Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Possible regression between 1.3.2 and 1.3.4 (DecodeError / HandshakeFailure) #139

Closed
lunaris opened this issue Apr 2, 2016 · 7 comments
Closed

Possible regression between 1.3.2 and 1.3.4 (DecodeError / HandshakeFailure) #139

lunaris opened this issue Apr 2, 2016 · 7 comments

Comments

@lunaris
Copy link

lunaris commented Apr 2, 2016

When using tls-1.3.2 and tls-debug-0.4.0's tls-simpleclient to connect to https://id3global.com I receive a response:

% tls-simpleclient -d -v id3global.com

sending query:
GET / HTTP/1.0



debug: >> Handshake [ClientHello TLS12 (ClientRandom {unClientRandom = "-\177\196I\US\135W\201\133\RS\209|/\192\248*\223\217\245\252\SO\137\&6\186\&8\254\&3n\223T\237\209"}) (Session Nothing) [107,103,57,51,56,50,47,53,4,5,10,158] [0] [(0,"\NUL\DLE\NUL\NUL\rid3global.com"),(65281,"\NUL"),(13,"\NUL\f\ACK\SOH\ENQ\SOH\EOT\SOH\ETX\SOH\STX\SOH\STX\STX")] Nothing]
debug: << Handshake [ServerHello TLS10 (ServerRandom {unServerRandom = "W\NUL1r\141\198\199n/\CAN\197\151}x&n*gL?\DC1\190\178!h!\200+\163\241\253\181"}) (Session (Just "\143\f+\128\243\176\235b\143\182\131\GS\230\\\165\239\137\255=\149\NUL\192\SYN=\rm\r_\221\136\150i")) 53 0 [(65281,"\NUL")]]
debug: << Handshake [Certificates (CertificateChain [SignedExact {getSigned = Signed {signedObject = Certificate {certVersion = 2, certSerial = 1492249489800225778158944637585838711099475, certSignatureAlg = SignatureALG HashSHA256 PubKeyALG_RSA, certIssuerDN = DistinguishedName {getDistinguishedElements = [([2,5,4,6],ASN1CharacterString {characterEncoding = Printable, getCharacterStringRawData = "BE"}),([2,5,4,10],ASN1CharacterString {characterEncoding = Printable, getCharacterStringRawData = "GlobalSign nv-sa"}),([2,5,4,3],ASN1CharacterString {characterEncoding = Printable, getCharacterStringRawData = "GlobalSign Organization Validation CA - SHA256 - G2"})]}, certValidity = (DateTime {dtDate = Date {dateYear = 2014, dateMonth = May, dateDay = 16}, dtTime = TimeOfDay {todHour = 12h, todMin = 0m, todSec = 39s, todNSec = 0ns}},DateTime {dtDate = Date {dateYear = 2016, dateMonth = July, dateDay = 6}, dtTime = TimeOfDay {todHour = 9h, todMin = 54m, todSec = 6s, todNSec = 0ns}}), certSubjectDN = DistinguishedName {getDistinguishedElements = [([2,5,4,6],ASN1CharacterString {characterEncoding = Printable, getCharacterStringRawData = "GB"}),([2,5,4,8],ASN1CharacterString {characterEncoding = Printable, getCharacterStringRawData = "CHESHIRE"}),([2,5,4,7],ASN1CharacterString {characterEncoding = Printable, getCharacterStringRawData = "CHESTER"}),([2,5,4,10],ASN1CharacterString {characterEncoding = Printable, getCharacterStringRawData = "GB Group PLC"}),([2,5,4,3],ASN1CharacterString {characterEncoding = UTF8, getCharacterStringRawData = "*.id3global.com"})]}, certPubKey = PubKeyRSA (PublicKey {public_size = 256, public_n = 27902732443696463336371903493857956505401330969310185108249848677256876916672473882129287967897368757016371681413783012826217281881800611262105962068519557559772780922883827249944741975919157145974077715653718069681682016510486040629899997502455797080897507871487161234855930580104809759686809391635959509112056867165900455295866716376414273763780048088279250632979253340065201098826591739919458457438248974646582643854988670890300568113123233703355933233082869338507227695793087928559596917245871249569073772632182369736196702378473797245027398091450907055519418896747720929577823999377541894773408218792679162472127, public_e = 65537}), certExtensions = Extensions (Just [ExtensionRaw {extRawOID = [2,5,29,15], extRawCritical = True, extRawASN1 = [BitString (BitArray 3 "\160")]},ExtensionRaw {extRawOID = [2,5,29,32], extRawCritical = False, extRawASN1 = [Start Sequence,Start Sequence,OID [2,23,140,1,2,2],Start Sequence,Start Sequence,OID [1,3,6,1,5,5,7,2,1],ASN1String (ASN1CharacterString {characterEncoding = IA5, getCharacterStringRawData = "https://www.globalsign.com/repository/"}),End Sequence,End Sequence,End Sequence,End Sequence]},ExtensionRaw {extRawOID = [2,5,29,17], extRawCritical = False, extRawASN1 = [Start Sequence,Other Context 2 "*.id3global.com",Other Context 2 "owa.id3global.com",Other Context 2 "mail.id3global.com",Other Context 2 "autodiscover.id3global.com",Other Context 