GnuTLS is intolerant to 0-RTT handshake
Description of problem:
GnuTLS server is unable to process a ClientHello together with 0-RTT data correctly, it aborts the connection.
Version of gnutls used:
Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
Manual compile on Fedora 27
How reproducible:
Steps to Reproduce:
- compile gnutls
./gnutls-http-serv --priority NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:+DHE-PSK:+PSK -p 4433 -a -d 6
- checkout 0rtt-garbage-resumption branch from tlsfuzzer (https://github.com/tomato42/tlsfuzzer/pull/423)
PYTHONPATH=. python scripts/test-tls13-0rtt-garbage.py
Actual results:
tlsfuzzer output
Error encountered while processing node <tlsfuzzer.messages.ApplicationDataGenerator object at 0x7f0c3af4f510> (child: <tlsfuzzer.expect.ExpectNewSessionTicket object at 0x7f0c3af4f550>) with last message being: <tlslite.messages.ApplicationData object at 0x7f0c3af4fed0>
Error while processing
Traceback (most recent call last):
File "scripts/test-tls13-0rtt-garbage.py", line 262, in main
runner.run()
File "/home/hkario/dev/tlsfuzzer/tlsfuzzer/runner.py", line 237, in run
raise AssertionError("Unexpected closure from peer")
AssertionError: Unexpected closure from peer
sanity ...
OK
Basic check if TLS 1.3 server can handle 0-RTT handshake
Verify that the server can handle a 0-RTT handshake from client
even if (or rather, especially if) it doesn't support 0-RTT.
version: 1
Test end
successful: 3
failed: 1
'handshake with invalid 0-RTT'
gnutls output
Processed 1 CA certificate(s).
|<3>| ASSERT: x509_ext.c[gnutls_subject_alt_names_get]:110
|<3>| ASSERT: x509.c[get_alt_name]:1812
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<3>| ASSERT: x509_ext.c[gnutls_subject_alt_names_get]:110
|<3>| ASSERT: x509.c[get_alt_name]:1812
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<3>| ASSERT: x509_ext.c[gnutls_subject_alt_names_get]:110
|<3>| ASSERT: x509.c[get_alt_name]:1812
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<3>| ASSERT: x509_ext.c[gnutls_subject_alt_names_get]:110
|<3>| ASSERT: x509.c[get_alt_name]:1812
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<3>| ASSERT: attributes.c[_x509_parse_attribute]:103
|<3>| ASSERT: attributes.c[_x509_parse_attribute]:174
|<3>| ASSERT: x509_ext.c[gnutls_subject_alt_names_get]:110
|<3>| ASSERT: x509.c[get_alt_name]:1812
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
HTTP Server listening on IPv4 0.0.0.0 port 4433...done
HTTP Server listening on IPv6 :: port 4433...done
|<5>| REC[0x1614570]: Allocating epoch #0
|<2>| added 43 ciphersuites, 18 sig algos and 8 groups into priority list
* Accepted connection from IPv4 127.0.0.1 port 57292 on Wed Jul 4 13:57:32 2018
|<5>| REC[0x1614570]: Allocating epoch #1
|<3>| ASSERT: buffers.c[get_last_packet]:1169
|<5>| REC[0x1614570]: SSL 3.0 Handshake packet received. Epoch 0, length: 183
|<5>| REC[0x1614570]: Expected Packet Handshake(22)
|<5>| REC[0x1614570]: Received Packet Handshake(22) with length: 183
|<5>| REC[0x1614570]: Decrypted Packet[0] Handshake(22) with length: 183
|<4>| HSK[0x1614570]: CLIENT HELLO (1) was received. Length 179[179], frag offset 0, frag length: 179, sequence: 0
|<4>| HSK[0x1614570]: Client's version: 3.3
|<4>| EXT[0x1614570]: Parsing extension 'Supported Versions/43' (5 bytes)
|<4>| EXT[0x1614570]: Found version: 127.26
|<4>| EXT[0x1614570]: Negotiated version: 127.26
|<4>| EXT[0x1614570]: Parsing extension 'Supported Groups/10' (4 bytes)
|<4>| EXT[0x1614570]: Received group SECP256R1 (0x17)
|<4>| EXT[0x1614570]: Selected group SECP256R1
|<4>| EXT[0x1614570]: Parsing extension 'Signature Algorithms/13' (6 bytes)
|<4>| EXT[0x1614570]: rcvd signature algo (8.4) RSA-PSS-RSAE-SHA256
|<4>| EXT[0x1614570]: rcvd signature algo (8.9) RSA-PSS-SHA256
|<4>| HSK[0x1614570]: Received safe renegotiation CS
|<2>| checking 13.01 (GNUTLS_AES_128_GCM_SHA256) for compatibility
|<3>| ASSERT: server_name.c[gnutls_server_name_get]:235
|<4>| HSK[0x1614570]: Requested server name: ''
|<4>| HSK[0x1614570]: checking compat of GNUTLS_AES_128_GCM_SHA256 with certificate[3] (RSA-PSS/X.509)
|<4>| checking cert compat with RSA-PSS-RSAE-SHA256
|<4>| Selected signature algorithm: RSA-PSS-RSAE-SHA256
|<2>| Selected (RSA-PSS) cert based on ciphersuite 13.1: GNUTLS_AES_128_GCM_SHA256
|<4>| HSK[0x1614570]: Selected cipher suite: GNUTLS_AES_128_GCM_SHA256
|<4>| HSK[0x1614570]: Selected version TLS1.3
|<4>| EXT[0x1614570]: Parsing extension 'Key Share/51' (71 bytes)
|<4>| EXT[0x1614570]: Received key share for SECP256R1
|<4>| HSK[0x1614570]: Selected group SECP256R1 (2)
|<2>| EXT[0x1614570]: server generated SECP256R1 shared key
|<4>| HSK[0x1614570]: Safe renegotiation succeeded
|<4>| HSK[0x1614570]: SessionID: 771679b87bb99b425f879317eb6229c22d48f063a8ff64a940723c3ce83b3889
|<4>| EXT[0x1614570]: Not sending extension (Maximum Record Size/1) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Not sending extension (OCSP Status Request/5) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Not sending extension (Supported Groups/10) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Not sending extension (Supported EC Point Formats/11) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Not sending extension (SRP/12) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Not sending extension (Signature Algorithms/13) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Not sending extension (SRTP/14) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Not sending extension (Heartbeat/15) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Not sending extension (ALPN/16) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Not sending extension (Encrypt-then-MAC/22) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Not sending extension (Extended Master Secret/23) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Not sending extension (Session Ticket/35) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Preparing extension (Key Share/51) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: sending key share for SECP256R1
