multiple issues in handling KeyUpdate messages
Description of problem:
- When the KeyUpdate is fragmented over multiple records interleaved with ApplicationData, GnuTLS does not abort connection (this is requirement from RFC 8446 section 5.1)
- When the initial GET request is split over multiple records with a KeyUpdate in the middle, the connection hangs
- When multiple KeyUpdate messages are sent in connection the server closes the connection
Version of gnutls used:
Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
manual compile on Fedora 28
How reproducible:
use https://github.com/tomato42/tlsfuzzer/pull/501 and https://github.com/tomato42/tlslite-ng/pull/341
run
PYTHONPATH=. python scripts/test-tls13-keyupdate.py '1/4 fragmented keyupdate msg, appdata between' '2/3 fragmented keyupdate msg, appdata between' '3/2 fragmented keyupdate msg, appdata between' 'app data split, conversation with KeyUpdate msg' 'multiple KeyUpdate messages'
Actual results:
tlsfuzzer output
multiple KeyUpdate messages ...
Error encountered while processing node <tlsfuzzer.messages.KeyUpdateGenerator object at 0x7f4faf9d3610> (child: <tlsfuzzer.messages.KeyUpdateGenerator object at 0x7f4faf9d3710>) with last message being: <tlslite.messages.KeyUpdate object at 0x7f4faf9e5e10>
Error while processing
Traceback (most recent call last):
File "scripts/test-tls13-keyupdate.py", line 575, in main
runner.run()
File "/home/hkario/dev/tlsfuzzer/tlsfuzzer/runner.py", line 248, in run
raise AssertionError("Unexpected closure from peer")
AssertionError: Unexpected closure from peer
1/4 fragmented keyupdate msg, appdata between ...
Error encountered while processing node ExpectNewSessionTicket() (child: ExpectNewSessionTicket()) with last message being: <tlslite.messages.Message object at 0x7f4faf9a2c10>
Error while processing
Traceback (most recent call last):
File "scripts/test-tls13-keyupdate.py", line 575, in main
runner.run()
File "/home/hkario/dev/tlsfuzzer/tlsfuzzer/runner.py", line 221, in run
RecordHeader2)))
AssertionError: Unexpected message from peer: ApplicationData(len=685)
app data split, conversation with KeyUpdate msg ...
Error encountered while processing node ExpectNewSessionTicket() (child: ExpectNewSessionTicket()) with last message being: None
Error while processing
Traceback (most recent call last):
File "scripts/test-tls13-keyupdate.py", line 575, in main
runner.run()
File "/home/hkario/dev/tlsfuzzer/tlsfuzzer/runner.py", line 204, in run
"Timeout when waiting for peer message")
AssertionError: Timeout when waiting for peer message
3/2 fragmented keyupdate msg, appdata between ...
Error encountered while processing node ExpectNewSessionTicket() (child: ExpectNewSessionTicket()) with last message being: <tlslite.messages.Message object at 0x7f4faf9a2bd0>
Error while processing
Traceback (most recent call last):
File "scripts/test-tls13-keyupdate.py", line 575, in main
runner.run()
File "/home/hkario/dev/tlsfuzzer/tlsfuzzer/runner.py", line 221, in run
RecordHeader2)))
AssertionError: Unexpected message from peer: ApplicationData(len=685)
2/3 fragmented keyupdate msg, appdata between ...
Error encountered while processing node ExpectNewSessionTicket() (child: ExpectNewSessionTicket()) with last message being: <tlslite.messages.Message object at 0x7f4faf9e5a90>
Error while processing
Traceback (most recent call last):
File "scripts/test-tls13-keyupdate.py", line 575, in main
runner.run()
File "/home/hkario/dev/tlsfuzzer/tlsfuzzer/runner.py", line 221, in run
RecordHeader2)))
AssertionError: Unexpected message from peer: ApplicationData(len=685)
Test with KeyUpdate msg with different msg_type or fragmented msg.
Verify that server will correctly handle updating the keys
or refuse the connection with relevant Alert msg.
version: 1
Test end
successful: 0
failed: 5
'1/4 fragmented keyupdate msg, appdata between'
'2/3 fragmented keyupdate msg, appdata between'
'3/2 fragmented keyupdate msg, appdata between'
'app data split, conversation with KeyUpdate msg'
'multiple KeyUpdate messages'
gnutls output
$ ./gnutls-http-serv --priority NORMAL:+VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:+DHE-PSK:+PSK -p 4433 -a -d 6
Processed 1 CA certificate(s).
|<3>| ASSERT: x509_ext.c[gnutls_subject_alt_names_get]:110
|<3>| ASSERT: x509.c[get_alt_name]:1812
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<3>| ASSERT: x509_ext.c[gnutls_subject_alt_names_get]:110
|<3>| ASSERT: x509.c[get_alt_name]:1812
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<3>| ASSERT: x509_ext.c[gnutls_subject_alt_names_get]:110
|<3>| ASSERT: x509.c[get_alt_name]:1812
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<3>| ASSERT: x509_ext.c[gnutls_subject_alt_names_get]:110
|<3>| ASSERT: x509.c[get_alt_name]:1812
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<3>| ASSERT: attributes.c[_x509_parse_attribute]:103
|<3>| ASSERT: attributes.c[_x509_parse_attribute]:174
|<3>| ASSERT: x509_ext.c[gnutls_subject_alt_names_get]:110
|<3>| ASSERT: x509.c[get_alt_name]:1812
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
HTTP Server listening on IPv4 0.0.0.0 port 4433...done
HTTP Server listening on IPv6 :: port 4433...done
|<5>| REC[0x191e450]: Allocating epoch #0
|<2>| added 6 protocols, 43 ciphersuites, 18 sig algos and 9 groups into priority list
* Accepted connection from IPv4 127.0.0.1 port 60566 on Fri Feb 8 16:47:03 2019
|<5>| REC[0x191e450]: Allocating epoch #1
|<3>| ASSERT: buffers.c[get_last_packet]:1171
|<5>| REC[0x191e450]: SSL 3.0 Handshake packet received. Epoch 0, length: 213
|<5>| REC[0x191e450]: Expected Packet Handshake(22)
|<5>| REC[0x191e450]: Received Packet Handshake(22) with length: 213
|<5>| REC[0x191e450]: Decrypted Packet[0] Handshake(22) with length: 213
|<4>| HSK[0x191e450]: CLIENT HELLO (1) was received. Length 209[209], frag offset 0, frag length: 209, sequence: 0
|<4>| HSK[0x191e450]: Client's version: 3.3
|<4>| EXT[0x191e450]: Parsing extension 'Supported Versions/43' (5 bytes)
|<4>| EXT[0x191e450]: Found version: 3.4
|<4>| EXT[0x191e450]: Negotiated version: 3.4
|<4>| EXT[0x191e450]: Parsing extension 'Supported Groups/10' (4 bytes)
|<4>| EXT[0x191e450]: Received group SECP256R1 (0x17)
|<4>| EXT[0x191e450]: Selected group SECP256R1
|<4>| EXT[0x191e450]: Parsing extension 'Signature Algorithms/13' (6 bytes)
|<4>| EXT[0x191e450]: rcvd signature algo (8.4) RSA-PSS-RSAE-SHA256
|<4>| EXT[0x191e450]: rcvd signature algo (8.9) RSA-PSS-SHA256
|<4>| HSK[0x191e450]: Received safe renegotiation CS
|<2>| checking 13.01 (GNUTLS_AES_128_GCM_SHA256) for compatibility
|<3>| ASSERT: server_name.c[gnutls_server_name_get]:235
|<4>| HSK[0x191e450]: Requested server name: ''
|<4>| HSK[0x191e450]: checking compat of GNUTLS_AES_128_GCM_SHA256 with certificate[3] (RSA-PSS/X.509)
|<4>| checking cert compat with RSA-PSS-RSAE-SHA256
|<4>| checking cert compat with RSA-PSS-SHA256
|<4>| Selected signature algorithm: RSA-PSS-SHA256
|<2>| Selected (RSA-PSS) cert based on ciphersuite 13.1: GNUTLS_AES_128_GCM_SHA256
|<4>| HSK[0x191e450]: Selected cipher suite: GNUTLS_AES_128_GCM_SHA256
|<4>| HSK[0x191e450]: Selected version TLS1.3
|<4>| EXT[0x191e450]: Parsing extension 'Key Share/51' (71 bytes)
|<4>| EXT[0x191e450]: Received key share for SECP256R1
|<4>| HSK[0x191e450]: Selected group SECP256R1 (2)
|<2>| EXT[0x191e450]: server generated SECP256R1 shared key
|<4>| HSK[0x191e450]: Safe renegotiation succeeded
|<4>| HSK[0x191e450]: SessionID: 76c10e78c2db3daf51654b45ef7f4b35ca1eef554f069a4f5c5c610159281254
|<4>| EXT[0x191e450]: Not sending extension (Maximum Record Size/1) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (OCSP Status Request/5) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Client Certificate Type/19) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Server Certificate Type/20) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Supported Groups/10) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Supported EC Point Formats/11) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (SRP/12) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Signature Algorithms/13) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (SRTP/14) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Heartbeat/15) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (ALPN/16) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Encrypt-then-MAC/22) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Extended Master Secret/23) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Session Ticket/35) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Preparing extension (Key Share/51) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: sending key share for SECP256R1
|<4>| EXT[0x191e450]: Sending extension Key Share/51 (69 bytes)
|<4>| EXT[0x191e450]: Preparing extension (Supported Versions/43) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Sending extension Supported Versions/43 (2 bytes)
