idnits 2.17.1 draft-ietf-tls-interoperability-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3978, Section 5.1 on line 15. -- Found old boilerplate from RFC 3978, Section 5.5 on line 1357. -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 1368. -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 1375. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 1381. ** This document has an original RFC 3978 Section 5.4 Copyright Line, instead of the newer IETF Trust Copyright according to RFC 4748. ** This document has an original RFC 3978 Section 5.5 Disclaimer, instead of the newer disclaimer which includes the IETF Trust according to RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 444 instances of too long lines in the document, the longest one being 1 character in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year == Line 522 has weird spacing: '...5 e0 bd l......' == Line 599 has weird spacing: '...: close of co...' == Line 918 has weird spacing: '...e 86 ea s.#....' == Line 949 has weird spacing: '...0 75 df r'.....' == Line 1132 has weird spacing: '...3 bb dd ky?....' -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (October 16, 2006) is 6395 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- ** Obsolete normative reference: RFC 2246 (Obsoleted by RFC 4346) ** Obsolete normative reference: RFC 3546 (Obsoleted by RFC 4366) ** Obsolete normative reference: RFC 4346 (Obsoleted by RFC 5246) Summary: 7 errors (**), 0 flaws (~~), 6 warnings (==), 7 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group Y. Pettersen 3 Internet-Draft Opera Software ASA 4 Intended status: Informational October 16, 2006 5 Expires: April 19, 2007 7 Clientside interoperability experiences for the SSL and TLS protocols 8 draft-ietf-tls-interoperability-00 10 Status of this Memo 12 By submitting this Internet-Draft, each author represents that any 13 applicable patent or other IPR claims of which he or she is aware 14 have been or will be disclosed, and any of which he or she becomes 15 aware will be disclosed, in accordance with Section 6 of BCP 79. 17 Internet-Drafts are working documents of the Internet Engineering 18 Task Force (IETF), its areas, and its working groups. Note that 19 other groups may also distribute working documents as Internet- 20 Drafts. 22 Internet-Drafts are draft documents valid for a maximum of six months 23 and may be updated, replaced, or obsoleted by other documents at any 24 time. It is inappropriate to use Internet-Drafts as reference 25 material or to cite them other than as "work in progress." 27 The list of current Internet-Drafts can be accessed at 28 http://www.ietf.org/ietf/1id-abstracts.txt. 30 The list of Internet-Draft Shadow Directories can be accessed at 31 http://www.ietf.org/shadow.html. 33 This Internet-Draft will expire on April 19, 2007. 35 Copyright Notice 37 Copyright (C) The Internet Society (2006). 39 Abstract 41 This document presents a number of problems encountered when 42 implementing TLS 1.0, TLS 1.1 and TLS Extensions for clients, and 43 their consequences. The problems include servers that refuse to 44 connect with clients supporting newer versions of the protocol, or 45 that do not handle such negotiation properly. Another problem 46 encountered is the incorrect use of values in the protocol messages. 48 Table of Contents 50 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 51 2. The SSL v3 to TLS 1.0 transition . . . . . . . . . . . . . . . 4 52 3. The TLS 1.0 to TLS 1.1 transition . . . . . . . . . . . . . . 5 53 4. The introduction of TLS Extensions . . . . . . . . . . . . . . 6 54 5. Incorrect use of Record Protocol version numbers . . . . . . . 7 55 6. Introducing Compression . . . . . . . . . . . . . . . . . . . 9 56 7. Consequences . . . . . . . . . . . . . . . . . . . . . . . . . 9 57 8. What should be done? . . . . . . . . . . . . . . . . . . . . . 10 58 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 59 10. Security Considerations . . . . . . . . . . . . . . . . . . . 11 60 11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 11 61 12. Normative References . . . . . . . . . . . . . . . . . . . . . 11 62 Appendix A. Examples . . . . . . . . . . . . . . . . . . . . . . 12 63 A.1. SSL v3 server refuses TLS 1.0 client(case 1) . . . . . . . 12 64 A.2. SSL v3 server refuses TLS 1.0 client (case 2) . . . . . . 13 65 A.3. TLS 1.0 server refuses TLS 1.1 client . . . . . . . . . . 15 66 A.4. TLS 1.0 server refuses TLS Extensions . . . . . . . . . . 16 67 A.5. Renegotiation with SSL v3 records over TLS 1.0 68 connection . . . . . . . . . . . . . . . . . . . . . . . . 17 69 A.6. Wrong version expected in RSA Client Key Exchange . . . . 23 70 A.7. Refusing to accept compression methods . . . . . . . . . . 28 71 A.8. Copying the Client Hello Version field . . . . . . . . . . 28 72 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 29 73 Intellectual Property and Copyright Statements . . . . . . . . . . 30 75 1. Introduction 77 One of the basic foundations of the various SSL protocol versions SSL 78 v2 [SSLv2], SSL v3.0 [SSLv3], TLS 1.0 [RFC2246] and TLS 1.1 [RFC4346] 79 is that they are supposed to be able to work seamlessly with other 80 implementations of both older versions of the protocol, and newer 81 versions that were not even under consideration at the time the 82 implementation was written. The older versions are not supposed to 83 be able to understand the new protocol versions, but using their 84 version of the protocol, they are supposed to be able to negotiate a 85 connection with the newer version, provided that the newer 86 implementation is willing and able to do so. That ability may depend 87 on both the implementer's willingness to support the older versions 88 due to engineering constraints and known security problems with the 89 older version. But, assuming that both implementations support the 90 same version of the protocol, they should be able to communicate. 92 Over the years it has become an unfortunate reality that while most 93 SSL and TLS implementations do work together in the above mentioned 94 ideal fashion, there are far too many implementations that do not (in 95 particular) properly implement the forward compatibility portions of 96 the specifications. This has caused a number of serious problems 97 which again may have led client vendors to delay implementation or 98 deployment of new TLS-related functionality or versions. Other 99 vendors may have deployed the new features, but have only been able 100 to do so by adding automatic workarounds that in many respects 101 actually disable security features of the protocol. 103 Even if one discounts the fact that SSL v2 and SSL v3 were 104 incompatible at the binary level, with every upgrade since; the 105 migration from SSL v3 to TLS 1.0, the addition of TLS Extensions and 106 the current migration from TLS 1.0 to TLS 1.1, clients have 107 encountered servers that were not willing to accept connections from 108 clients that supported these features. 110 To make matters worse, from the client vendor's viewpoint, many of 111 the sites causing these problems are sites that are vital to their 112 customers, such as banking and shopping sites. 114 This document will present a number of the implementation mistakes 115 that have been observed throughout the author's period as the lead 116 developer of an SSL/TLS client. In most cases one has knowledge only 117 about what happened, not the precise reason why. The cases listed 118 here are not intended as an exhaustive list of problems that have 119 occurred in implementations of the SSL/TLS protocol, but to give an 120 overview of what the situation is. 122 Finally, there will be a short evaluation of what may have caused the 123 current situation, and a few suggestions about what may be done to 124 avoid these problems in the future, both for TLS and other protocols. 126 2. The SSL v3 to TLS 1.0 transition 128 The SSL v3 specification [SSLv3] includes the following version 129 forward compatibility and security features: 131 o A field in the Client Hello that tells the server the highest 132 version the client supports. If the server supports a more recent 133 version than the client does, then it is supposed to select the 134 client's version, otherwise it is to use its own highest supported 135 version. 137 o A field in the RSA Client Key Exchange message that contains the 138 highest version the client supports. The server must check this 139 version number against the version number received in the Client 140 Hello. If it is different, somebody may have attempted to reduce 141 the security of the connection by downgrading the negotiated 142 version. 144 These two features were intended to make it possible for 145 implementations using newer SSL/TLS versions to connect to older 146 implementations, and vice versa. 148 Unfortunately, a number of server implementations got at least one of 149 those points wrong. Some SSL v3 servers refuse to even answer when a 150 client using TLS 1.0 or higher tries to establish a connection, 151 others answer, but the negotiation fails after the RSA Client Key 152 Exchange step because they use the negotiated version number, not the 153 version number in the Client Hello, to check the version number in 154 the RSA Key Exchange block. 