Single C file TLS 1.2/1.3 implementation, using tomcrypt as crypto library

TLSe

Single C file TLS 1.3, 1.2, 1.1 and 1.0(without the weak ciphers) implementation, using libtomcrypt as crypto library. It also supports DTLS 1.2 and 1.0. Before using tlse.c you may want to download and compile tomcrypt; alternatively you may use libtomcrypt.c (see Compiling). I'm working at an alternative efficient RSA signing, DH and Curve25519 implementation, to allow the compilation, alternatively, without tomcrypt, on devices where memory and code size is an issue.

Note: It does not implement 0-RTT. Client-side TLS 1.3 support is experimental.

Like this project ? You may donate Bitcoin for this project at 14LqvMzFfaJ82C7wY5iavvTf9HPELYWsax

Compiling

Simple TLS client: $ gcc tlshello.c -o tlshello -ltomcrypt -ltommath -DLTM_DESC

For debuging tls connections, the DEBUG flag must be set (-DDEBUG).

Simple TLS server: $ gcc tlsserverhello.c -o tlsserverhello -ltomcrypt -ltommath -DLTM_DESC

The entire library is a single c file that you just include in your source.

The library may also use the libtomcrypt.c amalgamation. In this case, the client may be compiled:

$ gcc tlshello.c -o tlshello -DTLS_AMALGAMATION

and the server:

$ gcc tlsserverhello.c -o tlsserverhello -DTLS_AMALGAMATION

tlse.h is optional (is safe to just include tlse.c). Alternatively, you may include tlse.h and add tlse.c to your makefile (useful when linking against C++).

If thread-safety is needed, you need to call tls_init() before letting any other threads in, and not use the same object from multiple threads without a mutex. Other than that, TLSe and libtomcrypt are thread-safe. Also, you may want to define LTC_PTHREAD if you're using libtomcrypt.

TLSe supports KTLS on linux kernel 4.13 or higher. KTLS is a TLS implementation in the linux kernel. If TLS_RX is not defined, KTLS is send-only (you may use send/sendfile to send data, but you may not use recv). Also, the negotiation must be handled by TLSe. If KTLS support is needed, define WITH_KTLS (compile with -DWITH_KTLS). Note that is not clear which header should be included for linux structure, you may need to check these structures and constants: https://github.com/torvalds/linux/blob/master/Documentation/networking/tls.txt.

Usage

You just #include "tlse.c" in your code. Everything is a single file.

Features

The main feature of this implementation is the ability to serialize TLS context, via tls_export_context and re-import it, via tls_import_context in another pre-forked worker process (socket descriptor may be sent via sendmsg).

For now it supports TLS 1.2, TLS 1.1 + 1.0 (when TLS_LEGACY_SUPPORT is defined / default is on), RSA, ECDSA, DHE, ECDHE ciphers: TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256` and `TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384.

The following ciphers are supported but disabled by default: TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384. To enable these ciphers, TLSe must be compiled with -DNO_TLS_ROBOT_MITIGATION. ROBOT attack is mitigated by default, but it is recommended to disable RSA encryption to avoid future vulnerabilities.

TLSe now supports ChaCha20/Poly1305 ciphers: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 and TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256. These ciphers are enabled by default.

It has a low level interface, efficient for non-blocking, asynchronous sockets, and a blocking, libssl-style interface.

It implements all that is needed for the TLS protocol version 1.2 and a pem/der parser. From tomcrypt it uses RSA, ECDSA and AES(GCM and CBC) encryption/decryption, SHA1, SHA256, SHA384, SHA512 and HMAC functions.

Now it supports client certificate. To request a client certificate, call tls_request_client_certificate(TLSContext *) following tls_accept(TLSContext *).

It implements SNI extension (Server Name Indication). To get the SNI string call tls_sni(TLSContext *). It also implements SCSV and ALPN (see tls_add_alpn(struct TLSContext *, const char *) and const char *tls_alpn(struct TLSContext *).

The library supports certificate validation by using tls_certificate_chain_is_valid, tls_certificate_chain_is_valid_root, tls_certificate_valid_subject and tls_certificate_is_valid(checks not before/not after). Note that certificates fed to tls_certificate_chain_is_valid must be in correct order (certificate 2 signs certificate 1, certificate 3 signs certificate 2 and so on; also certificate 1 (first) is the certificate to be used in key exchange).

This library was written to be used by my other projects Concept Applications Server and Concept Native Client

Examples

  1. examples/tlsclienthello.c simple client example
  2. examples/tlshelloworld.c simple server example
  3. examples/tlssimple.c simple blocking client using libssl-ish API
  4. examples/tlssimpleserver.c simple blocking server using libssl-ish API

After compiling the examples, in the working directory, you should put fullchain.pem and privkey.pem in a directory called testcert for running the server examples. I've used letsencrypt for certificate generation (is free!).

Important security note

Note that for DTLS, it doesn't implement a state machine, so using this DTLS implementation with UDP (server) may expose your server to DoS attack.

License

Public domain, BSD, MIT. Choose one.

Comments
  • Support for Linux kTLS

    Support for Linux kTLS

    Hi,

    Is there any chance of getting kTLS support in TLSe? I have a high-throughput use-case and would love to use sendfile() if possible (especially since it saves the malloc), since 99% of my traffic will be able to use that.

  • Assertion failure on ECDHE handshake

    Assertion failure on ECDHE handshake

    I'm trying to adapt my program to using TLSe, but when connecting with a wget client, I get an assertion failure:

    Starting program: /home/sesse/dev/cubemap/cubemap 
    [Thread debugging using libthread_db enabled]
    Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
    Initializing dependencies
    [Thu, 29 Mar 2018 12:29:11 +0200] INFO:    Cubemap 1.3.2 starting.
    [New Thread 0x7ffff50c4700 (LWP 24999)]
    1          SEQUENCE
    1.1          SEQUENCE
    1.1.1          INTEGER(9): 00 BC 34 0C 3A 60 F9 34 C0 
    1.1.3          SEQUENCE
    1.1.3.1          OBJECT IDENTIFIER(9): 2A 86 48 86 F7 0D 01 01 0B 
    1.1.3.2          NULL
    1.1.4.2        SEQUENCE
    1.1.4.1          EMBEDDED PDV
    1.1.4.1.1          SEQUENCE
    1.1.4.1.1.1          OBJECT IDENTIFIER(3): 55 04 06 
    1.1.4.1.1.2          STR: [NO]
    1.1.4.2.1.2      EMBEDDED PDV
    1.1.4.2.1.2        SEQUENCE
    1.1.4.2.1.1          OBJECT IDENTIFIER(3): 55 04 08 
    1.1.4.2.1.2          STR: [Some-State]
    1.1.4.3.1.2      EMBEDDED PDV
    1.1.4.3.1.2        SEQUENCE
    1.1.4.3.1.1          OBJECT IDENTIFIER(3): 55 04 0A 
    1.1.4.3.1.2          STR: [Internet Widgits Pty Ltd]
    1.1.4.4.1.2      EMBEDDED PDV
    1.1.4.4.1.2        SEQUENCE
    1.1.4.4.1.1          OBJECT IDENTIFIER(3): 55 04 03 
    1.1.4.4.1.2          STR: [klump.sesse.net]
    1.1.5.4.1.2    SEQUENCE
    1.1.5.1.1.2      UTC TIME: [180328215649Z]
    1.1.5.2.1.2      UTC TIME: [201223215649Z]
    1.1.6.2.1.2    SEQUENCE
    1.1.6.1.1.2      EMBEDDED PDV
    1.1.6.1.1.2        SEQUENCE
    1.1.6.1.1.1          OBJECT IDENTIFIER(3): 55 04 06 
    1.1.6.1.1.2          STR: [NO]
    1.1.6.2.1.2      EMBEDDED PDV
    1.1.6.2.1.2        SEQUENCE
    1.1.6.2.1.1          OBJECT IDENTIFIER(3): 55 04 08 
    1.1.6.2.1.2          STR: [Some-State]
    1.1.6.3.1.2      EMBEDDED PDV
    1.1.6.3.1.2        SEQUENCE
    1.1.6.3.1.1          OBJECT IDENTIFIER(3): 55 04 0A 
    1.1.6.3.1.2          STR: [Internet Widgits Pty Ltd]
    1.1.6.4.1.2      EMBEDDED PDV
    1.1.6.4.1.2        SEQUENCE
    1.1.6.4.1.1          OBJECT IDENTIFIER(3): 55 04 03 
    1.1.6.4.1.2          STR: [klump.sesse.net]
    1.1.7.4.1.2    SEQUENCE
    1.1.7.1.1.2      SEQUENCE
    1.1.7.1.1.2        OBJECT IDENTIFIER(9): 2A 86 48 86 F7 0D 01 01 01 
    1.1.7.1.2.2        NULL
    1.1.7.2.2.2      BITSTREAM(271): 00 30 82 01 0A 02 82 01 01 00 BB 26 E2 7B 9E 70 1F 64 54 95 6F 99 13 F1 17 FD B6 19 1F 66 03 7C 62 10 DC 46 99 C1 7D A0 09 E7 A3 1A BF 71 F6 81 10 DE 3B 89 D8 67 34 07 38 77 72 B5 AC A6 FB 43 CD 71 4A 56 D8 D6 95 09 9A 72 AD 23 FE D8 F6 E5 62 AF 20 76 FA 20 86 CF DA 56 29 22 5E BF 35 B2 80 52 C4 23 95 19 45 EB 07 2C 1A 87 F5 F1 D8 25 2E 53 7F E2 06 07 B5 B4 04 BB E4 58 2C 06 E9 AF 0A 5A 37 54 24 48 A5 11 C2 9C 59 86 94 48 C5 12 23 9C 21 91 AB 25 9B 83 5C 25 93 76 C6 A7 93 08 A8 D7 48 84 AA A0 DD C5 4E EF 3C F4 B1 E8 2B 60 51 60 43 CE 6F 94 7E 48 1B 59 72 85 5C BD 00 A4 7A 76 9D F4 79 50 84 2B EA 76 AA 12 9F B4 AF E7 A7 F1 2A 35 BA 06 5C 4A 4C F3 DD 91 F3 90 B2 A9 88 59 38 71 22 3E 38 04 77 5F EF 5A 95 84 30 2D F0 05 DD 68 24 8E 40 21 79 A2 E5 7F 83 AA 71 A6 8C F3 67 BF A7 4B 3F 5E 6F 05 02 03 01 00 01 
    1.1.7.2.1.2        SEQUENCE
    1.1.7.2.1.1          INTEGER(257): 00 BB 26 E2 7B 9E 70 1F 64 54 95 6F 99 13 F1 17 FD B6 19 1F 66 03 7C 62 10 DC 46 99 C1 7D A0 09 E7 A3 1A BF 71 F6 81 10 DE 3B 89 D8 67 34 07 38 77 72 B5 AC A6 FB 43 CD 71 4A 56 D8 D6 95 09 9A 72 AD 23 FE D8 F6 E5 62 AF 20 76 FA 20 86 CF DA 56 29 22 5E BF 35 B2 80 52 C4 23 95 19 45 EB 07 2C 1A 87 F5 F1 D8 25 2E 53 7F E2 06 07 B5 B4 04 BB E4 58 2C 06 E9 AF 0A 5A 37 54 24 48 A5 11 C2 9C 59 86 94 48 C5 12 23 9C 21 91 AB 25 9B 83 5C 25 93 76 C6 A7 93 08 A8 D7 48 84 AA A0 DD C5 4E EF 3C F4 B1 E8 2B 60 51 60 43 CE 6F 94 7E 48 1B 59 72 85 5C BD 00 A4 7A 76 9D F4 79 50 84 2B EA 76 AA 12 9F B4 AF E7 A7 F1 2A 35 BA 06 5C 4A 4C F3 DD 91 F3 90 B2 A9 88 59 38 71 22 3E 38 04 77 5F EF 5A 95 84 30 2D F0 05 DD 68 24 8E 40 21 79 A2 E5 7F 83 AA 71 A6 8C F3 67 BF A7 4B 3F 5E 6F 05 
    1.1.7.2.1.2          INTEGER(3): 01 00 01 
    1.2.7.2.1.2  SEQUENCE
    1.2.1.2.1.2    OBJECT IDENTIFIER(9): 2A 86 48 86 F7 0D 01 01 0B 
    1.2.2.2.1.2    NULL
    1.3.2.2.1.2  BITSTREAM(257): 00 00 EC D6 8D 45 AF DA 4E 82 76 63 5B 1B B4 C4 B3 A2 B3 D4 23 48 37 6E B5 CC DE D7 28 29 99 E5 A4 14 7E 9B 06 A8 06 53 02 AD 84 32 25 93 7A 43 F2 E8 68 81 55 9A C2 45 57 C5 92 0C FD E9 E8 1A D5 5E 42 6D 3D 2E 1D 65 88 02 EE 47 39 42 F7 4E 66 61 95 AA 8A A7 AB AB 70 EC 40 52 3C 09 CB F9 F1 C6 3A D4 71 59 4A 17 88 72 D6 C5 AC A3 53 DA AA 84 1B 54 16 9D 65 20 56 37 DF 0D E5 1D BE D3 18 A6 BB 0E 7E 32 5B A1 83 5F 56 96 4C A0 C0 A0 1F 3C E5 F1 85 18 93 AC EE 5B B1 EB E4 04 F6 6D 00 EE 94 43 83 B8 BB A4 55 F2 41 23 AC F1 E2 AF 84 2B 9B DD 3E 68 EF D7 68 C1 EB B0 CE 21 71 81 40 CE 54 5A 16 1F DD 2D F1 7B 1A 7C 1F F6 31 D4 66 DC 39 15 7D B7 12 6C 5A B1 23 8D EE 91 5D 88 15 FD 89 D3 16 BE 90 E9 70 8F 96 F6 66 9F EB C5 19 05 31 17 FC C3 31 86 45 B7 E6 7E 6D BD E2 EB D3 
    CANNOT READ CERTIFICATE
    Loaded certificate: 1
    1          SEQUENCE
    1.1          INTEGER(1): 00 
    1.2          INTEGER(257): 00 BB 26 E2 7B 9E 70 1F 64 54 95 6F 99 13 F1 17 FD B6 19 1F 66 03 7C 62 10 DC 46 99 C1 7D A0 09 E7 A3 1A BF 71 F6 81 10 DE 3B 89 D8 67 34 07 38 77 72 B5 AC A6 FB 43 CD 71 4A 56 D8 D6 95 09 9A 72 AD 23 FE D8 F6 E5 62 AF 20 76 FA 20 86 CF DA 56 29 22 5E BF 35 B2 80 52 C4 23 95 19 45 EB 07 2C 1A 87 F5 F1 D8 25 2E 53 7F E2 06 07 B5 B4 04 BB E4 58 2C 06 E9 AF 0A 5A 37 54 24 48 A5 11 C2 9C 59 86 94 48 C5 12 23 9C 21 91 AB 25 9B 83 5C 25 93 76 C6 A7 93 08 A8 D7 48 84 AA A0 DD C5 4E EF 3C F4 B1 E8 2B 60 51 60 43 CE 6F 94 7E 48 1B 59 72 85 5C BD 00 A4 7A 76 9D F4 79 50 84 2B EA 76 AA 12 9F B4 AF E7 A7 F1 2A 35 BA 06 5C 4A 4C F3 DD 91 F3 90 B2 A9 88 59 38 71 22 3E 38 04 77 5F EF 5A 95 84 30 2D F0 05 DD 68 24 8E 40 21 79 A2 E5 7F 83 AA 71 A6 8C F3 67 BF A7 4B 3F 5E 6F 05 
    1.3          INTEGER(3): 01 00 01 
    1.4          INTEGER(257): 00 AB 7A E0 90 66 46 D3 EC A9 37 D7 6E 4A 80 60 FC 1E 2A FC C3 0B 34 9F E2 55 02 F7 84 FB E7 74 CB E2 7D F2 A6 A8 37 F0 4D BF FD F8 E3 EF 1F 22 95 07 ED 00 CA 6B 75 DF BB 0B 63 72 01 83 C3 AD D9 9F 5D 58 F8 51 99 32 87 C6 56 5D AF 09 F7 4F 56 1D 10 9A 01 D7 60 BC 05 9A 24 04 4C 88 EC E5 C0 7A 7A D3 56 8A 36 DF 30 B0 FF 57 89 1E EB 58 5F 14 C5 D9 69 68 1A F3 80 60 2B DF A7 14 60 A6 8F EC 96 F2 E2 8F E0 97 90 AE 6C BB E3 95 E1 57 34 38 7E B3 A8 25 6C B8 F0 BA 17 29 CD B2 B4 E0 3E 72 EF A2 86 A5 73 CD FD AC CE 63 FA BD CB 4F CE 04 60 51 B8 E3 FF E8 C4 F3 99 99 5F 3A 95 18 EF 42 9B 9B 66 0B 63 88 C9 34 63 F3 71 D3 E7 10 A3 61 27 50 5D B9 07 E4 AC EE 65 01 0C 3F 19 1A 29 5D F0 AF F6 0C 33 26 A9 EA 7D 27 DE BA 7A 8E 72 EA F2 22 EF EC A1 DB 8D 92 F6 A3 DF 14 0F D6 61 
    1.5          INTEGER(129): 00 E0 48 21 85 92 C1 EA 16 42 92 CA 13 47 3C 21 B1 70 E2 7D 70 D8 76 50 53 CD 84 EE C9 4A B7 D2 EA 2A E1 8D 91 8B D1 94 CC 3C AE 44 CB D6 06 55 98 36 6B A3 FE 61 78 EB 7C 74 48 CB EC 8F 79 68 32 4D A3 50 0D 27 6F 67 24 A9 54 F9 20 EC 17 9C FA DD F3 29 88 B6 D9 5E F0 CB 22 2A E6 68 55 4B AB 67 A3 1A 17 A0 82 D7 99 0A CC 2E 86 BB 0E 5A 1E 89 A9 37 A1 64 82 5B 58 52 EF 98 7B 97 98 20 3D 
    1.6          INTEGER(129): 00 D5 9E 82 34 B1 2B 05 B2 D0 49 2E 4F 85 0A 75 E5 A9 24 8B 02 17 45 5A F7 9F 4E 01 9C 15 71 AA 4D C7 49 0D 5D FC 62 F1 7C 90 6A BF 89 DF D1 9C 1B 3A D6 4E B7 E3 19 C0 8D EB 3F 28 75 F7 CE DB 59 59 C6 70 16 01 83 0A E1 12 92 56 51 4B 9D B6 5C 7C 2E ED F4 F6 C1 1E 43 C3 67 5C CD 2E 2E 37 7F DA 92 4D A5 A9 5F DF 41 67 E0 35 77 4F D4 A0 08 71 7D 55 57 75 18 87 66 8A 23 90 DA 2F 8B 6E 69 
    1.7          INTEGER(129): 00 BD 28 D8 EC F9 6C 07 6C A2 D5 7F 0D 67 65 35 DD 9C 21 CA 3E A4 B2 94 E9 39 4B 46 C2 0A FC A3 2C D0 E1 CF 2E D4 47 FD 41 8C 64 46 AD CC 63 27 49 EB 8C 39 92 50 CF 55 7D 6F ED FD E0 14 DA 06 A1 76 8D A8 F4 8F 30 0C 44 05 75 1F 71 3E EE 63 7D CA 38 4D ED 7A 9A 36 D2 CB E0 93 62 24 D8 DB AB 43 0B 72 F4 3E 72 5C 38 3D BD 1B F8 92 47 76 86 8F 00 63 65 01 8A 58 54 54 0E B4 02 79 46 DA D9 
    1.8          INTEGER(128): 36 BD 89 AC 2B 02 55 51 7F 22 61 A5 AA F8 05 42 36 D7 D0 6F 56 BB 45 16 53 52 50 03 49 53 79 4A B9 18 B5 3E 32 60 C0 75 25 24 D5 B4 65 10 77 AA 5A A7 74 40 97 07 90 5A 4D C0 3F 84 0B 5E 8C C3 16 C8 4D 0C B6 92 78 05 39 17 1A DB 76 3F 11 EE 1D 3C 81 69 D6 99 A2 41 C7 1F 03 9E E8 88 9B 5C 3E 0C 63 AD 61 FB D9 60 0F 58 5B 1B 19 EF E8 9A 81 4A 96 C5 F4 91 B6 90 C6 31 5A FB 2E 57 D2 91 
    1.9          INTEGER(129): 00 A8 41 95 63 D7 17 0E 42 C2 7D BD 3E 71 2A 2B 94 3F 39 FC E5 19 6F A4 B0 A9 D4 26 76 AE 1D 8A A0 FC C3 14 C6 94 7B 22 11 83 6E AC 59 36 49 F8 29 D7 A1 86 F3 4C 34 5C A6 C1 0D 06 F3 02 5E 94 27 E7 1E D7 8B A1 83 95 24 CE 72 2C 77 87 E5 BA 39 C1 93 29 BA CB 57 63 B2 D6 24 28 5E 40 D3 B9 6C A4 33 CC D1 51 C9 E0 B1 B6 E8 98 A7 CE 13 63 CE B2 FF 22 4C 5A 8B AD 8F 43 25 10 3E 70 16 4C 6D 
    Loaded private key
    1          SEQUENCE
    1.1          SEQUENCE
    1.1.1          INTEGER(9): 00 BC 34 0C 3A 60 F9 34 C0 
    1.1.3          SEQUENCE
    1.1.3.1          OBJECT IDENTIFIER(9): 2A 86 48 86 F7 0D 01 01 0B 
    1.1.3.2          NULL
    1.1.4.2        SEQUENCE
    1.1.4.1          EMBEDDED PDV
    1.1.4.1.1          SEQUENCE
    1.1.4.1.1.1          OBJECT IDENTIFIER(3): 55 04 06 
    1.1.4.1.1.2          STR: [NO]
    1.1.4.2.1.2      EMBEDDED PDV
    1.1.4.2.1.2        SEQUENCE
    1.1.4.2.1.1          OBJECT IDENTIFIER(3): 55 04 08 
    1.1.4.2.1.2          STR: [Some-State]
    1.1.4.3.1.2      EMBEDDED PDV
    1.1.4.3.1.2        SEQUENCE
    1.1.4.3.1.1          OBJECT IDENTIFIER(3): 55 04 0A 
    1.1.4.3.1.2          STR: [Internet Widgits Pty Ltd]
    1.1.4.4.1.2      EMBEDDED PDV
    1.1.4.4.1.2        SEQUENCE
    1.1.4.4.1.1          OBJECT IDENTIFIER(3): 55 04 03 
    1.1.4.4.1.2          STR: [klump.sesse.net]
    1.1.5.4.1.2    SEQUENCE
    1.1.5.1.1.2      UTC TIME: [180328215649Z]
    1.1.5.2.1.2      UTC TIME: [201223215649Z]
    1.1.6.2.1.2    SEQUENCE
    1.1.6.1.1.2      EMBEDDED PDV
    1.1.6.1.1.2        SEQUENCE
    1.1.6.1.1.1          OBJECT IDENTIFIER(3): 55 04 06 
    1.1.6.1.1.2          STR: [NO]
    1.1.6.2.1.2      EMBEDDED PDV
    1.1.6.2.1.2        SEQUENCE
    1.1.6.2.1.1          OBJECT IDENTIFIER(3): 55 04 08 
    1.1.6.2.1.2          STR: [Some-State]
    1.1.6.3.1.2      EMBEDDED PDV
    1.1.6.3.1.2        SEQUENCE
    1.1.6.3.1.1          OBJECT IDENTIFIER(3): 55 04 0A 
    1.1.6.3.1.2          STR: [Internet Widgits Pty Ltd]
    1.1.6.4.1.2      EMBEDDED PDV
    1.1.6.4.1.2        SEQUENCE
    1.1.6.4.1.1          OBJECT IDENTIFIER(3): 55 04 03 
    1.1.6.4.1.2          STR: [klump.sesse.net]
    1.1.7.4.1.2    SEQUENCE
    1.1.7.1.1.2      SEQUENCE
    1.1.7.1.1.2        OBJECT IDENTIFIER(9): 2A 86 48 86 F7 0D 01 01 01 
    1.1.7.1.2.2        NULL
    1.1.7.2.2.2      BITSTREAM(271): 00 30 82 01 0A 02 82 01 01 00 BB 26 E2 7B 9E 70 1F 64 54 95 6F 99 13 F1 17 FD B6 19 1F 66 03 7C 62 10 DC 46 99 C1 7D A0 09 E7 A3 1A BF 71 F6 81 10 DE 3B 89 D8 67 34 07 38 77 72 B5 AC A6 FB 43 CD 71 4A 56 D8 D6 95 09 9A 72 AD 23 FE D8 F6 E5 62 AF 20 76 FA 20 86 CF DA 56 29 22 5E BF 35 B2 80 52 C4 23 95 19 45 EB 07 2C 1A 87 F5 F1 D8 25 2E 53 7F E2 06 07 B5 B4 04 BB E4 58 2C 06 E9 AF 0A 5A 37 54 24 48 A5 11 C2 9C 59 86 94 48 C5 12 23 9C 21 91 AB 25 9B 83 5C 25 93 76 C6 A7 93 08 A8 D7 48 84 AA A0 DD C5 4E EF 3C F4 B1 E8 2B 60 51 60 43 CE 6F 94 7E 48 1B 59 72 85 5C BD 00 A4 7A 76 9D F4 79 50 84 2B EA 76 AA 12 9F B4 AF E7 A7 F1 2A 35 BA 06 5C 4A 4C F3 DD 91 F3 90 B2 A9 88 59 38 71 22 3E 38 04 77 5F EF 5A 95 84 30 2D F0 05 DD 68 24 8E 40 21 79 A2 E5 7F 83 AA 71 A6 8C F3 67 BF A7 4B 3F 5E 6F 05 02 03 01 00 01 
    1.1.7.2.1.2        SEQUENCE
    1.1.7.2.1.1          INTEGER(257): 00 BB 26 E2 7B 9E 70 1F 64 54 95 6F 99 13 F1 17 FD B6 19 1F 66 03 7C 62 10 DC 46 99 C1 7D A0 09 E7 A3 1A BF 71 F6 81 10 DE 3B 89 D8 67 34 07 38 77 72 B5 AC A6 FB 43 CD 71 4A 56 D8 D6 95 09 9A 72 AD 23 FE D8 F6 E5 62 AF 20 76 FA 20 86 CF DA 56 29 22 5E BF 35 B2 80 52 C4 23 95 19 45 EB 07 2C 1A 87 F5 F1 D8 25 2E 53 7F E2 06 07 B5 B4 04 BB E4 58 2C 06 E9 AF 0A 5A 37 54 24 48 A5 11 C2 9C 59 86 94 48 C5 12 23 9C 21 91 AB 25 9B 83 5C 25 93 76 C6 A7 93 08 A8 D7 48 84 AA A0 DD C5 4E EF 3C F4 B1 E8 2B 60 51 60 43 CE 6F 94 7E 48 1B 59 72 85 5C BD 00 A4 7A 76 9D F4 79 50 84 2B EA 76 AA 12 9F B4 AF E7 A7 F1 2A 35 BA 06 5C 4A 4C F3 DD 91 F3 90 B2 A9 88 59 38 71 22 3E 38 04 77 5F EF 5A 95 84 30 2D F0 05 DD 68 24 8E 40 21 79 A2 E5 7F 83 AA 71 A6 8C F3 67 BF A7 4B 3F 5E 6F 05 
    1.1.7.2.1.2          INTEGER(3): 01 00 01 
    1.2.7.2.1.2  SEQUENCE
    1.2.1.2.1.2    OBJECT IDENTIFIER(9): 2A 86 48 86 F7 0D 01 01 0B 
    1.2.2.2.1.2    NULL
    1.3.2.2.1.2  BITSTREAM(257): 00 00 EC D6 8D 45 AF DA 4E 82 76 63 5B 1B B4 C4 B3 A2 B3 D4 23 48 37 6E B5 CC DE D7 28 29 99 E5 A4 14 7E 9B 06 A8 06 53 02 AD 84 32 25 93 7A 43 F2 E8 68 81 55 9A C2 45 57 C5 92 0C FD E9 E8 1A D5 5E 42 6D 3D 2E 1D 65 88 02 EE 47 39 42 F7 4E 66 61 95 AA 8A A7 AB AB 70 EC 40 52 3C 09 CB F9 F1 C6 3A D4 71 59 4A 17 88 72 D6 C5 AC A3 53 DA AA 84 1B 54 16 9D 65 20 56 37 DF 0D E5 1D BE D3 18 A6 BB 0E 7E 32 5B A1 83 5F 56 96 4C A0 C0 A0 1F 3C E5 F1 85 18 93 AC EE 5B B1 EB E4 04 F6 6D 00 EE 94 43 83 B8 BB A4 55 F2 41 23 AC F1 E2 AF 84 2B 9B DD 3E 68 EF D7 68 C1 EB B0 CE 21 71 81 40 CE 54 5A 16 1F DD 2D F1 7B 1A 7C 1F F6 31 D4 66 DC 39 15 7D B7 12 6C 5A B1 23 8D EE 91 5D 88 15 FD 89 D3 16 BE 90 E9 70 8F 96 F6 66 9F EB C5 19 05 31 17 FC C3 31 86 45 B7 E6 7E 6D BD E2 EB D3 
    CANNOT READ CERTIFICATE
    Loaded certificate: 1
    1          SEQUENCE
    1.1          INTEGER(1): 00 
    1.2          INTEGER(257): 00 BB 26 E2 7B 9E 70 1F 64 54 95 6F 99 13 F1 17 FD B6 19 1F 66 03 7C 62 10 DC 46 99 C1 7D A0 09 E7 A3 1A BF 71 F6 81 10 DE 3B 89 D8 67 34 07 38 77 72 B5 AC A6 FB 43 CD 71 4A 56 D8 D6 95 09 9A 72 AD 23 FE D8 F6 E5 62 AF 20 76 FA 20 86 CF DA 56 29 22 5E BF 35 B2 80 52 C4 23 95 19 45 EB 07 2C 1A 87 F5 F1 D8 25 2E 53 7F E2 06 07 B5 B4 04 BB E4 58 2C 06 E9 AF 0A 5A 37 54 24 48 A5 11 C2 9C 59 86 94 48 C5 12 23 9C 21 91 AB 25 9B 83 5C 25 93 76 C6 A7 93 08 A8 D7 48 84 AA A0 DD C5 4E EF 3C F4 B1 E8 2B 60 51 60 43 CE 6F 94 7E 48 1B 59 72 85 5C BD 00 A4 7A 76 9D F4 79 50 84 2B EA 76 AA 12 9F B4 AF E7 A7 F1 2A 35 BA 06 5C 4A 4C F3 DD 91 F3 90 B2 A9 88 59 38 71 22 3E 38 04 77 5F EF 5A 95 84 30 2D F0 05 DD 68 24 8E 40 21 79 A2 E5 7F 83 AA 71 A6 8C F3 67 BF A7 4B 3F 5E 6F 05 
    1.3          INTEGER(3): 01 00 01 
    1.4          INTEGER(257): 00 AB 7A E0 90 66 46 D3 EC A9 37 D7 6E 4A 80 60 FC 1E 2A FC C3 0B 34 9F E2 55 02 F7 84 FB E7 74 CB E2 7D F2 A6 A8 37 F0 4D BF FD F8 E3 EF 1F 22 95 07 ED 00 CA 6B 75 DF BB 0B 63 72 01 83 C3 AD D9 9F 5D 58 F8 51 99 32 87 C6 56 5D AF 09 F7 4F 56 1D 10 9A 01 D7 60 BC 05 9A 24 04 4C 88 EC E5 C0 7A 7A D3 56 8A 36 DF 30 B0 FF 57 89 1E EB 58 5F 14 C5 D9 69 68 1A F3 80 60 2B DF A7 14 60 A6 8F EC 96 F2 E2 8F E0 97 90 AE 6C BB E3 95 E1 57 34 38 7E B3 A8 25 6C B8 F0 BA 17 29 CD B2 B4 E0 3E 72 EF A2 86 A5 73 CD FD AC CE 63 FA BD CB 4F CE 04 60 51 B8 E3 FF E8 C4 F3 99 99 5F 3A 95 18 EF 42 9B 9B 66 0B 63 88 C9 34 63 F3 71 D3 E7 10 A3 61 27 50 5D B9 07 E4 AC EE 65 01 0C 3F 19 1A 29 5D F0 AF F6 0C 33 26 A9 EA 7D 27 DE BA 7A 8E 72 EA F2 22 EF EC A1 DB 8D 92 F6 A3 DF 14 0F D6 61 
    1.5          INTEGER(129): 00 E0 48 21 85 92 C1 EA 16 42 92 CA 13 47 3C 21 B1 70 E2 7D 70 D8 76 50 53 CD 84 EE C9 4A B7 D2 EA 2A E1 8D 91 8B D1 94 CC 3C AE 44 CB D6 06 55 98 36 6B A3 FE 61 78 EB 7C 74 48 CB EC 8F 79 68 32 4D A3 50 0D 27 6F 67 24 A9 54 F9 20 EC 17 9C FA DD F3 29 88 B6 D9 5E F0 CB 22 2A E6 68 55 4B AB 67 A3 1A 17 A0 82 D7 99 0A CC 2E 86 BB 0E 5A 1E 89 A9 37 A1 64 82 5B 58 52 EF 98 7B 97 98 20 3D 
    1.6          INTEGER(129): 00 D5 9E 82 34 B1 2B 05 B2 D0 49 2E 4F 85 0A 75 E5 A9 24 8B 02 17 45 5A F7 9F 4E 01 9C 15 71 AA 4D C7 49 0D 5D FC 62 F1 7C 90 6A BF 89 DF D1 9C 1B 3A D6 4E B7 E3 19 C0 8D EB 3F 28 75 F7 CE DB 59 59 C6 70 16 01 83 0A E1 12 92 56 51 4B 9D B6 5C 7C 2E ED F4 F6 C1 1E 43 C3 67 5C CD 2E 2E 37 7F DA 92 4D A5 A9 5F DF 41 67 E0 35 77 4F D4 A0 08 71 7D 55 57 75 18 87 66 8A 23 90 DA 2F 8B 6E 69 
    1.7          INTEGER(129): 00 BD 28 D8 EC F9 6C 07 6C A2 D5 7F 0D 67 65 35 DD 9C 21 CA 3E A4 B2 94 E9 39 4B 46 C2 0A FC A3 2C D0 E1 CF 2E D4 47 FD 41 8C 64 46 AD CC 63 27 49 EB 8C 39 92 50 CF 55 7D 6F ED FD E0 14 DA 06 A1 76 8D A8 F4 8F 30 0C 44 05 75 1F 71 3E EE 63 7D CA 38 4D ED 7A 9A 36 D2 CB E0 93 62 24 D8 DB AB 43 0B 72 F4 3E 72 5C 38 3D BD 1B F8 92 47 76 86 8F 00 63 65 01 8A 58 54 54 0E B4 02 79 46 DA D9 
    1.8          INTEGER(128): 36 BD 89 AC 2B 02 55 51 7F 22 61 A5 AA F8 05 42 36 D7 D0 6F 56 BB 45 16 53 52 50 03 49 53 79 4A B9 18 B5 3E 32 60 C0 75 25 24 D5 B4 65 10 77 AA 5A A7 74 40 97 07 90 5A 4D C0 3F 84 0B 5E 8C C3 16 C8 4D 0C B6 92 78 05 39 17 1A DB 76 3F 11 EE 1D 3C 81 69 D6 99 A2 41 C7 1F 03 9E E8 88 9B 5C 3E 0C 63 AD 61 FB D9 60 0F 58 5B 1B 19 EF E8 9A 81 4A 96 C5 F4 91 B6 90 C6 31 5A FB 2E 57 D2 91 
    1.9          INTEGER(129): 00 A8 41 95 63 D7 17 0E 42 C2 7D BD 3E 71 2A 2B 94 3F 39 FC E5 19 6F A4 B0 A9 D4 26 76 AE 1D 8A A0 FC C3 14 C6 94 7B 22 11 83 6E AC 59 36 49 F8 29 D7 A1 86 F3 4C 34 5C A6 C1 0D 06 F3 02 5E 94 27 E7 1E D7 8B A1 83 95 24 CE 72 2C 77 87 E5 BA 39 C1 93 29 BA CB 57 63 B2 D6 24 28 5E 40 D3 B9 6C A4 33 CC D1 51 C9 E0 B1 B6 E8 98 A7 CE 13 63 CE B2 FF 22 4C 5A 8B AD 8F 43 25 10 3E 70 16 4C 6D 
    Loaded private key
    1          SEQUENCE
    1.1          SEQUENCE
    1.1.1          INTEGER(9): 00 BC 34 0C 3A 60 F9 34 C0 
    1.1.3          SEQUENCE
    1.1.3.1          OBJECT IDENTIFIER(9): 2A 86 48 86 F7 0D 01 01 0B 
    1.1.3.2          NULL
    1.1.4.2        SEQUENCE
    1.1.4.1          EMBEDDED PDV
    1.1.4.1.1          SEQUENCE
    1.1.4.1.1.1          OBJECT IDENTIFIER(3): 55 04 06 