|<4>| EXT[0x191e450]: Not sending extension (Post Handshake Auth/49) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Safe Renegotiation/65281) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Server Name Indication/0) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Cookie/44) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Early Data/42) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Preparing extension (PSK Key Exchange Modes/45) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Record Size Limit/28) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (ClientHello Padding/21) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Preparing extension (Pre Shared Key/41) for 'TLS 1.3 server hello'
|<4>| HSK[0x191e450]: SERVER HELLO was queued [155 bytes]
|<5>| REC[0x191e450]: Preparing Packet Handshake(22) with length: 155 and min pad: 0
|<5>| REC[0x191e450]: Sent Packet[1] Handshake(22) in epoch 0 and length: 160
|<5>| REC[0x191e450]: Preparing Packet ChangeCipherSpec(20) with length: 1 and min pad: 0
|<5>| REC[0x191e450]: Sent Packet[2] ChangeCipherSpec(20) in epoch 0 and length: 6
|<4>| REC[0x191e450]: Sent ChangeCipherSpec
|<5>| REC[0x191e450]: Initializing epoch #1
|<5>| REC[0x191e450]: Epoch #1 ready
|<4>| HSK[0x191e450]: TLS 1.3 re-key with cipher suite: GNUTLS_AES_128_GCM_SHA256
|<4>| EXT[0x191e450]: Preparing extension (Maximum Record Size/1) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (OCSP Status Request/5) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Preparing extension (Client Certificate Type/19) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Preparing extension (Server Certificate Type/20) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Preparing extension (Supported Groups/10) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (Supported EC Point Formats/11) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (SRP/12) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (Signature Algorithms/13) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Preparing extension (SRTP/14) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Preparing extension (Heartbeat/15) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Preparing extension (ALPN/16) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (Encrypt-then-MAC/22) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (Extended Master Secret/23) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (Session Ticket/35) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (Key Share/51) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (Supported Versions/43) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (Post Handshake Auth/49) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (Safe Renegotiation/65281) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Preparing extension (Server Name Indication/0) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (Cookie/44) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Preparing extension (Early Data/42) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (PSK Key Exchange Modes/45) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Preparing extension (Record Size Limit/28) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (ClientHello Padding/21) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (Pre Shared Key/41) for 'encrypted extensions'
|<4>| HSK[0x191e450]: ENCRYPTED EXTENSIONS was queued [6 bytes]
|<4>| HSK[0x191e450]: CERTIFICATE was queued [874 bytes]
|<4>| checking cert compat with RSA-PSS-RSAE-SHA256
|<4>| checking cert compat with RSA-PSS-SHA256
|<4>| HSK[0x191e450]: signing TLS 1.3 handshake data: using RSA-PSS-SHA256 and PRF: SHA256
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<4>| HSK[0x191e450]: CERTIFICATE VERIFY was queued [264 bytes]
|<4>| HSK[0x191e450]: sending finished
|<4>| HSK[0x191e450]: FINISHED was queued [36 bytes]
|<5>| REC[0x191e450]: Preparing Packet Handshake(22) with length: 6 and min pad: 0
|<5>| REC[0x191e450]: Sent Packet[1] Handshake(22) in epoch 1 and length: 28
|<5>| REC[0x191e450]: Preparing Packet Handshake(22) with length: 874 and min pad: 0
|<5>| REC[0x191e450]: Sent Packet[2] Handshake(22) in epoch 1 and length: 896
|<5>| REC[0x191e450]: Preparing Packet Handshake(22) with length: 264 and min pad: 0
|<5>| REC[0x191e450]: Sent Packet[3] Handshake(22) in epoch 1 and length: 286
|<5>| REC[0x191e450]: Preparing Packet Handshake(22) with length: 36 and min pad: 0
|<5>| REC[0x191e450]: Sent Packet[4] Handshake(22) in epoch 1 and length: 58
|<3>| ASSERT: constate.c[_gnutls_epoch_get]:901
|<5>| REC[0x191e450]: Allocating epoch #2
|<4>| HSK[0x191e450]: unauthenticated session eligible for early start
|<5>| REC[0x191e450]: Initializing epoch #2
|<5>| REC[0x191e450]: Epoch #2 ready
|<4>| HSK[0x191e450]: TLS 1.3 set write key with cipher suite: GNUTLS_AES_128_GCM_SHA256
|<4>| HSK[0x191e450]: switching early to application traffic keys
|<4>| HSK[0x191e450]: NEW SESSION TICKET was queued [235 bytes]
|<5>| REC[0x191e450]: Preparing Packet Handshake(22) with length: 235 and min pad: 0
|<5>| REC[0x191e450]: Sent Packet[1] Handshake(22) in epoch 2 and length: 257
|<3>| ASSERT: buffers.c[get_last_packet]:1171
|<5>| REC[0x191e450]: SSL 3.3 Application Data packet received. Epoch 1, length: 53
|<5>| REC[0x191e450]: Expected Packet Handshake(22)
|<5>| REC[0x191e450]: Received Packet Application Data(23) with length: 53
|<5>| REC[0x191e450]: Decrypted Packet[0] Handshake(22) with length: 36
|<4>| HSK[0x191e450]: FINISHED (20) was received. Length 32[32], frag offset 0, frag length: 32, sequence: 0
|<4>| HSK[0x191e450]: parsing finished
|<4>| HSK[0x191e450]: TLS 1.3 set read key with cipher suite: GNUTLS_AES_128_GCM_SHA256
|<5>| REC[0x191e450]: Start of epoch cleanup
|<5>| REC[0x191e450]: Epoch #0 freed
|<5>| REC[0x191e450]: Epoch #1 freed
|<5>| REC[0x191e450]: End of epoch cleanup
- Description: (TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-SHA256)-(AES-128-GCM)
- Session ID: 68:A7:31:5B:CE:76:9D:FF:0A:40:63:3C:2E:25:D0:23:30:4B:24:3C:FA:9B:93:82:21:17:08:C3:D8:B0:F3:FA
|<3>| ASSERT: server_name.c[gnutls_server_name_get]:235
- Ephemeral EC Diffie-Hellman parameters
- Using curve: SECP256R1
- Curve size: 256 bits
- Version: TLS1.3
- Server Signature: RSA-PSS-SHA256
- Cipher: AES-128-GCM
- MAC: AEAD
|<3>| ASSERT: ocsp-api.c[gnutls_ocsp_status_request_get2]:99
|<3>| ASSERT: ocsp-api.c[gnutls_ocsp_status_request_is_checked]:627
- Options: safe renegotiation,
|<3>| ASSERT: srtp.c[gnutls_srtp_get_selected_profile]:320
|<3>| ASSERT: alpn.c[gnutls_alpn_get_selected_protocol]:255
- Channel binding 'tls-unique':
|<3>| ASSERT: buffers.c[_gnutls_io_read_buffered]:589
|<3>| ASSERT: record.c[_gnutls_recv_int]:1766
|<5>| REC[0x191e450]: SSL 3.3 Application Data packet received. Epoch 2, length: 22
|<5>| REC[0x191e450]: Expected Packet Application Data(23)
|<5>| REC[0x191e450]: Received Packet Application Data(23) with length: 22
|<5>| REC[0x191e450]: Decrypted Packet[0] Handshake(22) with length: 5
|<3>| ASSERT: buffers.c[get_last_packet]:1171
|<4>| HSK[0x191e450]: KEY_UPDATE (24) was received. Length 1[1], frag offset 0, frag length: 1, sequence: 0
|<3>| ASSERT: buffers.c[_gnutls_handshake_io_recv_int]:1431
|<5>| REC[0x191e450]: Start of epoch cleanup
|<5>| REC[0x191e450]: End of epoch cleanup
|<4>| HSK[0x191e450]: received TLS 1.3 key update (1)
|<3>| ASSERT: constate.c[_gnutls_epoch_get]:901
|<5>| REC[0x191e450]: Allocating epoch #4
|<5>| REC[0x191e450]: Initializing epoch #4
|<5>| REC[0x191e450]: Epoch #4 ready
|<4>| HSK[0x191e450]: TLS 1.3 re-key with cipher suite: GNUTLS_AES_128_GCM_SHA256
|<3>| ASSERT: record.c[_gnutls_recv_in_buffers]:1567
|<3>| ASSERT: record.c[_gnutls_recv_int]:1766
|<5>| REC[0x191e450]: SSL 3.3 Application Data packet received. Epoch 4, length: 22
|<5>| REC[0x191e450]: Expected Packet Application Data(23)
|<5>| REC[0x191e450]: Received Packet Application Data(23) with length: 22
|<5>| REC[0x191e450]: Decrypted Packet[0] Handshake(22) with length: 5
|<3>| ASSERT: buffers.c[get_last_packet]:1171
|<4>| HSK[0x191e450]: KEY_UPDATE (24) was received. Length 1[1], frag offset 0, frag length: 1, sequence: 0
|<3>| ASSERT: buffers.c[_gnutls_handshake_io_recv_int]:1431
|<2>| reached maximum number of key updates per second (1)
|<3>| ASSERT: tls13/key_update.c[_gnutls13_recv_key_update]:71
|<3>| ASSERT: handshake-tls13.c[_gnutls13_recv_async_handshake]:668
|<3>| ASSERT: record.c[record_add_to_buffers]:1001
|<3>| ASSERT: record.c[_gnutls_recv_in_buffers]:1567
|<3>| ASSERT: record.c[_gnutls_recv_int]:1766
Error while receiving data
|<5>| REC: Sending Alert[2|80] - Internal error
|<5>| REC[0x191e450]: Preparing Packet Alert(21) with length: 2 and min pad: 0
|<5>| REC[0x191e450]: Sent Packet[2] Alert(21) in epoch 4 and length: 24
Error: Too many handshake packets have been received.
