: 33 aa a6 c9 49 fa df b4 7c 13 7d 37 67 a7 8c b7 3...I...|.}7g... ssl_msg.c 3965 0500: c4 12 45 8a 88 80 f9 80 8f ab df f8 3c 78 e6 2c ..E.........<x., ssl_msg.c 3965 0510: e1 03 2c 7e de 8f af ad 75 ad d5 31 3d af 25 8e ..,~....u..1=.%. ssl_msg.c 3965 0520: ae 2e 61 c9 33 eb e2 0d 31 74 06 f8 f5 06 8d b0 ..a.3...1t...... ssl_msg.c 3965 0530: ac c4 f5 5f 7b c8 5e 4c 7f ed 26 a4 7e c6 d4 23 ..._{.^L..&.~..# ssl_msg.c 3965 0540: 2c 99 d3 b2 a8 a0 68 c0 f9 5d be f8 ef 2c f2 6f ,.....h..]...,.o ssl_msg.c 3965 0550: 8e 21 a6 06 1a ca 81 ef ef 95 5e 29 9d db 02 03 .!........^).... ssl_msg.c 3965 0560: 01 00 01 a3 53 30 51 30 1d 06 03 55 1d 0e 04 16 ....S0Q0...U.... ssl_msg.c 3965 0570: 04 14 94 e0 bc ab b9 f5 8a 65 8a 45 64 d9 83 2e .........e.Ed... ssl_msg.c 3965 0580: 41 ec b0 14 8d 87 30 1f 06 03 55 1d 23 04 18 30 A.....0...U.#..0 ssl_msg.c 3965 0590: 16 80 14 94 e0 bc ab b9 f5 8a 65 8a 45 64 d9 83 ..........e.Ed.. ssl_msg.c 3965 05a0: 2e 41 ec b0 14 8d 87 30 0f 06 03 55 1d 13 01 01 .A.....0...U.... ssl_msg.c 3965 05b0: ff 04 05 30 03 01 01 ff 30 0d 06 09 2a 86 48 86 ...0....0...*.H. ssl_msg.c 3965 05c0: f7 0d 01 01 0b 05 00 03 82 01 01 00 ae 3d e2 42 .............=.B ssl_msg.c 3965 05d0: 91 fe d5 70 a5 28 44 4d 0c 66 78 fc cd 07 89 24 ...p.(DM.fx....$ ssl_msg.c 3965 05e0: 1e 2f a7 55 08 c0 69 9f 2a 37 90 bf 93 da 5e 6a ./.U..i.*7....^j ssl_msg.c 3965 05f0: 75 5e 3f 53 29 e2 13 9c 3a 3e 6a 0a 99 ca 09 51 u^?S)...:>j....Q ssl_msg.c 3965 0600: 91 2a 23 d0 ad df 36 cc e2 e0 e6 0d cb 00 33 57 .*#...6.......3W ssl_msg.c 3965 0610: db b0 a5 70 98 e9 60 1b 91 9e ec c7 64 ad 14 79 ...p..`.....d..y ssl_msg.c 3965 0620: 0e 08 22 ef a8 0e 1a 71 a0 3a 17 04 9f 0c a8 12 .."....q.:...... ssl_msg.c 3965 0630: 26 55 0d 09 09 77 4e 9e 2f cf 1c 34 f8 e8 40 19 &U...wN./..4..@. ssl_msg.c 3965 0640: 19 c2 9d 31 2d c2 a0 a1 fa bd 9b 49 31 c9 dd b9 ...1-......I1... ssl_msg.c 3965 0650: 87 a2 bc 7e 60 e1 b8 88 57 84 d6 11 08 b2 33 94 ...~`...W.....3. ssl_msg.c 3965 0660: bd 19 77 78 df e1 5f e3 c9 aa 05 ad df f7 ac 0f ..wx.._......... ssl_msg.c 3965 0670: 48 06 83 43 51 1d 0c f8 62 c0 4b 78 a1 ff 5e 9a H..CQ...b.Kx..^. ssl_msg.c 3965 0680: f1 e5 a7 bb 85 8f ee b8 3a e0 17 69 5b 0b 49 19 ........:..i[.I. ssl_msg.c 3965 0690: 36 e0 ee 12 0b 63 99 c0 26 71 d7 22 20 9e 30 a1 6....c..&q." .0. ssl_msg.c 3965 06a0: 93 75 69 71 32 65 e6 c4 3f 31 cd 87 f3 b0 0c b0 .uiq2e..?1...... ssl_msg.c 3965 06b0: 5b 05 4d 1c ce a1 45 c2 0b 92 e0 8c 72 cc 99 5d [.M...E.....r..] ssl_msg.c 3965 06c0: 44 27 2b 6b 1e cf 62 03 b4 9c e6 42 D'+k..b....B ssl_msg.c 3234 handshake message: msglen = 1735, type = 11, hslen = 1735 ssl_msg.c 4261 <= read record ssl_tls.c 7887 peer certificate #1: ssl_tls.c 7887 cert. version : 1 ssl_tls.c 7887 serial number : 6D:4F:99:2E:33:C5:10:1E:EA:27:57:74:8F:CF:4D:01:60:54:51:76 ssl_tls.c 7887 issuer name : C=US, ST=CA, L=Somewhere, O=Someone, CN=FoobarCA ssl_tls.c 7887 subject name : C=US, ST=CA, L=Somewhere, O=Someone, CN=Foobar ssl_tls.c 7887 issued on : 2024-04-03 09:35:00 ssl_tls.c 7887 expires on : 2025-04-03 09:35:00 ssl_tls.c 7887 signed using : RSA with SHA-256 ssl_tls.c 7887 RSA key size : 2048 bits ssl_tls.c 7887 value of 'crt->rsa.N' (2048 bits) is: ssl_tls.c 7887 c1 9f d8 d2 15 fe e5 68 e8 fe 65 21 e4 c4 78 ea ssl_tls.c 7887 22 da 31 4d 08 77 df 03 d5 13 03 ec 36 8f d1 d3 ssl_tls.c 7887 c1 5c 15 52 fd 9d c8 27 f2 ca 51 79 18 22 95 d7 ssl_tls.c 7887 6b 09 72 96 79 5a d0 cd cc ac 20 2e f2 05 cb 57 ssl_tls.c 7887 57 f3 91 07 9f 3d d7 2c e7 4e 97 56 31 0a 3c 04 ssl_tls.c 7887 fd 43 9d ee 9f e7 5b d8 b7 41 0e d8 9b 28 8b 82 ssl_tls.c 7887 33 cd ff 7d db 8c c2 3d b6 c0 ff 48 df dd bb 9e ssl_tls.c 7887 d6 d1 84 0a d5 f5 f5 c4 88 cc 7f 2b 82 67 f0 9c ssl_tls.c 7887 47 54 27 00 6a f0 59 0a d6 0f 84 a9 10 8f d2 a5 ssl_tls.c 7887 d3 26 53 3c 28 57 94 01 06 8a 1d ff 90 e2 48 25 ssl_tls.c 7887 55 7e fd 03 cc 2c 6b e4 0e 3e 09 b2 2c 97 23 32 ssl_tls.c 7887 29 b2 55 a4 f1 37 3d 1c f8 d0 a3 4b 6d 78 db 68 ssl_tls.c 7887 2c ac 6e 6b d6 14 2e 86 e6 0f 3d d1 61 38 de ba ssl_tls.c 7887 cb bf 4f d8 d0 af 66 b2 3f 09 0e 51 c5 4b c6 d2 ssl_tls.c 7887 c0 90 8a db 51 98 32 bf a3 9b e9 94 a2 69 9a 0a ssl_tls.c 7887 e1 a1 6e ad 63 59 92 e2 81 4a 29 36 84 36 33 2b ssl_tls.c 7887 value of 'crt->rsa.E' (17 bits) is: ssl_tls.c 7887 01 00 01 ssl_tls.c 7887 peer certificate #2: ssl_tls.c 7887 cert. version : 3 ssl_tls.c 7887 serial number : 22:DF:A0:F5:03:EC:52:A6:04:2E:69:B4:86:56:5F:5C:29:EC:05:E6 ssl_tls.c 7887 issuer name : C=US, ST=CA, L=Somewhere, O=Someone, CN=FoobarCA ssl_tls.c 7887 subject name : C=US, ST=CA, L=Somewhere, O=Someone, CN=FoobarCA ssl_tls.c 7887 issued on : 2024-04-03 09:33:40 ssl_tls.c 7887 expires on : 2025-04-03 09:33:40 ssl_tls.c 7887 signed using : RSA with SHA-256 ssl_tls.c 7887 RSA key size : 2048 bits ssl_tls.c 7887 basic constraints : CA=true ssl_tls.c 7887 value of 'crt->rsa.N' (2048 bits) is: ssl_tls.c 7887 c7 25 6d c2 a1 b4 55 87 c1 90 64 49 5f d0 b4 c3 ssl_tls.c 7887 4a 07 b8 40 d9 ff 10 5b ea 01 fa a2 d7 06 97 af ssl_tls.c 7887 b2 1a 72 0f 81 14 10 18 b2 17 dc f3 70 72 18 90 ssl_tls.c 7887 00 87 0c 04 bb fa 50 8c ee d6 f0 83 1e ea 97 54 ssl_tls.c 7887 cb 37 1f 5e b8 a5 fc b8 90 5d 88 2a b4 7e a8 5f ssl_tls.c 7887 9c dc b7 e5 3c 5b c3 d0 21 0e ed 81 16 a0 81 54 ssl_tls.c 7887 42 17 02 bf 79 3d b2 11 dc 3d 35 e1 36 a1 c4 55 ssl_tls.c 7887 0d 8f c5 31 87 7c be 02 20 6e de 3e aa c5 e5 25 ssl_tls.c 7887 03 37 13 c7 17 18 36 5f 80 bd d4 d7 d3 f7 60 4c ssl_tls.c 7887 0b 04 33 aa a6 c9 49 fa df b4 7c 13 7d 37 67 a7 ssl_tls.c 7887 8c b7 c4 12 45 8a 88 80 f9 80 8f ab df f8 3c 78 ssl_tls.c 7887 e6 2c e1 03 2c 7e de 8f af ad 75 ad d5 31 3d af ssl_tls.c 7887 25 8e ae 2e 61 c9 33 eb e2 0d 31 74 06 f8 f5 06 ssl_tls.c 7887 8d b0 ac c4 f5 5f 7b c8 5e 4c 7f ed 26 a4 7e c6 ssl_tls.c 7887 d4 23 2c 99 d3 b2 a8 a0 68 c0 f9 5d be f8 ef 2c ssl_tls.c 7887 f2 6f 8e 21 a6 06 1a ca 81 ef ef 95 5e 29 9d db ssl_tls.c 7887 value of 'crt->rsa.E' (17 bits) is: ssl_tls.c 7887 01 00 01 ssl_tls.c 7971 Use configuration-specific verification callback ssl_tls.c 8131 Certificate verification flags clear ssl_tls.c 8317 <= parse certificate ssl_msg.c 2353 => flush output ssl_msg.c 2362 <= flush output ssl_tls.c 4529 client state: MBEDTLS_SSL_SERVER_KEY_EXCHANGE ssl_tls12_client.c 2087 => parse server key exchange ssl_msg.c 4189 => read record ssl_msg.c 2155 => fetch input ssl_msg.c 2297 in_left: 0, nb_want: 5 ssl_msg.c 2317 in_left: 0, nb_want: 5 ssl_msg.c 2318 ssl->f_recv(_timeout)() returned 5 (-0xfffffffb) ssl_msg.c 2340 <= fetch input ssl_msg.c 3855 dumping 'input record header' (5 bytes) ssl_msg.c 3855 0000: 16 03 03 01 2c ...., ssl_msg.c 3859 input record: msgtype = 22, version = [0x303], msglen = 300 ssl_msg.c 2155 => fetch input ssl_msg.c 2297 in_left: 5, nb_want: 305 ssl_msg.c 2317 in_left: 5, nb_want: 305 ssl_msg.c 2318 ssl->f_recv(_timeout)() returned 300 (-0xfffffed4) ssl_msg.c 2340 <= fetch input ssl_msg.c 3965 dumping 'input record from network' (305 bytes) ssl_msg.c 3965 0000: 16 03 03 01 2c 0c 00 01 28 03 00 1d 20 d1 dc 58 ....,...(... ..X ssl_msg.c 3965 0010: 0a 95 f2 2c 9a 5b 5d 6a 96 53 04 07 5e 7c fb 67 ...,.[]j.S..^|.g ssl_msg.c 3965 0020: 80 80 17 6f f6 93 fb 9c 39 8c 36 73 0c 06 01 01 ...o....9.6s.... ssl_msg.c 3965 0030: 00 83 85 1c 02 f2 1f 5a 80 d6 b1 98 0f 70 0a 06 .......Z.....p.. ssl_msg.c 3965 0040: 39 d9 d7 fe 69 75 69 4c 3b 90 7d b9 ec 8a 16 63 9...iuiL;.}....c ssl_msg.c 3965 0050: e8 da de 3b e2 79 24 fc 17 7c 6f 3d a5 c0 4b 4d ...;.y$..|o=..KM ssl_msg.c 3965 0060: e1 5f 6d d5 ac 82 fc 47 a6 b3 3e 6d 4e 48 b3 0d ._m....G..>mNH.. ssl_msg.c 3965 0070: 12 76 9e b0 08 f2 23 56 80 c7 53 30 51 62 6e 64 .v....#V..S0Qbnd ssl_msg.c 3965 0080: 1b b0 b2 35 6f 6c 5b e9 a7 17 59 65 c5 e5 c0 3c ...5ol[...Ye...< ssl_msg.c 3965 0090: b0 6b ed 2b 39 ea b9 a4 06 0f e3 e6 20 24 f5 33 .k.+9....... $.3 ssl_msg.c 3965 00a0: e5 ee 0c 44 90 1a a1 96 53 78 e0 80 d0 ac f8 3e ...D....Sx.....> ssl_msg.c 3965 00b0: 92 4c c7 85 ac ba ab 7d 81 b6 3e d9 18 23 b2 72 .L.....}..>..#.r ssl_msg.c 3965 00c0: e2 39 68 3b 93 a2 d8 e8 cf f5 69 fe 11 49 02 5a .9h;......i..I.Z ssl_msg.c 3965 00d0: 8c 72 41 3f 17 76 b3 8e 13 15 97 b3 fb c5 ca 7f .rA?.v.......... ssl_msg.c 3965 00e0: 74 6e 75 7b 86 e6 02 ee bc 8a 37 47 92 94 a9 89 tnu{......7G.... ssl_msg.c 3965 00f0: d9 05 a6 7c b4 12 a3 6a 78 99 d8 a0 a6 d6 bb 2e ...|...jx....... ssl_msg.c 3965 0100: 21 93 4d 22 e3 2a c8 2c 47 6f 08 06 8b 7d 46 56 !.M".*.,Go...}FV ssl_msg.c 3965 0110: 9f 1c bb d4 63 94 d2 e3 4f e2 1a de 88 86 23 06 ....c...O.....#. ssl_msg.c 3965 0120: 7d 9f e3 34 d6 76 b7 85 4f 2f b1 61 b2 89 72 58 }..4.v..O/.a..rX ssl_msg.c 3965 0130: 82 . ssl_msg.c 3234 handshake message: msglen = 300, type = 12, hslen = 300 ssl_msg.c 4261 <= read record ssl_tls12_client.c 2174 dumping 'server key exchange' (296 bytes) ssl_tls12_client.c 2174 0000: 03 00 1d 20 d1 dc 58 0a 95 f2 2c 9a 5b 5d 6a 96 ... ..X...,.[]j. ssl_tls12_client.c 2174 0010: 53 04 07 5e 7c fb 67 80 80 17 6f f6 93 fb 9c 39 S..^|.g...o....9 ssl_tls12_client.c 2174 0020: 8c 36 73 0c 06 01 01 00 83 85 1c 02 f2 1f 5a 80 .6s...........Z. ssl_tls12_client.c 2174 0030: d6 b1 98 0f 70 0a 06 39 d9 d7 fe 69 75 69 4c 3b ....p..9...iuiL; ssl_tls12_client.c 2174 0040: 90 7d b9 ec 8a 16 63 e8 da de 3b e2 79 24 fc 17 .}....c...;.y$.. ssl_tls12_client.c 2174 0050: 7c 6f 3d a5 c0 4b 4d e1 5f 6d d5 ac 82 fc 47 a6 |o=..KM._m....G. ssl_tls12_client.c 2174 0060: b3 3e 6d 4e 48 b3 0d 12 76 9e b0 08 f2 23 56 80 .>mNH...v....#V. ssl_tls12_client.c 2174 0070: c7 53 30 51 62 6e 64 1b b0 b2 35 6f 6c 5b e9 a7 .S0Qbnd...5ol[.. ssl_tls12_client.c 2174 0080: 17 59 65 c5 e5 c0 3c b0 6b ed 2b 39 ea b9 a4 06 .Ye...<.k.+9.... ssl_tls12_client.c 2174 0090: 0f e3 e6 20 24 f5 33 e5 ee 0c 44 90 1a a1 96 53 ... $.3...D....S ssl_tls12_client.c 2174 00a0: 78 e0 80 d0 ac f8 3e 92 4c c7 85 ac ba ab 7d 81 x.....>.L.....}. ssl_tls12_client.c 2174 00b0: b6 3e d9 18 23 b2 72 e2 39 68 3b 93 a2 d8 e8 cf .>..#.r.9h;..... ssl_tls12_client.c 2174 00c0: f5 69 fe 11 49 02 5a 8c 72 41 3f 17 76 b3 8e 13 .i..I.Z.rA?.v... ssl_tls12_client.c 2174 00d0: 15 97 b3 fb c5 ca 7f 74 6e 75 7b 86 e6 02 ee bc .......tnu{..... ssl_tls12_client.c 2174 00e0: 8a 37 47 92 94 a9 89 d9 05 a6 7c b4 12 a3 6a 78 .7G.......|...jx ssl_tls12_client.c 2174 00f0: 99 d8 a0 a6 d6 bb 2e 21 93 4d 22 e3 2a c8 2c 47 .......!.M".*.,G ssl_tls12_client.c 2174 0100: 6f 08 06 8b 7d 46 56 9f 1c bb d4 63 94 d2 e3 4f o...}FV....c...O ssl_tls12_client.c 2174 0110: e2 1a de 88 86 23 06 7d 9f e3 34 d6 76 b7 85 4f .....#.}..4.v..O ssl_tls12_client.c 2174 0120: 2f b1 61 b2 89 72 58 82 /.a..rX. ssl_tls12_client.c 1804 ECDH curve: x25519 ssl_tls12_client.c 1811 value of 'ECDH: Qp(X)' (252 bits) is: ssl_tls12_client.c 1811 0c 73 36 8c 39 9c fb 93 f6 6f 17 80 80 67 fb 7c ssl_tls12_client.c 1811 5e 07 04 53 96 6a 5d 5b 9a 2c f2 95 0a 58 dc d1 ssl_tls12_client.c 1811 value of 'ECDH: Qp(Y)' (0 bits) is: ssl_tls12_client.c 1811 00 ssl_tls12_client.c 2369 dumping 'signature' (256 bytes) ssl_tls12_client.c 2369 0000: 83 85 1c 02 f2 1f 5a 80 d6 b1 98 0f 70 0a 06 39 ......Z.....p..9 ssl_tls12_client.c 2369 0010: d9 d7 fe 69 75 69 4c 3b 90 7d b9 ec 8a 16 63 e8 ...iuiL;.}....c. ssl_tls12_client.c 2369 0020: da de 3b e2 79 24 fc 17 7c 6f 3d a5 c0 4b 4d e1 ..;.y$..|o=..KM. ssl_tls12_client.c 2369 0030: 5f 6d d5 ac 82 fc 47 a6 b3 3e 6d 4e 48 b3 0d 12 _m....G..>mNH... ssl_tls12_client.c 2369 0040: 76 9e b0 08 f2 23 56 80 c7 53 30 51 62 6e 64 1b v....#V..S0Qbnd. ssl_tls12_client.c 2369 0050: b0 b2 35 6f 6c 5b e9 a7 17 59 65 c5 e5 c0 3c b0 ..5ol[...Ye...<. ssl_tls12_client.c 2369 0060: 6b ed 2b 39 ea b9 a4 06 0f e3 e6 20 24 f5 33 e5 k.+9....... $.3. ssl_tls12_client.c 2369 0070: ee 0c 44 90 1a a1 96 53 78 e0 80 d0 ac f8 3e 92 ..D....Sx.....>. ssl_tls12_client.c 2369 0080: 4c c7 85 ac ba ab 7d 81 b6 3e d9 18 23 b2 72 e2 L.....}..>..#.r. ssl_tls12_client.c 2369 0090: 39 68 3b 93 a2 d8 e8 cf f5 69 fe 11 49 02 5a 8c 9h;......i..I.Z. ssl_tls12_client.c 2369 00a0: 72 41 3f 17 76 b3 8e 13 15 97 b3 fb c5 ca 7f 74 rA?.v..........t ssl_tls12_client.c 2369 00b0: 6e 75 7b 86 e6 02 ee bc 8a 37 47 92 94 a9 89 d9 nu{......7G..... ssl_tls12_client.c 2369 00c0: 05 a6 7c b4 12 a3 6a 78 99 d8 a0 a6 d6 bb 2e 21 ..|...jx.......! ssl_tls12_client.c 2369 00d0: 93 4d 22 e3 2a c8 2c 47 6f 08 06 8b 7d 46 56 9f .M".*.,Go...}FV. ssl_tls12_client.c 2369 00e0: 1c bb d4 63 94 d2 e3 4f e2 1a de 88 86 23 06 7d ...c...O.....#.} ssl_tls12_client.c 2369 00f0: 9f e3 34 d6 76 b7 85 4f 2f b1 61 b2 89 72 58 82 ..4.v..O/.a..rX. ssl_tls.c 9411 Perform mbedtls-based computation of digest of ServerKeyExchange ssl_tls12_client.c 2386 dumping 'parameters hash' (64 bytes) ssl_tls12_client.c 2386 0000: 04 50 e7 cb 0e a3 db f5 c8 ad 2c 78 fe 22 5b 66 .P........,x."[f ssl_tls12_client.c 2386 0010: 9d 11 f8 4f 4a f4 78 0a 2f ce 2e 77 88 69 80 7f ...OJ.x./..w.i.. ssl_tls12_client.c 2386 0020: 6b 7c c8 8e 0b ec f0 c5 b4 c5 1f 4e b6 4a 71 10 k|.........N.Jq. ssl_tls12_client.c 2386 0030: 27 80 74 57 8f 67 56 5c 5f 0e 7b 8b 15 ad da 2e '.tW.gV\_.{..... ssl_tls12_client.c 2457 <= parse server key exchange ssl_msg.c 2353 => flush output ssl_msg.c 2362 <= flush output ssl_tls.c 4529 client state: MBEDTLS_SSL_CERTIFICATE_REQUEST ssl_tls12_client.c 2496 => parse certificate request ssl_msg.c 4189 => read record ssl_msg.c 2155 => fetch input ssl_msg.c 2297 in_left: 0, nb_want: 5 ssl_msg.c 2317 in_left: 0, nb_want: 5 ssl_msg.c 2318 ssl->f_recv(_timeout)() returned 5 (-0xfffffffb) ssl_msg.c 2340 <= fetch input ssl_msg.c 3855 dumping 'input record header' (5 bytes) ssl_msg.c 3855 0000: 16 03 03 00 8b ..... ssl_msg.c 3859 input record: msgtype = 22, version = [0x303], msglen = 139 ssl_msg.c 2155 => fetch input ssl_msg.c 2297 in_left: 5, nb_want: 144 ssl_msg.c 2317 in_left: 5, nb_want: 144 ssl_msg.c 2318 ssl->f_recv(_timeout)() returned 139 (-0xffffff75) ssl_msg.c 2340 <= fetch input ssl_msg.c 3965 dumping 'input record from network' (144 bytes) ssl_msg.c 3965 0000: 16 03 03 00 8b 0d 00 00 87 03 01 02 40 00 28 04 ............@.(. ssl_msg.c 3965 0010: 03 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 ................ ssl_msg.c 3965 0020: 04 08 05 08 06 04 01 05 01 06 01 03 03 03 01 03 ................ ssl_msg.c 3965 0030: 02 04 02 05 02 06 02 00 57 00 55 30 53 31 0b 30 ........W.U0S1.0 ssl_msg.c 3965 0040: 09 06 03 55 04 06 13 02 55 53 31 0b 30 09 06 03 ...U....US1.0... ssl_msg.c 3965 0050: 55 04 08 0c 02 43 41 31 12 30 10 06 03 55 04 07 U....CA1.0...U.. ssl_msg.c 3965 0060: 0c 09 53 6f 6d 65 77 68 65 72 65 31 10 30 0e 06 ..Somewhere1.0.. ssl_msg.c 3965 0070: 03 55 04 0a 0c 07 53 6f 6d 65 6f 6e 65 31 11 30 .U....Someone1.0 ssl_msg.c 3965 0080: 0f 06 03 55 04 03 0c 08 46 6f 6f 62 61 72 43 41 ...U....FoobarCA ssl_msg.c 3234 handshake message: msglen = 139, type = 13, hslen = 139 ssl_msg.c 4261 <= read record ssl_tls12_client.c 2523 got a certificate request ssl_tls12_client.c 2613 Supported Signature Algorithm found: 04 03 ssl_tls12_client.c 2613 Supported Signature Algorithm found: 05 03 ssl_tls12_client.c 2613 Supported Signature Algorithm found: 06 03 ssl_tls12_client.c 2613 Supported Signature Algorithm found: 08 07 ssl_tls12_client.c 2613 Supported Signature Algorithm found: 08 08 ssl_tls12_client.c 2613 Supported Signature Algorithm found: 08 09 ssl_tls12_client.c 2613 Supported Signature Algorithm found: 08 0a ssl_tls12_client.c 2613 Supported Signature Algorithm found: 08 0b ssl_tls12_client.c 2613 Supported Signature Algorithm found: 08 04 ssl_tls12_client.c 2613 Supported Signature Algorithm found: 08 05 ssl_tls12_client.c 2613 Supported Signature Algorithm found: 08 06 ssl_tls12_client.c 2613 Supported Signature Algorithm found: 04 01 ssl_tls12_client.c 2613 Supported Signature Algorithm found: 05 01 ssl_tls12_client.c 2613 Supported Signature Algorithm found: 06 01 ssl_tls12_client.c 2613 Supported Signature Algorithm found: 03 03 ssl_tls12_client.c 2613 Supported Signature Algorithm found: 03 01 ssl_tls12_client.c 2613 Supported Signature Algorithm found: 03 02 ssl_tls12_client.c 2613 Supported Signature Algorithm found: 04 02 ssl_tls12_client.c 2613 Supported Signature Algorithm found: 05 02 ssl_tls12_client.c 2613 Supported Signature Algorithm found: 06 02 ssl_tls12_client.c 2652 DN hint: C=US, ST=CA, L=Somewhere, O=Someone, CN=FoobarCA ssl_tls12_client.c 2658 <= parse certificate request ssl_msg.c 2353 => flush output ssl_msg.c 2362 <= flush output ssl_tls.c 4529 client state: MBEDTLS_SSL_SERVER_HELLO_DONE ssl_tls12_client.c 2669 => parse server hello done ssl_msg.c 4189 => read record ssl_msg.c 2155 => fetch input ssl_msg.c 2297 in_left: 0, nb_want: 5 ssl_msg.c 2317 in_left: 0, nb_want: 5 ssl_msg.c 2318 ssl->f_recv(_timeout)() returned 5 (-0xfffffffb) ssl_msg.c 2340 <= fetch input ssl_msg.c 3855 dumping 'input record header' (5 bytes) ssl_msg.c 3855 0000: 16 03 03 00 04 ..... ssl_msg.c 3859 input record: msgtype = 22, version = [0x303], msglen = 4 ssl_msg.c 2155 => fetch input ssl_msg.c 2297 in_left: 5, nb_want: 9 ssl_msg.c 2317 in_left: 5, nb_want: 9 ssl_msg.c 2318 ssl->f_recv(_timeout)() returned 4 (-0xfffffffc) ssl_msg.c 2340 <= fetch input ssl_msg.c 3965 dumping 'input record from network' (9 bytes) ssl_msg.c 3965 0000: 16 03 03 00 04 0e 00 00 00 ......... ssl_msg.c 3234 handshake message: msglen = 4, type = 14, hslen = 4 ssl_msg.c 4261 <= read record ssl_tls12_client.c 2697 <= parse server hello done ssl_msg.c 2353 => flush output ssl_msg.c 2362 <= flush output ssl_tls.c 4529 client state: MBEDTLS_SSL_CLIENT_CERTIFICATE ssl_tls.c 7610 => write certificate ssl_tls.c 7637 own certificate #1: ssl_tls.c 7637 cert. version : 1 ssl_tls.c 7637 serial number : 6D:4F:99:2E:33:C5:10:1E:EA:27:57:74:8F:CF:4D:01:60:54:51:77 ssl_tls.c 7637 issuer name : C=US, ST=CA, L=Somewhere, O=Someone, CN=FoobarCA ssl_tls.c 7637 subject name : C=US, ST=CA, L=Somewhere, O=Someone, CN=Foobar ssl_tls.c 7637 issued on : 2024-04-03 09:36:01 ssl_tls.c 7637 expires on : 2025-04-03 09:36:01 ssl_tls.c 7637 signed using : RSA with SHA-256 ssl_tls.c 7637 RSA key size : 2048 bits ssl_tls.c 7637 value of 'crt->rsa.N' (2048 bits) is: ssl_tls.c 7637 a8 58 0d 38 1a 61 12 1b 16 45 c5 b8 63 6e a8 91 ssl_tls.c 7637 e4 78 c4 48 e6 cc f9 04 09 33 b4 8e d3 2d e8 6d ssl_tls.c 7637 fe 93 d1 c6 d5 82 fe 9f 15 de d1 06 8f ac df 76 ssl_tls.c 7637 ef 7f 4d 8c fe 00 ed 5c fa 5e 74 84 06 c8 2d d1 ssl_tls.c 7637 d7 57 6c 9f 56 3e 5e 09 b0 4c 2d 43 0d b6 ef 26 ssl_tls.c 7637 c9 6f 6b 28 1b 74 bb 4a e8 e9 66 8c de 8f b7 fe ssl_tls.c 7637 6c cc dd 8d ea e7 77 39 9d b5 24 42 5e 4a d7 d1 ssl_tls.c 7637 4a fd f4 81 0f 98 ed 8b 37 d9 3d 5b a8 b4 5b 66 ssl_tls.c 7637 57 2c 01 c0 5c 9c 94 cd 9c 9c 23 58 77 99 7e e5 ssl_tls.c 7637 81 87 51 2c 06 ce 8b 43 bb 2f af 7a ae 49 2a 02 ssl_tls.c 7637 6a 1f dd bb 84 1f 49 bb b3 17 37 46 73 b1 33 b0 ssl_tls.c 7637 73 22 58 26 1b 97 14 9f a6 f4 1a 18 86 51 df a6 ssl_tls.c 7637 df 5a e0 78 6b 48 58 20 d7 ae 8b 6b d5 4d e4 c8 ssl_tls.c 7637 96 73 dc 03 8e 5f 99 52 10 a2 9b a2 22 79 10 e3 ssl_tls.c 7637 38 93 33 b5 46 5a f8 3d 61 9e d5 31 ae 8a 34 d3 ssl_tls.c 7637 0c 64 39 42 ab a9 44 8b bf f6 b9 fb 92 92 14 df ssl_tls.c 7637 value of 'crt->rsa.E' (17 bits) is: ssl_tls.c 7637 01 00 01 ssl_msg.c 2783 => write handshake message ssl_msg.c 2943 => write record ssl_msg.c 3030 output record: msgtype = 22, version = [3:3], msglen = 825 ssl_msg.c 3033 dumping 'output record sent to network' (830 bytes) ssl_msg.c 3033 0000: 16 03 03 03 39 0b 00 03 35 00 03 32 00 03 2f 30 ....9...5..2../0 ssl_msg.c 3033 0010: 82 03 2b 30 82 02 13 02 14 6d 4f 99 2e 33 c5 10 ..+0.....mO..3.. ssl_msg.c 3033 0020: 1e ea 27 57 74 8f cf 4d 01 60 54 51 77 30 0d 06 ..'Wt..M.`TQw0.. ssl_msg.c 3033 0030: 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 53 31 0b .*.H........0S1. ssl_msg.c 3033 0040: 30 09 06 03 55 04 06 13 02 55 53 31 0b 30 09 06 0...U....US1.0.. ssl_msg.c 3033 0050: 03 55 04 08 0c 02 43 41 31 12 30 10 06 03 55 04 .U....CA1.0...U. ssl_msg.c 3033 0060: 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 10 30 0e ...Somewhere1.0. ssl_msg.c 3033 0070: 06 03 55 04 0a 0c 07 53 6f 6d 65 6f 6e 65 31 11 ..U....Someone1. ssl_msg.c 3033 0080: 30 0f 06 03 55 04 03 0c 08 46 6f 6f 62 61 72 43 0...U....FoobarC ssl_msg.c 3033 0090: 41 30 1e 17 0d 32 34 30 34 30 33 30 39 33 36 30 A0...24040309360 ssl_msg.c 3033 00a0: 31 5a 17 0d 32 35 30 34 30 33 30 39 33 36 30 31 1Z..250403093601 ssl_msg.c 3033 00b0: 5a 30 51 31 0b 30 09 06 03 55 04 06 13 02 55 53 Z0Q1.0...U....US ssl_msg.c 3033 00c0: 31 0b 30 09 06 03 55 04 08 0c 02 43 41 31 12 30 1.0...U....CA1.0 ssl_msg.c 3033 00d0: 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 ...U....Somewher ssl_msg.c 3033 00e0: 65 31 10 30 0e 06 03 55 04 0a 0c 07 53 6f 6d 65 e1.0...U....Some ssl_msg.c 3033 00f0: 6f 6e 65 31 0f 30 0d 06 03 55 04 03 0c 06 46 6f one1.0...U....Fo ssl_msg.c 3033 0100: 6f 62 61 72 30 82 01 22 30 0d 06 09 2a 86 48 86 obar0.."0...*.H. ssl_msg.c 3033 0110: f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a ............0... ssl_msg.c 3033 0120: 02 82 01 01 00 a8 58 0d 38 1a 61 12 1b 16 45 c5 ......X.8.a...E. ssl_msg.c 3033 0130: b8 63 6e a8 91 e4 78 c4 48 e6 cc f9 04 09 33 b4 .cn...x.H.....3. ssl_msg.c 3033 0140: 8e d3 2d e8 6d fe 93 d1 c6 d5 82 fe 9f 15 de d1 ..-.m........... ssl_msg.c 3033 0150: 06 8f ac df 76 ef 7f 4d 8c fe 00 ed 5c fa 5e 74 ....v..M....\.^t ssl_msg.c 3033 0160: 84 06 c8 2d d1 d7 57 6c 9f 56 3e 5e 09 b0 4c 2d ...-..Wl.V>^..L- ssl_msg.c 3033 0170: 43 0d b6 ef 26 c9 6f 6b 28 1b 74 bb 4a e8 e9 66 C...&.ok(.t.J..f ssl_msg.c 3033 0180: 8c de 8f b7 fe 6c cc dd 8d ea e7 77 39 9d b5 24 .....l.....w9..$ ssl_msg.c 3033 0190: 42 5e 4a d7 d1 4a fd f4 81 0f 98 ed 8b 37 d9 3d B^J..J.......7.= ssl_msg.c 3033 01a0: 5b a8 b4 5b 66 57 2c 01 c0 5c 9c 94 cd 9c 9c 23 [..[fW,..\.....# ssl_msg.c 3033 01b0: 58 77 99 7e e5 81 87 51 2c 06 ce 8b 43 bb 2f af Xw.~...Q,...C./. ssl_msg.c 3033 01c0: 7a ae 49 2a 02 6a 1f dd bb 84 1f 49 bb b3 17 37 z.I*.j.....I...7 ssl_msg.c 3033 01d0: 46 73 b1 33 b0 73 22 58 26 1b 97 14 9f a6 f4 1a Fs.3.s"X&....... ssl_msg.c 3033 01e0: 18 86 51 df a6 df 5a e0 78 6b 48 58 20 d7 ae 8b ..Q...Z.xkHX ... ssl_msg.c 3033 01f0: 6b d5 4d e4 c8 96 73 dc 03 8e 5f 99 52 10 a2 9b k.M...s..._.R... ssl_msg.c 3033 0200: a2 22 79 10 e3 38 93 33 b5 46 5a f8 3d 61 9e d5 ."y..8.3.FZ.=a.. ssl_msg.c 3033 0210: 31 ae 8a 34 d3 0c 64 39 42 ab a9 44 8b bf f6 b9 1..4..d9B..D.... ssl_msg.c 3033 0220: fb 92 92 14 df 02 03 01 00 01 30 0d 06 09 2a 86 ..........0...*. ssl_msg.c 3033 0230: 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 1f db H............... ssl_msg.c 3033 0240: c6 fe 9b 7b 85 92 a4 31 2d 4b e9 bb 7e f9 76 84 ...{...1-K..~.v. ssl_msg.c 3033 0250: 36 4e 86 d2 f1 15 c3 fb cd 1b 0e f9 0f b0 1b 8d 6N.............. ssl_msg.c 3033 0260: 53 4c ba fc 56 a7 23 ef cb 5f bc fe 09 a3 b6 c2 SL..V.#.._...... ssl_msg.c 3033 0270: 0e 36 9b aa 03 48 2b 8b fd df 77 3d ee d2 8c f8 .6...H+...w=.... ssl_msg.c 3033 0280: 8f 0e da 8c 81 47 64 6f 8b 3b 2a e2 50 00 6d a0 .....Gdo.;*.P.m. ssl_msg.c 3033 0290: 4a 9c 36 a6 37 c1 34 c6 84 cf ea 14 d1 5b cb 3c J.6.7.4......[.< ssl_msg.c 3033 02a0: df 01 1e 8c ea 21 2f 73 4d b8 e5 7c 88 bd 47 5e .....!/sM..|..G^ ssl_msg.c 3033 02b0: 46 cd 80 20 09 ca 4d f6 13 0c 20 73 44 a8 3f 00 F.. ..M... sD.?. ssl_msg.c 3033 02c0: 7d 5c 0a fb 40 38 d3 7f 3b 29 b5 28 2b 97 39 16 }\..@8..;).(+.9. ssl_msg.c 3033 02d0: 29 06 15 8a 3d 36 b0 2e 7d f3 06 0a 3c 3a 85 e3 )...=6..}...<:.. ssl_msg.c 3033 02e0: 31 06 a5 fc 62 37 8a 8c 12 c8 a1 f3 5f 02 8f 1e 1...b7......_... ssl_msg.c 3033 02f0: 0b 81 de c3 4c 2d bd b7 66 12 e4 d9 3b 29 f2 c1 ....L-..f...;).. ssl_msg.c 3033 0300: 72 c5 2e 45 a0 bb b7 ee 5b d6 0b 7c fe ea b3 a5 r..E....[..|.... ssl_msg.c 3033 0310: 6e e2 53 8b 7d 68 f7 ae 3f a5 fe f5 66 e4 a1 9f n.S.}h..?...f... ssl_msg.c 3033 0320: 2b e3 d0 a2 00 f0 59 83 1a 32 59 eb 86 e6 e5 d1 +.....Y..2Y..... ssl_msg.c 3033 0330: c1 8e 5b 01 bd 50 d4 20 96 5e fb b4 05 6d ..[..P. .^...m ssl_msg.c 2353 => flush output ssl_msg.c 2369 message length: 830, out_left: 830 ssl_msg.c 2374 ssl->f_send() returned 830 (-0xfffffcc2) ssl_msg.c 2401 <= flush output ssl_msg.c 3080 <= write record ssl_msg.c 2904 <= write handshake message ssl_tls.c 7683 <= write certificate ssl_msg.c 2353 => flush output ssl_msg.c 2362 <= flush output ssl_tls.c 4529 client state: MBEDTLS_SSL_CLIENT_KEY_EXCHANGE ssl_tls12_client.c 2712 => write client key exchange ssl_tls12_client.c 2859 value of 'ECDH: Q(X)' (255 bits) is: ssl_tls12_client.c 2859 53 da 7c ff f7 64 59 09 22 ba fd c9 fa 01 db 9e ssl_tls12_client.c 2859 42 7c 2c 76 b0 c3 0d 26 33 11 d6 06 d2 fc 96 f5 ssl_tls12_client.c 2859 value of 'ECDH: Q(Y)' (0 bits) is: ssl_tls12_client.c 2859 00 ssl_tls12_client.c 2887 value of 'ECDH: z' (252 bits) is: ssl_tls12_client.c 2887 0c 8a 79 16 e0 71 b1 7f 8a 4c 01 5b 07 4b e4 e7 ssl_tls12_client.c 2887 5e 9a e6 99 c8 9f 21 0b d2 26 b0 85 10 1a ba 38 ssl_msg.c 2783 => write handshake message ssl_msg.c 2943 => write record ssl_msg.c 3030 output record: msgtype = 22, version = [3:3], msglen = 37 ssl_msg.c 3033 dumping 'output record sent to network' (42 bytes) ssl_msg.c 3033 0000: 16 03 03 00 25 10 00 00 21 20 f5 96 fc d2 06 d6 ....%...! ...... ssl_msg.c 3033 0010: 11 33 26 0d c3 b0 76 2c 7c 42 9e db 01 fa c9 fd .3&...v,|B...... ssl_msg.c 3033 0020: ba 22 09 59 64 f7 ff 7c da 53 .".Yd..|.S ssl_msg.c 2353 => flush output ssl_msg.c 2369 message length: 42, out_left: 42 ssl_msg.c 2374 ssl->f_send() returned 42 (-0xffffffd6) ssl_msg.c 2401 <= flush output ssl_msg.c 3080 <= write record ssl_msg.c 2904 <= write handshake message ssl_tls12_client.c 3207 <= write client key exchange ssl_msg.c 2353 => flush output ssl_msg.c 2362 <= flush output ssl_tls.c 4529 client state: MBEDTLS_SSL_CERTIFICATE_VERIFY ssl_tls12_client.c 3255 => write certificate verify ssl_tls.c 7224 => derive keys ssl_tls.c 7348 => calc verify ssl_tls.c 7366 dumping 'calculated verify result' (32 bytes) ssl_tls.c 7366 0000: 53 fb cc 8e 39 7b 59 88 b6 4b 7f 97 4c db de 63 S...9{Y..K..L..c ssl_tls.c 7366 0010: 55 1e e4 3e a5 6a ae cc a7 e7 63 42 74 f9 51 2d U..>.j....cBt.Q- ssl_tls.c 7367 <= calc verify ssl_tls.c 7079 dumping 'session hash for extended master secret' (32 bytes) ssl_tls.c 7079 0000: 53 fb cc 8e 39 7b 59 88 b6 4b 7f 97 4c db de 63 S...9{Y..K..L..c ssl_tls.c 7079 0010: 55 1e e4 3e a5 6a ae cc a7 e7 63 42 74 f9 51 2d U..>.j....cBt.Q- ssl_tls.c 7209 dumping 'premaster secret' (32 bytes) ssl_tls.c 7209 0000: 38 ba 1a 10 85 b0 26 d2 0b 21 9f c8 99 e6 9a 5e 8.....&..!.....^ ssl_tls.c 7209 0010: e7 e4 4b 07 5b 01 4c 8a 7f b1 71 e0 16 79 8a 0c ..K.[.L...q..y.. ssl_tls.c 8949 ciphersuite = TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 ssl_tls.c 8950 dumping 'master secret' (48 bytes) ssl_tls.c 8950 0000: 1b 2a 2f 71 31 f9 ba 6e 88 19 f5 c3 b0 62 2b 21 .*/q1..n.....b+! ssl_tls.c 8950 0010: b3 11 18 c6 61 4b c6 2e 4a 32 96 5d df e8 8c 29 ....aK..J2.]...) ssl_tls.c 8950 0020: c0 be c2 85 93 02 76 b2 8c a0 54 f4 df 14 0d 4c ......v...T....L ssl_tls.c 8951 dumping 'random bytes' (64 bytes) ssl_tls.c 8951 0000: 76 36 49 0c df c5 5f 16 59 fa a0 24 de 4f 91 1d v6I..._.Y..$.O.. ssl_tls.c 8951 0010: 01 18 c4 f4 75 a1 f9 ee 64 aa 85 27 40 09 f4 59 ....u...d..'@..Y ssl_tls.c 8951 0020: 66 31 86 39 78 bc 58 af ec e1 20 b2 82 67 fb 9b f1.9x.X... ..g.. ssl_tls.c 8951 0030: 2f 56 40 0f b1 35 c1 b9 27 f1 e5 06 89 c2 23 69 /V@..5..'.....#i ssl_tls.c 8952 dumping 'key block' (256 bytes) ssl_tls.c 8952 0000: 46 12 65 58 80 e2 42 09 cb 76 d5 77 bd 6d 83 dd F.eX..B..v.w.m.. ssl_tls.c 8952 0010: 54 b4 16 f0 37 3c 3a e0 a6 77 b7 02 ff fd df 37 T...7<:..w.....7 ssl_tls.c 8952 0020: cc 85 4b 59 e3 0b 66 80 44 53 be 3e 39 90 ff f9 ..KY..f.DS.>9... ssl_tls.c 8952 0030: ce 56 97 e4 ea 43 52 34 14 cc b3 b8 58 ce d3 b1 .V...CR4....X... ssl_tls.c 8952 0040: f7 c5 6f 77 7c 10 47 fc ac d6 fe 49 58 eb 63 d1 ..ow|.G....IX.c. ssl_tls.c 8952 0050: d9 6f 5b 0a f1 1d b8 97 bc 9c 12 81 9b ad ed 44 .o[............D ssl_tls.c 8952 0060: dd 85 a8 b3 00 ee 50 5f 84 c3 be 41 d4 17 1a 46 ......P_...A...F ssl_tls.c 8952 0070: ab 81 59 65 bc 77 55 15 72 ab 91 3d 96 f0 a4 e8 ..Ye.wU.r..=.... ssl_tls.c 8952 0080: e7 55 f7 48 98 6d a9 17 c4 cc cc ed 06 bf 2e 75 .U.H.m.........u ssl_tls.c 8952 0090: 19 2a c6 07 42 f2 11 3f 0d 84 e9 ce 1f 2a 22 4f .*..B..?.....*"O ssl_tls.c 8952 00a0: 56 92 33 ad 8e 8b 93 01 1a b0 a1 09 9a 54 35 7f V.3..........T5. ssl_tls.c 8952 00b0: a3 bd 68 ab 82 bf 3c 85 c9 52 a9 86 ec bf 1e 23 ..h...<..R.....# ssl_tls.c 8952 00c0: 31 17 7b 72 75 89 a8 15 52 ec 26 2e 39 88 3e aa 1.{ru...R.&.9.>. ssl_tls.c 8952 00d0: 35 b5 7a 35 8e 71 bb 1b c4 ec 1e c2 5b 5e 3d 8f 5.z5.q......[^=. ssl_tls.c 8952 00e0: 9b 69 d2 ea 24 d8 95 5f 0a 9f 83 32 7d 3a 21 33 .i..$.._...2}:!3 ssl_tls.c 8952 00f0: 71 dd 98 ba e3 db 2f 18 bd 7c 45 18 8b d5 4b 31 q...../..|E...K1 ssl_tls.c 9074 keylen: 32, minlen: 16, ivlen: 12, maclen: 0 ssl_tls.c 7275 <= derive keys ssl_tls.c 7348 => calc verify ssl_tls.c 7366 dumping 'calculated verify result' (32 bytes) ssl_tls.c 7366 0000: 53 fb cc 8e 39 7b 59 88 b6 4b 7f 97 4c db de 63 S...9{Y..K..L..c ssl_tls.c 7366 0010: 55 1e e4 3e a5 6a ae cc a7 e7 63 42 74 f9 51 2d U..>.j....cBt.Q- ssl_tls.c 7367 <= calc verify ssl_msg.c 2783 => write handshake message ssl_msg.c 2943 => write record ssl_msg.c 3030 output record: msgtype = 22, version = [3:3], msglen = 264 ssl_msg.c 3033 dumping 'output record sent to network' (269 bytes) ssl_msg.c 3033 0000: 16 03 03 01 08 0f 00 01 04 04 01 01 00 2d 69 d5 .............-i. ssl_msg.c 3033 0010: e7 fd 6f bb db 81 03 16 f7 be 31 31 1b 84 02 04 ..o.......11.... ssl_msg.c 3033 0020: 0e c8 d1 47 0f 4f 17 14 01 23 ec 23 73 cb 44 fd ...G.O...#.#s.D. ssl_msg.c 3033 0030: 95 fd 99 97 6c e0 4e e7 9c 8f f3 05 2a 0d 2f af ....l.N.....*./. ssl_msg.c 3033 0040: ee e8 03 bc 7f 6d 2e 9d c9 d4 1a a8 e3 9b 23 2f .....m........#/ ssl_msg.c 3033 0050: 7a 84 fa df 38 66 a0 f6 9f f8 88 32 59 c7 fc 7b z...8f.....2Y..{ ssl_msg.c 3033 0060: 0e 7d da ca e4 05 31 4e a5 7d 8c b1 18 df 3c 69 .}....1N.}....<i ssl_msg.c 3033 0070: 38 73 b6 25 66 2f 4a dc 17 db d6 cc 4c 76 d9 99 8s.%f/J.....Lv.. ssl_msg.c 3033 0080: 6e 18 98 83 36 56 08 4f 5a 3b 7b e5 97 c9 f5 e7 n...6V.OZ;{..... ssl_msg.c 3033 0090: ec 3a ed 85 6d 68 82 2f 46 d4 0d dc 34 b8 fc a5 .:..mh./F...4... ssl_msg.c 3033 00a0: b0 b6 b6 9b 52 44 96 57 ef 38 ef aa 3a fc 1d ee ....RD.W.8..:... ssl_msg.c 3033 00b0: 5d 93 71 c1 6a 1d b3 06 eb 7c 36 8d f9 bc 90 b2 ].q.j....|6..... ssl_msg.c 3033 00c0: a0 a6 67 c0 24 e9 1d ff 73 81 7d 78 20 6e 94 12 ..g.$...s.}x n.. ssl_msg.c 3033 00d0: 31 1b df db d7 8e 16 d1 ec 19 15 95 b7 83 fb 21 1..............! ssl_msg.c 3033 00e0: 0e e4 ce 71 0b 4f 4f 54 12 29 29 bb 12 5e 87 86 ...q.OOT.))..^.. ssl_msg.c 3033 00f0: 7f b2 16 21 fe a9 8e ce 05 f4 0a 1f c6 04 24 42 ...!..........$B ssl_msg.c 3033 0100: ca d5 50 e9 bb b9 31 d9 cf 82 98 cf 05 ..P...1...... ssl_msg.c 2353 => flush output ssl_msg.c 2369 message length: 269, out_left: 269 ssl_msg.c 2374 ssl->f_send() returned 269 (-0xfffffef3) ssl_msg.c 2401 <= flush output ssl_msg.c 3080 <= write record ssl_msg.c 2904 <= write handshake message ssl_tls12_client.c 3367 <= write certificate verify ssl_msg.c 2353 => flush output ssl_msg.c 2362 <= flush output ssl_tls.c 4529 client state: MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC ssl_msg.c 5189 => write change cipher spec ssl_msg.c 2783 => write handshake message ssl_msg.c 2943 => write record ssl_msg.c 3030 output record: msgtype = 20, version = [3:3], msglen = 1 ssl_msg.c 3033 dumping 'output record sent to network' (6 bytes) ssl_msg.c 3033 0000: 14 03 03 00 01 01 ...... ssl_msg.c 2353 => flush output ssl_msg.c 2369 message length: 6, out_left: 6 ssl_msg.c 2374 ssl->f_send() returned 6 (-0xfffffffa) ssl_msg.c 2401 <= flush output ssl_msg.c 3080 <= write record ssl_msg.c 2904 <= write handshake message ssl_msg.c 5202 <= write change cipher spec ssl_msg.c 2353 => flush output ssl_msg.c 2362 <= flush output ssl_tls.c 4529 client state: MBEDTLS_SSL_CLIENT_FINISHED ssl_tls.c 8548 => write finished ssl_tls.c 8382 => calc finished tls ssl_tls.c 8399 dumping 'finished output' (32 bytes) ssl_tls.c 8399 0000: 34 68 9c f8 bf d8 cc 6f 86 ef 29 87 e9 d3 94 18 4h.....o..)..... ssl_tls.c 8399 0010: 26 e3 42 ce fa 88 7e 74 bc b4 14 d4 33 d7 7c 44 &.B...~t....3.