Skip to Main Content
Forums

Security Software

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

SSL Handshake Client Cert Request CR 6626995

807573Nov 23 2007 — edited Nov 26 2007
Hello,

Some of our applications did not work any more, after we switched to DS6 and PS6.
The problem is that the DS6 and PS6 always ask for a client certificate.

In the old DS5.2 environment we set "Do not allow client authentication" the same we set on the DS6/PS6.
In DS6/PS6 traces we see that the Server asks for a Client Certificate.
In DS5.2 traces there is no such request.

We got a Fix for this problem (CR6626995).
But the applications still don't work.
Also I still see the Request for a Client Certificate send by the server.

Any Idea why the Fix does not work?

I enclosed a trace and marked in bold the line where the server asks for a client certificate.
The Fix was installed.

Regards,
Beate

---------------------------------------------------------------------------------------------------------------------------------------------------------
No. Time Source Destination Protocol Info
1 13:30:55.175408 172.108.248.34 172.203.21.200 TCP 35627 > 636 [SYN] Seq=0 Len=0 MSS=1460 WS=3 TSV=1200298934 TSER=0

Frame 1 (74 bytes on wire, 74 bytes captured)
Arrival Time: Nov 6, 2007 13:30:55.175408000
[Time delta from previous packet: 0.000000000 seconds]
[Time since reference or first frame: 0.000000000 seconds]
Frame Number: 1
Packet Length: 74 bytes
Capture Length: 74 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: TCP SYN/FIN]
[Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]
Ethernet II, Src: 06:bb:1e:44:c0:6c (06:bb:1e:44:c0:6c), Dst: F5Networ_25:ec:a9 (00:01:d7:25:ec:a9)
Destination: F5Networ_25:ec:a9 (00:01:d7:25:ec:a9)
Address: F5Networ_25:ec:a9 (00:01:d7:25:ec:a9)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: 06:bb:1e:44:c0:6c (06:bb:1e:44:c0:6c)
Address: 06:bb:1e:44:c0:6c (06:bb:1e:44:c0:6c)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
Type: IP (0x0800)
Internet Protocol, Src: 172.108.248.34 (172.108.248.34), Dst: 172.203.21.200 (172.203.21.200)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 60
Identification: 0xf2e4 (62180)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 60
Protocol: TCP (0x06)
Header checksum: 0xe4b4 [correct]
[Good: True]
[Bad : False]
Source: 172.108.248.34 (172.108.248.34)
Destination: 172.203.21.200 (172.203.21.200)
Transmission Control Protocol, Src Port: 35627 (35627), Dst Port: 636 (636), Seq: 0, Len: 0
Source port: 35627 (35627)
Destination port: 636 (636)
Sequence number: 0 (relative sequence number)
Header length: 40 bytes
Flags: 0x02 (SYN)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...0 .... = Acknowledgment: Not set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..1. = Syn: Set
.... ...0 = Fin: Not set
Window size: 65535
Checksum: 0xc41e [correct]
[Good Checksum: True]
[Bad Checksum: False]
Options: (20 bytes)
Maximum segment size: 1460 bytes
NOP
Window scale: 3 (multiply by 8)
NOP
NOP
Timestamps: TSval 1200298934, TSecr 0

No. Time Source Destination Protocol Info
2 13:30:55.180456 172.203.21.200 172.108.248.34 TCP 636 > 35627 [SYN, ACK] Seq=0 Ack=1 Win=49232 Len=0 TSV=407414773 TSER=1200298934 MSS=1460 WS=0

