0

I have a working configuration of 802.1X authentification on my switch. The radius server is a freeradius instance with EAP-TLS configured. Everything works fine on linux (and android devices), but when I try to hook up a windows 10 pc I'm getting a strange error from the freeradius server:

<...>
Debug: eap_tls: Continuing EAP-TLS
Debug: eap_tls: Peer sent flags --L
Debug: eap_tls: Peer indicated complete TLS record size will be 174 bytes
Debug: eap_tls: Got complete TLS record (174 bytes)
Debug: eap_tls: [eaptls verify] = length included
Debug: eap_tls: (other): before/accept initialization
Debug: eap_tls: TLS_accept: before/accept initialization
Debug: Ignoring cbtls_msg call with pseudo content type 256, version 0
Debug: eap_tls: <<< recv TLS 1.2  [length 00a9]
Debug: Ignoring cbtls_msg call with pseudo content type 256, version 0
Debug: eap_tls: >>> send TLS 1.2  [length 0002]
ERROR: eap_tls: TLS Alert write:fatal:handshake failure
Error: tls: TLS_accept: Error in error
Error: tls: TLS_accept: Error in error
ERROR: eap_tls: Failed in __FUNCTION__ (SSL_read): s3_srvr.c[1418]:error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
ERROR: eap_tls: System call (I/O) error (-1)
ERROR: eap_tls: TLS receive handshake failed during operation
ERROR: eap_tls: [eaptls process] = fail
<...>

So, look like no shared cipher. Now, to the strange part.

TLSv1.2 is used, when the server replies to a client-hello message, it picks a single cipher suite and other variable configuration parameters. When a linux system is connecting, these parameters are: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, null compression, ECDHE curve secp384r1, signature algorithm SHA512+ECDSA.

The interesting part is that this configuration is offered/supported by the windows system (in client-hello), but the radius server fails with no shared cipher. Only difference between these hellos are tls extensions: ocsp stampling, session tickets, extended master secret and renegotiation (all from the windows system, see below).

Is this possible that some of these extensions causes the freeradius (and openssl) replying with no shared cipher?

Here is the client-hello packet from the windows system. Right after this packet the NAS replies with failure.

SSL Record Layer: Handshake Protocol: Client Hello
    Content Type: Handshake (22)
    Version: TLS 1.2 (0x0303)
    Length: 169
    Handshake Protocol: Client Hello
        Handshake Type: Client Hello (1)
        Length: 165
        Version: TLS 1.2 (0x0303)
        Random
            GMT Unix Time: Oct 12, 2016 22:32:27.000000000 MSK
            Random Bytes: cfee7182be38061f0202a3b3ec374724eec7a7eea20270ad...
        Session ID Length: 0
        Cipher Suites Length: 60
        Cipher Suites (30 suites)
            Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)
            Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
            Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
            Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
            Cipher Suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009f)
            Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e)
            Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024)
            Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)
            Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
            Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
            Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
            Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
            Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
            Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
            Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
            Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
            Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)
            Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
            Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)
            Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
            Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
            Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
            Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
            Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (0x006a)
            Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (0x0040)
            Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)
            Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
            Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)
            Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005)
            Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004)
        Compression Methods Length: 1
        Compression Methods (1 method)
            Compression Method: null (0)
        Extensions Length: 64
        Extension: status_request
            Type: status_request (0x0005)
            Length: 5
            Certificate Status Type: OCSP (1)
            Responder ID list Length: 0
            Request Extensions Length: 0
        Extension: elliptic_curves
            Type: elliptic_curves (0x000a)
            Length: 8
            Elliptic Curves Length: 6
            Elliptic curves (3 curves)
                Elliptic curve: Unknown (0x001d)
                Elliptic curve: secp256r1 (0x0017)
                Elliptic curve: secp384r1 (0x0018)
        Extension: ec_point_formats
            Type: ec_point_formats (0x000b)
            Length: 2
            EC point formats Length: 1
            Elliptic curves point formats (1)
                EC point format: uncompressed (0)
        Extension: signature_algorithms
            Type: signature_algorithms (0x000d)
            Length: 20
            Signature Hash Algorithms Length: 18
            Signature Hash Algorithms (9 algorithms)
                Signature Hash Algorithm: 0x0401
                    Signature Hash Algorithm Hash: SHA256 (4)
                    Signature Hash Algorithm Signature: RSA (1)
                Signature Hash Algorithm: 0x0501
                    Signature Hash Algorithm Hash: SHA384 (5)
                    Signature Hash Algorithm Signature: RSA (1)
                Signature Hash Algorithm: 0x0201
                    Signature Hash Algorithm Hash: SHA1 (2)
                    Signature Hash Algorithm Signature: RSA (1)
                Signature Hash Algorithm: 0x0403
                    Signature Hash Algorithm Hash: SHA256 (4)
                    Signature Hash Algorithm Signature: ECDSA (3)
                Signature Hash Algorithm: 0x0503
                    Signature Hash Algorithm Hash: SHA384 (5)
                    Signature Hash Algorithm Signature: ECDSA (3)
                Signature Hash Algorithm: 0x0203
                    Signature Hash Algorithm Hash: SHA1 (2)
                    Signature Hash Algorithm Signature: ECDSA (3)
                Signature Hash Algorithm: 0x0202
                    Signature Hash Algorithm Hash: SHA1 (2)
                    Signature Hash Algorithm Signature: DSA (2)
                Signature Hash Algorithm: 0x0601
                    Signature Hash Algorithm Hash: SHA512 (6)
                    Signature Hash Algorithm Signature: RSA (1)
                Signature Hash Algorithm: 0x0603
                    Signature Hash Algorithm Hash: SHA512 (6)
                    Signature Hash Algorithm Signature: ECDSA (3)
        Extension: SessionTicket TLS
            Type: SessionTicket TLS (0x0023)
            Length: 0
            Data (0 bytes)
        Extension: Extended Master Secret
            Type: Extended Master Secret (0x0017)
            Length: 0
        Extension: renegotiation_info
            Type: renegotiation_info (0xff01)
            Length: 1
            Renegotiation Info extension
                Renegotiation info extension length: 0