|D ssl_tls.c 8409 dumping 'calc finished result' (12 bytes) ssl_tls.c 8409 0000: 5a 27 25 d6 93 d6 c1 09 99 b7 ea b4 Z'%......... ssl_tls.c 8413 <= calc finished ssl_tls.c 8597 switching to new transform spec for outbound data ssl_msg.c 2783 => write handshake message ssl_msg.c 2943 => write record ssl_msg.c 935 => encrypt buf ssl_msg.c 958 dumping 'before encrypt: output payload' (16 bytes) ssl_msg.c 958 0000: 14 00 00 0c 5a 27 25 d6 93 d6 c1 09 99 b7 ea b4 ....Z'%......... ssl_msg.c 1183 dumping 'IV used (internal)' (12 bytes) ssl_msg.c 1183 0000: f7 c5 6f 77 7c 10 47 fc ac d6 fe 49 ..ow|.G....I ssl_msg.c 1186 dumping 'IV used (transmitted)' (0 bytes) ssl_msg.c 1188 dumping 'additional data used for AEAD' (13 bytes) ssl_msg.c 1188 0000: 00 00 00 00 00 00 00 00 16 03 03 00 10 ............. ssl_msg.c 1191 before encrypt: msglen = 16, including 0 bytes of padding ssl_msg.c 1225 dumping 'after encrypt: tag' (16 bytes) ssl_msg.c 1225 0000: 58 dc 74 4a 90 c9 22 6c 0f b9 59 29 86 91 14 34 X.tJ.."l..Y)...4 ssl_msg.c 1474 <= encrypt buf ssl_msg.c 3030 output record: msgtype = 22, version = [3:3], msglen = 32 ssl_msg.c 3033 dumping 'output record sent to network' (37 bytes) ssl_msg.c 3033 0000: 16 03 03 00 20 b4 c7 02 81 65 54 f8 16 cc d1 e4 .... ....eT..... ssl_msg.c 3033 0010: f2 46 f9 08 9b 58 dc 74 4a 90 c9 22 6c 0f b9 59 .F...X.tJ.."l..Y ssl_msg.c 3033 0020: 29 86 91 14 34 )...4 ssl_msg.c 2353 => flush output ssl_msg.c 2369 message length: 37, out_left: 37 ssl_msg.c 2374 ssl->f_send() returned 37 (-0xffffffdb) ssl_msg.c 2401 <= flush output ssl_msg.c 3080 <= write record ssl_msg.c 2904 <= write handshake message ssl_tls.c 8650 <= write finished ssl_msg.c 2353 => flush output ssl_msg.c 2362 <= flush output ssl_tls.c 4529 client state: MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC ssl_msg.c 5211 => parse change cipher spec ssl_msg.c 4189 => read record ssl_msg.c 2155 => fetch input ssl_msg.c 2297 in_left: 0, nb_want: 5 ssl_msg.c 2317 in_left: 0, nb_want: 5 ssl_msg.c 2318 ssl->f_recv(_timeout)() returned 0 (-0x0000) ssl_msg.c 4861 mbedtls_ssl_fetch_input() returned -29312 (-0x7280) ssl_msg.c 4220 ssl_get_next_record() returned -29312 (-0x7280) ssl_msg.c 5214 mbedtls_ssl_read_record() returned -29312 (-0x7280) ssl_tls.c 4635 <= handshake ssl_tls.c 1327 The SSL configuration is tls12 only. ssl_tls.c 1327 The SSL configuration is tls12 only. ssl_tls.c 4622 => handshake ssl_msg.c 2353 => flush output ssl_msg.c 2362 <= flush output ssl_tls.c 4529 client state: MBEDTLS_SSL_HELLO_REQUEST ssl_msg.c 2353 => flush output ssl_msg.c 2362 <= flush output ssl_tls.c 4529 client state: MBEDTLS_SSL_CLIENT_HELLO ssl_client.c 919 => write client hello ssl_client.c 725 client hello, current time: 1714521685 ssl_client.c 487 dumping 'client hello, random bytes' (32 bytes) ssl_client.c 487 0000: 66 31 86 55 1d 06 34 0b ef 5c 46 5e 95 8a ea bb f1.U..4..\F^.... ssl_client.c 487 0010: 34 d5 7d de 77 24 bd 19 1f 7d 09 94 0c a8 01 6c 4.}.w$...}.....l ssl_client.c 512 dumping 'session id' (0 bytes) ssl_client.c 371 client hello, add ciphersuite: cca8, TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 ssl_client.c 371 client hello, add ciphersuite: cca9, TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 ssl_client.c 371 client hello, add ciphersuite: ccaa, TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 ssl_client.c 371 client hello, add ciphersuite: c0ad, TLS-ECDHE-ECDSA-WITH-AES-256-CCM ssl_client.c 371 client hello, add ciphersuite: c09f, TLS-DHE-RSA-WITH-AES-256-CCM ssl_client.c 371 client hello, add ciphersuite: 006b, TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 ssl_client.c 371 client hello, add ciphersuite: c00a, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA ssl_client.c 371 client hello, add ciphersuite: c014, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA ssl_client.c 371 client hello, add ciphersuite: 0039, TLS-DHE-RSA-WITH-AES-256-CBC-SHA ssl_client.c 371 client hello, add ciphersuite: c0af, TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8 ssl_client.c 371 client hello, add ciphersuite: c0a3, TLS-DHE-RSA-WITH-AES-256-CCM-8 ssl_client.c 371 client hello, add ciphersuite: c02b, TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 ssl_client.c 371 client hello, add ciphersuite: c02f, TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 ssl_client.c 371 client hello, add ciphersuite: 009e, TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 ssl_client.c 371 client hello, add ciphersuite: c0ac, TLS-ECDHE-ECDSA-WITH-AES-128-CCM ssl_client.c 371 client hello, add ciphersuite: c09e, TLS-DHE-RSA-WITH-AES-128-CCM ssl_client.c 371 client hello, add ciphersuite: c023, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 ssl_client.c 371 client hello, add ciphersuite: c027, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 ssl_client.c 371 client hello, add ciphersuite: 0067, TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 ssl_client.c 371 client hello, add ciphersuite: c009, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA ssl_client.c 371 client hello, add ciphersuite: c013, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA ssl_client.c 371 client hello, add ciphersuite: 0033, TLS-DHE-RSA-WITH-AES-128-CBC-SHA ssl_client.c 371 client hello, add ciphersuite: c0ae, TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8 ssl_client.c 371 client hello, add ciphersuite: c0a2, TLS-DHE-RSA-WITH-AES-128-CCM-8 ssl_client.c 371 client hello, add ciphersuite: c09d, TLS-RSA-WITH-AES-256-CCM ssl_client.c 371 client hello, add ciphersuite: 003d, TLS-RSA-WITH-AES-256-CBC-SHA256 ssl_client.c 371 client hello, add ciphersuite: 0035, TLS-RSA-WITH-AES-256-CBC-SHA ssl_client.c 371 client hello, add ciphersuite: c0a1, TLS-RSA-WITH-AES-256-CCM-8 ssl_client.c 371 client hello, add ciphersuite: 009c, TLS-RSA-WITH-AES-128-GCM-SHA256 ssl_client.c 371 client hello, add ciphersuite: c09c, TLS-RSA-WITH-AES-128-CCM ssl_client.c 371 client hello, add ciphersuite: 003c, TLS-RSA-WITH-AES-128-CBC-SHA256 ssl_client.c 371 client hello, add ciphersuite: 002f, TLS-RSA-WITH-AES-128-CBC-SHA ssl_client.c 371 client hello, add ciphersuite: c0a0, TLS-RSA-WITH-AES-128-CCM-8 ssl_client.c 387 adding EMPTY_RENEGOTIATION_INFO_SCSV ssl_client.c 398 client hello, got 34 cipher suites ssl_client.c 230 client hello, adding supported_groups extension ssl_client.c 249 got supported group(001d) ssl_client.c 283 NamedGroup: x25519 ( 1d ) ssl_client.c 249 got supported group(0017) ssl_client.c 283 NamedGroup: secp256r1 ( 17 ) ssl_client.c 249 got supported group(0018) ssl_client.c 283 NamedGroup: secp384r1 ( 18 ) ssl_client.c 249 got supported group(001e) ssl_client.c 283 NamedGroup: x448 ( 1e ) ssl_client.c 249 got supported group(0019) ssl_client.c 283 NamedGroup: secp521r1 ( 19 ) ssl_client.c 249 got supported group(001a) ssl_client.c 283 NamedGroup: bp256r1 ( 1a ) ssl_client.c 249 got supported group(001b) ssl_client.c 283 NamedGroup: bp384r1 ( 1b ) ssl_client.c 249 got supported group(001c) ssl_client.c 283 NamedGroup: bp512r1 ( 1c ) ssl_client.c 302 dumping 'Supported groups extension' (18 bytes) ssl_client.c 302 0000: 00 10 00 1d 00 17 00 18 00 1e 00 19 00 1a 00 1b ................ ssl_client.c 302 0010: 00 1c .. ssl_tls.c 9611 adding signature_algorithms extension ssl_tls.c 9633 got signature scheme [603] ecdsa_secp521r1_sha512 ssl_tls.c 9642 sent signature scheme [603] ecdsa_secp521r1_sha512 ssl_tls.c 9633 got signature scheme [806] rsa_pss_rsae_sha512 ssl_tls.c 9633 got signature scheme [601] rsa_pkcs1_sha512 ssl_tls.c 9642 sent signature scheme [601] rsa_pkcs1_sha512 ssl_tls.c 9633 got signature scheme [403] ecdsa_secp256r1_sha256 ssl_tls.c 9642 sent signature scheme [403] ecdsa_secp256r1_sha256 ssl_tls.c 9633 got signature scheme [804] rsa_pss_rsae_sha256 ssl_tls.c 9633 got signature scheme [401] rsa_pkcs1_sha256 ssl_tls.c 9642 sent signature scheme [401] rsa_pkcs1_sha256 ssl_tls12_client.c 106 client hello, adding supported_point_formats extension ssl_tls12_client.c 307 client hello, adding encrypt_then_mac extension ssl_tls12_client.c 339 client hello, adding extended_master_secret extension ssl_tls12_client.c 372 client hello, adding session ticket extension ssl_client.c 689 client hello, total extension length: 54 ssl_client.c 691 dumping 'client hello extensions' (54 bytes) ssl_client.c 691 0000: 00 36 00 0a 00 12 00 10 00 1d 00 17 00 18 00 1e .6.............. ssl_client.c 691 0010: 00 19 00 1a 00 1b 00 1c 00 0d 00 0a 00 08 06 03 ................ ssl_client.c 691 0020: 06 01 04 03 04 01 00 0b 00 02 01 00 00 16 00 00 ................ ssl_client.c 691 0030: 00 17 00 00 00 23 .....# ssl_msg.c 2783 => write handshake message ssl_msg.c 2943 => write record ssl_msg.c 3030 output record: msgtype = 22, version = [3:3], msglen = 167 ssl_msg.c 3033 dumping 'output record sent to network' (172 bytes) ssl_msg.c 3033 0000: 16 03 03 00 a7 01 00 00 a3 03 03 66 31 86 55 1d ...........f1.U. ssl_msg.c 3033 0010: 06 34 0b ef 5c 46 5e 95 8a ea bb 34 d5 7d de 77 .4..\F^....4.}.w ssl_msg.c 3033 0020: 24 bd 19 1f 7d 09 94 0c a8 01 6c 00 00 44 cc a8 $...}.....l..D.. ssl_msg.c 3033 0030: cc a9 cc aa c0 ad c0 9f 00 6b c0 0a c0 14 00 39 .........k.....9 ssl_msg.c 3033 0040: c0 af c0 a3 c0 2b c0 2f 00 9e c0 ac c0 9e c0 23 .....+./.......# ssl_msg.c 3033 0050: c0 27 00 67 c0 09 c0 13 00 33 c0 ae c0 a2 c0 9d .'.g.....3...... ssl_msg.c 3033 0060: 00 3d 00 35 c0 a1 00 9c c0 9c 00 3c 00 2f c0 a0 .=.5.......<./.. ssl_msg.c 3033 0070: 00 ff 01 00 00 36 00 0a 00 12 00 10 00 1d 00 17 .....6.......... ssl_msg.c 3033 0080: 00 18 00 1e 00 19 00 1a 00 1b 00 1c 00 0d 00 0a ................ ssl_msg.c 3033 0090: 00 08 06 03 06 01 04 03 04 01 00 0b 00 02 01 00 ................ ssl_msg.c 3033 00a0: 00 16 00 00 00 17 00 00 00 23 00 00 .........#.. ssl_msg.c 3080 <= write record ssl_msg.c 2904 <= write handshake message ssl_client.c 1012 <= write client hello ssl_msg.c 2353 => flush output ssl_msg.c 2369 message length: 172, out_left: 172 ssl_msg.c 2374 ssl->f_send() returned 172 (-0xffffff54) ssl_msg.c 2401 <= flush output ssl_tls.c 4529 client state: MBEDTLS_SSL_SERVER_HELLO ssl_tls12_client.c 1193 => parse server hello ssl_msg.c 4189 => read record ssl_msg.c 2155 => fetch input ssl_msg.c 2297 in_left: 0, nb_want: 5 ssl_msg.c 2317 in_left: 0, nb_want: 5 ssl_msg.c 2318 ssl->f_recv(_timeout)() returned 5 (-0xfffffffb) ssl_msg.c 2340 <= fetch input ssl_msg.c 3812 unknown record type 176 ssl_msg.c 4220 ssl_get_next_record() returned -29184 (-0x7200) ssl_tls12_client.c 1197 mbedtls_ssl_read_record() returned -29184 (-0x7200) ssl_tls.c 4635 <= handshake ssl_tls.c 1327 The SSL configuration is tls12 only. ssl_tls.c 1327 The SSL configuration is tls12 only. ssl_tls.c 1327 The SSL configuration is tls12 only. ssl_tls.c 1327 The SSL configuration is tls12 only. ssl_tls.c 4622 => handshake ssl_msg.c 2353 => flush output ssl_msg.c 2362 <= flush output ssl_tls.c 4529 client state: MBEDTLS_SSL_HELLO_REQUEST ssl_msg.c 2353 => flush output ssl_msg.c 2362 <= flush output ssl_tls.c 4529 client state: MBEDTLS_SSL_CLIENT_HELLO ssl_client.c 919 => write client hello ssl_client.c 725 client hello, current time: 1714521687 ssl_client.c 487 dumping 'client hello, random bytes' (32 bytes) ssl_client.c 487 0000: 66 31 86 57 a5 48 94 b1 96 f5 c3 5a 51 0f bd 24 f1.W.H.....ZQ..$ ssl_client.c 487 0010: 29 f9 8c cc 59 61 ea e7 2b 4f 28 d7 13 e1 98 78 )...Ya..+O(....x ssl_client.c 512 dumping 'session id' (0 bytes) ssl_client.c 371 client hello, add ciphersuite: cca8, TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 ssl_client.c 371 client hello, add ciphersuite: cca9, TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 ssl_client.c 371 client hello, add ciphersuite: ccaa, TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 ssl_client.c 371 client hello, add ciphersuite: c0ad, TLS-ECDHE-ECDSA-WITH-AES-256-CCM ssl_client.c 371 client hello, add ciphersuite: c09f, TLS-DHE-RSA-WITH-AES-256-CCM ssl_client.c 371 client hello, add ciphersuite: 006b, TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 ssl_client.c 371 client hello, add ciphersuite: c00a, TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA ssl_client.c 371 client hello, add ciphersuite: c014, TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA ssl_client.c 371 client hello, add ciphersuite: 0039, TLS-DHE-RSA-WITH-AES-256-CBC-SHA ssl_client.c 371 client hello, add ciphersuite: c0af, TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8 ssl_client.c 371 client hello, add ciphersuite: c0a3, TLS-DHE-RSA-WITH-AES-256-CCM-8 ssl_client.c 371 client hello, add ciphersuite: c02b, TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 ssl_client.c 371 client hello, add ciphersuite: c02f, TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 ssl_client.c 371 client hello, add ciphersuite: 009e, TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 ssl_client.c 371 client hello, add ciphersuite: c0ac, TLS-ECDHE-ECDSA-WITH-AES-128-CCM ssl_client.c 371 client hello, add ciphersuite: c09e, TLS-DHE-RSA-WITH-AES-128-CCM ssl_client.c 371 client hello, add ciphersuite: c023, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 ssl_client.c 371 client hello, add ciphersuite: c027, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 ssl_client.c 371 client hello, add ciphersuite: 0067, TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 ssl_client.c 371 client hello, add ciphersuite: c009, TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA ssl_client.c 371 client hello, add ciphersuite: c013, TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA ssl_client.c 371 client hello, add ciphersuite: 0033, TLS-DHE-RSA-WITH-AES-128-CBC-SHA ssl_client.c 371 client hello, add ciphersuite: c0ae, TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8 ssl_client.c 371 client hello, add ciphersuite: c0a2, TLS-DHE-RSA-WITH-AES-128-CCM-8 ssl_client.c 371 client hello, add ciphersuite: c09d, TLS-RSA-WITH-AES-256-CCM ssl_client.c 371 client hello, add ciphersuite: 003d, TLS-RSA-WITH-AES-256-CBC-SHA256 ssl_client.c 371 client hello, add ciphersuite: 0035, TLS-RSA-WITH-AES-256-CBC-SHA ssl_client.c 371 client hello, add ciphersuite: c0a1, TLS-RSA-WITH-AES-256-CCM-8 ssl_client.c 371 client hello, add ciphersuite: 009c, TLS-RSA-WITH-AES-128-GCM-SHA256 ssl_client.c 371 client hello, add ciphersuite: c09c, TLS-RSA-WITH-AES-128-CCM ssl_client.c 371 client hello, add ciphersuite: 003c, TLS-RSA-WITH-AES-128-CBC-SHA256 ssl_client.c 371 client hello, add ciphersuite: 002f, TLS-RSA-WITH-AES-128-CBC-SHA ssl_client.c 371 client hello, add ciphersuite: c0a0, TLS-RSA-WITH-AES-128-CCM-8 ssl_client.c 387 adding EMPTY_RENEGOTIATION_INFO_SCSV ssl_client.c 398 client hello, got 34 cipher suites ssl_client.c 230 client hello, adding supported_groups extension ssl_client.c 249 got supported group(001d) ssl_client.c 283 NamedGroup: x25519 ( 1d ) ssl_client.c 249 got supported group(0017) ssl_client.c 283 NamedGroup: secp256r1 ( 17 ) ssl_client.c 249 got supported group(0018) ssl_client.c 283 NamedGroup: secp384r1 ( 18 ) ssl_client.c 249 got supported group(001e) ssl_client.c 283 NamedGroup: x448 ( 1e ) ssl_client.c 249 got supported group(0019) ssl_client.c 283 NamedGroup: secp521r1 ( 19 ) ssl_client.c 249 got supported group(001a) ssl_client.c 283 NamedGroup: bp256r1 ( 1a ) ssl_client.c 249 got supported group(001b) ssl_client.c 283 NamedGroup: bp384r1 ( 1b ) ssl_client.c 249 got supported group(001c) ssl_client.c 283 NamedGroup: bp512r1 ( 1c ) ssl_client.c 302 dumping 'Supported groups extension' (18 bytes) ssl_client.c 302 0000: 00 10 00 1d 00 17 00 18 00 1e 00 19 00 1a 00 1b ................ ssl_client.c 302 0010: 00 1c .. ssl_tls.c 9611 adding signature_algorithms extension ssl_tls.c 9633 got signature scheme [603] ecdsa_secp521r1_sha512 ssl_tls.c 9642 sent signature scheme [603] ecdsa_secp521r1_sha512 ssl_tls.c 9633 got signature scheme [806] rsa_pss_rsae_sha512 ssl_tls.c 9633 got signature scheme [601] rsa_pkcs1_sha512 ssl_tls.c 9642 sent signature scheme [601] rsa_pkcs1_sha512 ssl_tls.c 9633 got signature scheme [403] ecdsa_secp256r1_sha256 ssl_tls.c 9642 sent signature scheme [403] ecdsa_secp256r1_sha256 ssl_tls.c 9633 got signature scheme [804] rsa_pss_rsae_sha256 ssl_tls.c 9633 got signature scheme [401] rsa_pkcs1_sha256 ssl_tls.c 9642 sent signature scheme [401] rsa_pkcs1_sha256 ssl_tls12_client.c 106 client hello, adding supported_point_formats extension ssl_tls12_client.c 307 client hello, adding encrypt_then_mac extension ssl_tls12_client.c 339 client hello, adding extended_master_secret extension ssl_tls12_client.c 372 client hello, adding session ticket extension ssl_client.c 689 client hello, total extension length: 54 ssl_client.c 691 dumping 'client hello extensions' (54 bytes) ssl_client.c 691 0000: 00 36 00 0a 00 12 00 10 00 1d 00 17 00 18 00 1e .6.............. ssl_client.c 691 0010: 00 19 00 1a 00 1b 00 1c 00 0d 00 0a 00 08 06 03 ................ ssl_client.c 691 0020: 06 01 04 03 04 01 00 0b 00 02 01 00 00 16 00 00 ................ ssl_client.c 691 0030: 00 17 00 00 00 23 .....