    1.1.4.1.1.2          STR: [NO]
    1.1.4.2.1.2      EMBEDDED PDV
    1.1.4.2.1.2        SEQUENCE
    1.1.4.2.1.1          OBJECT IDENTIFIER(3): 55 04 08 
    1.1.4.2.1.2          STR: [Some-State]
    1.1.4.3.1.2      EMBEDDED PDV
    1.1.4.3.1.2        SEQUENCE
    1.1.4.3.1.1          OBJECT IDENTIFIER(3): 55 04 0A 
    1.1.4.3.1.2          STR: [Internet Widgits Pty Ltd]
    1.1.4.4.1.2      EMBEDDED PDV
    1.1.4.4.1.2        SEQUENCE
    1.1.4.4.1.1          OBJECT IDENTIFIER(3): 55 04 03 
    1.1.4.4.1.2          STR: [klump.sesse.net]
    1.1.5.4.1.2    SEQUENCE
    1.1.5.1.1.2      UTC TIME: [180328215649Z]
    1.1.5.2.1.2      UTC TIME: [201223215649Z]
    1.1.6.2.1.2    SEQUENCE
    1.1.6.1.1.2      EMBEDDED PDV
    1.1.6.1.1.2        SEQUENCE
    1.1.6.1.1.1          OBJECT IDENTIFIER(3): 55 04 06 
    1.1.6.1.1.2          STR: [NO]
    1.1.6.2.1.2      EMBEDDED PDV
    1.1.6.2.1.2        SEQUENCE
    1.1.6.2.1.1          OBJECT IDENTIFIER(3): 55 04 08 
    1.1.6.2.1.2          STR: [Some-State]
    1.1.6.3.1.2      EMBEDDED PDV
    1.1.6.3.1.2        SEQUENCE
    1.1.6.3.1.1          OBJECT IDENTIFIER(3): 55 04 0A 
    1.1.6.3.1.2          STR: [Internet Widgits Pty Ltd]
    1.1.6.4.1.2      EMBEDDED PDV
    1.1.6.4.1.2        SEQUENCE
    1.1.6.4.1.1          OBJECT IDENTIFIER(3): 55 04 03 
    1.1.6.4.1.2          STR: [klump.sesse.net]
    1.1.7.4.1.2    SEQUENCE
    1.1.7.1.1.2      SEQUENCE
    1.1.7.1.1.2        OBJECT IDENTIFIER(9): 2A 86 48 86 F7 0D 01 01 01 
    1.1.7.1.2.2        NULL
    1.1.7.2.2.2      BITSTREAM(271): 00 30 82 01 0A 02 82 01 01 00 BB 26 E2 7B 9E 70 1F 64 54 95 6F 99 13 F1 17 FD B6 19 1F 66 03 7C 62 10 DC 46 99 C1 7D A0 09 E7 A3 1A BF 71 F6 81 10 DE 3B 89 D8 67 34 07 38 77 72 B5 AC A6 FB 43 CD 71 4A 56 D8 D6 95 09 9A 72 AD 23 FE D8 F6 E5 62 AF 20 76 FA 20 86 CF DA 56 29 22 5E BF 35 B2 80 52 C4 23 95 19 45 EB 07 2C 1A 87 F5 F1 D8 25 2E 53 7F E2 06 07 B5 B4 04 BB E4 58 2C 06 E9 AF 0A 5A 37 54 24 48 A5 11 C2 9C 59 86 94 48 C5 12 23 9C 21 91 AB 25 9B 83 5C 25 93 76 C6 A7 93 08 A8 D7 48 84 AA A0 DD C5 4E EF 3C F4 B1 E8 2B 60 51 60 43 CE 6F 94 7E 48 1B 59 72 85 5C BD 00 A4 7A 76 9D F4 79 50 84 2B EA 76 AA 12 9F B4 AF E7 A7 F1 2A 35 BA 06 5C 4A 4C F3 DD 91 F3 90 B2 A9 88 59 38 71 22 3E 38 04 77 5F EF 5A 95 84 30 2D F0 05 DD 68 24 8E 40 21 79 A2 E5 7F 83 AA 71 A6 8C F3 67 BF A7 4B 3F 5E 6F 05 02 03 01 00 01 
    1.1.7.2.1.2        SEQUENCE
    1.1.7.2.1.1          INTEGER(257): 00 BB 26 E2 7B 9E 70 1F 64 54 95 6F 99 13 F1 17 FD B6 19 1F 66 03 7C 62 10 DC 46 99 C1 7D A0 09 E7 A3 1A BF 71 F6 81 10 DE 3B 89 D8 67 34 07 38 77 72 B5 AC A6 FB 43 CD 71 4A 56 D8 D6 95 09 9A 72 AD 23 FE D8 F6 E5 62 AF 20 76 FA 20 86 CF DA 56 29 22 5E BF 35 B2 80 52 C4 23 95 19 45 EB 07 2C 1A 87 F5 F1 D8 25 2E 53 7F E2 06 07 B5 B4 04 BB E4 58 2C 06 E9 AF 0A 5A 37 54 24 48 A5 11 C2 9C 59 86 94 48 C5 12 23 9C 21 91 AB 25 9B 83 5C 25 93 76 C6 A7 93 08 A8 D7 48 84 AA A0 DD C5 4E EF 3C F4 B1 E8 2B 60 51 60 43 CE 6F 94 7E 48 1B 59 72 85 5C BD 00 A4 7A 76 9D F4 79 50 84 2B EA 76 AA 12 9F B4 AF E7 A7 F1 2A 35 BA 06 5C 4A 4C F3 DD 91 F3 90 B2 A9 88 59 38 71 22 3E 38 04 77 5F EF 5A 95 84 30 2D F0 05 DD 68 24 8E 40 21 79 A2 E5 7F 83 AA 71 A6 8C F3 67 BF A7 4B 3F 5E 6F 05 
    1.1.7.2.1.2          INTEGER(3): 01 00 01 
    1.2.7.2.1.2  SEQUENCE
    1.2.1.2.1.2    OBJECT IDENTIFIER(9): 2A 86 48 86 F7 0D 01 01 0B 
    1.2.2.2.1.2    NULL
    1.3.2.2.1.2  BITSTREAM(257): 00 00 EC D6 8D 45 AF DA 4E 82 76 63 5B 1B B4 C4 B3 A2 B3 D4 23 48 37 6E B5 CC DE D7 28 29 99 E5 A4 14 7E 9B 06 A8 06 53 02 AD 84 32 25 93 7A 43 F2 E8 68 81 55 9A C2 45 57 C5 92 0C FD E9 E8 1A D5 5E 42 6D 3D 2E 1D 65 88 02 EE 47 39 42 F7 4E 66 61 95 AA 8A A7 AB AB 70 EC 40 52 3C 09 CB F9 F1 C6 3A D4 71 59 4A 17 88 72 D6 C5 AC A3 53 DA AA 84 1B 54 16 9D 65 20 56 37 DF 0D E5 1D BE D3 18 A6 BB 0E 7E 32 5B A1 83 5F 56 96 4C A0 C0 A0 1F 3C E5 F1 85 18 93 AC EE 5B B1 EB E4 04 F6 6D 00 EE 94 43 83 B8 BB A4 55 F2 41 23 AC F1 E2 AF 84 2B 9B DD 3E 68 EF D7 68 C1 EB B0 CE 21 71 81 40 CE 54 5A 16 1F DD 2D F1 7B 1A 7C 1F F6 31 D4 66 DC 39 15 7D B7 12 6C 5A B1 23 8D EE 91 5D 88 15 FD 89 D3 16 BE 90 E9 70 8F 96 F6 66 9F EB C5 19 05 31 17 FC C3 31 86 45 B7 E6 7E 6D BD E2 EB D3 
    CANNOT READ CERTIFICATE
    Loaded certificate: 1
    1          SEQUENCE
    1.1          INTEGER(1): 00 
    1.2          INTEGER(257): 00 BB 26 E2 7B 9E 70 1F 64 54 95 6F 99 13 F1 17 FD B6 19 1F 66 03 7C 62 10 DC 46 99 C1 7D A0 09 E7 A3 1A BF 71 F6 81 10 DE 3B 89 D8 67 34 07 38 77 72 B5 AC A6 FB 43 CD 71 4A 56 D8 D6 95 09 9A 72 AD 23 FE D8 F6 E5 62 AF 20 76 FA 20 86 CF DA 56 29 22 5E BF 35 B2 80 52 C4 23 95 19 45 EB 07 2C 1A 87 F5 F1 D8 25 2E 53 7F E2 06 07 B5 B4 04 BB E4 58 2C 06 E9 AF 0A 5A 37 54 24 48 A5 11 C2 9C 59 86 94 48 C5 12 23 9C 21 91 AB 25 9B 83 5C 25 93 76 C6 A7 93 08 A8 D7 48 84 AA A0 DD C5 4E EF 3C F4 B1 E8 2B 60 51 60 43 CE 6F 94 7E 48 1B 59 72 85 5C BD 00 A4 7A 76 9D F4 79 50 84 2B EA 76 AA 12 9F B4 AF E7 A7 F1 2A 35 BA 06 5C 4A 4C F3 DD 91 F3 90 B2 A9 88 59 38 71 22 3E 38 04 77 5F EF 5A 95 84 30 2D F0 05 DD 68 24 8E 40 21 79 A2 E5 7F 83 AA 71 A6 8C F3 67 BF A7 4B 3F 5E 6F 05 
    1.3          INTEGER(3): 01 00 01 
    1.4          INTEGER(257): 00 AB 7A E0 90 66 46 D3 EC A9 37 D7 6E 4A 80 60 FC 1E 2A FC C3 0B 34 9F E2 55 02 F7 84 FB E7 74 CB E2 7D F2 A6 A8 37 F0 4D BF FD F8 E3 EF 1F 22 95 07 ED 00 CA 6B 75 DF BB 0B 63 72 01 83 C3 AD D9 9F 5D 58 F8 51 99 32 87 C6 56 5D AF 09 F7 4F 56 1D 10 9A 01 D7 60 BC 05 9A 24 04 4C 88 EC E5 C0 7A 7A D3 56 8A 36 DF 30 B0 FF 57 89 1E EB 58 5F 14 C5 D9 69 68 1A F3 80 60 2B DF A7 14 60 A6 8F EC 96 F2 E2 8F E0 97 90 AE 6C BB E3 95 E1 57 34 38 7E B3 A8 25 6C B8 F0 BA 17 29 CD B2 B4 E0 3E 72 EF A2 86 A5 73 CD FD AC CE 63 FA BD CB 4F CE 04 60 51 B8 E3 FF E8 C4 F3 99 99 5F 3A 95 18 EF 42 9B 9B 66 0B 63 88 C9 34 63 F3 71 D3 E7 10 A3 61 27 50 5D B9 07 E4 AC EE 65 01 0C 3F 19 1A 29 5D F0 AF F6 0C 33 26 A9 EA 7D 27 DE BA 7A 8E 72 EA F2 22 EF EC A1 DB 8D 92 F6 A3 DF 14 0F D6 61 
    1.5          INTEGER(129): 00 E0 48 21 85 92 C1 EA 16 42 92 CA 13 47 3C 21 B1 70 E2 7D 70 D8 76 50 53 CD 84 EE C9 4A B7 D2 EA 2A E1 8D 91 8B D1 94 CC 3C AE 44 CB D6 06 55 98 36 6B A3 FE 61 78 EB 7C 74 48 CB EC 8F 79 68 32 4D A3 50 0D 27 6F 67 24 A9 54 F9 20 EC 17 9C FA DD F3 29 88 B6 D9 5E F0 CB 22 2A E6 68 55 4B AB 67 A3 1A 17 A0 82 D7 99 0A CC 2E 86 BB 0E 5A 1E 89 A9 37 A1 64 82 5B 58 52 EF 98 7B 97 98 20 3D 
    1.6          INTEGER(129): 00 D5 9E 82 34 B1 2B 05 B2 D0 49 2E 4F 85 0A 75 E5 A9 24 8B 02 17 45 5A F7 9F 4E 01 9C 15 71 AA 4D C7 49 0D 5D FC 62 F1 7C 90 6A BF 89 DF D1 9C 1B 3A D6 4E B7 E3 19 C0 8D EB 3F 28 75 F7 CE DB 59 59 C6 70 16 01 83 0A E1 12 92 56 51 4B 9D B6 5C 7C 2E ED F4 F6 C1 1E 43 C3 67 5C CD 2E 2E 37 7F DA 92 4D A5 A9 5F DF 41 67 E0 35 77 4F D4 A0 08 71 7D 55 57 75 18 87 66 8A 23 90 DA 2F 8B 6E 69 
    1.7          INTEGER(129): 00 BD 28 D8 EC F9 6C 07 6C A2 D5 7F 0D 67 65 35 DD 9C 21 CA 3E A4 B2 94 E9 39 4B 46 C2 0A FC A3 2C D0 E1 CF 2E D4 47 FD 41 8C 64 46 AD CC 63 27 49 EB 8C 39 92 50 CF 55 7D 6F ED FD E0 14 DA 06 A1 76 8D A8 F4 8F 30 0C 44 05 75 1F 71 3E EE 63 7D CA 38 4D ED 7A 9A 36 D2 CB E0 93 62 24 D8 DB AB 43 0B 72 F4 3E 72 5C 38 3D BD 1B F8 92 47 76 86 8F 00 63 65 01 8A 58 54 54 0E B4 02 79 46 DA D9 
    1.8          INTEGER(128): 36 BD 89 AC 2B 02 55 51 7F 22 61 A5 AA F8 05 42 36 D7 D0 6F 56 BB 45 16 53 52 50 03 49 53 79 4A B9 18 B5 3E 32 60 C0 75 25 24 D5 B4 65 10 77 AA 5A A7 74 40 97 07 90 5A 4D C0 3F 84 0B 5E 8C C3 16 C8 4D 0C B6 92 78 05 39 17 1A DB 76 3F 11 EE 1D 3C 81 69 D6 99 A2 41 C7 1F 03 9E E8 88 9B 5C 3E 0C 63 AD 61 FB D9 60 0F 58 5B 1B 19 EF E8 9A 81 4A 96 C5 F4 91 B6 90 C6 31 5A FB 2E 57 D2 91 
    1.9          INTEGER(129): 00 A8 41 95 63 D7 17 0E 42 C2 7D BD 3E 71 2A 2B 94 3F 39 FC E5 19 6F A4 B0 A9 D4 26 76 AE 1D 8A A0 FC C3 14 C6 94 7B 22 11 83 6E AC 59 36 49 F8 29 D7 A1 86 F3 4C 34 5C A6 C1 0D 06 F3 02 5E 94 27 E7 1E D7 8B A1 83 95 24 CE 72 2C 77 87 E5 BA 39 C1 93 29 BA CB 57 63 B2 D6 24 28 5E 40 D3 B9 6C A4 33 CC D1 51 C9 E0 B1 B6 E8 98 A7 CE 13 63 CE B2 FF 22 4C 5A 8B AD 8F 43 25 10 3E 70 16 4C 6D 
    Loaded private key
    1          SEQUENCE
    1.1          SEQUENCE
    1.1.1          INTEGER(9): 00 BC 34 0C 3A 60 F9 34 C0 
    1.1.3          SEQUENCE
    1.1.3.1          OBJECT IDENTIFIER(9): 2A 86 48 86 F7 0D 01 01 0B 
    1.1.3.2          NULL
    1.1.4.2        SEQUENCE
    1.1.4.1          EMBEDDED PDV
    1.1.4.1.1          SEQUENCE
    1.1.4.1.1.1          OBJECT IDENTIFIER(3): 55 04 06 
    1.1.4.1.1.2          STR: [NO]
    1.1.4.2.1.2      EMBEDDED PDV
    1.1.4.2.1.2        SEQUENCE
    1.1.4.2.1.1          OBJECT IDENTIFIER(3): 55 04 08 
    1.1.4.2.1.2          STR: [Some-State]
    1.1.4.3.1.2      EMBEDDED PDV
    1.1.4.3.1.2        SEQUENCE
    1.1.4.3.1.1          OBJECT IDENTIFIER(3): 55 04 0A 
    1.1.4.3.1.2          STR: [Internet Widgits Pty Ltd]
    1.1.4.4.1.2      EMBEDDED PDV
    1.1.4.4.1.2        SEQUENCE
    1.1.4.4.1.1          OBJECT IDENTIFIER(3): 55 04 03 
    1.1.4.4.1.2          STR: [klump.sesse.net]
    1.1.5.4.1.2    SEQUENCE
    1.1.5.1.1.2      UTC TIME: [180328215649Z]
    1.1.5.2.1.2      UTC TIME: [201223215649Z]
    1.1.6.2.1.2    SEQUENCE
    1.1.6.1.1.2      EMBEDDED PDV
    1.1.6.1.1.2        SEQUENCE
    1.1.6.1.1.1          OBJECT IDENTIFIER(3): 55 04 06 
    1.1.6.1.1.2          STR: [NO]
    1.1.6.2.1.2      EMBEDDED PDV
    1.1.6.2.1.2        SEQUENCE
    1.1.6.2.1.1          OBJECT IDENTIFIER(3): 55 04 08 
    1.1.6.2.1.2          STR: [Some-State]
    1.1.6.3.1.2      EMBEDDED PDV
    1.1.6.3.1.2        SEQUENCE
    1.1.6.3.1.1          OBJECT IDENTIFIER(3): 55 04 0A 
    1.1.6.3.1.2          STR: [Internet Widgits Pty Ltd]
    1.1.6.4.1.2      EMBEDDED PDV
    1.1.6.4.1.2        SEQUENCE
    1.1.6.4.1.1          OBJECT IDENTIFIER(3): 55 04 03 
    1.1.6.4.1.2          STR: [klump.sesse.net]
    1.1.7.4.1.2    SEQUENCE
    1.1.7.1.1.2      SEQUENCE
    1.1.7.1.1.2        OBJECT IDENTIFIER(9): 2A 86 48 86 F7 0D 01 01 01 
    1.1.7.1.2.2        NULL
    1.1.7.2.2.2      BITSTREAM(271): 00 30 82 01 0A 02 82 01 01 00 BB 26 E2 7B 9E 70 1F 64 54 95 6F 99 13 F1 17 FD B6 19 1F 66 03 7C 62 10 DC 46 99 C1 7D A0 09 E7 A3 1A BF 71 F6 81 10 DE 3B 89 D8 67 34 07 38 77 72 B5 AC A6 FB 43 CD 71 4A 56 D8 D6 95 09 9A 72 AD 23 FE D8 F6 E5 62 AF 20 76 FA 20 86 CF DA 56 29 22 5E BF 35 B2 80 52 C4 23 95 19 45 EB 07 2C 1A 87 F5 F1 D8 25 2E 53 7F E2 06 07 B5 B4 04 BB E4 58 2C 06 E9 AF 0A 5A 37 54 24 48 A5 11 C2 9C 59 86 94 48 C5 12 23 9C 21 91 AB 25 9B 83 5C 25 93 76 C6 A7 93 08 A8 D7 48 84 AA A0 DD C5 4E EF 3C F4 B1 E8 2B 60 51 60 43 CE 6F 94 7E 48 1B 59 72 85 5C BD 00 A4 7A 76 9D F4 79 50 84 2B EA 76 AA 12 9F B4 AF E7 A7 F1 2A 35 BA 06 5C 4A 4C F3 DD 91 F3 90 B2 A9 88 59 38 71 22 3E 38 04 77 5F EF 5A 95 84 30 2D F0 05 DD 68 24 8E 40 21 79 A2 E5 7F 83 AA 71 A6 8C F3 67 BF A7 4B 3F 5E 6F 05 02 03 01 00 01 
    1.1.7.2.1.2        SEQUENCE
    1.1.7.2.1.1          INTEGER(257): 00 BB 26 E2 7B 9E 70 1F 64 54 95 6F 99 13 F1 17 FD B6 19 1F 66 03 7C 62 10 DC 46 99 C1 7D A0 09 E7 A3 1A BF 71 F6 81 10 DE 3B 89 D8 67 34 07 38 77 72 B5 AC A6 FB 43 CD 71 4A 56 D8 D6 95 09 9A 72 AD 23 FE D8 F6 E5 62 AF 20 76 FA 20 86 CF DA 56 29 22 5E BF 35 B2 80 52 C4 23 95 19 45 EB 07 2C 1A 87 F5 F1 D8 25 2E 53 7F E2 06 07 B5 B4 04 BB E4 58 2C 06 E9 AF 0A 5A 37 54 24 48 A5 11 C2 9C 59 86 94 48 C5 12 23 9C 21 91 AB 25 9B 83 5C 25 93 76 C6 A7 93 08 A8 D7 48 84 AA A0 DD C5 4E EF 3C F4 B1 E8 2B 60 51 60 43 CE 6F 94 7E 48 1B 59 72 85 5C BD 00 A4 7A 76 9D F4 79 50 84 2B EA 76 AA 12 9F B4 AF E7 A7 F1 2A 35 BA 06 5C 4A 4C F3 DD 91 F3 90 B2 A9 88 59 38 71 22 3E 38 04 77 5F EF 5A 95 84 30 2D F0 05 DD 68 24 8E 40 21 79 A2 E5 7F 83 AA 71 A6 8C F3 67 BF A7 4B 3F 5E 6F 05 
    1.1.7.2.1.2          INTEGER(3): 01 00 01 
    1.2.7.2.1.2  SEQUENCE
    1.2.1.2.1.2    OBJECT IDENTIFIER(9): 2A 86 48 86 F7 0D 01 01 0B 
    1.2.2.2.1.2    NULL
    1.3.2.2.1.2  BITSTREAM(257): 00 00 EC D6 8D 45 AF DA 4E 82 76 63 5B 1B B4 C4 B3 A2 B3 D4 23 48 37 6E B5 CC DE D7 28 29 99 E5 A4 14 7E 9B 06 A8 06 53 02 AD 84 32 25 93 7A 43 F2 E8 68 81 55 9A C2 45 57 C5 92 0C FD E9 E8 1A D5 5E 42 6D 3D 2E 1D 65 88 02 EE 47 39 42 F7 4E 66 61 95 AA 8A A7 AB AB 70 EC 40 52 3C 09 CB F9 F1 C6 3A D4 71 59 4A 17 88 72 D6 C5 AC A3 53 DA AA 84 1B 54 16 9D 65 20 56 37 DF 0D E5 1D BE D3 18 A6 BB 0E 7E 32 5B A1 83 5F 56 96 4C A0 C0 A0 1F 3C E5 F1 85 18 93 AC EE 5B B1 EB E4 04 F6 6D 00 EE 94 43 83 B8 BB A4 55 F2 41 23 AC F1 E2 AF 84 2B 9B DD 3E 68 EF D7 68 C1 EB B0 CE 21 71 81 40 CE 54 5A 16 1F DD 2D F1 7B 1A 7C 1F F6 31 D4 66 DC 39 15 7D B7 12 6C 5A B1 23 8D EE 91 5D 88 15 FD 89 D3 16 BE 90 E9 70 8F 96 F6 66 9F EB C5 19 05 31 17 FC C3 31 86 45 B7 E6 7E 6D BD E2 EB D3 
    CANNOT READ CERTIFICATE
    Loaded certificate: 1
    1          SEQUENCE
    1.1          INTEGER(1): 00 
    1.2          INTEGER(257): 00 BB 26 E2 7B 9E 70 1F 64 54 95 6F 99 13 F1 17 FD B6 19 1F 66 03 7C 62 10 DC 46 99 C1 7D A0 09 E7 A3 1A BF 71 F6 81 10 DE 3B 89 D8 67 34 07 38 77 72 B5 AC A6 FB 43 CD 71 4A 56 D8 D6 95 09 9A 72 AD 23 FE D8 F6 E5 62 AF 20 76 FA 20 86 CF DA 56 29 22 5E BF 35 B2 80 52 C4 23 95 19 45 EB 07 2C 1A 87 F5 F1 D8 25 2E 53 7F E2 06 07 B5 B4 04 BB E4 58 2C 06 E9 AF 0A 5A 37 54 24 48 A5 11 C2 9C 59 86 94 48 C5 12 23 9C 21 91 AB 25 9B 83 5C 25 93 76 C6 A7 93 08 A8 D7 48 84 AA A0 DD C5 4E EF 3C F4 B1 E8 2B 60 51 60 43 CE 6F 94 7E 48 1B 59 72 85 5C BD 00 A4 7A 76 9D F4 79 50 84 2B EA 76 AA 12 9F B4 AF E7 A7 F1 2A 35 BA 06 5C 4A 4C F3 DD 91 F3 90 B2 A9 88 59 38 71 22 3E 38 04 77 5F EF 5A 95 84 30 2D F0 05 DD 68 24 8E 40 21 79 A2 E5 7F 83 AA 71 A6 8C F3 67 BF A7 4B 3F 5E 6F 05 
    1.3          INTEGER(3): 01 00 01 
    1.4          INTEGER(257): 00 AB 7A E0 90 66 46 D3 EC A9 37 D7 6E 4A 80 60 FC 1E 2A FC C3 0B 34 9F E2 55 02 F7 84 FB E7 74 CB E2 7D F2 A6 A8 37 F0 4D BF FD F8 E3 EF 1F 22 95 07 ED 00 CA 6B 75 DF BB 0B 63 72 01 83 C3 AD D9 9F 5D 58 F8 51 99 32 87 C6 56 5D AF 09 F7 4F 56 1D 10 9A 01 D7 60 BC 05 9A 24 04 4C 88 EC E5 C0 7A 7A D3 56 8A 36 DF 30 B0 FF 57 89 1E EB 58 5F 14 C5 D9 69 68 1A F3 80 60 2B DF A7 14 60 A6 8F EC 96 F2 E2 8F E0 97 90 AE 6C BB E3 95 E1 57 34 38 7E B3 A8 25 6C B8 F0 BA 17 29 CD B2 B4 E0 3E 72 EF A2 86 A5 73 CD FD AC CE 63 FA BD CB 4F CE 04 60 51 B8 E3 FF E8 C4 F3 99 99 5F 3A 95 18 EF 42 9B 9B 66 0B 63 88 C9 34 63 F3 71 D3 E7 10 A3 61 27 50 5D B9 07 E4 AC EE 65 01 0C 3F 19 1A 29 5D F0 AF F6 0C 33 26 A9 EA 7D 27 DE BA 7A 8E 72 EA F2 22 EF EC A1 DB 8D 92 F6 A3 DF 14 0F D6 61 
    1.5          INTEGER(129): 00 E0 48 21 85 92 C1 EA 16 42 92 CA 13 47 3C 21 B1 70 E2 7D 70 D8 76 50 53 CD 84 EE C9 4A B7 D2 EA 2A E1 8D 91 8B D1 94 CC 3C AE 44 CB D6 06 55 98 36 6B A3 FE 61 78 EB 7C 74 48 CB EC 8F 79 68 32 4D A3 50 0D 27 6F 67 24 A9 54 F9 20 EC 17 9C FA DD F3 29 88 B6 D9 5E F0 CB 22 2A E6 68 55 4B AB 67 A3 1A 17 A0 82 D7 99 0A CC 2E 86 BB 0E 5A 1E 89 A9 37 A1 64 82 5B 58 52 EF 98 7B 97 98 20 3D 
    1.6          INTEGER(129): 00 D5 9E 82 34 B1 2B 05 B2 D0 49 2E 4F 85 0A 75 E5 A9 24 8B 02 17 45 5A F7 9F 4E 01 9C 15 71 AA 4D C7 49 0D 5D FC 62 F1 7C 90 6A BF 89 DF D1 9C 1B 3A D6 4E B7 E3 19 C0 8D EB 3F 28 75 F7 CE DB 59 59 C6 70 16 01 83 0A E1 12 92 56 51 4B 9D B6 5C 7C 2E ED F4 F6 C1 1E 43 C3 67 5C CD 2E 2E 37 7F DA 92 4D A5 A9 5F DF 41 67 E0 35 77 4F D4 A0 08 71 7D 55 57 75 18 87 66 8A 23 90 DA 2F 8B 6E 69 
    1.7          INTEGER(129): 00 BD 28 D8 EC F9 6C 07 6C A2 D5 7F 0D 67 65 35 DD 9C 21 CA 3E A4 B2 94 E9 39 4B 46 C2 0A FC A3 2C D0 E1 CF 2E D4 47 FD 41 8C 64 46 AD CC 63 27 49 EB 8C 39 92 50 CF 55 7D 6F ED FD E0 14 DA 06 A1 76 8D A8 F4 8F 30 0C 44 05 75 1F 71 3E EE 63 7D CA 38 4D ED 7A 9A 36 D2 CB E0 93 62 24 D8 DB AB 43 0B 72 F4 3E 72 5C 38 3D BD 1B F8 92 47 76 86 8F 00 63 65 01 8A 58 54 54 0E B4 02 79 46 DA D9 
    1.8          INTEGER(128): 36 BD 89 AC 2B 02 55 51 7F 22 61 A5 AA F8 05 42 36 D7 D0 6F 56 BB 45 16 53 52 50 03 49 53 79 4A B9 18 B5 3E 32 60 C0 75 25 24 D5 B4 65 10 77 AA 5A A7 74 40 97 07 90 5A 4D C0 3F 84 0B 5E 8C C3 16 C8 4D 0C B6 92 78 05 39 17 1A DB 76 3F 11 EE 1D 3C 81 69 D6 99 A2 41 C7 1F 03 9E E8 88 9B 5C 3E 0C 63 AD 61 FB D9 60 0F 58 5B 1B 19 EF E8 9A 81 4A 96 C5 F4 91 B6 90 C6 31 5A FB 2E 57 D2 91 
    1.9          INTEGER(129): 00 A8 41 95 63 D7 17 0E 42 C2 7D BD 3E 71 2A 2B 94 3F 39 FC E5 19 6F A4 B0 A9 D4 26 76 AE 1D 8A A0 FC C3 14 C6 94 7B 22 11 83 6E AC 59 36 49 F8 29 D7 A1 86 F3 4C 34 5C A6 C1 0D 06 F3 02 5E 94 27 E7 1E D7 8B A1 83 95 24 CE 72 2C 77 87 E5 BA 39 C1 93 29 BA CB 57 63 B2 D6 24 28 5E 40 D3 B9 6C A4 33 CC D1 51 C9 E0 B1 B6 E8 98 A7 CE 13 63 CE B2 FF 22 4C 5A 8B AD 8F 43 25 10 3E 70 16 4C 6D 
    Loaded private key
    [New Thread 0x7ffff48c3700 (LWP 25000)]
    [New Thread 0x7fffeffff700 (LWP 25001)]
    [New Thread 0x7fffef7fe700 (LWP 25002)]
    [New Thread 0x7fffeeffd700 (LWP 25003)]
    [New Thread 0x7fffee7fc700 (LWP 25004)]
    [New Thread 0x7fffedffb700 (LWP 25005)]
    [New Thread 0x7fffe57fa700 (LWP 25006)]
    NEED DATA: 8244/83
    Message type: 16, length: 225
    HANDSHAKE MESSAGE
     => CLIENT HELLO
    VERSION REQUIRED BY REMOTE 303, VERSION NOW 303
    Extension: 0x05 (5), len: 5
    Extension: 0x0ff01 (65281), len: 1
    Extension: 0x023 (35), len: 0
    Extension: 0x0a (10), len: 12
    SUPPORTED GROUPS (10): 00 17 00 18 00 19 00 15 00 13 
    SELECTED CURVE secp256r1
    Extension: 0x0b (11), len: 2
    SUPPORTED POINT FORMATS (2): 01 00 
    Extension: 0x0d (13), len: 22
    SUPPORTED SIGNATURES (22): 00 14 04 01 04 03 05 01 05 03 06 01 06 03 03 01 03 03 02 01 02 03 
     => DTLS COOKIE VERIFIED: 0 (224)
    <= SENDING SERVER HELLO
    <= SENDING CERTIFICATE
    <= SENDING EPHEMERAL DH KEY
    LTC_ARGCHK 'ltc_mp.name != NULL' failure on line 57 of file src/pk/ecc/ecc_make_key.c
    
