7
पर चल रहे स्थानीय वेबस्पेयर एएस से एडब्ल्यूएस पर एनजिन से कनेक्ट करने के लिए मुझे क्लाइंट प्रमाणीकरण के साथ एक सेवा से कनेक्ट करने में कठिनाई हो रही है। सेवा ("सुरक्षित सेवा") एडब्ल्यूएस पर है। ग्राहक मेरे मैक पर लिनक्स वीएम पर हैं। SecginService पर Nginx क्लाइंट प्रमाणीकरण को उस संसाधन पर लागू करता है जिसे मैं पोर्ट 443 पर एक्सेस कर रहा हूं। मुझे अवधारणा जावा स्टैंडअलोन एप्लिकेशन (openjdk 1.8.0_60) या अन्य क्लाइंट्स के अवधारणा का उपयोग करके एक ही वीएम से एक ही सुरक्षित सेवा में कनेक्ट करने में सफल प्रतिक्रिया मिल सकती है। (wget, openssl), लेकिन वेबस्पेयर एएस पर होस्ट किए गए उसी जावा कोड से नहीं (स्वीकार्य रूप से पुराने पुस्तकालयों और आईबीएम जे 9 वीएम पर निर्भर, 2.6, जेआरई 1.6.0 का निर्माण)। SecureService होस्टनाम को 127.0.0.1 में/etc/hosts में रीमेप करते समय, हालांकि, वेबस्पेयर एएस पर वही जावा कोड सफलतापूर्वक स्थानीय ओपनएसएसएल सर्वर से कनेक्ट होता है जो समान प्रमाणीकरण प्राधिकरण से क्लाइंट प्रमाणीकरण की आवश्यकता होती है। असफल कनेक्शन रिपोर्ट में सिक्योरसेवर से प्रतिक्रिया "400 कोई आवश्यक एसएसएल प्रमाण पत्र भेजा नहीं गया" ... "400 खराब अनुरोध", लेकिन टीसीपीडम्प पैकेट कैप्चर दिखाता है कि यह एक प्रमाणपत्र अनुरोध नहीं भेज रहा है, जबकि यह अन्य सभी मामलों में है। यह परेशान है और मुझे लगता है कि क्लाइंटहेल्लो संदेश में कुछ ऐसा है जो सर्वर पसंद नहीं करता है, हालांकि सफल और असफल कनेक्शन में क्लाइंटहेल्लो संदेश बहुत समान हैं।सर्वर से कोई सर्टिफिकेट अनुरोध नहीं होने पर एसएसएल कनेक्शन विफल रहा है, जावा 6
एक बहुत ही अजीब विस्तार यह भी है कि टीसीपीडम्प कभी भी मेरे क्लाइंट से असफल संचार में सर्वर पर पहले टीसीपी एसवाईएन पैकेट को कैप्चर नहीं करता है, जबकि यह बाकी को कैप्चर करता है (सर्वर से SYN + ACK, फिर क्लाइंट से ACK) और अन्य सभी संचारों पर सभी पैकेट (SYN, SYN + ACK, ACK)।
सभी संचार अपने सभी हिस्सों में TLSv1.2 का उपयोग करते हैं।
असफल कनेक्शन:
(client <--> server)
<-- SYN, ACK
--> ACK
--> Client Hello
<-- ACK
<-- Server Hello, Certificate, Server Hello Done
--> ACK
--> Client Key Exchange
<-- ACK
--> Change Cypher Spec
<-- ACK
--> Encrypted Handshake Message
<-- ACK
<-- Change Cypher Spec, Encrypted Handshake Message
--> Application Data
...
अवधारणा जावा अनुप्रयोग का सबूत में पास हुए कनेक्शन: (ग्राहक < -> सर्वर)
--> SYN
<-- SYN, ACK
--> ACK
--> Client Hello
<-- ACK
<-- Server Hello
<-- Certificate
<-- Certificate Request, Server Hello Done
--> ACK
--> ACK
--> [TCP segment of a reassembled PDU]
--> Certificate, Client Key Exchange
<-- ACK
--> Certificate Verify
--> Change Cypher Spec
--> Hello Request, Hello Request
<-- ACK
<-- Change Cypher Spec, Encrypted Handshake Message
--> Application Data
...