2 "id3global.com",End Sequence]},ExtensionRaw {extRawOID = [2,5,29,19], extRawCritical = False, extRawASN1 = [Start Sequence,End Sequence]},ExtensionRaw {extRawOID = [2,5,29,37], extRawCritical = False, extRawASN1 = [Start Sequence,OID [1,3,6,1,5,5,7,3,1],OID [1,3,6,1,5,5,7,3,2],End Sequence]},ExtensionRaw {extRawOID = [2,5,29,31], extRawCritical = False, extRawASN1 = [Start Sequence,Start Sequence,Start (Container Context 0),Start (Container Context 0),Other Context 6 "http://crl.globalsign.com/gs/gsorganizationvalsha2g2.crl",End (Container Context 0),End (Container Context 0),End Sequence,End Sequence]},ExtensionRaw {extRawOID = [1,3,6,1,5,5,7,1,1], extRawCritical = False, extRawASN1 = [Start Sequence,Start Sequence,OID [1,3,6,1,5,5,7,48,2],Other Context 6 "http://secure.globalsign.com/cacert/gsorganizationvalsha2g2r1.crt",End Sequence,Start Sequence,OID [1,3,6,1,5,5,7,48,1],Other Context 6 "http://ocsp2.globalsign.com/gsorganizationvalsha2g2",End Sequence,End Sequence]},ExtensionRaw {extRawOID = [2,5,29,14], extRawCritical = False, extRawASN1 = [OctetString "\v\216y<\159[\f@\234\&9Aj]'\235\SUB+\144h\225"]},ExtensionRaw {extRawOID = [2,5,29,35], extRawCritical = False, extRawASN1 = [Start Sequence,Other Context 0 "\150\222a\241\189\FS\SYN)S\FS\192\204};\131\NUL@\230\SUB|",End Sequence]}])}, signedAlg = SignatureALG HashSHA256 PubKeyALG_RSA, signedSignature = "\129\188$NXB\t\239A\207\DC2\143q\230\EOT\196\172\&2v\161\169\222H\242&\225\DC2\216;]Z\217\195\134(\206Myr\193\DLE\NULu\216\146\200\237\ETB/bh]b\"\185\197\166\191.\241\240;\162Ulh\162\f\GS\140=tznQ\\\221U\212\GSq\DC3.\141\200\156<t\223?\214L\ETBKk6,21!\197\187\ENQ\167\RS\166\188\139J\160YD\189\EM\225\ETX\130\203\156\162F\NAK\133hz\168\215\EOT\169\213\242V\153.F\ESC!3\193\206\197n\176m\132_;\136S%U\ENQa[,\STX2\152\v\195\DEL\244G\179\244j\205k-G\174\173\150\CAN\132\158,\ENQ\160;ay\225\213\254t\223\181\229]Zu\240\135.=Z\143=Z\DELg1o\133\157\238\245\136;2Q\231\&2\191\227#\206\253\132\185s\245\192\&2\146\202m\134\199c\DC3\218x\240\149\&86\ACKD\230\246J\130\249SY)G.3?J/\210*"}, exactObjectRaw = "0\130\EOTd\160\ETX\STX\SOH\STX\STX\DC2\DC1!S\189\176\182b\214\150\132V\151\217\239\SI\177\208S0\r\ACK\t*\134H\134\247\r\SOH\SOH\v\ENQ\NUL0f1\v0\t\ACK\ETXU\EOT\ACK\DC3\STXBE1\EM0\ETB\ACK\ETXU\EOT\n\DC3\DLEGlobalSign nv-sa1<0:\ACK\ETXU\EOT\ETX\DC33GlobalSign Organization Validation CA - SHA256 - G20\RS\ETB\r140516120039Z\ETB\r160706095406Z0c1\v0\t\ACK\ETXU\EOT\ACK\DC3\STXGB1\DC10\SI\ACK\ETXU\EOT\b\DC3\bCHESHIRE1\DLE0\SO\ACK\ETXU\EOT\a\DC3\aCHESTER1\NAK0\DC3\ACK\ETXU\EOT\n\DC3\fGB Group PLC1\CAN0\SYN\ACK\ETXU\EOT\ETX\f\SI*.id3global.com0\130\SOH\"0\r\ACK\t*\134H\134\247\r\SOH\SOH\SOH\ENQ\NUL\ETX\130\SOH\SI\NUL0\130\SOH\n\STX\130\SOH\SOH\NUL\221\b?c\RS\174\SI\254\&3\CANJ\ETB\EM\241\203\ENQ\152\185\DLE\146\189\162\252\170\141\SYN.\143\201k\254\218L\194x\226\175\252\&5r\242l\202\195\219\139\RS\SO\248\ETB\150\142\201|\136x\169\b}\153\&2\130\SUBP\157\158\255\248\&3\197\155\130\ACK\185\134\148u4\170\128*\213R\207X\232\SO\153\SUB\151\SOHhN\252\128%\179\195+\239\176\169m\146L\135\SOH\171pa\207!\181\251\210\232\EOT\239\235\201\238\191'\253\244\&3\247\231\183:\254\231\196T\187\ETXcO:\251\152\CAN\bU.U\217*\178\190\162\197\238p\f\v\175\234\238_\225(\n\199\191\&4\203\170*\DC1\128-lY\142\133.cm\171\202\235Uj\DC3\248\251\161\160\ACK\177H\ETB\175\FSo\bx\161|[h\144N\174#]\144\149s\STX\"Ga\152\v\198\131\SOH0\251xy\b\168\DC2\220<\205\206\148\200Cq\ESC\190A\235\220M\206A\145\&4DV{>\183w3\DC1\ETBof\191\STX\ETX\SOH\NUL\SOH\163\130\STX%0\130\STX!0\SO\ACK\ETXU\GS\SI\SOH\SOH\255\EOT\EOT\ETX\STX\ENQ\160\&0I\ACK\ETXU\GS \EOTB0@0>\ACK\ACKg\129\f\SOH\STX\STX0402\ACK\b+\ACK\SOH\ENQ\ENQ\a\STX\SOH\SYN&https://www.globalsign.com/repository/0l\ACK\ETXU\GS\DC1\EOTe0c\130\SI*.id3global.com\130\DC1owa.id3global.com\130\DC2mail.id3global.com\130\SUBautodiscover.id3global.com\130\rid3global.com0\t\ACK\ETXU\GS\DC3\EOT\STX0\NUL0\GS\ACK\ETXU\GS%\EOT\SYN0\DC4\ACK\b+\ACK\SOH\ENQ\ENQ\a\ETX\SOH\ACK\b+\ACK\SOH\ENQ\ENQ\a\ETX\STX0I\ACK\ETXU\GS\US\EOTB0@0>\160<\160:\134\&8http://crl.globalsign.com/gs/gsorganizationvalsha2g2.crl0\129\160\ACK\b+\ACK\SOH\ENQ\ENQ\a\SOH\SOH\EOT\129\147\&0\129\144\&0M\ACK\b+\ACK\SOH\ENQ\ENQ\a0\STX\134Ahttp://secure.globalsign.com/cacert/gsorganizationvalsha2g2r1.crt0?