Forum Discussion
Mohit_Pathk
Nimbostratus
NimbostratusSSL Handshake failure
Hello, I need help with one situation.
We have one application behind F5. We are terminating SSL on F5. When we access application through normal web browser we get desired output. But when we try the same application with SoapUI we do not get the output.
we tried to debug and packet capture and we found that SSL handshake failure causes the issue. with my limited knowledge I tried to extract ssldump and output shows that ssl failure occurred, but i am not able to find out the reason for the same.
below you can find the output of ssldump: please let me know if you have any suggestion to troubleshoot the issue further:
Mohit_PathkNew TCP connection 1: 106.yy.yy.yy(13829) <-> 193.xx.xx.xx(443) 1 1 0.4599 (0.4599) C>S Handshake ClientHello Version 3.1 cipher suites Unknown value 0xc009 Unknown value 0xc013 TLS_RSA_WITH_AES_128_CBC_SHA Unknown value 0xc004 Unknown value 0xc00e TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_DSS_WITH_AES_128_CBC_SHA Unknown value 0xc007 Unknown value 0xc011 TLS_RSA_WITH_RC4_128_SHA Unknown value 0xc002 Unknown value 0xc00c Unknown value 0xc008 Unknown value 0xc012 TLS_RSA_WITH_3DES_EDE_CBC_SHA Unknown value 0xc003 Unknown value 0xc00d TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_RC4_128_MD5 Unknown value 0xff compression methods NULL 1 2 0.4599 (0.0000) S>C Handshake ServerHello Version 3.1 session_id[0]= cipherSuite TLS_RSA_WITH_AES_128_CBC_SHA compressionMethod NULL 1 3 0.4599 (0.0000) S>C Handshake Certificate 1 4 0.4599 (0.0000) S>C Handshake CertificateRequest certificate_types rsa_sign certificate_types dss_sign certificate_types unknown value 1 5 0.4599 (0.0000) S>C Handshake ServerHelloDone 1 6 1.5298 (1.0699) C>S Handshake Certificate ClientKeyExchange 1 7 1.5486 (0.0187) C>S Handshake CertificateVerify Signature[256]= xx 6f d1 cb e5 17 08 d4 4f 90 bd b1 e2 15 f4 0b 9e 7f 25 a8 2e f0 a7 1e e0 c7 22 73 37 51 eb d0 4c 76 0b ac c2 94 a2 aa 0f 0b 1d 8f 1f 0d 03 68 5d 1a b2 d4 e9 59 6d e5 8f b1 9d da c8 d2 55 77 5c 7c 43 9f 12 28 15 e6 52 5c cc b4 bf 28 d6 93 cd f9 2e ef 42 00 5c 4a bd 38 12 b7 b7 6b cc bb 43 a2 18 01 8a ba 55 1d 64 d2 34 a4 26 b1 63 8e e9 c0 4b 26 b8 d3 34 13 df f8 dc 9c 77 59 80 17 be cc af 69 3a 99 50 e4 03 9c 8d 03 48 59 1c fb dd ad 05 52 bf b3 b0 49 76 25 01 67 ad bf b2 20 03 d2 96 01 4a 21 d2 91 e1 27 ba c5 b0 f2 85 df c6 3c 46 e4 5d 14 8a 7b 42 65 bf 7c 60 7d d8 06 3b 4a 86 41 a7 86 98 53 8f d6 fe 14 f4 82 27 6a 07 2c f8 24 68 52 ee e9 2c d0 68 f2 a0 7c 4f 62 ea 3f eb cd 01 dd cf 20 48 a2 fd b2 77 f3 9a 44 06 52 58 c8 52 75 e3 c2 a6 f2 d0 76 17 58 e3 42 1 8 1.5486 (0.0000) C>S ChangeCipherSpec 1 9 1.5486 (0.0000) C>S Handshake 1 10 1.5498 (0.0012) S>C ChangeCipherSpec 1 11 1.5498 (0.0000) S>C Handshake 1 12 2.0189 (0.4690) C>S application_data 1 13 2.0204 (0.0015) S>C application_data 1 2.0205 (0.0000) S>C TCP FIN 1 14 2.3787 (0.3582) C>S Alert New TCP connection 2: 106.yy.yy.yy(13829) <-> 193.xx.xx.xx(443) 2 1 0.4902 (0.4902) C>S Handshake ClientHello Version 3.1 cipher suites Unknown value 0xc009 Unknown value 0xc013 TLS_RSA_WITH_AES_128_CBC_SHA Unknown value 0xc004 Unknown value 0xc00e TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_DSS_WITH_AES_128_CBC_SHA Unknown value 0xc007 Unknown value 0xc011 TLS_RSA_WITH_RC4_128_SHA Unknown value 0xc002 Unknown value 0xc00c Unknown value 0xc008 Unknown value 0xc012 TLS_RSA_WITH_3DES_EDE_CBC_SHA Unknown value 0xc003 Unknown value 0xc00d TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_RC4_128_MD5 Unknown value 0xff compression methods NULL 2 2 0.4902 (0.0000) S>C Handshake ServerHello Version 3.1 session_id[0]= cipherSuite TLS_RSA_WITH_AES_128_CBC_SHA compressionMethod NULL 2 3 0.4902 (0.0000) S>C Handshake Certificate 2 4 0.4902 (0.0000) S>C Handshake CertificateRequest certificate_types rsa_sign certificate_types dss_sign certificate_types unknown value 2 5 0.4902 (0.0000) S>C Handshake ServerHelloDone 2 6 0.9097 (0.4195) C>S Handshake Certificate ClientKeyExchange 2 7 0.9097 (0.0000) C>S ChangeCipherSpec 2 8 0.9097 (0.0000) C>S Handshake 2 9 0.9098 (0.0000) S>C Alert level fatal value handshake_failure 2 0.9098 (0.0000) S>C TCP FIN 2 1.1489 (0.2391) C>S TCP FIN
JinshuCirrus
Is that SoapUI access is FQDN? If yes do you have SSL trusted root CA loaded in the client machine where the soap calls running from?
-Jinshu
- Kevin_Stewart
Employee
The odd thing is that you're actually completing the SSL handshake (it's the application_data messages). And it looks like you're doing mutual (client certificate) authentication successfully.
Since you're doing an RSA handshake, you should be able to put the server's private key into the SSLDUMP and attempt to decrypt.
ssldump -AdNn -i [interface] -k [path to private key] port 443 [and additional filters]There's something happening just after the handshake that's causing the issue, so it'll help to see the decrypted payload.