स्थानीय openssl के रूप में Websphere में पास हुए कनेक्शन: (ग्राहक < -> सर्वर)
--> SYN
<-- SYN, ACK
--> ACK
--> Client Hello
<-- ACK
<-- Server Hello, Certificate, Certificate Request, Server Hello Done
--> ACK
--> Certificate, Client Key Exchange
<-- ACK
--> Certificate Verify
--> Change Cypher Spec
--> Encrypted Handshake Message
<-- ACK
<-- Change Cypher Spec, Encrypted Handshake Message
--> Application Data
...
असफल ग्राहक हैलो:
Frame 3: 332 bytes on wire (2656 bits), 332 bytes captured (2656 bits)
Encapsulation type: Linux cooked-mode capture (25)
Arrival Time: Feb 25, 2016 13:29:15.353437000 GMT
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1456406955.353437000 seconds
[Time delta from previous captured frame: 0.004839000 seconds]
[Time delta from previous displayed frame: 0.004839000 seconds]
[Time since reference or first frame: 0.004868000 seconds]
Frame Number: 3
Frame Length: 332 bytes (2656 bits)
Capture Length: 332 bytes (2656 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: sll:ethertype:ip:tcp:ssl]
[Coloring Rule Name: TCP]
[Coloring Rule String: tcp]
Linux cooked capture
Packet type: Sent by us (4)
Link-layer address type: 1
Link-layer address length: 6
Source: CadmusCo_67:0a:c1 (08:00:27:67:0a:c1)
Protocol: IPv4 (0x0800)
Internet Protocol Version 4, Src: (OMITTED FOR SECURITY REASONS), Dst: (OMITTED FOR SECURITY REASONS)
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 316
Identification: 0xf29d (62109)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (6)
Header checksum: 0xc7f8 [validation disabled]
[Good: False]
[Bad: False]
Source: (OMITTED FOR SECURITY REASONS)
Destination: (OMITTED FOR SECURITY REASONS)
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: 51512 (51512), Dst Port: 443 (443), Seq: 1, Ack: 1, Len: 276
Source Port: 51512
Destination Port: 443
[Stream index: 0]
[TCP Segment Len: 276]
Sequence number: 1 (relative sequence number)
[Next sequence number: 277 (relative sequence number)]
Acknowledgment number: 1 (relative ack number)
Header Length: 20 bytes
Flags: 0x018 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgment: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
[TCP Flags: *******AP***]
Window size value: 14600
[Calculated window size: 14600]
[Window size scaling factor: -2 (no window scaling used)]
Checksum: 0x8054 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Urgent pointer: 0
[SEQ/ACK analysis]
[Bytes in flight: 276]
Secure Sockets Layer
TLSv1.2 Record Layer: Handshake Protocol: Client Hello
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 271
Handshake Protocol: Client Hello
Handshake Type: Client Hello (1)
Length: 267
Version: TLS 1.2 (0x0303)
Random
GMT Unix Time: Feb 25, 2016 13:29:15.000000000 GMT
Random Bytes: 2ca99e72b66289fcd3f11bf2dc3ef464709b197e6dd6cdd5...
Session ID Length: 32
Session ID: 28eef056a41440e760eaa9e3358a9cd56d8823fa130e9100...
