Nmap Development mailing list archives
Ncat SSL regressions
From: Daniel Roethlisberger <daniel () roe ch>
Date: Sun, 7 Jun 2009 01:27:55 +0200
Here's more information on the regressions in the Ncat SSL code:
- openssl s_server works with openssl s_client.
- ncat -l --ssl from the -listen branch works with openssl
s_client
- ncat -l --ssl from /nmap does not work with openssl s_client:
Ncat version 4.85BETA9 ( http://nmap.org/ncat )
Listening on 0.0.0.0:1344
Connection from 127.0.0.1.
Failed SSL connection from 127.0.0.1:
error:00000000:lib(0):func(0):reason(0)
- ncat -l --ssl from either branch does not work with
ncat --ssl:
Ncat version 4.85BETA9 ( http://nmap.org/ncat )
Listening on 0.0.0.0:1338
Failed SSL connection from 127.0.0.1: error:140760FC:SSL
routines:SSL23_GET_CLIENT_HELLO:unknown protocol
- ncat -l --broker --ssl from either branch doesn't work with
ncat --ssl:
Ncat version 4.85BETA9 ( http://nmap.org/ncat )
Listening on 0.0.0.0:1338
Connection from 127.0.0.1.
Failed SSL connection from 127.0.0.1:
error:00000000:lib(0):func(0):reason(0)
- ncat -l --broker --ssl from either branch doesn't always work
with openssl s_client, first connection doesn't work, second
connection works:
Ncat version 4.85BETA9 ( http://nmap.org/ncat )
Listening on 0.0.0.0:1340
Connection from 127.0.0.1.
Failed SSL connection from 127.0.0.1:
error:00000000:lib(0):func(0):reason(0)
Connection from 127.0.0.1.
- openssl s_server does not work with ncat --ssl from either
branch:
Using default temp DH parameters
Using default temp ECDH parameters
ACCEPT
ERROR
83742:error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown
protocol:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_srvr.c:562:
shutting down SSL
CONNECTION CLOSED
ACCEPT
All errors above are on the server side. Here's full debug
output for the /nmap ncat -l --ssl vs. openssl s_client case:
$ uname -a
FreeBSD marvin.ustcor.roe.ch 7.2-RELEASE FreeBSD 7.2-RELEASE #0:
Fri May 1 08:49:13 UTC 2009
root () walker cse buffalo edu:/usr/obj/usr/src/sys/GENERIC i386
$ openssl version
OpenSSL 0.9.8e 23 Feb 2007
$ ldd ncat
ncat:
libssl.so.5 => /usr/lib/libssl.so.5 (0x28096000)
libcrypto.so.5 => /lib/libcrypto.so.5 (0x280d7000)
libpcap.so.5 => /lib/libpcap.so.5 (0x28230000)
libc.so.7 => /lib/libc.so.7 (0x28257000)
$ which openssl
/usr/bin/openssl
$ ldd /usr/bin/openssl
/usr/bin/openssl:
libssl.so.5 => /usr/lib/libssl.so.5 (0x280d4000)
libcrypto.so.5 => /lib/libcrypto.so.5 (0x28115000)
libc.so.7 => /lib/libc.so.7 (0x2826e000)
$ ./ncat -vvv -l --ssl 1399 --ssl-key ncat.key --ssl-cert ncat.crt
Ncat version 4.85BETA9 ( http://nmap.org/ncat )
Listening on 0.0.0.0:1399
DEBUG: Initialized fdlist with 102 maxfds
DEBUG: Added fd 3 to list, nfds 1, maxfd 3
DEBUG: Added fd 0 to list, nfds 2, maxfd 3
DEBUG: selecting, fdmax 3
DEBUG: select returned 1 fds ready
DEBUG: fd 3 is ready
Connection from 127.0.0.1.
Failed SSL connection from 127.0.0.1: error:00000000:lib(0):func(0):reason(0)
DEBUG: selecting, fdmax 3
$ openssl s_client -debug -msg -state -showcerts -connect localhost:1399
SSL_connect:before/connect initialization
CONNECTED(00000003)
write to 0x28401580 [0x2844a000] (136 bytes => 136 (0x88))
0000 - 80 86 01 03 01 00 5d 00-00 00 20 00 00 39 00 00 ......]... ..9..
0010 - 38 00 00 35 00 00 88 00-00 87 00 00 84 00 00 16 8..5............
0020 - 00 00 13 00 00 0a 07 00-c0 00 00 33 00 00 32 00 ...........3..2.
0030 - 00 2f 00 00 45 00 00 44-00 00 41 03 00 80 00 00 ./..E..D..A.....
0040 - 05 00 00 04 01 00 80 00-00 15 00 00 12 00 00 09 ................