Frame 2 (74 bytes on wire, 74 bytes captured)
Arrival Time: Nov 6, 2007 13:30:55.180456000
[Time delta from previous packet: 0.005048000 seconds]
[Time since reference or first frame: 0.005048000 seconds]
Frame Number: 2
Packet Length: 74 bytes
Capture Length: 74 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: TCP SYN/FIN]
[Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]
Ethernet II, Src: F5Networ_25:ec:a9 (00:01:d7:25:ec:a9), Dst: 06:bb:1e:44:c0:6c (06:bb:1e:44:c0:6c)
Destination: 06:bb:1e:44:c0:6c (06:bb:1e:44:c0:6c)
Address: 06:bb:1e:44:c0:6c (06:bb:1e:44:c0:6c)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
Source: F5Networ_25:ec:a9 (00:01:d7:25:ec:a9)
Address: F5Networ_25:ec:a9 (00:01:d7:25:ec:a9)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 172.203.21.200 (172.203.21.200), Dst: 172.108.248.34 (172.108.248.34)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 60
Identification: 0x8f93 (36755)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 58
Protocol: TCP (0x06)
Header checksum: 0x4a06 [correct]
[Good: True]
[Bad : False]
Source: 172.203.21.200 (172.203.21.200)
Destination: 172.108.248.34 (172.108.248.34)
Transmission Control Protocol, Src Port: 636 (636), Dst Port: 35627 (35627), Seq: 0, Ack: 1, Len: 0
Source port: 636 (636)
Destination port: 35627 (35627)
Sequence number: 0 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 40 bytes
Flags: 0x12 (SYN, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..1. = Syn: Set
.... ...0 = Fin: Not set
Window size: 49232
Checksum: 0xf7c3 [correct]
[Good Checksum: True]
[Bad Checksum: False]
Options: (20 bytes)
NOP
NOP
Timestamps: TSval 407414773, TSecr 1200298934
Maximum segment size: 1460 bytes
NOP
Window scale: 0 (multiply by 1)
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 1]
[The RTT to ACK the segment was: 0.005048000 seconds]

No. Time Source Destination Protocol Info
3 13:30:55.180530 172.108.248.34 172.203.21.200 TCP 35627 > 636 [ACK] Seq=1 Ack=1 Win=262088 Len=0 TSV=1200298934 TSER=407414773

Frame 3 (66 bytes on wire, 66 bytes captured)
Arrival Time: Nov 6, 2007 13:30:55.180530000
[Time delta from previous packet: 0.000074000 seconds]
[Time since reference or first frame: 0.005122000 seconds]
Frame Number: 3
Packet Length: 66 bytes
Capture Length: 66 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: TCP]
[Coloring Rule String: tcp]
Ethernet II, Src: 06:bb:1e:44:c0:6c (06:bb:1e:44:c0:6c), Dst: F5Networ_25:ec:a9 (00:01:d7:25:ec:a9)
Destination: F5Networ_25:ec:a9 (00:01:d7:25:ec:a9)
Address: F5Networ_25:ec:a9 (00:01:d7:25:ec:a9)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: 06:bb:1e:44:c0:6c (06:bb:1e:44:c0:6c)
Address: 06:bb:1e:44:c0:6c (06:bb:1e:44:c0:6c)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
Type: IP (0x0800)
Internet Protocol, Src: 172.108.248.34 (172.108.248.34), Dst: 172.203.21.200 (172.203.21.200)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 52
Identification: 0xf2e5 (62181)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 60
Protocol: TCP (0x06)
Header checksum: 0xe4bb [correct]
[Good: True]
[Bad : False]
Source: 172.108.248.34 (172.108.248.34)
Destination: 172.203.21.200 (172.203.21.200)
Transmission Control Protocol, Src Port: 35627 (35627), Dst Port: 636 (636), Seq: 1, Ack: 1, Len: 0
Source port: 35627 (35627)
Destination port: 636 (636)
Sequence number: 1 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 32 bytes
Flags: 0x10 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 262088 (scaled)
Checksum: 0x63df [correct]
[Good Checksum: True]
[Bad Checksum: False]
Options: (12 bytes)
NOP
NOP
Timestamps: TSval 1200298934, TSecr 407414773
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 2]
[The RTT to ACK the segment was: 0.000074000 seconds]

No. Time Source Destination Protocol Info
4 13:30:55.206560 172.108.248.34 172.203.21.200 SSLv2 Client Hello