|<4>| EXT[0x1614570]: Sending extension Key Share/51 (69 bytes)
|<4>| EXT[0x1614570]: Preparing extension (Supported Versions/43) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Sending extension Supported Versions/43 (2 bytes)
|<4>| EXT[0x1614570]: Not sending extension (Post Handshake Auth/49) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Not sending extension (Safe Renegotiation/65281) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Not sending extension (Server Name Indication/0) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Not sending extension (Cookie/44) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Preparing extension (PSK Key Exchange Modes/45) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Not sending extension (ClientHello Padding/21) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Preparing extension (Pre Shared Key/41) for 'TLS 1.3 server hello'
|<4>| HSK[0x1614570]: SERVER HELLO was queued [155 bytes]
|<5>| REC[0x1614570]: Preparing Packet Handshake(22) with length: 155 and min pad: 0
|<5>| REC[0x1614570]: Sent Packet[1] Handshake(22) in epoch 0 and length: 160
|<5>| REC[0x1614570]: Preparing Packet ChangeCipherSpec(20) with length: 1 and min pad: 0
|<5>| REC[0x1614570]: Sent Packet[2] ChangeCipherSpec(20) in epoch 0 and length: 6
|<4>| REC[0x1614570]: Sent ChangeCipherSpec
|<5>| REC[0x1614570]: Initializing epoch #1
|<5>| REC[0x1614570]: Epoch #1 ready
|<4>| HSK[0x1614570]: TLS 1.3 re-key with cipher suite: GNUTLS_AES_128_GCM_SHA256
|<4>| EXT[0x1614570]: Preparing extension (Maximum Record Size/1) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Not sending extension (OCSP Status Request/5) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Preparing extension (Supported Groups/10) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Not sending extension (Supported EC Point Formats/11) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Not sending extension (SRP/12) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Not sending extension (Signature Algorithms/13) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Preparing extension (SRTP/14) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Preparing extension (Heartbeat/15) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Preparing extension (ALPN/16) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Not sending extension (Encrypt-then-MAC/22) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Not sending extension (Extended Master Secret/23) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Not sending extension (Session Ticket/35) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Not sending extension (Key Share/51) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Not sending extension (Supported Versions/43) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Not sending extension (Post Handshake Auth/49) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Not sending extension (Safe Renegotiation/65281) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Preparing extension (Server Name Indication/0) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Not sending extension (Cookie/44) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Not sending extension (PSK Key Exchange Modes/45) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Not sending extension (ClientHello Padding/21) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Not sending extension (Pre Shared Key/41) for 'encrypted extensions'
|<4>| HSK[0x1614570]: ENCRYPTED EXTENSIONS was queued [6 bytes]
|<4>| HSK[0x1614570]: CERTIFICATE was queued [874 bytes]
|<4>| checking cert compat with RSA-PSS-RSAE-SHA256
|<4>| HSK[0x1614570]: signing TLS 1.3 handshake data: using RSA-PSS-RSAE-SHA256 and PRF: SHA256
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<4>| HSK[0x1614570]: CERTIFICATE VERIFY was queued [264 bytes]
|<4>| HSK[0x1614570]: sending finished
|<4>| HSK[0x1614570]: FINISHED was queued [36 bytes]
|<5>| REC[0x1614570]: Preparing Packet Handshake(22) with length: 6 and min pad: 0
|<5>| REC[0x1614570]: Sent Packet[1] Handshake(22) in epoch 1 and length: 28
|<5>| REC[0x1614570]: Preparing Packet Handshake(22) with length: 874 and min pad: 0
|<5>| REC[0x1614570]: Sent Packet[2] Handshake(22) in epoch 1 and length: 896
|<5>| REC[0x1614570]: Preparing Packet Handshake(22) with length: 264 and min pad: 0
|<5>| REC[0x1614570]: Sent Packet[3] Handshake(22) in epoch 1 and length: 286
|<5>| REC[0x1614570]: Preparing Packet Handshake(22) with length: 36 and min pad: 0
|<5>| REC[0x1614570]: Sent Packet[4] Handshake(22) in epoch 1 and length: 58
|<3>| ASSERT: buffers.c[get_last_packet]:1169
|<5>| REC[0x1614570]: SSL 3.3 Application Data packet received. Epoch 1, length: 53
|<5>| REC[0x1614570]: Expected Packet Handshake(22)
|<5>| REC[0x1614570]: Received Packet Application Data(23) with length: 53
|<5>| REC[0x1614570]: Decrypted Packet[0] Handshake(22) with length: 36
|<4>| HSK[0x1614570]: FINISHED (20) was received. Length 32[32], frag offset 0, frag length: 32, sequence: 0
|<4>| HSK[0x1614570]: parsing finished
|<3>| ASSERT: constate.c[_gnutls_epoch_get]:824
|<5>| REC[0x1614570]: Allocating epoch #2
|<5>| REC[0x1614570]: Initializing epoch #2
|<5>| REC[0x1614570]: Epoch #2 ready
|<4>| HSK[0x1614570]: TLS 1.3 re-key with cipher suite: GNUTLS_AES_128_GCM_SHA256
|<4>| HSK[0x1614570]: NEW SESSION TICKET was queued [199 bytes]
|<5>| REC[0x1614570]: Preparing Packet Handshake(22) with length: 199 and min pad: 0
|<5>| REC[0x1614570]: Sent Packet[1] Handshake(22) in epoch 2 and length: 221
|<5>| REC[0x1614570]: Start of epoch cleanup
|<5>| REC[0x1614570]: Epoch #0 freed
|<5>| REC[0x1614570]: Epoch #1 freed
|<5>| REC[0x1614570]: End of epoch cleanup
- Description: (TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(AES-128-GCM)
- Session ID: 77:16:79:B8:7B:B9:9B:42:5F:87:93:17:EB:62:29:C2:2D:48:F0:63:A8:FF:64:A9:40:72:3C:3C:E8:3B:38:89
|<3>| ASSERT: server_name.c[gnutls_server_name_get]:235
No certificates found!