# ssl_msg.c 2783 => write handshake message ssl_msg.c 2943 => write record ssl_msg.c 3030 output record: msgtype = 22, version = [3:3], msglen = 167 ssl_msg.c 3033 dumping 'output record sent to network' (172 bytes) ssl_msg.c 3033 0000: 16 03 03 00 a7 01 00 00 a3 03 03 66 31 86 57 a5 ...........f1.W. ssl_msg.c 3033 0010: 48 94 b1 96 f5 c3 5a 51 0f bd 24 29 f9 8c cc 59 H.....ZQ..$)...Y ssl_msg.c 3033 0020: 61 ea e7 2b 4f 28 d7 13 e1 98 78 00 00 44 cc a8 a..+O(....x..D.. ssl_msg.c 3033 0030: cc a9 cc aa c0 ad c0 9f 00 6b c0 0a c0 14 00 39 .........k.....9 ssl_msg.c 3033 0040: c0 af c0 a3 c0 2b c0 2f 00 9e c0 ac c0 9e c0 23 .....+./.......# ssl_msg.c 3033 0050: c0 27 00 67 c0 09 c0 13 00 33 c0 ae c0 a2 c0 9d .'.g.....3...... ssl_msg.c 3033 0060: 00 3d 00 35 c0 a1 00 9c c0 9c 00 3c 00 2f c0 a0 .=.5.......<./.. ssl_msg.c 3033 0070: 00 ff 01 00 00 36 00 0a 00 12 00 10 00 1d 00 17 .....6.......... ssl_msg.c 3033 0080: 00 18 00 1e 00 19 00 1a 00 1b 00 1c 00 0d 00 0a ................ ssl_msg.c 3033 0090: 00 08 06 03 06 01 04 03 04 01 00 0b 00 02 01 00 ................ ssl_msg.c 3033 00a0: 00 16 00 00 00 17 00 00 00 23 00 00 .........#.. ssl_msg.c 3080 <= write record ssl_msg.c 2904 <= write handshake message ssl_client.c 1012 <= write client hello ssl_msg.c 2353 => flush output ssl_msg.c 2369 message length: 172, out_left: 172 ssl_msg.c 2374 ssl->f_send() returned 172 (-0xffffff54) ssl_msg.c 2401 <= flush output ssl_tls.c 4529 client state: MBEDTLS_SSL_SERVER_HELLO ssl_tls12_client.c 1193 => parse server hello ssl_msg.c 4189 => read record ssl_msg.c 2155 => fetch input ssl_msg.c 2297 in_left: 0, nb_want: 5 ssl_msg.c 2317 in_left: 0, nb_want: 5 ssl_msg.c 2318 ssl->f_recv(_timeout)() returned 0 (-0x0000) ssl_msg.c 4861 mbedtls_ssl_fetch_input() returned -29312 (-0x7280) ssl_msg.c 4220 ssl_get_next_record() returned -29312 (-0x7280) ssl_tls12_client.c 1197 mbedtls_ssl_read_record() returned -29312 (-0x7280) ssl_tls.c 4635 <= handshake ssl_tls.c 4622 => handshake ssl_msg.c 2353 => flush output ssl_msg.c 2362 <= flush output ssl_tls.c 4529 client state: MBEDTLS_SSL_SERVER_HELLO ssl_tls12_client.c 1193 => parse server hello ssl_msg.c 4189 => read record ssl_msg.c 2155 => fetch input ssl_msg.c 2297 in_left: 0, nb_want: 5 ssl_msg.c 2317 in_left: 0, nb_want: 5 ssl_msg.c 2318 ssl->f_recv(_timeout)() returned 5 (-0xfffffffb) ssl_msg.c 2340 <= fetch input ssl_msg.c 3855 dumping 'input record header' (5 bytes) ssl_msg.c 3855 0000: 16 03 03 00 3d ....= ssl_msg.c 3859 input record: msgtype = 22, version = [0x303], msglen = 61 ssl_msg.c 2155 => fetch input ssl_msg.c 2297 in_left: 5, nb_want: 66 ssl_msg.c 2317 in_left: 5, nb_want: 66 ssl_msg.c 2318 ssl->f_recv(_timeout)() returned 61 (-0xffffffc3) ssl_msg.c 2340 <= fetch input ssl_msg.c 3965 dumping 'input record from network' (66 bytes) ssl_msg.c 3965 0000: 16 03 03 00 3d 02 00 00 39 03 03 c9 25 99 9a 84 ....=...9...%... ssl_msg.c 3965 0010: 14 6a d9 ff 29 d1 12 43 d7 aa 0e ca 40 f1 18 d0 .j..)..C....@... ssl_msg.c 3965 0020: 0e 19 85 97 d5 26 ab 7b 6c 3f e4 00 cc a8 00 00 .....&.{l?...... ssl_msg.c 3965 0030: 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 ................ ssl_msg.c 3965 0040: 00 00 .. ssl_msg.c 3234 handshake message: msglen = 61, type = 2, hslen = 61 ssl_msg.c 4261 <= read record ssl_tls12_client.c 1267 dumping 'server hello, version' (2 bytes) ssl_tls12_client.c 1267 0000: 03 03 .. ssl_tls12_client.c 1292 server hello, current time: 3374684570 ssl_tls12_client.c 1298 dumping 'server hello, random bytes' (32 bytes) ssl_tls12_client.c 1298 0000: c9 25 99 9a 84 14 6a d9 ff 29 d1 12 43 d7 aa 0e .%....j..)..C... ssl_tls12_client.c 1298 0010: ca 40 f1 18 d0 0e 19 85 97 d5 26 ab 7b 6c 3f e4 .@........&.{l?. ssl_tls12_client.c 1360 server hello, session id len.: 0 ssl_tls12_client.c 1361 dumping 'server hello, session id' (0 bytes) ssl_tls12_client.c 1386 no session has been resumed ssl_tls12_client.c 1388 server hello, chosen ciphersuite: cca8 ssl_tls12_client.c 1390 server hello, compress alg.: 0 ssl_tls12_client.c 1425 server hello, chosen ciphersuite: TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 ssl_tls12_client.c 1447 server hello, total extension length: 17 ssl_tls12_client.c 1463 found renegotiation extension ssl_tls12_client.c 1543 found supported_point_formats extension ssl_tls12_client.c 841 point format selected: 0 ssl_tls12_client.c 1516 found extended_master_secret extension ssl_tls12_client.c 1659 <= parse server hello ssl_msg.c 2353 => flush output ssl_msg.c 2362 <= flush output ssl_tls.c 4529 client state: MBEDTLS_SSL_SERVER_CERTIFICATE ssl_tls.c 8204 => parse certificate ssl_msg.c 4189 => read record ssl_msg.c 2155 => fetch input ssl_msg.c 2297 in_left: 0, nb_want: 5 ssl_msg.c 2317 in_left: 0, nb_want: 5 ssl_msg.c 2318 ssl->f_recv(_timeout)() returned 5 (-0xfffffffb) ssl_msg.c 2340 <= fetch input ssl_msg.c 3855 dumping 'input record header' (5 bytes) ssl_msg.c 3855 0000: 16 03 03 06 c7 ..... ssl_msg.c 3859 input record: msgtype = 22, version = [0x303], msglen = 1735 ssl_msg.c 2155 => fetch input ssl_msg.c 2297 in_left: 5, nb_want: 1740 ssl_msg.c 2317 in_left: 5, nb_want: 1740 ssl_msg.c 2318 ssl->f_recv(_timeout)() returned 1735 (-0xfffff939) ssl_msg.c 2340 <= fetch input ssl_msg.c 3965 dumping 'input record from network' (1740 bytes) ssl_msg.c 3965 0000: 16 03 03 06 c7 0b 00 06 c3 00 06 c0 00 03 2f 30 ............../0 ssl_msg.c 3965 0010: 82 03 2b 30 82 02 13 02 14 6d 4f 99 2e 33 c5 10 ..+0.....mO..3.. ssl_msg.c 3965 0020: 1e ea 27 57 74 8f cf 4d 01 60 54 51 76 30 0d 06 ..'Wt..M.`TQv0.. ssl_msg.c 3965 0030: 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 53 31 0b .*.H........0S1. ssl_msg.c 3965 0040: 30 09 06 03 55 04 06 13 02 55 53 31 0b 30 09 06 0...U....US1.0.. ssl_msg.c 3965 0050: 03 55 04 08 0c 02 43 41 31 12 30 10 06 03 55 04 .U....CA1.0...U. ssl_msg.c 3965 0060: 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 10 30 0e ...Somewhere1.0. ssl_msg.c 3965 0070: 06 03 55 04 0a 0c 07 53 6f 6d 65 6f 6e 65 31 11 ..U....Someone1. ssl_msg.c 3965 0080: 30 0f 06 03 55 04 03 0c 08 46 6f 6f 62 61 72 43 0...U....FoobarC ssl_msg.c 3965 0090: 41 30 1e 17 0d 32 34 30 34 30 33 30 39 33 35 30 A0...24040309350 ssl_msg.c 3965 00a0: 30 5a 17 0d 32 35 30 34 30 33 30 39 33 35 30 30 0Z..250403093500 ssl_msg.c 3965 00b0: 5a 30 51 31 0b 30 09 06 03 55 04 06 13 02 55 53 Z0Q1.0...U....US ssl_msg.c 3965 00c0: 31 0b 30 09 06 03 55 04 08 0c 02 43 41 31 12 30 1.0...U....CA1.0 ssl_msg.c 3965 00d0: 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 ...U....Somewher ssl_msg.c 3965 00e0: 65 31 10 30 0e 06 03 55 04 0a 0c 07 53 6f 6d 65 e1.0...U....Some ssl_msg.c 3965 00f0: 6f 6e 65 31 0f 30 0d 06 03 55 04 03 0c 06 46 6f one1.0...U....Fo ssl_msg.c 3965 0100: 6f 62 61 72 30 82 01 22 30 0d 06 09 2a 86 48 86 obar0.."0...*.H. ssl_msg.c 3965 0110: f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a ............0... ssl_msg.c 3965 0120: 02 82 01 01 00 c1 9f d8 d2 15 fe e5 68 e8 fe 65 ............h..e ssl_msg.c 3965 0130: 21 e4 c4 78 ea 22 da 31 4d 08 77 df 03 d5 13 03 !..x.".1M.w..... ssl_msg.c 3965 0140: ec 36 8f d1 d3 c1 5c 15 52 fd 9d c8 27 f2 ca 51 .6....\.R...'..Q ssl_msg.c 3965 0150: 79 18 22 95 d7 6b 09 72 96 79 5a d0 cd cc ac 20 y."..k.r.yZ.... ssl_msg.c 3965 0160: 2e f2 05 cb 57 57 f3 91 07 9f 3d d7 2c e7 4e 97 ....WW....=.,.N. ssl_msg.c 3965 0170: 56 31 0a 3c 04 fd 43 9d ee 9f e7 5b d8 b7 41 0e V1.<..C....[..A. ssl_msg.c 3965 0180: d8 9b 28 8b 82 33 cd ff 7d db 8c c2 3d b6 c0 ff ..(..3..}...=... ssl_msg.c 3965 0190: 48 df dd bb 9e d6 d1 84 0a d5 f5 f5 c4 88 cc 7f H............... ssl_msg.c 3965 01a0: 2b 82 67 f0 9c 47 54 27 00 6a f0 59 0a d6 0f 84 +.g..GT'.j.Y.... ssl_msg.c 3965 01b0: a9 10 8f d2 a5 d3 26 53 3c 28 57 94 01 06 8a 1d ......&S<(W..... ssl_msg.c 3965 01c0: ff 90 e2 48 25 55 7e fd 03 cc 2c 6b e4 0e 3e 09 ...H%U~...,k..>. ssl_msg.c 3965 01d0: b2 2c 97 23 32 29 b2 55 a4 f1 37 3d 1c f8 d0 a3 .,.#2).U..7=.... ssl_msg.c 3965 01e0: 4b 6d 78 db 68 2c ac 6e 6b d6 14 2e 86 e6 0f 3d Kmx.h,.nk......= ssl_msg.c 3965 01f0: d1 61 38 de ba cb bf 4f d8 d0 af 66 b2 3f 09 0e .a8....O...f.?.. ssl_msg.c 3965 0200: 51 c5 4b c6 d2 c0 90 8a db 51 98 32 bf a3 9b e9 Q.K......Q.2.... ssl_msg.c 3965 0210: 94 a2 69 9a 0a e1 a1 6e ad 63 59 92 e2 81 4a 29 ..i....n.cY...J) ssl_msg.c 3965 0220: 36 84 36 33 2b 02 03 01 00 01 30 0d 06 09 2a 86 6.63+.....0...*. ssl_msg.c 3965 0230: 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 1d eb H............... ssl_msg.c 3965 0240: c0 c7 45 0b 99 54 89 c9 9c 6b 18 c7 22 bf d8 a1 ..E..T...k.."... ssl_msg.c 3965 0250: 30 b6 09 ca b1 8e b4 fc a1 a7 f9 27 f8 12 ff b0 0..........'.... ssl_msg.c 3965 0260: fb c8 44 b1 d8 52 40 71 05 7d 8e 1d c1 69 0f ff ..D..R@q.}...i.. ssl_msg.c 3965 0270: f4 d2 a3 8b df e1 0b f0 8c de fb 60 e1 81 87 bc ...........`.... ssl_msg.c 3965 0280: 0f 46 84 0e db 64 dd cc c0 eb 7b bd 35 ac 5d 33 .F...d....{.5.]3 ssl_msg.c 3965 0290: 9c f7 96 24 05 4d 45 27 37 6d 0c 9f 92 ea 7d fe ...$.ME'7m....}. ssl_msg.c 3965 02a0: 4a 9b c9 54 3b 91 0f 87 7c f4 46 64 b0 3d 54 c4 J..T;...|.Fd.=T. ssl_msg.c 3965 02b0: 5f 17 bd 88 a5 07 85 24 71 44 6c be 3b 3a f8 a4 _......$qDl.;:.. ssl_msg.c 3965 02c0: 7a 2b 67 5e 3d bd 5a 12 8d 2e bd 47 8d 6f 0d 02 z+g^=.Z....G.o.. ssl_msg.c 3965 02d0: 90 af fe 8b a9 ef a8 12 73 77 29 ce fe ef 79 51 ........sw)...yQ ssl_msg.c 3965 02e0: 68 6b 2f 18 fd da f8 1e 52 eb e9 eb 38 c0 ee ee hk/.....R...8... ssl_msg.c 3965 02f0: 45 de 8f 5f 3f c4 d8 9e c4 12 87 83 5c 48 0b c9 E.._?.......\H.. ssl_msg.c 3965 0300: 5a 28 6a ec e4 28 f1 07 5b 27 7d 75 d5 2b c2 dd Z(j..(..['}u.+.. ssl_msg.c 3965 0310: ff 88 08 e3 89 14 36 6d 8b ce e3 27 d7 ef 90 bd ......6m...'.... ssl_msg.c 3965 0320: 4e da 78 f6 bf 99 4d f7 95 bf d9 d5 e8 52 f1 c8 N.x...M......R.. ssl_msg.c 3965 0330: df 5c e1 c3 fd 8e 10 0f ae cf ef bb 94 2f 00 03 .\.........../.. ssl_msg.c 3965 0340: 8b 30 82 03 87 30 82 02 6f a0 03 02 01 02 02 14 .0...0..o....... ssl_msg.c 3965 0350: 22 df a0 f5 03 ec 52 a6 04 2e 69 b4 86 56 5f 5c ".....R...i..V_\ ssl_msg.c 3965 0360: 29 ec 05 e6 30 0d 06 09 2a 86 48 86 f7 0d 01 01 )...0...*.H..... ssl_msg.c 3965 0370: 0b 05 00 30 53 31 0b 30 09 06 03 55 04 06 13 02 ...0S1.0...U.... ssl_msg.c 3965 0380: 55 53 31 0b 30 09 06 03 55 04 08 0c 02 43 41 31 US1.0...U....CA1 ssl_msg.c 3965 0390: 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 .0...U....Somewh ssl_msg.c 3965 03a0: 65 72 65 31 10 30 0e 06 03 55 04 0a 0c 07 53 6f ere1.0...U....So ssl_msg.c 3965 03b0: 6d 65 6f 6e 65 31 11 30 0f 06 03 55 04 03 0c 08 meone1.0...U.... ssl_msg.c 3965 03c0: 46 6f 6f 62 61 72 43 41 30 1e 17 0d 32 34 30 34 FoobarCA0...2404 ssl_msg.c 3965 03d0: 30 33 30 39 33 33 34 30 5a 17 0d 32 35 30 34 30 03093340Z..25040 ssl_msg.c 3965 03e0: 33 30 39 33 33 34 30 5a 30 53 31 0b 30 09 06 03 3093340Z0S1.0... ssl_msg.c 3965 03f0: 55 04 06 13 02 55 53 31 0b 30 09 06 03 55 04 08 U....US1.0...U.. ssl_msg.c 3965 0400: 0c 02 43 41 31 12 30 10 06 03 55 04 07 0c 09 53 ..CA1.0...U....S ssl_msg.c 3965 0410: 6f 6d 65 77 68 65 72 65 31 10 30 0e 06 03 55 04 omewhere1.0...U. ssl_msg.c 3965 0420: 0a 0c 07 53 6f 6d 65 6f 6e 65 31 11 30 0f 06 03 ...Someone1.0... ssl_msg.c 3965 0430: 55 04 03 0c 08 46 6f 6f 62 61 72 43 41 30 82 01 U....FoobarCA0.. ssl_msg.c 3965 0440: 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 "0...*.H........ ssl_msg.c 3965 0450: 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 c7 25 .....0.........% ssl_msg.c 3965 0460: 6d c2 a1 b4 55 87 c1 90 64 49 5f d0 b4 c3 4a 07 m...U...dI_...J. ssl_msg.c 3965 0470: b8 40 d9 ff 10 5b ea 01 fa a2 d7 06 97 af b2 1a .@...[.......... ssl_msg.c 3965 0480: 72 0f 81 14 10 18 b2 17 dc f3 70 72 18 90 00 87 r.........pr.... ssl_msg.c 3965 0490: 0c 04 bb fa 50 8c ee d6 f0 83 1e ea 97 54 cb 37 ....P........T.7 ssl_msg.c 3965 04a0: 1f 5e b8 a5 fc b8 90 5d 88 2a b4 7e a8 5f 9c dc .^.....].*.~._.. ssl_msg.c 3965 04b0: b7 e5 3c 5b c3 d0 21 0e ed 81 16 a0 81 54 42 17 ..<[..!......TB. ssl_msg.c 3965 04c0: 02 bf 79 3d b2 11 dc 3d 35 e1 36 a1 c4 55 0d 8f ..y=...=5.6..U.. ssl_msg.c 3965 04d0: c5 31 87 7c be 02 20 6e de 3e aa c5 e5 25 03 37 .1.|.. n.>...%.7 ssl_msg.c 3965 04e0: 13 c7 17 18 36 5f 80 bd d4 d7 d3 f7 60 4c 0b 04 ....6_......`L.. ssl_msg.c 3965 04f0: 33 aa a6 c9 49 fa df b4 7c 13 7d 37 67 a7 8c b7 3...I...|.}7g... ssl_msg.c 3965 0500: c4 12 45 8a 88 80 f9 80 8f ab df f8 3c 78 e6 2c ..E.........<x., ssl_msg.c 3965 0510: e1 03 2c 7e de 8f af ad 75 ad d5 31 3d af 25 8e ..,~....u..1=.%. ssl_msg.c 3965 0520: ae 2e 61 c9 33 eb e2 0d 31 74 06 f8 f5 06 8d b0 ..a.3...1t...... ssl_msg.c 3965 0530: ac c4 f5 5f 7b c8 5e 4c 7f ed 26 a4 7e c6 d4 23 ..._{.^L..&.~..# ssl_msg.c 3965 0540: 2c 99 d3 b2 a8 a0 68 c0 f9 5d be f8 ef 2c f2 6f ,.....h..]...,.o ssl_msg.c 3965 0550: 8e 21 a6 06 1a ca 81 ef ef 95 5e 29 9d db 02 03 .!........^).... ssl_msg.c 3965 0560: 01 00 01 a3 53 30 51 30 1d 06 03 55 1d 0e 04 16 ....S0Q0...U.... ssl_msg.c 3965 0570: 04 14 94 e0 bc ab b9 f5 8a 65 8a 45 64 d9 83 2e .........e.Ed... ssl_msg.c 3965 0580: 41 ec b0 14 8d 87 30 1f 06 03 55 1d 23 04 18 30 A.....0...U.#..0 ssl_msg.c 3965 0590: 16 80 14 94 e0 bc ab b9 f5 8a 65 8a 45 64 d9 83 ..........e.Ed.. ssl_msg.c 3965 05a0: 2e 41 ec b0 14 8d 87 30 0f 06 03 55 1d 13 01 01 .A.....0...U.... ssl_msg.c 3965 05b0: ff 04 05 30 03 01 01 ff 30 0d 06 09 2a 86 48 86 ...0....0...*.H. ssl_msg.c 3965 05c0: f7 0d 01 01 0b 05 00 03 82 01 01 00 ae 3d e2 42 .............=.B ssl_msg.c 3965 05d0: 91 fe d5 70 a5 28 44 4d 0c 66 78 fc cd 07 89 24 ...p.(DM.fx....$ ssl_msg.c 3965 05e0: 1e 2f a7 55 08 c0 69 9f 2a 37 90 bf 93 da 5e 6a ./.U..i.*7....^j ssl_msg.c 3965 05f0: 75 5e 3f 53 29 e2 13 9c 3a 3e 6a 0a 99 ca 09 51 u^?S)...:>j....Q ssl_msg.c 3965 0600: 91 2a 23 d0 ad df 36 cc e2 e0 e6 0d cb 00 33 57 .*#...6.......3W ssl_msg.c 3965 0610: db b0 a5 70 98 e9 60 1b 91 9e ec c7 64 ad 14 79 ...p..`.....d..y ssl_msg.c 3965 0620: 0e 08 22 ef a8 0e 1a 71 a0 3a 17 04 9f 0c a8 12 .."....q.:...... ssl_msg.c 3965 0630: 26 55 0d 09 09 77 4e 9e 2f cf 1c 34 f8 e8 40 19 &U...wN./..4..@. ssl_msg.c 3965 0640: 19 c2 9d 31 2d c2 a0 a1 fa bd 9b 49 31 c9 dd b9 ...1-......I1... ssl_msg.c 3965 0650: 87 a2 bc 7e 60 e1 b8 88 57 84 d6 11 08 b2 33 94 ...~`...W.....3. ssl_msg.c 3965 0660: bd 19 77 78 df e1 5f e3 c9 aa 05 ad df f7 ac 0f ..wx.._......... ssl_msg.c 3965 0670: 48 06 83 43 51 1d 0c f8 62 c0 4b 78 a1 ff 5e 9a H..CQ...b.Kx..^. ssl_msg.c 3965 0680: f1 e5 a7 bb 85 8f ee b8 3a e0 17 69 5b 0b 49 19 ........:..i[.I. ssl_msg.c 3965 0690: 36 e0 ee 12 0b 63 99 c0 26 71 d7 22 20 9e 30 a1 6....c..