Frame 4 (165 bytes on wire, 165 bytes captured)
Arrival Time: Nov 6, 2007 13:30:55.206560000
[Time delta from previous packet: 0.026030000 seconds]
[Time since reference or first frame: 0.031152000 seconds]
Frame Number: 4
Packet Length: 165 bytes
Capture Length: 165 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp:ssl]
[Coloring Rule Name: TCP]
[Coloring Rule String: tcp]
Ethernet II, Src: 06:bb:1e:44:c0:6c (06:bb:1e:44:c0:6c), Dst: F5Networ_25:ec:a9 (00:01:d7:25:ec:a9)
Destination: F5Networ_25:ec:a9 (00:01:d7:25:ec:a9)
Address: F5Networ_25:ec:a9 (00:01:d7:25:ec:a9)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: 06:bb:1e:44:c0:6c (06:bb:1e:44:c0:6c)
Address: 06:bb:1e:44:c0:6c (06:bb:1e:44:c0:6c)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
Type: IP (0x0800)
Internet Protocol, Src: 172.108.248.34 (172.108.248.34), Dst: 172.203.21.200 (172.203.21.200)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 151
Identification: 0xf2e6 (62182)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 60
Protocol: TCP (0x06)
Header checksum: 0xe457 [correct]
[Good: True]
[Bad : False]
Source: 172.108.248.34 (172.108.248.34)
Destination: 172.203.21.200 (172.203.21.200)
Transmission Control Protocol, Src Port: 35627 (35627), Dst Port: 636 (636), Seq: 1, Ack: 1, Len: 99
Source port: 35627 (35627)
Destination port: 636 (636)
Sequence number: 1 (relative sequence number)
[Next sequence number: 100 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 32 bytes
Flags: 0x18 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 262088 (scaled)
Checksum: 0x876f [correct]
[Good Checksum: True]
[Bad Checksum: False]
Options: (12 bytes)
NOP
NOP
Timestamps: TSval 1200298934, TSecr 407414773
Secure Socket Layer
SSLv2 Record Layer: Client Hello
Length: 97
Handshake Message Type: Client Hello (1)
Version: SSL 3.0 (0x0300)
Cipher Spec Length: 72
Session ID Length: 0
Challenge Length: 16
Cipher Specs (24 specs)
Cipher Spec: SSL2_RC4_128_WITH_MD5 (0x010080)
Cipher Spec: TLS_RSA_WITH_RC4_128_MD5 (0x000004)
Cipher Spec: TLS_RSA_WITH_RC4_128_SHA (0x000005)
Cipher Spec: TLS_RSA_WITH_DES_CBC_SHA (0x000009)
Cipher Spec: SSL_RSA_FIPS_WITH_DES_CBC_SHA (0x00fefe)
Cipher Spec: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x00000a)
Cipher Spec: SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA (0x00feff)
Cipher Spec: TLS_DHE_RSA_WITH_DES_CBC_SHA (0x000015)
Cipher Spec: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x000016)
Cipher Spec: TLS_DHE_DSS_WITH_DES_CBC_SHA (0x000012)
Cipher Spec: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x000013)
Cipher Spec: SSL2_RC4_128_EXPORT40_WITH_MD5 (0x020080)
Cipher Spec: TLS_RSA_EXPORT_WITH_RC4_40_MD5 (0x000003)
Cipher Spec: TLS_RSA_EXPORT_WITH_DES40_CBC_SHA (0x000008)
Cipher Spec: TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (0x000006)
Cipher Spec: TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA (0x000014)
Cipher Spec: TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA (0x000011)
Cipher Spec: TLS_RSA_WITH_NULL_MD5 (0x000001)
Cipher Spec: TLS_RSA_WITH_NULL_SHA (0x000002)
Cipher Spec: TLS_DH_anon_WITH_RC4_128_MD5 (0x000018)
Cipher Spec: TLS_DH_anon_WITH_DES_CBC_SHA (0x00001a)
Cipher Spec: TLS_DH_anon_WITH_3DES_EDE_CBC_SHA (0x00001b)
Cipher Spec: TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 (0x000017)
Cipher Spec: TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA (0x000019)
Challenge