Here is the client-hello from a linux system (working without problems):

SSL Record Layer: Handshake Protocol: Client Hello
    Content Type: Handshake (22)
    Version: TLS 1.0 (0x0301)
    Length: 293
    Handshake Protocol: Client Hello
        Handshake Type: Client Hello (1)
        Length: 289
        Version: TLS 1.2 (0x0303)
        Random
            GMT Unix Time: May 18, 2087 18:43:39.000000000 MSK
            Random Bytes: a8052b4f8ba5439503d03da61ea2eaad449c9c3a3e9f2ac6...
        Session ID Length: 0
        Cipher Suites Length: 172
        Cipher Suites (86 suites)
            Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
            Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)
            Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
            Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024)
            Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
            Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
            Cipher Suite: TLS_DH_DSS_WITH_AES_256_GCM_SHA384 (0x00a5)
            Cipher Suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 (0x00a3)
            Cipher Suite: TLS_DH_RSA_WITH_AES_256_GCM_SHA384 (0x00a1)
            Cipher Suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009f)
            Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006b)
            Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (0x006a)
            Cipher Suite: TLS_DH_RSA_WITH_AES_256_CBC_SHA256 (0x0069)
            Cipher Suite: TLS_DH_DSS_WITH_AES_256_CBC_SHA256 (0x0068)
            Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
            Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)
            Cipher Suite: TLS_DH_RSA_WITH_AES_256_CBC_SHA (0x0037)
            Cipher Suite: TLS_DH_DSS_WITH_AES_256_CBC_SHA (0x0036)
            Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0088)
            Cipher Suite: TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA (0x0087)
            Cipher Suite: TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0086)
            Cipher Suite: TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA (0x0085)
            Cipher Suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 (0xc032)
            Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02e)
            Cipher Suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 (0xc02a)
            Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 (0xc026)
            Cipher Suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA (0xc00f)
            Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA (0xc005)
            Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)
            Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)
            Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
            Cipher Suite: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0084)
            Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
            Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
            Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
            Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)
            Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
            Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
            Cipher Suite: TLS_DH_DSS_WITH_AES_128_GCM_SHA256 (0x00a4)
            Cipher Suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 (0x00a2)
            Cipher Suite: TLS_DH_RSA_WITH_AES_128_GCM_SHA256 (0x00a0)
            Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e)
            Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067)
            Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (0x0040)
            Cipher Suite: TLS_DH_RSA_WITH_AES_128_CBC_SHA256 (0x003f)
            Cipher Suite: TLS_DH_DSS_WITH_AES_128_CBC_SHA256 (0x003e)
            Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
            Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
            Cipher Suite: TLS_DH_RSA_WITH_AES_128_CBC_SHA (0x0031)
            Cipher Suite: TLS_DH_DSS_WITH_AES_128_CBC_SHA (0x0030)
            Cipher Suite: TLS_DHE_RSA_WITH_SEED_CBC_SHA (0x009a)
            Cipher Suite: TLS_DHE_DSS_WITH_SEED_CBC_SHA (0x0099)
            Cipher Suite: TLS_DH_RSA_WITH_SEED_CBC_SHA (0x0098)
            Cipher Suite: TLS_DH_DSS_WITH_SEED_CBC_SHA (0x0097)
            Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0045)
            Cipher Suite: TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA (0x0044)
            Cipher Suite: TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0043)
            Cipher Suite: TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA (0x0042)
            Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 (0xc031)
            Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02d)
            Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 (0xc029)
            Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 (0xc025)
            Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e)
            Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004)
            Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
            Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
            Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
            Cipher Suite: TLS_RSA_WITH_SEED_CBC_SHA (0x0096)
            Cipher Suite: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0041)
