पर चल रहे स्थानीय वेबस्पेयर एएस से एडब्ल्यूएस पर एनजिन से कनेक्ट करने के लिए मुझे क्लाइंट प्रमाणीकरण के साथ एक सेवा से कनेक्ट करने में कठिनाई हो रही है। सेवा ("सुरक्षित सेवा") एडब्ल्यूएस पर है। ग्राहक मेरे मैक पर लिनक्स वीएम पर हैं। SecginService पर Nginx क्लाइंट प्रमाणीकरण को उस संसाधन पर लागू करता है जिसे मैं पोर्ट 443 पर एक्सेस कर रहा हूं। मुझे अवधारणा जावा स्टैंडअलोन एप्लिकेशन (openjdk 1.8.0_60) या अन्य क्लाइंट्स के अवधारणा का उपयोग करके एक ही वीएम से एक ही सुरक्षित सेवा में कनेक्ट करने में सफल प्रतिक्रिया मिल सकती है। (wget, openssl), लेकिन वेबस्पेयर एएस पर होस्ट किए गए उसी जावा कोड से नहीं (स्वीकार्य रूप से पुराने पुस्तकालयों और आईबीएम जे 9 वीएम पर निर्भर, 2.6, जेआरई 1.6.0 का निर्माण)। SecureService होस्टनाम को 127.0.0.1 में/etc/hosts में रीमेप करते समय, हालांकि, वेबस्पेयर एएस पर वही जावा कोड सफलतापूर्वक स्थानीय ओपनएसएसएल सर्वर से कनेक्ट होता है जो समान प्रमाणीकरण प्राधिकरण से क्लाइंट प्रमाणीकरण की आवश्यकता होती है। असफल कनेक्शन रिपोर्ट में सिक्योरसेवर से प्रतिक्रिया "400 कोई आवश्यक एसएसएल प्रमाण पत्र भेजा नहीं गया" ... "400 खराब अनुरोध", लेकिन टीसीपीडम्प पैकेट कैप्चर दिखाता है कि यह एक प्रमाणपत्र अनुरोध नहीं भेज रहा है, जबकि यह अन्य सभी मामलों में है। यह परेशान है और मुझे लगता है कि क्लाइंटहेल्लो संदेश में कुछ ऐसा है जो सर्वर पसंद नहीं करता है, हालांकि सफल और असफल कनेक्शन में क्लाइंटहेल्लो संदेश बहुत समान हैं।सर्वर से कोई सर्टिफिकेट अनुरोध नहीं होने पर एसएसएल कनेक्शन विफल रहा है, जावा 6
एक बहुत ही अजीब विस्तार यह भी है कि टीसीपीडम्प कभी भी मेरे क्लाइंट से असफल संचार में सर्वर पर पहले टीसीपी एसवाईएन पैकेट को कैप्चर नहीं करता है, जबकि यह बाकी को कैप्चर करता है (सर्वर से SYN + ACK, फिर क्लाइंट से ACK) और अन्य सभी संचारों पर सभी पैकेट (SYN, SYN + ACK, ACK)।
सभी संचार अपने सभी हिस्सों में TLSv1.2 का उपयोग करते हैं।
असफल कनेक्शन:
(client <--> server) <-- SYN, ACK --> ACK --> Client Hello <-- ACK <-- Server Hello, Certificate, Server Hello Done --> ACK --> Client Key Exchange <-- ACK --> Change Cypher Spec <-- ACK --> Encrypted Handshake Message <-- ACK <-- Change Cypher Spec, Encrypted Handshake Message --> Application Data ...
अवधारणा जावा अनुप्रयोग का सबूत में पास हुए कनेक्शन: (ग्राहक < -> सर्वर)
--> SYN <-- SYN, ACK --> ACK --> Client Hello <-- ACK <-- Server Hello <-- Certificate <-- Certificate Request, Server Hello Done --> ACK --> ACK --> [TCP segment of a reassembled PDU] --> Certificate, Client Key Exchange <-- ACK --> Certificate Verify --> Change Cypher Spec --> Hello Request, Hello Request <-- ACK <-- Change Cypher Spec, Encrypted Handshake Message --> Application Data ...