&q." .0. ssl_msg.c 3965 06a0: 93 75 69 71 32 65 e6 c4 3f 31 cd 87 f3 b0 0c b0 .uiq2e..?1...... ssl_msg.c 3965 06b0: 5b 05 4d 1c ce a1 45 c2 0b 92 e0 8c 72 cc 99 5d [.M...E.....r..] ssl_msg.c 3965 06c0: 44 27 2b 6b 1e cf 62 03 b4 9c e6 42 D'+k..b....B ssl_msg.c 3234 handshake message: msglen = 1735, type = 11, hslen = 1735 ssl_msg.c 4261 <= read record ssl_tls.c 7887 peer certificate #1: ssl_tls.c 7887 cert. version : 1 ssl_tls.c 7887 serial number : 6D:4F:99:2E:33:C5:10:1E:EA:27:57:74:8F:CF:4D:01:60:54:51:76 ssl_tls.c 7887 issuer name : C=US, ST=CA, L=Somewhere, O=Someone, CN=FoobarCA ssl_tls.c 7887 subject name : C=US, ST=CA, L=Somewhere, O=Someone, CN=Foobar ssl_tls.c 7887 issued on : 2024-04-03 09:35:00 ssl_tls.c 7887 expires on : 2025-04-03 09:35:00 ssl_tls.c 7887 signed using : RSA with SHA-256 ssl_tls.c 7887 RSA key size : 2048 bits ssl_tls.c 7887 value of 'crt->rsa.N' (2048 bits) is: ssl_tls.c 7887 c1 9f d8 d2 15 fe e5 68 e8 fe 65 21 e4 c4 78 ea ssl_tls.c 7887 22 da 31 4d 08 77 df 03 d5 13 03 ec 36 8f d1 d3 ssl_tls.c 7887 c1 5c 15 52 fd 9d c8 27 f2 ca 51 79 18 22 95 d7 ssl_tls.c 7887 6b 09 72 96 79 5a d0 cd cc ac 20 2e f2 05 cb 57 ssl_tls.c 7887 57 f3 91 07 9f 3d d7 2c e7 4e 97 56 31 0a 3c 04 ssl_tls.c 7887 fd 43 9d ee 9f e7 5b d8 b7 41 0e d8 9b 28 8b 82 ssl_tls.c 7887 33 cd ff 7d db 8c c2 3d b6 c0 ff 48 df dd bb 9e ssl_tls.c 7887 d6 d1 84 0a d5 f5 f5 c4 88 cc 7f 2b 82 67 f0 9c ssl_tls.c 7887 47 54 27 00 6a f0 59 0a d6 0f 84 a9 10 8f d2 a5 ssl_tls.c 7887 d3 26 53 3c 28 57 94 01 06 8a 1d ff 90 e2 48 25 ssl_tls.c 7887 55 7e fd 03 cc 2c 6b e4 0e 3e 09 b2 2c 97 23 32 ssl_tls.c 7887 29 b2 55 a4 f1 37 3d 1c f8 d0 a3 4b 6d 78 db 68 ssl_tls.c 7887 2c ac 6e 6b d6 14 2e 86 e6 0f 3d d1 61 38 de ba ssl_tls.c 7887 cb bf 4f d8 d0 af 66 b2 3f 09 0e 51 c5 4b c6 d2 ssl_tls.c 7887 c0 90 8a db 51 98 32 bf a3 9b e9 94 a2 69 9a 0a ssl_tls.c 7887 e1 a1 6e ad 63 59 92 e2 81 4a 29 36 84 36 33 2b ssl_tls.c 7887 value of 'crt->rsa.E' (17 bits) is: ssl_tls.c 7887 01 00 01 ssl_tls.c 7887 peer certificate #2: ssl_tls.c 7887 cert. version : 3 ssl_tls.c 7887 serial number : 22:DF:A0:F5:03:EC:52:A6:04:2E:69:B4:86:56:5F:5C:29:EC:05:E6 ssl_tls.c 7887 issuer name : C=US, ST=CA, L=Somewhere, O=Someone, CN=FoobarCA ssl_tls.c 7887 subject name : C=US, ST=CA, L=Somewhere, O=Someone, CN=FoobarCA ssl_tls.c 7887 issued on : 2024-04-03 09:33:40 ssl_tls.c 7887 expires on : 2025-04-03 09:33:40 ssl_tls.c 7887 signed using : RSA with SHA-256 ssl_tls.c 7887 RSA key size : 2048 bits ssl_tls.c 7887 basic constraints : CA=true ssl_tls.c 7887 value of 'crt->rsa.N' (2048 bits) is: ssl_tls.c 7887 c7 25 6d c2 a1 b4 55 87 c1 90 64 49 5f d0 b4 c3 ssl_tls.c 7887 4a 07 b8 40 d9 ff 10 5b ea 01 fa a2 d7 06 97 af ssl_tls.c 7887 b2 1a 72 0f 81 14 10 18 b2 17 dc f3 70 72 18 90 ssl_tls.c 7887 00 87 0c 04 bb fa 50 8c ee d6 f0 83 1e ea 97 54 ssl_tls.c 7887 cb 37 1f 5e b8 a5 fc b8 90 5d 88 2a b4 7e a8 5f ssl_tls.c 7887 9c dc b7 e5 3c 5b c3 d0 21 0e ed 81 16 a0 81 54 ssl_tls.c 7887 42 17 02 bf 79 3d b2 11 dc 3d 35 e1 36 a1 c4 55 ssl_tls.c 7887 0d 8f c5 31 87 7c be 02 20 6e de 3e aa c5 e5 25 ssl_tls.c 7887 03 37 13 c7 17 18 36 5f 80 bd d4 d7 d3 f7 60 4c ssl_tls.c 7887 0b 04 33 aa a6 c9 49 fa df b4 7c 13 7d 37 67 a7 ssl_tls.c 7887 8c b7 c4 12 45 8a 88 80 f9 80 8f ab df f8 3c 78 ssl_tls.c 7887 e6 2c e1 03 2c 7e de 8f af ad 75 ad d5 31 3d af ssl_tls.c 7887 25 8e ae 2e 61 c9 33 eb e2 0d 31 74 06 f8 f5 06 ssl_tls.c 7887 8d b0 ac c4 f5 5f 7b c8 5e 4c 7f ed 26 a4 7e c6 ssl_tls.c 7887 d4 23 2c 99 d3 b2 a8 a0 68 c0 f9 5d be f8 ef 2c ssl_tls.c 7887 f2 6f 8e 21 a6 06 1a ca 81 ef ef 95 5e 29 9d db ssl_tls.c 7887 value of 'crt->rsa.E' (17 bits) is: ssl_tls.c 7887 01 00 01 ssl_tls.c 7971 Use configuration-specific verification callback ssl_tls.c 8131 Certificate verification flags clear ssl_tls.c 8317 <= parse certificate ssl_msg.c 2353 => flush output ssl_msg.c 2362 <= flush output ssl_tls.c 4529 client state: MBEDTLS_SSL_SERVER_KEY_EXCHANGE ssl_tls12_client.c 2087 => parse server key exchange ssl_msg.c 4189 => read record ssl_msg.c 2155 => fetch input ssl_msg.c 2297 in_left: 0, nb_want: 5 ssl_msg.c 2317 in_left: 0, nb_want: 5 ssl_msg.c 2318 ssl->f_recv(_timeout)() returned 5 (-0xfffffffb) ssl_msg.c 2340 <= fetch input ssl_msg.c 3855 dumping 'input record header' (5 bytes) ssl_msg.c 3855 0000: 16 03 03 01 2c ...., ssl_msg.c 3859 input record: msgtype = 22, version = [0x303], msglen = 300 ssl_msg.c 2155 => fetch input ssl_msg.c 2297 in_left: 5, nb_want: 305 ssl_msg.c 2317 in_left: 5, nb_want: 305 ssl_msg.c 2318 ssl->f_recv(_timeout)() returned 300 (-0xfffffed4) ssl_msg.c 2340 <= fetch input ssl_msg.c 3965 dumping 'input record from network' (305 bytes) ssl_msg.c 3965 0000: 16 03 03 01 2c 0c 00 01 28 03 00 1d 20 53 6a e9 ....,...(... Sj. ssl_msg.c 3965 0010: ce 2a e4 fa 6e 56 44 c3 6d d2 f0 e8 76 83 a2 a3 .*..nVD.m...v... ssl_msg.c 3965 0020: c4 b7 90 5b f4 da f8 13 dd 93 4f f0 4e 06 01 01 ...[......O.N... ssl_msg.c 3965 0030: 00 51 3b 75 f1 c2 d9 65 c2 e4 1d c6 8b 32 45 63 .Q;u...e.....2Ec ssl_msg.c 3965 0040: 36 d9 5b 0e 11 fb 17 46 25 d3 2d 1d 26 fe 4c d9 6.[....F%.-.&.L. ssl_msg.c 3965 0050: 32 69 14 b0 4a 6e ff 40 08 30 0f 15 06 87 a5 98 2i..Jn.@.0...... ssl_msg.c 3965 0060: aa 12 19 e9 2b c4 31 dc 67 4d 93 d7 0f 1c b7 4f ....+.1.gM.....O ssl_msg.c 3965 0070: 69 e6 67 3a d3 ca 65 81 6f 56 82 aa 2b 97 18 7b i.g:..e.oV..+..{ ssl_msg.c 3965 0080: 14 f8 0f 4d eb c5 ab d4 79 52 6d db c3 62 de da ...M....yRm..b.. ssl_msg.c 3965 0090: f9 24 66 3c 70 1a 51 f1 7c 03 de 53 8e d4 52 8c .$f<p.Q.|..S..R. ssl_msg.c 3965 00a0: 45 b0 2e 96 05 3d 09 0e 93 16 bc 94 61 f6 bd 7e E....=......a..~ ssl_msg.c 3965 00b0: 7b 54 bc 33 2e 54 cc 12 cb 69 cb 77 38 39 1d 39 {T.3.T...i.w89.9 ssl_msg.c 3965 00c0: 0f 70 cf 18 5b c0 f5 6d 98 ef 8a 1c 76 15 8c 99 .p..[..m....v... ssl_msg.c 3965 00d0: 41 f7 43 40 41 31 1b e9 5f c0 dc b9 71 f7 16 3c A.C@A1.._...q..< ssl_msg.c 3965 00e0: 4b ac d6 8b 52 4f 52 af e3 b5 a7 73 7d 94 51 f9 K...ROR....s}.Q. ssl_msg.c 3965 00f0: 40 1f 4a f6 8a 95 7b 1b 16 51 bc 31 fd 08 1c cf @.J...{..Q.1.... ssl_msg.c 3965 0100: 18 32 73 c2 e2 62 15 d9 dd 81 c4 2e 7b 96 64 f2 .2s..b......{.d. ssl_msg.c 3965 0110: cb a0 9e c2 f9 32 bb ff 59 ea 6e 8b f7 87 81 2e .....2..Y.n..... ssl_msg.c 3965 0120: f3 02 e0 d3 3d a0 49 10 28 df 42 8a de 8f 19 5c ....=.I.(.B....\ ssl_msg.c 3965 0130: 3e > ssl_msg.c 3234 handshake message: msglen = 300, type = 12, hslen = 300 ssl_msg.c 4261 <= read record ssl_tls12_client.c 2174 dumping 'server key exchange' (296 bytes) ssl_tls12_client.c 2174 0000: 03 00 1d 20 53 6a e9 ce 2a e4 fa 6e 56 44 c3 6d ... Sj..*..nVD.m ssl_tls12_client.c 2174 0010: d2 f0 e8 76 83 a2 a3 c4 b7 90 5b f4 da f8 13 dd ...v......[..... ssl_tls12_client.c 2174 0020: 93 4f f0 4e 06 01 01 00 51 3b 75 f1 c2 d9 65 c2 .O.N....Q;u...e. ssl_tls12_client.c 2174 0030: e4 1d c6 8b 32 45 63 36 d9 5b 0e 11 fb 17 46 25 ....2Ec6.[....F% ssl_tls12_client.c 2174 0040: d3 2d 1d 26 fe 4c d9 32 69 14 b0 4a 6e ff 40 08 .-.&.L.2i..Jn.@. ssl_tls12_client.c 2174 0050: 30 0f 15 06 87 a5 98 aa 12 19 e9 2b c4 31 dc 67 0..........+.1.g ssl_tls12_client.c 2174 0060: 4d 93 d7 0f 1c b7 4f 69 e6 67 3a d3 ca 65 81 6f M.....Oi.g:..e.o ssl_tls12_client.c 2174 0070: 56 82 aa 2b 97 18 7b 14 f8 0f 4d eb c5 ab d4 79 V..+..{...M....y ssl_tls12_client.c 2174 0080: 52 6d db c3 62 de da f9 24 66 3c 70 1a 51 f1 7c Rm..b...$f<p.Q.| ssl_tls12_client.c 2174 0090: 03 de 53 8e d4 52 8c 45 b0 2e 96 05 3d 09 0e 93 ..S..R.E....=... ssl_tls12_client.c 2174 00a0: 16 bc 94 61 f6 bd 7e 7b 54 bc 33 2e 54 cc 12 cb ...a..~{T.3.T... ssl_tls12_client.c 2174 00b0: 69 cb 77 38 39 1d 39 0f 70 cf 18 5b c0 f5 6d 98 i.w89.9.p..[..m. ssl_tls12_client.c 2174 00c0: ef 8a 1c 76 15 8c 99 41 f7 43 40 41 31 1b e9 5f ...v...A.C@A1.._ ssl_tls12_client.c 2174 00d0: c0 dc b9 71 f7 16 3c 4b ac d6 8b 52 4f 52 af e3 ...q..<K...ROR.. ssl_tls12_client.c 2174 00e0: b5 a7 73 7d 94 51 f9 40 1f 4a f6 8a 95 7b 1b 16 ..s}.Q.@.J...{.. ssl_tls12_client.c 2174 00f0: 51 bc 31 fd 08 1c cf 18 32 73 c2 e2 62 15 d9 dd Q.1.....2s..b... ssl_tls12_client.c 2174 0100: 81 c4 2e 7b 96 64 f2 cb a0 9e c2 f9 32 bb ff 59 ...{.d......2..Y ssl_tls12_client.c 2174 0110: ea 6e 8b f7 87 81 2e f3 02 e0 d3 3d a0 49 10 28 .n.........=.I.( ssl_tls12_client.c 2174 0120: df 42 8a de 8f 19 5c 3e .B....\> ssl_tls12_client.c 1804 ECDH curve: x25519 ssl_tls12_client.c 1811 value of 'ECDH: Qp(X)' (255 bits) is: ssl_tls12_client.c 1811 4e f0 4f 93 dd 13 f8 da f4 5b 90 b7 c4 a3 a2 83 ssl_tls12_client.c 1811 76 e8 f0 d2 6d c3 44 56 6e fa e4 2a ce e9 6a 53 ssl_tls12_client.c 1811 value of 'ECDH: Qp(Y)' (0 bits) is: ssl_tls12_client.c 1811 00 ssl_tls12_client.c 2369 dumping 'signature' (256 bytes) ssl_tls12_client.c 2369 0000: 51 3b 75 f1 c2 d9 65 c2 e4 1d c6 8b 32 45 63 36 Q;u...e.....2Ec6 ssl_tls12_client.c 2369 0010: d9 5b 0e 11 fb 17 46 25 d3 2d 1d 26 fe 4c d9 32 .[....F%.-.&.L.2 ssl_tls12_client.c 2369 0020: 69 14 b0 4a 6e ff 40 08 30 0f 15 06 87 a5 98 aa i..Jn.@.0....... ssl_tls12_client.c 2369 0030: 12 19 e9 2b c4 31 dc 67 4d 93 d7 0f 1c b7 4f 69 ...+.1.gM.....Oi ssl_tls12_client.c 2369 0040: e6 67 3a d3 ca 65 81 6f 56 82 aa 2b 97 18 7b 14 .g:..e.oV..+..{. ssl_tls12_client.c 2369 0050: f8 0f 4d eb c5 ab d4 79 52 6d db c3 62 de da f9 ..M....yRm..b... ssl_tls12_client.c 2369 0060: 24 66 3c 70 1a 51 f1 7c 03 de 53 8e d4 52 8c 45 $f<p.Q.|..S..R.E ssl_tls12_client.c 2369 0070: b0 2e 96 05 3d 09 0e 93 16 bc 94 61 f6 bd 7e 7b ....=......a..~{ ssl_tls12_client.c 2369 0080: 54 bc 33 2e 54 cc 12 cb 69 cb 77 38 39 1d 39 0f T.3.T...i.w89.9. ssl_tls12_client.c 2369 0090: 70 cf 18 5b c0 f5 6d 98 ef 8a 1c 76 15 8c 99 41 p..[..m....v...A ssl_tls12_client.c 2369 00a0: f7 43 40 41 31 1b e9 5f c0 dc b9 71 f7 16 3c 4b .C@A1.._...q..<K ssl_tls12_client.c 2369 00b0: ac d6 8b 52 4f 52 af e3 b5 a7 73 7d 94 51 f9 40 ...ROR....s}.Q.@ ssl_tls12_client.c 2369 00c0: 1f 4a f6 8a 95 7b 1b 16 51 bc 31 fd 08 1c cf 18 .J...{..Q.1..... ssl_tls12_client.c 2369 00d0: 32 73 c2 e2 62 15 d9 dd 81 c4 2e 7b 96 64 f2 cb 2s..b......{.d.. ssl_tls12_client.c 2369 00e0: a0 9e c2 f9 32 bb ff 59 ea 6e 8b f7 87 81 2e f3 ....2..Y.n...... ssl_tls12_client.c 2369 00f0: 02 e0 d3 3d a0 49 10 28 df 42 8a de 8f 19 5c 3e ...=.I.(.B....\> ssl_tls.c 9411 Perform mbedtls-based computation of digest of ServerKeyExchange ssl_tls12_client.c 2386 dumping 'parameters hash' (64 bytes) ssl_tls12_client.c 2386 0000: a6 c8 2d 2a ab 3c d1 9d 86 bb 5a 08 3c 57 0c 1d ..-*.<....Z.<W.. ssl_tls12_client.c 2386 0010: 67 37 f6 ac b3 df b2 ce e2 db e7 4c 4b 36 8c 96 g7.........LK6.. ssl_tls12_client.c 2386 0020: 98 11 99 d3 6a 3f 63 c0 38 23 ba 56 86 55 ff a8 ....j?c.8#.V.U.. ssl_tls12_client.c 2386 0030: 45 2e 3a 7b 7a b7 73 e8 c8 c2 8f d7 0e 7f 35 e0 E.:{z.s.......5. ssl_tls12_client.c 2457 <= parse server key exchange ssl_msg.c 2353 => flush output ssl_msg.c 2362 <= flush output ssl_tls.c 4529 client state: MBEDTLS_SSL_CERTIFICATE_REQUEST ssl_tls12_client.c 2496 => parse certificate request ssl_msg.c 4189 => read record ssl_msg.c 2155 => fetch input ssl_msg.c 2297 in_left: 0, nb_want: 5 ssl_msg.c 2317 in_left: 0, nb_want: 5 ssl_msg.c 2318 ssl->f_recv(_timeout)() returned 5 (-0xfffffffb) ssl_msg.c 2340 <= fetch input ssl_msg.c 3855 dumping 'input record header' (5 bytes) ssl_msg.c 3855 0000: 16 03 03 00 8b ..... ssl_msg.c 3859 input record: msgtype = 22, version = [0x303], msglen = 139 ssl_msg.c 2155 => fetch input ssl_msg.c 2297 in_left: 5, nb_want: 144 ssl_msg.c 2317 in_left: 5, nb_want: 144 ssl_msg.c 2318 ssl->f_recv(_timeout)() returned 139 (-0xffffff75) ssl_msg.c 2340 <= fetch input ssl_msg.c 3965 dumping 'input record from network' (144 bytes) ssl_msg.c 3965 0000: 16 03 03 00 8b 0d 00 00 87 03 01 02 40 00 28 04 ............@.(. ssl_msg.c 3965 0010: 03 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 ................ ssl_msg.c 3965 0020: 04 08 05 08 06 04 01 05 01 06 01 03 03 03 01 03 ................ ssl_msg.c 3965 0030: 02 04 02 05 02 06 02 00 57 00 55 30 53 31 0b 30 ........W.U0S1.0 ssl_msg.c 3965 0040: 09 06 03 55 04 06 13 02 55 53 31 0b 30 09 06 03 ...U....US1.0... ssl_msg.c 3965 0050: 55 04 08 0c 02 43 41 31 12 30 10 06 03 55 04 07 U....CA1.0...U.. ssl_msg.c 3965 0060: 0c 09 53 6f 6d 65 77 68 65 72 65 31 10 30 0e 06 ..Somewhere1.0.. ssl_msg.c 3965 0070: 03 55 04 0a 0c 07 53 6f 6d 65 6f 6e 65 31 11 30 .U....Someone1.0 ssl_msg.c 3965 0080: 0f 06 03 55 04 03 0c 08 46 6f 6f 62 61 72 43 41 ...U....FoobarCA ssl_msg.c 3234 handshake message: msglen = 139, type = 13, hslen = 139 ssl_msg.c 4261 <= read record ssl_tls12_client.c 2523 got a certificate request ssl_tls12_client.c 2613 Supported Signature Algorithm found: 04 03 ssl_tls12_client.c 2613 Supported Signature Algorithm found: 05 03 ssl_tls12_client.c 2613 Supported Signature Algorithm found: 06 03 ssl_tls12_client.c 2613 Supported Signature Algorithm found: 08 07 ssl_tls12_client.c 2613 Supported Signature Algorithm found: 08 08 ssl_tls12_client.c 2613 Supported Signature Algorithm found: 08 09 ssl_tls12_client.c 2613 Supported Signature Algorithm found: 08 0a ssl_tls12_client.c 2613 Supported Signature Algorithm found: 08 0b ssl_tls12_client.c 2613 Supported Signature Algorithm found: 08 04 ssl_tls12_client.c 2613 Supported Signature Algorithm found: 08 05 ssl_tls12_client.c 2613 Supported Signature Algorithm found: 08 06 ssl_tls12_client.c 2613 Supported Signature Algorithm found: 04 01 ssl_tls12_client.c 2613 Supported Signature Algorithm found: 05 01 ssl_tls12_client.c 2613 Supported Signature Algorithm found: 06 01 ssl_tls12_client.c 2613 Supported Signature Algorithm found: 03 03 ssl_tls12_client.c 2613 Supported Signature Algorithm found: 03 01 ssl_tls12_client.c 2613 Supported Signature Algorithm found: 03 02 ssl_tls12_client.c 2613 Supported Signature Algorithm found: 04 02 ssl_tls12_client.c 2613 Supported Signature Algorithm found: 05 02 ssl_tls12_client.c 2613 Supported Signature Algorithm found: 06 02 ssl_tls12_client.c 2652 DN hint: C=US, ST=CA, L=Somewhere, O=Someone, CN=FoobarCA ssl_tls12_client.c 2658 <= parse certificate request ssl_msg.c 2353 => flush output ssl_msg.c 2362 <= flush output ssl_tls.c 4529 client state: MBEDTLS_SSL_SERVER_HELLO_DONE ssl_tls12_client.c 2669 => parse server hello done ssl_msg.c 4189 => read record ssl_msg.c 2155 => fetch input ssl_msg.c 2297 in_left: 0, nb_want: 5 ssl_msg.c 2317 in_left: 0, nb_want: 5 ssl_msg.c 2318 ssl->f_recv(_timeout)() returned 5 (-0xfffffffb) ssl_msg.c 2340 <= fetch input ssl_msg.c 3855 dumping 'input record header' (5 bytes) ssl_msg.c 3855 0000: 16 03 03 00 04 ..... ssl_msg.c 3859 input record: msgtype = 22, version = [0x303], msglen = 4 ssl_msg.c 2155 => fetch input ssl_msg.c 2297 in_left: 5, nb_want: 9 ssl_msg.c 2317 in_left: 5, nb_want: 9 ssl_msg.c 2318 ssl->f_recv(_timeout)() returned 4 (-0xfffffffc) ssl_msg.c 2340 <= fetch input ssl_msg.c 3965 dumping 'input record from network' (9 bytes) ssl_msg.c 3965 0000: 16 03 03 00 04 0e 00 00 00 ......... ssl_msg.c 3234 handshake message: msglen = 4, type = 14, hslen = 4 ssl_msg.c 4261 <= read record ssl_tls12_client.c 2697 <= parse server hello done ssl_msg.c 2353 => flush output ssl_msg.c 2362 <= flush output ssl_tls.c 4529 client state: MBEDTLS_SSL_CLIENT_CERTIFICATE ssl_tls.c 7610 => write certificate ssl_tls.c 7637 own certificate #1: ssl_tls.c 7637 cert. version : 1 ssl_tls.c 7637 serial number : 6D:4F:99:2E:33:C5:10:1E:EA:27:57:74:8F:CF:4D:01:60:54:51:77 ssl_tls.c 7637 issuer name : C=US, ST=CA, L=Somewhere, O=Someone, CN=FoobarCA ssl_tls.c 7637 subject name : C=US, ST=CA, L=Somewhere, O=Someone, CN=Foobar ssl_tls.c 7637 issued on : 2024-04-03 09:36:01 ssl_tls.c 7637 expires on : 2025-04-03 09:36:01 ssl_tls.c 7637 signed using : RSA with SHA-256 ssl_tls.c 7637 RSA key size : 2048 bits ssl_tls.c 7637 value of 'crt->rsa.N' (2048 bits) is: ssl_tls.c 7637 a8 58 0d 38 1a 61 12 1b 16 45 c5 b8 63 6e a8 91 ssl_tls.c 7637 e4 78 c4 48 e6 cc f9 04 09 33 b4 8e d3 2d e8 6d ssl_tls.c 7637 fe 93 d1 c6 d5 82 fe 9f 15 de d1 06 8f ac df 76 ssl_tls.c 7637 ef 7f 4d 8c fe 00 ed 5c fa 5e 74 84 06 c8 2d d1 ssl_tls.c 7637 d7 57 6c 9f 56 3e 5e 09 b0 4c 2d 43 0d b6 ef 26 ssl_tls.c 7637 c9 6f 6b 28 1b 74 bb 4a e8 e9 66 8c de 8f b7 fe ssl_tls.c 7637 6c cc dd 8d ea e7 77 39 9d b5 24 42 5e 4a d7 d1 ssl_tls.c 7637 4a fd f4 81 0f 98 ed 8b 37 d9 3d 5b a8 b4 5b 66 ssl_tls.c 7637 57 2c 01 c0 5c 9c 94 cd 9c 9c 23 58 77 99 7e e5 ssl_tls.c 7637 81 87 51 2c 06 ce 8b 43 bb 2f af 7a ae 49 2a 02 ssl_tls.c 7637 6a 1f dd bb 84 1f 49 bb b3 17 37 46 73 b1 33 b0 ssl_tls.c 7637 73 22 58 26 1b 97 14 9f a6 f4 1a 18 86 51 df a6 ssl_tls.c 7637 df 5a e0 78 6b 48 58 20 d7 ae 8b 6b d5 4d e4 c8 ssl_tls.c 7637 96 73 dc 03 8e 5f 99 52 10 a2 9b a2 22 79 10 e3 ssl_tls.c 7637 38 93 33 b5 46 5a f8 3d 61 9e d5 31 ae 8a 34 d3 ssl_tls.c 7637 0c 64 39 42 ab a9 44 8b bf f6 b9 fb 92 92 14 df ssl_tls.c 7637 value of 'crt->rsa.E' (17 bits) is: ssl_tls.c 7637 01 00 01 ssl_msg.c 2783 => write handshake message ssl_msg.c 2943 => write record ssl_msg.c 3030 output record: msgtype = 22, version = [3:3], msglen = 825 ssl_msg.c 3033 dumping 'output record sent to network' (830 bytes) ssl_msg.c 3033 0000: 16 03 03 03 39 0b 00 03 35 00 03 32 00 03 2f 30 ....9...5..2../0 ssl_msg.c 3033 0010: 82 03 2b 30 82 02 13 02 14 6d 4f 99 2e 33 c5 10 ..+0.....mO..3.. ssl_msg.c 3033 0020: 1e ea 27 57 74 8f cf 4d 01 60 54 51 77 30 0d 06 ..'Wt..M.`TQw0.. ssl_msg.c 3033 0030: 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 53 31 0b .*.H........0S1. ssl_msg.c 3033 0040: 30 09 06 03 55 04 06 13 02 55 53 31 0b 30 09 06 0...U....US1.0.. ssl_msg.c 3033 0050: 03 55 04 08 0c 02 43 41 31 12 30 10 06 03 55 04 .U....CA1.0...U. ssl_msg.c 3033 0060: 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 10 30 0e ...Somewhere1.0. ssl_msg.c 3033 0070: 06 03 55 04 0a 0c 07 53 6f 6d 65 6f 6e 65 31 11 ..U....Someone1. ssl_msg.c 3033 0080: 30 0f 06 03 55 04 03 0c 08 46 6f 6f 62 61 72 43 0...U....FoobarC ssl_msg.c 3033 0090: 41 30 1e 17 0d 32 34 30 34 30 33 30 39 33 36 30 A0...24040309360 ssl_msg.c 3033 00a0: 31 5a 17 0d 32 35 30 34 30 33 30 39 33 36 30 31 1Z..250403093601 ssl_msg.c 3033 00b0: 5a 30 51 31 0b 30 09 06 03 55 04 06 13 02 55 53 Z0Q1.0...U....US ssl_msg.c 3033 00c0: 31 0b 30 09 06 03 55 04 08 0c 02 43 41 31 12 30 1.0...U....CA1.0 ssl_msg.c 3033 00d0: 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 ...U....Somewher ssl_msg.c 3033 00e0: 65 31 10 30 0e 06 03 55 04 0a 0c 07 53 6f 6d 65 e1.0...U....Some ssl_msg.c 3033 00f0: 6f 6e 65 31 0f 30 0d 06 03 55 04 03 0c 06 46 6f one1.0...U....Fo ssl_msg.c 3033 0100: 6f 62 61 72 30 82 01 22 30 0d 06 09 2a 86 48 86 obar0.."0...