\ACK\b+\ACK\SOH\ENQ\ENQ\a0\SOH\134\&3http://ocsp2.globalsign.com/gsorganizationvalsha2g20\GS\ACK\ETXU\GS\SO\EOT\SYN\EOT\DC4\v\216y<\159[\f@\234\&9Aj]'\235\SUB+\144h\225\&0\US\ACK\ETXU\GS#\EOT\CAN0\SYN\128\DC4\150\222a\241\189\FS\SYN)S\FS\192\204};\131\NUL@\230\SUB|", encodeSignedObject = "0\130\ENQ|0\130\EOTd\160\ETX\STX\SOH\STX\STX\DC2\DC1!S\189\176\182b\214\150\132V\151\217\239\SI\177\208S0\r\ACK\t*\134H\134\247\r\SOH\SOH\v\ENQ\NUL0f1\v0\t\ACK\ETXU\EOT\ACK\DC3\STXBE1\EM0\ETB\ACK\ETXU\EOT\n\DC3\DLEGlobalSign nv-sa1<0:\ACK\ETXU\EOT\ETX\DC33GlobalSign Organization Validation CA - SHA256 - G20\RS\ETB\r140516120039Z\ETB\r160706095406Z0c1\v0\t\ACK\ETXU\EOT\ACK\DC3\STXGB1\DC10\SI\ACK\ETXU\EOT\b\DC3\bCHESHIRE1\DLE0\SO\ACK\ETXU\EOT\a\DC3\aCHESTER1\NAK0\DC3\ACK\ETXU\EOT\n\DC3\fGB Group PLC1\CAN0\SYN\ACK\ETXU\EOT\ETX\f\SI*.id3global.com0\130\SOH\"0\r\ACK\t*\134H\134\247\r\SOH\SOH\SOH\ENQ\NUL\ETX\130\SOH\SI\NUL0\130\SOH\n\STX\130\SOH\SOH\NUL\221\b?c\RS\174\SI\254\&3\CANJ\ETB\EM\241\203\ENQ\152\185\DLE\146\189\162\252\170\141\SYN.\143\201k\254\218L\194x\226\175\252\&5r\242l\202\195\219\139\RS\SO\248\ETB\150\142\201|\136x\169\b}\153\&2\130\SUBP\157\158\255\248\&3\197\155\130\ACK\185\134\148u4\170\128*\213R\207X\232\SO\153\SUB\151\SOHhN\252\128%\179\195+\239\176\169m\146L\135\SOH\171pa\207!\181\251\210\232\EOT\239\235\201\238\191'\253\244\&3\247\231\183:\254\231\196T\187\ETXcO:\251\152\CAN\bU.U\217*\178\190\162\197\238p\f\v\175\234\238_\225(\n\199\191\&4\203\170*\DC1\128-lY\142\133.cm\171\202\235Uj\DC3\248\251\161\160\ACK\177H\ETB\175\FSo\bx\161|[h\144N\174#]\144\149s\STX\"Ga\152\v\198\131\SOH0\251xy\b\168\DC2\220<\205\206\148\200Cq\ESC\190A\235\220M\206A\145\&4DV{>\183w3\DC1\ETBof\191\STX\ETX\SOH\NUL\SOH\163\130\STX%0\130\STX!0\SO\ACK\ETXU\GS\SI\SOH\SOH\255\EOT\EOT\ETX\STX\ENQ\160\&0I\ACK\ETXU\GS \EOTB0@0>\ACK\ACKg\129\f\SOH\STX\STX0402\ACK\b+\ACK\SOH\ENQ\ENQ\a\STX\SOH\SYN&https://www.globalsign.com/repository/0l\ACK\ETXU\GS\DC1\EOTe0c\130\SI*.id3global.com\130\DC1owa.id3global.com\130\DC2mail.id3global.com\130\SUBautodiscover.id3global.com\130\rid3global.com0\t\ACK\ETXU\GS\DC3\EOT\STX0\NUL0\GS\ACK\ETXU\GS%\EOT\SYN0\DC4\ACK\b+\ACK\SOH\ENQ\ENQ\a\ETX\SOH\ACK\b+\ACK\SOH\ENQ\ENQ\a\ETX\STX0I\ACK\ETXU\GS\US\EOTB0@0>\160<\160:\134\&8http://crl.globalsign.com/gs/gsorganizationvalsha2g2.crl0\129\160\ACK\b+\ACK\SOH\ENQ\ENQ\a\SOH\SOH\EOT\129\147\&0\129\144\&0M\ACK\b+\ACK\SOH\ENQ\ENQ\a0\STX\134Ahttp://secure.globalsign.com/cacert/gsorganizationvalsha2g2r1.crt0?\ACK\b+\ACK\SOH\ENQ\ENQ\a0\SOH\134\&3http://ocsp2.globalsign.com/gsorganizationvalsha2g20\GS\ACK\ETXU\GS\SO\EOT\SYN\EOT\DC4\v\216y<\159[\f@\234\&9Aj]'\235\SUB+\144h\225\&0\US\ACK\ETXU\GS#\EOT\CAN0\SYN\128\DC4\150\222a\241\189\FS\SYN)S\FS\192\204};\131\NUL@\230\SUB|0\r\ACK\t*\134H\134\247\r\SOH\SOH\v\ENQ\NUL\ETX\130\SOH\SOH\NUL\129\188$NXB\t\239A\207\DC2\143q\230\EOT\196\172\&2v\161\169\222H\242&\225\DC2\216;]Z\217\195\134(\206Myr\193\DLE\NULu\216\146\200\237\ETB/bh]b\"\185\197\166\191.\241\240;\162Ulh\162\f\GS\140=tznQ\\\221U\212\GSq\DC3.\141\200\156<t\223?\214L\ETBKk6,21!\197\187\ENQ\167\RS\166\188\139J\160YD\189\EM\225\ETX\130\203\156\162F\NAK\133hz\168\215\EOT\169\213\242V\153.F\ESC!3\193\206\197n\176m\132_;\136S%U\ENQa[,\STX2\152\v\195\DEL\244G\179\244j\205k-G\174\173\150\CAN\132\158,\ENQ\160;ay\225\213\254t\223\181\229]Zu\240\135.=Z\143=Z\DELg1o\133\157\238\245\136;2Q\231\&2\191\227#\206\253\132\185s\245\192\&2\146\202m\134\199c\DC3\218x\240\149\&86\ACKD\230\246J\130\249SY)G.3?J/\210*"},SignedExact {getSigned = Signed {signedObject = Certificate {certVersion = 2, certSerial = 4835703278459828975322313, certSignatureAlg = SignatureALG HashSHA256 PubKeyALG_RSA, certIssuerDN = DistinguishedName {getDistinguishedElements = [([2,5,4,11],ASN1CharacterString {characterEncoding = Printable, getCharacterStringRawData = "GlobalSign Root CA - R3"}),([2,5,4,10],ASN1CharacterString {characterEncoding = Printable, getCharacterStringRawData = "GlobalSign"}),([2,5,4,3],ASN1CharacterString {characterEncoding = Printable, getCharacterStringRawData = "GlobalSign"})]}, certValidity = (DateTime {dtDate = Date {dateYear = 2011, dateMonth = August, dateDay = 2}, dtTime = TimeOfDay {todHour = 10h, todMin = 0m, todSec = 0s, todNSec = 0ns}},DateTime {dtDate = Date {dateYear = 2022, dateMonth = August, dateDay = 2}, dtTime = TimeOfDay {todHour = 10h, todMin = 0m, todSec = 0s, todNSec = 0ns}}), certSubjectDN = DistinguishedName {getDistinguishedElements = [([2,5,4,6],ASN1CharacterString {characterEncoding = Printable, getCharacterStringRawData = "BE"}),([2,5,4,10],ASN1CharacterString {characterEncoding = Printable, getCharacterStringRawData = "GlobalSign nv-sa"}),([2,5,4,3],ASN1CharacterString {characterEncoding = Printable, getCharacterStringRawData = "GlobalSign Organization Validation CA - SHA256 - G2"})]}, certPubKey = PubKeyRSA (PublicKey {public_size = 256, public_n = 25128534854946729689874225426937401505000881204706872255627098498474475295641403147428295231173090028665490451781016201369028386293751105000607980749389164896950295472415799544200821826598281622670047877476444380361331431510582219613042406283138772574077178828514459453291208108705648245160199047848714530696719439161049181407350831720090579906068909416515809757315311589912849752912945272005465192109502201681085714022553142452002065884519487869175097916258424515352321964381962068601310395827347949688386139631202235593096601000028863153912492627308071474449386570163993017908691119484112907211941619220357798802161, public_e = 65537}), certExtensions = Extensions (Just [ExtensionRaw {extRawOID = [2,5,29,15], extRawCritical = True, extRawASN1 = [BitString (BitArray 7 "\ACK")]},ExtensionRaw {extRawOID = [2,5,29,19], extRawCritical = True, extRawASN1 = [Start Sequence,Boolean True,IntVal 0,End Sequence]},ExtensionRaw {extRawOID = [2,5,29,14], extRawCritical = False, extRawASN1 = [OctetString "\150\222a\241\189\FS\SYN)S\FS\192\204};\131\NUL@\230\SUB|"]},ExtensionRaw {extRawOID = [2,5,29,32], extRawCritical = False, extRawASN1 = [Start Sequence,Start Sequence,OID [2,5,29,32,0],Start Sequence,Start Sequence,OID [1,3,6,1,5,5,7,2,1],ASN1String (ASN1CharacterString {characterEncoding = IA5, getCharacterStringRawData = "https://www.globalsign.com/repository/"}),End Sequence,End Sequence,End Sequence,End Sequence]},ExtensionRaw {extRawOID = [2,5,29,31], extRawCritical = False, extRawASN1 = [Start Sequence,Start Sequence,Start (Container Context 0),Start (Container Context 0),Other Context 6 "http://crl.globalsign.net/root-r3.crl",End (Container Context 0),End (Container Context 0),End Sequence,End Sequence]},ExtensionRaw {extRawOID = [1,3,6,1,5,5,7,1,1], extRawCritical = False, extRawASN1 = [Start Sequence,Start Sequence,OID [1,3,6,1,5,5,7,48,1],Other Context 6 "http://ocsp2.globalsign.com/rootr3",End Sequence,End Sequence]},ExtensionRaw {extRawOID = [2,5,29,35], extRawCritical = False, extRawASN1 = [Start Sequence,Other Context 0 "\143\240K\DEL\168.E$\174MP\250c\154\139\222\226\221\ESC\188",End Sequence]}])}, signedAlg = SignatureALG HashSHA256 PubKeyALG_RSA, signedSignature = "\186\ACK)\192\180\EM\140!\DC1\192\148\DC1\158\187=\212\213C@\246\159\187%\v#h\181\SUB\247\250Td\204+\DC3\249!\240D\173\225\232\NAKX\219\238\253\219\162M\204\CAN\143\r\154m\195k\SOH\161\&1\240\141\188\NUL@\204\&9_\135aQm\244\149\234\234\NAK5>@\133\192b\213\161\&4\254x\170\168\178Z9\243\&7A\251\156\232>qJ[\235\248iX\161\224\198\147w\233\186g\146\235eX\144psB}\175\244#&y\ETB\170\250\164\187\153\229Doe\129\231\202\235U\200\244\182'\DC1!t\148\188k\183tb)\196\205\174G\242\230B[x\134\ENQa\203\144\170y\137\223\EOT~\177&pK\141@\US\132{\192\251\a\230\200\183N\145\244\&5\ETX\237\232\235A\DLE\ETBI\180b\200\167,\242\225L\143\ETX,\243\SYN7]g\241\164\&9yI\163\192]\204U\249!\128\SI\251\206\226)jXP\233\166\215\235\FS26\181b\167\193\250\230"}, exactObjectRaw = "0\130\ETXJ\160\ETX\STX\SOH\STX\STX\v\EOT\NUL\NUL\NUL\NUL\SOH1\137\198D\201\&0\r\ACK\t*\134H\134\247\r\SOH\SOH\v\ENQ\NUL0L1 0\RS\ACK\ETXU\EOT\v\DC3\ETBGlobalSign Root CA - R31\DC30\DC1\ACK\ETXU\EOT\n\DC3\nGlobalSign1\DC30\DC1\ACK\ETXU\EOT\ETX\DC3\nGlobalSign0\RS\ETB\r110802100000Z\ETB\r220802100000Z0f1\v0\t\ACK\ETXU\EOT\ACK\DC3\STXBE1\EM0\ETB\ACK\ETXU\EOT\n\DC3\DLEGlobalSign nv-sa1<0:\ACK\ETXU\EOT\ETX\DC33GlobalSign Organization Validation CA - SHA256 - G20\130\SOH\"0\r\ACK\t*\134H\134\247\r\SOH\SOH\SOH\ENQ\NUL\ETX\130\SOH\SI\NUL0\130\SOH\n\STX\130\SOH\SOH\NUL\199\SOl?#\147\DEL\204p\165\157 \195\SOS?