|<5>| REC[0x191e450]: Start of epoch cleanup
|<5>| REC[0x191e450]: Epoch #2 freed
|<5>| REC[0x191e450]: End of epoch cleanup
|<5>| REC[0x191e450]: Epoch #4 freed
|<5>| REC[0x191e450]: Allocating epoch #0
|<2>| added 6 protocols, 43 ciphersuites, 18 sig algos and 9 groups into priority list
* Accepted connection from IPv4 127.0.0.1 port 60568 on Fri Feb 8 16:47:03 2019
|<5>| REC[0x191e450]: Allocating epoch #1
|<3>| ASSERT: buffers.c[get_last_packet]:1171
|<5>| REC[0x191e450]: SSL 3.0 Handshake packet received. Epoch 0, length: 213
|<5>| REC[0x191e450]: Expected Packet Handshake(22)
|<5>| REC[0x191e450]: Received Packet Handshake(22) with length: 213
|<5>| REC[0x191e450]: Decrypted Packet[0] Handshake(22) with length: 213
|<4>| HSK[0x191e450]: CLIENT HELLO (1) was received. Length 209[209], frag offset 0, frag length: 209, sequence: 0
|<4>| HSK[0x191e450]: Client's version: 3.3
|<4>| EXT[0x191e450]: Parsing extension 'Supported Versions/43' (5 bytes)
|<4>| EXT[0x191e450]: Found version: 3.4
|<4>| EXT[0x191e450]: Negotiated version: 3.4
|<4>| EXT[0x191e450]: Parsing extension 'Supported Groups/10' (4 bytes)
|<4>| EXT[0x191e450]: Received group SECP256R1 (0x17)
|<4>| EXT[0x191e450]: Selected group SECP256R1
|<4>| EXT[0x191e450]: Parsing extension 'Signature Algorithms/13' (6 bytes)
|<4>| EXT[0x191e450]: rcvd signature algo (8.4) RSA-PSS-RSAE-SHA256
|<4>| EXT[0x191e450]: rcvd signature algo (8.9) RSA-PSS-SHA256
|<4>| HSK[0x191e450]: Received safe renegotiation CS
|<2>| checking 13.01 (GNUTLS_AES_128_GCM_SHA256) for compatibility
|<3>| ASSERT: server_name.c[gnutls_server_name_get]:235
|<4>| HSK[0x191e450]: Requested server name: ''
|<4>| HSK[0x191e450]: checking compat of GNUTLS_AES_128_GCM_SHA256 with certificate[3] (RSA-PSS/X.509)
|<4>| checking cert compat with RSA-PSS-RSAE-SHA256
|<4>| checking cert compat with RSA-PSS-SHA256
|<4>| Selected signature algorithm: RSA-PSS-SHA256
|<2>| Selected (RSA-PSS) cert based on ciphersuite 13.1: GNUTLS_AES_128_GCM_SHA256
|<4>| HSK[0x191e450]: Selected cipher suite: GNUTLS_AES_128_GCM_SHA256
|<4>| HSK[0x191e450]: Selected version TLS1.3
|<4>| EXT[0x191e450]: Parsing extension 'Key Share/51' (71 bytes)
|<4>| EXT[0x191e450]: Received key share for SECP256R1
|<4>| HSK[0x191e450]: Selected group SECP256R1 (2)
|<2>| EXT[0x191e450]: server generated SECP256R1 shared key
|<4>| HSK[0x191e450]: Safe renegotiation succeeded
|<4>| HSK[0x191e450]: SessionID: e03df868373c7a20217d77d5c335a45a113d370a8c6b42741aa4a97477fcae46
|<4>| EXT[0x191e450]: Not sending extension (Maximum Record Size/1) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (OCSP Status Request/5) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Client Certificate Type/19) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Server Certificate Type/20) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Supported Groups/10) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Supported EC Point Formats/11) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (SRP/12) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Signature Algorithms/13) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (SRTP/14) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Heartbeat/15) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (ALPN/16) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Encrypt-then-MAC/22) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Extended Master Secret/23) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Session Ticket/35) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Preparing extension (Key Share/51) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: sending key share for SECP256R1
|<4>| EXT[0x191e450]: Sending extension Key Share/51 (69 bytes)
|<4>| EXT[0x191e450]: Preparing extension (Supported Versions/43) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Sending extension Supported Versions/43 (2 bytes)
|<4>| EXT[0x191e450]: Not sending extension (Post Handshake Auth/49) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Safe Renegotiation/65281) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Server Name Indication/0) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Cookie/44) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Early Data/42) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Preparing extension (PSK Key Exchange Modes/45) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Record Size Limit/28) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (ClientHello Padding/21) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Preparing extension (Pre Shared Key/41) for 'TLS 1.3 server hello'
|<4>| HSK[0x191e450]: SERVER HELLO was queued [155 bytes]
|<5>| REC[0x191e450]: Preparing Packet Handshake(22) with length: 155 and min pad: 0
|<5>| REC[0x191e450]: Sent Packet[1] Handshake(22) in epoch 0 and length: 160
|<5>| REC[0x191e450]: Preparing Packet ChangeCipherSpec(20) with length: 1 and min pad: 0
|<5>| REC[0x191e450]: Sent Packet[2] ChangeCipherSpec(20) in epoch 0 and length: 6
|<4>| REC[0x191e450]: Sent ChangeCipherSpec
|<5>| REC[0x191e450]: Initializing epoch #1
|<5>| REC[0x191e450]: Epoch #1 ready
|<4>| HSK[0x191e450]: TLS 1.3 re-key with cipher suite: GNUTLS_AES_128_GCM_SHA256
|<4>| EXT[0x191e450]: Preparing extension (Maximum Record Size/1) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (OCSP Status Request/5) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Preparing extension (Client Certificate Type/19) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Preparing extension (Server Certificate Type/20) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Preparing extension (Supported Groups/10) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (Supported EC Point Formats/11) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (SRP/12) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (Signature Algorithms/13) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Preparing extension (SRTP/14) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Preparing extension (Heartbeat/15) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Preparing extension (ALPN/16) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (Encrypt-then-MAC/22) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (Extended Master Secret/23) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (Session Ticket/35) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (Key Share/51) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (Supported Versions/43) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (Post Handshake Auth/49) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (Safe Renegotiation/65281) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Preparing extension (Server Name Indication/0) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (Cookie/44) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Preparing extension (Early Data/42) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (PSK Key Exchange Modes/45) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Preparing extension (Record Size Limit/28) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (ClientHello Padding/21) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (Pre Shared Key/41) for 'encrypted extensions'
|<4>| HSK[0x191e450]: ENCRYPTED EXTENSIONS was queued [6 bytes]
|<4>| HSK[0x191e450]: CERTIFICATE was queued [874 bytes]
|<4>| checking cert compat with RSA-PSS-RSAE-SHA256
|<4>| checking cert compat with RSA-PSS-SHA256
|<4>| HSK[0x191e450]: signing TLS 1.3 handshake data: using RSA-PSS-SHA256 and PRF: SHA256
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<4>| HSK[0x191e450]: CERTIFICATE VERIFY was queued [264 bytes]
|<4>| HSK[0x191e450]: sending finished
|<4>| HSK[0x191e450]: FINISHED was queued [36 bytes]
|<5>| REC[0x191e450]: Preparing Packet Handshake(22) with length: 6 and min pad: 0
|<5>| REC[0x191e450]: Sent Packet[1] Handshake(22) in epoch 1 and length: 28
|<5>| REC[0x191e450]: Preparing Packet Handshake(22) with length: 874 and min pad: 0
|<5>| REC[0x191e450]: Sent Packet[2] Handshake(22) in epoch 1 and length: 896