156 Appendix A.1 and Appendix A.2 contain a couple of examples of the 157 first type of problem, refusal to talk to TLS 1.0 clients. In these 158 cases, the server usually closes down the connection immediately 159 without an error code, although in some cases they do send an error 160 first. 162 In the second type of problem the server correctly chooses SSL v3 as 163 the version, but the last part of the handshake fails because the 164 server assumes that the decrypted RSA Key Exchange message should 165 contain the SSL v3 protocol version, not the TLS 1.0 version number 166 (which is the correct one). In such cases the server also closes the 167 connection. An example of a similar case, involving a TLS 1.1 client 168 and a TLS 1.0 server is found in Appendix A.6. 170 To be able to connect to these servers clients have had to restart 171 the negotiation on a new connection, with TLS 1.0 disabled, an action 172 which for the RSA cipher suites mean that the version roll back 173 protection is non-existent. 175 In addition to the above examples, a SSL v3 server that used whatever 176 version the client identified in the Client Hello Version field as 177 the version selected in the Server Hello has also been observed. 178 That is, if the client identified {3,0} as its highest version the 179 server selected (correctly) {3,0}, but if the client identified {3,1} 180 or (the unspecified) {4,0} (Appendix A.8) the server selected {3,1} 181 and {4,0}, respectively, even though it could not know what those 182 protocol versions were. This incorrect version selection will 183 invariably result in a handshake failure during the Client Key 184 Exchange phase or a MAC/decryption failure during the decryption of 185 the Finished Message 187 When the client used the SSL v2 Client Hello the version was 188 correctly negotiated, which lead this problem being hidden until TLS 189 1.0 clients recently stopped using the SSL v2 Client Hello in the 190 initial connection and started using the TLS 1.0 (or later) Client 191 Hello instead, as part of the transition to support TLS 192 ExtensionsSection 4. As the server would previously only see a SSL 193 v3.0 Client Hello after the client had determined the server 194 supported SSL v3.0 as its highest version, such as during session 195 resume or renegotiation, the server would only see a SSL v3.0 version 196 number from the client. It is likely that the vendor, as part of 197 mistaken optimization, just copied the version field into the 198 session's state without checking that the version was the correct 199 one. 201 3. The TLS 1.0 to TLS 1.1 transition 203 TLS 1.0 [RFC2246] also contained the same forward compatibility and 204 version roll-back attack protections as SSL v3, and given the more 205 formal specification of TLS 1.0, one might have hoped vendors would 206 have taken better care to implement those specified provisions, so 207 that a future transition from TLS 1.0 to TLS 1.1 [RFC4346] would work 208 better. 210 Again, however, a number of TLS server vendors did not implement 211 these aspects properly, and in many cases it is not possible to tell 212 what is causing the problem, the web server, or a gateway server 213 between the client and the web server. 215 Appendix A.3 shows a couple of cases where the server shuts down the 216 connection immediately when it gets a Client Hello containing a TLS 217 1.1 version number. Similarly to the SSL v3 to TLS 1.0 transition 218 servers using the wrong version number during the Client Key Exchange 219 step have also been observed, as seen in Appendix A.6. 221 While many of the servers just close the connection, there are also 222 some TLS 1.0 servers that fall back to SSL v3 when being contacted by 223 a TLS 1.1 client. 225 4. The introduction of TLS Extensions 227 SSL v3 [SSLv3], TLS 1.0 [RFC2246] , and TLS 1.1 [RFC4346] all specify 228 the possibility of an extension of the Client Hello to contain more 229 information. This extension was defined with the TLS Extensions 230 specification [RFC3546]. 232 TLS Extensions defines a field containing a sequence of data items 233 that inform the server about the client's capabilities and/or 234 requirements. Two such fields are the Server Name Extension and the 235 Certificate Status Extension, which can be used, respectively, to 236 tell the server which server the client wants to connect to, allowing 237 virtual server hosting for secure servers, and request that the 238 server provides an OCSP response for the server's certificate. 240 As with the negotiation of version number, not all server 241 implementations have taken these requirements into consideration, and 242 in many cases TLS 1.0 servers will refuse to accept connections from 243 clients that send TLS Extensions in the Client Hello, usually 244 indicated by closing the connection without sending any error 245 message. It was already known before work on TLS Extensions started 246 that some SSL v3 servers would not tolerate the extended Client Hello 247 used by TLS Extensions, even though the SSLv3 specification mentions 248 the possibility of such an extension of the protocol. 250 Various scenarios have been observed: 252 o Some servers accept TLS Extensions with TLS 1.0, but refuse to 253 accept them from TLS 1.1 clients 255 o Some servers accept TLS Extensions only from a TLS 1.1 client 257 o Some servers refuse to accept TLS Extensions under any 258 circumstances. 260 Failures are usually signalled by closing the connection, optionally 261 with an error alert, but servers that did not respond, leaving the 262 connection open, have also been observed. 264 In at least one case, the reason for the first scenario seems to be 265 that the server incorrectly used the Record Protocol version number 266 as the negotiation input for version number, not the Client Hello 267 version number field, and for version 3.2 reclassified it as 3.0 (not 268 3.1, as it should have), and then refused to accept the extended 269 record, even if SSL v3 permits extended records. 271 Similar handling, but with more "graceful" recovery may be the reason 272 for the second scenario. 274 The third case, by far the most common, may be caused by incorrect 275 understanding of the specification, but it may also be the result of 276 misguided efforts at protecting the server from an attack by using 277 data format rules in the firewall that are too restrictive. An 278 indication of the latter is that the server in Appendix A.3 279 originally only refused to accept connection requests from a TLS 1.1 280 client, but four weeks after the site was first tested, it was no 281 longer accepting TLS Extension requests (Appendix A.4). However, it 282 has not been possible to confirm or refute this theoretical 283 possibility. 285 5. Incorrect use of Record Protocol version numbers 287 Three incorrect uses of the SSL/TLS protocols Record Protocol version 288 numbers has been observed, one server side, and two client side. 289 These have not had much impact until recently (2005) because most SSL 290 and TLS clients have been using the SSL v2 Client Hello to provide 291 backward compatibility with servers that only supports SSL v2. As 292 these servers are being upgraded, the need for this backward 293 compatibility is diminishing, and most clients are now disabling this 294 protocol in their default configuration, and they are therefore 295 starting to use the SSL v3 and later Client Hellos in the initial 296 handshake. 298 The first incorrect use concerns which Record Protocol version number 299 to use in the initial connection. A single sentence in Section E of 300 [RFC2246] covers this area, and specifies that "TLS clients who wish 301 to negotiate with SSL 3.0 servers should send client hello messages 302 using the SSL 3.0 record format and client hello structure, sending 303 {3, 1} for the version field to note that they support TLS 1.0". 305 What this implies (in the author's current, revised understanding) is 306 that the client should use the server's highest known version number 307 in the first handshake (which would mean SSL v3.0 when there is no 308 information available about the server). 310 At the very least, the author of this document missed the 311 significance of this sentence. It had not had any significance when 312 clients were using SSL v2 handshakes initially, since during future 313 handshakes the client would know which version the server supported. 314 It did however turn out to have some impact on some, but not all, of 315 the problems with TLS 1.1 described above. 317 Changing the negotiation sequence to use SSL v3's 3.0 version number 318 in the initial SSL/TLS record did, however, turn out to reveal 319 another incorrect use of the Record Protocol version number: Some 320 servers use it as the Client's Requested SSL/TLS protocol version- 321 field instead of the Client Hello message field. 323 This means that a client using an SSL v3.0 record to request a TLS 324 1.0 connection from a TLS 1.0 capable server in some cases actually 325 got an SSL v3 connection instead. Curiously, it does not seem like 326 the RSA Client Key Exchange test for version roll-back triggered, 327 probably because the implementations did use the correct field to 328 retrieve the version number used in that check, but did not check it 329 against the negotiated version number. 