            Cipher Suite: TLS_RSA_WITH_IDEA_CBC_SHA (0x0007)
            Cipher Suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011)
            Cipher Suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA (0xc007)
            Cipher Suite: TLS_ECDH_RSA_WITH_RC4_128_SHA (0xc00c)
            Cipher Suite: TLS_ECDH_ECDSA_WITH_RC4_128_SHA (0xc002)
            Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005)
            Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004)
            Cipher Suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012)
            Cipher Suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008)
            Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
            Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)
            Cipher Suite: TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA (0x0010)
            Cipher Suite: TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA (0x000d)
            Cipher Suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA (0xc00d)
            Cipher Suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc003)
            Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
            Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
        Compression Methods Length: 1
        Compression Methods (1 method)
            Compression Method: null (0)
        Extensions Length: 76
        Extension: ec_point_formats
            Type: ec_point_formats (0x000b)
            Length: 4
            EC point formats Length: 3
            Elliptic curves point formats (3)
                EC point format: uncompressed (0)
                EC point format: ansiX962_compressed_prime (1)
                EC point format: ansiX962_compressed_char2 (2)
        Extension: elliptic_curves
            Type: elliptic_curves (0x000a)
            Length: 28
            Elliptic Curves Length: 26
            Elliptic curves (13 curves)
                Elliptic curve: secp256r1 (0x0017)
                Elliptic curve: secp521r1 (0x0019)
                Elliptic curve: brainpoolP512r1 (0x001c)
                Elliptic curve: brainpoolP384r1 (0x001b)
                Elliptic curve: secp384r1 (0x0018)
                Elliptic curve: brainpoolP256r1 (0x001a)
                Elliptic curve: secp256k1 (0x0016)
                Elliptic curve: sect571r1 (0x000e)
                Elliptic curve: sect571k1 (0x000d)
                Elliptic curve: sect409k1 (0x000b)
                Elliptic curve: sect409r1 (0x000c)
                Elliptic curve: sect283k1 (0x0009)
                Elliptic curve: sect283r1 (0x000a)
        Extension: signature_algorithms
            Type: signature_algorithms (0x000d)
            Length: 32
            Signature Hash Algorithms Length: 30
            Signature Hash Algorithms (15 algorithms)
                Signature Hash Algorithm: 0x0601
                    Signature Hash Algorithm Hash: SHA512 (6)
                    Signature Hash Algorithm Signature: RSA (1)
                Signature Hash Algorithm: 0x0602
                    Signature Hash Algorithm Hash: SHA512 (6)
                    Signature Hash Algorithm Signature: DSA (2)
                Signature Hash Algorithm: 0x0603
                    Signature Hash Algorithm Hash: SHA512 (6)
                    Signature Hash Algorithm Signature: ECDSA (3)
                Signature Hash Algorithm: 0x0501
                    Signature Hash Algorithm Hash: SHA384 (5)
                    Signature Hash Algorithm Signature: RSA (1)
                Signature Hash Algorithm: 0x0502
                    Signature Hash Algorithm Hash: SHA384 (5)
                    Signature Hash Algorithm Signature: DSA (2)
                Signature Hash Algorithm: 0x0503
                    Signature Hash Algorithm Hash: SHA384 (5)
                    Signature Hash Algorithm Signature: ECDSA (3)
                Signature Hash Algorithm: 0x0401
                    Signature Hash Algorithm Hash: SHA256 (4)
                    Signature Hash Algorithm Signature: RSA (1)
                Signature Hash Algorithm: 0x0402
                    Signature Hash Algorithm Hash: SHA256 (4)
                    Signature Hash Algorithm Signature: DSA (2)
                Signature Hash Algorithm: 0x0403
                    Signature Hash Algorithm Hash: SHA256 (4)
                    Signature Hash Algorithm Signature: ECDSA (3)
                Signature Hash Algorithm: 0x0301
                    Signature Hash Algorithm Hash: SHA224 (3)
                    Signature Hash Algorithm Signature: RSA (1)
                Signature Hash Algorithm: 0x0302
                    Signature Hash Algorithm Hash: SHA224 (3)
                    Signature Hash Algorithm Signature: DSA (2)
                Signature Hash Algorithm: 0x0303
                    Signature Hash Algorithm Hash: SHA224 (3)
                    Signature Hash Algorithm Signature: ECDSA (3)
                Signature Hash Algorithm: 0x0201
                    Signature Hash Algorithm Hash: SHA1 (2)
                    Signature Hash Algorithm Signature: RSA (1)
                Signature Hash Algorithm: 0x0202
                    Signature Hash Algorithm Hash: SHA1 (2)
                    Signature Hash Algorithm Signature: DSA (2)
                Signature Hash Algorithm: 0x0203
                    Signature Hash Algorithm Hash: SHA1 (2)
                    Signature Hash Algorithm Signature: ECDSA (3)