Cipher Suites Length: 128
Cipher Suites (64 suites)
Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004)
Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
Cipher Suite: SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA (0xfeff)
Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)
Cipher Suite: TLS_DHE_DSS_WITH_RC4_128_SHA (0x0066)
Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 (0x00a2)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (0x0040)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
Cipher Suite: TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA (0x0011)
Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (0x0040)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 (0x00a2)
Cipher Suite: TLS_DHE_DSS_WITH_DES_CBC_SHA (0x0012)
Cipher Suite: TLS_DHE_DSS_WITH_RC4_128_SHA (0x0066)
Cipher Suite: TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA (0x0014)
Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e)
Cipher Suite: TLS_DHE_RSA_WITH_DES_CBC_SHA (0x0015)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA (0xc007)
Cipher Suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
Cipher Suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011)
Cipher Suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc003)
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004)
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 (0xc025)
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02d)
Cipher Suite: TLS_ECDH_ECDSA_WITH_RC4_128_SHA (0xc002)
Cipher Suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA (0xc00d)
Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e)
Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 (0xc029)
Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 (0xc031)
Cipher Suite: TLS_ECDH_RSA_WITH_RC4_128_SHA (0xc00c)
Cipher Suite: TLS_RSA_EXPORT_WITH_DES40_CBC_SHA (0x0008)
Cipher Suite: TLS_RSA_EXPORT_WITH_RC4_40_MD5 (0x0003)
Cipher Suite: SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA (0xfeff)
Cipher Suite: SSL_RSA_FIPS_WITH_DES_CBC_SHA (0xfefe)
Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
Cipher Suite: TLS_RSA_WITH_DES_CBC_SHA (0x0009)
Cipher Suite: TLS_RSA_WITH_NULL_MD5 (0x0001)
Cipher Suite: TLS_RSA_WITH_NULL_SHA (0x0002)
Cipher Suite: TLS_RSA_WITH_NULL_SHA256 (0x003b)
Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004)
Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005)
Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
Compression Methods Length: 1
Compression Methods (1 method)
Compression Method: null (0)
Extensions Length: 66
Extension: elliptic_curves
Type: elliptic_curves (0x000a)
Length: 24
Elliptic Curves Length: 22
Elliptic curves (11 curves)
Elliptic curve: secp256r1 (0x0017)
Elliptic curve: secp192r1 (0x0013)
Elliptic curve: secp224r1 (0x0015)
Elliptic curve: secp384r1 (0x0018)
Elliptic curve: secp521r1 (0x0019)
Elliptic curve: secp160k1 (0x000f)
Elliptic curve: secp160r1 (0x0010)
Elliptic curve: secp160r2 (0x0011)
Elliptic curve: secp192k1 (0x0012)
Elliptic curve: secp224k1 (0x0014)
Elliptic curve: secp256k1 (0x0016)
Extension: ec_point_formats
Type: ec_point_formats (0x000b)
Length: 2
EC point formats Length: 1
Elliptic curves point formats (1)
EC point format: uncompressed (0)
Extension: signature_algorithms
Type: signature_algorithms (0x000d)
Length: 28
Signature Hash Algorithms Length: 26
Signature Hash Algorithms (13 algorithms)
Signature Hash Algorithm: 0x0603
Signature Hash Algorithm Hash: SHA512 (6)
Signature Hash Algorithm Signature: ECDSA (3)
Signature Hash Algorithm: 0x0601
Signature Hash Algorithm Hash: SHA512 (6)
Signature Hash Algorithm Signature: RSA (1)
Signature Hash Algorithm: 0x0503
Signature Hash Algorithm Hash: SHA384 (5)
Signature Hash Algorithm Signature: ECDSA (3)
Signature Hash Algorithm: 0x0501
Signature Hash Algorithm Hash: SHA384 (5)
Signature Hash Algorithm Signature: RSA (1)
Signature Hash Algorithm: 0x0403
Signature Hash Algorithm Hash: SHA256 (4)
Signature Hash Algorithm Signature: ECDSA (3)