0050 - 06 00 40 00 00 14 00 00-11 00 00 08 00 00 06 04 ..@.............
0060 - 00 80 00 00 03 02 00 80-1f 76 31 9c f8 14 aa d0 .........v1.....
0070 - fa 59 29 5c d3 45 95 57-ce 36 c4 7e 1d 09 66 6b .Y)\.E.W.6.~..fk
0080 - 88 af a1 eb d5 53 a3 1c- .....S..
SSL 2.0 [length 0086], CLIENT-HELLO
01 03 01 00 5d 00 00 00 20 00 00 39 00 00 38 00
00 35 00 00 88 00 00 87 00 00 84 00 00 16 00 00
13 00 00 0a 07 00 c0 00 00 33 00 00 32 00 00 2f
00 00 45 00 00 44 00 00 41 03 00 80 00 00 05 00
00 04 01 00 80 00 00 15 00 00 12 00 00 09 06 00
40 00 00 14 00 00 11 00 00 08 00 00 06 04 00 80
00 00 03 02 00 80 1f 76 31 9c f8 14 aa d0 fa 59
29 5c d3 45 95 57 ce 36 c4 7e 1d 09 66 6b 88 af
a1 eb d5 53 a3 1c
SSL_connect:SSLv2/v3 write client hello A
read from 0x28401580 [0x28450000] (7 bytes => 7 (0x7))
0000 - 16 03 01 00 4a 02 ....J.
0007 - <SPACES/NULS>
read from 0x28401580 [0x28450007] (72 bytes => 72 (0x48))
0000 - 00 46 03 01 4a 2a f8 d8-17 81 f8 d9 19 a3 68 2b .F..J*........h+
0010 - 6e e1 b5 ab 8a b9 4b d9-cf 20 dd a5 3a c3 87 22 n.....K.. ..:.."
0020 - aa ca 6e 89 20 90 10 42-55 0a 2f 44 5c b4 e7 1b ..n. ..BU./D\...
0030 - ed 39 2e cf 09 f1 56 3d-34 dc 21 ba 1b ea 94 3d .9....V=4.!....=
0040 - cd 0a 20 c8 56 00 35 .. .V.5
0048 - <SPACES/NULS>
<<< TLS 1.0 Handshake [length 004a], ServerHello
02 00 00 46 03 01 4a 2a f8 d8 17 81 f8 d9 19 a3
68 2b 6e e1 b5 ab 8a b9 4b d9 cf 20 dd a5 3a c3
87 22 aa ca 6e 89 20 90 10 42 55 0a 2f 44 5c b4
e7 1b ed 39 2e cf 09 f1 56 3d 34 dc 21 ba 1b ea
94 3d cd 0a 20 c8 56 00 35 00
SSL_connect:SSLv3 read server hello A
read from 0x28401580 [0x28450000] (5 bytes => 5 (0x5))
0000 - 16 03 01 02 29 ....)
read from 0x28401580 [0x28450005] (553 bytes => 553 (0x229))
0000 - 0b 00 02 25 00 02 22 00-02 1f 30 82 02 1b 30 82 ...%.."...0...0.
0010 - 01 84 a0 03 02 01 02 02-09 00 98 07 9e 18 af 01 ................
0020 - 3e 95 30 0d 06 09 2a 86-48 86 f7 0d 01 01 05 05 >.0...*.H.......
0030 - 00 30 14 31 12 30 10 06-03 55 04 03 13 09 6c 6f .0.1.0...U....lo
0040 - 63 61 6c 68 6f 73 74 30-1e 17 0d 30 39 30 36 30 calhost0...09060
0050 - 36 32 32 35 33 34 39 5a-17 0d 31 30 30 36 30 36 6225349Z..100606
0060 - 32 32 35 33 34 39 5a 30-14 31 12 30 10 06 03 55 225349Z0.1.0...U
0070 - 04 03 13 09 6c 6f 63 61-6c 68 6f 73 74 30 81 9f ....localhost0..
0080 - 30 0d 06 09 2a 86 48 86-f7 0d 01 01 01 05 00 03 0...*.H.........
0090 - 81 8d 00 30 81 89 02 81-81 00 c0 97 65 44 05 1c ...0........eD..
00a0 - 1b 4f 01 8d 9f b1 76 1e-b4 c4 e0 1d c2 94 57 51 .O....v.......WQ
00b0 - 0b 02 dc 9c 80 61 e2 ee-97 b3 ab 07 29 a6 2b e6 .....a......).+.
00c0 - 21 ef 9e ac d8 53 47 43-25 da 8b a6 a5 30 39 d0 !....SGC%....09.
00d0 - 6c 5f 25 c4 ad ab a6 c4-cd 7d 10 93 b7 c5 fb cd l_%......}......