No. Time Source Destination Protocol Info
5 13:30:55.209513 172.203.21.200 172.108.248.34 TCP 636 > 35627 [ACK] Seq=1 Ack=100 Win=49232 Len=0 TSV=407414776 TSER=1200298934

Frame 5 (66 bytes on wire, 66 bytes captured)
Arrival Time: Nov 6, 2007 13:30:55.209513000
[Time delta from previous packet: 0.002953000 seconds]
[Time since reference or first frame: 0.034105000 seconds]
Frame Number: 5
Packet Length: 66 bytes
Capture Length: 66 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: TCP]
[Coloring Rule String: tcp]
Ethernet II, Src: F5Networ_25:ec:a9 (00:01:d7:25:ec:a9), Dst: 06:bb:1e:44:c0:6c (06:bb:1e:44:c0:6c)
Destination: 06:bb:1e:44:c0:6c (06:bb:1e:44:c0:6c)
Address: 06:bb:1e:44:c0:6c (06:bb:1e:44:c0:6c)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
Source: F5Networ_25:ec:a9 (00:01:d7:25:ec:a9)
Address: F5Networ_25:ec:a9 (00:01:d7:25:ec:a9)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 172.203.21.200 (172.203.21.200), Dst: 172.108.248.34 (172.108.248.34)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 52
Identification: 0x8f94 (36756)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 58
Protocol: TCP (0x06)
Header checksum: 0x4a0d [correct]
[Good: True]
[Bad : False]
Source: 172.203.21.200 (172.203.21.200)
Destination: 172.108.248.34 (172.108.248.34)
Transmission Control Protocol, Src Port: 636 (636), Dst Port: 35627 (35627), Seq: 1, Ack: 100, Len: 0
Source port: 636 (636)
Destination port: 35627 (35627)
Sequence number: 1 (relative sequence number)
Acknowledgement number: 100 (relative ack number)
Header length: 32 bytes
Flags: 0x10 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 49232
Checksum: 0x2322 [correct]
[Good Checksum: True]
[Bad Checksum: False]
Options: (12 bytes)
NOP
NOP
Timestamps: TSval 407414776, TSecr 1200298934
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 4]
[The RTT to ACK the segment was: 0.002953000 seconds]

No. Time Source Destination Protocol Info
6 13:30:55.212162 172.203.21.200 172.108.248.34 TCP [TCP segment of a reassembled PDU]

Frame 6 (1514 bytes on wire, 1514 bytes captured)
Arrival Time: Nov 6, 2007 13:30:55.212162000
[Time delta from previous packet: 0.002649000 seconds]
[Time since reference or first frame: 0.036754000 seconds]
Frame Number: 6
Packet Length: 1514 bytes
Capture Length: 1514 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp:ssl]
[Coloring Rule Name: TCP]
[Coloring Rule String: tcp]
Ethernet II, Src: F5Networ_25:ec:a9 (00:01:d7:25:ec:a9), Dst: 06:bb:1e:44:c0:6c (06:bb:1e:44:c0:6c)
Destination: 06:bb:1e:44:c0:6c (06:bb:1e:44:c0:6c)
Address: 06:bb:1e:44:c0:6c (06:bb:1e:44:c0:6c)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
Source: F5Networ_25:ec:a9 (00:01:d7:25:ec:a9)
Address: F5Networ_25:ec:a9 (00:01:d7:25:ec:a9)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 172.203.21.200 (172.203.21.200), Dst: 172.108.248.34 (172.108.248.34)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 1500
Identification: 0x8f95 (36757)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 58
Protocol: TCP (0x06)
Header checksum: 0x4464 [correct]
[Good: True]
[Bad : False]
Source: 172.203.21.200 (172.203.21.200)
Destination: 172.108.248.34 (172.108.248.34)
Transmission Control Protocol, Src Port: 636 (636), Dst Port: 35627 (35627), Seq: 1, Ack: 100, Len: 1448
Source port: 636 (636)
Destination port: 35627 (35627)
Sequence number: 1 (relative sequence number)
[Next sequence number: 1449 (relative sequence number)]
Acknowledgement number: 100 (relative ack number)
Header length: 32 bytes
Flags: 0x10 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 49232
Checksum: 0x75e2 [correct]
[Good Checksum: True]
[Bad Checksum: False]
Options: (12 bytes)
NOP
NOP
Timestamps: TSval 407414776, TSecr 1200298934
TCP segment data (1448 bytes)
Secure Socket Layer

