Nmap Development mailing list archives
Ncat SSL regressions
From: Daniel Roethlisberger <daniel () roe ch>
Date: Sun, 7 Jun 2009 01:27:55 +0200
Here's more information on the regressions in the Ncat SSL code: - openssl s_server works with openssl s_client. - ncat -l --ssl from the -listen branch works with openssl s_client - ncat -l --ssl from /nmap does not work with openssl s_client: Ncat version 4.85BETA9 ( http://nmap.org/ncat ) Listening on 0.0.0.0:1344 Connection from 127.0.0.1. Failed SSL connection from 127.0.0.1: error:00000000:lib(0):func(0):reason(0) - ncat -l --ssl from either branch does not work with ncat --ssl: Ncat version 4.85BETA9 ( http://nmap.org/ncat ) Listening on 0.0.0.0:1338 Failed SSL connection from 127.0.0.1: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol - ncat -l --broker --ssl from either branch doesn't work with ncat --ssl: Ncat version 4.85BETA9 ( http://nmap.org/ncat ) Listening on 0.0.0.0:1338 Connection from 127.0.0.1. Failed SSL connection from 127.0.0.1: error:00000000:lib(0):func(0):reason(0) - ncat -l --broker --ssl from either branch doesn't always work with openssl s_client, first connection doesn't work, second connection works: Ncat version 4.85BETA9 ( http://nmap.org/ncat ) Listening on 0.0.0.0:1340 Connection from 127.0.0.1. Failed SSL connection from 127.0.0.1: error:00000000:lib(0):func(0):reason(0) Connection from 127.0.0.1. - openssl s_server does not work with ncat --ssl from either branch: Using default temp DH parameters Using default temp ECDH parameters ACCEPT ERROR 83742:error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_srvr.c:562: shutting down SSL CONNECTION CLOSED ACCEPT All errors above are on the server side. Here's full debug output for the /nmap ncat -l --ssl vs. openssl s_client case: $ uname -a FreeBSD marvin.ustcor.roe.ch 7.2-RELEASE FreeBSD 7.2-RELEASE #0: Fri May 1 08:49:13 UTC 2009 root () walker cse buffalo edu:/usr/obj/usr/src/sys/GENERIC i386 $ openssl version OpenSSL 0.9.8e 23 Feb 2007 $ ldd ncat ncat: libssl.so.5 => /usr/lib/libssl.so.5 (0x28096000) libcrypto.so.5 => /lib/libcrypto.so.5 (0x280d7000) libpcap.so.5 => /lib/libpcap.so.5 (0x28230000) libc.so.7 => /lib/libc.so.7 (0x28257000) $ which openssl /usr/bin/openssl $ ldd /usr/bin/openssl /usr/bin/openssl: libssl.so.5 => /usr/lib/libssl.so.5 (0x280d4000) libcrypto.so.5 => /lib/libcrypto.so.5 (0x28115000) libc.so.7 => /lib/libc.so.7 (0x2826e000) $ ./ncat -vvv -l --ssl 1399 --ssl-key ncat.key --ssl-cert ncat.crt Ncat version 4.85BETA9 ( http://nmap.org/ncat ) Listening on 0.0.0.0:1399 DEBUG: Initialized fdlist with 102 maxfds DEBUG: Added fd 3 to list, nfds 1, maxfd 3 DEBUG: Added fd 0 to list, nfds 2, maxfd 3 DEBUG: selecting, fdmax 3 DEBUG: select returned 1 fds ready DEBUG: fd 3 is ready Connection from 127.0.0.1. Failed SSL connection from 127.0.0.1: error:00000000:lib(0):func(0):reason(0) DEBUG: selecting, fdmax 3 $ openssl s_client -debug -msg -state -showcerts -connect localhost:1399 SSL_connect:before/connect initialization CONNECTED(00000003) write to 0x28401580 [0x2844a000] (136 bytes => 136 (0x88)) 0000 - 80 86 01 03 01 00 5d 00-00 00 20 00 00 39 00 00 ......]... ..9.. 0010 - 38 00 00 35 00 00 88 00-00 87 00 00 84 00 00 16 8..5............ 0020 - 00 00 13 00 00 0a 07 00-c0 00 00 33 00 00 32 00 ...........3..2. 0030 - 00 2f 00 00 45 00 00 44-00 00 41 03 00 80 00 00 ./..E..D..A..... 0040 - 05 00 00 04 01 00 80 00-00 15 00 00 12 00 00 09 ................ 0050 - 06 00 40 00 00 14 00 00-11 00 00 08 00 00 06 04 ..@............. 0060 - 00 80 00 00 03 02 00 80-1f 76 31 9c f8 14 aa d0 .........v1..... 0070 - fa 59 29 5c d3 45 95 57-ce 36 c4 7e 1d 09 66 6b .Y)\.E.W.6.~..fk 0080 - 88 af a1 eb d5 53 a3 1c- .....S..