331 In other cases, such as in Appendix A.1 a SSL v3 server will not 332 accept the TLS 1.0 version number in the protocol record, and will 333 shut down the connection without any warning. 335 In some cases this use of the Record Protocol field has had some 336 curious effects. In one case, if the client used the TLS 1.1 version 337 number (3.2) while connecting to the server, the server would 338 negotiate SSL v3.0, even though it did support TLS 1.0. This caused 339 (as described above) the server not to accept TLS Extensions when the 340 TLS 1.1 Record Protocol was used. 342 The third case concerned a client with which the author is not 343 associated. This client would negotiate a TLS 1.0 session using a 344 SSL v3 Record Protocol message with a Client Hello requesting TLS 345 1.0. Once the TLS session was negotiated, the client sent a new 346 Client Hello, presumably to renegotiate the connection without 347 revealing any of the exchanged information to eavesdroppers. It did 348 this in the TLS 1.0 session, using a 3.0 Record Protocol version. 350 Apparently this worked in many cases, but in the case of two 351 financial websites they returned errors when the client sent their 352 second Client Hello, one of them a normal TLS error code, the other 353 (the same one as in Appendix A.3 and Appendix A.4) actually responded 354 with an SSL v2 error code Appendix A.5, which the client naturally 355 wasn't able to understand. 357 6. Introducing Compression 359 [RFC3749] introduced new compression capabilities to TLS. The 360 compression capability, which is intended to reduce bandwidth 361 requirments, was documented already in [SSLv3], but until RFC3749 no 362 compression methods, beside the Null method (no compression), had 363 been defined. SSL v3 and all versions of TLS clearly specified that 364 the list of compression methods was the list of methods (including 365 the Null method) supported by the client, in order of preference, and 366 that the server must select one of them among those it supports. 368 Clients and servers should therefore always be able to negotiate a 369 compression method, even if it is the Null method. 371 Testing performed by Pasi Eronen have, however, indicated that at 372 least one server implementation (Appendix A.7) does not accept 373 connections from clients that offer to do any kind of compression in 374 addition to the Null method. 376 7. Consequences 378 As a consequence of the problems detailed above, many mass-market 379 client vendors have had to deploy SSL/TLS implementations that 380 disable protocol features if the server does not understand it. In 381 particular, this was necessary both for the move to TLS 1.0, and to 382 TLS 1.1, but it has also become necessary for TLS Extensions. 384 The reason for this automatic disabling of features is that most of 385 these clients cannot refuse to connect to an SSL/TLS server whose 386 "only" problem is that it refuses to connect to a client that 387 supports a feature it does not support. 389 The consequence, however, is that (at the very least) some security 390 features in the protocol, such as the version roll-back protection 391 (in the RSA-suites), are effectively disabled, because it is 392 impossible for a client to distinguish between a non-compliant server 393 and a malicious attack. A related issue is that only the RSA suites 394 defined in TLS have any version roll-back protection that does not 395 depend on the security of the message digest functions. 397 As long as SSL v3, TLS 1.0 and TLS 1.1 are as similar as they are, 398 and relying on the same methods, this probably does not reduce the 399 security of the protocol. However, as future versions of TLS are 400 unlikely to rely solely on the same mechanisms as the current 401 versions of TLS due to attacks on those mechanisms becoming more 402 feasible, the possibility of a version roll-back attack becomes more 403 realistic. 405 8. What should be done? 407 Even though SSL and TLS clearly specified forward compatibility 408 requirements in the specifications, a significant number of 409 implementers did not implement them properly. Similarly, a number of 410 implementers got some of the backwards compatibility guidelines 411 wrong. 413 Many of these problems may have been caused, however indirectly, by 414 the amount of detail in the specifications, which is unavoidable in 415 any specification of some size. It may be possible to counter that 416 category of problems by organizing the documents differently, such as 417 by adding sections that summarizes important parts of the protocol. 419 Other problems may have been introduced because of external concerns, 420 such as security. 422 What can be done to improve the situation, for TLS, as well as other 423 protocols? 425 This document will not be able to provide the answer to that, but 426 brings up the following questions: 428 o Should important aspects of a protocol be collected in an 429 implementer's checklist? 431 o Should forward and backward compatibility requirements be better 432 documented, e.g. by examples? 434 o Should specifications include reference implementations? If so, 435 who should develop them? 437 o Should such reference implementations also include tests that 438 break border conditions? 440 o Should the IETF host reference implementations? 442 o Can and should future TLS implementations contain Key Exchange- 443 independent version roll-back protection? (Currently only the RSA 444 suites in [SSLv3], [RFC2246] and [RFC4346] have such protection) 446 o Is it feasible for future TLS specifications to require that 447 implementations must never automatically fall back to an earlier 448 version of the protocol, in case negotiation fails? 450 9. IANA Considerations 452 This document makes no request of IANA. 454 Note to RFC Editor: this section may be removed on publication as an 455 RFC. 457 10. Security Considerations 459 This document discusses various problems with the implementations of 460 the SSL and TLS protocol versions, and the interaction between 461 implementations of newer and older versions of this protocol. The 462 solution to some of the problems discussed can have security 463 implications, such as when a client automatically disables its 464 support for a version of the protocol or a feature in the protocol 465 when it encounters a problem with a server. 467 11. Acknowledgements 469 Many of the sites exhibiting the problems discussed above and used in 470 some of the examples were originally discovered by external testers 471 of the Opera Browser, such as the Elektrans and those who 472 participated in the September 2004 My Opera TLS 1.1 Scavenger Hunt, 473 and employees of Opera Software ASA. 475 The example in Appendix A.7 was contributed by Pasi Eronen. 477 12. Normative References 479 [RFC2246] Dierks, T. and C. Allen, "The TLS Protocol Version 1.0", 480 RFC 2246, January 1999. 482 [RFC3546] Blake-Wilson, S., Nystrom, M., Hopwood, D., Mikkelsen, J., 483 and T. Wright, "Transport Layer Security (TLS) 484 Extensions", RFC 3546, June 2003. 486 [RFC3749] Hollenbeck, S., "Transport Layer Security Protocol 487 Compression Methods", RFC 3749, May 2004. 489 [RFC3943] Friend, R., "Transport Layer Security (TLS) Protocol 490 Compression Using Lempel-Ziv-Stac (LZS)", RFC 3943, 491 November 2004. 493 [RFC4346] Dierks, T. and E. Rescorla, "The Transport Layer Security 494 (TLS) Protocol Version 1.1", RFC 4346, April 2006. 496 [SSLv2] Feb18, "The SSL Protocol", Feb 1995, 497 . 499 [SSLv3] "The SSL Protocol Version 3.0", Nov 1996, 500 . 502 Appendix A. Examples 504 A.1. SSL v3 server refuses TLS 1.0 client(case 1) 506 This server accepted connections from TLS 1.0 clients on one of two 507 conditions 509 1. The Client used an SSL v2 Client Hello record 511 2. The client used an SSL v3 record protocol record to send the 512 Client Hello with the TLS 1.0 version number. 514 A.1.1. Failed connection 516 This example shows a handshake started with TLS 1.0 Client Hello in a 517 TLS 1.0 record, the result being that the server terminates the 518 connection immediately. 520 C: sending 82 bytes (Client Hello) 521 0000 : 16 03 01 00 4d 01 00 00 49 03 01 44 2c 2d 1f 67 ....M...I..D,-.g 522 0010 : 6c e5 05 a5 88 12 6b 8f a8 d3 e5 9e e0 55 e0 bd l.....k......U.. 523 0020 : 99 24 dd dc 72 36 8c c7 18 f5 69 00 00 22 00 39 .$..r6....i..".9 524 0030 : 00 38 00 37 00 36 00 35 00 33 00 32 00 31 00 30 .8.7.6.5.3.2.1.0 525 0040 : 00 2f 00 05 00 04 00 13 00 0d 00 16 00 10 00 0a ./.............. 526 0050 : 01 00 .. 528 S: received 14 bytes (Alert messages 10 Unexpected message 529 and Close Notify) 530 0000 : 15 03 00 00 02 02 0a 15 03 00 00 02 01 00 .............. 532 A.1.2. Successful connection 534 This example shows a TLS 1.0 Client Hello in a SSL v3.0 record, and 535 the server responds with a Server Hello 537 C : sending 82 bytes (Client Hello) 538 0000 : 16 03 00 00 4d 01 00 00 49 03 01 44 2c 35 2d 17 ....M...I..D,5-. 539 0010 : ad 60 c8 4d 8a 51 a5 59 f9 cd bc 3e b1 9c a2 ff .`.M.Q.Y...>.... 540 0020 : 42 71 33 2f 80 86 3f 4b f6 62 ea 00 00 22 00 39 Bq3/...K.b...".9 541 0030 : 00 38 00 37 00 36 00 35 00 33 00 32 00 31 00 30 .8.7.6.5.3.2.1.0 542 0040 : 00 2f 00 05 00 04 00 13 00 0d 00 16 00 10 00 0a ./.............. 543 0050 : 01 00 .. 