    Thread 5 "cubemap" received signal SIGABRT, Aborted.
    [Switching to Thread 0x7fffef7fe700 (LWP 25002)]
    __GI_raise ([email protected]=6) at ../sysdeps/unix/sysv/linux/raise.c:51
    51	../sysdeps/unix/sysv/linux/raise.c: Ingen slik fil eller filkatalog.
    (gdb) bt
    #0  __GI_raise ([email protected]=6) at ../sysdeps/unix/sysv/linux/raise.c:51
    #1  0x00007ffff652e231 in __GI_abort () at abort.c:79
    #2  0x00007ffff72447df in crypt_argchk () from /usr/lib/x86_64-linux-gnu/libtomcrypt.so.1
    #3  0x00007ffff725de6f in ecc_make_key_ex () from /usr/lib/x86_64-linux-gnu/libtomcrypt.so.1
    #4  0x0000555555590cef in tls_build_server_key_exchange ([email protected]=0x7ffff7ea3010, 
        [email protected]=6) at tlse/tlse.c:4710
    #5  0x0000555555595d7d in tls_parse_payload (context=0x7ffff7ea3010, buf=<optimized out>, buf_len=225, 
        certificate_verify=0x0) at tlse/tlse.c:6341
    #6  0x00005555555961c5 in tls_parse_message ([email protected]=0x7ffff7ea3010, buf=<optimized out>, 
        [email protected]=230, [email protected]=0x0) at tlse/tlse.c:6674
    #7  0x0000555555596e34 in tls_consume_stream (context=0x7ffff7ea3010, 
        [email protected]=0x7fffef7fd620 "\026\003\001", buf_len=<optimized out>, 
        [email protected]=0x0) at tlse/tlse.c:7662
    #8  0x000055555556536b in Server::process_client ([email protected]=0x7ffff7f6a248, 
        [email protected]=0x7fffd0000f58) at server.cpp:474
    #9  0x000055555556602f in Server::add_client ([email protected]=0x7ffff7f6a248, sock=16) at server.cpp:273
    #10 0x00005555555661a3 in Server::process_queued_data ([email protected]=0x7ffff7f6a248) at server.cpp:898
    #11 0x00005555555662c1 in Server::do_work (this=0x7ffff7f6a248) at server.cpp:137
    #12 0x000055555557c246 in Thread::do_work_thunk (arg=0x7ffff7f6a248) at thread.cpp:63
    #13 0x00007ffff774e5aa in start_thread (arg=0x7fffef7fe700) at pthread_create.c:463
    #14 0x00007ffff65eecbf in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
    