No. Time Source Destination Protocol Info
*7 13:30:55.212202 172.203.21.200 172.108.248.34 SSLv3 Server Hello, Certificate, Certificate Request, Server Hello Done*
Frame 7 (988 bytes on wire, 988 bytes captured)
Arrival Time: Nov 6, 2007 13:30:55.212202000
[Time delta from previous packet: 0.000040000 seconds]
[Time since reference or first frame: 0.036794000 seconds]
Frame Number: 7
Packet Length: 988 bytes
Capture Length: 988 bytes
[Frame is marked: False]
[Protocols in frame [truncated]: eth:ip:tcp:ssl:pkcs-1:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:pkcs-1:x509ce:x509ce:ns_cert_exts:ns_cert_exts:ns_cert_exts:pkcs-1:pkcs-1:x509sat:x509sat]
[Coloring Rule Name: TCP]
[Coloring Rule String: tcp]
Ethernet II, Src: F5Networ_25:ec:a9 (00:01:d7:25:ec:a9), Dst: 06:bb:1e:44:c0:6c (06:bb:1e:44:c0:6c)
Destination: 06:bb:1e:44:c0:6c (06:bb:1e:44:c0:6c)
Address: 06:bb:1e:44:c0:6c (06:bb:1e:44:c0:6c)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
Source: F5Networ_25:ec:a9 (00:01:d7:25:ec:a9)
Address: F5Networ_25:ec:a9 (00:01:d7:25:ec:a9)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 172.203.21.200 (172.203.21.200), Dst: 172.108.248.34 (172.108.248.34)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 974
Identification: 0x8f96 (36758)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 58
Protocol: TCP (0x06)
Header checksum: 0x4671 [correct]
[Good: True]
[Bad : False]
Source: 172.203.21.200 (172.203.21.200)
Destination: 172.108.248.34 (172.108.248.34)
Transmission Control Protocol, Src Port: 636 (636), Dst Port: 35627 (35627), Seq: 1449, Ack: 100, Len: 922
Source port: 636 (636)
Destination port: 35627 (35627)
Sequence number: 1449 (relative sequence number)
[Next sequence number: 2371 (relative sequence number)]
Acknowledgement number: 100 (relative ack number)
Header length: 32 bytes
Flags: 0x18 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 49232
Checksum: 0xe713 [correct]
[Good Checksum: True]
[Bad Checksum: False]
Options: (12 bytes)
NOP
NOP
Timestamps: TSval 407414776, TSecr 1200298934
TCP segment data (922 bytes)
[Reassembled TCP Segments (2370 bytes): #6(1448), #7(922)]
[Frame: 6, payload: 0-1447 (1448 bytes)]
[Frame: 7, payload: 1448-2369 (922 bytes)]
Secure Socket Layer
SSLv3 Record Layer: Handshake Protocol: Multiple Handshake Messages
Content Type: Handshake (22)
Version: SSL 3.0 (0x0300)
Length: 2365
Handshake Protocol: Server Hello
Handshake Type: Server Hello (2)
Length: 70
Version: SSL 3.0 (0x0300)
Random
gmt_unix_time: Nov 6, 2007 13:30:55.000000000
random_bytes: 288DE9CA0C75370EC21CBC60ADF4DD01C5D4308C3C9E10D8...
Session ID Length: 32
Session ID: 47305E7FB491F67645E414FD6191A5CC08A299EDA9FB8DB1...
Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004)
Compression Method: null (0)