- Ephemeral EC Diffie-Hellman parameters
- Using curve: SECP256R1
- Curve size: 256 bits
- Version: TLS1.3
- Key Exchange: ECDHE-RSA
- Server Signature: RSA-PSS-RSAE-SHA256
- Cipher: AES-128-GCM
- MAC: AEAD
|<3>| ASSERT: ocsp-api.c[gnutls_ocsp_status_request_get2]:99
|<3>| ASSERT: ocsp-api.c[gnutls_ocsp_status_request_is_checked]:627
- Options: safe renegotiation,
|<3>| ASSERT: srtp.c[gnutls_srtp_get_selected_profile]:320
|<3>| ASSERT: alpn.c[gnutls_alpn_get_selected_protocol]:255
- Channel binding 'tls-unique':
|<5>| REC[0x1614570]: SSL 3.3 Application Data packet received. Epoch 2, length: 35
|<5>| REC[0x1614570]: Expected Packet Application Data(23)
|<5>| REC[0x1614570]: Received Packet Application Data(23) with length: 35
|<5>| REC[0x1614570]: Decrypted Packet[0] Application Data(23) with length: 18
|<3>| ASSERT: server_name.c[gnutls_server_name_get]:235
|<5>| REC[0x1614570]: Preparing Packet Application Data(23) with length: 808 and min pad: 0
|<5>| REC[0x1614570]: Sent Packet[2] Application Data(23) in epoch 2 and length: 830
|<3>| ASSERT: buffers.c[_gnutls_io_write_flush]:696
|<5>| REC: Sending Alert[1|0] - Close notify
|<5>| REC[0x1614570]: Preparing Packet Alert(21) with length: 2 and min pad: 0
|<5>| REC[0x1614570]: Sent Packet[3] Alert(21) in epoch 2 and length: 24
|<5>| REC[0x1614570]: Start of epoch cleanup
|<5>| REC[0x1614570]: End of epoch cleanup
|<5>| REC[0x1614570]: Epoch #2 freed
|<5>| REC[0x1614570]: Allocating epoch #0
|<2>| added 43 ciphersuites, 18 sig algos and 8 groups into priority list
* Accepted connection from IPv4 127.0.0.1 port 57294 on Wed Jul 4 13:57:33 2018
|<5>| REC[0x1614570]: Allocating epoch #1
|<3>| ASSERT: buffers.c[get_last_packet]:1169
|<5>| REC[0x1614570]: SSL 3.0 Handshake packet received. Epoch 0, length: 557
|<5>| REC[0x1614570]: Expected Packet Handshake(22)
|<5>| REC[0x1614570]: Received Packet Handshake(22) with length: 557
|<5>| REC[0x1614570]: Decrypted Packet[0] Handshake(22) with length: 557
|<4>| HSK[0x1614570]: CLIENT HELLO (1) was received. Length 553[553], frag offset 0, frag length: 553, sequence: 0
|<4>| HSK[0x1614570]: Client's version: 3.3
|<4>| EXT[0x1614570]: Parsing extension 'Supported Versions/43' (5 bytes)
|<4>| EXT[0x1614570]: Found version: 127.26
|<4>| EXT[0x1614570]: Negotiated version: 127.26
|<4>| EXT[0x1614570]: Parsing extension 'Supported Groups/10' (4 bytes)
|<4>| EXT[0x1614570]: Received group SECP256R1 (0x17)
|<4>| EXT[0x1614570]: Selected group SECP256R1
|<4>| EXT[0x1614570]: Parsing extension 'Signature Algorithms/13' (6 bytes)
|<4>| EXT[0x1614570]: rcvd signature algo (8.4) RSA-PSS-RSAE-SHA256
|<4>| EXT[0x1614570]: rcvd signature algo (8.9) RSA-PSS-SHA256
|<4>| EXT[0x1614570]: Parsing extension 'PSK Key Exchange Modes/45' (3 bytes)
|<4>| EXT[0x1614570]: PSK KE mode 01 received
|<4>| EXT[0x1614570]: PSK KE mode 00 received
|<4>| EXT[0x1614570]: Parsing extension 'Pre Shared Key/41' (363 bytes)
|<3>| ASSERT: session_ticket.c[_gnutls_decrypt_session_ticket]:206
|<3>| ASSERT: tls13/session_ticket.c[_gnutls13_unpack_session_ticket]:385
|<4>| HSK[0x1614570]: Received safe renegotiation CS
|<2>| checking 13.01 (GNUTLS_AES_128_GCM_SHA256) for compatibility
|<3>| ASSERT: server_name.c[gnutls_server_name_get]:235
|<4>| HSK[0x1614570]: Requested server name: ''
|<4>| HSK[0x1614570]: checking compat of GNUTLS_AES_128_GCM_SHA256 with certificate[3] (RSA-PSS/X.509)
|<4>| checking cert compat with RSA-PSS-RSAE-SHA256
|<4>| Selected signature algorithm: RSA-PSS-RSAE-SHA256
|<2>| Selected (RSA-PSS) cert based on ciphersuite 13.1: GNUTLS_AES_128_GCM_SHA256
|<4>| HSK[0x1614570]: Selected cipher suite: GNUTLS_AES_128_GCM_SHA256
|<4>| HSK[0x1614570]: Selected version TLS1.3
|<4>| EXT[0x1614570]: Parsing extension 'Key Share/51' (71 bytes)
|<4>| EXT[0x1614570]: Received key share for SECP256R1
|<4>| HSK[0x1614570]: Selected group SECP256R1 (2)
|<2>| EXT[0x1614570]: server generated SECP256R1 shared key
|<4>| HSK[0x1614570]: Safe renegotiation succeeded
|<4>| HSK[0x1614570]: SessionID: d621fd91eb424fb16febdfadb503ad697bffccaf8caaea8f63a03732eb56c0fa
|<4>| EXT[0x1614570]: Not sending extension (Maximum Record Size/1) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Not sending extension (OCSP Status Request/5) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Not sending extension (Supported Groups/10) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Not sending extension (Supported EC Point Formats/11) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Not sending extension (SRP/12) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Not sending extension (Signature Algorithms/13) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Not sending extension (SRTP/14) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Not sending extension (Heartbeat/15) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Not sending extension (ALPN/16) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Not sending extension (Encrypt-then-MAC/22) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Not sending extension (Extended Master Secret/23) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Not sending extension (Session Ticket/35) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Preparing extension (Key Share/51) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: sending key share for SECP256R1
|<4>| EXT[0x1614570]: Sending extension Key Share/51 (69 bytes)
|<4>| EXT[0x1614570]: Preparing extension (Supported Versions/43) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Sending extension Supported Versions/43 (2 bytes)