00e0 - ac b3 fc 03 3d 31 3b fb-86 e4 0d a4 86 ef 34 67 ....=1;.......4g
00f0 - b3 2a 4f 15 93 78 a2 0a-57 82 96 49 f2 58 21 ef .*O..x..W..I.X!.
0100 - 57 29 4d 93 5e 96 b2 11-0a e8 20 97 bb 68 a9 d0 W)M.^..... ..h..
0110 - d4 59 d6 0f 42 1e 26 8b-d5 01 02 03 01 00 01 a3 .Y..B.&.........
0120 - 75 30 73 30 1d 06 03 55-1d 0e 04 16 04 14 36 74 u0s0...U......6t
0130 - a8 fb c8 9f 42 cd 63 51-0a c1 1f 6a d7 dc 31 6b ....B.cQ...j..1k
0140 - 90 06 30 44 06 03 55 1d-23 04 3d 30 3b 80 14 36 ..0D..U.#.=0;..6
0150 - 74 a8 fb c8 9f 42 cd 63-51 0a c1 1f 6a d7 dc 31 t....B.cQ...j..1
0160 - 6b 90 06 a1 18 a4 16 30-14 31 12 30 10 06 03 55 k......0.1.0...U
0170 - 04 03 13 09 6c 6f 63 61-6c 68 6f 73 74 82 09 00 ....localhost...
0180 - 98 07 9e 18 af 01 3e 95-30 0c 06 03 55 1d 13 04 ......>.0...U...
0190 - 05 30 03 01 01 ff 30 0d-06 09 2a 86 48 86 f7 0d .0....0...*.H...
01a0 - 01 01 05 05 00 03 81 81-00 80 a6 74 56 c1 d9 6b ...........tV..k
01b0 - 61 8e 0e e3 fa 0c 56 ce-94 39 a0 c2 04 29 3d 3c a.....V..9...)=<
01c0 - 8c 1b 85 0a b0 31 0f dd-a7 0c e2 a6 00 82 ad 0c .....1..........
01d0 - 04 28 93 be c3 4f a7 a0-74 64 78 28 2d 69 83 46 .(...O..tdx(-i.F
01e0 - 9f 3b 3c 97 46 22 53 0d-29 7b a1 04 4f f0 d6 23 .;<.F"S.){..O..#
01f0 - f8 de 22 64 f1 65 c2 a4-fc 81 8e f8 fd 2f 3b be .."d.e......./;.
0200 - 43 2d f1 ee cd fc 66 5b-2e 93 9f 81 af 61 2f fa C-....f[.....a/.
0210 - fa 6f 9a ff 8c 0b 3c 45-27 53 82 f9 a0 34 fe 37 .o....<E'S...4.7
0220 - d7 3b e0 0f 36 f1 11 88-44 .;..6...D
<<< TLS 1.0 Handshake [length 0229], Certificate
0b 00 02 25 00 02 22 00 02 1f 30 82 02 1b 30 82
01 84 a0 03 02 01 02 02 09 00 98 07 9e 18 af 01
3e 95 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05
00 30 14 31 12 30 10 06 03 55 04 03 13 09 6c 6f
63 61 6c 68 6f 73 74 30 1e 17 0d 30 39 30 36 30
36 32 32 35 33 34 39 5a 17 0d 31 30 30 36 30 36
32 32 35 33 34 39 5a 30 14 31 12 30 10 06 03 55
04 03 13 09 6c 6f 63 61 6c 68 6f 73 74 30 81 9f
30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03
81 8d 00 30 81 89 02 81 81 00 c0 97 65 44 05 1c
1b 4f 01 8d 9f b1 76 1e b4 c4 e0 1d c2 94 57 51
0b 02 dc 9c 80 61 e2 ee 97 b3 ab 07 29 a6 2b e6
21 ef 9e ac d8 53 47 43 25 da 8b a6 a5 30 39 d0
6c 5f 25 c4 ad ab a6 c4 cd 7d 10 93 b7 c5 fb cd
ac b3 fc 03 3d 31 3b fb 86 e4 0d a4 86 ef 34 67
b3 2a 4f 15 93 78 a2 0a 57 82 96 49 f2 58 21 ef
57 29 4d 93 5e 96 b2 11 0a e8 20 97 bb 68 a9 d0
d4 59 d6 0f 42 1e 26 8b d5 01 02 03 01 00 01 a3
75 30 73 30 1d 06 03 55 1d 0e 04 16 04 14 36 74
a8 fb c8 9f 42 cd 63 51 0a c1 1f 6a d7 dc 31 6b
90 06 30 44 06 03 55 1d 23 04 3d 30 3b 80 14 36
74 a8 fb c8 9f 42 cd 63 51 0a c1 1f 6a d7 dc 31
6b 90 06 a1 18 a4 16 30 14 31 12 30 10 06 03 55