545 S : received 47 bytes (Server Hello, v3.0) 546 0000 : 16 03 00 00 2a 02 00 00 26 03 00 44 2c 35 96 1d ....*...&..D,5.. 547 0010 : d5 02 df 00 eb 5d fb 32 2e 51 64 42 99 c4 94 c2 .....].2.QdB.... 548 0020 : 46 61 b3 19 e1 50 28 93 57 a9 e9 00 00 05 00 Fa...P(.W...... 550 A.1.3. Successful Connection 552 This example shows a SSL v2 Client Hello requesting a TLS 1.0 553 connection. The server responds with a SSL v3 Server Hello 555 C : sending 138 bytes (SSL v2 Client Hello) 556 0000 : 80 88 01 03 01 00 6f 00 00 00 10 00 00 39 00 00 ......o......9.. 557 0010 : 38 00 00 37 00 00 36 00 00 35 00 00 33 00 00 32 8..7..6..5..3..2 558 0020 : 00 00 31 00 00 30 00 00 2f 00 00 05 00 00 04 00 ..1..0../....... 559 0030 : 00 13 00 00 0d 00 00 16 00 00 10 00 00 0a 00 00 ................ 560 0040 : 12 00 00 0c 00 00 15 00 00 0f 00 00 09 00 00 64 ...............d 561 0050 : 00 00 62 00 00 11 00 00 0b 00 00 14 00 00 0e 00 ..b............. 562 0060 : 00 08 00 00 03 00 00 06 01 00 80 07 00 c0 03 00 ................ 563 0070 : 80 06 00 40 02 00 80 04 00 80 44 2c 36 28 d6 0e ...@......D,6(.. 564 0080 : d9 20 b8 9c d6 0f ad aa 80 d7 . ........ 566 S : received 47 bytes (SSL v3 Server Hello) 567 0000 : 16 03 00 00 2a 02 00 00 26 03 00 44 2c 36 92 97 ....*...&..D,6.. 568 0010 : 91 4f 1d b2 e1 96 e2 5c 99 c2 5c 21 8e 91 67 91 .O.....\..\!..g. 569 0020 : 4b 34 ee e7 78 56 65 7b 7a f0 ad 00 00 05 00 K4..xVe{z...... 571 A.2. SSL v3 server refuses TLS 1.0 client (case 2) 573 Date: April 5, 2006 575 Server: Lotus-Domino/5.0.8 577 Site: https://www.ecbanking.com.my/ 579 This site refused to connect with any client presenting the TLS 1.0 580 version number in the Client Hello message 582 A.2.1. Failed connection 584 This example uses an SSL v2 Client Hello, requesting a TLS 1.0 585 connection. The server closes the connection without sending any 586 data or error messages to the client. 588 C : Sending 138 bytes (SSL v2 Client Hello, requesting TLS 1.0) 589 0000 : 80 88 01 03 01 00 6f 00 00 00 10 00 00 39 00 00 ......o......9.. 590 0010 : 38 00 00 37 00 00 36 00 00 35 00 00 33 00 00 32 8..7..6..5..3..2 591 0020 : 00 00 31 00 00 30 00 00 2f 00 00 05 00 00 04 00 ..1..0../....... 592 0030 : 00 13 00 00 0d 00 00 16 00 00 10 00 00 0a 00 00 ................ 593 0040 : 12 00 00 0c 00 00 15 00 00 0f 00 00 09 00 00 64 ...............d 594 0050 : 00 00 62 00 00 11 00 00 0b 00 00 14 00 00 0e 00 ..b............. 595 0060 : 00 08 00 00 03 00 00 06 01 00 80 07 00 c0 03 00 ................ 596 0070 : 80 06 00 40 02 00 80 04 00 80 44 33 0c 61 ef 3e ...@......D3.a.> 597 0080 : 2f 10 6b 09 94 56 cc 7d 5c 18 /.k..V.}\. 599 601 A.2.2. Successful connection 603 This example uses an SSL v2 Client Hello, requesting a SSL v3.0 604 connection. The server responds with a SSL v3.0 Server Hello 606 C: Sending 138 bytes (SSL v2 Client Hello, requesting SSL v3.0) 607 0000 : 80 88 01 03 00 00 6f 00 00 00 10 00 00 39 00 00 ......o......9.. 608 0010 : 38 00 00 37 00 00 36 00 00 35 00 00 33 00 00 32 8..7..6..5..3..2 609 0020 : 00 00 31 00 00 30 00 00 2f 00 00 05 00 00 04 00 ..1..0../....... 610 0030 : 00 13 00 00 0d 00 00 16 00 00 10 00 00 0a 00 00 ................ 611 0040 : 12 00 00 0c 00 00 15 00 00 0f 00 00 09 00 00 64 ...............d 612 0050 : 00 00 62 00 00 11 00 00 0b 00 00 14 00 00 0e 00 ..b............. 613 0060 : 00 08 00 00 03 00 00 06 01 00 80 07 00 c0 03 00 ................ 614 0070 : 80 06 00 40 02 00 80 04 00 80 44 33 0c 65 18 21 ...@......D3.e.! 615 0080 : bb 61 ee 4f 1b 7e 16 98 b2 2f .a.O.~.../ 617 S : Received 2560 bytes (SSL v3.0 Server Hello) 618 0000 : 16 03 00 0b 16 02 00 00 46 03 00 31 05 8d 10 01 ........F..1.... 619 0010 : 5c 9c 2b f1 88 e8 e4 fa 42 0c 1a ff 95 df 49 a8 \.+.....B.....I. 620 0020 : a9 3d 74 35 fe 07 9d b3 6f 61 28 20 09 c3 e4 4e .=t5....oa( ...N 621 0030 : e6 27 d1 90 11 55 19 ec 18 37 92 50 0d af 35 3b .'...U...7.P..5; 622 0040 : 08 96 0f 53 32 67 e4 65 9e 75 19 62 00 05 00 ...S2g.e.u.b... 624 A.2.3. Failed connection 626 This example uses an TLS 1.0 Client Hello in a SSL v3.0 record, 627 requesting a TLS 1.0 connection. The server responds with a 628 Unexpected Message alert message 630 C : Sending 110 bytes (TLS 1.0 Client Hello in SSL v3 record) 631 0000 : 16 03 00 00 69 01 00 00 65 03 01 44 33 16 76 4f ....i...e..D3.vO 632 0010 : 90 61 33 15 6a 75 02 2c 23 70 7e f8 03 67 41 c8 .a3.ju.,#p~..gA. 633 0020 : 1d 30 22 5b ed be 8c 66 d3 bd 66 00 00 3e 00 39 .0"[...f..f..>.9 634 0030 : 00 38 00 37 00 36 00 35 00 33 00 32 00 31 00 30 .8.7.6.5.3.2.1.0 635 0040 : 00 2f 00 05 00 04 00 13 00 0d 00 16 00 10 00 0a ./.............. 636 0050 : 00 12 00 0c 00 15 00 0f 00 09 00 64 00 62 00 11 ...........d.b.. 637 0060 : 00 0b 00 14 00 0e 00 08 00 03 00 06 01 00 .............. 639 S : Received 7 bytes 640 0000 : 15 03 00 00 02 02 0a ....... 642 A.2.4. Successful connection 644 This example uses an SSL v3 Client Hello, requesting a SSL v3.0 645 connection. The server responds with a SSL v3.0 Server Hello 646 C : Sending 110 bytes (SSL v3 Client Hello) 647 0000 : 16 03 00 00 69 01 00 00 65 03 00 44 33 16 77 4b ....i...e..D3.wK 648 0010 : fb 0a 6e d5 55 a7 45 86 95 16 01 a7 d2 c9 45 2c ..n.U.E.......E, 649 0020 : 42 98 7e 71 59 87 03 72 6f d4 95 00 00 3e 00 39 B.~qY..ro....>.9 650 0030 : 00 38 00 37 00 36 00 35 00 33 00 32 00 31 00 30 .8.7.6.5.3.2.1.0 651 0040 : 00 2f 00 05 00 04 00 13 00 0d 00 16 00 10 00 0a ./.............. 652 0050 : 00 12 00 0c 00 15 00 0f 00 09 00 64 00 62 00 11 ...........d.b.. 653 0060 : 00 0b 00 14 00 0e 00 08 00 03 00 06 01 00 .............. 655 S : Received 2560 bytes (SSL v3 Server Hello) 656 0000 : 16 03 00 0b 16 02 00 00 46 03 00 30 e5 3f e0 52 ........F..0...R 657 0010 : f1 6a ae 5a a2 5b 51 5e 47 72 3d fa b4 10 0b 80 .j.Z.[Q^Gr=..... 658 0020 : 8a e1 ee e9 fa bc 72 67 cc 1e d2 20 7c 3b 3d 41 ......rg... |;=A 659 0030 : 80 77 d2 9f ca 73 81 b8 20 99 97 26 da 52 07 d3 .w...s.. ..&.R.. 660 0040 : df f1 73 c9 14 e2 98 45 9a d2 e1 4c 00 05 00 ..s....E...L... 662 A.3. TLS 1.0 server refuses TLS 1.1 client 664 Date: April 25, 2006 666 Gateway: WebSphere 668 Site: https://www.dnbnor.no/ 670 Highest supported version: TLS 1.0 672 This TLS 1.0 server shuts down the connection when it gets a 673 connection request from a TLS 1.1 client. 675 According to information provided in private communications with the 676 system administrators this site uses a Lotus Domino WebSphere server 677 as a front-end, and that is where the connection is cut. 679 A.3.1. SSL v2 Client Hello 681 This example uses an SSL v2 Client Hello to request a TLS 1.1 682 connection, but the server immediately closes the connection without 683 any error message. 685 C: Sending 138 bytes (SSL v2 Client Hello, TLS 1.1 version requested) 686 0000 : 80 88 01 03 02 00 6f 00 00 00 10 00 00 39 00 00 ......o......9.. 687 0010 : 38 00 00 37 00 00 36 00 00 35 00 00 33 00 00 32 8..7..6..5..3..2 688 0020 : 00 00 31 00 00 30 00 00 2f 00 00 05 00 00 04 00 ..1..0../....... 689 0030 : 00 13 00 00 0d 00 00 16 00 00 10 00 00 0a 00 00 ................ 690 0040 : 12 00 00 0c 00 00 15 00 00 0f 00 00 09 00 00 64 ...............d 691 0050 : 00 00 62 00 00 11 00 00 0b 00 00 14 00 00 0e 00 ..b............. 692 0060 : 00 08 00 00 03 00 00 06 01 00 80 07 00 c0 03 00 ................ 693 0070 : 80 06 00 40 02 00 80 04 00 80 44 4e 53 a8 24 1b ...@......DNS.$. 694 0080 : 29 8f 20 17 27 74 46 24 f4 d1 ). .'tF$.. 696 698 A.3.2. TLS 1.0 Record, TLS 1.1 Client Hello 700 This example uses a TLS 1.0 Client Hello in a TLS 1.0 Record to 701 request a TLS 1.1 connection, but the server immediately closes the 702 connection without any error message. 704 C: 82 bytes 705 0000 : 16 03 01 00 4d 01 00 00 49 03 02 44 4e 54 c4 e8 ....M...I..DNT.. 706 0010 : 59 f9 9a e4 35 27 4f 95 b0 4b 82 4a 01 71 ea 8e Y...5'O..K.J.q.. 707 0020 : c0 29 2d 8e 8e f2 07 81 3d f6 4e 00 00 22 00 39 .)-.....=.N..".9 708 0030 : 00 38 00 37 00 36 00 35 00 33 00 32 00 31 00 30 .8.7.6.5.3.2.1.0 709 0040 : 00 2f 00 05 00 04 00 13 00 0d 00 16 00 10 00 0a ./.............. 710 0050 : 01 00 .. 712 714 A.4. TLS 1.0 server refuses TLS Extensions 716 Date: April 25, 2006 718 Gateway: WebSphere 720 Site: https://www.dnbnor.no/ 722 Highest supported version: TLS 1.0 724 This server (the same as in Appendix A.3) shuts down the connection 725 when it gets a connection request from a TLS 1.0 client with support 726 for TLS Extensions. 728 According to information provided in private communications with the 729 system administrators this site uses a Lotus Domino WebSphere server 730 as a front-end, and that is where the connection is cut. 732 A.4.1. TLS 1.0 with TLS Extensions 734 This example uses a TLS 1.0 Client Hello with a ServerName and a 735 Certificate Status TLS Extension in a TLS 1.0 Record to request a TLS 736 1.0 connection, but the server immediately closes the connection 737 without any error message. 739 C: 150 bytes (TLS 1.0 Client Hello, with ServerName and 740 Certificate Status TLS Extensions. 741 0000 : 16 03 01 00 91 01 00 00 8d 03 01 44 4e 54 c4 90 ...........DNT.. 742 0010 : 98 a6 83 92 36 a8 79 6c a3 3f f8 dd 78 74 5b 7e ....6.yl....xt[~ 743 0020 : 8d fa a7 7d 1f ef 60 1e 99 bb 29 00 00 22 00 39 ...}..`...)..".9 744 0030 : 00 38 00 37 00 36 00 35 00 33 00 32 00 31 00 30 .8.7.6.5.3.2.1.0 745 0040 : 00 2f 00 05 00 04 00 13 00 0d 00 16 00 10 00 0a ./.............. 