|<4>| EXT[0x1614570]: Not sending extension (Post Handshake Auth/49) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Not sending extension (Safe Renegotiation/65281) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Not sending extension (Server Name Indication/0) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Not sending extension (Cookie/44) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Preparing extension (PSK Key Exchange Modes/45) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Not sending extension (ClientHello Padding/21) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Preparing extension (Pre Shared Key/41) for 'TLS 1.3 server hello'
|<4>| HSK[0x1614570]: SERVER HELLO was queued [155 bytes]
|<5>| REC[0x1614570]: Preparing Packet Handshake(22) with length: 155 and min pad: 0
|<5>| REC[0x1614570]: Sent Packet[1] Handshake(22) in epoch 0 and length: 160
|<5>| REC[0x1614570]: Preparing Packet ChangeCipherSpec(20) with length: 1 and min pad: 0
|<5>| REC[0x1614570]: Sent Packet[2] ChangeCipherSpec(20) in epoch 0 and length: 6
|<4>| REC[0x1614570]: Sent ChangeCipherSpec
|<5>| REC[0x1614570]: Initializing epoch #1
|<5>| REC[0x1614570]: Epoch #1 ready
|<4>| HSK[0x1614570]: TLS 1.3 re-key with cipher suite: GNUTLS_AES_128_GCM_SHA256
|<4>| EXT[0x1614570]: Preparing extension (Maximum Record Size/1) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Not sending extension (OCSP Status Request/5) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Preparing extension (Supported Groups/10) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Not sending extension (Supported EC Point Formats/11) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Not sending extension (SRP/12) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Not sending extension (Signature Algorithms/13) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Preparing extension (SRTP/14) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Preparing extension (Heartbeat/15) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Preparing extension (ALPN/16) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Not sending extension (Encrypt-then-MAC/22) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Not sending extension (Extended Master Secret/23) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Not sending extension (Session Ticket/35) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Not sending extension (Key Share/51) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Not sending extension (Supported Versions/43) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Not sending extension (Post Handshake Auth/49) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Not sending extension (Safe Renegotiation/65281) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Preparing extension (Server Name Indication/0) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Not sending extension (Cookie/44) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Not sending extension (PSK Key Exchange Modes/45) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Not sending extension (ClientHello Padding/21) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Not sending extension (Pre Shared Key/41) for 'encrypted extensions'
|<4>| HSK[0x1614570]: ENCRYPTED EXTENSIONS was queued [6 bytes]
|<4>| HSK[0x1614570]: CERTIFICATE was queued [874 bytes]
|<4>| checking cert compat with RSA-PSS-RSAE-SHA256
|<4>| HSK[0x1614570]: signing TLS 1.3 handshake data: using RSA-PSS-RSAE-SHA256 and PRF: SHA256
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<4>| HSK[0x1614570]: CERTIFICATE VERIFY was queued [264 bytes]
|<4>| HSK[0x1614570]: sending finished
|<4>| HSK[0x1614570]: FINISHED was queued [36 bytes]
|<5>| REC[0x1614570]: Preparing Packet Handshake(22) with length: 6 and min pad: 0
|<5>| REC[0x1614570]: Sent Packet[1] Handshake(22) in epoch 1 and length: 28
|<5>| REC[0x1614570]: Preparing Packet Handshake(22) with length: 874 and min pad: 0
|<5>| REC[0x1614570]: Sent Packet[2] Handshake(22) in epoch 1 and length: 896
|<5>| REC[0x1614570]: Preparing Packet Handshake(22) with length: 264 and min pad: 0
|<5>| REC[0x1614570]: Sent Packet[3] Handshake(22) in epoch 1 and length: 286
|<5>| REC[0x1614570]: Preparing Packet Handshake(22) with length: 36 and min pad: 0
|<5>| REC[0x1614570]: Sent Packet[4] Handshake(22) in epoch 1 and length: 58
|<3>| ASSERT: buffers.c[get_last_packet]:1169
|<5>| REC[0x1614570]: SSL 3.3 Application Data packet received. Epoch 1, length: 53
|<5>| REC[0x1614570]: Expected Packet Handshake(22)
|<5>| REC[0x1614570]: Received Packet Application Data(23) with length: 53
|<5>| REC[0x1614570]: Decrypted Packet[0] Handshake(22) with length: 36
|<4>| HSK[0x1614570]: FINISHED (20) was received. Length 32[32], frag offset 0, frag length: 32, sequence: 0
|<4>| HSK[0x1614570]: parsing finished
|<3>| ASSERT: constate.c[_gnutls_epoch_get]:824
|<5>| REC[0x1614570]: Allocating epoch #2
|<5>| REC[0x1614570]: Initializing epoch #2
|<5>| REC[0x1614570]: Epoch #2 ready
|<4>| HSK[0x1614570]: TLS 1.3 re-key with cipher suite: GNUTLS_AES_128_GCM_SHA256
|<4>| HSK[0x1614570]: NEW SESSION TICKET was queued [199 bytes]
|<5>| REC[0x1614570]: Preparing Packet Handshake(22) with length: 199 and min pad: 0
|<5>| REC[0x1614570]: Sent Packet[1] Handshake(22) in epoch 2 and length: 221
|<5>| REC[0x1614570]: Start of epoch cleanup
|<5>| REC[0x1614570]: Epoch #0 freed
|<5>| REC[0x1614570]: Epoch #1 freed
|<5>| REC[0x1614570]: End of epoch cleanup
- Description: (TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(AES-128-GCM)
- Session ID: D6:21:FD:91:EB:42:4F:B1:6F:EB:DF:AD:B5:03:AD:69:7B:FF:CC:AF:8C:AA:EA:8F:63:A0:37:32:EB:56:C0:FA
|<3>| ASSERT: server_name.c[gnutls_server_name_get]:235
No certificates found!