|<5>| REC[0x191e450]: Preparing Packet Handshake(22) with length: 264 and min pad: 0
|<5>| REC[0x191e450]: Sent Packet[3] Handshake(22) in epoch 1 and length: 286
|<5>| REC[0x191e450]: Preparing Packet Handshake(22) with length: 36 and min pad: 0
|<5>| REC[0x191e450]: Sent Packet[4] Handshake(22) in epoch 1 and length: 58
|<3>| ASSERT: constate.c[_gnutls_epoch_get]:901
|<5>| REC[0x191e450]: Allocating epoch #2
|<4>| HSK[0x191e450]: unauthenticated session eligible for early start
|<5>| REC[0x191e450]: Initializing epoch #2
|<5>| REC[0x191e450]: Epoch #2 ready
|<4>| HSK[0x191e450]: TLS 1.3 set write key with cipher suite: GNUTLS_AES_128_GCM_SHA256
|<4>| HSK[0x191e450]: switching early to application traffic keys
|<4>| HSK[0x191e450]: NEW SESSION TICKET was queued [235 bytes]
|<5>| REC[0x191e450]: Preparing Packet Handshake(22) with length: 235 and min pad: 0
|<5>| REC[0x191e450]: Sent Packet[1] Handshake(22) in epoch 2 and length: 257
|<3>| ASSERT: buffers.c[get_last_packet]:1171
|<5>| REC[0x191e450]: SSL 3.3 Application Data packet received. Epoch 1, length: 53
|<5>| REC[0x191e450]: Expected Packet Handshake(22)
|<5>| REC[0x191e450]: Received Packet Application Data(23) with length: 53
|<5>| REC[0x191e450]: Decrypted Packet[0] Handshake(22) with length: 36
|<4>| HSK[0x191e450]: FINISHED (20) was received. Length 32[32], frag offset 0, frag length: 32, sequence: 0
|<4>| HSK[0x191e450]: parsing finished
|<4>| HSK[0x191e450]: TLS 1.3 set read key with cipher suite: GNUTLS_AES_128_GCM_SHA256
|<5>| REC[0x191e450]: Start of epoch cleanup
|<5>| REC[0x191e450]: Epoch #0 freed
|<5>| REC[0x191e450]: Epoch #1 freed
|<5>| REC[0x191e450]: End of epoch cleanup
- Description: (TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-SHA256)-(AES-128-GCM)
- Session ID: 1E:4E:FF:C7:C9:0D:30:AC:5A:41:64:35:69:CB:EC:3E:A2:E2:C2:44:54:93:65:40:62:09:50:89:31:DE:2E:92
|<3>| ASSERT: server_name.c[gnutls_server_name_get]:235
- Ephemeral EC Diffie-Hellman parameters
- Using curve: SECP256R1
- Curve size: 256 bits
- Version: TLS1.3
- Server Signature: RSA-PSS-SHA256
- Cipher: AES-128-GCM
- MAC: AEAD
|<3>| ASSERT: ocsp-api.c[gnutls_ocsp_status_request_get2]:99
|<3>| ASSERT: ocsp-api.c[gnutls_ocsp_status_request_is_checked]:627
- Options: safe renegotiation,
|<3>| ASSERT: srtp.c[gnutls_srtp_get_selected_profile]:320
|<3>| ASSERT: alpn.c[gnutls_alpn_get_selected_protocol]:255
- Channel binding 'tls-unique':
|<3>| ASSERT: buffers.c[_gnutls_io_read_buffered]:589
|<3>| ASSERT: record.c[_gnutls_recv_int]:1766
|<5>| REC[0x191e450]: SSL 3.3 Application Data packet received. Epoch 2, length: 18
|<5>| REC[0x191e450]: Expected Packet Application Data(23)
|<5>| REC[0x191e450]: Received Packet Application Data(23) with length: 18
|<5>| REC[0x191e450]: Decrypted Packet[0] Handshake(22) with length: 1
|<3>| ASSERT: buffers.c[get_last_packet]:1171
|<3>| ASSERT: buffers.c[_gnutls_parse_record_buffered_msgs]:1302
|<3>| ASSERT: buffers.c[_gnutls_handshake_io_recv_int]:1431
|<3>| ASSERT: handshake-tls13.c[_gnutls13_recv_async_handshake]:612
|<3>| ASSERT: record.c[record_add_to_buffers]:1001
|<3>| ASSERT: record.c[_gnutls_recv_in_buffers]:1567
|<3>| ASSERT: record.c[_gnutls_recv_int]:1766
|<5>| REC[0x191e450]: SSL 3.3 Application Data packet received. Epoch 2, length: 35
|<5>| REC[0x191e450]: Expected Packet Application Data(23)
|<5>| REC[0x191e450]: Received Packet Application Data(23) with length: 35
|<5>| REC[0x191e450]: Decrypted Packet[1] Application Data(23) with length: 18
|<3>| ASSERT: server_name.c[gnutls_server_name_get]:235
|<5>| REC[0x191e450]: Preparing Packet Application Data(23) with length: 685 and min pad: 0
|<5>| REC[0x191e450]: Sent Packet[2] Application Data(23) in epoch 2 and length: 707
|<3>| ASSERT: buffers.c[_gnutls_io_write_flush]:696
|<5>| REC: Sending Alert[1|0] - Close notify
|<5>| REC[0x191e450]: Preparing Packet Alert(21) with length: 2 and min pad: 0
|<5>| REC[0x191e450]: Sent Packet[3] Alert(21) in epoch 2 and length: 24
|<5>| REC[0x191e450]: Start of epoch cleanup
|<5>| REC[0x191e450]: End of epoch cleanup
|<5>| REC[0x191e450]: Epoch #2 freed
|<5>| REC[0x191e450]: Allocating epoch #0
|<2>| added 6 protocols, 43 ciphersuites, 18 sig algos and 9 groups into priority list
* Accepted connection from IPv4 127.0.0.1 port 60570 on Fri Feb 8 16:47:03 2019
|<5>| REC[0x191e450]: Allocating epoch #1
|<3>| ASSERT: buffers.c[get_last_packet]:1171
|<5>| REC[0x191e450]: SSL 3.0 Handshake packet received. Epoch 0, length: 213
|<5>| REC[0x191e450]: Expected Packet Handshake(22)
|<5>| REC[0x191e450]: Received Packet Handshake(22) with length: 213
|<5>| REC[0x191e450]: Decrypted Packet[0] Handshake(22) with length: 213
|<4>| HSK[0x191e450]: CLIENT HELLO (1) was received. Length 209[209], frag offset 0, frag length: 209, sequence: 0
|<4>| HSK[0x191e450]: Client's version: 3.3
|<4>| EXT[0x191e450]: Parsing extension 'Supported Versions/43' (5 bytes)
|<4>| EXT[0x191e450]: Found version: 3.4
|<4>| EXT[0x191e450]: Negotiated version: 3.4
|<4>| EXT[0x191e450]: Parsing extension 'Supported Groups/10' (4 bytes)
|<4>| EXT[0x191e450]: Received group SECP256R1 (0x17)
|<4>| EXT[0x191e450]: Selected group SECP256R1
|<4>| EXT[0x191e450]: Parsing extension 'Signature Algorithms/13' (6 bytes)
|<4>| EXT[0x191e450]: rcvd signature algo (8.4) RSA-PSS-RSAE-SHA256
|<4>| EXT[0x191e450]: rcvd signature algo (8.9) RSA-PSS-SHA256
|<4>| HSK[0x191e450]: Received safe renegotiation CS
|<2>| checking 13.01 (GNUTLS_AES_128_GCM_SHA256) for compatibility
|<3>| ASSERT: server_name.c[gnutls_server_name_get]:235
|<4>| HSK[0x191e450]: Requested server name: ''
|<4>| HSK[0x191e450]: checking compat of GNUTLS_AES_128_GCM_SHA256 with certificate[3] (RSA-PSS/X.509)
|<4>| checking cert compat with RSA-PSS-RSAE-SHA256
|<4>| checking cert compat with RSA-PSS-SHA256
|<4>| Selected signature algorithm: RSA-PSS-SHA256
|<2>| Selected (RSA-PSS) cert based on ciphersuite 13.1: GNUTLS_AES_128_GCM_SHA256
|<4>| HSK[0x191e450]: Selected cipher suite: GNUTLS_AES_128_GCM_SHA256
|<4>| HSK[0x191e450]: Selected version TLS1.3
|<4>| EXT[0x191e450]: Parsing extension 'Key Share/51' (71 bytes)
|<4>| EXT[0x191e450]: Received key share for SECP256R1
|<4>| HSK[0x191e450]: Selected group SECP256R1 (2)
|<2>| EXT[0x191e450]: server generated SECP256R1 shared key
|<4>| HSK[0x191e450]: Safe renegotiation succeeded
|<4>| HSK[0x191e450]: SessionID: 9d27dfb62a0bdf40dd72099ab68d93fb7c475dd608325c7d9f199c24f54f30c9
|<4>| EXT[0x191e450]: Not sending extension (Maximum Record Size/1) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (OCSP Status Request/5) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Client Certificate Type/19) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Server Certificate Type/20) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Supported Groups/10) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Supported EC Point Formats/11) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (SRP/12) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Signature Algorithms/13) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (SRTP/14) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Heartbeat/15) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (ALPN/16) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Encrypt-then-MAC/22) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Extended Master Secret/23) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Session Ticket/35) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Preparing extension (Key Share/51) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: sending key share for SECP256R1
|<4>| EXT[0x191e450]: Sending extension Key Share/51 (69 bytes)
|<4>| EXT[0x191e450]: Preparing extension (Supported Versions/43) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Sending extension Supported Versions/43 (2 bytes)
