Forum Discussion
Emad
Cirrostratus
CirrostratusDebug SSL communication
I am trying to debug a mutual authentication issue. Is there any way i can get complete SSL client certificate used during ssl communication.
I tried to use following irule but it does not work in c...
EmadCirrostratus
CirrostratusI think yes, Server Hello is completed and when client tries for keyexchage, LTM send RST. FYI!
New TCP connection 7: x.x.x.43(37045) <-> x.x.x.19(xxxx)
7 1 1481517481.9937 (0.1794) C>SV3.1(69) Handshake
ClientHello
Version 3.1
random[32]=
58 4e 29 a9 61 6b ab dc ef 7e bb f6 ac 58 6e 27
9d 27 66 4f c7 4a 19 5d b7 9b 02 a6 77 98 b0 55
cipher suites
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_DES_CBC_SHA
TLS_RSA_EXPORT_WITH_RC4_40_MD5
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
Unknown value 0xff
compression methods
NULL
7 2 1481517481.9938 (0.0000) S>CV3.1(49) Handshake
ServerHello
Version 3.1
random[32]=
35 65 e5 d0 78 8f 4c 61 f7 72 0b f9 51 47 8c b3
df 14 e2 b4 32 68 1d 67 3a d4 99 ed 23 9e bf 7d
session_id[0]=
cipherSuite TLS_RSA_WITH_AES_128_CBC_SHA
compressionMethod NULL
7 3 1481517481.9938 (0.0000) S>CV3.1(2402) Handshake
Certificate
7 4 1481517481.9938 (0.0000) S>CV3.1(221) Handshake
CertificateRequest
certificate_types rsa_sign
certificate_types dss_sign
certificate_types unknown value
certificate_authority
30 68 31 15 30 13 06 0a 09 92 26 89 93 f2 2c 64
01 19 16 05 6c 6f 63 61 6c 31 16 30 14 06 0a 09
92 26 89 93 f2 2c 64 01 19 16 06 61 70 74 65 73
74 31 18 30 16 06 0a 09 92 26 89 93 f2 2c 64 01
19 16 08 63 6f 72 70 74 65 73 74 31 1d 30 1b 06
03 55 04 03 13 14 41 50 20 54 65 73 74 20 49 73
73 75 69 6e 67 20 43 41 20 31
certificate_authority
30 63 31 15 30 13 06 0a 09 92 26 89 93 f2 2c 64
01 19 16 05 6c 6f 63 61 6c 31 16 30 14 06 0a 09
92 26 89 93 f2 2c 64 01 19 16 06 61 70 74 65 73
74 31 18 30 16 06 0a 09 92 26 89 93 f2 2c 64 01
19 16 08 63 6f 72 70 74 65 73 74 31 18 30 16 06
03 55 04 03 13 0f 41 50 20 54 65 73 74 20 52 6f
6f 74 20 43 41
7 5 1481517481.9938 (0.0000) S>CV3.1(4) Handshake
ServerHelloDone
7 6 1481517482.1804 (0.1866) C>SV3.1(269) Handshake
Certificate
ClientKeyExchange
EncryptedPreMasterSecret[256]=
67 7d be a5 7a 67 f7 ec e6 80 cc cb e0 5b cc 55
a1 9d 0a ee b1 7d c6 d3 35 03 34 20 a9 a3 f3 4a
e3 64 d7 94 aa 78 a9 18 b4 6e e7 d7 b3 28 8d ce
c3 f3 96 39 37 ac 84 5a 9e d6 9f 3d c1 a6 bc 96
31 90 51 04 3e 32 f3 a0 e0 c9 01 82 81 dd b3 5a
eb 28 60 71 20 b0 6b 4a 5c c7 10 51 6c aa 4a 80
75 af 6b f0 cd 33 ee f1 e1 b8 b0 dc 34 31 29 a0
95 c5 5c c8 1f c0 4a a5 a2 2d 5d 1f 36 2f 26 e6
c5 3f e1 8a df ed 18 37 b4 3e e5 ad 5c cd 6f 6a
8e e5 cb a8 47 7d 34 19 f6 05 0f f9 e3 34 3e 6e
c2 43 1f 2a b1 54 45 d9 c6 b7 92 81 42 69 5b ce
37 23 5c 1e 80 26 0f 4b 16 b7 0a c3 1a 70 48 db
fa 5a 56 c1 76 7f 96 85 6f 14 b5 e6 f3 a7 a6 ac
f0 d0 ba 07 78 32 ef 7f 6e ee ca d4 fe 40 8f c6
9b 32 9f f2 bc 2a 52 28 9d 64 8b 9b f1 75 28 13
b8 89 3e ad 87 1a 3c 2e 92 7f df a8 62 22 43 5e
7 7 1481517482.1805 (0.0001) S>CV3.1(2) Alert
level fatal
value handshake_failure
7 1481517482.1805 (0.0000) S>C TCP RST