- Ephemeral EC Diffie-Hellman parameters
- Using curve: SECP256R1
- Curve size: 256 bits
- Version: TLS1.3
- Key Exchange: ECDHE-RSA
- Server Signature: RSA-PSS-RSAE-SHA256
- Cipher: AES-128-GCM
- MAC: AEAD
|<3>| ASSERT: ocsp-api.c[gnutls_ocsp_status_request_get2]:99
|<3>| ASSERT: ocsp-api.c[gnutls_ocsp_status_request_is_checked]:627
- Options: safe renegotiation,
|<3>| ASSERT: srtp.c[gnutls_srtp_get_selected_profile]:320
|<3>| ASSERT: alpn.c[gnutls_alpn_get_selected_protocol]:255
- Channel binding 'tls-unique':
|<5>| REC[0x1614570]: SSL 3.3 Application Data packet received. Epoch 2, length: 35
|<5>| REC[0x1614570]: Expected Packet Application Data(23)
|<5>| REC[0x1614570]: Received Packet Application Data(23) with length: 35
|<5>| REC[0x1614570]: Decrypted Packet[0] Application Data(23) with length: 18
|<3>| ASSERT: server_name.c[gnutls_server_name_get]:235
|<5>| REC[0x1614570]: Preparing Packet Application Data(23) with length: 808 and min pad: 0
|<5>| REC[0x1614570]: Sent Packet[2] Application Data(23) in epoch 2 and length: 830
|<3>| ASSERT: buffers.c[_gnutls_io_write_flush]:696
|<5>| REC: Sending Alert[1|0] - Close notify
|<5>| REC[0x1614570]: Preparing Packet Alert(21) with length: 2 and min pad: 0
|<5>| REC[0x1614570]: Sent Packet[3] Alert(21) in epoch 2 and length: 24
|<5>| REC[0x1614570]: Start of epoch cleanup
|<5>| REC[0x1614570]: End of epoch cleanup
|<5>| REC[0x1614570]: Epoch #2 freed
|<5>| REC[0x1614570]: Allocating epoch #0
|<2>| added 43 ciphersuites, 18 sig algos and 8 groups into priority list
* Accepted connection from IPv4 127.0.0.1 port 57296 on Wed Jul 4 13:57:33 2018
|<5>| REC[0x1614570]: Allocating epoch #1
|<3>| ASSERT: buffers.c[get_last_packet]:1169
|<5>| REC[0x1614570]: SSL 3.0 Handshake packet received. Epoch 0, length: 561
|<5>| REC[0x1614570]: Expected Packet Handshake(22)
|<5>| REC[0x1614570]: Received Packet Handshake(22) with length: 561
|<5>| REC[0x1614570]: Decrypted Packet[0] Handshake(22) with length: 561
|<4>| HSK[0x1614570]: CLIENT HELLO (1) was received. Length 557[557], frag offset 0, frag length: 557, sequence: 0
|<4>| HSK[0x1614570]: Client's version: 3.3
|<4>| EXT[0x1614570]: Parsing extension 'Supported Versions/43' (5 bytes)
|<4>| EXT[0x1614570]: Found version: 127.26
|<4>| EXT[0x1614570]: Negotiated version: 127.26
|<4>| EXT[0x1614570]: Parsing extension 'Supported Groups/10' (4 bytes)
|<4>| EXT[0x1614570]: Received group SECP256R1 (0x17)
|<4>| EXT[0x1614570]: Selected group SECP256R1
|<4>| EXT[0x1614570]: Parsing extension 'Signature Algorithms/13' (6 bytes)
|<4>| EXT[0x1614570]: rcvd signature algo (8.4) RSA-PSS-RSAE-SHA256
|<4>| EXT[0x1614570]: rcvd signature algo (8.9) RSA-PSS-SHA256
|<4>| EXT[0x1614570]: Parsing extension 'PSK Key Exchange Modes/45' (3 bytes)
|<4>| EXT[0x1614570]: PSK KE mode 01 received
|<4>| EXT[0x1614570]: PSK KE mode 00 received
|<4>| EXT[0x1614570]: Parsing extension 'Pre Shared Key/41' (363 bytes)
|<3>| ASSERT: session_ticket.c[_gnutls_decrypt_session_ticket]:206
|<3>| ASSERT: tls13/session_ticket.c[_gnutls13_unpack_session_ticket]:385
|<4>| HSK[0x1614570]: Received safe renegotiation CS
|<2>| checking 13.01 (GNUTLS_AES_128_GCM_SHA256) for compatibility
|<3>| ASSERT: server_name.c[gnutls_server_name_get]:235
|<4>| HSK[0x1614570]: Requested server name: ''
|<4>| HSK[0x1614570]: checking compat of GNUTLS_AES_128_GCM_SHA256 with certificate[3] (RSA-PSS/X.509)
|<4>| checking cert compat with RSA-PSS-RSAE-SHA256
|<4>| Selected signature algorithm: RSA-PSS-RSAE-SHA256
|<2>| Selected (RSA-PSS) cert based on ciphersuite 13.1: GNUTLS_AES_128_GCM_SHA256
|<4>| HSK[0x1614570]: Selected cipher suite: GNUTLS_AES_128_GCM_SHA256
|<4>| HSK[0x1614570]: Selected version TLS1.3
|<4>| EXT[0x1614570]: Parsing extension 'Key Share/51' (71 bytes)
|<4>| EXT[0x1614570]: Received key share for SECP256R1
|<4>| HSK[0x1614570]: Selected group SECP256R1 (2)
|<2>| EXT[0x1614570]: server generated SECP256R1 shared key
|<4>| HSK[0x1614570]: Safe renegotiation succeeded
|<4>| HSK[0x1614570]: SessionID: f42c785b5165a9cf32f1c93a121cce4158f9c75dd8cc69fa7299f49f711d52c6
|<4>| EXT[0x1614570]: Not sending extension (Maximum Record Size/1) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Not sending extension (OCSP Status Request/5) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Not sending extension (Supported Groups/10) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Not sending extension (Supported EC Point Formats/11) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Not sending extension (SRP/12) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Not sending extension (Signature Algorithms/13) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Not sending extension (SRTP/14) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Not sending extension (Heartbeat/15) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Not sending extension (ALPN/16) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Not sending extension (Encrypt-then-MAC/22) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Not sending extension (Extended Master Secret/23) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Not sending extension (Session Ticket/35) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Preparing extension (Key Share/51) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: sending key share for SECP256R1
|<4>| EXT[0x1614570]: Sending extension Key Share/51 (69 bytes)