|<4>| EXT[0x191e450]: Not sending extension (Post Handshake Auth/49) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Safe Renegotiation/65281) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Server Name Indication/0) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Cookie/44) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Early Data/42) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Preparing extension (PSK Key Exchange Modes/45) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Record Size Limit/28) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (ClientHello Padding/21) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Preparing extension (Pre Shared Key/41) for 'TLS 1.3 server hello'
|<4>| HSK[0x191e450]: SERVER HELLO was queued [155 bytes]
|<5>| REC[0x191e450]: Preparing Packet Handshake(22) with length: 155 and min pad: 0
|<5>| REC[0x191e450]: Sent Packet[1] Handshake(22) in epoch 0 and length: 160
|<5>| REC[0x191e450]: Preparing Packet ChangeCipherSpec(20) with length: 1 and min pad: 0
|<5>| REC[0x191e450]: Sent Packet[2] ChangeCipherSpec(20) in epoch 0 and length: 6
|<4>| REC[0x191e450]: Sent ChangeCipherSpec
|<5>| REC[0x191e450]: Initializing epoch #1
|<5>| REC[0x191e450]: Epoch #1 ready
|<4>| HSK[0x191e450]: TLS 1.3 re-key with cipher suite: GNUTLS_AES_128_GCM_SHA256
|<4>| EXT[0x191e450]: Preparing extension (Maximum Record Size/1) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (OCSP Status Request/5) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Preparing extension (Client Certificate Type/19) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Preparing extension (Server Certificate Type/20) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Preparing extension (Supported Groups/10) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (Supported EC Point Formats/11) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (SRP/12) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (Signature Algorithms/13) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Preparing extension (SRTP/14) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Preparing extension (Heartbeat/15) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Preparing extension (ALPN/16) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (Encrypt-then-MAC/22) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (Extended Master Secret/23) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (Session Ticket/35) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (Key Share/51) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (Supported Versions/43) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (Post Handshake Auth/49) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (Safe Renegotiation/65281) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Preparing extension (Server Name Indication/0) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (Cookie/44) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Preparing extension (Early Data/42) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (PSK Key Exchange Modes/45) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Preparing extension (Record Size Limit/28) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (ClientHello Padding/21) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (Pre Shared Key/41) for 'encrypted extensions'
|<4>| HSK[0x191e450]: ENCRYPTED EXTENSIONS was queued [6 bytes]
|<4>| HSK[0x191e450]: CERTIFICATE was queued [874 bytes]
|<4>| checking cert compat with RSA-PSS-RSAE-SHA256
|<4>| checking cert compat with RSA-PSS-SHA256
|<4>| HSK[0x191e450]: signing TLS 1.3 handshake data: using RSA-PSS-SHA256 and PRF: SHA256
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<4>| HSK[0x191e450]: CERTIFICATE VERIFY was queued [264 bytes]
|<4>| HSK[0x191e450]: sending finished
|<4>| HSK[0x191e450]: FINISHED was queued [36 bytes]
|<5>| REC[0x191e450]: Preparing Packet Handshake(22) with length: 6 and min pad: 0
|<5>| REC[0x191e450]: Sent Packet[1] Handshake(22) in epoch 1 and length: 28
|<5>| REC[0x191e450]: Preparing Packet Handshake(22) with length: 874 and min pad: 0
|<5>| REC[0x191e450]: Sent Packet[2] Handshake(22) in epoch 1 and length: 896
|<5>| REC[0x191e450]: Preparing Packet Handshake(22) with length: 264 and min pad: 0
|<5>| REC[0x191e450]: Sent Packet[3] Handshake(22) in epoch 1 and length: 286
|<5>| REC[0x191e450]: Preparing Packet Handshake(22) with length: 36 and min pad: 0
|<5>| REC[0x191e450]: Sent Packet[4] Handshake(22) in epoch 1 and length: 58
|<3>| ASSERT: constate.c[_gnutls_epoch_get]:901
|<5>| REC[0x191e450]: Allocating epoch #2
|<4>| HSK[0x191e450]: unauthenticated session eligible for early start
|<5>| REC[0x191e450]: Initializing epoch #2
|<5>| REC[0x191e450]: Epoch #2 ready
|<4>| HSK[0x191e450]: TLS 1.3 set write key with cipher suite: GNUTLS_AES_128_GCM_SHA256
|<4>| HSK[0x191e450]: switching early to application traffic keys
|<4>| HSK[0x191e450]: NEW SESSION TICKET was queued [235 bytes]
|<5>| REC[0x191e450]: Preparing Packet Handshake(22) with length: 235 and min pad: 0
|<5>| REC[0x191e450]: Sent Packet[1] Handshake(22) in epoch 2 and length: 257
|<3>| ASSERT: buffers.c[get_last_packet]:1171
|<5>| REC[0x191e450]: SSL 3.3 Application Data packet received. Epoch 1, length: 53
|<5>| REC[0x191e450]: Expected Packet Handshake(22)
|<5>| REC[0x191e450]: Received Packet Application Data(23) with length: 53
|<5>| REC[0x191e450]: Decrypted Packet[0] Handshake(22) with length: 36
|<4>| HSK[0x191e450]: FINISHED (20) was received. Length 32[32], frag offset 0, frag length: 32, sequence: 0
|<4>| HSK[0x191e450]: parsing finished
|<4>| HSK[0x191e450]: TLS 1.3 set read key with cipher suite: GNUTLS_AES_128_GCM_SHA256
|<5>| REC[0x191e450]: Start of epoch cleanup
|<5>| REC[0x191e450]: Epoch #0 freed
|<5>| REC[0x191e450]: Epoch #1 freed
|<5>| REC[0x191e450]: End of epoch cleanup
- Description: (TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-SHA256)-(AES-128-GCM)
- Session ID: 12:7C:63:02:D4:7C:D1:32:4C:4F:FA:83:F8:DE:6F:F7:4A:A2:DB:FD:FF:0C:DB:6E:BB:3E:1F:74:88:50:AA:BE
|<3>| ASSERT: server_name.c[gnutls_server_name_get]:235
- Ephemeral EC Diffie-Hellman parameters
- Using curve: SECP256R1
- Curve size: 256 bits
- Version: TLS1.3
- Server Signature: RSA-PSS-SHA256
- Cipher: AES-128-GCM
- MAC: AEAD
|<3>| ASSERT: ocsp-api.c[gnutls_ocsp_status_request_get2]:99
|<3>| ASSERT: ocsp-api.c[gnutls_ocsp_status_request_is_checked]:627
- Options: safe renegotiation,
|<3>| ASSERT: srtp.c[gnutls_srtp_get_selected_profile]:320
|<3>| ASSERT: alpn.c[gnutls_alpn_get_selected_protocol]:255
- Channel binding 'tls-unique':
|<3>| ASSERT: buffers.c[_gnutls_io_read_buffered]:589
|<3>| ASSERT: record.c[_gnutls_recv_int]:1766
|<5>| REC[0x191e450]: SSL 3.3 Application Data packet received. Epoch 2, length: 20
|<5>| REC[0x191e450]: Expected Packet Application Data(23)
|<5>| REC[0x191e450]: Received Packet Application Data(23) with length: 20
|<5>| REC[0x191e450]: Decrypted Packet[0] Application Data(23) with length: 3
|<5>| REC[0x191e450]: SSL 3.3 Application Data packet received. Epoch 2, length: 22
|<5>| REC[0x191e450]: Expected Packet Application Data(23)
|<5>| REC[0x191e450]: Received Packet Application Data(23) with length: 22
|<5>| REC[0x191e450]: Decrypted Packet[1] Handshake(22) with length: 5
|<3>| ASSERT: buffers.c[get_last_packet]:1171
|<4>| HSK[0x191e450]: KEY_UPDATE (24) was received. Length 1[1], frag offset 0, frag length: 1, sequence: 0
|<3>| ASSERT: buffers.c[_gnutls_handshake_io_recv_int]:1431
|<5>| REC[0x191e450]: Start of epoch cleanup
|<5>| REC[0x191e450]: End of epoch cleanup
|<4>| HSK[0x191e450]: received TLS 1.3 key update (1)
|<3>| ASSERT: constate.c[_gnutls_epoch_get]:901
|<5>| REC[0x191e450]: Allocating epoch #4
|<5>| REC[0x191e450]: Initializing epoch #4
|<5>| REC[0x191e450]: Epoch #4 ready
|<4>| HSK[0x191e450]: TLS 1.3 re-key with cipher suite: GNUTLS_AES_128_GCM_SHA256
|<3>| ASSERT: record.c[_gnutls_recv_in_buffers]:1567
|<3>| ASSERT: record.c[_gnutls_recv_int]:1766
|<3>| ASSERT: buffers.c[_gnutls_io_read_buffered]:593
|<3>| ASSERT: record.c[recv_headers]:1170
|<3>| ASSERT: record.c[_gnutls_recv_in_buffers]:1301
|<3>| ASSERT: record.c[_gnutls_recv_int]:1766
Error while receiving data
|<5>| REC: Sending Alert[2|10] - Unexpected message
|<5>| REC[0x191e450]: Preparing Packet Alert(21) with length: 2 and min pad: 0
|<5>| REC[0x191e450]: Sent Packet[2] Alert(21) in epoch 4 and length: 24
Error: The TLS connection was non-properly terminated.