~\192N\194\152I\202G\213#\239\ETX4\133t\200\163\STX.F\\\v}\201\136\157O\139\240\248\156l\140U5\219\191\242\179\234\251\227V\231JF\217\DC3\"\202\&6\213\155\193\168\227\150C\147\242\f\188\230\249\230\232\153\200cHx\DELW6i\SUB\EM\GSZ\209\212}\194\156\212\DEL\225\128\DC2\174z\234\136\234W\216\202\n\n:\DC2I\162b\EMz\r$\247\&7\235\180s\146{\ENQ#\155\DC2\181\206\235)\223\164\DC4\STX\185\SOH\165\212\166\156Cd\136\222\248~\254\227\245\RS\229\254\220\163\168\228f1\217L%\233\CAN\185\137Y\t\174\233\157\FSm7\SIJ\RS5 (\226\175\212!\139\SOH\196E\173n+c\171\146ka\nM \237s\186|\206\254\SYN\181\219\159\128\240\214\139l\217\byJOxe\218\146\188\190\&5\249\179\196\249'\128N\255\150R\230\STX \225\as\233]+\189\178\241\STX\ETX\SOH\NUL\SOH\163\130\SOH)0\130\SOH%0\SO\ACK\ETXU\GS\SI\SOH\SOH\255\EOT\EOT\ETX\STX\SOH\ACK0\DC2\ACK\ETXU\GS\DC3\SOH\SOH\255\EOT\b0\ACK\SOH\SOH\255\STX\SOH\NUL0\GS\ACK\ETXU\GS\SO\EOT\SYN\EOT\DC4\150\222a\241\189\FS\SYN)S\FS\192\204};\131\NUL@\230\SUB|0G\ACK\ETXU\GS \EOT@0>0<\ACK\EOTU\GS \NUL0402\ACK\b+\ACK\SOH\ENQ\ENQ\a\STX\SOH\SYN&https://www.globalsign.com/repository/06\ACK\ETXU\GS\US\EOT/0-0+\160)\160'\134%http://crl.globalsign.net/root-r3.crl0>\ACK\b+\ACK\SOH\ENQ\ENQ\a\SOH\SOH\EOT2000.\ACK\b+\ACK\SOH\ENQ\ENQ\a0\SOH\134\"http://ocsp2.globalsign.com/rootr30\US\ACK\ETXU\GS#\EOT\CAN0\SYN\128\DC4\143\240K\DEL\168.E$\174MP\250c\154\139\222\226\221\ESC\188", encodeSignedObject = "0\130\EOTb0\130\ETXJ\160\ETX\STX\SOH\STX\STX\v\EOT\NUL\NUL\NUL\NUL\SOH1\137\198D\201\&0\r\ACK\t*\134H\134\247\r\SOH\SOH\v\ENQ\NUL0L1 0\RS\ACK\ETXU\EOT\v\DC3\ETBGlobalSign Root CA - R31\DC30\DC1\ACK\ETXU\EOT\n\DC3\nGlobalSign1\DC30\DC1\ACK\ETXU\EOT\ETX\DC3\nGlobalSign0\RS\ETB\r110802100000Z\ETB\r220802100000Z0f1\v0\t\ACK\ETXU\EOT\ACK\DC3\STXBE1\EM0\ETB\ACK\ETXU\EOT\n\DC3\DLEGlobalSign nv-sa1<0:\ACK\ETXU\EOT\ETX\DC33GlobalSign Organization Validation CA - SHA256 - G20\130\SOH\"0\r\ACK\t*\134H\134\247\r\SOH\SOH\SOH\ENQ\NUL\ETX\130\SOH\SI\NUL0\130\SOH\n\STX\130\SOH\SOH\NUL\199\SOl?#\147\DEL\204p\165\157 \195\SOS?~\192N\194\152I\202G\213#\239\ETX4\133t\200\163\STX.F\\\v}\201\136\157O\139\240\248\156l\140U5\219\191\242\179\234\251\227V\231JF\217\DC3\"\202\&6\213\155\193\168\227\150C\147\242\f\188\230\249\230\232\153\200cHx\DELW6i\SUB\EM\GSZ\209\212}\194\156\212\DEL\225\128\DC2\174z\234\136\234W\216\202\n\n:\DC2I\162b\EMz\r$\247\&7\235\180s\146{\ENQ#\155\DC2\181\206\235)\223\164\DC4\STX\185\SOH\165\212\166\156Cd\136\222\248~\254\227\245\RS\229\254\220\163\168\228f1\217L%\233\CAN\185\137Y\t\174\233\157\FSm7\SIJ\RS5 (\226\175\212!\139\SOH\196E\173n+c\171\146ka\nM \237s\186|\206\254\SYN\181\219\159\128\240\214\139l\217\byJOxe\218\146\188\190\&5\249\179\196\249'\128N\255\150R\230\STX \225\as\233]+\189\178\241\STX\ETX\SOH\NUL\SOH\163\130\SOH)0\130\SOH%0\SO\ACK\ETXU\GS\SI\SOH\SOH\255\EOT\EOT\ETX\STX\SOH\ACK0\DC2\ACK\ETXU\GS\DC3\SOH\SOH\255\EOT\b0\ACK\SOH\SOH\255\STX\SOH\NUL0\GS\ACK\ETXU\GS\SO\EOT\SYN\EOT\DC4\150\222a\241\189\FS\SYN)S\FS\192\204};\131\NUL@\230\SUB|0G\ACK\ETXU\GS \EOT@0>0<\ACK\EOTU\GS \NUL0402\ACK\b+\ACK\SOH\ENQ\ENQ\a\STX\SOH\SYN&https://www.globalsign.com/repository/06\ACK\ETXU\GS\US\EOT/0-0+\160)\160'\134%http://crl.globalsign.net/root-r3.crl0>\ACK\b+\ACK\SOH\ENQ\ENQ\a\SOH\SOH\EOT2000.\ACK\b+\ACK\SOH\ENQ\ENQ\a0\SOH\134\"http://ocsp2.globalsign.com/rootr30\US\ACK\ETXU\GS#\EOT\CAN0\SYN\128\DC4\143\240K\DEL\168.E$\174MP\250c\154\139\222\226\221\ESC\188\&0\r\ACK\t*\134H\134\247\r\SOH\SOH\v\ENQ\NUL\ETX\130\SOH\SOH\NUL\186\ACK)\192\180\EM\140!\DC1\192\148\DC1\158\187=\212\213C@\246\159\187%\v#h\181\SUB\247\250Td\204+\DC3\249!\240D\173\225\232\NAKX\219\238\253\219\162M\204\CAN\143\r\154m\195k\SOH\161\&1\240\141\188\NUL@\204\&9_\135aQm\244\149\234\234\NAK5>@\133\192b\213\161\&4\254x\170\168\178Z9\243\&7A\251\156\232>qJ[\235\248iX\161\224\198\147w\233\186g\146\235eX\144psB}\175\244#&y\ETB\170\250\164\187\153\229Doe\129\231\202\235U\200\244\182'\DC1!t\148\188k\183tb)\196\205\174G\242\230B[x\134\ENQa\203\144\170y\137\223\EOT~\177&pK\141@\US\132{\192\251\a\230\200\183N\145\244\&5\ETX\237\232\235A\DLE\ETBI\180b\200\167,\242\225L\143\ETX,\243\SYN7]g\241\164\&9yI\163\192]\204U\249!