|<4>| EXT[0x1614570]: Preparing extension (Supported Versions/43) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Sending extension Supported Versions/43 (2 bytes)
|<4>| EXT[0x1614570]: Not sending extension (Post Handshake Auth/49) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Not sending extension (Safe Renegotiation/65281) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Not sending extension (Server Name Indication/0) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Not sending extension (Cookie/44) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Preparing extension (PSK Key Exchange Modes/45) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Not sending extension (ClientHello Padding/21) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Preparing extension (Pre Shared Key/41) for 'TLS 1.3 server hello'
|<4>| HSK[0x1614570]: SERVER HELLO was queued [155 bytes]
|<5>| REC[0x1614570]: Preparing Packet Handshake(22) with length: 155 and min pad: 0
|<5>| REC[0x1614570]: Sent Packet[1] Handshake(22) in epoch 0 and length: 160
|<5>| REC[0x1614570]: Preparing Packet ChangeCipherSpec(20) with length: 1 and min pad: 0
|<5>| REC[0x1614570]: Sent Packet[2] ChangeCipherSpec(20) in epoch 0 and length: 6
|<4>| REC[0x1614570]: Sent ChangeCipherSpec
|<5>| REC[0x1614570]: Initializing epoch #1
|<5>| REC[0x1614570]: Epoch #1 ready
|<4>| HSK[0x1614570]: TLS 1.3 re-key with cipher suite: GNUTLS_AES_128_GCM_SHA256
|<4>| EXT[0x1614570]: Preparing extension (Maximum Record Size/1) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Not sending extension (OCSP Status Request/5) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Preparing extension (Supported Groups/10) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Not sending extension (Supported EC Point Formats/11) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Not sending extension (SRP/12) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Not sending extension (Signature Algorithms/13) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Preparing extension (SRTP/14) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Preparing extension (Heartbeat/15) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Preparing extension (ALPN/16) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Not sending extension (Encrypt-then-MAC/22) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Not sending extension (Extended Master Secret/23) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Not sending extension (Session Ticket/35) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Not sending extension (Key Share/51) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Not sending extension (Supported Versions/43) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Not sending extension (Post Handshake Auth/49) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Not sending extension (Safe Renegotiation/65281) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Preparing extension (Server Name Indication/0) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Not sending extension (Cookie/44) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Not sending extension (PSK Key Exchange Modes/45) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Not sending extension (ClientHello Padding/21) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Not sending extension (Pre Shared Key/41) for 'encrypted extensions'
|<4>| HSK[0x1614570]: ENCRYPTED EXTENSIONS was queued [6 bytes]
|<4>| HSK[0x1614570]: CERTIFICATE was queued [874 bytes]
|<4>| checking cert compat with RSA-PSS-RSAE-SHA256
|<4>| HSK[0x1614570]: signing TLS 1.3 handshake data: using RSA-PSS-RSAE-SHA256 and PRF: SHA256
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<4>| HSK[0x1614570]: CERTIFICATE VERIFY was queued [264 bytes]
|<4>| HSK[0x1614570]: sending finished
|<4>| HSK[0x1614570]: FINISHED was queued [36 bytes]
|<5>| REC[0x1614570]: Preparing Packet Handshake(22) with length: 6 and min pad: 0
|<5>| REC[0x1614570]: Sent Packet[1] Handshake(22) in epoch 1 and length: 28
|<5>| REC[0x1614570]: Preparing Packet Handshake(22) with length: 874 and min pad: 0
|<5>| REC[0x1614570]: Sent Packet[2] Handshake(22) in epoch 1 and length: 896
|<5>| REC[0x1614570]: Preparing Packet Handshake(22) with length: 264 and min pad: 0
|<5>| REC[0x1614570]: Sent Packet[3] Handshake(22) in epoch 1 and length: 286
|<5>| REC[0x1614570]: Preparing Packet Handshake(22) with length: 36 and min pad: 0
|<5>| REC[0x1614570]: Sent Packet[4] Handshake(22) in epoch 1 and length: 58
|<3>| ASSERT: buffers.c[get_last_packet]:1169
|<5>| REC[0x1614570]: SSL 3.3 Application Data packet received. Epoch 1, length: 16384
|<5>| REC[0x1614570]: Expected Packet Handshake(22)
|<5>| REC[0x1614570]: Received Packet Application Data(23) with length: 16384
|<3>| ASSERT: aes-gcm-x86-pclmul-avx.c[aesni_gcm_aead_decrypt]:331
|<3>| ASSERT: crypto-api.c[gnutls_aead_cipher_decrypt]:716
|<3>| ASSERT: cipher.c[decrypt_packet_tls13]:870
|<3>| ASSERT: cipher.c[_gnutls_decrypt]:160
|<3>| ASSERT: record.c[_gnutls_recv_in_buffers]:1322
|<0x1614570>| Discarded message[0] due to invalid decryption
|<3>| ASSERT: buffers.c[_gnutls_handshake_io_recv_int]:1424
|<3>| ASSERT: handshake.c[_gnutls_recv_handshake]:1443
|<3>| ASSERT: tls13/finished.c[_gnutls13_recv_finished]:94
|<3>| ASSERT: handshake-tls13.c[_gnutls13_handshake_server]:380
Error in handshake: Decryption has failed.