स्थानीय openssl के रूप में Websphere में पास हुए कनेक्शन: (ग्राहक < -> सर्वर)
--> SYN <-- SYN, ACK --> ACK --> Client Hello <-- ACK <-- Server Hello, Certificate, Certificate Request, Server Hello Done --> ACK --> Certificate, Client Key Exchange <-- ACK --> Certificate Verify --> Change Cypher Spec --> Encrypted Handshake Message <-- ACK <-- Change Cypher Spec, Encrypted Handshake Message --> Application Data ...
असफल ग्राहक हैलो:
Frame 3: 332 bytes on wire (2656 bits), 332 bytes captured (2656 bits) Encapsulation type: Linux cooked-mode capture (25) Arrival Time: Feb 25, 2016 13:29:15.353437000 GMT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1456406955.353437000 seconds [Time delta from previous captured frame: 0.004839000 seconds] [Time delta from previous displayed frame: 0.004839000 seconds] [Time since reference or first frame: 0.004868000 seconds] Frame Number: 3 Frame Length: 332 bytes (2656 bits) Capture Length: 332 bytes (2656 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: sll:ethertype:ip:tcp:ssl] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Linux cooked capture Packet type: Sent by us (4) Link-layer address type: 1 Link-layer address length: 6 Source: CadmusCo_67:0a:c1 (08:00:27:67:0a:c1) Protocol: IPv4 (0x0800) Internet Protocol Version 4, Src: (OMITTED FOR SECURITY REASONS), Dst: (OMITTED FOR SECURITY REASONS) 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 316 Identification: 0xf29d (62109) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (6) Header checksum: 0xc7f8 [validation disabled] [Good: False] [Bad: False] Source: (OMITTED FOR SECURITY REASONS) Destination: (OMITTED FOR SECURITY REASONS) [Source GeoIP: Unknown] [Destination GeoIP: Unknown] Transmission Control Protocol, Src Port: 51512 (51512), Dst Port: 443 (443), Seq: 1, Ack: 1, Len: 276 Source Port: 51512 Destination Port: 443 [Stream index: 0] [TCP Segment Len: 276] Sequence number: 1 (relative sequence number) [Next sequence number: 277 (relative sequence number)] Acknowledgment number: 1 (relative ack number) Header Length: 20 bytes Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: *******AP***] Window size value: 14600 [Calculated window size: 14600] [Window size scaling factor: -2 (no window scaling used)] Checksum: 0x8054 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Urgent pointer: 0 [SEQ/ACK analysis] [Bytes in flight: 276] Secure Sockets Layer TLSv1.2 Record Layer: Handshake Protocol: Client Hello Content Type: Handshake (22) Version: TLS 1.2 (0x0303) Length: 271 Handshake Protocol: Client Hello Handshake Type: Client Hello (1) Length: 267 Version: TLS 1.2 (0x0303) Random GMT Unix Time: Feb 25, 2016 13:29:15.000000000 GMT Random Bytes: 2ca99e72b66289fcd3f11bf2dc3ef464709b197e6dd6cdd5... Session ID Length: 32 Session ID: 28eef056a41440e760eaa9e3358a9cd56d8823fa130e9100... Cipher Suites Length: 128 Cipher Suites (64 suites) Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004) Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005) Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f) Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033) Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032) Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a) Cipher Suite: SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA (0xfeff) Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016) Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013) Cipher Suite: TLS_DHE_DSS_WITH_RC4_128_SHA (0x0066) Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c) Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c) Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e) Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067) Cipher Suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 (0x00a2) Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (0x0040) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) Cipher Suite: TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA (0x0011) Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013) Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032) Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (0x0040) Cipher Suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 (0x00a2) Cipher Suite: TLS_DHE_DSS_WITH_DES_CBC_SHA (0x0012) Cipher Suite: TLS_DHE_DSS_WITH_RC4_128_SHA (0x0066) Cipher Suite: TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA (0x0014) Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016) Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033) Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067) Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e) Cipher Suite: TLS_DHE_RSA_WITH_DES_CBC_SHA (0x0015) Cipher Suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023) Cipher Suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA (0xc007) Cipher Suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) Cipher Suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011) Cipher Suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc003) Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004) Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 (0xc025) Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02d) Cipher Suite: TLS_ECDH_ECDSA_WITH_RC4_128_SHA (0xc002) Cipher Suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA (0xc00d) Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e) Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 (0xc029) Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 (0xc031) Cipher Suite: TLS_ECDH_RSA_WITH_RC4_128_SHA (0xc00c) Cipher Suite: TLS_RSA_EXPORT_WITH_DES40_CBC_SHA (0x0008) Cipher Suite: TLS_RSA_EXPORT_WITH_RC4_40_MD5 (0x0003) Cipher Suite: SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA (0xfeff) Cipher Suite: SSL_RSA_FIPS_WITH_DES_CBC_SHA (0xfefe) Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a) Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f) Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c) Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c) Cipher Suite: TLS_RSA_WITH_DES_CBC_SHA (0x0009) Cipher Suite: TLS_RSA_WITH_NULL_MD5 (0x0001) Cipher Suite: TLS_RSA_WITH_NULL_SHA (0x0002) Cipher Suite: TLS_RSA_WITH_NULL_SHA256 (0x003b) Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004) Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005) Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff) Compression Methods Length: 1 Compression Methods (1 method) Compression Method: null (0) Extensions Length: 66 Extension: elliptic_curves Type: elliptic_curves (0x000a) Length: 24 Elliptic Curves Length: 22 Elliptic curves (11 curves) Elliptic curve: secp256r1 (0x0017) Elliptic curve: secp192r1 (0x0013) Elliptic curve: secp224r1 (0x0015) Elliptic curve: secp384r1 (0x0018) Elliptic curve: secp521r1 (0x0019) Elliptic curve: secp160k1 (0x000f) Elliptic curve: secp160r1 (0x0010) Elliptic curve: secp160r2 (0x0011) Elliptic curve: secp192k1 (0x0012) Elliptic curve: secp224k1 (0x0014) Elliptic curve: secp256k1 (0x0016) Extension: ec_point_formats Type: ec_point_formats (0x000b) Length: 2 EC point formats Length: 1 Elliptic curves point formats (1) EC point format: uncompressed (0) Extension: signature_algorithms Type: signature_algorithms (0x000d) Length: 28 Signature Hash Algorithms Length: 26 Signature Hash Algorithms (13 algorithms) Signature Hash Algorithm: 0x0603 Signature Hash Algorithm Hash: SHA512 (6) Signature Hash Algorithm Signature: ECDSA (3) Signature Hash Algorithm: 0x0601 Signature Hash Algorithm Hash: SHA512 (6) Signature Hash Algorithm Signature: RSA (1) Signature Hash Algorithm: 0x0503 Signature Hash Algorithm Hash: SHA384 (5) Signature Hash Algorithm Signature: ECDSA (3) Signature Hash Algorithm: 0x0501 Signature Hash Algorithm Hash: SHA384 (5) Signature Hash Algorithm Signature: RSA (1) Signature Hash Algorithm: 0x0403 Signature Hash Algorithm Hash: SHA256 (4) Signature Hash Algorithm Signature: ECDSA (3) Signature Hash Algorithm: 0x0401 Signature Hash Algorithm Hash: SHA256 (4) Signature Hash Algorithm Signature: RSA (1) Signature Hash Algorithm: 0x0303 Signature Hash Algorithm Hash: SHA224 (3) Signature Hash Algorithm Signature: ECDSA (3) Signature Hash