746 0050 : 01 00 00 42 00 00 00 12 00 10 00 00 0d 77 77 77 ...B.........www 747 0060 : 2e 64 6e 62 6e 6f 72 2e 6e 6f 00 05 00 28 01 00 .dnbnor.no...(.. 748 0070 : 00 00 23 22 21 30 1f 06 09 2b 06 01 05 05 07 30 ..#"!0...+.....0 749 0080 : 01 02 04 12 04 10 64 7c 47 2d a1 b1 cb ab ca 36 ......d|G-.....6 750 0090 : d4 9e a6 64 92 e0 ...d.. 752 754 A.5. Renegotiation with SSL v3 records over TLS 1.0 connection 756 Date: June 5, 2006 758 Gateway: WebSphere 760 Site: https://www.dnbnor.no/ 762 Highest supported version: TLS 1.0 764 This example was created using a specially modified TLS Client that 765 immediately initiate a renegotiation of the TLS session, but does so 766 using SSL v3 as the record protocol version, even over a TLS 1.0 767 negotiated encrypted connection. This is based on actual 768 observations of a client the author is not associated with. 770 When the renegotiation starts the server responds with an SSL v2 771 error code, not an SSL v3 or TLS 1.0 error code. At least one other 772 server has been observed throwing TLS errors, as expected, but 773 apparently a number of servers actually accept the type of 774 negotiation performed in this case 775 According to information provided in private communications with the 776 system administrators this site uses a Lotus Domino WebSphere server 777 as a front-end, and that is where the connection is cut. 779 C : Sending 82 bytes (Client Hello requesting TLS 1.0 in a 780 SSL v3.0 Record) 781 0000 : 16 03 00 00 4d 01 00 00 49 03 01 44 84 9f de 7c ....M...I..D...| 782 0010 : f8 51 49 35 31 0a 0e d8 e1 a8 dc 97 dc 1b 22 b5 .QI51.........". 783 0020 : 96 96 c1 69 7b 5a 34 83 07 0d 5e 00 00 22 00 39 ...i{Z4...^..".9 784 0030 : 00 38 00 37 00 36 00 35 00 33 00 32 00 31 00 30 .8.7.6.5.3.2.1.0 785 0040 : 00 2f 00 05 00 04 00 13 00 0d 00 16 00 10 00 0a ./.............. 786 0050 : 01 00 .. 788 S : Received 2520 bytes (Server Hello TLS 1.0) 789 0000 : 16 03 01 0a 99 02 00 00 46 03 01 00 00 00 44 5c ........F.....D\ 790 0010 : 1d 7d 6a df 62 f0 f4 4c 74 f7 e5 df 31 e6 d2 43 .}j.b..Lt...1..C 791 0020 : 14 ee 56 9a 48 e9 90 97 56 b6 c6 20 00 00 51 c7 ..V.H...V.. ..Q. 792 0030 : 87 47 cd 99 56 93 d3 c5 1b f1 86 bb 19 88 59 e9 .G..V.........Y. 793 0040 : 58 58 58 58 44 84 9f e5 00 02 9b ae 00 35 00 XXXXD........5. 795 (Certificate Part 1) 796 0040 : 0b . 797 0050 : 00 0a 47 00 0a 44 00 04 74 30 82 04 70 30 82 03 ..G..D..t0..p0.. 798 0060 : d9 a0 03 02 01 02 02 10 77 f1 5a 9c af fb 1f 6b ........w.Z....k 799 0070 : 38 2c 96 5b 53 7b ce aa 30 0d 06 09 2a 86 48 86 8,.[S{..0...*.H. 800 0080 : f7 0d 01 01 05 05 00 30 81 ba 31 1f 30 1d 06 03 .......0..1.0... 801 0090 : 55 04 0a 13 16 56 65 72 69 53 69 67 6e 20 54 72 U....VeriSign Tr 802 00a0 : 75 73 74 20 4e 65 74 77 6f 72 6b 31 17 30 15 06 ust Network1.0.. 803 00b0 : 03 55 04 0b 13 0e 56 65 72 69 53 69 67 6e 2c 20 .U....VeriSign, 804 00c0 : 49 6e 63 2e 31 33 30 31 06 03 55 04 0b 13 2a 56 Inc.1301..U...*V 805 00d0 : 65 72 69 53 69 67 6e 20 49 6e 74 65 72 6e 61 74 eriSign Internat 806 00e0 : 69 6f 6e 61 6c 20 53 65 72 76 65 72 20 43 41 20 ional Server CA 807 00f0 : 2d 20 43 6c 61 73 73 20 33 31 49 30 47 06 03 55 - Class 31I0G..U 808 0100 : 04 0b 13 40 77 77 77 2e 76 65 72 69 73 69 67 6e ...@www.verisign 809 0110 : 2e 63 6f 6d 2f 43 50 53 20 49 6e 63 6f 72 70 2e .com/CPS Incorp. 810 0120 : 62 79 20 52 65 66 2e 20 4c 49 41 42 49 4c 49 54 by Ref. LIABILIT 811 0130 : 59 20 4c 54 44 2e 28 63 29 39 37 20 56 65 72 69 Y LTD.(c)97 Veri 812 0140 : 53 69 67 6e 30 1e 17 0d 30 35 30 39 30 35 30 30 Sign0...05090500 813 0150 : 30 30 30 30 5a 17 0d 30 37 30 39 30 35 32 33 35 0000Z..070905235 814 0160 : 39 35 39 5a 30 81 a8 31 0b 30 09 06 03 55 04 06 959Z0..1.0...U.. 815 0170 : 13 02 4e 4f 31 0f 30 0d 06 03 55 04 08 13 06 42 ..NO1.0...U....B 816 0180 : 65 72 67 65 6e 31 10 30 0e 06 03 55 04 07 14 07 ergen1.0...U.... 817 0190 : 53 61 6e 64 73 6c 69 31 15 30 13 06 03 55 04 0a Sandsli1.0...U.. 818 01a0 : 14 0c 45 44 42 20 49 54 20 44 72 69 66 74 31 12 ..EDB IT Drift1. 819 01b0 : 30 10 06 03 55 04 0b 14 09 44 6e 42 4e 4f 52 20 0...U....DnBNOR 820 01c0 : 49 54 31 33 30 31 06 03 55 04 0b 14 2a 54 65 72 IT1301..U...*Ter 821 01d0 : 6d 73 20 6f 66 20 75 73 65 20 61 74 20 77 77 77 ms of use at www 822 01e0 : 2e 76 65 72 69 73 69 67 6e 2e 63 6f 6d 2f 72 70 .verisign.com/rp 823 01f0 : 61 20 28 63 29 30 30 31 16 30 14 06 03 55 04 03 a (c)001.0...U.. 824 0200 : 14 0d 77 77 77 2e 64 6e 62 6e 6f 72 2e 6e 6f 30 ..www.dnbnor.no0 825 0210 : 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 ..0...*.H....... 826 0220 : 00 03 81 8d 00 30 81 89 02 81 81 00 b5 b5 b1 17 .....0.......... 827 0230 : 6d c0 e4 78 64 7d 89 7d e9 fa 62 1b 6b 59 d4 39 m..xd}.}..b.kY.9 828 0240 : 8e 5a 78 d5 50 2b 5a 3d c7 5b 02 87 df 67 51 0f .Zx.P+Z=.[...gQ. 829 0250 : b2 d9 43 6e 00 33 c3 88 fb 4e ac 31 85 82 ca a6 ..Cn.3...N.1.... 830 0260 : 96 84 9c 99 64 fa 44 b6 c5 3e 87 bb 81 72 25 b0 ....d.D..>...r%. 831 0270 : de a5 27 5d 9d 17 e5 c7 73 6a 08 7e 90 c4 b9 e2 ..']....sj.~.... 832 0280 : 78 f1 70 b5 06 44 4d 4d 60 fa e8 b8 a0 6b 04 11 x.p..DMM`....k.. 833 0290 : 7e 4e f2 61 79 57 ad 0f a1 2d b8 b5 1b ea d2 a5 ~N.ayW...-...... 834 02a0 : 96 28 53 cc 6b f8 f1 4c 15 5b 4b 17 02 03 01 00 .(S.k..L.[K..... 835 02b0 : 01 a3 82 01 85 30 82 01 81 30 09 06 03 55 1d 13 .....0...0...U.. 836 02c0 : 04 02 30 00 30 0b 06 03 55 1d 0f 04 04 03 02 05 ..0.0...U....... 837 02d0 : a0 30 46 06 03 55 1d 1f 04 3f 30 3d 30 3b a0 39 .0F..U....0=0;.9 838 02e0 : a0 37 86 35 68 74 74 70 3a 2f 2f 63 72 6c 2e 76 .7.5http://crl.v 839 02f0 : 65 72 69 73 69 67 6e 2e 63 6f 6d 2f 43 6c 61 73 erisign.com/Clas 840 0300 : 73 33 49 6e 74 65 72 6e 61 74 69 6f 6e 61 6c 53 s3InternationalS 841 0310 : 65 72 76 65 72 2e 63 72 6c 30 44 06 03 55 1d 20 erver.crl0D..U. 842 0320 : 04 3d 30 3b 30 39 06 0b 60 86 48 01 86 f8 45 01 .=0;09..`.H...E. 843 0330 : 07 17 03 30 2a 30 28 06 08 2b 06 01 05 05 07 02 ...0*0(..+...... 844 0340 : 01 16 1c 68 74 74 70 73 3a 2f 2f 77 77 77 2e 76 ...https://www.v 845 0350 : 65 72 69 73 69 67 6e 2e 63 6f 6d 2f 72 70 61 30 erisign.com/rpa0 846 0360 : 34 06 03 55 1d 25 04 2d 30 2b 06 09 60 86 48 01 4..U.%.-0+..`.H. 847 0370 : 86 f8 42 04 01 06 0a 2b 06 01 04 01 82 37 0a 03 ..B....+.....7.. 848 0380 : 03 06 08 2b 06 01 05 05 07 03 01 06 08 2b 06 01 ...+.........+.. 849 0390 : 05 05 07 03 02 30 34 06 08 2b 06 01 05 05 07 01 .....04..+...... 850 03a0 : 01 04 28 30 26 30 24 06 08 2b 06 01 05 05 07 30 ..(0&0$..+.....0 851 03b0 : 01 86 18 68 74 74 70 3a 2f 2f 6f 63 73 70 2e 76 ...http://ocsp.v 852 03c0 : 65 72 69 73 69 67 6e 2e 63 6f 6d 30 6d 06 08 2b erisign.com0m..+ 853 03d0 : 06 01 05 05 07 01 0c 04 61 30 5f a1 5d a0 5b 30 ........a0_.].[0 854 03e0 : 59 30 57 30 55 16 09 69 6d 61 67 65 2f 67 69 66 Y0W0U..image/gif 855 03f0 : 30 21 30 1f 30 07 06 05 2b 0e 03 02 1a 04 14 8f 0!0.0...+....... 856 0400 : e5 d3 1a 86 ac 8d 8e 6b c3 cf 80 6a d4 48 18 2c .......k...j.H., 857 0410 : 7b 19 2e 30 25 16 23 68 74 74 70 3a 2f 2f 6c 6f {..0%.#http://lo 858 0420 : 67 6f 2e 76 65 72 69 73 69 67 6e 2e 63 6f 6d 2f go.verisign.com/ 859 0430 : 76 73 6c 6f 67 6f 2e 67 69 66 30 0d 06 09 2a 86 vslogo.gif0...*. 860 0440 : 48 86 f7 0d 01 01 05 05 00 03 81 81 00 45 bc 3c H............E.< 861 0450 : a1 80 f8 f9 30 d4 97 09 dd 21 22 55 13 b1 a7 fd ....0....!"U.... 862 0460 : b2 c4 7a 13 6a 65 7d 86 f1 5f ec 9a 27 e3 bf da ..z.je}.._..'... 863 0470 : 0c e7 cc 64 cd b5 21 0e d1 5e 77 80 8f 73 6c b0 ...d..!..^w..sl. 864 0480 : 1b d9 1b 70 e2 c5 46 22 0a d3 c5 9e 42 6e 16 20 ...p..F"....Bn. 865 0490 : 43 e7 c3 a2 7c 9c 7a c0 f5 be c3 d5 a5 4f 3e 78 C...|.z......O>x 866 04a0 : 2d f8 ac 7c 8f 05 73 66 cb 81 a0 42 28 f8 06 01 -..|..sf...B(... 867 04b0 : 3a b5 8c 6c 34 1e d0 61 58 43 25 e0 fc d1 46 4d :..l4..aXC%...FM 868 04c0 : 7e 1b 36 23 03 bb d6 4d 61 d8 d7 aa 05 00 03 87 ~.6#...Ma....... 869 04d0 : 30 82 03 83 30 82 02 ec a0 03 02 01 02 02 10 25 0...0..........% 870 04e0 : 4b 8a 85 38 42 cc e3 58 f8 c5 dd ae 22 6e a4 30 K..8B..X...."n.0 871 04f0 : 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 30 5f ...*.H........0_ 872 0500 : 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 17 30 1.0...U....US1.0 873 0510 : 15 06 03 55 04 0a 13 0e 56 65 72 69 53 69 67 6e ...U....VeriSign 874 0520 : 2c 20 49 6e 63 2e 31 37 30 35 06 03 55 04 0b 13 , Inc.1705..U... 875 0530 : 2e 43 6c 61 73 73 20 33 20 50 75 62 6c 69 63 20 .Class 3 Public 876 0540 : 50 72 69 6d 61 72 79 20 43 65 72 74 69 66 69 63 Primary Certific 877 0550 : 61 74 69 6f 6e 20 41 75 74 68 6f 72 69 74 79 30 ation Authority0 878 0560 : 1e 17 0d 39 37 30 34 31 37 30 30 30 30 30 30 5a ...970417000000Z 879 0570 : 17 0d 31 31 31 30 32 34 32 33 35 39 35 39 5a 30 ..111024235959Z0 880 0580 : 81 ba 31 1f 30 1d 06 03 55 04 0a 13 16 56 65 72 ..1.0...U....Ver 881 0590 : 69 53 69 67 6e 20 54 72 75 73 74 20 4e 65 74 77 iSign Trust Netw 882 05a0 : 6f 72 6b 31 17 30 15 06 03 55 04 0b 13 0e 56 65 ork1.0...U....Ve 883 05b0 : 72 69 53 69 67 6e 2c 20 49 6e 63 2e 31 33 30 31 riSign, Inc.1301 884 05c0 : 06 03 55 04 0b 13 2a 56 65 72 69 53 69 67 6e 20 ..U...*VeriSign 885 05d0 : 49 6e 74 65 72 6e 61 74 69 6f 6e 61 6c 20 53 65 International Se 886 05e0 : 72 76 65 72 20 43 41 20 2d 20 43 6c 61 73 73 20 rver CA - Class 887 05f0 : 33 31 49 30 47 06 03 55 04 0b 13 40 77 77 77 2e 31I0G..U...@www. 888 0600 : 76 65 72 69 73 69 67 6e 2e 63 6f 6d 2f 43 50 53 verisign.com/CPS 889 0610 : 20 49 6e 63 6f 72 70 2e 62 79 20 52 65 66 2e 20 Incorp.by Ref. 890 0620 : 4c 49 41 42 49 4c 49 54 59 20 4c 54 44 2e 28 63 LIABILITY LTD.