*.H. ssl_msg.c 3033 0110: f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a ............0... ssl_msg.c 3033 0120: 02 82 01 01 00 a8 58 0d 38 1a 61 12 1b 16 45 c5 ......X.8.a...E. ssl_msg.c 3033 0130: b8 63 6e a8 91 e4 78 c4 48 e6 cc f9 04 09 33 b4 .cn...x.H.....3. ssl_msg.c 3033 0140: 8e d3 2d e8 6d fe 93 d1 c6 d5 82 fe 9f 15 de d1 ..-.m........... ssl_msg.c 3033 0150: 06 8f ac df 76 ef 7f 4d 8c fe 00 ed 5c fa 5e 74 ....v..M....\.^t ssl_msg.c 3033 0160: 84 06 c8 2d d1 d7 57 6c 9f 56 3e 5e 09 b0 4c 2d ...-..Wl.V>^..L- ssl_msg.c 3033 0170: 43 0d b6 ef 26 c9 6f 6b 28 1b 74 bb 4a e8 e9 66 C...&.ok(.t.J..f ssl_msg.c 3033 0180: 8c de 8f b7 fe 6c cc dd 8d ea e7 77 39 9d b5 24 .....l.....w9..$ ssl_msg.c 3033 0190: 42 5e 4a d7 d1 4a fd f4 81 0f 98 ed 8b 37 d9 3d B^J..J.......7.= ssl_msg.c 3033 01a0: 5b a8 b4 5b 66 57 2c 01 c0 5c 9c 94 cd 9c 9c 23 [..[fW,..\.....# ssl_msg.c 3033 01b0: 58 77 99 7e e5 81 87 51 2c 06 ce 8b 43 bb 2f af Xw.~...Q,...C./. ssl_msg.c 3033 01c0: 7a ae 49 2a 02 6a 1f dd bb 84 1f 49 bb b3 17 37 z.I*.j.....I...7 ssl_msg.c 3033 01d0: 46 73 b1 33 b0 73 22 58 26 1b 97 14 9f a6 f4 1a Fs.3.s"X&....... ssl_msg.c 3033 01e0: 18 86 51 df a6 df 5a e0 78 6b 48 58 20 d7 ae 8b ..Q...Z.xkHX ... ssl_msg.c 3033 01f0: 6b d5 4d e4 c8 96 73 dc 03 8e 5f 99 52 10 a2 9b k.M...s..._.R... ssl_msg.c 3033 0200: a2 22 79 10 e3 38 93 33 b5 46 5a f8 3d 61 9e d5 ."y..8.3.FZ.=a.. ssl_msg.c 3033 0210: 31 ae 8a 34 d3 0c 64 39 42 ab a9 44 8b bf f6 b9 1..4..d9B..D.... ssl_msg.c 3033 0220: fb 92 92 14 df 02 03 01 00 01 30 0d 06 09 2a 86 ..........0...*. ssl_msg.c 3033 0230: 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 1f db H............... ssl_msg.c 3033 0240: c6 fe 9b 7b 85 92 a4 31 2d 4b e9 bb 7e f9 76 84 ...{...1-K..~.v. ssl_msg.c 3033 0250: 36 4e 86 d2 f1 15 c3 fb cd 1b 0e f9 0f b0 1b 8d 6N.............. ssl_msg.c 3033 0260: 53 4c ba fc 56 a7 23 ef cb 5f bc fe 09 a3 b6 c2 SL..V.#.._...... ssl_msg.c 3033 0270: 0e 36 9b aa 03 48 2b 8b fd df 77 3d ee d2 8c f8 .6...H+...w=.... ssl_msg.c 3033 0280: 8f 0e da 8c 81 47 64 6f 8b 3b 2a e2 50 00 6d a0 .....Gdo.;*.P.m. ssl_msg.c 3033 0290: 4a 9c 36 a6 37 c1 34 c6 84 cf ea 14 d1 5b cb 3c J.6.7.4......[.< ssl_msg.c 3033 02a0: df 01 1e 8c ea 21 2f 73 4d b8 e5 7c 88 bd 47 5e .....!/sM..|..G^ ssl_msg.c 3033 02b0: 46 cd 80 20 09 ca 4d f6 13 0c 20 73 44 a8 3f 00 F.. ..M... sD.?. ssl_msg.c 3033 02c0: 7d 5c 0a fb 40 38 d3 7f 3b 29 b5 28 2b 97 39 16 }\..@8..;).(+.9. ssl_msg.c 3033 02d0: 29 06 15 8a 3d 36 b0 2e 7d f3 06 0a 3c 3a 85 e3 )...=6..}...<:.. ssl_msg.c 3033 02e0: 31 06 a5 fc 62 37 8a 8c 12 c8 a1 f3 5f 02 8f 1e 1...b7......_... ssl_msg.c 3033 02f0: 0b 81 de c3 4c 2d bd b7 66 12 e4 d9 3b 29 f2 c1 ....L-..f...;).. ssl_msg.c 3033 0300: 72 c5 2e 45 a0 bb b7 ee 5b d6 0b 7c fe ea b3 a5 r..E....[..|.... ssl_msg.c 3033 0310: 6e e2 53 8b 7d 68 f7 ae 3f a5 fe f5 66 e4 a1 9f n.S.}h..?...f... ssl_msg.c 3033 0320: 2b e3 d0 a2 00 f0 59 83 1a 32 59 eb 86 e6 e5 d1 +.....Y..2Y..... ssl_msg.c 3033 0330: c1 8e 5b 01 bd 50 d4 20 96 5e fb b4 05 6d ..[..P. .^...m ssl_msg.c 2353 => flush output ssl_msg.c 2369 message length: 830, out_left: 830 ssl_msg.c 2374 ssl->f_send() returned 830 (-0xfffffcc2) ssl_msg.c 2401 <= flush output ssl_msg.c 3080 <= write record ssl_msg.c 2904 <= write handshake message ssl_tls.c 7683 <= write certificate ssl_msg.c 2353 => flush output ssl_msg.c 2362 <= flush output ssl_tls.c 4529 client state: MBEDTLS_SSL_CLIENT_KEY_EXCHANGE ssl_tls12_client.c 2712 => write client key exchange ssl_tls12_client.c 2859 value of 'ECDH: Q(X)' (252 bits) is: ssl_tls12_client.c 2859 0c f5 09 54 e3 9c 8a cd 75 94 c7 a0 8a 63 c8 f2 ssl_tls12_client.c 2859 86 c4 94 9c ad e3 2d d6 0b 22 f7 16 81 6a 8c a9 ssl_tls12_client.c 2859 value of 'ECDH: Q(Y)' (0 bits) is: ssl_tls12_client.c 2859 00 ssl_tls12_client.c 2887 value of 'ECDH: z' (254 bits) is: ssl_tls12_client.c 2887 3e 62 49 d8 e2 26 45 1b a0 3d a5 06 fb d4 df f6 ssl_tls12_client.c 2887 5c ee 6d 6a d0 5c b0 0e b6 b4 3e 10 78 01 72 50 ssl_msg.c 2783 => write handshake message ssl_msg.c 2943 => write record ssl_msg.c 3030 output record: msgtype = 22, version = [3:3], msglen = 37 ssl_msg.c 3033 dumping 'output record sent to network' (42 bytes) ssl_msg.c 3033 0000: 16 03 03 00 25 10 00 00 21 20 a9 8c 6a 81 16 f7 ....%...! ..j... ssl_msg.c 3033 0010: 22 0b d6 2d e3 ad 9c 94 c4 86 f2 c8 63 8a a0 c7 "..-........c... ssl_msg.c 3033 0020: 94 75 cd 8a 9c e3 54 09 f5 0c .u....T... ssl_msg.c 2353 => flush output ssl_msg.c 2369 message length: 42, out_left: 42 ssl_msg.c 2374 ssl->f_send() returned 42 (-0xffffffd6) ssl_msg.c 2401 <= flush output ssl_msg.c 3080 <= write record ssl_msg.c 2904 <= write handshake message ssl_tls12_client.c 3207 <= write client key exchange ssl_msg.c 2353 => flush output ssl_msg.c 2362 <= flush output ssl_tls.c 4529 client state: MBEDTLS_SSL_CERTIFICATE_VERIFY ssl_tls12_client.c 3255 => write certificate verify ssl_tls.c 7224 => derive keys ssl_tls.c 7348 => calc verify ssl_tls.c 7366 dumping 'calculated verify result' (32 bytes) ssl_tls.c 7366 0000: e4 75 2d 0a c7 33 ac 38 91 8d e5 1a a2 e3 e3 b7 .u-..3.8........ ssl_tls.c 7366 0010: 65 77 be 74 9e fd df e6 ae e7 43 a1 1f 8d 5c d0 ew.t......C...\. ssl_tls.c 7367 <= calc verify ssl_tls.c 7079 dumping 'session hash for extended master secret' (32 bytes) ssl_tls.c 7079 0000: e4 75 2d 0a c7 33 ac 38 91 8d e5 1a a2 e3 e3 b7 .u-..3.8........ ssl_tls.c 7079 0010: 65 77 be 74 9e fd df e6 ae e7 43 a1 1f 8d 5c d0 ew.t......C...\. ssl_tls.c 7209 dumping 'premaster secret' (32 bytes) ssl_tls.c 7209 0000: 50 72 01 78 10 3e b4 b6 0e b0 5c d0 6a 6d ee 5c Pr.x.>....\.jm.\ ssl_tls.c 7209 0010: f6 df d4 fb 06 a5 3d a0 1b 45 26 e2 d8 49 62 3e ......=..E&..Ib> ssl_tls.c 8949 ciphersuite = TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 ssl_tls.c 8950 dumping 'master secret' (48 bytes) ssl_tls.c 8950 0000: 0e c2 39 6f e0 c1 50 42 3c 6b 7f 2f 72 e2 3d c9 ..9o..PB<k./r.=. ssl_tls.c 8950 0010: ed df c9 0d 5b c2 96 aa cb 47 e5 df 3e c5 e9 ca ....[....G..>... ssl_tls.c 8950 0020: cd c0 97 c9 bd 58 9c bf 90 cc 6c 3c b8 c6 34 50 .....X....l<..4P ssl_tls.c 8951 dumping 'random bytes' (64 bytes) ssl_tls.c 8951 0000: c9 25 99 9a 84 14 6a d9 ff 29 d1 12 43 d7 aa 0e .%....j..)..C... ssl_tls.c 8951 0010: ca 40 f1 18 d0 0e 19 85 97 d5 26 ab 7b 6c 3f e4 .@........&.{l?. ssl_tls.c 8951 0020: 66 31 86 57 a5 48 94 b1 96 f5 c3 5a 51 0f bd 24 f1.W.H.....ZQ..$ ssl_tls.c 8951 0030: 29 f9 8c cc 59 61 ea e7 2b 4f 28 d7 13 e1 98 78 )...Ya..+O(....x ssl_tls.c 8952 dumping 'key block' (256 bytes) ssl_tls.c 8952 0000: 60 ae a8 06 fd ac 00 65 f9 47 d9 c3 13 a1 87 8d `......e.G...... ssl_tls.c 8952 0010: 7e 45 bc 0b ac 57 f3 de 29 be fb b4 3e f3 ec 89 ~E...W..)...>... ssl_tls.c 8952 0020: 81 9a 32 ec 41 58 ea ae 18 9e 8b 56 71 e2 38 9a ..2.AX.....Vq.8. ssl_tls.c 8952 0030: d6 5d 60 7a 5c 98 48 bc 6a 06 06 a0 b4 9d 70 1e .]`z\.H.j.....p. ssl_tls.c 8952 0040: 16 9d a5 b1 03 85 cc d8 c7 4d 4a f3 61 6c 09 20 .........MJ.al. ssl_tls.c 8952 0050: a8 46 d2 f9 70 de 80 7a 98 f2 11 83 77 e9 fe ef .F..p..z....w... ssl_tls.c 8952 0060: c3 37 1a 5b 32 a0 6d 65 7c 89 4f c9 39 f4 6d 52 .7.[2.me|.O.9.mR ssl_tls.c 8952 0070: 54 6b e0 a7 ea 6a 89 aa b1 66 fa e8 2c 77 96 21 Tk...j...f..,w.! ssl_tls.c 8952 0080: ba b2 ec 2c 52 60 07 e3 1a 72 3b a5 a6 a5 ee b4 ...,R`...r;..... ssl_tls.c 8952 0090: 4c e5 fc 59 14 a8 08 a0 9a d3 5b 4e 97 f2 30 f1 L..Y......[N..0. ssl_tls.c 8952 00a0: ba c9 71 c0 5a 9f 15 81 08 56 b2 f4 e1 ae 46 f0 ..q.Z....V....F. ssl_tls.c 8952 00b0: cc 14 62 d4 f5 1c c2 45 00 44 30 e6 62 9a 93 c6 ..b....E.D0.b... ssl_tls.c 8952 00c0: ce 83 84 84 a9 7e e5 05 ce 8c 21 e2 01 4e 33 bb .....~....!..N3. ssl_tls.c 8952 00d0: 61 3a 0d 81 ba d5 16 97 b9 69 79 31 94 d6 23 f5 a:.......iy1..#. ssl_tls.c 8952 00e0: 71 de 2e 32 7a c8 2e c5 26 fb b3 09 13 7b 99 fd q..2z...&....{.. ssl_tls.c 8952 00f0: 4b 5b fb 25 07 39 83 77 a5 7e 11 ef 6a 13 b0 e5 K[.%.9.w.~..j... ssl_tls.c 9074 keylen: 32, minlen: 16, ivlen: 12, maclen: 0 ssl_tls.c 7275 <= derive keys ssl_tls.c 7348 => calc verify ssl_tls.c 7366 dumping 'calculated verify result' (32 bytes) ssl_tls.c 7366 0000: e4 75 2d 0a c7 33 ac 38 91 8d e5 1a a2 e3 e3 b7 .u-..3.8........ ssl_tls.c 7366 0010: 65 77 be 74 9e fd df e6 ae e7 43 a1 1f 8d 5c d0 ew.t......C...\. ssl_tls.c 7367 <= calc verify ssl_msg.c 2783 => write handshake message ssl_msg.c 2943 => write record ssl_msg.c 3030 output record: msgtype = 22, version = [3:3], msglen = 264 ssl_msg.c 3033 dumping 'output record sent to network' (269 bytes) ssl_msg.c 3033 0000: 16 03 03 01 08 0f 00 01 04 04 01 01 00 90 58 ac ..............X. ssl_msg.c 3033 0010: 69 fe 5a f1 80 9e 24 4e c6 f0 f5 d3 84 82 14 7e i.Z...$N.......~ ssl_msg.c 3033 0020: 5c 62 6a 7a 23 88 6c 1f 6f 05 82 89 6c 6c 91 e5 \bjz#.l.o...ll.. ssl_msg.c 3033 0030: 3d ce 14 6c 93 6d f9 6e 78 2f 55 38 a0 99 43 f5 =..l.m.nx/U8..C. ssl_msg.c 3033 0040: 46 0e eb 29 89 13 fc 33 4d 9f 7c a3 19 65 f3 a7 F..)...3M.|..e.. ssl_msg.c 3033 0050: 22 48 bf 40 48 5e 3a 66 d5 0e d9 78 01 08 9a ea "H.@H^:f...x.... ssl_msg.c 3033 0060: 41 37 9f 73 45 b1 5f a1 d9 aa e7 1a c3 41 92 90 A7.sE._......A.. ssl_msg.c 3033 0070: fb ce 82 a4 3d d3 f8 e3 47 ad c5 8d 2c dd e5 d3 ....=...G...,... ssl_msg.c 3033 0080: ed 1b ec 13 fa f0 c7 8a c5 6e ad 9c 2a 92 f6 93 .........n..*... ssl_msg.c 3033 0090: 3f 13 4f 61 ad 2f 1d 4d 60 23 0b 4d 17 f7 02 e9 ?.Oa./.M`#.M.... ssl_msg.c 3033 00a0: 16 9a e5 d7 cf 7e 14 da cd 73 0e 75 6d 37 56 65 .....~...s.um7Ve ssl_msg.c 3033 00b0: 29 37 7c be ab b5 de 61 aa 7c 68 3c d1 84 d0 d6 )7|....a.|h<.... ssl_msg.c 3033 00c0: 27 19 4c 24 5b 83 02 17 55 48 e5 7a c0 a1 32 c0 '.L$[...UH.z..2. ssl_msg.c 3033 00d0: c6 3b db e8 50 c1 51 5b 60 2b f9 9f ab 15 22 3e .;..P.Q[`+...."> ssl_msg.c 3033 00e0: 47 0d be e7 14 a0 97 23 0d b3 8a 95 87 b0 b4 63 G......#.......c ssl_msg.c 3033 00f0: 9d 9a 1c 85 c6 0a d7 6e d8 28 3c b3 7c 11 75 27 .......n.(<.|.u' ssl_msg.c 3033 0100: 6b ab 97 7c 43 13 79 2e 13 61 9a 2e c4 k..|C.y..a... ssl_msg.c 2353 => flush output ssl_msg.c 2369 message length: 269, out_left: 269 ssl_msg.c 2374 ssl->f_send() returned 269 (-0xfffffef3) ssl_msg.c 2401 <= flush output ssl_msg.c 3080 <= write record ssl_msg.c 2904 <= write handshake message ssl_tls12_client.c 3367 <= write certificate verify ssl_msg.c 2353 => flush output ssl_msg.c 2362 <= flush output ssl_tls.c 4529 client state: MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC ssl_msg.c 5189 => write change cipher spec ssl_msg.c 2783 => write handshake message ssl_msg.c 2943 => write record ssl_msg.c 3030 output record: msgtype = 20, version = [3:3], msglen = 1 ssl_msg.c 3033 dumping 'output record sent to network' (6 bytes) ssl_msg.c 3033 0000: 14 03 03 00 01 01 ...... ssl_msg.c 2353 => flush output ssl_msg.c 2369 message length: 6, out_left: 6 ssl_msg.c 2374 ssl->f_send() returned 6 (-0xfffffffa) ssl_msg.c 2401 <= flush output ssl_msg.c 3080 <= write record ssl_msg.c 2904 <= write handshake message ssl_msg.c 5202 <= write change cipher spec ssl_msg.c 2353 => flush output ssl_msg.c 2362 <= flush output ssl_tls.c 4529 client state: MBEDTLS_SSL_CLIENT_FINISHED ssl_tls.c 8548 => write finished ssl_tls.c 8382 => calc finished tls ssl_tls.c 8399 dumping 'finished output' (32 bytes) ssl_tls.c 8399 0000: 86 94 2e 46 e8 0a 1a 3a 82 00 c8 b7 f5 22 12 a6 ...F...:.....".. ssl_tls.c 8399 0010: d2 6e 3e 82 28 dd 6e 19 38 ed c8 a6 2f 03 10 f7 .n>.(.n.8.../... ssl_tls.c 8409 dumping 'calc finished result' (12 bytes) ssl_tls.c 8409 0000: 1d 6b 0a 9c 0f f7 11 2e 38 f4 61 0c .k......8.a. ssl_tls.c 8413 <= calc finished ssl_tls.c 8597 switching to new transform spec for outbound data ssl_msg.c 2783 => write handshake message ssl_msg.c 2943 => write record ssl_msg.c 935 => encrypt buf ssl_msg.c 958 dumping 'before encrypt: output payload' (16 bytes) ssl_msg.c 958 0000: 14 00 00 0c 1d 6b 0a 9c 0f f7 11 2e 38 f4 61 0c .....k......8.a. ssl_msg.c 1183 dumping 'IV used (internal)' (12 bytes) ssl_msg.c 1183 0000: 16 9d a5 b1 03 85 cc d8 c7 4d 4a f3 .........MJ. ssl_msg.c 1186 dumping 'IV used (transmitted)' (0 bytes) ssl_msg.c 1188 dumping 'additional data used for AEAD' (13 bytes) ssl_msg.c 1188 0000: 00 00 00 00 00 00 00 00 16 03 03 00 10 ............. ssl_msg.c 1191 before encrypt: msglen = 16, including 0 bytes of padding ssl_msg.c 1225 dumping 'after encrypt: tag' (16 bytes) ssl_msg.c 1225 0000: 9f 23 b8 d7 cf f6 65 bf e3 75 da 74 a5 a6 8f d0 .#....e..u.t.... ssl_msg.c 1474 <= encrypt buf ssl_msg.c 3030 output record: msgtype = 22, version = [3:3], msglen = 32 ssl_msg.c 3033 dumping 'output record sent to network' (37 bytes) ssl_msg.c 3033 0000: 16 03 03 00 20 5d 68 b0 d2 b5 ac 0c 40 52 ed 95 .... ]h.....@R.. ssl_msg.c 3033 0010: 14 43 3e 6b 6d 9f 23 b8 d7 cf f6 65 bf e3 75 da .C>km.#....e..u. ssl_msg.c 3033 0020: 74 a5 a6 8f d0 t.... ssl_msg.c 2353 => flush output ssl_msg.c 2369 message length: 37, out_left: 37 ssl_msg.c 2374 ssl->f_send() returned 37 (-0xffffffdb) ssl_msg.c 2401 <= flush output ssl_msg.c 3080 <= write record ssl_msg.c 2904 <= write handshake message ssl_tls.c 8650 <= write finished ssl_msg.c 2353 => flush output ssl_msg.c 2362 <= flush output ssl_tls.c 4529 client state: MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC ssl_msg.c 5211 => parse change cipher spec ssl_msg.c 4189 => read record ssl_msg.c 2155 => fetch input ssl_msg.c 2297 in_left: 0, nb_want: 5 ssl_msg.c 2317 in_left: 0, nb_want: 5 ssl_msg.c 2318 ssl->f_recv(_timeout)() returned 0 (-0x0000) ssl_msg.c 4861 mbedtls_ssl_fetch_input() returned -29312 (-0x7280) ssl_msg.c 4220 ssl_get_next_record() returned -29312 (-0x7280) ssl_msg.c 5214 mbedtls_ssl_read_record() returned -29312 (-0x7280) ssl_tls.c 4635 <= handshake ssl_tls.c 1327 The SSL configuration is tls12 only. ssl_tls.c 1420 alloc(16701 bytes) failed ssl_tls.c 1327 The SSL configuration is tls12 only. ssl_tls.c 1420 alloc(16701 bytes) failed ssl_tls.c 1327 The SSL configuration is tls12 only. ssl_tls.c 1420 alloc(16701 bytes) failed ssl_tls.c 1327 The SSL configuration is tls12 only. ssl_tls.c 1420 alloc(16701 bytes) failed ssl_tls.c 1327 The SSL configuration is tls12 only. ssl_tls.c 1420 alloc(16701 bytes) failed ssl_tls.c 1327 The SSL configuration is tls12 only. ssl_tls.c 1420 alloc(16701 bytes) failed ssl_tls.c 1327 The SSL configuration is tls12 only. ssl_tls.c 1420 alloc(16701 bytes) failed ssl_tls.c 1327 The SSL configuration is tls12 only. ssl_tls.c 1420 alloc(16701 bytes) failed ssl_tls.c 1327 The SSL configuration is tls12 only. ssl_tls.c 1420 alloc(16701 bytes) failed ssl_tls.c 1327 The SSL configuration is tls12 only. ssl_tls.c 1420 alloc(16701 bytes) failed ssl_tls.c 1327 The SSL configuration is tls12 only. ssl_tls.c 1420 alloc(16701 bytes) failed ssl_tls.c 1327 The SSL configuration is tls12 only. ssl_tls.c 1420 alloc(16701 bytes) failed ssl_tls.c 1327 The SSL configuration is tls12 only. ssl_tls.c 1420 alloc(16701 bytes) failed ssl_tls.c 1327 The SSL configuration is tls12 only. ssl_tls.c 1420 alloc(16701 bytes) failed ssl_tls.c 1327 The SSL configuration is tls12 only. ssl_tls.c 1420 alloc(16701 bytes) failed ssl_tls.c 1327 The SSL configuration is tls12 only. ssl_tls.c 1420 alloc(16701 bytes) failed ssl_tls.c 1327 The SSL configuration is tls12 only. ssl_tls.c 1420 alloc(16701 bytes) failed ssl_tls.c 1327 The SSL configuration is tls12 only. ssl_tls.c 1420 alloc(16701 bytes) failed ssl_tls.c 1327 The SSL configuration is tls12 only. ssl_tls.c 1420 alloc(16701 bytes) failed ssl_tls.c 1327 The SSL configuration is tls12 only. ssl_tls.c 1420 alloc(16701 bytes) failed ssl_tls.c 1327 The SSL configuration is tls12 only. ssl_tls.c 1420 alloc(16701 bytes) failed ssl_tls.c 1327 The SSL configuration is tls12 only. ssl_tls.c 1420 alloc(16701 bytes) failed ssl_tls.c 1327 The SSL configuration is tls12 only. ssl_tls.c 1420 alloc(16701 bytes) failed ssl_tls.c 1327 The SSL configuration is tls12 only. ssl_tls.c 1420 alloc(16701 bytes) failed ssl_tls.c 1327 The SSL configuration is tls12 only. ssl_tls.c 1420 alloc(16701 bytes) failed ssl_tls.c 1327 The SSL configuration is tls12 only. ssl_tls.c 1420 alloc(16701 bytes) failed ssl_tls.c 1327 The SSL configuration is tls12 only. ssl_tls.c 1420 alloc(16701 bytes) failed ssl_tls.c 1327 The SSL configuration is tls12 only. ssl_tls.c 1420 alloc(16701 bytes) failed M1 -28928 ssl_tls.c 1327 The SSL configuration is tls12 only. ssl_tls.c 1420 alloc(16701 bytes) failed ssl_tls.c 1327 The SSL configuration is tls12 only. ssl_tls.c 1420 alloc(16701 bytes) failed ssl_tls.c 5539 => free ssl_tls.c 5601 <= free