|<5>| REC[0x191e450]: Start of epoch cleanup
|<5>| REC[0x191e450]: Epoch #2 freed
|<5>| REC[0x191e450]: End of epoch cleanup
|<5>| REC[0x191e450]: Epoch #4 freed
|<5>| REC[0x191e450]: Allocating epoch #0
|<2>| added 6 protocols, 43 ciphersuites, 18 sig algos and 9 groups into priority list
* Accepted connection from IPv4 127.0.0.1 port 60572 on Fri Feb 8 16:47:09 2019
|<5>| REC[0x191e450]: Allocating epoch #1
|<3>| ASSERT: buffers.c[get_last_packet]:1171
|<5>| REC[0x191e450]: SSL 3.0 Handshake packet received. Epoch 0, length: 213
|<5>| REC[0x191e450]: Expected Packet Handshake(22)
|<5>| REC[0x191e450]: Received Packet Handshake(22) with length: 213
|<5>| REC[0x191e450]: Decrypted Packet[0] Handshake(22) with length: 213
|<4>| HSK[0x191e450]: CLIENT HELLO (1) was received. Length 209[209], frag offset 0, frag length: 209, sequence: 0
|<4>| HSK[0x191e450]: Client's version: 3.3
|<4>| EXT[0x191e450]: Parsing extension 'Supported Versions/43' (5 bytes)
|<4>| EXT[0x191e450]: Found version: 3.4
|<4>| EXT[0x191e450]: Negotiated version: 3.4
|<4>| EXT[0x191e450]: Parsing extension 'Supported Groups/10' (4 bytes)
|<4>| EXT[0x191e450]: Received group SECP256R1 (0x17)
|<4>| EXT[0x191e450]: Selected group SECP256R1
|<4>| EXT[0x191e450]: Parsing extension 'Signature Algorithms/13' (6 bytes)
|<4>| EXT[0x191e450]: rcvd signature algo (8.4) RSA-PSS-RSAE-SHA256
|<4>| EXT[0x191e450]: rcvd signature algo (8.9) RSA-PSS-SHA256
|<4>| HSK[0x191e450]: Received safe renegotiation CS
|<2>| checking 13.01 (GNUTLS_AES_128_GCM_SHA256) for compatibility
|<3>| ASSERT: server_name.c[gnutls_server_name_get]:235
|<4>| HSK[0x191e450]: Requested server name: ''
|<4>| HSK[0x191e450]: checking compat of GNUTLS_AES_128_GCM_SHA256 with certificate[3] (RSA-PSS/X.509)
|<4>| checking cert compat with RSA-PSS-RSAE-SHA256
|<4>| checking cert compat with RSA-PSS-SHA256
|<4>| Selected signature algorithm: RSA-PSS-SHA256
|<2>| Selected (RSA-PSS) cert based on ciphersuite 13.1: GNUTLS_AES_128_GCM_SHA256
|<4>| HSK[0x191e450]: Selected cipher suite: GNUTLS_AES_128_GCM_SHA256
|<4>| HSK[0x191e450]: Selected version TLS1.3
|<4>| EXT[0x191e450]: Parsing extension 'Key Share/51' (71 bytes)
|<4>| EXT[0x191e450]: Received key share for SECP256R1
|<4>| HSK[0x191e450]: Selected group SECP256R1 (2)
|<2>| EXT[0x191e450]: server generated SECP256R1 shared key
|<4>| HSK[0x191e450]: Safe renegotiation succeeded
|<4>| HSK[0x191e450]: SessionID: 6843edff1bf5ba6ce8fc3ccb69058c144000bba64aec377e3f2a501502aebf82
|<4>| EXT[0x191e450]: Not sending extension (Maximum Record Size/1) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (OCSP Status Request/5) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Client Certificate Type/19) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Server Certificate Type/20) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Supported Groups/10) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Supported EC Point Formats/11) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (SRP/12) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Signature Algorithms/13) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (SRTP/14) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Heartbeat/15) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (ALPN/16) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Encrypt-then-MAC/22) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Extended Master Secret/23) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Session Ticket/35) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Preparing extension (Key Share/51) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: sending key share for SECP256R1
|<4>| EXT[0x191e450]: Sending extension Key Share/51 (69 bytes)
|<4>| EXT[0x191e450]: Preparing extension (Supported Versions/43) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Sending extension Supported Versions/43 (2 bytes)
|<4>| EXT[0x191e450]: Not sending extension (Post Handshake Auth/49) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Safe Renegotiation/65281) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Server Name Indication/0) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Cookie/44) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Early Data/42) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Preparing extension (PSK Key Exchange Modes/45) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Record Size Limit/28) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (ClientHello Padding/21) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Preparing extension (Pre Shared Key/41) for 'TLS 1.3 server hello'
|<4>| HSK[0x191e450]: SERVER HELLO was queued [155 bytes]
|<5>| REC[0x191e450]: Preparing Packet Handshake(22) with length: 155 and min pad: 0
|<5>| REC[0x191e450]: Sent Packet[1] Handshake(22) in epoch 0 and length: 160
|<5>| REC[0x191e450]: Preparing Packet ChangeCipherSpec(20) with length: 1 and min pad: 0
|<5>| REC[0x191e450]: Sent Packet[2] ChangeCipherSpec(20) in epoch 0 and length: 6
|<4>| REC[0x191e450]: Sent ChangeCipherSpec
|<5>| REC[0x191e450]: Initializing epoch #1
|<5>| REC[0x191e450]: Epoch #1 ready
|<4>| HSK[0x191e450]: TLS 1.3 re-key with cipher suite: GNUTLS_AES_128_GCM_SHA256
|<4>| EXT[0x191e450]: Preparing extension (Maximum Record Size/1) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (OCSP Status Request/5) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Preparing extension (Client Certificate Type/19) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Preparing extension (Server Certificate Type/20) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Preparing extension (Supported Groups/10) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (Supported EC Point Formats/11) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (SRP/12) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (Signature Algorithms/13) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Preparing extension (SRTP/14) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Preparing extension (Heartbeat/15) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Preparing extension (ALPN/16) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (Encrypt-then-MAC/22) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (Extended Master Secret/23) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (Session Ticket/35) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (Key Share/51) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (Supported Versions/43) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (Post Handshake Auth/49) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (Safe Renegotiation/65281) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Preparing extension (Server Name Indication/0) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (Cookie/44) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Preparing extension (Early Data/42) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (PSK Key Exchange Modes/45) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Preparing extension (Record Size Limit/28) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (ClientHello Padding/21) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (Pre Shared Key/41) for 'encrypted extensions'
|<4>| HSK[0x191e450]: ENCRYPTED EXTENSIONS was queued [6 bytes]
|<4>| HSK[0x191e450]: CERTIFICATE was queued [874 bytes]
|<4>| checking cert compat with RSA-PSS-RSAE-SHA256
|<4>| checking cert compat with RSA-PSS-SHA256
|<4>| HSK[0x191e450]: signing TLS 1.3 handshake data: using RSA-PSS-SHA256 and PRF: SHA256
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<4>| HSK[0x191e450]: CERTIFICATE VERIFY was queued [264 bytes]
|<4>| HSK[0x191e450]: sending finished
|<4>| HSK[0x191e450]: FINISHED was queued [36 bytes]
|<5>| REC[0x191e450]: Preparing Packet Handshake(22) with length: 6 and min pad: 0
|<5>| REC[0x191e450]: Sent Packet[1] Handshake(22) in epoch 1 and length: 28
|<5>| REC[0x191e450]: Preparing Packet Handshake(22) with length: 874 and min pad: 0
|<5>| REC[0x191e450]: Sent Packet[2] Handshake(22) in epoch 1 and length: 896