(c 891 0630 : 29 39 37 20 56 65 72 69 53 69 67 6e 30 81 9f 30 )97 VeriSign0..0 892 0640 : 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 ...*.H.......... 893 0650 : 8d 00 30 81 89 02 81 81 00 d8 82 80 e8 d6 19 02 ..0............. 894 0660 : 7d 1f 85 18 39 25 a2 65 2b e1 bf d4 05 d3 bc e6 }...9%.e+....... 895 0670 : 36 3b aa f0 4c 6c 5b b6 e7 aa 3c 73 45 55 b2 f1 6;..Ll[....(....;..MN 899 06b0 : 39 f7 5c 49 5a b8 c1 1d d3 b2 8a fe 70 30 95 42 9.\IZ.......p0.B 900 06c0 : cb fe 2b 51 8b 5a 3c 3a f9 22 4f 90 b2 02 a7 53 ..+Q.Z<:."O....S 901 06d0 : 9c 4f 34 e7 ab 04 b2 7b 6f 02 03 01 00 01 a3 81 .O4....{o....... 902 06e0 : e3 30 81 e0 30 0f 06 03 55 1d 13 04 08 30 06 01 .0..0...U....0.. 903 06f0 : 01 ff 02 01 00 30 44 06 03 55 1d 20 04 3d 30 3b .....0D..U. .=0; 904 0700 : 30 39 06 0b 60 86 48 01 86 f8 45 01 07 01 01 30 09..`.H...E....0 905 0710 : 2a 30 28 06 08 2b 06 01 05 05 07 02 01 16 1c 68 *0(..+.........h 906 0720 : 74 74 70 73 3a 2f 2f 77 77 77 2e 76 65 72 69 73 ttps://www.veris 907 0730 : 69 67 6e 2e 63 6f 6d 2f 43 50 53 30 34 06 03 55 ign.com/CPS04..U 908 0740 : 1d 25 04 2d 30 2b 06 08 2b 06 01 05 05 07 03 01 .%.-0+..+....... 909 0750 : 06 08 2b 06 01 05 05 07 03 02 06 09 60 86 48 01 ..+.........`.H. 910 0760 : 86 f8 42 04 01 06 0a 60 86 48 01 86 f8 45 01 08 ..B....`.H...E.. 911 0770 : 01 30 0b 06 03 55 1d 0f 04 04 03 02 01 06 30 11 .0...U........0. 912 0780 : 06 09 60 86 48 01 86 f8 42 01 01 04 04 03 02 01 ..`.H...B....... 913 0790 : 06 30 31 06 03 55 1d 1f 04 2a 30 28 30 26 a0 24 .01..U...*0(0&.$ 914 07a0 : a0 22 86 20 68 74 74 70 3a 2f 2f 63 72 6c 2e 76 .". http://crl.v 915 07b0 : 65 72 69 73 69 67 6e 2e 63 6f 6d 2f 70 63 61 33 erisign.com/pca3 916 07c0 : 2e 63 72 6c 30 0d 06 09 2a 86 48 86 f7 0d 01 01 .crl0...*.H..... 917 07d0 : 05 05 00 03 81 81 00 08 01 ec e4 68 94 03 42 f1 ...........h..B. 918 07e0 : 73 f1 23 a2 3a de e9 f1 da c6 54 c4 23 3e 86 ea s.#.:.....T.#>.. 920 07f0 : cf 6a 3a 33 ab ea 9c 04 14 07 36 06 0b f9 88 6f .j:3......6....o 921 0800 : d5 13 ee 29 2b c3 e4 72 8d 44 ed d1 ac 20 09 2d ...)+..r.D... .- 922 0810 : e1 f6 e1 19 05 38 b0 3d 0f 9f 7f f8 9e 02 dc 86 .....8.=........ 923 0820 : 02 86 61 4e 26 5f 5e 9f 92 1e 0c 24 a4 f5 d0 70 ..aN&_^....$...p 924 0830 : 13 cf 26 c3 43 3d 49 1d 9e 82 2e 52 5f bc 3e c6 ..&.C=I....R_.>. 925 0840 : 66 29 01 8e 4e 92 2c bc 46 75 03 82 ac 73 e9 d9 f)..N.,.Fu...s.. 926 0850 : 7e 0b 67 ef 54 52 1a 00 02 40 30 82 02 3c 30 82 ~.g.TR...@0..<0. 927 0860 : 01 a5 02 10 70 ba e4 1d 10 d9 29 34 b6 38 ca 7b ....p.....)4.8.{ 928 0870 : 03 cc ba bf 30 0d 06 09 2a 86 48 86 f7 0d 01 01 ....0...*.H..... 929 0880 : 02 05 00 30 5f 31 0b 30 09 06 03 55 04 06 13 02 ...0_1.0...U.... 930 0890 : 55 53 31 17 30 15 06 03 55 04 0a 13 0e 56 65 72 US1.0...U....Ver 931 08a0 : 69 53 69 67 6e 2c 20 49 6e 63 2e 31 37 30 35 06 iSign, Inc.1705. 932 08b0 : 03 55 04 0b 13 2e 43 6c 61 73 73 20 33 20 50 75 .U....Class 3 Pu 933 08c0 : 62 6c 69 63 20 50 72 69 6d 61 72 79 20 43 65 72 blic Primary Cer 934 08d0 : 74 69 66 69 63 61 74 69 6f 6e 20 41 75 74 68 6f tification Autho 935 08e0 : 72 69 74 79 30 1e 17 0d 39 36 30 31 32 39 30 30 rity0...96012900 936 08f0 : 30 30 30 30 5a 17 0d 32 38 30 38 30 31 32 33 35 0000Z..280801235 937 0900 : 39 35 39 5a 30 5f 31 0b 30 09 06 03 55 04 06 13 959Z0_1.0...U... 938 0910 : 02 55 53 31 17 30 15 06 03 55 04 0a 13 0e 56 65 .US1.0...U....Ve 939 0920 : 72 69 53 69 67 6e 2c 20 49 6e 63 2e 31 37 30 35 riSign, Inc.1705 940 0930 : 06 03 55 04 0b 13 2e 43 6c 61 73 73 20 33 20 50 ..U....Class 3 P 941 0940 : 75 62 6c 69 63 20 50 72 69 6d 61 72 79 20 43 65 ublic Primary Ce 942 0950 : 72 74 69 66 69 63 61 74 69 6f 6e 20 41 75 74 68 rtification Auth 943 0960 : 6f 72 69 74 79 30 81 9f 30 0d 06 09 2a 86 48 86 ority0..0...*.H. 944 0970 : f7 0d 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 ...........0.... 945 0980 : 81 00 c9 5c 59 9e f2 1b 8a 01 14 b4 10 df 04 40 ...\Y..........@ 946 0990 : db e3 57 af 6a 45 40 8f 84 0c 0b d1 33 d9 d9 11 ..W.jE@.....3... 947 09a0 : cf ee 02 58 1f 25 f7 2a a8 44 05 aa ec 03 1f 78 ...X.%.*.D.....x 948 09b0 : 7f 9e 93 b9 9a 00 aa 23 7d d6 ac 85 a2 63 45 c7 .......#}....cE. 949 09c0 : 72 27 cc f4 4c c6 75 71 d2 39 ef 4f 42 f0 75 df r'..L.uq.9.OB.u. 950 09d0 : 0a 90 c6 8e 20 6f 98 0f .... o.. 952 S : received 198 bytes (Certificate part 2) 953 0000 : f8 ac 23 5f 70 29 36 a4 c9 86 e7 b1 9a 20 cb 53 ..#_p)6...... .S 954 0010 : a5 85 e7 3d be 7d 9a fe 24 45 33 dc 76 15 ed 0f ...=.}..$E3.v... 955 0020 : a2 71 64 4c 65 2e 81 68 45 a7 02 03 01 00 01 30 .qdLe..hE......0 956 0030 : 0d 06 09 2a 86 48 86 f7 0d 01 01 02 05 00 03 81 ...*.H.......... 957 0040 : 81 00 bb 4c 12 2b cf 2c 26 00 4f 14 13 dd a6 fb ...L.+.,&.O..... 958 0050 : fc 0a 11 84 8c f3 28 1c 67 92 2f 7c b6 c5 fa df ......(.g./|.... 959 0060 : f0 e8 95 bc 1d 8f 6c 2c a8 51 cc 73 d8 a4 c0 53 ......l,.Q.s...S 960 0070 : f0 4e d6 26 c0 76 01 57 81 92 5e 21 f1 d1 b1 ff .N.&.v.W..^!.... 961 0080 : e7 d0 21 58 cd 69 17 e3 44 1c 9c 19 44 39 89 5c ..!X.i..D...D9.\ 962 0090 : dc 9c 00 0f 56 8d 02 99 ed a2 90 45 4c e4 bb 10 ....V......EL... 963 00a0 : a4 3d f0 32 03 0e f1 ce f8 e8 c9 51 8c e6 62 9f .=.2.......Q..b. 964 00b0 : e6 9f c0 7d b7 72 9c c9 36 3a 6b 9f 4e a8 ff 64 ...}.r..6:k.N..d 965 00c0 : 0d 64 .d 967 (Hello Done) 969 00c0 : 0e 00 00 00 .... 971 C : Sending 139 bytes (Client Key exchange) 972 0000 : 16 03 01 00 86 10 00 00 82 00 80 43 4b e5 84 c9 ...........CK... 973 0010 : 27 e9 b3 6b 04 d4 54 a7 33 83 70 9f e1 80 c5 24 '..k..T.3.p....$ 974 0020 : fc 3e 9d fe 3d 11 64 14 64 f9 e2 30 68 1e 4d c6 .>..=.d.d..0h.M. 975 0030 : 2d 16 5f a0 25 1e 6a 51 cf 32 42 00 2c 5e e9 58 -._.%.jQ.2B.,^.X 976 0040 : cc 33 ad 2e 9b e9 6b 12 5c 23 ac b1 37 9b 4a 2b .3....k.\#..7.J+ 977 0050 : 28 f9 57 d9 92 89 01 f3 6b 94 a3 18 dc f6 1f e1 (.W.....k....... 978 0060 : f0 68 de 54 de f0 58 e3 7a 58 09 dd 3b 07 f7 df .h.T..X.zX..;... 979 0070 : 5b 62 04 73 38 7c 6c 00 81 61 e7 85 a6 32 9d 45 [b.s8|l..a...2.E 980 0080 : 6b f4 34 00 7d cf d7 7b d0 3e da k.4.}..{.>. 982 C : Sending 6 bytes (Cipher Change) 983 0000 : 14 03 01 00 01 01 ...... 985 C : Plaintext 16 bytes (Finished) 986 0000 : 14 00 00 0c 7c cf 8d 7b 62 76 ab 9a ae b6 e5 6e ....|..{bv.....n 988 C : Sending 53 bytes (Encrypted Finished) 989 0000 : 16 03 01 00 30 6f fd 31 80 51 a9 3d 18 7d 55 ef ....0o.1.Q.=.}U. 990 0010 : 7c 6c 80 07 b2 79 6a 06 39 79 7e 15 7d e8 ee 1f |l...yj.9y~.}... 991 0020 : fd be 68 6a af e2 cd db 47 f9 a6 b8 20 26 b9 03 ..hj....G... &.. 992 0030 : 12 ec d3 c3 fd ..... 994 S : Received 6 bytes (Cipher Change) 995 0000 : 14 03 01 00 01 01 ...... 997 S : Received 53 bytes (Encrypted Finished) 998 0000 : 16 03 01 00 30 a4 11 4c 05 28 3b cc 39 d3 aa 63 ....0..L.(;.9..c 999 0010 : bc 9d 74 f8 9b 8e 1c 6b 5c ee f2 4b 82 e9 ce c9 ..t....k\..K.... 1000 0020 : ce 73 b9 28 c2 2d 84 92 a3 70 5b 5b a8 8b 4f 86 .s.(.-...p[[..O. 1001 0030 : 59 90 bf 39 9f Y..9. 1003 S : Plaintext 16 bytes (Plaintext Finished) 1004 0000 : 14 00 00 0c 78 40 33 0f ae eb f4 e4 19 bd e8 66 ....x@3........f 1006 C : Plaintext 109 bytes (Client Hello requesting TLS 1.0) 1007 0000 : 01 00 00 69 03 01 44 84 9f e0 38 4e 2b 3c 01 4d ...i..D...8N+<.M 1008 0010 : d2 9c c0 03 fd 1f 92 f4 b7 d2 27 61 9e 68 a2 bf ..........'a.h.. 1009 0020 : 7d fc f2 98 5d d6 20 00 00 51 c7 87 47 cd 99 56 }...]. ..Q..G..V 1010 0030 : 93 d3 c5 1b f1 86 bb 19 88 59 e9 58 58 58 58 44 .........Y.XXXXD 1011 0040 : 84 9f e5 00 02 9b ae 00 22 00 35 00 39 00 38 00 ........".5.9.8. 1012 0050 : 37 00 33 00 32 00 31 00 30 00 2f 00 05 00 04 00 7.3.2.1.0./..... 1013 0060 : 13 00 0d 00 16 00 10 00 0a 00 00 01 00 ............. 1015 C : Sending 149 bytes (Encrypted Client Hello, 1016 SSL v3.0 record protocol over TLS 1.0 encrypted connection) 1017 0000 : 16 03 00 00 90 d6 39 9d 73 59 a4 88 61 9d ea f6 ......9.sY..a... 1018 0010 : 43 f0 96 12 86 5d 50 fb 81 8d e7 c5 7d 57 1b d5 C....]P.....}W.. 1019 0020 : a6 f7 24 a9 9d b0 a4 5c 93 60 c3 6a 8f d5 b5 1b ..$....\.`.j.... 1020 0030 : e1 96 af 8f 2e 94 0a 69 05 0c e2 8c 0d c5 a5 31 .......i.......1 1021 0040 : 6f 2b 41 77 8e e8 d3 8e 16 96 87 b7 3d 9d 83 1b o+Aw........=... 1022 0050 : 1e 04 15 27 80 8e 67 05 d3 ee 9f 82 63 13 10 a0 ...'..g.....c... 1023 0060 : 29 70 ce c4 9e c0 22 94 15 39 d8 07 fd 88 0c bb )p...."..9...... 1024 0070 : ff 00 26 34 1f 63 f1 fc 36 5f 30 fe 51 ef f4 78 ..&4.c..6_0.Q..x 1025 0080 : dd df f1 7b c2 91 f9 29 e4 e2 5c 1f 10 98 b8 c8 ...{...)..\..... 1026 0090 : ec cc 13 d9 da ..... 1028 S : Received 5 bytes (SSL v2 Error message) 1029 0000 : 80 03 00 00 01 ..... 1031 A.6. Wrong version expected in RSA Client Key Exchange 1033 Date: June 15, 2006 1035 Server: Stronghold/2.4.2 Apache/1.3.6 C2NetEU/2412 (Unix) 1037 Site: https://www.gotogate.no/ 1039 Highest supported version: TLS 1.0 1041 This server negotiates a TLS 1.0 connection when TLS 1.1 is offered, 1042 but after receiving the RSA Client Key Exchange the server sends a 1043 handshake error and closes the connection, as seen in Appendix A.6.1. 