1 year, 2 months

1
1
0 0

Reminder: TrustedFirmware Discord Channel

by Don Harbin

Hi All, This is going out to all the primary TF maillists. It's a gentle reminder that a TF Discord channel has been created for all chat communications in the TF ecosystem. All TF participants are encouraged to join. Instructions on how to join can be found here: https://www.trustedfirmware.org/faq/ <https://www.trustedfirmware.org/faq/> [image: Screenshot 2024-04-17 at 7.08.01 AM.png] Please let me know if you have any questions, Don Harbin TrustedFirmware Community Manager don.harbin(a)linaro.org

1 year, 2 months

1
0
0 0

TLS 1.3: two question about ticket session

by Michał Antoniak

Hello, I am trying to add TLS 1.3 support to a curl project (https://github.com/MAntoniak/curl). As a result, it has two questions. The first refers to the error code MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET. This suggests an error receiving a new session ticket. I couldn't find anything else in the documentation. However, in the ssl_cllient2.c example application (line 2638), this code is used as a message to the application about a new session ticket. This makes me unsure whether it would be correct to continue receiving application data normally. The second question relates to the receipt of tickets. The curl project does not store session tickets, so it uses the MBEDTLS_SSL_SESSION_TICKETS_DISABLED flag. If this is the case, why do we nevertheless receive a new ticket from the server? Thank you for your reply. Michał Antoniak

1 year, 3 months

1
0
0 0

Appending a cert to mbedtls_x509_crt

by Roman Janota

Hello, I have an implementation in OpenSSL and am trying to recreate it using MbedTLS. One of the differences in these two I have yet to overcome is the following: Is there a way to treat mbedtls_x509_crt simply as a certificate store? Say I have some PEM data, parse it into a temporary mbedtls_x509_crt and then I would like to append this certificate to said mbedtls_x509_crt certificate store. The following is stated in the docs of mbedtls_x509_crt: > struct mbedtls_x509_crt *next Next certificate in the linked list that constitutes the CA chain. NULL indicates the end of the list. Do not modify this field directly. Is there a way to achieve this if it's advised not to modify the field directly? Thank you in advance, Roman.

1 year, 3 months

4
4
0 0

mbedtls_ecp_gen_key vs mbedtls_ecdsa_genkey

by Tom Work

Hey All, I am trying to generate ECDSA public-private key pair for self-signed certificate, and came across these examples In gen_key.c <https://github.com/Mbed-TLS/mbedtls/blob/bee96566dac936e7fdfa7aa18b6a1f6767…>, "mbedtls_ecp_gen_key()" is used In ecdsa.c <https://github.com/Mbed-TLS/mbedtls/blob/bee96566dac936e7fdfa7aa18b6a1f6767…>, "mbedtls_ecdsa_genkey()" is used. My questions are: - Which function should be used? (It seems mbedtls_ecdsa_genkey() is just a wrapper of mbedtls_ecp_gen_key()?) - If using mbedtls_ecdsa_genkey(), what are the steps to write the public key into PEM format? (My understanding is that I define a mbedtls_pk_context, and convert its address into mbedtls_ecdsa_context *, and pass the pointer into mbedtls_ecdsa_genkey, and then call mbedtls_ecdsa_genkey(), is this correct?) Thanks, Tom

1 year, 3 months

1
0
0 0

Re: CA Unknown Certificate

by Janos Follath

Hi Satya, Is this issue related to the one described in your previous email “[mbed-tls] EAP TLS - TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Unknown CA)”? Kind regards, Janos From: Satya Prakash Prasad <satyaprakash.developer.unix(a)gmail.com> Date: Friday, 12 April 2024 at 16:27 To: Janos Follath <Janos.Follath(a)arm.com> Subject: Re: [mbed-tls] CA Unknown Certificate Hi Janos, Kindly note that I have already provided the same in my initial email. Please refer the same for your reference: Please note that we need to give CN value different for Root and Server / Client (since I am trying got mutual trusted certificate. You can also verify the same in below way: First console : # openssl s_server -cert crt1/server.crt -key crt1/server.key -WWW -port 12345 -CAfile crt1/trusted_ca.eap.pem -verify_return_err or -Verify 1 verify depth is 1, must return a certificate Using default temp DH parameters ACCEPT Second Console: #touch test.txt # openssl s_server -cert crt1/server.crt -key crt1/server.key -WWW -port 12345 -CAfile crt1/trusted_ca.eap.pem -verify_return_err or -Verify 1 verify depth is 1, must return a certificate Using default temp DH parameters ACCEPT On First Console we receive: # openssl s_server -cert crt1/server.crt -key crt1/server.key -WWW -port 12345 -CAfile crt1/trusted_ca.eap.pem -verify_return_err or -Verify 1 verify depth is 1, must return a certificate Using default temp DH parameters ACCEPT depth=1 C = US, ST = CA, L = Somewhere, O = Someone, CN = FoobarCA verify return:1 depth=0 C = US, ST = CA, L = Somewhere, O = Someone, CN = Foobar verify return:1 FILE:test.txt Root CA Key # openssl genrsa -des3 -out ca.key.pem 2048 Generating RSA private key, 2048 bit long modulus (2 primes) ..+++++ ....+++++ e is 65537 (0x010001) Enter pass phrase for ca.key.pem:^1234^ Verifying - Enter pass phrase for ca.key.pem:^1234^ Server Private Key # openssl genrsa -out server.key.pem 2048 Generating RSA private key, 2048 bit long modulus (2 primes) ........................................+++++ .................................................................................................+++++ e is 65537 (0x010001) Client Private Key # openssl genrsa -out client.key.pem 2048 Generating RSA private key, 2048 bit long modulus (2 primes) ...............................+++++ ..........................+++++ e is 65537 (0x010001) Root CA Certificate from Root CA Key # openssl req -x509 -new -nodes -key ca.key.pem -sha256 -days 365 -out ca.cert.pem -subj /C=US/ST=CA/L=Somewhere/O=Someone/CN=FoobarCA Enter pass phrase for ca.key.pem:^1234^ Server CSR & Certificate from Server Private Key # openssl req -new -sha256 -key server.key.pem -subj /C=US/ST=CA/L=Somewhere/O=Someone/CN=Foobar -out server.csr # openssl x509 -req -in server.csr -CA ca.cert.pem -CAkey ca.key.pem -CAcreateserial -out server.cert.pem -days 365 -sha256 Signature ok subject=C = US, ST = CA, L = Somewhere, O = Someone, CN = Foobar Getting CA Private Key Enter pass phrase for ca.key.pem:^1234^ Client CSR & Certificate from Client Private Key # openssl req -new -sha256 -key client.key.pem -subj /C=US/ST=CA/L=Somewhere/O=Someone/CN=Foobar -out client.csr # openssl x509 -req -in client.csr -CA ca.cert.pem -CAkey ca.key.pem -CAcreateserial -out client.cert.pem -days 365 -sha256 Signature ok subject=C = US, ST = CA, L = Somewhere, O = Someone, CN = Foobar Getting CA Private Key Enter pass phrase for ca.key.pem:^1234^ Regards, Prakash On Fri, Apr 12, 2024 at 5:55 PM Janos Follath <Janos.Follath(a)arm.com<mailto:Janos.Follath@arm.com>> wrote: Hi Prakash, Thank you for sharing the details about how you generated the certificates. Could you please share the command line for the server and the client as well? Kind regards, Janos From: Satya Prakash Prasad via mbed-tls <mbed-tls(a)lists.trustedfirmware.org<mailto:mbed-tls@lists.trustedfirmware.org>> Date: Friday, 12 April 2024 at 05:03 To: mbed-tls(a)lists.trustedfirmware.org<mailto:mbed-tls@lists.trustedfirmware.org> <mbed-tls(a)lists.trustedfirmware.org<mailto:mbed-tls@lists.trustedfirmware.org>> Subject: [mbed-tls] CA Unknown Certificate Hi, Please note that while using MBedTLS 3.6.0, when we are trying to verify server / client connection using self-signed mutually trusted certificates we are always getting a CA Unknown Certificate error code 46 alert message. Root CA Key # openssl genrsa -des3 -out ca.key.pem 2048 Generating RSA private key, 2048 bit long modulus (2 primes) ..+++++ ....+++++ e is 65537 (0x010001) Enter pass phrase for ca.key.pem:^1234^ Verifying - Enter pass phrase for ca.key.pem:^1234^ Server Private Key # openssl genrsa -out server.key.pem 2048 Generating RSA private key, 2048 bit long modulus (2 primes) ........................................+++++ .................................................................................................+++++ e is 65537 (0x010001) Client Private Key # openssl genrsa -out client.key.pem 2048 Generating RSA private key, 2048 bit long modulus (2 primes) ...............................+++++ ..........................+++++ e is 65537 (0x010001) Root CA Certificate # openssl req -x509 -new -nodes -key ca.key.pem -sha256 -days 365 -out ca.cert.pem -subj /C=US/ST=CA/L=Somewhere/O=Someone/CN=FoobarCA Enter pass phrase for ca.key.pem:^1234^ Server CSR & Certificate # openssl req -new -sha256 -key server.key.pem -subj /C=US/ST=CA/L=Somewhere/O=Someone/CN=Foobar -out server.csr # openssl x509 -req -in server.csr -CA ca.cert.pem -CAkey ca.key.pem -CAcreateserial -out server.cert.pem -days 365 -sha256 Signature ok subject=C = US, ST = CA, L = Somewhere, O = Someone, CN = Foobar Getting CA Private Key Enter pass phrase for ca.key.pem:^1234^ Client CSR & Certificate # openssl req -new -sha256 -key client.key.pem -subj /C=US/ST=CA/L=Somewhere/O=Someone/CN=Foobar -out client.csr # openssl x509 -req -in client.csr -CA ca.cert.pem -CAkey ca.key.pem -CAcreateserial -out client.cert.pem -days 365 -sha256 Signature ok subject=C = US, ST = CA, L = Somewhere, O = Someone, CN = Foobar Getting CA Private Key Enter pass phrase for ca.key.pem:^1234^ So we have used Root CA Certificatet as trusted certificate but during handshake steps we see client reporting "Certificate Unknown'' alert error message 46? TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Certificate Unknown) Description: Certificate Unknown (46) Can you please let us know the issue we are doing in creating the certificates or it can also be some wrong steps / configuration while compiling the 3.6.0 release? Regards, Prakash -- mbed-tls mailing list -- mbed-tls(a)lists.trustedfirmware.org<mailto:mbed-tls@lists.trustedfirmware.org> To unsubscribe send an email to mbed-tls-leave(a)lists.trustedfirmware.org<mailto:mbed-tls-leave@lists.trustedfirmware.org> IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

1 year, 3 months

2
1
0 0

CA Unknown Certificate

by Satya Prakash Prasad

Hi, Please note that while using MBedTLS 3.6.0, when we are trying to verify server / client connection using self-signed mutually trusted certificates we are always getting a CA Unknown Certificate error code 46 alert message. Root CA Key # openssl genrsa -des3 -out ca.key.pem 2048 Generating RSA private key, 2048 bit long modulus (2 primes) ..+++++ ....+++++ e is 65537 (0x010001) Enter pass phrase for ca.key.pem:^1234^ Verifying - Enter pass phrase for ca.key.pem:^1234^ Server Private Key # openssl genrsa -out server.key.pem 2048 Generating RSA private key, 2048 bit long modulus (2 primes) ........................................+++++ .................................................................................................+++++ e is 65537 (0x010001) Client Private Key # openssl genrsa -out client.key.pem 2048 Generating RSA private key, 2048 bit long modulus (2 primes) ...............................+++++ ..........................+++++ e is 65537 (0x010001) Root CA Certificate # openssl req -x509 -new -nodes -key ca.key.pem -sha256 -days 365 -out ca.cert.pem -subj /C=US/ST=CA/L=Somewhere/O=Someone/CN=FoobarCA Enter pass phrase for ca.key.pem:^1234^ Server CSR & Certificate # openssl req -new -sha256 -key server.key.pem -subj /C=US/ST=CA/L=Somewhere/O=Someone/CN=Foobar -out server.csr # openssl x509 -req -in server.csr -CA ca.cert.pem -CAkey ca.key.pem -CAcreateserial -out server.cert.pem -days 365 -sha256 Signature ok subject=C = US, ST = CA, L = Somewhere, O = Someone, CN = Foobar Getting CA Private Key Enter pass phrase for ca.key.pem:^1234^ Client CSR & Certificate # openssl req -new -sha256 -key client.key.pem -subj /C=US/ST=CA/L=Somewhere/O=Someone/CN=Foobar -out client.csr # openssl x509 -req -in client.csr -CA ca.cert.pem -CAkey ca.key.pem -CAcreateserial -out client.cert.pem -days 365 -sha256 Signature ok subject=C = US, ST = CA, L = Somewhere, O = Someone, CN = Foobar Getting CA Private Key Enter pass phrase for ca.key.pem:^1234^ So we have used Root CA Certificatet as trusted certificate but during handshake steps we see client reporting "Certificate Unknown'' alert error message 46? TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Certificate Unknown) Description: Certificate Unknown (46) Can you please let us know the issue we are doing in creating the certificates or it can also be some wrong steps / configuration while compiling the 3.6.0 release? Regards, Prakash

1 year, 3 months

1
0
0 0

Public key from certificate?

by Christian Huitema

Public key operations like "psa_verify_message" use a "key-id" argument to represent the public key. Is there a simple way to obtain or register that key-id using the "cert->pk" member of a parsed certificate? -- Christian Huitema

1 year, 3 months

2
1
0 0

Use of auto-generation approach for mbedtls/mbed-crypto driver psa_crypto_driver_wrappers..h file

by Ruchika Gupta

Hi All, Apologies for the long email. I am adding all the 3 projects (TF-M, mbedTLS and Zephyr) to the mail chain because the issues I discuss below are inter-connected and affect all the three projects. From mbedtls 3.5.0 version, the mbedtls project has migrated to auto-generated psa_crypto_driver_wrappers.h file. https://github.com/Mbed-TLS/mbedtls/blob/development/docs/psa-driver-exampl… https://github.com/Mbed-TLS/mbedtls/blob/development/docs/proposed/psa-driv… On TF-M, mbed-crypto, there are 2 patches for the drivers given below which are still hardcoding their changes and not following the above approach. 1. PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER (0001-Add-TF-M-Builtin-Key-Loader-driver-entry-points.patch) 2. PSA_CRYPTO_DRIVER_CC3XX (0005-Hardcode-CC3XX-entry-points.patch) We at NXP, have migrated our psa crypto wrappers to the above approach using auto-generation. We want to maintain same code base for mbedtls for our SDK's, TFM mbed-crypto as well as align mbedTLS fork in Zephyr. We are increasingly finding it difficult to migrate to newer versions of mbedtls because of hardcoding of above drivers. The problem is specially on the Zephyr front, where in the mbedTLS fork in zephyr these patches from tfm are applied by default. I have queries for all the 3 projects listed below : TF-M --> Can you please let us know what are the plans to migrate these 2 drivers in tfm to the auto-generation approach. If these patches can be migrated to make changes in jinja files rather than hardcoding in psa_crypto_driver_wrappers , things would be much easier to integrate. Is somebody already working on it ? Are you open to accept patches for this change ? mbedTLS --> What is the long term strategy from mbedTLS on this auto-generation ? We still have a lot of hard-coding in .jinja file rather than using drivers.json. Would mbedTLS/new PSA crypto repository start accepting patches for psa wrappers from platforms ? Can the patches which TF-M project maintains be merged in the mbedTLS ? Zephyr --> On Zephyr front, what are the plans to align to this auto-generation approach ? Regards, Ruchika

1 year, 3 months

2
2
0 0

Why is mbedtls 3.x faster than 2.x?

by Work Only

I recently updated an embedded HTTPs web service using mbedtls from 2.22.0 to 3.2.1, and noticed the performance is about 30% better/faster. This is good for sure, but I am curious, what are the changes contributing to this improvement? Thanks!