\128\SI\251\206\226)jXP\233\166\215\235\FS26\181b\167\193\250\230"},SignedExact {getSigned = Signed {signedObject = Certificate {certVersion = 2, certSerial = 4835703278459759426209954, certSignatureAlg = SignatureALG HashSHA256 PubKeyALG_RSA, certIssuerDN = DistinguishedName {getDistinguishedElements = [([2,5,4,11],ASN1CharacterString {characterEncoding = Printable, getCharacterStringRawData = "GlobalSign Root CA - R3"}),([2,5,4,10],ASN1CharacterString {characterEncoding = Printable, getCharacterStringRawData = "GlobalSign"}),([2,5,4,3],ASN1CharacterString {characterEncoding = Printable, getCharacterStringRawData = "GlobalSign"})]}, certValidity = (DateTime {dtDate = Date {dateYear = 2009, dateMonth = March, dateDay = 18}, dtTime = TimeOfDay {todHour = 10h, todMin = 0m, todSec = 0s, todNSec = 0ns}},DateTime {dtDate = Date {dateYear = 2029, dateMonth = March, dateDay = 18}, dtTime = TimeOfDay {todHour = 10h, todMin = 0m, todSec = 0s, todNSec = 0ns}}), certSubjectDN = DistinguishedName {getDistinguishedElements = [([2,5,4,11],ASN1CharacterString {characterEncoding = Printable, getCharacterStringRawData = "GlobalSign Root CA - R3"}),([2,5,4,10],ASN1CharacterString {characterEncoding = Printable, getCharacterStringRawData = "GlobalSign"}),([2,5,4,3],ASN1CharacterString {characterEncoding = Printable, getCharacterStringRawData = "GlobalSign"})]}, certPubKey = PubKeyRSA (PublicKey {public_size = 256, public_n = 25771087976912555723460212693216601925287656672099574380533157801820567635400330495318064683029682606760477160506218970720338800587443585296266118036565004153948044178260380236413918985408716154608758736787607582350957284195312277745218664193435715755772959662764708811669980078868481836536347430274283201816955267999001001617683902314532053265924195885946449299342950404904316651708935807241703458739944245807022522522848310429030824634472745422066242974006171020066937321809681255299835554409056507494552983492594407443801730757040541727921963811124831850879369528892990930036427214504345420213402042205700996039191, public_e = 65537}), certExtensions = Extensions (Just [ExtensionRaw {extRawOID = [2,5,29,15], extRawCritical = True, extRawASN1 = [BitString (BitArray 7 "\ACK")]},ExtensionRaw {extRawOID = [2,5,29,19], extRawCritical = True, extRawASN1 = [Start Sequence,Boolean True,End Sequence]},ExtensionRaw {extRawOID = [2,5,29,14], extRawCritical = False, extRawASN1 = [OctetString "\143\240K\DEL\168.E$\174MP\250c\154\139\222\226\221\ESC\188"]}])}, signedAlg = SignatureALG HashSHA256 PubKeyALG_RSA, signedSignature = "K@\219\192P\170\254\200\f\239\247\150TEI\187\150\NUL\tA\172\179\DC3\134\134(\a3\202k\230t\185\186\NUL-\174\164\n\211\245\241\241\SI\138\191sgJ\131\199D{x\224\175nlo\ETX)\142\&39E\195\142\228\185Wl\170\252\DC2\150\236S\198-\228$l\185\148c\251\220ShgV>\131\184\207\&5!\195\201h\254\206\218\194S\170\204\144\138\233\240]F\140\149\221zX(\SUB/\GS\222\205\NUL7A\143\237Dm\215S(\151~\243g\EOT\RS\NAK\215\138\150\180\211\222L'\164L\ESCssv\244\ETB\153\194\USz\SO\227-\b\173\n\FS,\255<\171U\SO\SI\145~6\235\195WI\190\225.-|`\139\195AQ\DC3#\157\206\247\&2k\148\SOH\168\153\231,3\US:;%\210\134@\206;,\134x\201a/\DC4\186\238\219Uo\223\132\238\ENQ\tM\189(\216r\206\211bPe\RS\235\146\151\131\&1\217\179\181\202GX?_"}, exactObjectRaw = "0\130\STXG\160\ETX\STX\SOH\STX\STX\v\EOT\NUL\NUL\NUL\NUL\SOH!XS\b\162\&0\r\ACK\t*\134H\134\247\r\SOH\SOH\v\ENQ\NUL0L1 0\RS\ACK\ETXU\EOT\v\DC3\ETBGlobalSign Root CA - R31\DC30\DC1\ACK\ETXU\EOT\n\DC3\nGlobalSign1\DC30\DC1\ACK\ETXU\EOT\ETX\DC3\nGlobalSign0\RS\ETB\r090318100000Z\ETB\r290318100000Z0L1 0\RS\ACK\ETXU\EOT\v\DC3\ETBGlobalSign Root CA - R31\DC30\DC1\ACK\ETXU\EOT\n\DC3\nGlobalSign1\DC30\DC1\ACK\ETXU\EOT\ETX\DC3\nGlobalSign0\130\SOH\"0\r\ACK\t*\134H\134\247\r\SOH\SOH\SOH\ENQ\NUL\ETX\130\SOH\SI\NUL0\130\SOH\n\STX\130\SOH\SOH\NUL\204%v\144y\ACKx\"\SYN\245\192\131\182\132\202(\158\253\ENQv\DC1\197\173\136r\252F\STXC\199\178\138\157\EOT_$\203.K\225`\130F\225R\171\f\129Gpl\221d\209\235\245,\163\SI\130=\f+\174\151\215\182\DC4\134\DLEy\187;\DC3\128w\140\b\225I\210jb/\US^\250\150h\223\137'\149\&8\159\ACK\215>\201\203&Y\rs\222\176\200\233&\SO\131\NAK\198\239[\139\210\EOT`\202I\166(\246i;\246\203\200(\145\229\157\138aW7\172t\DC4\220t\224:\238r/.