    This is with libtomcrypt 1.8.1; maybe some incompatibilities remaining?

  • TLSv1.2 not working with cipher DHE-RSA-AES128CBC-SHA properly

    TLSv1.2 not working with cipher DHE-RSA-AES128CBC-SHA properly

    Hi... I modified tlse.c using:

           if (context->is_server) {
                // fallback ... this should never happen
                //if (!context->cipher)
                    context->cipher = TLS_DHE_RSA_WITH_AES_128_CBC_SHA;
    

    to force client/server examples to use DHE-RSA-AES128CBC-SHA cipher suite and noticed, that server adds after SERVER_KEY_EXCHANGE fragment 2 bytes: 0x0401

    The client is not able to handle it and closes with:

    Consumed -2 bytes
    ERROR IN CONSUME: -2
    

    Is this expected behaviour?

  • Android 6.0.1 cannot connect using TLSv1.2

    Android 6.0.1 cannot connect using TLSv1.2

    Android 6.0.1 using Google Chrome 64.0.3282.137 cannot connect to my TLSe enabled http server. According to strace, TLSe waits for more data to come then timeout drops client.

    The pcap file is at https://lynxlynx.ru/tmp/androidclient.pcap port number 9999 must be decoded as SSL in Wireshark. Maybe I could provide a log output with strace, but connect attempt was made using real certificates.

    While my httpd server still uses compatibility API, most other clients (including my cyanogenmod tablet) connect just fine, as ssllabs say too. Can you look at it?

  • Strange error:

    Strange error: "UNSUPPORTED TLS VERSION 0"

    Compiling with debug info, and trying to access "https://www.posti.fi/fi"

    Getting:

    Initializing dependencies
    UNSUPPORTED TLS VERSION 0
    Consumed -4 bytes
    ERROR IN CONSUME: -4
    
  • Various Coverity warnings

    Various Coverity warnings

    Hi,

    I analyzed a project that uses TLSe using Coverity's free service (Scan), and it found a number of issues in TLSe that I thought I'd pass on. (I can invite you to the project if you wish to have a look directly in the system yourself; the error messages are somewhat more detailde.)

    The ones that I found immediately relevant (line numbers are at bdbf5ecc):

    • tlse.c:9685: setsockopt() to set TCP_ULP to "tls" doesn't check the return value.
    • tlse.c:1733: Various _done() functions are assigned to err (indicating they can actually return an error?), but never actually checked.
    • tlse.c:5237: “key_size = strlen(default_dhe_g);” is unreachable code; it cannot be reached whether default_dhe_g is nullptr or not. I assume the || should have been && earlier?
    • tls_build_certificate(): This function returns early if !all_certificate_size, yet checks it again immediately below (causing more dead code).
    • __private_tls_prefer_ktls(): context is dereferenced, and only then NULL-checked later. Either the order should be switched around, or the NULL check is redundant.

    In all, there are 20 reported issues, of which I would assume there's one or two issues that could potentially be real user-facing bugs. Whether the dead code is important to you or not is a different story, of course :-) And then, there are probably some straight-out false positives.

  • Strict aliasing violation warning

    Strict aliasing violation warning

    First, thanks for great lib ! Second, may be safer to use memcpy here as it is not clear how it will work in different pointer size machines (32bit/64bit ?):

    tlse.c: In function Б─≤int chacha20_poly1305_aead(chacha_ctx*, unsigned char*, unsigned int, unsigned char*, unsigned int, unsigned char*, unsigned char*)Б─≥:
    tlse.c:803:21: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
         *(int *)&trail[4] = 0;
                         ^
    tlse.c:805:22: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
         *(int *)&trail[12] = 0;
                          ^
    tlse.c: In function Б─≤void tls_packet_update(TLSPacket*)Б─≥:
    tlse.c:3355:67: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
                                         *(unsigned short *)&temp_buf[3] = *(unsigned short *)&packet->buf[header_size - 2];
                                                                       ^
    tlse.c:3397:50: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
                                     *((uint64_t *)aad) = *(uint64_t *)&packet->buf[3];
                                                      ^
    tlse.c:3399:50: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
                                     *((uint64_t *)aad) = htonll(packet->context->local_sequence_number);
                                                      ^
    tlse.c:3403:57: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
                                 *((unsigned short *)&aad[11]) = htons(packet->len - header_size);
                                                             ^
    tlse.c: In function Б─≤int __private_tls_build_random(TLSPacket*)Б─≥:
    tlse.c:5702:41: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
             *(unsigned short *)&rand_bytes[0] = htons(packet->context->version);
                                             ^
    tlse.c:5705:41: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
             *(unsigned short *)&rand_bytes[0] = htons(DTLS_V12);
                                             ^
    tlse.c:5707:41: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
             *(unsigned short *)&rand_bytes[0] = htons(TLS_V12);
                                             ^
    tlse.c: In function Б─≤int tls_parse_message(TLSContext*, unsigned char*, int, tls_validation_function)Б─≥:
    tlse.c:6508:34: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
                     *((uint64_t *)aad) = htonll(dtls_sequence_number);
                                      ^
    tlse.c:6510:34: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
                     *((uint64_t *)aad) = htonll(context->remote_sequence_number);
                                      ^
    tlse.c:6522:41: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
                 *((unsigned short *)&aad[11]) = htons(pt_length);
                                             ^
    tlse.c:6565:34: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
                     *((uint64_t *)aad) = htonll(dtls_sequence_number);
                                      ^
    tlse.c:6567:34: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
                     *((uint64_t *)aad) = htonll(context->remote_sequence_number);
                                      ^
    tlse.c:6571:41: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
                 *((unsigned short *)&aad[11]) = htons(pt_length);
                                             ^
    tlse.c:6595:29: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
                 *(int *)&trail[4] = 0;
                                 ^
    tlse.c:6597:30: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
                 *(int *)&trail[12] = 0;
                                  ^
    tlse.c:6677:43: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
                 *(unsigned short *)&temp_buf[3] = htons(length);
                                               ^
    
  • ROBOT attack - ssllabs will downgrade to

    ROBOT attack - ssllabs will downgrade to "F" since Feb2018

    I am writing my own embedded HTTP server and I successfully integrated tlse into my project. However when I directed ssllabs.com test at my host, it rated server as "A" but warned me that since February 2018, it will downgrade the implementation to "F" because of ROBOT attack. The website says that I must disable TLS RSA encryption in order to be not vulnerable to it.

    I #if 0'd all the TLS_RSA_WITH_* places and reinstalled, and ssllabs said I am no longer vulnerable. Is this enough for me to be safe?

    By the way I am using (test) Let's Encrypt certificate for my domain, and SSL compatibility layer with tlse.

  • Client Certificate Request freezes handshake.

    Client Certificate Request freezes handshake.

    Maybe this issue is related to a particular implementation on a client side.

    When Client Verification is enabled like this:

    tls_request_client_certificate(ctx); 
    SSL_CTX_set_verify(ctx,SSL_VERIFY_PEER,(tls_validation_function)tls_default_verify);
    

    handshake stops after the server sends tls_certificate_request(). The client just does not respond anything.

    Is Client Certificate Request/Client Verification stable/tested ?