1 year, 3 months

2
2
0 0

MbedTLS 3.6.0 Compilation Error

by Satya Prakash Prasad

Hi, It seems that in latest MbedTLS 3.6.0 following declarations have been deleted: MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED MBEDTLS_ERR_SSL_PEER_VERIFY_FAILED The below function implementation is not there mbedtls_ssl_conf_export_keys_ext_cb Regards, Prakash

1 year, 3 months

1
1
0 0

MbedTLS 3.6.0 Compilation Error

by Satya Prakash Prasad

Hi, We are trying to compile the MBedTLS 3.6.0 version using nios2-elf-gcc compiler for an embedded product. We are receiving following compilation error- Compiling /mbedtls/library/platform_util.c ---------------------------------------------------- mbedtls/library/platform_util.c:261:2: #error "No mbedtls_ms_time available" Makefile:622: recipe for target '.mbedtls/library/platform_util.o' failed make: *** [mbedtls/library/platform_util.o] Error 1 I see the code in platform_util.c [snapshot below] - we have enabled MBEDTLS_HAVE_TIME and not MBEDTLS_PLATFORM_MS_TIME_ALT #if defined(MBEDTLS_HAVE_TIME) && !defined(MBEDTLS_PLATFORM_MS_TIME_ALT) #include <time.h> #if !defined(_WIN32) && \ // Note - Since we are compiling for embedded device this block gets disabled (defined(unix) || defined(__unix) || defined(__unix__) || \ (defined(__APPLE__) && defined(__MACH__)) || defined(__HAIKU__) || defined(__midipix__)) #include <unistd.h> #endif \ /* !_WIN32 && (unix || __unix || __unix__ || (__APPLE__ && __MACH__) || __HAIKU__ || __midipix__) */ #if (defined(_POSIX_VERSION) && _POSIX_VERSION >= 199309L) || defined(__HAIKU__) //// Note - Since we are compiling for embedded device this block gets disabled mbedtls_ms_time_t mbedtls_ms_time(void) { int ret; struct timespec tv; mbedtls_ms_time_t current_ms; #if defined(__linux__) && defined(CLOCK_BOOTTIME) || defined(__midipix__) ret = clock_gettime(CLOCK_BOOTTIME, &tv); #else ret = clock_gettime(CLOCK_MONOTONIC, &tv); #endif if (ret) { return time(NULL) * 1000; } current_ms = tv.tv_sec; return current_ms*1000 + tv.tv_nsec / 1000000; } #elif defined(_WIN32) || defined(WIN32) || defined(__CYGWIN__) || \ // Note - Since we are compiling for embedded device this block gets disabled defined(__MINGW32__) || defined(_WIN64) #include <windows.h> mbedtls_ms_time_t mbedtls_ms_time(void) { FILETIME ct; mbedtls_ms_time_t current_ms; GetSystemTimeAsFileTime(&ct); current_ms = ((mbedtls_ms_time_t) ct.dwLowDateTime + ((mbedtls_ms_time_t) (ct.dwHighDateTime) << 32LL))/10000; return current_ms; } #else #error "No mbedtls_ms_time available" //--> compilation error propagated from here #endif Regards, Prakash

1 year, 3 months

1
0
0 0

Generate a self-signed trusted certificate for server / client

by Satya Prakash Prasad

Hi, Referring to https://mbed-tls.readthedocs.io/en/latest/kb/how-to/generate-a-self-signed-… I am trying to create mutual certificates for server / client self signed certificates. As I derive from the web page the following steps need to be followed: Generic gen_key type=rsa rsa_keysize=2048 filename=ca.key format=pem cert_write selfsign=1 issuer_key=ca.key issuer_name=CN=myserver,O=myorganization,C=NL not_before=20130101000000 not_after=20251231235959 is_ca=1 max_pathlen=0 output_file=my_crt.crt Server Side: What steps to do to create the following files where server.crt is server side certificate, sever.key is the server private key and trusted.pem is the CA that it trusts. server.crt, server.key, trusted.pem[trusted.pem==>is it my_crt.crt] Do we need to create new server keys and certificates then do we need to bundle them - I am not sure how and what steps to do? Client Side What steps to do to create the following file where client.crt is client side certificate, client.key is the client private key and trusted.pem is the CA that it trusts. client.crt, client.key, trusted.pem[trusted.pem==>is it my_crt.crt] Do we need to create new client keys and certificates then do we need to bundle them - I am not sure how and what steps to do? Objective: Objective is that client and server should be able to connect securely successfully using their certs Request to provide help related to the generation of self-signed client / server certs that can be used for SSL handshake using MBedTLS library. Regards, Prakash

1 year, 3 months

1
0
0 0

Support SM2, SM3, SM4

by Zhi Liu

Hi all, Given TLS 1.3 has added two new cipher suites in RFC 8998 ( https://datatracker.ietf.org/doc/html/rfc8998), it would be useful to add these algorithms and ciphersuites in Mbedtls. CipherSuite TLS_SM4_GCM_SM3 = { 0x00, 0xC6 }; CipherSuite TLS_SM4_CCM_SM3 = { 0x00, 0xC7 }; There are some posts in this topic, https://github.com/Mbed-TLS/mbedtls/pull/4091, https://github.com/Mbed-TLS/mbedtls/pull/1620. But SM2/3/4 have not been added in recent versions(e.g., 3.6). I have implemented SM3, SM4 as standalone code( https://github.com/zliucd/cryptoshark), and want to port the code to Mbedtls while supporting SM2. However, to fully support the two new cipher suites, we need to add lots of other code. The first step is to add SM2, SM3 and SM as standalone ciphers. Thanks for any comments. Zhi

1 year, 3 months

1
0
0 0

EAP TLS - TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Unknown CA)

by Satya Prakash Prasad

Hi, I am not sure if this questions should be addressed to this support team but in hope that some positive information might come up. I am trying to analyze an SSL handshake failure issue. Based on the issue please find below steps to create client / server certificates. : openssl genrsa -out ca.key 2048 openssl req -new -x509 -days 1826 -key ca.key -out ca.crt openssl genrsa -out server.key 2048 openssl req -new -out server.csr -key server.key openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 360 At this step I have below files: ca.crt (which I use as trusted_client.pem), server.crt and server.key at server side Client Side certificate generation: openssl genrsa -out client.key 2048 openssl req -out client.csr -key client.key -new openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt -days 360 So now at client side I have below files: client.crt client.key trusted_client.pem [generated during Server certificate step] I am not sure if I have generated the certificates correctly - but I am trying to test a Mutual trusted Server / Client SSL connection. So there is no certificate chain I have made during their certificate creation - they are self-signed ones. Note that when asked about the CN I gave "CA" (for CA), "example.com" (for server) and "client" (for client). When I run the flow I get below error: TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Unknown CA) Wireshark logs: 103 2024-04-01 11:17:42.886627 Device_00:8c:94 Nearest-non-TPMR-bridge EAPOL 60 Start 104 2024-04-01 11:17:42.887165 MS-NLB-PhysServer-17_11:11:11:11 Nearest-non-TPMR-bridge EAP 60 Request, Identity 105 2024-04-01 11:17:45.890174 MS-NLB-PhysServer-17_11:11:11:11 Nearest-non-TPMR-bridge EAP 60 Request, Identity 106 2024-04-01 11:17:45.892093 Device_00:8c:94 Nearest-non-TPMR-bridge EAP 60 Response, Identity 107 2024-04-01 11:17:45.892425 MS-NLB-PhysServer-17_11:11:11:11 Nearest-non-TPMR-bridge EAP 60 Request, TLS EAP (EAP-TLS) 108 2024-04-01 11:17:47.732072 Device_00:8c:94 Nearest-non-TPMR-bridge TLSv1.2 226 Client Hello 109 2024-04-01 11:17:47.746814 MS-NLB-PhysServer-17_11:11:11:11 Nearest-non-TPMR-bridge EAP 1421 Request, TLS EAP (EAP-TLS) 110 2024-04-01 11:17:47.750570 Device_00:8c:94 Nearest-non-TPMR-bridge EAP 60 Response, TLS EAP (EAP-TLS) 111 2024-04-01 11:17:47.750881 MS-NLB-PhysServer-17_11:11:11:11 Nearest-non-TPMR-bridge SSL 1068 Continuation Data 112 2024-04-01 11:17:49.896020 MS-NLB-PhysServer-17_11:11:11:11 Nearest-non-TPMR-bridge SSL 1068 Continuation Data 113 2024-04-01 11:17:50.104051 Device_00:8c:94 Nearest-non-TPMR-bridge TLSv1.2 233 Client Hello, Alert (Level: Fatal, Description: Certificate Unknown) -- Description: Certificate Unknown (46) 114 2024-04-01 11:17:50.104413 MS-NLB-PhysServer-17_11:11:11:11 Nearest-non-TPMR-bridge EAP 60 Failure Server Hello, Certificate, Server Key Exchange, Certificate Request, Server Hello Done Frame 111: 1068 bytes on wire (8544 bits), 1068 bytes captured (8544 bits) on interface \Device\NPF_{87758CCA-2149-4961-9FDA-E59432A16D13}, id 0 Ethernet II, Src: MS-NLB-PhysServer-17_11:11:11:11 (02:11:11:11:11:11), Dst: Nearest-non-TPMR-bridge (01:80:c2:00:00:03) 802.1X Authentication Extensible Authentication Protocol Code: Request (1) Id: 56 Length: 1050 Type: TLS EAP (EAP-TLS) (13) EAP-TLS Flags: 0x00 0... .... = Length Included: False .0.. .... = More Fragments: False ..0. .... = Start: False [2 EAP-TLS Fragments (2437 bytes): #109(1393), #111(1044)] [Frame: 109, payload: 0-1392 (1393 bytes)] [Frame: 111, payload: 1393-2436 (1044 bytes)] [Fragment Count: 2] [Reassembled EAP-TLS Length: 2437] Transport Layer Security TLSv1.2 Record Layer: Handshake Protocol: Server Hello Content Type: Handshake (22) Version: TLS 1.2 (0x0303) Length: 61 Handshake Protocol: Server Hello Handshake Type: Server Hello (2) Length: 57 Version: TLS 1.2 (0x0303) Random: e8497a7739576c02beabbb0b95a6b95f026ba3bc167b4992af22b64fb10f1e8b GMT Unix Time: Jun 29, 2093 21:29:51.000000000 India Standard Time Random Bytes: 39576c02beabbb0b95a6b95f026ba3bc167b4992af22b64fb10f1e8b Session ID Length: 0 Cipher Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8) Compression Method: null (0) Extensions Length: 17 Extension: renegotiation_info (len=1) Type: renegotiation_info (65281) Length: 1 Renegotiation Info extension Extension: ec_point_formats (len=4) Type: ec_point_formats (11) Length: 4 EC point formats Length: 3 Elliptic curves point formats (3) EC point format: uncompressed (0) EC point format: ansiX962_compressed_prime (1) EC point format: ansiX962_compressed_char2 (2) Extension: extended_master_secret (len=0) Type: extended_master_secret (23) Length: 0 [JA3S Fullstring: 771,52392,65281-11-23] [JA3S: d7d95b173b904a8f4de65bd751cb534a] TLSv1.2 Record Layer: Handshake Protocol: Certificate Content Type: Handshake (22) Version: TLS 1.2 (0x0303) Length: 1793 Handshake Protocol: Certificate Handshake Type: Certificate (11) Length: 1789 Certificates Length: 1786 Certificates (1786 bytes) TLSv1.2 Record Layer: Handshake Protocol: Server Key Exchange Content Type: Handshake (22) Version: TLS 1.2 (0x0303) Length: 401 Handshake Protocol: Server Key Exchange Handshake Type: Server Key Exchange (12) Length: 397 EC Diffie-Hellman Server Params TLSv1.2 Record Layer: Handshake Protocol: Certificate Request Content Type: Handshake (22) Version: TLS 1.2 (0x0303) Length: 153 Handshake Protocol: Certificate Request Handshake Type: Certificate Request (13) Length: 149 Certificate types count: 3 Certificate types (3 types) Signature Hash Algorithms Length: 40 Signature Hash Algorithms (20 algorithms) Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403) Signature Hash Algorithm Hash: SHA256 (4) Signature Hash Algorithm Signature: ECDSA (3) Signature Algorithm: ecdsa_secp384r1_sha384 (0x0503) Signature Hash Algorithm Hash: SHA384 (5) Signature Hash Algorithm Signature: ECDSA (3) Signature Algorithm: ecdsa_secp521r1_sha512 (0x0603) Signature Hash Algorithm Hash: SHA512 (6) Signature Hash Algorithm Signature: ECDSA (3) Signature Algorithm: ed25519 (0x0807) Signature Hash Algorithm Hash: Unknown (8) Signature Hash Algorithm Signature: Unknown (7) Signature Algorithm: ed448 (0x0808) Signature Hash Algorithm Hash: Unknown (8) Signature Hash Algorithm Signature: Unknown (8) Signature Algorithm: rsa_pss_pss_sha256 (0x0809) Signature Hash Algorithm Hash: Unknown (8) Signature Hash Algorithm Signature: Unknown (9) Signature Algorithm: rsa_pss_pss_sha384 (0x080a) Signature Hash Algorithm Hash: Unknown (8) Signature Hash Algorithm Signature: Unknown (10) Signature Algorithm: rsa_pss_pss_sha512 (0x080b) Signature Hash Algorithm Hash: Unknown (8) Signature Hash Algorithm Signature: Unknown (11) Signature Algorithm: rsa_pss_rsae_sha256 (0x0804) Signature Hash Algorithm Hash: Unknown (8) Signature Hash Algorithm Signature: SM2 (4) Signature Algorithm: rsa_pss_rsae_sha384 (0x0805) Signature Hash Algorithm Hash: Unknown (8) Signature Hash Algorithm Signature: Unknown (5) Signature Algorithm: rsa_pss_rsae_sha512 (0x0806) Signature Hash Algorithm Hash: Unknown (8) Signature Hash Algorithm Signature: Unknown (6) Signature Algorithm: rsa_pkcs1_sha256 (0x0401) Signature Hash Algorithm Hash: SHA256 (4) Signature Hash Algorithm Signature: RSA (1) Signature Algorithm: rsa_pkcs1_sha384 (0x0501) Signature Hash Algorithm Hash: SHA384 (5) Signature Hash Algorithm Signature: RSA (1) Signature Algorithm: rsa_pkcs1_sha512 (0x0601) Signature Hash Algorithm Hash: SHA512 (6) Signature Hash Algorithm Signature: RSA (1) Signature Algorithm: SHA224 ECDSA (0x0303) Signature Hash Algorithm Hash: SHA224 (3) Signature Hash Algorithm Signature: ECDSA (3) Signature Algorithm: SHA224 RSA (0x0301) Signature Hash Algorithm Hash: SHA224 (3) Signature Hash Algorithm Signature: RSA (1) Signature Algorithm: SHA224 DSA (0x0302) Signature Hash Algorithm Hash: SHA224 (3) Signature Hash Algorithm Signature: DSA (2) Signature Algorithm: SHA256 DSA (0x0402) Signature Hash Algorithm Hash: SHA256 (4) Signature Hash Algorithm Signature: DSA (2) Signature Algorithm: SHA384 DSA (0x0502) Signature Hash Algorithm Hash: SHA384 (5) Signature Hash Algorithm Signature: DSA (2) Signature Algorithm: SHA512 DSA (0x0602) Signature Hash Algorithm Hash: SHA512 (6) Signature Hash Algorithm Signature: DSA (2) Distinguished Names Length: 101 Distinguished Names (101 bytes) TLSv1.2 Record Layer: Handshake Protocol: Server Hello Done Content Type: Handshake (22) Version: TLS 1.2 (0x0303) Length: 4 Handshake Protocol: Server Hello Done Handshake Type: Server Hello Done (14) Length: 0 Client Hello, Alert (Level: Fatal, Description: Certificate Unknown) Extensible Authentication Protocol Code: Response (2) Id: 56 Length: 215 Type: TLS EAP (EAP-TLS) (13) EAP-TLS Flags: 0x00 Transport Layer Security TLSv1.2 Record Layer: Handshake Protocol: Client Hello Content Type: Handshake (22) Version: TLS 1.2 (0x0303) Length: 197 Handshake Protocol: Client Hello Handshake Type: Client Hello (1) Length: 193 Version: TLS 1.2 (0x0303) Random: 259ea02b1870ac3618e57b7cbdf4a4ad7df085bf1180f24c52141c38f640cdac Session ID Length: 0 Cipher Suites Length: 80 Cipher Suites (40 suites) Compression Methods Length: 1 Compression Methods (1 method) Extensions Length: 72 Extension: signature_algorithms (len=22) Extension: supported_groups (len=24) Extension: ec_point_formats (len=2) Extension: encrypt_then_mac (len=0) Extension: extended_master_secret (len=0) Extension: session_ticket (len=0) [JA4: 12i400600_9479543b8654_7b0ba9b4cf08] [JA4_r [truncated]: 12i400600_002f,0033,0035,0039,003c,003d,0067,006b,009c,009d,009e,009f,00ff,c009,c00a,c013,c014,c023,c024,c027,c028,c02b,c02c,c02f,c030,c09c,c09d,c09e,c09f,c0a0,c0a1,c0a2,c0a3,c0ac,c0ad,c0ae,c0af,cca8,cca9,ccaa_000a,000b,] [JA3 Fullstring [truncated]: 771,52392-52393-52394-49196-49200-159-49325-49311-49188-49192-107-49162-49172-57-49327-49315-49195-49199-158-49324-49310-49187-49191-103-49161-49171-51-49326-49314-157-49309-61-53-49313-156-49308-60-47-49312-255] [JA3: fee1630eb5b7688c9f8303364702933f] TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Certificate Unknown) Content Type: Alert (21) Version: TLS 1.2 (0x0303) Length: 2 Alert Message Level: Fatal (2) Description: Certificate Unknown (46) Is it that certificates are correct the server / client code is at fault - I am running EAP-TLS [ https://github.com/championswimmer/kernel_sony_tamsui/tree/master/platform/…] code as client and hostapd daemon as server. Regards, Prakash

1 year, 3 months

1
0
0 0

[Mbed-tls-announce] Latest Release of Mbed TLS

by Minos Galanakis via Mbed-tls-announce

Hi Mbed TLS users, We have released Mbed TLS versions 3.6.0 LTS and 2.28.8. These releases of Mbed TLS address several security issues, provide bug fixes, and bring other minor changes. Full details are available in the release notes (https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.6.0, https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.8). We recommend all users to consider whether they are impacted, and to upgrade appropriately. IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. -- Mbed-tls-announce mailing list -- mbed-tls-announce(a)lists.trustedfirmware.org To unsubscribe send an email to mbed-tls-announce-leave(a)lists.trustedfirmware.org

1 year, 3 months

7
8
0 0

Latest release of Mbed TLS

by Minos Galanakis

Hi Mbed TLS users, We have released Mbed TLS versions 3.6.0 LTS and 2.28.8. These releases of Mbed TLS address several security issues, provide bug fixes, and bring other minor changes. Full details are available in the release notes (https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.6.0, https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.8). We recommend all users to consider whether they are impacted, and to upgrade appropriately.

1 year, 3 months

1
0
0 0

Assistance Requested: TLS Handshake Failure with MbedTLS on STM32F4

by Ashvajit Prasad

Hello Mbed-TLS team, I am reaching out for guidance on an issue I've encountered while integrating MbedTLS for HTTPS requests using the coreHTTP stack alongside FreeRTOSplusTCP on an STM32F4 device. Although I have successfully implemented an HTTP client, moving to HTTPS has presented some challenges. My approach has included several adjustments to the mbedtls_config file, such as: - Integrating a Random Number Generator (RNG) from STM32 within the mbed_Entropy_poll function. - Utilizing the calloc and free functions provided by FreeRTOS. - Modifying the search algorithm to correctly handle null-terminated PEM certificates. Despite these efforts, I am unable to establish a connection to the server, with the process consistently failing during the TLS handshake phase. Specifically, the client hello message is transmitted from my device, but no response is received from the server, resulting in an MBEDTLS_INTERNAL_ERROR. Enclosed with this email are my mbedtls_config file and a detailed account of the issue as posted on the FreeRTOS forum<https://forums.freertos.org/t/integration-of-ssl-in-corehttp/19561/11>. While I do not expect a full code review<https://github.com/AshvajitP/Eth_FreeRTOS_F4>, any insights into potential causes for this type of handshake failure would be greatly appreciated. Thank you for your time and assistance. Regards, Ashvajit Prasad

1 year, 3 months

1
0
0 0

Status of RFC 8449 support

by norbert.fabritius＠esrlabs.com

I saw the following comment when configuring Record Size Limit Extension (RFC 8449) in `mbedtls_config.h` [1]: > This extension is currently in development and must NOT be used except for testing purposes. Is this still accurate? What functionality is missing for full RFC 8449 support? Is this feature planned for a specific date? [1] https://github.com/Mbed-TLS/mbedtls/blob/611f899c0c9d397baedfaec34ea0861ad2…

1 year, 3 months

3
3
0 0

MBedTLS Integration API Implementation

by Satya Prakash Prasad

Hi, We are integrating https://github.com/prplfoundation/hostap code into our project that makes uses of crypto and SSL functionality. Their code is so written that they have interfaces defined where crypto and SSL 3rd party algorithms can be called and implemented. We are stuck implementing those APIs interfaces using MBedTLS and in need of help for its implementation. Referring to the below set of interfaces as defined in https://github.com/prplfoundation/hostap/blob/master/src/crypto/tls_none.c we need to implement required code for MBedTLS. I am in need help implementing below API: struct tls_connection * tls_connection_init(void *tls_ctx) where tls_connection is below defined type [user defined type - hope is correct implementation]: struct tls_connection { mbedtls_ssl_context *ssl; keyman_creds *cr; }; We have made the below implementation struct tls_connection * tls_connection_init(void *ssl_ctx) { mbedtls_ssl_context *mssl_ctx = ssl_ctx; struct tls_connection *conn; conn = os_zalloc(sizeof(*conn)); if (conn == NULL) { return NULL; } conn->ssl = mssl_ctx ; conn->cr = NULL; mbedtls_ssl_set_bio(ssl_ctx, NULL, net_send, net_recv, NULL); return conn; } If my above implementation is correct please let me know how to implement our own net_send and net_recv function. There are many buffer declaration in mbedtls_ssl_context I am not sue what algorithm to use to read complete / remaining bytes using internal data structure : int net_recv(void *ctx, unsigned char *buf, size_t len) { /* how to implement */ } int net_send(void *ctx, const unsigned char *buf, size_t len) { /* how to implement */ } Thanks in advance. Regards, Prakash

1 year, 3 months

1
0
0 0

GCC Compiler Version

by Satya Prakash Prasad

Hi, Please let me know which GCC compiler version to use to compile MBedTLS on Ubuntu and test cases that we can build and verify? Regards, Prakash

1 year, 3 months

2
1
0 0

2025

2024

2023

2022

2021

2020

mbed-tls