04 03 13 09 6c 6f 63 61 6c 68 6f 73 74 82 09 00
98 07 9e 18 af 01 3e 95 30 0c 06 03 55 1d 13 04
05 30 03 01 01 ff 30 0d 06 09 2a 86 48 86 f7 0d
01 01 05 05 00 03 81 81 00 80 a6 74 56 c1 d9 6b
61 8e 0e e3 fa 0c 56 ce 94 39 a0 c2 04 29 3d 3c
8c 1b 85 0a b0 31 0f dd a7 0c e2 a6 00 82 ad 0c
04 28 93 be c3 4f a7 a0 74 64 78 28 2d 69 83 46
9f 3b 3c 97 46 22 53 0d 29 7b a1 04 4f f0 d6 23
f8 de 22 64 f1 65 c2 a4 fc 81 8e f8 fd 2f 3b be
43 2d f1 ee cd fc 66 5b 2e 93 9f 81 af 61 2f fa
fa 6f 9a ff 8c 0b 3c 45 27 53 82 f9 a0 34 fe 37
d7 3b e0 0f 36 f1 11 88 44
depth=0 /CN=localhost
verify error:num=18:self signed certificate
verify return:1
depth=0 /CN=localhost
verify return:1
SSL_connect:SSLv3 read server certificate A
read from 0x28401580 [0x28450000] (5 bytes => 5 (0x5))
0000 - 16 03 01 00 04 .....
read from 0x28401580 [0x28450005] (4 bytes => 4 (0x4))
0000 - 0e .
0004 - <SPACES/NULS>
<<< TLS 1.0 Handshake [length 0004], ServerHelloDone
0e 00 00 00
SSL_connect:SSLv3 read server done A
TLS 1.0 Handshake [length 0086], ClientKeyExchange
10 00 00 82 00 80 36 43 38 24 d5 1d bc 47 27 39
b2 50 bd da 01 71 ee ed 8f 07 48 05 39 55 7d c0
2f 5e 66 44 9e 7c a2 c0 1e dd 8f ef eb ea 2f 00
34 97 49 93 ae c7 c5 21 53 68 6d b7 03 0a 38 d2
74 38 21 7c 57 6a 5a eb da b2 27 60 fb 7c 53 54
75 61 c0 d1 19 93 3f 9c a7 ac 20 de 19 4f da 70
0c ec cf 4d 9a 86 26 36 f3 92 f8 5a 56 cc c6 f4
f2 24 3a cf 2f 66 fc 7b 4e bf 02 64 14 e2 88 27
44 f6 d0 cf a7 6a
SSL_connect:SSLv3 write client key exchange A
write to 0x28401580 [0x2845b000] (139 bytes => 139 (0x8B))
0000 - 16 03 01 00 86 10 00 00-82 00 80 36 43 38 24 d5 ...........6C8$.
0010 - 1d bc 47 27 39 b2 50 bd-da 01 71 ee ed 8f 07 48 ..G'9.P...q....H
0020 - 05 39 55 7d c0 2f 5e 66-44 9e 7c a2 c0 1e dd 8f .9U}./^fD.|.....
0030 - ef eb ea 2f 00 34 97 49-93 ae c7 c5 21 53 68 6d .../.4.I....!Shm
0040 - b7 03 0a 38 d2 74 38 21-7c 57 6a 5a eb da b2 27 ...8.t8!|WjZ...'
0050 - 60 fb 7c 53 54 75 61 c0-d1 19 93 3f 9c a7 ac 20 `.|STua....?...
0060 - de 19 4f da 70 0c ec cf-4d 9a 86 26 36 f3 92 f8 ..O.p...M..&6...
0070 - 5a 56 cc c6 f4 f2 24 3a-cf 2f 66 fc 7b 4e bf 02 ZV....$:./f.{N..
0080 - 64 14 e2 88 27 44 f6 d0-cf a7 6a d...'D....j
TLS 1.0 ChangeCipherSpec [length 0001]
01 SSL_connect:error in SSLv3 write finished A SSL_connect:error in SSLv3 write finished A write:errno=32 write to 0x28401580 [0x2845b000] (6 bytes => -1 (0xFFFFFFFF)) -- Daniel Roethlisberger http://daniel.roe.ch/ _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Ncat SSL regressions Daniel Roethlisberger (Jun 06)
- Re: Ncat SSL regressions David Fifield (Jun 07)
- Re: Ncat SSL regressions Daniel Roethlisberger (Jun 08)
- Re: Ncat SSL regressions David Fifield (Jun 07)