1044 The reason for the error is that the server expects the negotiated 1045 version to be used in the Premaster Secret, not the version used in 1046 the Client Hello, as seen in Appendix A.6.2 1048 A.6.1. Correct Premaster - Connection Failure 1050 This is a normal TLS handshake requesting a TLS 1.1 connection from 1051 the server. The server selects TLS 1.0, but reports a handshake 1052 failure after the Client Key Exchange message has been sent. 1054 C : Sending 82 bytes (Client Hello Requesting TLS 1.1, 1055 in a TLS 1.0 Record) 1056 0000 : 16 03 01 00 4d 01 00 00 49 03 02 44 90 b9 63 a2 ....M...I..D..c. 1057 0010 : 1b bd 07 1d 01 55 3f 8a 9e c9 0a a1 99 dc 8a 1b .....U...?.?.... 1058 0020 : d8 62 dc 07 bc 0c 58 99 0c e0 a4 00 00 22 00 39 .b....X..?...".9 1059 0030 : 00 38 00 37 00 36 00 35 00 33 00 32 00 31 00 30 .8.7.6.5.3.2.1.0 1060 0040 : 00 2f 00 05 00 04 00 13 00 0d 00 16 00 10 00 0a ./.............. 1061 0050 : 01 00 .. 1063 S : Received 948 bytes (Server hello) 1064 0000 : 16 03 01 00 4a 02 00 00 46 03 01 44 90 b8 cb 2f ....J...F..D.??/ 1065 0010 : e2 a7 3e 22 f8 af 5d 62 ca ab c1 6a c1 16 5f 88 ?.>".?]b?.?j?._. 1066 0020 : 64 81 5d 24 52 8b 2f 72 6d 97 c9 20 71 09 06 7d d.]$R./rm.? q..} 1067 0030 : 64 a4 8a ce e7 4c 4b bc 20 e5 db 5e 49 46 9d 51 d..??LK. .?^IF.Q 1068 0040 : 01 bb f6 e1 4c e5 f6 0e bb b9 23 6f 00 05 00 ..........#o... 1070 (Certificate) 1071 0040 : 16 . 1072 0050 : 03 01 03 57 0b 00 03 53 00 03 50 00 03 4d 30 82 ...W...S..P..M0. 1073 0060 : 03 49 30 82 02 b2 a0 03 02 01 02 02 03 3f 84 41 .I0...?........A 1074 0070 : 30 0d 06 09 2a 86 48 86 f7 0d 01 01 04 05 00 30 0...*.H.?......0 1075 0080 : 81 ce 31 0b 30 09 06 03 55 04 06 13 02 5a 41 31 .?1.0...U....ZA1 1076 0090 : 15 30 13 06 03 55 04 08 13 0c 57 65 73 74 65 72 .0...U....Wester 1077 00a0 : 6e 20 43 61 70 65 31 12 30 10 06 03 55 04 07 13 n Cape1.0...U... 1078 00b0 : 09 43 61 70 65 20 54 6f 77 6e 31 1d 30 1b 06 03 .Cape Town1.0... 1079 00c0 : 55 04 0a 13 14 54 68 61 77 74 65 20 43 6f 6e 73 U....Thawte Cons 1080 00d0 : 75 6c 74 69 6e 67 20 63 63 31 28 30 26 06 03 55 ulting cc1(0&..U 1081 00e0 : 04 0b 13 1f 43 65 72 74 69 66 69 63 61 74 69 6f ....Certificatio 1082 00f0 : 6e 20 53 65 72 76 69 63 65 73 20 44 69 76 69 73 n Services Divis 1083 0100 : 69 6f 6e 31 21 30 1f 06 03 55 04 03 13 18 54 68 ion1!0...U....Th 1084 0110 : 61 77 74 65 20 50 72 65 6d 69 75 6d 20 53 65 72 awte Premium Ser 1085 0120 : 76 65 72 20 43 41 31 28 30 26 06 09 2a 86 48 86 ver CA1(0&..*.H. 1086 0130 : f7 0d 01 09 01 16 19 70 72 65 6d 69 75 6d 2d 73 ?......premium-s 1087 0140 : 65 72 76 65 72 40 74 68 61 77 74 65 2e 63 6f 6d erver@thawte.com 1088 0150 : 30 1e 17 0d 30 35 30 36 32 31 31 31 30 37 33 39 0...050621110739 1089 0160 : 5a 17 0d 30 36 30 36 32 31 31 31 30 37 33 39 5a Z..060621110739Z 1090 0170 : 30 5b 31 0b 30 09 06 03 55 04 06 13 02 4e 4f 31 0[1.0...U....NO1 1091 0180 : 0d 30 0b 06 03 55 04 08 13 04 4f 73 6c 6f 31 0d .0...U....Oslo1. 1092 0190 : 30 0b 06 03 55 04 07 13 04 4f 73 6c 6f 31 14 30 0...U....Oslo1.0 1093 01a0 : 12 06 03 55 04 0a 13 0b 47 4f 54 4f 47 41 54 45 ...U....GOTOGATE 1094 01b0 : 20 41 53 31 18 30 16 06 03 55 04 03 13 0f 77 77 AS1.0...U....ww 1095 01c0 : 77 2e 67 6f 74 6f 67 61 74 65 2e 6e 6f 30 81 9f w.gotogate.no0.. 1096 01d0 : 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 0...*.H.?....... 1097 01e0 : 81 8d 00 30 81 89 02 81 81 00 ca e1 b4 e6 2a cb ...0......???.*? 1098 01f0 : 27 c0 d3 17 d0 f8 8b 91 62 f9 97 84 86 b5 9e 0b '??.....b?...... 1099 0200 : 1d df 97 b1 ce 7e 12 25 59 f2 80 d2 bf 8e 7b 56 ....?~.%Y?.??.{V 1100 0210 : d0 cb 3c 1a ba c9 c6 0f 50 5b 17 b6 fd 66 ed c3 .?<.??..P[..?f?? 1101 0220 : 32 29 9b cd bb fd a4 9a 5a c1 67 48 2e 61 fa a6 2).?.?..Z?gH.a?? 1102 0230 : 48 1d ef 63 3c 97 38 6e a5 48 4c d8 e1 fe ec ec H.?c<.8n.HL.?.?? 1103 0240 : ce 49 5a 86 54 43 ff 40 f2 8e 4c 26 35 d8 a3 19 ?IZ.TC?@?.L&5... 1104 0250 : c6 e1 b9 6e ac 45 17 1d 37 32 85 18 d0 e3 41 d8 .?.n.E..72...?A. 1105 0260 : c3 21 7b 67 e7 4f 37 64 f8 a9 02 03 01 00 01 a3 ?!{g?O7d........ 1106 0270 : 81 a6 30 81 a3 30 1d 06 03 55 1d 25 04 16 30 14 .?0..0...U.%..0. 1107 0280 : 06 08 2b 06 01 05 05 07 03 01 06 08 2b 06 01 05 ..+.........+... 1108 0290 : 05 07 03 02 30 40 06 03 55 1d 1f 04 39 30 37 30 ....0@..U...9070 1109 02a0 : 35 a0 33 a0 31 86 2f 68 74 74 70 3a 2f 2f 63 72 5?3?1./http://cr 1110 02b0 : 6c 2e 74 68 61 77 74 65 2e 63 6f 6d 2f 54 68 61 l.thawte.com/Tha 1111 02c0 : 77 74 65 50 72 65 6d 69 75 6d 53 65 72 76 65 72 wtePremiumServer 1112 02d0 : 43 41 2e 63 72 6c 30 32 06 08 2b 06 01 05 05 07 CA.crl02..+..... 1113 02e0 : 01 01 04 26 30 24 30 22 06 08 2b 06 01 05 05 07 ...&0$0"..+..... 1114 02f0 : 30 01 86 16 68 74 74 70 3a 2f 2f 6f 63 73 70 2e 0...http://ocsp. 1115 0300 : 74 68 61 77 74 65 2e 63 6f 6d 30 0c 06 03 55 1d thawte.com0...U. 1116 0310 : 13 01 01 ff 04 02 30 00 30 0d 06 09 2a 86 48 86 ...?..0.0...*.H. 1117 0320 : f7 0d 01 01 04 05 00 03 81 81 00 60 28 92 bc 07 ?..........`(... 1118 0330 : 1f 96 76 d8 26 bd 10 59 8a 02 17 f3 a3 60 bc fc ..v.&..Y...?.`.. 1119 0340 : 2a 4e b1 41 17 85 b3 b2 b0 4d db 43 d8 a4 f2 a9 *N.A....?M?C..?. 1120 0350 : 7d 41 80 6d e7 fd ac 13 65 59 8c f3 81 6b 7c 0a }A.m??..eY.?.k|. 1121 0360 : b7 17 0d 00 4e 71 f4 84 f5 d2 30 b1 98 34 4b 2c ?...Nq?.??0..4K, 1122 0370 : b0 d0 0b 6d 85 e9 4d 6d 10 56 90 bd 36 b5 f3 5e ?..m.?Mm.V..6.?^ 1123 0380 : ed 21 72 93 21 fc 90 d9 78 92 08 8b 6b b2 e9 0c ?!r.!..?x...k.?. 1124 0390 : 5a 19 54 b9 1a c9 ed c2 59 72 44 d3 13 57 08 15 Z.T..???YrD?.W.. 1125 03a0 : 1a 32 dd d9 53 23 85 76 d1 1c 0d 16 03 01 00 04 .2??S#.v?....... 1127 (Hello Done) 1128 03b0 : 0e 00 00 00 .... 1130 C : Plain Premaster Secret (correct version v3.2, from Client Hello) 1131 0000 : 03 02 93 99 39 68 bc 45 f3 a0 d9 1e cd d5 bc 51 ....9h.E???.??.Q 1132 0010 : 6b 79 b4 c5 c9 98 52 44 c0 57 ba 60 67 b3 bb dd ky?.?.RD?W?`g..? 1133 0020 : 05 56 e8 79 93 78 39 ba 44 27 7e 1d 07 46 6b 4d .V?y.x9?D'~..FkM 1135 C : Sending 139 bytes (Client Key Exchange) 1136 0000 : 16 03 01 00 86 10 00 00 82 00 80 17 2c 16 c7 3b ............,.?; 1137 0010 : fc c9 29 da e1 21 37 c6 86 93 46 2c 94 1d b8 eb .?)??!7...F,..?? 1138 0020 : 06 8a 78 05 80 af 60 5b 6b 73 fb c1 56 b4 8e 21 ..x..?`[ks??V?.! 1139 0030 : 91 56 51 62 9d f0 b1 f6 28 45 5a 25 ab 7e 4e 1d .VQb....(EZ%.~N. 1140 0040 : 2c 93 e4 01 f5 3e df d3 31 5b 3e b8 41 95 21 95 ,...?>.?1[>?A.!. 1141 0050 : e5 c4 d0 5b 6f 12 36 eb c8 44 8f 16 cf a3 9a c8 ...[o.6??D..?..? 1142 0060 : 8a 70 bc 60 b2 ca 1d d3 1b 8b d3 49 4f 0a 72 d7 .p.`.?.?..?IO.r? 1143 0070 : ca 87 99 1b 73 4d 1b 32 bc ed 9a 6f 85 da f3 bd ?...sM.2.?.o.??. 1144 0080 : c7 d5 a5 e4 e7 13 9d 9b a4 a3 27 ??..?.....' 1146 C : Sending 6 bytes (Cipher Change) 1147 0000 : 14 03 01 00 01 01 ...... 1149 C : Plaintext 16 bytes (Finished) 1150 0000 : 14 00 00 0c c4 be 77 0b e5 a1 c1 7c 17 e8 67 04 ......w..??|.?g. 1152 C : Sending 41 bytes (Encrypted Finished) 1153 0000 : 16 03 01 00 24 ee 6c e2 94 6e 17 d0 7f 86 dd a0 ....$?l?.n....?? 1154 0010 : 1b 09 18 4c 6b ed be 1e 22 38 a6 08 56 56 18 66 ...Lk?.."8?.VV.f 1155 0020 : 31 bd 78 8d 7e c5 27 77 f0 1.x.~.'w. 1157 S : Received 7 bytes (Handshake Failure Alert, 20) 1158 0000 : 15 03 01 00 02 02 14 ....... 1160 A.6.2. Wrong Premaster - Connection Success 1162 This example uses the same handshake parameters as Appendix A.6.1, 1163 but (incorrectly) uses the negotiated version in the RSA Client Key 1164 Exchange Premaster Secret, not the Client Hello version. 1166 C : Sending 82 bytes (Client Hello requesting TLS 1.1, 1167 in a TLS 1.0 Record) 1168 0000 : 16 03 01 00 4d 01 00 00 49 03 02 44 90 ba 62 c9 ....M...I..D.?b? 1169 0010 : 90 f9 f6 58 77 e4 47 4d 54 68 d0 34 2d 58 01 58 .?.Xw.GMTh.4-X.X 1170 0020 : 58 75 9d 2d a9 7f 7f b0 31 79 2c 00 00 22 00 39 Xu.-...?1y,..".9 1171 0030 : 00 38 00 37 00 36 00 35 00 33 00 32 00 31 00 30 .8.7.6.5.3.2.1.0 1172 0040 : 00 2f 00 05 00 04 00 13 00 0d 00 16 00 10 00 0a ./.............. 1173 0050 : 01 00 .. 1175 S : Received 948 bytes (Server Hello TLS 1.0) 1176 0000 : 16 03 01 00 4a 02 00 00 46 03 01 44 90 b9 ca c7 ....J...F..D..?? 1177 0010 : e2 39 41 9b 19 83 f1 da 9f 28 19 44 4b 1e aa 60 ?9A...??.(.DK.?` 1178 0020 : 16 8b d4 e5 a3 76 22 44 3f 99 12 20 2a c7 7a ed ..?..v"D... *?z? 1179 0030 : b1 22 97 0f 50 4d ee b1 a7 78 10 8c 59 aa bf 16 ."..PM?..x..Y??. 1180 0040 : a5 19 75 bc f8 b1 6a eb 68 f6 0f 3d 00 05 00 ..u...j?h..=... 1182 (Certificate) 1183 0040 : 16 . 1184 0050 : 03 01 03 57 0b 00 03 53 00 03 50 00 03 4d 30 82 ...W...S..P..M0. 1185 0060 : 03 49 30 82 02 b2 a0 03 02 01 02 02 03 3f 84 41 .I0...?........A 1186 0070 : 30 0d 06 09 2a 86 48 86 f7 0d 01 01 04 05 00 30 0...*.H.?......0 1187 0080 : 81 ce 31 0b 30 09 06 03 55 04 06 13 02 5a 41 31 .?1.0...U....ZA1 1188 0090 : 15 30 13 06 03 55 04 08 13 0c 57 65 73 74 65 72 .0...U....Wester 1189 00a0 : 6e 20 43 61 70 65 31 12 30 10 06 03 55 04 07 13 n Cape1.0...U... 1190 00b0 : 09 43 61 70 65 20 54 6f 77 6e 31 1d 30 1b 06 03 .Cape Town1.0... 1191 00c0 : 55 04 0a 13 14 54 68 61 77 74 65 20 43 6f 6e 73 U....Thawte Cons 1192 00d0 : 75 6c 74 69 6e 67 20 63 63 31 28 30 26 06 03 55 ulting cc1(0&..U 1193 00e0 : 04 0b 13 1f 43 65 72 74 69 66 69 63 61 74 69 6f ....Certificatio 1194 00f0 : 6e 20 53 65 72 76 69 63 65 73 20 44 69 76 69 73 n Services Divis 1195 0100 : 69 6f 6e 31 21 30 1f 06 03 55 04 03 13 18 54 68 ion1!0...U....Th 1196 0110 : 61 77 74 65 20 50 72 65 6d 69 75 6d 20 53 65 72 awte Premium Ser 1197 0120 : 76 65 72 20 43 41 31 28 30 26 06 09 2a 86 48 86 ver CA1(0&..*.H. 1198 0130 : f7 0d 01 09 01 16 19 70 72 65 6d 69 75 6d 2d 73 ?......premium-s 1199 0140 : 65 72 76 65 72 40 74 68 61 77 74 65 2e 63 6f 6d erver@thawte.com 1200 0150 : 30 1e 17 0d 30 35 30 36 32 31 31 31 30 37 33 39 0...050621110739 1201 0160 : 5a 17 0d 30 36 30 36 32 31 31 31 30 37 33 39 5a Z..060621110739Z 1202 0170 : 30 5b 31 0b 30 09 06 03 55 04 06 13 02 4e 4f 31 0[1.0...U....NO1 1203 0180 : 0d 30 0b 06 03 55 04 08 13 04 4f 73 6c 6f 31 0d .0...U....Oslo1. 