SSL 2.0 [length 0086], CLIENT-HELLO
01 03 01 00 5d 00 00 00 20 00 00 39 00 00 38 00 00 35 00 00 88 00 00 87 00 00 84 00 00 16 00 00 13 00 00 0a 07 00 c0 00 00 33 00 00 32 00 00 2f 00 00 45 00 00 44 00 00 41 03 00 80 00 00 05 00 00 04 01 00 80 00 00 15 00 00 12 00 00 09 06 00 40 00 00 14 00 00 11 00 00 08 00 00 06 04 00 80 00 00 03 02 00 80 1f 76 31 9c f8 14 aa d0 fa 59 29 5c d3 45 95 57 ce 36 c4 7e 1d 09 66 6b 88 af a1 eb d5 53 a3 1c SSL_connect:SSLv2/v3 write client hello A read from 0x28401580 [0x28450000] (7 bytes => 7 (0x7)) 0000 - 16 03 01 00 4a 02 ....J. 0007 - <SPACES/NULS> read from 0x28401580 [0x28450007] (72 bytes => 72 (0x48)) 0000 - 00 46 03 01 4a 2a f8 d8-17 81 f8 d9 19 a3 68 2b .F..J*........h+ 0010 - 6e e1 b5 ab 8a b9 4b d9-cf 20 dd a5 3a c3 87 22 n.....K.. ..:.." 0020 - aa ca 6e 89 20 90 10 42-55 0a 2f 44 5c b4 e7 1b ..n. ..BU./D\... 0030 - ed 39 2e cf 09 f1 56 3d-34 dc 21 ba 1b ea 94 3d .9....V=4.!....= 0040 - cd 0a 20 c8 56 00 35 .. .V.5 0048 - <SPACES/NULS> <<< TLS 1.0 Handshake [length 004a], ServerHello 02 00 00 46 03 01 4a 2a f8 d8 17 81 f8 d9 19 a3 68 2b 6e e1 b5 ab 8a b9 4b d9 cf 20 dd a5 3a c3 87 22 aa ca 6e 89 20 90 10 42 55 0a 2f 44 5c b4 e7 1b ed 39 2e cf 09 f1 56 3d 34 dc 21 ba 1b ea 94 3d cd 0a 20 c8 56 00 35 00 SSL_connect:SSLv3 read server hello A read from 0x28401580 [0x28450000] (5 bytes => 5 (0x5)) 0000 - 16 03 01 02 29 ....) read from 0x28401580 [0x28450005] (553 bytes => 553 (0x229)) 0000 - 0b 00 02 25 00 02 22 00-02 1f 30 82 02 1b 30 82 ...%.."...0...0. 0010 - 01 84 a0 03 02 01 02 02-09 00 98 07 9e 18 af 01 ................ 0020 - 3e 95 30 0d 06 09 2a 86-48 86 f7 0d 01 01 05 05 >.0...*.H....... 0030 - 00 30 14 31 12 30 10 06-03 55 04 03 13 09 6c 6f .0.1.0...U....lo 0040 - 63 61 6c 68 6f 73 74 30-1e 17 0d 30 39 30 36 30 calhost0...09060 0050 - 36 32 32 35 33 34 39 5a-17 0d 31 30 30 36 30 36 6225349Z..100606 0060 - 32 32 35 33 34 39 5a 30-14 31 12 30 10 06 03 55 225349Z0.1.0...U 0070 - 04 03 13 09 6c 6f 63 61-6c 68 6f 73 74 30 81 9f ....localhost0.. 0080 - 30 0d 06 09 2a 86 48 86-f7 0d 01 01 01 05 00 03 0...*.H......... 0090 - 81 8d 00 30 81 89 02 81-81 00 c0 97 65 44 05 1c ...0........eD.. 00a0 - 1b 4f 01 8d 9f b1 76 1e-b4 c4 e0 1d c2 94 57 51 .O....v.......WQ 00b0 - 0b 02 dc 9c 80 61 e2 ee-97 b3 ab 07 29 a6 2b e6 .....a......).+. 00c0 - 21 ef 9e ac d8 53 47 43-25 da 8b a6 a5 30 39 d0 !....SGC%....09. 00d0 - 6c 5f 25 c4 ad ab a6 c4-cd 7d 10 93 b7 c5 fb cd l_%......}...... 00e0 - ac b3 fc 03 3d 31 3b fb-86 e4 0d a4 86 ef 34 67 ....=1;.......4g 00f0 - b3 2a 4f 15 93 78 a2 0a-57 82 96 49 f2 58 21 ef .