  • EAGAIN & EINTR should be expected

    EAGAIN & EINTR should be expected

    EAGAIN & EINTR ( WSAEWOULDBLOCK & WSAEINTR on windows) errors are conditional and not necessarily mean that something wrong with the socket. Truth is these codes appear with both blocked and non-blocked sockets. So, when you are attempting to send/read directly from socket you should expect these codes and process them accordingly. Otherwise you may terminate a legit connection. The simplest example from method _tls_ssl_private_send_pending updated by me (I need linux/macOS only, so no windows code here and usleep() is not mandatory of course):

    int _tls_ssl_private_send_pending(struct TLSContext *context){
    
    ....
        
        while ((out_buffer) && (out_buffer_len > 0)) {
    
            int res;
            
            if(ssl_data->fd < 0) return TLS_GENERIC_ERROR;
            
            if (write_cb){
                res = write_cb(ssl_data->fd, (char *)&out_buffer[out_buffer_index], out_buffer_len, 0);
            }else{
                res = send(ssl_data->fd, (char *)&out_buffer[out_buffer_index], out_buffer_len, 0);
                if(res < 0){
                	  int err = errno();
                	  //NRD: EAGAIN & EINTR are expected.
                	  if (err == EAGAIN || err == EINTR){
                	  	  usleep(1000); continue;
                	  }
                }    
            }
            
            if (res <= 0) {
                send_res = res;
                break;
            }
            
            out_buffer_len -= res;
            out_buffer_index += res;
            send_res += res;
        }
    

    Multipurpose implementation should be more complex of course.

  • Unnecessary _tls_ssl_private_send_pending in SSL_read

    Unnecessary _tls_ssl_private_send_pending in SSL_read

    You may consider removing _tls_ssl_private_send_pending from SSL_read. In multi-thread environment nobody expects SSL_read to send buffered data. When SSL_read and SSl_write are called from separate threads, the encryption flow may break. There is no way to synchronize SSL_read and SSl_write, 'cause these methods must be asynchronous.

  • what is

    what is "for semantic compatibility" means?

    Dear author: I see SSL_library_init(); SSL_load_error_strings(); in the file tlssimple.c what is the comment "dummy functions ... for semantic compatibility only" means?

  • SSL_read function strange behavior vs openssl's SSL_read

    SSL_read function strange behavior vs openssl's SSL_read

    Dear author, I found a strange behavior in SSL_read function compared with openssl's SSL_read function. when i use openssl, the number of bytes ssl_read int the client side returned will never larger than the number of bytes ssl_write from the server side, the code is like below: server side: SSL_write(ssl, text, 32); SSL_write(ssl, text, 32); SSL_write(ssl, text, 32); SSL_write(ssl, text, 32); SSL_write(ssl, text, 32); SSL_write(ssl, text, 32); SSL_write(ssl, text, 32); client side: `while (1) {

    	printf("\n---------------------------------\n");
    	int n = SSL_read(pssl, (char*)sz_temp, 128);
    	if (n <= 0)
    	{
    		SSL_shutdown(pssl);
    		SSL_free(pssl);
    		closesocket(sock);
    		break;
    	}
    	else
    	{
    		for (int i = 0; i < n; i++) {
    			printf("%02x ", (unsigned int)sz_temp[i]);
    		}
    	}`
    

    the result: i will only receive 32 byte one time i called ssl_read. image while, when i use your awsome project tlse, the client side result is like this: I received 128 bytes one time, and this caught some stick package error in my project. image

    Could you please help me with this problem?

  • Support for latest libtomcrypt

    Support for latest libtomcrypt

    Last release of ltc is v1.18.2, released mid 2018 and there have been many changes and addition in master branch since (example: inbuilt support for x22519 and ed25519)

    This also means there have been breaking changes around ecc and tlse will not compile with latest ltc Are there any plans to support this?

  • Failure to notice incorrect handshake on SSL_connect

    Failure to notice incorrect handshake on SSL_connect

    Currently SSL_connect() will return success even if there was a critical error. The correction is:

    @@ -10372,14 +10372,14 @@
             if (tls_consume_stream(context, client_message, read_size, ssl_data->certificate_verify) >= 0) {
                 res = _tls_ssl_private_send_pending(ssl_data->fd, context);
                 if (res < 0)
                     return res;
             }
    +        if (context->critical_error)
    +            return TLS_GENERIC_ERROR;
             if (tls_established(context))
                 return 1;
    -        if (context->critical_error)
    -            return TLS_GENERIC_ERROR;
         }
         return read_size;
     }
    
    
  • Failure to connect to SMTP server with STARTTLS

    Failure to connect to SMTP server with STARTTLS

    During the connection, STARTTLS is issued and we do the tlshello thing, but the server reports:

    Anonymous TLS connection established ...: TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256
    warning: TLS library problem: error:1409444C:SSL routines:ssl3_read_bytes:tlsv1 alert no renegotiation:../ssl/record/rec_layer_s3.c:1543:SSL alert number 100:
    lost connection after EHLO ...
    

    The debug dump from tlse is:

    Initializing dependencies
    Message type: 16, length: 155
    HANDSHAKE MESSAGE
     => SERVER HELLO
    VERSION REQUIRED BY REMOTE 303, VERSION NOW 304
    REMOTE SESSION ID:  (32): 71 CF 4E 40 B8 8B 4E 9B 5B FD 29 BE DC EF 8C CE 5F 9D 60 90 1C 8E 63 24 FE DC 79 17 5A 9D C4 66 
    Extension: 0x02b (43), len: 2
    TLS 1.3 SUPPORTED
    Extension: 0x033 (51), len: 69
    EXTENSION, KEY SHARE (69): 00 17 00 41 04 6F 3A A0 69 97 A5 0B 25 D9 59 DD 37 5A 27 ED 19 93 B3 24 BD 44 0C AB 91 EA 8C 71 C6 6F 47 20 B7 A2 AE 8F 49 DE 0C 0F 78 E5 02 22 46 71 BD AE 86 CB 77 48 6C 8F D0 11 A0 8D 00 11 5F B6 EB 6C D9 
    CIPHER: TLS-AES-128-GCM-SHA256
    KEY SHARE => secp256r1
    OUT_SIZE: 32
    ECC DHE (32): DB 62 2B BB 09 1A 29 D5 09 09 15 94 A1 E9 7E 50 2F F0 44 F4 6E 93 75 5D B4 22 02 FA 4C 7F E9 03 
    Consumed 160 bytes
    Message type: 14, length: 1
    CHANGE CIPHER SPEC MESSAGE
    EXTRACT (32): 33 AD 0A 1C 60 7E C0 3B 09 E6 CD 98 93 68 0C E2 10 AD F3 00 AA 1F 26 60 E1 B2 2E 10 F1 70 F9 2A 
    null hash (32): E3 B0 C4 42 98 FC 1C 14 9A FB F4 C8 99 6F B9 24 27 AE 41 E4 64 9B 93 4C A4 95 99 1B 78 52 B8 55 
    INFO (49): 00 20 0D 74 6C 73 31 33 20 64 65 72 69 76 65 64 20 E3 B0 C4 42 98 FC 1C 14 9A FB F4 C8 99 6F B9 24 27 AE 41 E4 64 9B 93 4C A4 95 99 1B 78 52 B8 55 
    salt (32): 6F 26 15 A1 08 C7 02 C5 67 8F 54 FC 9D BA B6 97 16 C0 76 18 9C 48 25 0C EB EA C3 57 6C 36 11 BA 
    EXTRACT (32): D4 0E 3A A6 8E F9 AB CC A0 9A C3 BC D6 E8 A7 B0 61 EA 90 DC 87 C5 4F A6 48 31 0B 62 E1 BF 98 88 
    messages hash (32): 2F 51 82 2A 98 83 9F 79 D6 A8 35 55 40 8C 0B E5 91 52 06 26 C2 F4 B1 C6 C7 07 E5 A3 B5 0C 78 2D 
    INFO (54): 00 20 12 74 6C 73 31 33 20 63 20 68 73 20 74 72 61 66 66 69 63 20 2F 51 82 2A 98 83 9F 79 D6 A8 35 55 40 8C 0B E5 91 52 06 26 C2 F4 B1 C6 C7 07 E5 A3 B5 0C 78 2D 
    c hs traffic (32): 0C 7D 0F 8C ED C7 6C E5 11 3A 1C 3C DA 75 AC 42 BC 78 40 55 C8 47 72 4B B5 CF 4A 9A AE 97 E6 EE 
    INFO (13): 00 10 09 74 6C 73 31 33 20 6B 65 79 00 
    INFO (12): 00 0C 08 74 6C 73 31 33 20 69 76 00 
    INFO (54): 00 20 12 74 6C 73 31 33 20 73 20 68 73 20 74 72 61 66 66 69 63 20 2F 51 82 2A 98 83 9F 79 D6 A8 35 55 40 8C 0B E5 91 52 06 26 C2 F4 B1 C6 C7 07 E5 A3 B5 0C 78 2D 
    INFO (13): 00 10 09 74 6C 73 31 33 20 6B 65 79 00 
    INFO (12): 00 0C 08 74 6C 73 31 33 20 69 76 00 
    CLIENT KEY (16): 1D F3 5F 42 A4 D0 C2 D0 21 24 A8 F5 8F 86 EF B7 
    CLIENT IV (12): CB 06 36 F3 64 4B 33 EA 5F 7D 96 C0 
    SERVER KEY (16): 29 25 2C 0D 89 74 ED 31 F4 15 AA 49 2A A7 28 BC 
    SERVER IV (12): A2 81 44 F3 6D A0 34 1D D0 8A 64 1E 
    INFO (18): 00 20 0E 74 6C 73 31 33 20 66 69 6E 69 73 68 65 64 00 
    FINISHED (32): CA 1F 9D 25 E1 0E B6 84 45 3D E9 B0 E2 F5 E0 AC EE 4E 48 90 14 17 02 D7 33 46 B6 D2 47 F6 AF F3 
    INFO (18): 00 20 0E 74 6C 73 31 33 20 66 69 6E 69 73 68 65 64 00 
    REMOTE FINISHED (32): 78 3A 34 01 22 A2 EA 58 2C 3E AC 7B 65 D1 64 D8 FF E5 D3 4B 35 53 F6 A8 AC 15 6E 9C 1F AA 03 A5 
    Using cipher ID: 1301
    Consumed 6 bytes
    Message type: 17, length: 39
    encrypted (39): BA 0E 0C 52 8F D8 A4 DD A5 70 C5 D8 EA 58 F8 A0 07 0E F2 14 A6 BC 5F F6 F0 F1 20 19 39 AB F2 53 CC 34 56 24 B5 59 2E 
    aad (5): 17 03 03 00 27 
    aad iv (12): A2 81 44 F3 6D A0 34 1D D0 8A 64 1E 
    PT SIZE: 23
    decrypted (23): 08 00 00 12 00 10 00 0A 00 0C 00 0A 00 1D 00 1E 00 17 00 19 00 18 16 
    tag (16): F6 F0 F1 20 19 39 AB F2 53 CC 34 56 24 B5 59 2E 
    HANDSHAKE MESSAGE
    Consumed 27 bytes
    Message type: 17, length: 1394
    encrypted (1394): 2A 65 F7 B1 47 81 4B 51 79 73 FD 15 1A 79 F7 BB 51 D7 4F 03 20 3B 36 50 EE FB 23 76 D9 E9 5A 8C 52 6A A8 C4 C7 B1 8D 63 00 24 BA 26 EE 56 58 C0 78 3D CB E2 D0 5F F6 72 2D B4 8D B8 3B 69 B3 B6 93 5A 82 06 E4 0A 07 E6 E8 2C 20 85 61 94 0C A2 E3 8E 64 90 BA E2 82 6A DA A3 6F 83 89 B9 46 59 5F AA 5B AD 27 E8 AB 90 9C CD 48 67 DE EC 5E FA 4D 91 3B BA B5 35 18 D5 15 66 6F AF 9C 65 15 06 A2 66 49 35 AB 0A 20 77 CC 15 65 C3 E1 A6 65 06 15 D0 A7 2B 78 6C B8 28 E5 DF E4 2E D2 7B 76 44 AB 61 0E 9C E0 08 63 7B 10 3E 19 6C 12 E4 BA 12 F8 41 34 E1 F3 D2 E7 D2 F9 9D 2C 7B 28 8A 63 CF 47 BF D2 CD 5C 68 97 EA 51 E4 64 58 57 DB B6 7D F8 BA C4 DE E3 28 B8 4F 75 9F BC F1 C6 0C CC D9 8D 7E 03 CD A6 48 01 CD 4D 85 F4 B7 31 8C AC FD DD A4 0E 3E C8 0F 10 9C E4 35 B7 E6 23 EB D0 1D 24 5A 34 CD 7C F0 54 D8 90 03 3D B7 95 A7 C3 8F 43 D2 33 4F 2F 49 6A D4 5A 20 CD 42 D7 E8 0C E8 9F 0C 3B B7 B8 E4 E8 15 00 23 08 FC E5 14 6A 58 B5 F5 98 F1 E5 51 72 35 5F 38 4D 8A FA C6 4F 90 52 02 90 27 9E BC 15 5A 6D D8 F9 BC 49 E9 B1 55 E7 99 2A AC 91 93 E4 EC E6 3D 3C BD BA 8F 38 07 0A 71 2F 43 0F DB 08 52 62 AE 8B 06 4B DA 78 F7 A0 4E 4A 4C E7 13 C6 45 A3 FD 95 43 F3 3E 4E E7 DA DC DC 29 1A 98 42 BA 13 7E C8 15 12 C5 C5 DE E6 E0 49 30 DE A2 E4 5A C0 32 5F D6 DA ED AA D2 EC 26 CB 1B 23 52 8B DA BB 73 F4 F9 52 FF 14 D4 8F B7 90 AA D5 D2 07 02 26 CB CA 96 3D 35 A2 6D 5D 5E E7 4C 15 1A C3 24 7B 46 70 0F 6B 3F AE 58 5E AE FF 9F 6F 74 14 B2 FF 43 AC 93 BB 2A E1 2E 71 D4 67 9D F7 28 A1 9D BF 87 DC E7 E2 63 3D 56 C8 07 01 56 9B 61 AA BD 9B 78 43 25 7E 66 51 F2 F0 50 BC 26 04 64 09 6D 6E C1 78 40 9E 29 A1 13 C5 69 8A 06 FB C7 FC 6D F6 EE F6 EF 01 7D EC E0 86 7B C3 AF 2E 34 26 97 0D 47 48 8F CD 5C F4 45 D8 51 EA F0 2F 89 7C 4B 1F 21 0C A2 BB DE E6 13 25 4B EA 58 A9 88 2A CF 20 CB 1A 7C B7 C0 17 46 B2 1C B5 F3 CD 08 64 EB 87 BB 35 33 81 08 89 66 0B D3 B7 94 52 2C FA 24 2C D8 D6 83 F3 04 81 40 E8 12 F3 F5 88 08 1E 5B 2B DB 41 9D FF 0C 0C 7A 9A 2B 54 79 78 B0 A6 DB FB 25 DF 55 D0 A2 F8 F1 7B 41 E6 9A 8D 49 BA D9 0F 76 13 DB 41 1C 6B A2 B8 F3 C4 DD 7C F1 C9 CD CC CF 27 88 10 E6 0F 09 DC 6F 2F A2 EC 25 DA 3A F0 E3 56 49 FD BF AD 97 B3 90 40 99 7E 31 A1 98 86 3E 0D 77 BD 88 9A B2 9D 52 10 6C 34 32 13 47 37 E3 DE D8 98 78 A5 5E 66 59 00 0D B9 2F 96 2E E1 D8 A2 CB 91 BD 99 AF AF 31 EB 46 AB 6E FB 84 11 66 6A AD 33 3F DA 1F 55 3F F1 1E 1B 2D D6 E4 77 00 97 D1 33 0D 6C 8A BD A6 69 1C C1 0B 9D 63 D7 DD 77 77 BD 37 11 BA 9B 26 A6 4E 81 FA 8E 67 7B 4E 00 4F 35 34 E8 36 B4 6A 61 30 E1 02 16 B5 B1 37 29 E9 63 B3 E0 4F D3 1F DE 3C DA F8 28 53 81 4E B2 40 D5 57 9E 08 88 2D 92 F9 4D 84 5B 9A A2 9D D8 DD 55 BF 12 14 A7 7E 68 1D 62 9E 7E 26 40 04 98 43 F1 E0 EF E6 18 DC 0F 9A 87 94 02 D0 F5 90 2C B4 F4 6B 43 B6 8E 6C 6B A2 22 41 A4 A9 76 C6 2E 5E 92 CD 01 01 90 46 EA B3 31 F9 08 38 A0 4C FF 39 08 0E DC 5F 75 70 75 4C 90 0D DF 98 F3 55 57 0B BD 9C 80 10 21 23 A1 6D 2C 33 92 B1 68 73 BF 19 C9 81 5C 2A 78 57 23 B7 FD FF 36 E7 CB 74 E5 92 ED F1 58 FB B7 24 B4 68 4E 7B 1B 80 C2 A3 2B B2 31 6C 27 A2 BC B5 91 5B B8 D6 BA 0B 14 AF 69 4B A8 E6 7A 7A 55 11 C6 CA C6 E2 9B 6A 9E 5B 70 49 CA FB 56 2F F2 6E CF 41 E1 6E E7 39 55 0F C8 17 AE E5 A0 B8 C1 68 14 3D 4C 3F AF D4 B7 E7 C1 78 79 EB A6 74 13 C7 81 FC D7 F3 49 0C 5F D3 A6 54 96 F4 B0 7A 05 32 5E DC 34 03 8B 8A 7E 55 58 DD 3F A4 0F A4 24 4E 6D C1 83 E4 BA 2E B1 95 F6 CD 68 CF 7F 77 B8 2F DB 31 0B 89 FF 45 E7 9C 47 D9 DE D7 88 7F 81 D6 0C F2 36 EF 93 A0 DB 34 2C A2 50 4F E8 B2 79 CA 62 8E CF 62 22 41 CD 03 E9 EE 3D 1A 0C 54 B4 62 BB 52 4A 32 14 00 88 51 F6 2B 1D 88 B3 32 9C 0C 4E 7C B7 81 95 6B 38 14 79 1D BD 2A F4 76 33 4E 78 A2 1E E7 AA A4 42 16 E8 C8 A9 7A E3 06 C8 C5 61 B0 A4 8C 1F 46 AE EA 34 12 4C AD D4 9B F3 35 49 C5 E4 95 23 5B FB A5 DE 2A D0 90 D0 B9 4C B9 D0 F1 2B 62 CA E8 6F 42 57 A5 66 64 31 ED E3 D7 37 F6 E0 F9 05 F9 E6 F4 BF 66 15 B8 19 3D 57 21 0A 81 E9 B2 9E E9 DE 91 F7 35 4D 49 E1 07 63 EB FF 26 3E AC 1A 6B 0B B9 84 58 CF 57 C3 25 A6 72 6B 3F 44 35 88 B0 D8 C5 6F BD F8 00 63 40 B6 80 4E CE 25 B2 62 B3 36 5F 22 E4 89 17 42 29 51 3B 3A 33 A8 F5 D2 B7 D9 64 95 6F 88 3C E4 3B DC 8F 6D CF 3A 02 4E DC EE D3 66 19 5E D6 AB 7B CE 50 7D E8 E4 7D E3 21 3D 64 81 E2 E6 F4 92 6E 94 B3 D9 D4 7B 79 C1 3A C2 11 3E 3F 2B 44 2A 2A 8B 20 
    aad (5): 17 03 03 05 72 
    aad iv (12): A2 81 44 F3 6D A0 34 1D D0 8A 64 1F 
    PT SIZE: 1378
    decrypted (1378): 0B 00 05 5D 00 00 05 59 00 05 54 30 82 05 50 30 82 04 38 A0 03 02 01 02 02 12 03 A2 ED C6 3F 09 A5 9F EF 7A 3C C3 60 8E 5A AC 2B 66 30 0D 06 09 2A 86 48 86 F7 0D 01 01 0B 05 00 30 32 31 0B 30 09 06 03 55 04 06 13 02 55 53 31 16 30 14 06 03 55 04 0A 13 0D 4C 65 74 27 73 20 45 6E 63 72 79 70 74 31 0B 30 09 06 03 55 04 03 13 02 52 33 30 1E 17 0D 32 31 30 35 31 36 30 38 35 38 31 38 5A 17 0D 32 31 30 38 31 34 30 38 35 38 31 38 5A 30 16 31 14 30 12 06 03 55 04 03 13 0B 72 6F 6E 77 61 72 65 2E 6F 72 67 30 82 01 22 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82 01 0F 00 30 82 01 0A 02 82 01 01 00 BE D9 3C B5 1E 4F D0 12 38 AC 4D 54 E1 49 56 5D E8 27 C2 A2 A8 94 A6 92 D4 78 1B 8D 23 53 3C 11 C8 CE 0B 42 36 7B 2F EE F3 22 87 07 56 B8 00 BC 79 BD C5 4B 88 39 CE 2F CA 73 AE 97 1C 3A 2D 3A 95 BE 58 69 D5 7A 3C C4 79 AF 6D 02 7B 82 B0 F0 33 4F 83 D8 65 62 03 D8 EF 4C 51 0A 18 5B 1D 8D 40 51 46 D1 3B 00 66 11 86 0D 3A 29 15 DC 26 A6 B5 71 F3 D3 4E 46 B3 24 2A 1F E1 AB ED E7 65 C1 72 B0 28 0C 51 70 68 3F 5B CC A6 63 79 FC FD 83 A2 13 80 40 DB E5 03 24 31 DD AD C9 0E C5 61 06 46 5B 9B 6E 1E 04 10 B2 4C A3 F0 8A 63 7A 67 F4 4F A0 0C C3 99 46 E7 CD AD E7 C1 71 E6 F9 4D C6 69 96 DA 27 F6 BB 5A 79 BB DD 3C 97 5C B5 5F 01 DF 34 AE DE 4F 73 9F 81 24 9F 11 53 86 BC 47 89 35 53 DF 34 E5 3A 00 20 24 51 A5 57 EE 37 48 F3 EC AF 8E 23 9A 51 B4 5B 44 F4 AE 9D 18 4C AE 8D 02 03 01 00 01 A3 82 02 7A 30 82 02 76 30 0E 06 03 55 1D 0F 01 01 FF 04 04 03 02 05 A0 30 1D 06 03 55 1D 25 04 16 30 14 06 08 2B 06 01 05 05 07 03 01 06 08 2B 06 01 05 05 07 03 02 30 0C 06 03 55 1D 13 01 01 FF 04 02 30 00 30 1D 06 03 55 1D 0E 04 16 04 14 84 C3 F1 B5 3F 1A CA 2E 9C 96 A5 CA 13 4D 84 A3 62 C2 8D A4 30 1F 06 03 55 1D 23 04 18 30 16 80 14 14 2E B3 17 B7 58 56 CB AE 50 09 40 E6 1F AF 9D 8B 14 C2 C6 30 55 06 08 2B 06 01 05 05 07 01 01 04 49 30 47 30 21 06 08 2B 06 01 05 05 07 30 01 86 15 68 74 74 70 3A 2F 2F 72 33 2E 6F 2E 6C 65 6E 63 72 2E 6F 72 67 30 22 06 08 2B 06 01 05 05 07 30 02 86 16 68 74 74 70 3A 2F 2F 72 33 2E 69 2E 6C 65 6E 63 72 2E 6F 72 67 2F 30 4B 06 03 55 1D 11 04 44 30 42 82 0E 61 61 72 6F 6E 2D 74 65 63 68 2E 63 6F 6D 82 0B 72 6F 6E 77 61 72 65 2E 6F 72 67 82 12 77 77 77 2E 61 61 72 6F 6E 2D 74 65 63 68 2E 63 6F 6D 82 0F 77 77 77 2E 72 6F 6E 77 61 72 65 2E 6F 72 67 30 4C 06 03 55 1D 20 04 45 30 43 30 08 06 06 67 81 0C 01 02 01 30 37 06 0B 2B 06 01 04 01 82 DF 13 01 01 01 30 28 30 26 06 08 2B 06 01 05 05 07 02 01 16 1A 68 74 74 70 3A 2F 2F 63 70 73 2E 6C 65 74 73 65 6E 63 72 79 70 74 2E 6F 72 67 30 82 01 03 06 0A 2B 06 01 04 01 D6 79 02 04 02 04 81 F4 04 81 F1 00 EF 00 76 00 5C DC 43 92 FE E6 AB 45 44 B1 5E 9A D4 56 E6 10 37 FB D5 FA 47 DC A1 73 94 B2 5E E6 F6 C7 0E CA 00 00 01 79 74 9C B9 D2 00 00 04 03 00 47 30 45 02 21 00 A2 9E 3B 46 42 CD 48 5C D7 B1 49 64 0E 3F 9E 2B B3 3F 31 C4 5D 35 9F EF 01 96 47 20 92 12 31 15 02 20 77 26 4F 52 07 40 A1 D2 C3 E7 44 C3 98 22 99 EA AE 3B 5D 22 60 2D 5B F0 C9 6C 33 F7 43 69 3F 08 00 75 00 F6 5C 94 2F D1 77 30 22 14 54 18 08 30 94 56 8E E3 4D 13 19 33 BF DF 0C 2F 20 0B CC 4E F1 64 E3 00 00 01 79 74 9C B9 FB 00 00 04 03 00 46 30 44 02 20 6D 65 34 3A 0F 81 21 0E 22 34 3E A9 ED B5 B9 DF E0 C0 9F AB B2 7B B2 D1 E0 B7 52 C9 D1 4F FF D4 02 20 59 0B D5 13 C8 59 97 8E C1 8B 4F 4A B1 21 79 2C 9D D4 75 A6 0B 5B DB A6 2D 2D 1D DA 00 89 57 3D 30 0D 06 09 2A 86 48 86 F7 0D 01 01 0B 05 00 03 82 01 01 00 79 E6 3A C9 34 81 75 A9 25 E5 A1 33 AB E4 28 87 56 1B 61 32 D2 53 DF C9 26 0D 56 8D 48 44 39 FF AB 7B B0 FD 51 78 56 DD BF E3 43 31 0E D3 7F 5F 9F 30 AE E4 28 98 40 6A 93 1C 64 5A DC 61 9F 3C 83 61 AE EF E9 97 2A A9 3A 05 52 A0 2D 65 66 72 FF 88 1F 71 04 7C 65 E1 84 A6 EF 07 BC 65 7D 10 73 8E 7D AD 9C 9F B7 37 EA 6E DD 0D F2 E4 1F 3C D8 06 1A 24 41 DB 8E BE 5C D8 8F 95 F6 31 26 74 F7 7C 17 5A C1 0E FC B1 8B A8 C7 85 7C F3 F7 20 6A 0F 8D 3C 4B 44 97 B2 B1 C9 35 7E F8 35 CA 31 DF 80 35 7E 2A 08 22 26 82 59 C0 4C 91 6E 25 ED 16 8B BF 83 CA A1 EB 4C 62 BC 1E B4 4A 0D 0B ED AB 42 16 A5 C1 6B 63 98 8B 7F 67 42 B2 92 BA 50 76 B6 61 C2 29 F8 83 1C 04 B6 9C 43 34 0F 6A 6F E0 A6 DA 7A E4 D9 BD F6 CB 3F 51 91 43 38 DB 41 26 D7 BD A3 36 DA 42 15 2C 6D 66 A3 87 0A A3 54 00 00 16 
    tag (16): D9 D4 7B 79 C1 3A C2 11 3E 3F 2B 44 2A 2A 8B 20 
    HANDSHAKE MESSAGE
     => CERTIFICATE
    Consumed 1382 bytes
    Message type: 17, length: 281
    encrypted (281): C6 96 1E F4 C5 B6 94 12 1E 06 78 E1 46 EF ED A2 AD F3 30 31 18 3C 68 09 3E 9B B8 B4 95 7B E8 9F 0E 2D 10 7D 39 75 9D 73 CD D4 76 FC 15 F3 24 97 4C EE 87 26 B3 D1 75 80 88 D7 8D 24 2E 2A 55 8E 8F 96 6E CE F1 C8 06 6E 9A AB 93 6D 4D 38 E8 70 DF 13 ED 49 35 41 EA D1 82 87 4E 60 5E B2 F2 75 8A 69 77 54 13 96 2E 33 E6 D7 98 79 3F 40 06 D0 A7 15 42 FC 6B 7F 5F 36 1A 4E AB 0F 6E F6 60 7B E4 FF 3A CC 10 05 B8 54 89 1D CC AD 26 38 66 CF 6A 97 45 83 DA 3B F0 41 7D EA B4 EF 32 7D D0 12 B1 63 26 1C E4 F7 6B CE 99 6D 12 71 CD 1C 3A 4B 51 EF C7 74 6D B4 7A BC CA 15 C2 26 FE C8 1D F5 2C A6 0D 0F 45 16 42 12 4D FE 9B DD 28 39 8B 82 53 37 E2 29 44 9C 5A 35 3E 30 06 4B FA 80 61 7C C8 0A F0 59 01 9E B9 AA 84 C9 A9 7C A3 0C 0B BA F5 E2 2E 66 C0 FC 3B CB F7 EE 41 B4 ED 1D ED 6A 72 08 77 05 42 D2 0F 14 1D 09 6A 38 67 F2 9D 62 4C 60 04 AF 69 8C B3 94 07 
    aad (5): 17 03 03 01 19 
    aad iv (12): A2 81 44 F3 6D A0 34 1D D0 8A 64 1C 
    PT SIZE: 265
    decrypted (265): 0F 00 01 04 08 04 01 00 8F DA B2 7E 43 4D 5F E1 77 B8 EC 69 13 9C 81 B7 A6 59 7A EE 04 0F DF C9 3F 89 A8 C3 8D 19 D9 69 5F 4D B5 33 30 F0 BB 77 3E 24 AD D4 61 0C E6 93 2F FD F0 DA AE B7 23 C0 99 2F 54 CE 6F 59 69 0F F5 76 C8 CF 8A C9 EF 7B 7B 36 3E 9D B1 0A C7 F7 9E 89 17 C9 B7 BE 26 F0 1E C8 45 22 DE 8D 1F F2 7B 5A C5 2A 15 75 E9 D2 75 47 04 21 20 23 E3 B8 74 4B F5 90 A8 E8 4A CD 53 42 74 22 62 16 3C 4C 30 4C 1F 53 2C 0A 67 41 33 83 AC 56 9C BA 8A 2B C6 68 43 BF B1 D3 76 6A BB F9 32 D1 11 A4 07 9D C7 E0 99 AF EC 99 CF 45 59 21 F1 90 74 52 28 15 EB 02 14 AE 7C 28 0D 64 91 BD 51 96 69 7A 8D A1 B4 92 09 79 73 4E 87 2F 5E 7A A6 23 08 36 1F FB 0B F4 39 CD 6A B8 88 42 BA DE 69 D8 19 DD 7E CE 56 BA 49 06 68 34 C7 C2 6C 7F F0 A2 0C 0E D7 CA 27 8C 7E AE 9D 78 92 52 A9 7F 8D A3 BF 7B 94 30 16 
    tag (16): 09 6A 38 67 F2 9D 62 4C 60 04 AF 69 8C B3 94 07 
    HANDSHAKE MESSAGE
     => CERTIFICATE VERIFY
    signature data (130): 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 54 4C 53 20 31 2E 33 2C 20 63 6C 69 65 6E 74 20 43 65 72 74 69 66 69 63 61 74 65 56 65 72 69 66 79 00 45 01 F4 30 A4 29 8E 4C 3E 02 F0 00 33 D8 D5 45 A2 FD A8 C7 49 F8 D2 89 A7 14 4F 17 5E B0 15 02 
    Consumed 269 bytes
    Message type: 17, length: 53
    encrypted (53): 0C F9 FF 65 6B ED CC 79 57 7C C1 64 A6 2D A0 99 96 B3 1E A2 BE ED 7D 02 95 11 C1 96 B0 30 44 43 01 51 5C 9B 4F 70 B5 4A 6F A8 DB 06 CE 07 FA 8F E6 BF 6C D4 FC 
    aad (5): 17 03 03 00 35 
    aad iv (12): A2 81 44 F3 6D A0 34 1D D0 8A 64 1D 
    PT SIZE: 37
    decrypted (37): 14 00 00 20 F7 5D 75 A4 A7 2F B4 EB 98 0F 84 2E 46 91 29 D8 3B 85 B9 1A 1E CB 5E 6B 07 C1 94 BD 14 00 D6 4C 16 
    tag (16): 70 B5 4A 6F A8 DB 06 CE 07 FA 8F E6 BF 6C D4 FC 
    HANDSHAKE MESSAGE
     => FINISHED
    HS HASH (32): E3 62 A0 E9 CF E6 5E 61 EC 57 6F 91 F8 C6 63 00 A1 1E 22 14 8C B0 D8 98 CD FC 85 6E 9D 43 A0 D0 
    HS FINISH (32): CA 1F 9D 25 E1 0E B6 84 45 3D E9 B0 E2 F5 E0 AC EE 4E 48 90 14 17 02 D7 33 46 B6 D2 47 F6 AF F3 
    HS REMOTE FINISH (32): 78 3A 34 01 22 A2 EA 58 2C 3E AC 7B 65 D1 64 D8 FF E5 D3 4B 35 53 F6 A8 AC 15 6E 9C 1F AA 03 A5 
    <= SENDING FINISHED
    HS HASH (32): 96 71 45 37 9D 4E FF 80 47 E7 6B 78 16 A0 7F 1F 51 90 E8 DE 20 DD BF E1 08 3D 83 53 C1 34 3E E6 
    HS FINISH (32): CA 1F 9D 25 E1 0E B6 84 45 3D E9 B0 E2 F5 E0 AC EE 4E 48 90 14 17 02 D7 33 46 B6 D2 47 F6 AF F3 
    HS REMOTE FINISH (32): 78 3A 34 01 22 A2 EA 58 2C 3E AC 7B 65 D1 64 D8 FF E5 D3 4B 35 53 F6 A8 AC 15 6E 9C 1F AA 03 A5 
    VERIFY DATA (32): EB CF AA 23 49 C4 26 E0 97 9E 10 5F 93 EC AC AE E6 82 CA 7F 43 2D 12 72 AA D2 1D 49 EB 24 AA 4A 
    USING PREVIOUS SECRET (32): D4 0E 3A A6 8E F9 AB CC A0 9A C3 BC D6 E8 A7 B0 61 EA 90 DC 87 C5 4F A6 48 31 0B 62 E1 BF 98 88 
    INFO (49): 00 20 0D 74 6C 73 31 33 20 64 65 72 69 76 65 64 20 E3 B0 C4 42 98 FC 1C 14 9A FB F4 C8 99 6F B9 24 27 AE 41 E4 64 9B 93 4C A4 95 99 1B 78 52 B8 55 
    salt (32): 71 32 FC 00 11 5A DA 9F 53 73 77 9A 41 89 23 1E 99 23 DF C2 20 10 F4 71 E3 D4 91 FC 48 2C 91 E1 
    EXTRACT (32): C4 65 16 FF 32 AA 9A 87 43 0F C9 4A D8 FC 65 AC C9 91 9F 0F 6E 34 49 E9 75 56 0B D0 8C A4 D9 22 
    messages hash (32): 7A CE A8 EB EA D9 84 7D DB C3 A0 39 95 DF 2D 98 E0 A0 A5 89 3B B1 B3 56 84 05 A8 27 A1 81 A5 25 
    INFO (54): 00 20 12 74 6C 73 31 33 20 63 20 61 70 20 74 72 61 66 66 69 63 20 96 71 45 37 9D 4E FF 80 47 E7 6B 78 16 A0 7F 1F 51 90 E8 DE 20 DD BF E1 08 3D 83 53 C1 34 3E E6 
    c ap traffic (32): 8F F1 F6 5B 8D C6 28 15 C9 BE DA A1 F9 A2 F5 F7 E1 BC E3 D4 6A 48 12 1F 38 08 83 FD 1A 0C 2A E3 
    INFO (13): 00 10 09 74 6C 73 31 33 20 6B 65 79 00 
    INFO (12): 00 0C 08 74 6C 73 31 33 20 69 76 00 
    INFO (54): 00 20 12 74 6C 73 31 33 20 73 20 61 70 20 74 72 61 66 66 69 63 20 96 71 45 37 9D 4E FF 80 47 E7 6B 78 16 A0 7F 1F 51 90 E8 DE 20 DD BF E1 08 3D 83 53 C1 34 3E E6 
    INFO (13): 00 10 09 74 6C 73 31 33 20 6B 65 79 00 
    INFO (12): 00 0C 08 74 6C 73 31 33 20 69 76 00 
    CLIENT KEY (16): C1 BD 35 3F 7D 88 AF 94 74 20 92 C1 5C C9 4F 82 
    CLIENT IV (12): A9 AF 3E 94 4B 34 49 BC 77 2C 0D D2 
    SERVER KEY (16): 7B 9E 9C 90 7B 04 3A D4 07 D5 E7 98 FB 01 22 8E 
    SERVER IV (12): 21 CD A1 40 F8 D0 34 76 B0 D1 4C A8 
    Using cipher ID: 1301
    Consumed 41 bytes
    Message type: 17, length: 234
    encrypted (234): 54 31 B3 10 A1 6B 58 32 24 93 0C B9 93 D4 0E FB BE 13 5A 31 EC FA A1 C1 B9 1D C3 C9 B1 0E 82 6B EC 6D 32 8A 88 EF 7B F8 3D 8F 92 2E C5 D4 C5 3D DF AA 19 E2 30 CE 29 11 03 D5 13 4B D1 2B 90 3B F1 03 38 D9 57 FB 4A 44 CB 8C 68 01 30 1C 0B E5 C9 03 36 D6 FE 2D AF 9E CF 77 F3 06 BF 95 07 83 78 AC C7 1E 63 9F 70 93 73 6C 40 42 48 65 D0 72 70 76 90 FB 14 A6 75 69 DF 03 32 C5 4B 75 88 2E 64 D0 A7 37 A3 14 05 81 44 1A AF 99 83 AC 56 54 6A CB EC 2D 97 1B 01 80 0F 17 1D 24 B7 C8 F2 89 D3 D2 E5 69 75 CC 5F 0C 27 6A D3 E7 85 B0 88 52 24 86 F8 2D FC 86 4B 26 9D 7C 10 6F 4A A4 A5 94 D0 FC 96 3C 9E C0 DA 34 E9 9E D6 AB 5C 9C D2 B6 FF FD D8 B0 BB F8 C4 B1 BB 59 9C 50 04 17 19 CF 7B BC 92 21 06 FC CD 16 4D 00 
    aad (5): 17 03 03 00 EA 
    aad iv (12): 21 CD A1 40 F8 D0 34 76 B0 D1 4C A8 
    PT SIZE: 218
    decrypted (218): 04 00 00 D5 00 00 1C 20 BF 77 BB 92 08 00 00 00 00 00 00 00 00 00 C0 F5 82 43 07 3B E6 0B 58 B8 A4 6E D8 4D DA C0 B2 C1 4D CC 3E E0 31 27 8F B2 DB A2 E1 DB 59 8E 1F 36 A4 08 E1 57 6E CC F9 82 1B DF 98 68 C6 E3 DE CB 9F FE 95 05 D1 EC 42 A4 3F C2 3A BD 52 82 E6 43 41 3C 33 B6 4A 8B 5D 5C 9D F9 76 98 44 07 8B C7 13 79 B9 38 B3 59 6A 45 FC 20 0A 07 20 EE E1 1A E1 7F D5 BE DD 38 FF 20 40 2A 5C D1 7C 6A BD 45 5B CF D9 92 B6 78 84 0C 93 60 2A 4E 8E E2 51 54 4D 46 07 5F 6C 39 3E A8 BE C0 AB 5B BE 05 39 FA 31 A9 52 C2 81 25 1B EB E6 7A DF 5F 23 A6 4A 2F CC E9 0B CB B6 32 F3 1D D6 8E 58 A9 FE 3F 3B 57 EB A9 56 4A F9 B8 DD D1 33 D2 84 C5 11 B6 D8 00 00 16 
    tag (16): 9C 50 04 17 19 CF 7B BC 92 21 06 FC CD 16 4D 00 
    HANDSHAKE MESSAGE
    Consumed 222 bytes
    Message type: 17, length: 195
    encrypted (195): 6C 1E E0 21 25 3D FC C4 A9 3B FE B7 56 95 54 66 AC 64 17 C2 38 EF 8E C6 7C 5C 20 C6 71 4B AE D5 98 25 34 50 0F 1C 0D 7A F4 F3 53 BF 1D D0 44 E4 1A 65 CA C2 B3 37 6E C2 F6 63 1A 87 04 FF 1B ED 87 04 54 7E 90 99 56 29 73 E8 EB B5 31 A4 93 AC 80 C3 2D D7 D7 19 80 BE A7 84 02 71 C8 BA 96 16 3C 2A 7F 9A 82 38 DE 63 23 86 27 54 50 1E 21 85 24 7A ED FD D8 B6 24 72 38 09 FF F1 B0 BE A5 BF 30 87 D8 9C A6 4D A2 62 91 8D 3A 0A 0B E9 D7 13 AB DF 0C 4B 4B D7 77 C7 B7 9F 00 CF 04 19 7B 6A 20 AF A6 B5 B2 44 9E 35 6E 6F 48 65 C7 E2 28 62 A4 CB EA D3 91 C1 89 EC 36 01 D0 97 47 42 39 B9 5B 7B 5F 
    aad (5): 17 03 03 00 C3 
    aad iv (12): 21 CD A1 40 F8 D0 34 76 B0 D1 4C A9 
    PT SIZE: 179
    decrypted (179): 32 35 30 2D 6D 61 69 6C 2E 72 6F 6E 77 61 72 65 2E 6F 72 67 0D 0A 32 35 30 2D 50 49 50 45 4C 49 4E 49 4E 47 0D 0A 32 35 30 2D 53 49 5A 45 0D 0A 32 35 30 2D 45 54 52 4E 0D 0A 32 35 30 2D 41 55 54 48 20 50 4C 41 49 4E 20 4C 4F 47 49 4E 0D 0A 32 35 30 2D 41 55 54 48 3D 50 4C 41 49 4E 20 4C 4F 47 49 4E 0D 0A 32 35 30 2D 45 4E 48 41 4E 43 45 44 53 54 41 54 55 53 43 4F 44 45 53 0D 0A 32 35 30 2D 38 42 49 54 4D 49 4D 45 0D 0A 32 35 30 2D 44 53 4E 0D 0A 32 35 30 2D 53 4D 54 50 55 54 46 38 0D 0A 32 35 30 20 43 48 55 4E 4B 49 4E 47 0D 0A 17 
    tag (16): D3 91 C1 89 EC 36 01 D0 97 47 42 39 B9 5B 7B 5F 
    APPLICATION DATA MESSAGE (TLS VERSION: 304):
    250-mail.ronware.org
    250-PIPELINING
    250-SIZE
    250-ETRN
    250-AUTH PLAIN LOGIN
    250-AUTH=PLAIN LOGIN
    250-ENHANCEDSTATUSCODES
    250-8BITMIME
    250-DSN
    250-SMTPUTF8
    250 CHUNKING
    