\156\251\208\187\191\245=\NUL\225\ACK3\232\130+\174S\166:\SYNs\140\221A\SO :\192\180\167\161\233\178O\144.2`\233W\203\185\EOT\146hh\229\&8&`u\178\159w\255\145\DC4\239\174 I\252\173@\NAKH\209\STX1a\EM^\184\151\239\173w\183d\154z\191_\193\DC3\239\155b\251\rl\224Ti\SYN\169\ETX\218n\233\131\147qv\198i\133\130\ETB\STX\ETX\SOH\NUL\SOH\163B0@0\SO\ACK\ETXU\GS\SI\SOH\SOH\255\EOT\EOT\ETX\STX\SOH\ACK0\SI\ACK\ETXU\GS\DC3\SOH\SOH\255\EOT\ENQ0\ETX\SOH\SOH\255\&0\GS\ACK\ETXU\GS\SO\EOT\SYN\EOT\DC4\143\240K\DEL\168.E$\174MP\250c\154\139\222\226\221\ESC\188", encodeSignedObject = "0\130\ETX_0\130\STXG\160\ETX\STX\SOH\STX\STX\v\EOT\NUL\NUL\NUL\NUL\SOH!XS\b\162\&0\r\ACK\t*\134H\134\247\r\SOH\SOH\v\ENQ\NUL0L1 0\RS\ACK\ETXU\EOT\v\DC3\ETBGlobalSign Root CA - R31\DC30\DC1\ACK\ETXU\EOT\n\DC3\nGlobalSign1\DC30\DC1\ACK\ETXU\EOT\ETX\DC3\nGlobalSign0\RS\ETB\r090318100000Z\ETB\r290318100000Z0L1 0\RS\ACK\ETXU\EOT\v\DC3\ETBGlobalSign Root CA - R31\DC30\DC1\ACK\ETXU\EOT\n\DC3\nGlobalSign1\DC30\DC1\ACK\ETXU\EOT\ETX\DC3\nGlobalSign0\130\SOH\"0\r\ACK\t*\134H\134\247\r\SOH\SOH\SOH\ENQ\NUL\ETX\130\SOH\SI\NUL0\130\SOH\n\STX\130\SOH\SOH\NUL\204%v\144y\ACKx\"\SYN\245\192\131\182\132\202(\158\253\ENQv\DC1\197\173\136r\252F\STXC\199\178\138\157\EOT_$\203.K\225`\130F\225R\171\f\129Gpl\221d\209\235\245,\163\SI\130=\f+\174\151\215\182\DC4\134\DLEy\187;\DC3\128w\140\b\225I\210jb/\US^\250\150h\223\137'\149\&8\159\ACK\215>\201\203&Y\rs\222\176\200\233&\SO\131\NAK\198\239[\139\210\EOT`\202I\166(\246i;\246\203\200(\145\229\157\138aW7\172t\DC4\220t\224:\238r/.\156\251\208\187\191\245=\NUL\225\ACK3\232\130+\174S\166:\SYNs\140\221A\SO :\192\180\167\161\233\178O\144.2`\233W\203\185\EOT\146hh\229\&8&`u\178\159w\255\145\DC4\239\174 I\252\173@\NAKH\209\STX1a\EM^\184\151\239\173w\183d\154z\191_\193\DC3\239\155b\251\rl\224Ti\SYN\169\ETX\218n\233\131\147qv\198i\133\130\ETB\STX\ETX\SOH\NUL\SOH\163B0@0\SO\ACK\ETXU\GS\SI\SOH\SOH\255\EOT\EOT\ETX\STX\SOH\ACK0\SI\ACK\ETXU\GS\DC3\SOH\SOH\255\EOT\ENQ0\ETX\SOH\SOH\255\&0\GS\ACK\ETXU\GS\SO\EOT\SYN\EOT\DC4\143\240K\DEL\168.E$\174MP\250c\154\139\222\226\221\ESC\188\&0\r\ACK\t*\134H\134\247\r\SOH\SOH\v\ENQ\NUL\ETX\130\SOH\SOH\NULK@\219\192P\170\254\200\f\239\247\150TEI\187\150\NUL\tA\172\179\DC3\134\134(\a3\202k\230t\185\186\NUL-\174\164\n\211\245\241\241\SI\138\191sgJ\131\199D{x\224\175nlo\ETX)\142\&39E\195\142\228\185Wl\170\252\DC2\150\236S\198-\228$l\185\148c\251\220ShgV>\131\184\207\&5!\195\201h\254\206\218\194S\170\204\144\138\233\240]F\140\149\221zX(\SUB/\GS\222\205\NUL7A\143\237Dm\215S(\151~\243g\EOT\RS\NAK\215\138\150\180\211\222L'\164L\ESCssv\244\ETB\153\194\USz\SO\227-\b\173\n\FS,\255<\171U\SO\SI\145~6\235\195WI\190\225.-|`\139\195AQ\DC3#\157\206\247\&2k\148\SOH\168\153\231,3\US:;%\210\134@\206;,\134x\201a/\DC4\186\238\219Uo\223\132\238\ENQ\tM\189(\216r\206\211bPe\RS\235\146\151\131\&1\217\179\181\202GX?_"}])]
debug: << Handshake [ServerHelloDone]
debug: >> Handshake [ClientKeyXchg (CKX_RSA "\SOH\NUL\196!\206\167\DLEBw\"0\vHV^\209\vk\219\231\207\235q\198z*\240S\201\&5\194kNH\233X\137\&7q\157U\136\177\174/\162[\150-!8\146\222\215\221\"\201K\183\242\195-\241\178z\t\\\148\FS\184\188\197\253\178\RS\DC4*\254\167\165\"\161\176c\a\197nVt\218|\228\213\&10\151\211%l\255_I\231\b\DEL,U\133\SYN\247\RS'h\168a\t\235\231\221+\178V\155\&2\197I\SUB\216\158 :\193s%\133\225\&1P\NAK\231H\156\\K\ENQ2\ENQ\DC3\251\164\241y\169\213\245\174\CAN\DC1\128\161\209\240a\213\132\171#\DC1G\ACK\128z8\r\ETXQ\237t\242H\154\207A\243\146#;EmY*\214\232\133\234\172i\241\135\&1\DC1\213\SO\tG-\147\ETB5$\226\SO\vG\216*@\175f:L\200s\189/\135L\ESCs\215_X\216\146\170&\207qc\239/\175\208x\151\146\175JUn\219/\139\255\v\151\146\192")]
debug: >> ChangeCipherSpec
debug: >> Handshake [Finished "\148\ESC\250@\ENQ\186O\148>\EOTP\DC2"]
debug: << ChangeCipherSpec
debug: << Handshake [Finished "\211\140\223\203\&2\205C\ESC~\149\248\130"]
debug: >> AppData ""
debug: >> AppData "GET / HTTP/1.0\r\n\r\n"
debug: << AppData "HTTP/1.1 200 OK\r\nContent-Type: text/html\r\nLast-Modified: Wed, 18 Sep 2013 18:13:50 GMT\r\nAccept-Ranges: bytes\r\nETag: \"644623d39ab4ce1:0\"\r\nServer: \r\nX-Frame-Options: DENY\r\nDate: Sat, 02 Apr 2016 20:54:10 GMT\r\nConnection: keep-alive\r\nContent-Length: 218\r\n\r\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\">\r\n<html>\r\n<head>\r\n<title>Welcome to ID3global</title>\r\n<meta http-equiv=\"REFRESH\" content=\"0;url=/GlobalID/default.aspx\"></HEAD>\r\n<BODY>\r\n</BODY>\r\n</HTML>\r\n"
HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Wed, 18 Sep 2013 18:13:50 GMT
Accept-Ranges: bytes
ETag: "644623d39ab4ce1:0"
Server: 
X-Frame-Options: DENY
Date: Sat, 02 Apr 2016 20:54:10 GMT
Connection: keep-alive
Content-Length: 218