*O..x..W..I.X!. 0100 - 57 29 4d 93 5e 96 b2 11-0a e8 20 97 bb 68 a9 d0 W)M.^..... ..h.. 0110 - d4 59 d6 0f 42 1e 26 8b-d5 01 02 03 01 00 01 a3 .Y..B.&......... 0120 - 75 30 73 30 1d 06 03 55-1d 0e 04 16 04 14 36 74 u0s0...U......6t 0130 - a8 fb c8 9f 42 cd 63 51-0a c1 1f 6a d7 dc 31 6b ....B.cQ...j..1k 0140 - 90 06 30 44 06 03 55 1d-23 04 3d 30 3b 80 14 36 ..0D..U.#.=0;..6 0150 - 74 a8 fb c8 9f 42 cd 63-51 0a c1 1f 6a d7 dc 31 t....B.cQ...j..1 0160 - 6b 90 06 a1 18 a4 16 30-14 31 12 30 10 06 03 55 k......0.1.0...U 0170 - 04 03 13 09 6c 6f 63 61-6c 68 6f 73 74 82 09 00 ....localhost... 0180 - 98 07 9e 18 af 01 3e 95-30 0c 06 03 55 1d 13 04 ......>.0...U... 0190 - 05 30 03 01 01 ff 30 0d-06 09 2a 86 48 86 f7 0d .0....0...*.H... 01a0 - 01 01 05 05 00 03 81 81-00 80 a6 74 56 c1 d9 6b ...........tV..k 01b0 - 61 8e 0e e3 fa 0c 56 ce-94 39 a0 c2 04 29 3d 3c a.....V..9...)=< 01c0 - 8c 1b 85 0a b0 31 0f dd-a7 0c e2 a6 00 82 ad 0c .....1.......... 01d0 - 04 28 93 be c3 4f a7 a0-74 64 78 28 2d 69 83 46 .(...O..tdx(-i.F 01e0 - 9f 3b 3c 97 46 22 53 0d-29 7b a1 04 4f f0 d6 23 .;<.F"S.){..O..# 01f0 - f8 de 22 64 f1 65 c2 a4-fc 81 8e f8 fd 2f 3b be .."d.e......./;. 0200 - 43 2d f1 ee cd fc 66 5b-2e 93 9f 81 af 61 2f fa C-....f[.....a/. 0210 - fa 6f 9a ff 8c 0b 3c 45-27 53 82 f9 a0 34 fe 37 .o....<E'S...4.7 0220 - d7 3b e0 0f 36 f1 11 88-44 .;..6...D <<< TLS 1.0 Handshake [length 0229], Certificate 0b 00 02 25 00 02 22 00 02 1f 30 82 02 1b 30 82 01 84 a0 03 02 01 02 02 09 00 98 07 9e 18 af 01 3e 95 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 30 14 31 12 30 10 06 03 55 04 03 13 09 6c 6f 63 61 6c 68 6f 73 74 30 1e 17 0d 30 39 30 36 30 36 32 32 35 33 34 39 5a 17 0d 31 30 30 36 30 36 32 32 35 33 34 39 5a 30 14 31 12 30 10 06 03 55 04 03 13 09 6c 6f 63 61 6c 68 6f 73 74 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 c0 97 65 44 05 1c 1b 4f 01 8d 9f b1 76 1e b4 c4 e0 1d c2 94 57 51 0b 02 dc 9c 80 61 e2 ee 97 b3 ab 07 29 a6 2b e6 21 ef 9e ac d8 53 47 43 25 da 8b a6 a5 30 39 d0 6c 5f 25 c4 ad ab a6 c4 cd 7d 10 93 b7 c5 fb cd ac b3 fc 03 3d 31 3b fb 86 e4 0d a4 86 ef 34 67 b3 2a 4f 15 93 78 a2 0a 57 82 96 49 f2 58 21 ef 57 29 4d 93 5e 96 b2 11 0a e8 20 97 bb 68 a9 d0 d4 59 d6 0f 42 1e 26 8b d5 01 02 03 01 00 01 a3 75 30 73 30 1d 06 03 55 1d 0e 04 16 04 14 36 74 a8 fb c8 9f 42 cd 63 51 0a c1 1f 6a d7 dc 31 6b 90 06 30 44 06 03 55 1d 23 04 3d 30 3b 80 14 36 74 a8 fb c8 9f 42 cd 63 51 0a c1 1f 6a d7 dc 31 6b 90 06 a1 18 a4 16 30 14 31 12 30 10 06 03 55 04 03 13 09 6c 6f 63 61 6c 68 6f 73 74 82 09 00 98 07 9e 18 af 01 3e 95 30 0c 06 03 55 1d 13 04 05 30 03 