|<5>| REC: Sending Alert[2|20] - Bad record MAC
|<5>| REC[0x1614570]: Preparing Packet Alert(21) with length: 2 and min pad: 0
|<5>| REC[0x1614570]: Sent Packet[5] Alert(21) in epoch 1 and length: 24
|<5>| REC[0x1614570]: Start of epoch cleanup
|<5>| REC[0x1614570]: Epoch #0 freed
|<5>| REC[0x1614570]: End of epoch cleanup
|<5>| REC[0x1614570]: Epoch #1 freed
|<5>| REC[0x1614570]: Allocating epoch #0
|<2>| added 43 ciphersuites, 18 sig algos and 8 groups into priority list
* Accepted connection from IPv4 127.0.0.1 port 57298 on Wed Jul 4 13:57:33 2018
|<5>| REC[0x1614570]: Allocating epoch #1
|<3>| ASSERT: buffers.c[get_last_packet]:1169
|<5>| REC[0x1614570]: SSL 3.0 Handshake packet received. Epoch 0, length: 183
|<5>| REC[0x1614570]: Expected Packet Handshake(22)
|<5>| REC[0x1614570]: Received Packet Handshake(22) with length: 183
|<5>| REC[0x1614570]: Decrypted Packet[0] Handshake(22) with length: 183
|<4>| HSK[0x1614570]: CLIENT HELLO (1) was received. Length 179[179], frag offset 0, frag length: 179, sequence: 0
|<4>| HSK[0x1614570]: Client's version: 3.3
|<4>| EXT[0x1614570]: Parsing extension 'Supported Versions/43' (5 bytes)
|<4>| EXT[0x1614570]: Found version: 127.26
|<4>| EXT[0x1614570]: Negotiated version: 127.26
|<4>| EXT[0x1614570]: Parsing extension 'Supported Groups/10' (4 bytes)
|<4>| EXT[0x1614570]: Received group SECP256R1 (0x17)
|<4>| EXT[0x1614570]: Selected group SECP256R1
|<4>| EXT[0x1614570]: Parsing extension 'Signature Algorithms/13' (6 bytes)
|<4>| EXT[0x1614570]: rcvd signature algo (8.4) RSA-PSS-RSAE-SHA256
|<4>| EXT[0x1614570]: rcvd signature algo (8.9) RSA-PSS-SHA256
|<4>| HSK[0x1614570]: Received safe renegotiation CS
|<2>| checking 13.01 (GNUTLS_AES_128_GCM_SHA256) for compatibility
|<3>| ASSERT: server_name.c[gnutls_server_name_get]:235
|<4>| HSK[0x1614570]: Requested server name: ''
|<4>| HSK[0x1614570]: checking compat of GNUTLS_AES_128_GCM_SHA256 with certificate[3] (RSA-PSS/X.509)
|<4>| checking cert compat with RSA-PSS-RSAE-SHA256
|<4>| Selected signature algorithm: RSA-PSS-RSAE-SHA256
|<2>| Selected (RSA-PSS) cert based on ciphersuite 13.1: GNUTLS_AES_128_GCM_SHA256
|<4>| HSK[0x1614570]: Selected cipher suite: GNUTLS_AES_128_GCM_SHA256
|<4>| HSK[0x1614570]: Selected version TLS1.3
|<4>| EXT[0x1614570]: Parsing extension 'Key Share/51' (71 bytes)
|<4>| EXT[0x1614570]: Received key share for SECP256R1
|<4>| HSK[0x1614570]: Selected group SECP256R1 (2)
|<2>| EXT[0x1614570]: server generated SECP256R1 shared key
|<4>| HSK[0x1614570]: Safe renegotiation succeeded
|<4>| HSK[0x1614570]: SessionID: 771679b87bb99b425f879317eb6229c22d48f063a8ff64a940723c3ce83b3889
|<4>| EXT[0x1614570]: Not sending extension (Maximum Record Size/1) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Not sending extension (OCSP Status Request/5) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Not sending extension (Supported Groups/10) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Not sending extension (Supported EC Point Formats/11) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Not sending extension (SRP/12) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Not sending extension (Signature Algorithms/13) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Not sending extension (SRTP/14) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Not sending extension (Heartbeat/15) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Not sending extension (ALPN/16) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Not sending extension (Encrypt-then-MAC/22) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Not sending extension (Extended Master Secret/23) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Not sending extension (Session Ticket/35) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Preparing extension (Key Share/51) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: sending key share for SECP256R1
|<4>| EXT[0x1614570]: Sending extension Key Share/51 (69 bytes)
|<4>| EXT[0x1614570]: Preparing extension (Supported Versions/43) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Sending extension Supported Versions/43 (2 bytes)
|<4>| EXT[0x1614570]: Not sending extension (Post Handshake Auth/49) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Not sending extension (Safe Renegotiation/65281) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Not sending extension (Server Name Indication/0) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Not sending extension (Cookie/44) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Preparing extension (PSK Key Exchange Modes/45) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Not sending extension (ClientHello Padding/21) for 'TLS 1.3 server hello'
|<4>| EXT[0x1614570]: Preparing extension (Pre Shared Key/41) for 'TLS 1.3 server hello'
|<4>| HSK[0x1614570]: SERVER HELLO was queued [155 bytes]
|<5>| REC[0x1614570]: Preparing Packet Handshake(22) with length: 155 and min pad: 0
|<5>| REC[0x1614570]: Sent Packet[1] Handshake(22) in epoch 0 and length: 160
|<5>| REC[0x1614570]: Preparing Packet ChangeCipherSpec(20) with length: 1 and min pad: 0
|<5>| REC[0x1614570]: Sent Packet[2] ChangeCipherSpec(20) in epoch 0 and length: 6
|<4>| REC[0x1614570]: Sent ChangeCipherSpec
|<5>| REC[0x1614570]: Initializing epoch #1
|<5>| REC[0x1614570]: Epoch #1 ready
|<4>| HSK[0x1614570]: TLS 1.3 re-key with cipher suite: GNUTLS_AES_128_GCM_SHA256