    Consumed 183 bytes
    
TLS 1.3 implementation in C (master supports RFC8446 as well as draft-26, -27, -28)

picotls Picotls is a TLS 1.3 (RFC 8446) protocol stack written in C, with the following features: support for three crypto engines "OpenSSL" backend u

Nov 16, 2022
Winpcap-based network packet capture tool, support TLS (part), UDP, ICMP, TCP, ARP, DNS and other protocol analysis, interface reference wireshark.
Winpcap-based network packet capture tool, support TLS (part), UDP, ICMP, TCP, ARP, DNS and other protocol analysis, interface reference wireshark.

Winpcap-based network packet capture tool, support TLS (part), UDP, ICMP, TCP, ARP, DNS and other protocol analysis, interface reference wireshark.

Nov 20, 2022
Extract TLS session keys from running programs

Tlskeydump Tlskeydump extracts TLS key material from processes at runtime so that packet captures containing TLS-encrypted data can be decrypted and a

Sep 5, 2022
SNIF ~ e2e TLS trust for IoT

/************************************************************************** * _________ * /````````_\ S N I F ~ e2e TLS trus

Nov 24, 2022
GnuTLS implements the TLS/SSL (Transport Layer Security aka Secure Sockets Layer) protocol

GnuTLS implements the TLS/SSL (Transport Layer Security aka Secure Sockets Layer) protocol

Jun 3, 2021
Minimalistic socket library inspired by Asio/Boost Asio, implemented in 1 single header file

cz-spas czspas (Small Portable Asynchronous Sockets) is minimalistic socket library inspired by Asio/Boost Asio, implemented in 1 single header file.

Jun 12, 2022
Single file public domain networking library

zed_net zed_net is a single file, public domain library that provides a simple wrapper around BSD sockets (Winsock 2.2 on Windows), intended primary f

Jul 18, 2022
Cross-platform, single .h file HTTP server (Windows, Linux, Mac OS X)

EWS - Single .h File C Embeddable Web Server Latest Version: 1.1.4 released September 9, 2021 Supported platforms: Linux, Mac OS X, Windows License: B

Nov 18, 2022
Portable, single-file, protocol-agnostic TCP and UDP socket wrapper, primarily for game networking

Documentation This is a header-only library, as such most of its functional documentation is contained within the "header section" of the source code

Aug 29, 2022
Built a peer-to-peer group based file sharing system where users could share or download files from the groups they belonged to. Supports parallel downloading with multiple file chunks from multiple peers.

Mini-Torrent Built a peer-to-peer group based file sharing system where users could share or download files from the groups they belonged to. Supports

Nov 15, 2021
An extensible, cross-platform, single-header C/C++ OpenGL loader library.

Simple OpenGL Loader An extensible, cross-platform, single-header C/C++ OpenGL loader library. Usage For Windows Win32 or Linux X11 applications, the

Oct 19, 2022
single header C(99) library to implement client-server network code for games

single header C(99) library to implement client-server network code for games

Nov 25, 2022
A single-header socket library for both Linux and Windows

COMS What is COMS? COMS is a single-header library designed to be simple to use. It supports TCP and UDP, Server and Client. Available for Windows and

Dec 23, 2021
Faster termux-am implementation that connects to a receiver in termux-app using a unix socket

termux-am-socket This is a small program for sending commands to the Termux:API app, thereby allowing terminal programs to use the Android API. The pr

Nov 14, 2022
Brutally effective DNS amplification ddos attack tool. Can cripple a target machine from a single host. Use with extreme caution.

Brutally effective DNS amplification ddos attack tool. Can cripple a target machine from a single host. Use with extreme caution.

Nov 28, 2022
Backroll is a pure Rust implementation of GGPO rollback networking library.

backroll-rs Backroll is a pure Rust implementation of GGPO rollback networking library. Development Status This is still in an early beta stage. At ti

Nov 30, 2022
XQUIC Library released by Alibaba is a cross-platform implementation of QUIC and HTTP/3 protocol.
XQUIC Library released by Alibaba is a cross-platform implementation of QUIC and HTTP/3 protocol.

XQUIC 简体中文文档 README-zh-CN Introduction XQUIC Library released by Alibaba is … … a client and server implementation of QUIC and HTTP/3 as specified by

Nov 28, 2022
Open source file system for small embedded systems

STORfs Open Source File System Release Version 1.0.2 Created by: KrauseGLOBAL Solutions, LLC What is STORfs? STORfs is an open source flash file syste

Jul 26, 2022
100% XXTEA authenticated, chunked file encryption

XXTEA file encryption An experiment using XXTEA as the primitive for all of encryption, authentication, and key derivation. The ciphertext is authenti

Oct 8, 2022