Signature Hash Algorithm: 0x0401
Signature Hash Algorithm Hash: SHA256 (4)
Signature Hash Algorithm Signature: RSA (1)
Signature Hash Algorithm: 0x0303
Signature Hash Algorithm Hash: SHA224 (3)
Signature Hash Algorithm Signature: ECDSA (3)
Signature Hash Algorithm: 0x0301
Signature Hash Algorithm Hash: SHA224 (3)
Signature Hash Algorithm Signature: RSA (1)
Signature Hash Algorithm: 0x0203
Signature Hash Algorithm Hash: SHA1 (2)
Signature Hash Algorithm Signature: ECDSA (3)
Signature Hash Algorithm: 0x0201
Signature Hash Algorithm Hash: SHA1 (2)
Signature Hash Algorithm Signature: RSA (1)
Signature Hash Algorithm: 0x0402
Signature Hash Algorithm Hash: SHA256 (4)
Signature Hash Algorithm Signature: DSA (2)
Signature Hash Algorithm: 0x0202
Signature Hash Algorithm Hash: SHA1 (2)
Signature Hash Algorithm Signature: DSA (2)
Signature Hash Algorithm: 0x0101
Signature Hash Algorithm Hash: MD5 (1)
Signature Hash Algorithm Signature: RSA (1)
अवधारणा का सबूत से SecureServer को सफल ग्राहक हैलो:
Frame 62: 306 bytes on wire (2448 bits), 306 bytes captured (2448 bits) on interface 0
Interface id: 0 (en0)
Encapsulation type: Ethernet (1)
Arrival Time: Feb 24, 2016 17:20:21.803009000 GMT
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1456334421.803009000 seconds
[Time delta from previous captured frame: 0.119948000 seconds]
[Time delta from previous displayed frame: 0.119948000 seconds]
[Time since reference or first frame: 17.897514000 seconds]
Frame Number: 62
Frame Length: 306 bytes (2448 bits)
Capture Length: 306 bytes (2448 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:tcp:ssl]
[Coloring Rule Name: TCP]
[Coloring Rule String: tcp]
Ethernet II, Src: Apple_bc:c7:11 (a4:5e:60:bc:c7:11), Dst: CiscoInc_76:28:80 (a4:4c:11:76:28:80)
Destination: CiscoInc_76:28:80 (a4:4c:11:76:28:80)
Address: CiscoInc_76:28:80 (a4:4c:11:76:28:80)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: Apple_bc:c7:11 (a4:5e:60:bc:c7:11)
Address: Apple_bc:c7:11 (a4:5e:60:bc:c7:11)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: (OMITTED FOR SECURITY REASONS), Dst: (OMITTED FOR SECURITY REASONS)
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 292
Identification: 0xa8b7 (43191)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (6)
Header checksum: 0x279c [validation disabled]
[Good: False]
[Bad: False]
Source: (OMITTED FOR SECURITY REASONS)
Destination: (OMITTED FOR SECURITY REASONS)
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: 62197 (62197), Dst Port: 443 (443), Seq: 1, Ack: 1, Len: 240
Source Port: 62197
Destination Port: 443
[Stream index: 9]
[TCP Segment Len: 240]
Sequence number: 1 (relative sequence number)
[Next sequence number: 241 (relative sequence number)]
Acknowledgment number: 1 (relative ack number)
Header Length: 32 bytes
Flags: 0x018 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgment: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
[TCP Flags: *******AP***]
Window size value: 4122
[Calculated window size: 131904]
[Window size scaling factor: 32]
Checksum: 0xc3c5 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Urgent pointer: 0
Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps
No-Operation (NOP)
Type: 1
0... .... = Copy on fragmentation: No
.00. .... = Class: Control (0)
...0 0001 = Number: No-Operation (NOP) (1)
No-Operation (NOP)
Type: 1
0... .... = Copy on fragmentation: No
.00. .... = Class: Control (0)
...0 0001 = Number: No-Operation (NOP) (1)
Timestamps: TSval 928661973, TSecr 546145009
Kind: Time Stamp Option (8)
Length: 10
Timestamp value: 928661973
Timestamp echo reply: 546145009
[SEQ/ACK analysis]
[iRTT: 0.016102000 seconds]
[Bytes in flight: 240]
Secure Sockets Layer
TLSv1.2 Record Layer: Handshake Protocol: Client Hello
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 235
Handshake Protocol: Client Hello
Handshake Type: Client Hello (1)
Length: 231
Version: TLS 1.2 (0x0303)
Random
GMT Unix Time: Feb 24, 2016 17:20:21.000000000 GMT
Random Bytes: fbb67137e8cde6609cb570685f6c9b5a62eefbc12973b545...