Algorithm: 0x0301 Signature Hash Algorithm Hash: SHA224 (3) Signature Hash Algorithm Signature: RSA (1) Signature Hash Algorithm: 0x0203 Signature Hash Algorithm Hash: SHA1 (2) Signature Hash Algorithm Signature: ECDSA (3) Signature Hash Algorithm: 0x0201 Signature Hash Algorithm Hash: SHA1 (2) Signature Hash Algorithm Signature: RSA (1) Signature Hash Algorithm: 0x0402 Signature Hash Algorithm Hash: SHA256 (4) Signature Hash Algorithm Signature: DSA (2) Signature Hash Algorithm: 0x0202 Signature Hash Algorithm Hash: SHA1 (2) Signature Hash Algorithm Signature: DSA (2) Signature Hash Algorithm: 0x0101 Signature Hash Algorithm Hash: MD5 (1) Signature Hash Algorithm Signature: RSA (1)
अवधारणा का सबूत से SecureServer को सफल ग्राहक हैलो:
Frame 62: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0 Interface id: 0 (en0) Encapsulation type: Ethernet (1) Arrival Time: Feb 24, 2016 17:20:21.803009000 GMT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1456334421.803009000 seconds [Time delta from previous captured frame: 0.119948000 seconds] [Time delta from previous displayed frame: 0.119948000 seconds] [Time since reference or first frame: 17.897514000 seconds] Frame Number: 62 Frame Length: 306 bytes (2448 bits) Capture Length: 306 bytes (2448 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:ssl] [Coloring Rule Name: TCP] [Coloring Rule String: tcp] Ethernet II, Src: Apple_bc:c7:11 (a4:5e:60:bc:c7:11), Dst: CiscoInc_76:28:80 (a4:4c:11:76:28:80) Destination: CiscoInc_76:28:80 (a4:4c:11:76:28:80) Address: CiscoInc_76:28:80 (a4:4c:11:76:28:80) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Apple_bc:c7:11 (a4:5e:60:bc:c7:11) Address: Apple_bc:c7:11 (a4:5e:60:bc:c7:11) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: (OMITTED FOR SECURITY REASONS), Dst: (OMITTED FOR SECURITY REASONS) 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 292 Identification: 0xa8b7 (43191) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (6) Header checksum: 0x279c [validation disabled] [Good: False] [Bad: False] Source: (OMITTED FOR SECURITY REASONS) Destination: (OMITTED FOR SECURITY REASONS) [Source GeoIP: Unknown] [Destination GeoIP: Unknown] Transmission Control Protocol, Src Port: 62197 (62197), Dst Port: 443 (443), Seq: 1, Ack: 1, Len: 240 Source Port: 62197 Destination Port: 443 [Stream index: 9] [TCP Segment Len: 240] Sequence number: 1 (relative sequence number) [Next sequence number: 241 (relative sequence number)] Acknowledgment number: 1 (relative ack number) Header Length: 32 bytes Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: *******AP***] Window size value: 4122 [Calculated window size: 131904] [Window size scaling factor: 32] Checksum: 0xc3c5 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Urgent pointer: 0 Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) Timestamps: TSval 928661973, TSecr 546145009 Kind: Time Stamp Option (8) Length: 10 Timestamp value: 928661973 Timestamp echo reply: 546145009 [SEQ/ACK analysis] [iRTT: 0.016102000 seconds] [Bytes in flight: 240] Secure Sockets Layer TLSv1.2 Record Layer: Handshake Protocol: Client Hello Content Type: Handshake (22) Version: TLS 1.2 (0x0303) Length: 235 Handshake Protocol: Client Hello Handshake Type: Client Hello (1) Length: 231 Version: TLS 1.2 (0x0303) Random GMT Unix Time: Feb 24, 2016 17:20:21.000000000 GMT Random Bytes: fbb67137e8cde6609cb570685f6c9b5a62eefbc12973b545... Session ID Length: 0 Cipher Suites Length: 58 Cipher Suites (29 suites) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c) Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 (0xc025) Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 (0xc029) Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067) Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (0x0040) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f) Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004) Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e) Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033) Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c) Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02d) Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 (0xc031) Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e) Cipher Suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 (0x00a2) Cipher Suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008) Cipher Suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012) Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a) Cipher Suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc003) Cipher Suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA (0xc00d) Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016) Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013) Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff) Compression Methods Length: 1 Compression Methods (1 method) Compression Method: null (0) Extensions Length: 132 Extension: elliptic_curves Type: elliptic_curves (0x000a) Length: 52 Elliptic Curves Length: 50 Elliptic curves (25 curves) Elliptic curve: secp256r1 (0x0017) Elliptic curve: sect163k1 (0x0001) Elliptic curve: sect163r2 (0x0003) Elliptic curve: secp192r1 (0x0013) Elliptic curve: secp224r1 (0x0015) Elliptic curve: sect233k1 (0x0006) Elliptic curve: sect233r1 (0x0007) Elliptic curve: sect283k1 (0x0009) Elliptic curve: sect283r1 (0x000a) Elliptic curve: secp384r1 (0x0018) Elliptic curve: sect409k1 (0x000b) Elliptic curve: sect409r1 (0x000c) Elliptic curve: secp521r1 (0x0019) Elliptic curve: sect571k1 (0x000d) Elliptic curve: sect571r1 (0x000e) Elliptic curve: secp160k1 (0x000f) Elliptic curve: secp160r1 (0x0010) Elliptic curve: secp160r2 (0x0011) Elliptic curve: sect163r1 (0x0002) Elliptic curve: secp192k1 (0x0012) Elliptic curve: sect193r1 (0x0004) Elliptic curve: sect193r2 (0x0005) Elliptic curve: secp224k1 (0x0014) Elliptic curve: sect239k1 (0x0008) Elliptic curve: secp256k1 (0x0016) Extension: ec_point_formats Type: ec_point_formats (0x000b) Length: 2 EC point formats Length: 1 Elliptic curves point formats (1) EC point format: uncompressed (0) Extension: signature_algorithms Type: signature_algorithms (0x000d) Length: 26 Signature Hash Algorithms Length: 24 Signature Hash Algorithms (12 algorithms) Signature Hash Algorithm: 0x0603 Signature Hash Algorithm Hash: SHA512 (6) Signature Hash Algorithm Signature: ECDSA (3) Signature Hash Algorithm: 0x0601 Signature Hash Algorithm Hash: SHA512 (6) Signature Hash Algorithm Signature: RSA (1) Signature Hash Algorithm: 0x0503 Signature Hash Algorithm Hash: SHA384 (5) Signature Hash Algorithm Signature: ECDSA (3) Signature Hash Algorithm: 0x0501 Signature Hash Algorithm Hash: SHA384 (5) Signature Hash Algorithm Signature: RSA (1) Signature Hash Algorithm: 0x0403 Signature Hash Algorithm Hash: SHA256 (4) Signature Hash Algorithm Signature: ECDSA (3) Signature Hash Algorithm: 0x0401 Signature Hash Algorithm Hash: SHA256 (4) Signature Hash Algorithm Signature: RSA (1) Signature Hash Algorithm: 0x0303 Signature Hash Algorithm Hash: SHA224 (3) Signature Hash Algorithm Signature: ECDSA (3) Signature Hash Algorithm: 0x0301 Signature Hash Algorithm Hash: SHA224 (3) Signature Hash Algorithm Signature: RSA (1) Signature Hash Algorithm: 0x0203 Signature Hash Algorithm Hash: SHA1 (2) Signature Hash Algorithm Signature: ECDSA (3) Signature Hash Algorithm: 0x0201 Signature Hash Algorithm Hash: SHA1 (2) Signature Hash Algorithm Signature: RSA (1) Signature Hash Algorithm: 0x0202 Signature Hash Algorithm Hash: SHA1 (2) Signature Hash Algorithm Signature: DSA (2) Signature Hash Algorithm: 0x0101 Signature Hash Algorithm Hash: MD5 (1) Signature Hash Algorithm Signature: RSA (1) Extension: server_name Type: server_name (0x0000) Length: 36 Server Name Indication extension Server Name list length: 34 Server Name Type: host_name (0) Server Name length: 31 Server Name: (OMITTED FOR SECURITY REASONS - IT CORRESPONDS TO THE DESTINATION HOSTNAME)
tcpdump कमांड लाइन:
sudo tcpdump -s 0 -n "port 443" -w /Repo/security/capture.cap -i any
किसी को भी किसी भी विचार क्या हो रहा हो सकता है मिल गया है गलत? इस समय, सर्वर पर लॉग इन करने के लिए मेरे पास प्रशासन अधिकार या खाता भी नहीं है।