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>Welcome to ID3global</title>
<meta http-equiv="REFRESH" content="0;url=/GlobalID/default.aspx"></HEAD>
<BODY>
</BODY>
</HTML>

debug: << Alert [(AlertLevel_Warning,CloseNotify)]
debug: >> Alert [(AlertLevel_Warning,CloseNotify)]
debug: >> Alert [(AlertLevel_Warning,CloseNotify)]

Recently, when upgrading to Stackage LTS 5.10 and thereby tls-1.3.4, our code broke. Running tls-simpleclient from tls-debug-0.4.1, which uses tls-1.3.4 (both are in LTS 5.10), the following error occurs:

% tls-simpleclient -d -v id3global.com

sending query:
GET / HTTP/1.0



debug: >> Handshake [ClientHello TLS12 (ClientRandom {unClientRandom = "\DC1)\184\253\182\168\NAK\182#\ESC\FS\r\155\SOH\ENQ\202!\221\254\DC2&\218\216!\255B\247\SUB\239\195\179\243"}) (Session Nothing) [107,103,57,51,56,50,47,53,4,5,10,158,49199,49195] [0] [(0,"\NUL\DLE\NUL\NUL\rid3global.com"),(65281,"\NUL"),(10,"\NUL\ACK\NUL\DLE\NUL\NAK\NUL\ETB"),(11,"\SOH\NUL"),(13,"\NUL\f\ACK\SOH\ENQ\SOH\EOT\SOH\ETX\SOH\STX\SOH\STX\STX")] Nothing]
debug: << Alert [(AlertLevel_Fatal,DecodeError)]
debug: >> Alert [(AlertLevel_Fatal,HandshakeFailure)]
tls-simpleclient: HandshakeFailed (Error_Protocol ("expecting server hello, got alert : [(AlertLevel_Fatal,DecodeError)]",True,HandshakeFailure))

Any thoughts on what might be causing this/what may have changed/how we might work around or help resolve the issue?
@lunaris
Copy link
Author

lunaris commented Apr 4, 2016

Seems the server only supports TLS 1.0, which has been deprecated, and the newer version of tls won't use that unless forcibly told to. edit: --removing link to issue 134--

@vincenthz
Copy link
Collaborator

no, it's not linked to the version. id3global is rejecting the curve extension (DecodeError). Not sure why yet, openssl seems to accept it; will need to look into it.

@MichaelXavier
Copy link

Just to add another case here, I think this may be happening with other servers. I'm experiencing this with dynamodb connections:

tls-simpleclient -d -v dynamodb.us-east-1.amazonaws.com
sending query:
GET / HTTP/1.0



debug: >> Handshake [ClientHello TLS12 (ClientRandom {unClientRandom = "\NAK\132\184_\160\SYN\179\241[\GS(\135Tf\184Jf\143\129\172\n\160\221\143z.X\205\190\232\199\162"}) (Session Nothing) [107,103,57,51,56,50,47,53,4,5,10,158,49199,49195] [0] [(0,"\NUL#\NUL\NUL dynamodb.us-east-1.amazonaws.com"),(65281,"\NUL"),(10,"\NUL\ACK\NUL\DLE\NUL\NAK\NUL\ETB"),(11,"\SOH\NUL"),(13,"\NUL\f\ACK\SOH\ENQ\SOH\EOT\SOH\ETX\SOH\STX\SOH\STX\STX")] Nothing]
debug: << Alert [(AlertLevel_Fatal,DecodeError)]
debug: >> Alert [(AlertLevel_Fatal,HandshakeFailure)]
tls-simpleclient: HandshakeFailed (Error_Protocol ("expecting server hello, got alert : [(AlertLevel_Fatal,DecodeError)]",True,HandshakeFailure))

@vincenthz
Copy link
Collaborator

vincenthz commented May 7, 2016
edited
Loading

Another day, another crazy TLS implementation. After an annoying debug session, it turns out that the other side is requiring the 0xC014 cipher (ECDHE_RSA_AES256CBC_SHA1) to be there, if the Elliptic curve extension is present. Despite having lots of other good choice, the other side fails with a very unhelpful (and probably wrong protocol wise) DecodeError, despite the encoding of every fields to be perfectly valid.

Adding the C014 cipher for both dynamodb.us-east-1.amazonaws.com and id3global.com fixes the problem

@vincenthz
Copy link
Collaborator

fixed in tls-1.3.6

@vincenthz vincenthz mentioned this issue May 8, 2016
Closed
@MichaelXavier
Copy link

@vincenthz thanks for the speedy update! I appreciate the effort in hunting down these weird edge cases out in the wild.

@lunaris
Copy link
Author

lunaris commented May 11, 2016

@vincenthz Agreed; thanks for looking into and sorting this so expediently!

@kazu-yamamoto kazu-yamamoto mentioned this issue Aug 8, 2019
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@MichaelXavier @lunaris @vincenthz