Handshake Protocol: Certificate
Handshake Type: Certificate (11)
Length: 1743
Certificates Length: 1740
Certificates (1740 bytes)
Certificate Length: 921
Certificate: 308202FEA003020102020E59A001010002932F68ACA49C90... (id-at-commonName=ldapqsu.sys.hypovereinsbank.de,id-at-organizationalUnitName=HIS16DM,id-at-organizationName=Bayerische Hypo- und Vereinsbank AG,id-at-localityName=Muenchen,i
signedCertificate
version: v3 (2)
serialNumber : 0x59a001010002932f68aca49c90c5
signature (shaWithRSAEncryption)
Algorithm Id: 1.2.840.113549.1.1.5 (shaWithRSAEncryption)
issuer: rdnSequence (0)
rdnSequence: 6 items (pkcs-9-at-emailAddress=certificate@trustcenter.de,id-at-organizationalUnitName=Pre-Production Class 2 CA,id-at-organizationName=TC TrustCenter AG,id-at-localityName=Hamburg,id-at-stateOrProvinceName=Hamburg,id-at-coun
Item: 1 item (id-at-countryName=DE)
Item (id-at-countryName=DE)
Id: 2.5.4.6 (id-at-countryName)
CountryName: DE
Item: 1 item (id-at-stateOrProvinceName=Hamburg)
Item (id-at-stateOrProvinceName=Hamburg)
Id: 2.5.4.8 (id-at-stateOrProvinceName)
DirectoryString: printableString (1)
printableString: Hamburg
Item: 1 item (id-at-localityName=Hamburg)
Item (id-at-localityName=Hamburg)
Id: 2.5.4.7 (id-at-localityName)
DirectoryString: printableString (1)
printableString: Hamburg
Item: 1 item (id-at-organizationName=TC TrustCenter AG)
Item (id-at-organizationName=TC TrustCenter AG)
Id: 2.5.4.10 (id-at-organizationName)
DirectoryString: printableString (1)
printableString: TC TrustCenter AG
Item: 1 item (id-at-organizationalUnitName=Pre-Production Class 2 CA)
Item (id-at-organizationalUnitName=Pre-Production Class 2 CA)
Id: 2.5.4.11 (id-at-organizationalUnitName)
DirectoryString: printableString (1)
printableString: Pre-Production Class 2 CA
Item: 1 item (pkcs-9-at-emailAddress=certificate@trustcenter.de)
Item (pkcs-9-at-emailAddress=certificate@trustcenter.de)
Id: 1.2.840.113549.1.9.1 (pkcs-9-at-emailAddress)
SyntaxIA5String: certificate@trustcenter.de
validity
notBefore: utcTime (0)
utcTime: 070918104551Z
notAfter: utcTime (0)
utcTime: 100918104551Z
subject: rdnSequence (0)
rdnSequence: 6 items (id-at-commonName=ldapqsu.sys.hypovereinsbank.de,id-at-organizationalUnitName=HIS16DM,id-at-organizationName=Bayerische Hypo- und Vereinsbank AG,id-at-localityName=Muenchen,id-at-stateOrProvinceName=Bayern,id-at-countr
Item: 1 item (id-at-countryName=DE)
Item (id-at-countryName=DE)
Id: 2.5.4.6 (id-at-countryName)
CountryName: DE
Item: 1 item (id-at-stateOrProvinceName=Bayern)
Item (id-at-stateOrProvinceName=Bayern)
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Dec 24 2007
Added on Nov 23 2007
#identity-management, #oracle-unified-directory-oud-oracle-directory-server-enterprise-edition-sun-dsee
2 comments
390 views