ssldump
ssldump copied to clipboard
adulau
Not enough data. Found 45 bytes
Getting that error. And I also don't get how this app was supposed to work. Shall it print certificate summary, exchanges, etc like Wireshark does? Because right now I'm only getting terse messages about flow directions and that's it.
# ssldump -d -r /tmp/del.bin
New TCP connection #1: localhost(40422) <-> localhost(9339)
1 1 0.0001 (0.0001) C>S Handshake
ClientHello
Version 3.3
cipher suites
Unknown value 0xc02b
Unknown value 0xc02c
Unknown value 0xc02f
Unknown value 0xc030
Unknown value 0xff
compression methods
NULL
1 2 0.0020 (0.0018) S>C Handshake
ServerHello
Version 3.3
session_id[0]=
cipherSuite Unknown value 0xc02f
compressionMethod NULL
1 3 0.0020 (0.0000) S>C Handshake
Certificate
1 4 0.0020 (0.0000) S>C Handshake
ServerKeyExchange
1 5 0.0020 (0.0000) S>C Handshake
CertificateRequest
certificate_types rsa_sign
certificate_types unknown value
Not enough data. Found 45 bytes (expecting 32767)
1 6 0.0020 (0.0000) S>C Handshake
ServerHelloDone
1 0.0022 (0.0002) C>S TCP FIN
1 0.0023 (0.0000) S>C TCP FIN
Where's SNI request, where's the cert sent by the server? Compare that to wireshark. See attached. a.zip
Hi,
It seems that you're using an old version. With current github release you should get this result with -A and -N options:
$ ./ssldump -AN -n -r /tmp/tmp/del.bin
New TCP connection #1: 127.0.0.1(40422) <-> 127.0.0.1(9339)
1 1 0.0001 (0.0001) C>S V3.1(182) Handshake
ClientHello
Version 3.3
random[32]=
95 ef d8 e5 6b cd 3a ca b0 11 ac 0e 58 8b 71 76
41 30 13 42 03 71 3f c0 49 6b c4 40 d8 61 96 62
cipher suites
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_EMPTY_RENEGOTIATION_INFO_SCSV
compression methods
NULL
extensions
server_name
host_name: rpcsrv.lan.local
Extension type: 11 not yet implemented in ssldump
Extension type: 10 not yet implemented in ssldump
Extension type: 35 not yet implemented in ssldump
next_protocol_negotiation
application_layer_protocol_negotiation
encrypt_then_mac
extended_master_secret
signature_algorithms
1 2 0.0020 (0.0018) S>C V3.3(68) Handshake
ServerHello
Version 3.3
random[32]=
10 92 26 60 02 7b bb a6 a9 de 82 f6 ec 3f 93 fc
c1 e7 4c aa fd 57 13 47 44 4f 57 4e 47 52 44 01
session_id[0]=
cipherSuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
compressionMethod NULL
extensions
Extension type: 35 not yet implemented in ssldump,
renegotiation_info
application_layer_protocol_negotiation
Extension type: 11 not yet implemented in ssldump,
1 3 0.0020 (0.0000) S>C V3.3(816) Handshake
Certificate
Subject
CN=rpcsrv.lan.local
OU=grpc1
O=Foo
Issuer
CN=ENC CA
Serial bf 17 56 d0 34 5b cf 82
Extensions
Extension: X509v3 Basic Constraints
Extension: X509v3 Subject Alternative Name
Extension: X509v3 Extended Key Usage
1 4 0.0020 (0.0000) S>C V3.3(333) Handshake
ServerKeyExchange
params
Not enough data. Found 327 bytes (expecting 32767)
1 5 0.0020 (0.0000) S>C V3.3(56) Handshake
CertificateRequest
certificate_types rsa_sign
certificate_types 1 6 0.0020 (0.0000) S>C V3.3(4) Handshake
ServerHelloDone
1 0.0022 (0.0002) C>S TCP FIN
1 0.0023 (0.0000) S>C TCP FIN
Cleaning 0 remaining connection(s) from connection pool
Using -AN options with the version you have will probably result in a segfault (fixed by this commit).