1204 0190 : 30 0b 06 03 55 04 07 13 04 4f 73 6c 6f 31 14 30 0...U....Oslo1.0 1205 01a0 : 12 06 03 55 04 0a 13 0b 47 4f 54 4f 47 41 54 45 ...U....GOTOGATE 1206 01b0 : 20 41 53 31 18 30 16 06 03 55 04 03 13 0f 77 77 AS1.0...U....ww 1207 01c0 : 77 2e 67 6f 74 6f 67 61 74 65 2e 6e 6f 30 81 9f w.gotogate.no0.. 1209 01d0 : 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 0...*.H.?....... 1210 01e0 : 81 8d 00 30 81 89 02 81 81 00 ca e1 b4 e6 2a cb ...0......???.*? 1211 01f0 : 27 c0 d3 17 d0 f8 8b 91 62 f9 97 84 86 b5 9e 0b '??.....b?...... 1212 0200 : 1d df 97 b1 ce 7e 12 25 59 f2 80 d2 bf 8e 7b 56 ....?~.%Y?.??.{V 1213 0210 : d0 cb 3c 1a ba c9 c6 0f 50 5b 17 b6 fd 66 ed c3 .?<.??..P[..?f?? 1214 0220 : 32 29 9b cd bb fd a4 9a 5a c1 67 48 2e 61 fa a6 2).?.?..Z?gH.a?? 1215 0230 : 48 1d ef 63 3c 97 38 6e a5 48 4c d8 e1 fe ec ec H.?c<.8n.HL.?.?? 1216 0240 : ce 49 5a 86 54 43 ff 40 f2 8e 4c 26 35 d8 a3 19 ?IZ.TC?@?.L&5... 1217 0250 : c6 e1 b9 6e ac 45 17 1d 37 32 85 18 d0 e3 41 d8 .?.n.E..72...?A. 1218 0260 : c3 21 7b 67 e7 4f 37 64 f8 a9 02 03 01 00 01 a3 ?!{g?O7d........ 1219 0270 : 81 a6 30 81 a3 30 1d 06 03 55 1d 25 04 16 30 14 .?0..0...U.%..0. 1220 0280 : 06 08 2b 06 01 05 05 07 03 01 06 08 2b 06 01 05 ..+.........+... 1221 0290 : 05 07 03 02 30 40 06 03 55 1d 1f 04 39 30 37 30 ....0@..U...9070 1222 02a0 : 35 a0 33 a0 31 86 2f 68 74 74 70 3a 2f 2f 63 72 5?3?1./http://cr 1223 02b0 : 6c 2e 74 68 61 77 74 65 2e 63 6f 6d 2f 54 68 61 l.thawte.com/Tha 1224 02c0 : 77 74 65 50 72 65 6d 69 75 6d 53 65 72 76 65 72 wtePremiumServer 1225 02d0 : 43 41 2e 63 72 6c 30 32 06 08 2b 06 01 05 05 07 CA.crl02..+..... 1226 02e0 : 01 01 04 26 30 24 30 22 06 08 2b 06 01 05 05 07 ...&0$0"..+..... 1227 02f0 : 30 01 86 16 68 74 74 70 3a 2f 2f 6f 63 73 70 2e 0...http://ocsp. 1228 0300 : 74 68 61 77 74 65 2e 63 6f 6d 30 0c 06 03 55 1d thawte.com0...U. 1229 0310 : 13 01 01 ff 04 02 30 00 30 0d 06 09 2a 86 48 86 ...?..0.0...*.H. 1230 0320 : f7 0d 01 01 04 05 00 03 81 81 00 60 28 92 bc 07 ?..........`(... 1231 0330 : 1f 96 76 d8 26 bd 10 59 8a 02 17 f3 a3 60 bc fc ..v.&..Y...?.`.. 1232 0340 : 2a 4e b1 41 17 85 b3 b2 b0 4d db 43 d8 a4 f2 a9 *N.A....?M?C..?. 1233 0350 : 7d 41 80 6d e7 fd ac 13 65 59 8c f3 81 6b 7c 0a }A.m??..eY.?.k|. 1234 0360 : b7 17 0d 00 4e 71 f4 84 f5 d2 30 b1 98 34 4b 2c ?...Nq?.??0..4K, 1235 0370 : b0 d0 0b 6d 85 e9 4d 6d 10 56 90 bd 36 b5 f3 5e ?..m.?Mm.V..6.?^ 1236 0380 : ed 21 72 93 21 fc 90 d9 78 92 08 8b 6b b2 e9 0c ?!r.!..?x...k.?. 1237 0390 : 5a 19 54 b9 1a c9 ed c2 59 72 44 d3 13 57 08 15 Z.T..???YrD?.W.. 1238 03a0 : 1a 32 dd d9 53 23 85 76 d1 1c 0d 16 03 01 00 04 .2??S#.v?....... 1240 (Hello Done) 1241 03b0 : 0e 00 00 00 .... 1243 C : Plain Premaster Secret (Wrong version v3.1, negotiated version) 1244 0000 : 03 01 9d 41 00 f3 76 57 07 9b 68 f9 d2 2d 5e 49 ...A.?vW..h??-^I 1245 0010 : 9f 09 20 02 f6 b2 bf a2 c5 cb c7 6c 0f 2f 0c e2 .. ...?..??l./.? 1246 0020 : 95 92 27 2d a3 0b 9f 33 cc 17 5b 28 72 1b 12 42 ..'-...3?.[(r..B 1248 C : Sending 139 bytes (Client Key Exchange) 1249 0000 : 16 03 01 00 86 10 00 00 82 00 80 1c b1 e5 ca 77 ..............?w 1250 0010 : 7f 30 81 80 70 1d 5f 39 26 5b d7 c4 5e db 46 73 .0..p._9&[?.^?Fs 1251 0020 : be 48 1a eb 92 fa 95 cd dc 23 f4 2a fe 7c 25 7f .H.?.?.?.#?*.|%. 1252 0030 : 0d d4 22 1f 48 f6 77 c2 a2 e4 53 49 ea f8 bf c4 .?".H.w?..SI?.?. 1253 0040 : cf 34 12 98 46 93 d9 e2 b3 bc 10 f8 f3 c0 16 6e ?4..F.??....??.n 1254 0050 : 18 40 f7 8d c0 27 11 1f 04 30 f5 9b cd 42 c8 e5 .@?.?'...0?.?B?. 1255 0060 : 1a e1 de 58 90 e6 b2 90 d4 89 19 ec bc 6b 29 cb .?.X....?..?.k)? 1256 0070 : 4d 62 01 38 26 ae 15 1c f5 21 13 b6 99 33 86 01 Mb.8&...?!...3.. 1258 0080 : 66 1b a3 10 e2 1d 72 c2 10 7e 64 f...?.r?.~d 1260 C : Sending 6 bytes (Cipher Change) 1261 0000 : 14 03 01 00 01 01 ...... 1263 C : Plain Finished 1264 0000 : 14 00 00 0c e8 e7 48 a2 d4 6e 0f a0 70 bf 3e 05 ....??H.?n.?p?>. 1266 C : Sending 41 bytes (Encrypted Finished) 1267 0000 : 16 03 01 00 24 6f 2f 39 d4 7d 78 84 89 15 c8 92 ....$o/9?}x...?. 1268 0010 : bc de af 63 c9 53 2e c6 d6 27 01 5d 3c 96 00 1a ..?c?S...'.]<... 1269 0020 : ca e0 66 11 43 55 4e 2a ab ??f.CUN*. 1271 S : Received 47 bytes (Cipher Change, Encrypted Finished) 1272 0000 : 14 03 01 00 01 01 16 03 01 00 24 e7 6f 04 fc c8 ..........$?o..? 1273 0010 : 9b c3 62 ae 27 bc cc 1a a0 01 f0 16 f3 7a cf cd .?b.'.?.?...?z?? 1274 0020 : f7 8c db 16 60 4a a3 7b 3e c2 66 ad ef c6 f8 ?.?.`J.{>?f??.. 1276 S : Plaintext 16 bytes (Plaintext Finished) 1277 0000 : 14 00 00 0c be 82 73 55 1b 12 ce 7c 25 02 4c af ......sU..?|%.L? 1279 1281 A.7. Refusing to accept compression methods 1283 Contributed by: Pasi Eronen 1285 This example shows a TLS 1.0 client that requests LZS compression 1286 [RFC3943] (code 64) and the Null method. The server responds with a 1287 Handshake Failure Alert message. 1289 C: Sending 53 bytes: (TLS 1.0 Client hello, in TLS 1.0 Record, requesting 1290 LZS (code 64) and Null compression methods) 1291 0000 : 16 03 01 00 30 01 00 00 2c 03 01 6b c6 db 2a 4c 1292 0000 : 64 3e 05 df 2f 15 20 ab 7e e6 7a d1 eb 9c 20 59 1293 0000 : 2a ea 83 d4 3f 37 ea 98 3b 3c 87 00 00 04 00 2f 1294 0000 : 00 0a 02 40 00 1296 S: Received 7 bytes: (Alert message: Handshake failure) 1297 0000 : 15 03 01 00 02 02 28 1299 A.8. Copying the Client Hello Version field 1301 Date: July 22, 2006 1302 Server: (As identifed in the HTTP Server Header) OfficeLine 3.5 1303 Webserver (2.16) 1305 Site: https://ebssl.unibanka.sk 1307 Highest supported version: SSL v3.0 1309 This example shows a specially modified client use a TLS 1.0 Client 1310 Hello, in a TLS 1.0 Record, to request a connection using the 1311 hypothetical SSL v4.0 protocol. Even though the server only supports 1312 SSL v3.0 it incorrectly responds with {4.0} as the selected version. 1313 Similar incorrect selections have been observed for TLS 1.0 and TLS 1314 1.1 versions numbers, which inevitably results in Handshake Failure 1315 errors. 1317 C: Sending 82 bytes (TLS 1.0 Record and TLS 1.0 Client Hello, specifying 1318 non-existen version {4,0} as the highest supported. 1319 0000 : 16 03 02 00 4d 01 00 00 49 04 00 44 c1 6e 9e f8 ....M...I..D.n.. 1320 0010 : 26 c8 01 44 01 be 98 0a 04 03 92 2e 35 46 26 0f &..D........5F&. 1321 0020 : 4e aa c9 0d 14 da 51 f3 b0 56 6f 00 00 22 00 39 N.....Q..Vo..".9 1322 0030 : 00 38 00 37 00 36 00 35 00 33 00 32 00 31 00 30 .8.7.6.5.3.2.1.0 1323 0040 : 00 2f 00 05 00 04 00 13 00 0d 00 16 00 10 00 0a ./.............. 1324 0050 : 01 00 .. 1326 S : Recieved 63 bytes (Server Hello/Record specifying 4.0 as the version, 1327 although the server only supports SSL v3.0 as its highest version) 1328 0000 : 16 04 00 00 3a 02 00 00 36 04 00 44 c1 8b cd 5d ....:...6..D...] 1329 0010 : 53 d3 c0 c8 ef ce cb bd da 0b e5 50 ef fa 21 69 S..........P..!i 1330 0020 : 63 d5 9e 54 7b ad 1f 98 34 5c 56 10 97 d3 90 04 c..T{..4\V..... 1331 0030 : cd 8b c1 44 97 d3 90 04 8d ac 21 00 00 04 00 ...D......!.... 1333 Author's Address 1335 Yngve N. Pettersen 1336 Opera Software ASA 1337 Waldemar Thranes gate 98 1338 N-0175 OSLO, 1339 Norway 1341 Email: yngve@opera.com 1343 Full Copyright Statement 1345 Copyright (C) The Internet Society (2006). 1347 This document is subject to the rights, licenses and restrictions 1348 contained in BCP 78, and except as set forth therein, the authors 1349 retain all their rights. 1351 This document and the information contained herein are provided on an 1352 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 1353 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET 1354 ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, 1355 INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE 1356 INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 1357 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 1359 Intellectual Property 1361 The IETF takes no position regarding the validity or scope of any 1362 Intellectual Property Rights or other rights that might be claimed to 1363 pertain to the implementation or use of the technology described in 1364 this document or the extent to which any license under such rights 1365 might or might not be available; nor does it represent that it has 1366 made any independent effort to identify any such rights. Information 1367 on the procedures with respect to rights in RFC documents can be 1368 found in BCP 78 and BCP 79. 1370 Copies of IPR disclosures made to the IETF Secretariat and any 1371 assurances of licenses to be made available, or the result of an 1372 attempt made to obtain a general license or permission for the use of 1373 such proprietary rights by implementers or users of this 1374 specification can be obtained from the IETF on-line IPR repository at 1375 http://www.ietf.org/ipr. 1377 The IETF invites any interested party to bring to its attention any 1378 copyrights, patents or patent applications, or other proprietary 1379 rights that may cover technology that may be required to implement 1380 this standard. Please address the information to the IETF at 1381 ietf-ipr@ietf.org. 1383 Acknowledgment 1385 Funding for the RFC Editor function is provided by the IETF 1386 Administrative Support Activity (IASA).