|<5>| REC[0x191e450]: Preparing Packet Handshake(22) with length: 264 and min pad: 0
|<5>| REC[0x191e450]: Sent Packet[3] Handshake(22) in epoch 1 and length: 286
|<5>| REC[0x191e450]: Preparing Packet Handshake(22) with length: 36 and min pad: 0
|<5>| REC[0x191e450]: Sent Packet[4] Handshake(22) in epoch 1 and length: 58
|<3>| ASSERT: constate.c[_gnutls_epoch_get]:901
|<5>| REC[0x191e450]: Allocating epoch #2
|<4>| HSK[0x191e450]: unauthenticated session eligible for early start
|<5>| REC[0x191e450]: Initializing epoch #2
|<5>| REC[0x191e450]: Epoch #2 ready
|<4>| HSK[0x191e450]: TLS 1.3 set write key with cipher suite: GNUTLS_AES_128_GCM_SHA256
|<4>| HSK[0x191e450]: switching early to application traffic keys
|<4>| HSK[0x191e450]: NEW SESSION TICKET was queued [235 bytes]
|<5>| REC[0x191e450]: Preparing Packet Handshake(22) with length: 235 and min pad: 0
|<5>| REC[0x191e450]: Sent Packet[1] Handshake(22) in epoch 2 and length: 257
|<3>| ASSERT: buffers.c[get_last_packet]:1171
|<5>| REC[0x191e450]: SSL 3.3 Application Data packet received. Epoch 1, length: 53
|<5>| REC[0x191e450]: Expected Packet Handshake(22)
|<5>| REC[0x191e450]: Received Packet Application Data(23) with length: 53
|<5>| REC[0x191e450]: Decrypted Packet[0] Handshake(22) with length: 36
|<4>| HSK[0x191e450]: FINISHED (20) was received. Length 32[32], frag offset 0, frag length: 32, sequence: 0
|<4>| HSK[0x191e450]: parsing finished
|<4>| HSK[0x191e450]: TLS 1.3 set read key with cipher suite: GNUTLS_AES_128_GCM_SHA256
|<5>| REC[0x191e450]: Start of epoch cleanup
|<5>| REC[0x191e450]: Epoch #0 freed
|<5>| REC[0x191e450]: Epoch #1 freed
|<5>| REC[0x191e450]: End of epoch cleanup
- Description: (TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-SHA256)-(AES-128-GCM)
- Session ID: F8:80:5D:A6:A0:BE:BD:A3:EA:54:6C:16:AF:F9:C8:32:06:3A:6F:20:3E:D3:AF:8D:53:48:46:18:57:C1:8E:55
|<3>| ASSERT: server_name.c[gnutls_server_name_get]:235
- Ephemeral EC Diffie-Hellman parameters
- Using curve: SECP256R1
- Curve size: 256 bits
- Version: TLS1.3
- Server Signature: RSA-PSS-SHA256
- Cipher: AES-128-GCM
- MAC: AEAD
|<3>| ASSERT: ocsp-api.c[gnutls_ocsp_status_request_get2]:99
|<3>| ASSERT: ocsp-api.c[gnutls_ocsp_status_request_is_checked]:627
- Options: safe renegotiation,
|<3>| ASSERT: srtp.c[gnutls_srtp_get_selected_profile]:320
|<3>| ASSERT: alpn.c[gnutls_alpn_get_selected_protocol]:255
- Channel binding 'tls-unique':
|<3>| ASSERT: buffers.c[_gnutls_io_read_buffered]:589
|<3>| ASSERT: record.c[_gnutls_recv_int]:1766
|<5>| REC[0x191e450]: SSL 3.3 Application Data packet received. Epoch 2, length: 20
|<5>| REC[0x191e450]: Expected Packet Application Data(23)
|<5>| REC[0x191e450]: Received Packet Application Data(23) with length: 20
|<5>| REC[0x191e450]: Decrypted Packet[0] Handshake(22) with length: 3
|<3>| ASSERT: buffers.c[get_last_packet]:1171
|<3>| ASSERT: buffers.c[_gnutls_parse_record_buffered_msgs]:1302
|<3>| ASSERT: buffers.c[_gnutls_handshake_io_recv_int]:1431
|<3>| ASSERT: handshake-tls13.c[_gnutls13_recv_async_handshake]:612
|<3>| ASSERT: record.c[record_add_to_buffers]:1001
|<3>| ASSERT: record.c[_gnutls_recv_in_buffers]:1567
|<3>| ASSERT: record.c[_gnutls_recv_int]:1766
|<5>| REC[0x191e450]: SSL 3.3 Application Data packet received. Epoch 2, length: 35
|<5>| REC[0x191e450]: Expected Packet Application Data(23)
|<5>| REC[0x191e450]: Received Packet Application Data(23) with length: 35
|<5>| REC[0x191e450]: Decrypted Packet[1] Application Data(23) with length: 18
|<3>| ASSERT: server_name.c[gnutls_server_name_get]:235
|<5>| REC[0x191e450]: Preparing Packet Application Data(23) with length: 685 and min pad: 0
|<5>| REC[0x191e450]: Sent Packet[2] Application Data(23) in epoch 2 and length: 707
|<3>| ASSERT: buffers.c[_gnutls_io_write_flush]:696
|<5>| REC: Sending Alert[1|0] - Close notify
|<5>| REC[0x191e450]: Preparing Packet Alert(21) with length: 2 and min pad: 0
|<5>| REC[0x191e450]: Sent Packet[3] Alert(21) in epoch 2 and length: 24
|<5>| REC[0x191e450]: Start of epoch cleanup
|<5>| REC[0x191e450]: End of epoch cleanup
|<5>| REC[0x191e450]: Epoch #2 freed
|<5>| REC[0x191e450]: Allocating epoch #0
|<2>| added 6 protocols, 43 ciphersuites, 18 sig algos and 9 groups into priority list
* Accepted connection from IPv4 127.0.0.1 port 60574 on Fri Feb 8 16:47:09 2019
|<5>| REC[0x191e450]: Allocating epoch #1
|<3>| ASSERT: buffers.c[get_last_packet]:1171
|<5>| REC[0x191e450]: SSL 3.0 Handshake packet received. Epoch 0, length: 213
|<5>| REC[0x191e450]: Expected Packet Handshake(22)
|<5>| REC[0x191e450]: Received Packet Handshake(22) with length: 213
|<5>| REC[0x191e450]: Decrypted Packet[0] Handshake(22) with length: 213
|<4>| HSK[0x191e450]: CLIENT HELLO (1) was received. Length 209[209], frag offset 0, frag length: 209, sequence: 0
|<4>| HSK[0x191e450]: Client's version: 3.3
|<4>| EXT[0x191e450]: Parsing extension 'Supported Versions/43' (5 bytes)
|<4>| EXT[0x191e450]: Found version: 3.4
|<4>| EXT[0x191e450]: Negotiated version: 3.4
|<4>| EXT[0x191e450]: Parsing extension 'Supported Groups/10' (4 bytes)
|<4>| EXT[0x191e450]: Received group SECP256R1 (0x17)
|<4>| EXT[0x191e450]: Selected group SECP256R1
|<4>| EXT[0x191e450]: Parsing extension 'Signature Algorithms/13' (6 bytes)
|<4>| EXT[0x191e450]: rcvd signature algo (8.4) RSA-PSS-RSAE-SHA256
|<4>| EXT[0x191e450]: rcvd signature algo (8.9) RSA-PSS-SHA256
|<4>| HSK[0x191e450]: Received safe renegotiation CS
|<2>| checking 13.01 (GNUTLS_AES_128_GCM_SHA256) for compatibility
|<3>| ASSERT: server_name.c[gnutls_server_name_get]:235
|<4>| HSK[0x191e450]: Requested server name: ''
|<4>| HSK[0x191e450]: checking compat of GNUTLS_AES_128_GCM_SHA256 with certificate[3] (RSA-PSS/X.509)
|<4>| checking cert compat with RSA-PSS-RSAE-SHA256
|<4>| checking cert compat with RSA-PSS-SHA256
|<4>| Selected signature algorithm: RSA-PSS-SHA256
|<2>| Selected (RSA-PSS) cert based on ciphersuite 13.1: GNUTLS_AES_128_GCM_SHA256
|<4>| HSK[0x191e450]: Selected cipher suite: GNUTLS_AES_128_GCM_SHA256
|<4>| HSK[0x191e450]: Selected version TLS1.3
|<4>| EXT[0x191e450]: Parsing extension 'Key Share/51' (71 bytes)
|<4>| EXT[0x191e450]: Received key share for SECP256R1
|<4>| HSK[0x191e450]: Selected group SECP256R1 (2)
|<2>| EXT[0x191e450]: server generated SECP256R1 shared key
|<4>| HSK[0x191e450]: Safe renegotiation succeeded
|<4>| HSK[0x191e450]: SessionID: db3277b11a382a61a122d612616926855a53bbf82d75dd4399b23af179ae7759
|<4>| EXT[0x191e450]: Not sending extension (Maximum Record Size/1) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (OCSP Status Request/5) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Client Certificate Type/19) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Server Certificate Type/20) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Supported Groups/10) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Supported EC Point Formats/11) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (SRP/12) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Signature Algorithms/13) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (SRTP/14) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Heartbeat/15) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (ALPN/16) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Encrypt-then-MAC/22) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Extended Master Secret/23) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Session Ticket/35) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Preparing extension (Key Share/51) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: sending key share for SECP256R1
|<4>| EXT[0x191e450]: Sending extension Key Share/51 (69 bytes)
|<4>| EXT[0x191e450]: Preparing extension (Supported Versions/43) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Sending extension Supported Versions/43 (2 bytes)