Session ID Length: 0
Cipher Suites Length: 58
Cipher Suites (29 suites)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 (0xc025)
Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 (0xc029)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (0x0040)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004)
Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02d)
Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 (0xc031)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 (0x00a2)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008)
Cipher Suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012)
Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
Cipher Suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc003)
Cipher Suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA (0xc00d)
Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)
Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
Compression Methods Length: 1
Compression Methods (1 method)
Compression Method: null (0)
Extensions Length: 132
Extension: elliptic_curves
Type: elliptic_curves (0x000a)
Length: 52
Elliptic Curves Length: 50
Elliptic curves (25 curves)
Elliptic curve: secp256r1 (0x0017)
Elliptic curve: sect163k1 (0x0001)
Elliptic curve: sect163r2 (0x0003)
Elliptic curve: secp192r1 (0x0013)
Elliptic curve: secp224r1 (0x0015)
Elliptic curve: sect233k1 (0x0006)
Elliptic curve: sect233r1 (0x0007)
Elliptic curve: sect283k1 (0x0009)
Elliptic curve: sect283r1 (0x000a)
Elliptic curve: secp384r1 (0x0018)
Elliptic curve: sect409k1 (0x000b)
Elliptic curve: sect409r1 (0x000c)
Elliptic curve: secp521r1 (0x0019)
Elliptic curve: sect571k1 (0x000d)
Elliptic curve: sect571r1 (0x000e)
Elliptic curve: secp160k1 (0x000f)
Elliptic curve: secp160r1 (0x0010)
Elliptic curve: secp160r2 (0x0011)
Elliptic curve: sect163r1 (0x0002)
Elliptic curve: secp192k1 (0x0012)
Elliptic curve: sect193r1 (0x0004)
Elliptic curve: sect193r2 (0x0005)
Elliptic curve: secp224k1 (0x0014)
Elliptic curve: sect239k1 (0x0008)
Elliptic curve: secp256k1 (0x0016)
Extension: ec_point_formats
Type: ec_point_formats (0x000b)
Length: 2
EC point formats Length: 1
Elliptic curves point formats (1)
EC point format: uncompressed (0)
Extension: signature_algorithms
Type: signature_algorithms (0x000d)
Length: 26
Signature Hash Algorithms Length: 24
Signature Hash Algorithms (12 algorithms)
Signature Hash Algorithm: 0x0603
Signature Hash Algorithm Hash: SHA512 (6)
Signature Hash Algorithm Signature: ECDSA (3)
Signature Hash Algorithm: 0x0601
Signature Hash Algorithm Hash: SHA512 (6)
Signature Hash Algorithm Signature: RSA (1)
Signature Hash Algorithm: 0x0503
Signature Hash Algorithm Hash: SHA384 (5)
Signature Hash Algorithm Signature: ECDSA (3)
Signature Hash Algorithm: 0x0501
Signature Hash Algorithm Hash: SHA384 (5)
Signature Hash Algorithm Signature: RSA (1)
Signature Hash Algorithm: 0x0403
Signature Hash Algorithm Hash: SHA256 (4)
Signature Hash Algorithm Signature: ECDSA (3)
Signature Hash Algorithm: 0x0401
Signature Hash Algorithm Hash: SHA256 (4)
Signature Hash Algorithm Signature: RSA (1)
Signature Hash Algorithm: 0x0303
Signature Hash Algorithm Hash: SHA224 (3)
Signature Hash Algorithm Signature: ECDSA (3)
Signature Hash Algorithm: 0x0301
Signature Hash Algorithm Hash: SHA224 (3)
Signature Hash Algorithm Signature: RSA (1)
Signature Hash Algorithm: 0x0203
Signature Hash Algorithm Hash: SHA1 (2)
Signature Hash Algorithm Signature: ECDSA (3)
Signature Hash Algorithm: 0x0201
Signature Hash Algorithm Hash: SHA1 (2)
Signature Hash Algorithm Signature: RSA (1)
Signature Hash Algorithm: 0x0202
Signature Hash Algorithm Hash: SHA1 (2)
Signature Hash Algorithm Signature: DSA (2)
Signature Hash Algorithm: 0x0101
Signature Hash Algorithm Hash: MD5 (1)
Signature Hash Algorithm Signature: RSA (1)
Extension: server_name
Type: server_name (0x0000)
Length: 36
Server Name Indication extension
Server Name list length: 34
Server Name Type: host_name (0)
Server Name length: 31
Server Name: (OMITTED FOR SECURITY REASONS - IT CORRESPONDS TO THE DESTINATION HOSTNAME)
tcpdump कमांड लाइन:
sudo tcpdump -s 0 -n "port 443" -w /Repo/security/capture.cap -i any
किसी को भी किसी भी विचार क्या हो रहा हो सकता है मिल गया है गलत? इस समय, सर्वर पर लॉग इन करने के लिए मेरे पास प्रशासन अधिकार या खाता भी नहीं है।