|<4>| EXT[0x1614570]: Preparing extension (Maximum Record Size/1) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Not sending extension (OCSP Status Request/5) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Preparing extension (Supported Groups/10) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Not sending extension (Supported EC Point Formats/11) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Not sending extension (SRP/12) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Not sending extension (Signature Algorithms/13) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Preparing extension (SRTP/14) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Preparing extension (Heartbeat/15) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Preparing extension (ALPN/16) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Not sending extension (Encrypt-then-MAC/22) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Not sending extension (Extended Master Secret/23) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Not sending extension (Session Ticket/35) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Not sending extension (Key Share/51) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Not sending extension (Supported Versions/43) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Not sending extension (Post Handshake Auth/49) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Not sending extension (Safe Renegotiation/65281) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Preparing extension (Server Name Indication/0) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Not sending extension (Cookie/44) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Not sending extension (PSK Key Exchange Modes/45) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Not sending extension (ClientHello Padding/21) for 'encrypted extensions'
|<4>| EXT[0x1614570]: Not sending extension (Pre Shared Key/41) for 'encrypted extensions'
|<4>| HSK[0x1614570]: ENCRYPTED EXTENSIONS was queued [6 bytes]
|<4>| HSK[0x1614570]: CERTIFICATE was queued [874 bytes]
|<4>| checking cert compat with RSA-PSS-RSAE-SHA256
|<4>| HSK[0x1614570]: signing TLS 1.3 handshake data: using RSA-PSS-RSAE-SHA256 and PRF: SHA256
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<4>| HSK[0x1614570]: CERTIFICATE VERIFY was queued [264 bytes]
|<4>| HSK[0x1614570]: sending finished
|<4>| HSK[0x1614570]: FINISHED was queued [36 bytes]
|<5>| REC[0x1614570]: Preparing Packet Handshake(22) with length: 6 and min pad: 0
|<5>| REC[0x1614570]: Sent Packet[1] Handshake(22) in epoch 1 and length: 28
|<5>| REC[0x1614570]: Preparing Packet Handshake(22) with length: 874 and min pad: 0
|<5>| REC[0x1614570]: Sent Packet[2] Handshake(22) in epoch 1 and length: 896
|<5>| REC[0x1614570]: Preparing Packet Handshake(22) with length: 264 and min pad: 0
|<5>| REC[0x1614570]: Sent Packet[3] Handshake(22) in epoch 1 and length: 286
|<5>| REC[0x1614570]: Preparing Packet Handshake(22) with length: 36 and min pad: 0
|<5>| REC[0x1614570]: Sent Packet[4] Handshake(22) in epoch 1 and length: 58
|<3>| ASSERT: buffers.c[get_last_packet]:1169
|<5>| REC[0x1614570]: SSL 3.3 Application Data packet received. Epoch 1, length: 53
|<5>| REC[0x1614570]: Expected Packet Handshake(22)
|<5>| REC[0x1614570]: Received Packet Application Data(23) with length: 53
|<5>| REC[0x1614570]: Decrypted Packet[0] Handshake(22) with length: 36
|<4>| HSK[0x1614570]: FINISHED (20) was received. Length 32[32], frag offset 0, frag length: 32, sequence: 0
|<4>| HSK[0x1614570]: parsing finished
|<3>| ASSERT: constate.c[_gnutls_epoch_get]:824
|<5>| REC[0x1614570]: Allocating epoch #2
|<5>| REC[0x1614570]: Initializing epoch #2
|<5>| REC[0x1614570]: Epoch #2 ready
|<4>| HSK[0x1614570]: TLS 1.3 re-key with cipher suite: GNUTLS_AES_128_GCM_SHA256
|<4>| HSK[0x1614570]: NEW SESSION TICKET was queued [199 bytes]
|<5>| REC[0x1614570]: Preparing Packet Handshake(22) with length: 199 and min pad: 0
|<5>| REC[0x1614570]: Sent Packet[1] Handshake(22) in epoch 2 and length: 221
|<5>| REC[0x1614570]: Start of epoch cleanup
|<5>| REC[0x1614570]: Epoch #0 freed
|<5>| REC[0x1614570]: Epoch #1 freed
|<5>| REC[0x1614570]: End of epoch cleanup
- Description: (TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(AES-128-GCM)
- Session ID: 77:16:79:B8:7B:B9:9B:42:5F:87:93:17:EB:62:29:C2:2D:48:F0:63:A8:FF:64:A9:40:72:3C:3C:E8:3B:38:89
|<3>| ASSERT: server_name.c[gnutls_server_name_get]:235
No certificates found!
- Ephemeral EC Diffie-Hellman parameters
- Using curve: SECP256R1
- Curve size: 256 bits
- Version: TLS1.3
- Key Exchange: ECDHE-RSA
- Server Signature: RSA-PSS-RSAE-SHA256
- Cipher: AES-128-GCM
- MAC: AEAD
|<3>| ASSERT: ocsp-api.c[gnutls_ocsp_status_request_get2]:99
|<3>| ASSERT: ocsp-api.c[gnutls_ocsp_status_request_is_checked]:627
- Options: safe renegotiation,
|<3>| ASSERT: srtp.c[gnutls_srtp_get_selected_profile]:320
|<3>| ASSERT: alpn.c[gnutls_alpn_get_selected_protocol]:255
- Channel binding 'tls-unique':
|<3>| ASSERT: buffers.c[_gnutls_io_read_buffered]:589
|<3>| ASSERT: record.c[_gnutls_recv_int]:1569
|<5>| REC[0x1614570]: SSL 3.3 Application Data packet received. Epoch 2, length: 35
|<5>| REC[0x1614570]: Expected Packet Application Data(23)
|<5>| REC[0x1614570]: Received Packet Application Data(23) with length: 35
|<5>| REC[0x1614570]: Decrypted Packet[0] Application Data(23) with length: 18
|<3>| ASSERT: server_name.c[gnutls_server_name_get]:235
|<5>| REC[0x1614570]: Preparing Packet Application Data(23) with length: 808 and min pad: 0
|<5>| REC[0x1614570]: Sent Packet[2] Application Data(23) in epoch 2 and length: 830
|<3>| ASSERT: buffers.c[_gnutls_io_write_flush]:696
|<5>| REC: Sending Alert[1|0] - Close notify
|<5>| REC[0x1614570]: Preparing Packet Alert(21) with length: 2 and min pad: 0
|<5>| REC[0x1614570]: Sent Packet[3] Alert(21) in epoch 2 and length: 24
|<5>| REC[0x1614570]: Start of epoch cleanup
|<5>| REC[0x1614570]: End of epoch cleanup
|<5>| REC[0x1614570]: Epoch #2 freed
Expected results:
handshake successful, no failing cases in the script