|<4>| EXT[0x191e450]: Not sending extension (Post Handshake Auth/49) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Safe Renegotiation/65281) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Server Name Indication/0) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Cookie/44) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Early Data/42) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Preparing extension (PSK Key Exchange Modes/45) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (Record Size Limit/28) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Not sending extension (ClientHello Padding/21) for 'TLS 1.3 server hello'
|<4>| EXT[0x191e450]: Preparing extension (Pre Shared Key/41) for 'TLS 1.3 server hello'
|<4>| HSK[0x191e450]: SERVER HELLO was queued [155 bytes]
|<5>| REC[0x191e450]: Preparing Packet Handshake(22) with length: 155 and min pad: 0
|<5>| REC[0x191e450]: Sent Packet[1] Handshake(22) in epoch 0 and length: 160
|<5>| REC[0x191e450]: Preparing Packet ChangeCipherSpec(20) with length: 1 and min pad: 0
|<5>| REC[0x191e450]: Sent Packet[2] ChangeCipherSpec(20) in epoch 0 and length: 6
|<4>| REC[0x191e450]: Sent ChangeCipherSpec
|<5>| REC[0x191e450]: Initializing epoch #1
|<5>| REC[0x191e450]: Epoch #1 ready
|<4>| HSK[0x191e450]: TLS 1.3 re-key with cipher suite: GNUTLS_AES_128_GCM_SHA256
|<4>| EXT[0x191e450]: Preparing extension (Maximum Record Size/1) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (OCSP Status Request/5) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Preparing extension (Client Certificate Type/19) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Preparing extension (Server Certificate Type/20) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Preparing extension (Supported Groups/10) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (Supported EC Point Formats/11) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (SRP/12) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (Signature Algorithms/13) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Preparing extension (SRTP/14) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Preparing extension (Heartbeat/15) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Preparing extension (ALPN/16) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (Encrypt-then-MAC/22) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (Extended Master Secret/23) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (Session Ticket/35) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (Key Share/51) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (Supported Versions/43) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (Post Handshake Auth/49) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (Safe Renegotiation/65281) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Preparing extension (Server Name Indication/0) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (Cookie/44) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Preparing extension (Early Data/42) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (PSK Key Exchange Modes/45) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Preparing extension (Record Size Limit/28) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (ClientHello Padding/21) for 'encrypted extensions'
|<4>| EXT[0x191e450]: Not sending extension (Pre Shared Key/41) for 'encrypted extensions'
|<4>| HSK[0x191e450]: ENCRYPTED EXTENSIONS was queued [6 bytes]
|<4>| HSK[0x191e450]: CERTIFICATE was queued [874 bytes]
|<4>| checking cert compat with RSA-PSS-RSAE-SHA256
|<4>| checking cert compat with RSA-PSS-SHA256
|<4>| HSK[0x191e450]: signing TLS 1.3 handshake data: using RSA-PSS-SHA256 and PRF: SHA256
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<4>| HSK[0x191e450]: CERTIFICATE VERIFY was queued [264 bytes]
|<4>| HSK[0x191e450]: sending finished
|<4>| HSK[0x191e450]: FINISHED was queued [36 bytes]
|<5>| REC[0x191e450]: Preparing Packet Handshake(22) with length: 6 and min pad: 0
|<5>| REC[0x191e450]: Sent Packet[1] Handshake(22) in epoch 1 and length: 28
|<5>| REC[0x191e450]: Preparing Packet Handshake(22) with length: 874 and min pad: 0
|<5>| REC[0x191e450]: Sent Packet[2] Handshake(22) in epoch 1 and length: 896
|<5>| REC[0x191e450]: Preparing Packet Handshake(22) with length: 264 and min pad: 0
|<5>| REC[0x191e450]: Sent Packet[3] Handshake(22) in epoch 1 and length: 286
|<5>| REC[0x191e450]: Preparing Packet Handshake(22) with length: 36 and min pad: 0
|<5>| REC[0x191e450]: Sent Packet[4] Handshake(22) in epoch 1 and length: 58
|<3>| ASSERT: constate.c[_gnutls_epoch_get]:901
|<5>| REC[0x191e450]: Allocating epoch #2
|<4>| HSK[0x191e450]: unauthenticated session eligible for early start
|<5>| REC[0x191e450]: Initializing epoch #2
|<5>| REC[0x191e450]: Epoch #2 ready
|<4>| HSK[0x191e450]: TLS 1.3 set write key with cipher suite: GNUTLS_AES_128_GCM_SHA256
|<4>| HSK[0x191e450]: switching early to application traffic keys
|<4>| HSK[0x191e450]: NEW SESSION TICKET was queued [235 bytes]
|<5>| REC[0x191e450]: Preparing Packet Handshake(22) with length: 235 and min pad: 0
|<5>| REC[0x191e450]: Sent Packet[1] Handshake(22) in epoch 2 and length: 257
|<3>| ASSERT: buffers.c[get_last_packet]:1171
|<5>| REC[0x191e450]: SSL 3.3 Application Data packet received. Epoch 1, length: 53
|<5>| REC[0x191e450]: Expected Packet Handshake(22)
|<5>| REC[0x191e450]: Received Packet Application Data(23) with length: 53
|<5>| REC[0x191e450]: Decrypted Packet[0] Handshake(22) with length: 36
|<4>| HSK[0x191e450]: FINISHED (20) was received. Length 32[32], frag offset 0, frag length: 32, sequence: 0
|<4>| HSK[0x191e450]: parsing finished
|<4>| HSK[0x191e450]: TLS 1.3 set read key with cipher suite: GNUTLS_AES_128_GCM_SHA256
|<5>| REC[0x191e450]: Start of epoch cleanup
|<5>| REC[0x191e450]: Epoch #0 freed
|<5>| REC[0x191e450]: Epoch #1 freed
|<5>| REC[0x191e450]: End of epoch cleanup
- Description: (TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-SHA256)-(AES-128-GCM)
- Session ID: 66:BB:A8:A3:65:C6:07:76:2C:54:91:11:D4:FF:A6:51:0B:78:63:A8:93:72:8F:1F:7E:F0:95:0F:DC:3D:D0:D5
|<3>| ASSERT: server_name.c[gnutls_server_name_get]:235
- Ephemeral EC Diffie-Hellman parameters
- Using curve: SECP256R1
- Curve size: 256 bits
- Version: TLS1.3
- Server Signature: RSA-PSS-SHA256
- Cipher: AES-128-GCM
- MAC: AEAD
|<3>| ASSERT: ocsp-api.c[gnutls_ocsp_status_request_get2]:99
|<3>| ASSERT: ocsp-api.c[gnutls_ocsp_status_request_is_checked]:627
- Options: safe renegotiation,
|<3>| ASSERT: srtp.c[gnutls_srtp_get_selected_profile]:320
|<3>| ASSERT: alpn.c[gnutls_alpn_get_selected_protocol]:255
- Channel binding 'tls-unique':
|<3>| ASSERT: buffers.c[_gnutls_io_read_buffered]:589
|<3>| ASSERT: record.c[_gnutls_recv_int]:1766
|<5>| REC[0x191e450]: SSL 3.3 Application Data packet received. Epoch 2, length: 19
|<5>| REC[0x191e450]: Expected Packet Application Data(23)
|<5>| REC[0x191e450]: Received Packet Application Data(23) with length: 19
|<5>| REC[0x191e450]: Decrypted Packet[0] Handshake(22) with length: 2
|<3>| ASSERT: buffers.c[get_last_packet]:1171
|<3>| ASSERT: buffers.c[_gnutls_parse_record_buffered_msgs]:1302
|<3>| ASSERT: buffers.c[_gnutls_handshake_io_recv_int]:1431
|<3>| ASSERT: handshake-tls13.c[_gnutls13_recv_async_handshake]:612
|<3>| ASSERT: record.c[record_add_to_buffers]:1001
|<3>| ASSERT: record.c[_gnutls_recv_in_buffers]:1567
|<3>| ASSERT: record.c[_gnutls_recv_int]:1766
|<5>| REC[0x191e450]: SSL 3.3 Application Data packet received. Epoch 2, length: 35
|<5>| REC[0x191e450]: Expected Packet Application Data(23)
|<5>| REC[0x191e450]: Received Packet Application Data(23) with length: 35
|<5>| REC[0x191e450]: Decrypted Packet[1] Application Data(23) with length: 18
|<3>| ASSERT: server_name.c[gnutls_server_name_get]:235
|<5>| REC[0x191e450]: Preparing Packet Application Data(23) with length: 685 and min pad: 0
|<5>| REC[0x191e450]: Sent Packet[2] Application Data(23) in epoch 2 and length: 707
|<3>| ASSERT: buffers.c[_gnutls_io_write_flush]:696
|<5>| REC: Sending Alert[1|0] - Close notify
|<5>| REC[0x191e450]: Preparing Packet Alert(21) with length: 2 and min pad: 0
|<5>| REC[0x191e450]: Sent Packet[3] Alert(21) in epoch 2 and length: 24
|<5>| REC[0x191e450]: Start of epoch cleanup
|<5>| REC[0x191e450]: End of epoch cleanup
|<5>| REC[0x191e450]: Epoch #2 freed
Expected results:
all tests from the script passing