This is the analysis of TLS traffic over SMTP by way of ssldump. The server requested client cert and the client cert (gmail) was verified ok. However, I could not identify which part dealt with SSL client certificate verification.
# ssldump -i eth0 port 25
New TCP connection #1: mail-ie0-f170.google.com(37742) <-> transfer(25)
1 1 1.4201 (1.4201) C>S Handshake
ClientHello
Version 3.3
cipher suites
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
TLS_ECDHE_RSA_WITH_RC4_128_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
TLS_EMPTY_RENEGOTIATION_INFO_SCSV
compression methods
NULL
1 2 1.4221 (0.0020) S>C Handshake
ServerHello
Version 3.3
session_id[0]=
cipherSuite TLS_RSA_WITH_AES_128_GCM_SHA256
compressionMethod NULL
1 3 1.4221 (0.0000) S>C Handshake
Certificate
Error: short handshake length: expected 17172 got 16380
Error: short handshake length: expected 4608083 got 792
1 4 1.6004 (0.1782) S>C Handshake
1 5 1.6004 (0.0000) S>C Handshake
1 6 1.7820 (0.1816) C>S Handshake
Certificate
1 7 1.7820 (0.0000) C>S Handshake
ClientKeyExchange
1 8 1.7820 (0.0000) C>S Handshake
CertificateVerify
Not enough data. Found 258 bytes (expecting 16384)
1 9 1.7820 (0.0000) C>S ChangeCipherSpec
1 10 1.7820 (0.0000) C>S Handshake
1 11 1.7916 (0.0096) S>C Handshake
1 12 1.7916 (0.0000) S>C ChangeCipherSpec
1 13 1.7916 (0.0000) S>C Handshake
1 14 1.9699 (0.1782) C>S application_data
1 15 1.9703 (0.0004) S>C application_data
1 16 2.1483 (0.1779) C>S application_data
1 17 2.1484 (0.0000) C>S application_data
1 18 2.1484 (0.0000) C>S application_data
1 19 2.1779 (0.0294) S>C application_data
1 20 2.3952 (0.2173) S>C application_data
1 21 2.3952 (0.0000) S>C application_data
1 22 2.5747 (0.1794) C>S application_data
1 23 2.5747 (0.0000) C>S application_data
1 24 2.7329 (0.1582) S>C application_data
1 25 2.9110 (0.1780) C>S application_data
1 2.9111 (0.0000) C>S TCP FIN
1 26 2.9113 (0.0001) S>C application_data
1 27 2.9115 (0.0002) S>C Alert
1 2.9115 (0.0000) S>C TCP FIN
# ssldump -i eth0 port 25
New TCP connection #1: mail-ie0-f170.google.com(37742) <-> transfer(25)
1 1 1.4201 (1.4201) C>S Handshake
ClientHello
Version 3.3
cipher suites
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
TLS_ECDHE_RSA_WITH_RC4_128_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
TLS_EMPTY_RENEGOTIATION_INFO_SCSV
compression methods
NULL
1 2 1.4221 (0.0020) S>C Handshake
ServerHello
Version 3.3
session_id[0]=
cipherSuite TLS_RSA_WITH_AES_128_GCM_SHA256
compressionMethod NULL
1 3 1.4221 (0.0000) S>C Handshake
Certificate
Error: short handshake length: expected 17172 got 16380
Error: short handshake length: expected 4608083 got 792
1 4 1.6004 (0.1782) S>C Handshake
1 5 1.6004 (0.0000) S>C Handshake
1 6 1.7820 (0.1816) C>S Handshake
Certificate
1 7 1.7820 (0.0000) C>S Handshake
ClientKeyExchange
1 8 1.7820 (0.0000) C>S Handshake
CertificateVerify
Not enough data. Found 258 bytes (expecting 16384)
1 9 1.7820 (0.0000) C>S ChangeCipherSpec
1 10 1.7820 (0.0000) C>S Handshake
1 11 1.7916 (0.0096) S>C Handshake
1 12 1.7916 (0.0000) S>C ChangeCipherSpec
1 13 1.7916 (0.0000) S>C Handshake
1 14 1.9699 (0.1782) C>S application_data
1 15 1.9703 (0.0004) S>C application_data
1 16 2.1483 (0.1779) C>S application_data
1 17 2.1484 (0.0000) C>S application_data
1 18 2.1484 (0.0000) C>S application_data
1 19 2.1779 (0.0294) S>C application_data
1 20 2.3952 (0.2173) S>C application_data
1 21 2.3952 (0.0000) S>C application_data
1 22 2.5747 (0.1794) C>S application_data
1 23 2.5747 (0.0000) C>S application_data
1 24 2.7329 (0.1582) S>C application_data
1 25 2.9110 (0.1780) C>S application_data
1 2.9111 (0.0000) C>S TCP FIN
1 26 2.9113 (0.0001) S>C application_data
1 27 2.9115 (0.0002) S>C Alert
1 2.9115 (0.0000) S>C TCP FIN
No comments:
Post a Comment