01 01 ff 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 80 a6 74 56 c1 d9 6b 61 8e 0e e3 fa 0c 56 ce 94 39 a0 c2 04 29 3d 3c 8c 1b 85 0a b0 31 0f dd a7 0c e2 a6 00 82 ad 0c 04 28 93 be c3 4f a7 a0 74 64 78 28 2d 69 83 46 9f 3b 3c 97 46 22 53 0d 29 7b a1 04 4f f0 d6 23 f8 de 22 64 f1 65 c2 a4 fc 81 8e f8 fd 2f 3b be 43 2d f1 ee cd fc 66 5b 2e 93 9f 81 af 61 2f fa fa 6f 9a ff 8c 0b 3c 45 27 53 82 f9 a0 34 fe 37 d7 3b e0 0f 36 f1 11 88 44 depth=0 /CN=localhost verify error:num=18:self signed certificate verify return:1 depth=0 /CN=localhost verify return:1 SSL_connect:SSLv3 read server certificate A read from 0x28401580 [0x28450000] (5 bytes => 5 (0x5)) 0000 - 16 03 01 00 04 ..... read from 0x28401580 [0x28450005] (4 bytes => 4 (0x4)) 0000 - 0e . 0004 - <SPACES/NULS> <<< TLS 1.0 Handshake [length 0004], ServerHelloDone 0e 00 00 00 SSL_connect:SSLv3 read server done A
TLS 1.0 Handshake [length 0086], ClientKeyExchange
10 00 00 82 00 80 36 43 38 24 d5 1d bc 47 27 39 b2 50 bd da 01 71 ee ed 8f 07 48 05 39 55 7d c0 2f 5e 66 44 9e 7c a2 c0 1e dd 8f ef eb ea 2f 00 34 97 49 93 ae c7 c5 21 53 68 6d b7 03 0a 38 d2 74 38 21 7c 57 6a 5a eb da b2 27 60 fb 7c 53 54 75 61 c0 d1 19 93 3f 9c a7 ac 20 de 19 4f da 70 0c ec cf 4d 9a 86 26 36 f3 92 f8 5a 56 cc c6 f4 f2 24 3a cf 2f 66 fc 7b 4e bf 02 64 14 e2 88 27 44 f6 d0 cf a7 6a SSL_connect:SSLv3 write client key exchange A write to 0x28401580 [0x2845b000] (139 bytes => 139 (0x8B)) 0000 - 16 03 01 00 86 10 00 00-82 00 80 36 43 38 24 d5 ...........6C8$. 0010 - 1d bc 47 27 39 b2 50 bd-da 01 71 ee ed 8f 07 48 ..G'9.P...q....H 0020 - 05 39 55 7d c0 2f 5e 66-44 9e 7c a2 c0 1e dd 8f .9U}./^fD.|..... 0030 - ef eb ea 2f 00 34 97 49-93 ae c7 c5 21 53 68 6d .../.4.I....!Shm 0040 - b7 03 0a 38 d2 74 38 21-7c 57 6a 5a eb da b2 27 ...8.t8!|WjZ...' 0050 - 60 fb 7c 53 54 75 61 c0-d1 19 93 3f 9c a7 ac 20 `.|STua....?... 0060 - de 19 4f da 70 0c ec cf-4d 9a 86 26 36 f3 92 f8 ..O.p...M..&6... 0070 - 5a 56 cc c6 f4 f2 24 3a-cf 2f 66 fc 7b 4e bf 02 ZV....$:./f.{N.. 0080 - 64 14 e2 88 27 44 f6 d0-cf a7 6a d...'D....j
TLS 1.0 ChangeCipherSpec [length 0001]
01 SSL_connect:error in SSLv3 write finished A SSL_connect:error in SSLv3 write finished A write:errno=32 write to 0x28401580 [0x2845b000] (6 bytes => -1 (0xFFFFFFFF)) -- Daniel Roethlisberger http://daniel.roe.ch/ _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Ncat SSL regressions Daniel Roethlisberger (Jun 06)
- Re: Ncat SSL regressions David Fifield (Jun 07)
- Re: Ncat SSL regressions Daniel Roethlisberger (Jun 08)
- Re: Ncat SSL regressions David Fifield (Jun 07)