The server-hello for the linux system (with the negotiated parameters):

Version: 802.1X-2001 (1)
Type: EAP Packet (0)
Length: 558
Extensible Authentication Protocol
    Code: Request (1)
    Id: 183
    Length: 558
    Type: TLS EAP (EAP-TLS) (13)
    EAP-TLS Flags: 0x80
        1... .... = Length Included: True
        .0.. .... = More Fragments: False
        ..0. .... = Start: False
    EAP-TLS Length: 1562
    [2 EAP-TLS Fragments (1562 bytes): #6(1014), #8(548)]
        [Frame: 6, payload: 0-1013 (1014 bytes)]
        [Frame: 8, payload: 1014-1561 (548 bytes)]
        [Fragment Count: 2]
        [Reassembled EAP-TLS Length: 1562]
    Secure Sockets Layer
        TLSv1.2 Record Layer: Handshake Protocol: Server Hello
            Content Type: Handshake (22)
            Version: TLS 1.2 (0x0303)
            Length: 57
            Handshake Protocol: Server Hello
                Handshake Type: Server Hello (2)
                Length: 53
                Version: TLS 1.2 (0x0303)
                Random
                    GMT Unix Time: Jun 23, 2069 22:43:44.000000000 MSK
                    Random Bytes: f55c140ff16bab468b8f5d2f21e3cc8237090f9eebf23476...
                Session ID Length: 0
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)
                Compression Method: null (0)
                Extensions Length: 13
                Extension: renegotiation_info
                    Type: renegotiation_info (0xff01)
                    Length: 1
                    Renegotiation Info extension
                        Renegotiation info extension length: 0
                Extension: ec_point_formats
                    Type: ec_point_formats (0x000b)
                    Length: 4
                    EC point formats Length: 3
                    Elliptic curves point formats (3)
                        EC point format: uncompressed (0)
                        EC point format: ansiX962_compressed_prime (1)
                        EC point format: ansiX962_compressed_char2 (2)
        TLSv1.2 Record Layer: Handshake Protocol: Certificate
            Content Type: Handshake (22)
            Version: TLS 1.2 (0x0303)
            Length: 1155
            Handshake Protocol: Certificate
                Handshake Type: Certificate (11)
                Length: 1151
                Certificates Length: 1148
                Certificates (1148 bytes)
                    REDACTED
        TLSv1.2 Record Layer: Handshake Protocol: Server Key Exchange
            Content Type: Handshake (22)
            Version: TLS 1.2 (0x0303)
            Length: 247
            Handshake Protocol: Server Key Exchange
                Handshake Type: Server Key Exchange (12)
                Length: 243
                EC Diffie-Hellman Server Params
                    Curve Type: named_curve (0x03)
                    Named Curve: secp384r1 (0x0018)
                    Pubkey Length: 97
                    Pubkey: 0409c1e40a860e38d72cc95fe4bed9bc01b2874f79fa74d3...
                    Signature Hash Algorithm: 0x0603
                        Signature Hash Algorithm Hash: SHA512 (6)
                        Signature Hash Algorithm Signature: ECDSA (3)
                    Signature Length: 138
                    Signature: 30818702414f82bf2dc1f20e19ca281784a1023607d4ae4f...
        TLSv1.2 Record Layer: Handshake Protocol: Multiple Handshake Messages
            Content Type: Handshake (22)
            Version: TLS 1.2 (0x0303)
            Length: 83
            Handshake Protocol: Certificate Request
                Handshake Type: Certificate Request (13)
                Length: 75
                Certificate types count: 3
                Certificate types (3 types)
                    Certificate type: RSA Sign (1)
                    Certificate type: DSS Sign (2)
                    Certificate type: ECDSA Sign (64)
                Signature Hash Algorithms Length: 30
                Signature Hash Algorithms (15 algorithms)
                    Signature Hash Algorithm: 0x0601
                        Signature Hash Algorithm Hash: SHA512 (6)
                        Signature Hash Algorithm Signature: RSA (1)
                    Signature Hash Algorithm: 0x0602
                        Signature Hash Algorithm Hash: SHA512 (6)
                        Signature Hash Algorithm Signature: DSA (2)
                    Signature Hash Algorithm: 0x0603
                        Signature Hash Algorithm Hash: SHA512 (6)
                        Signature Hash Algorithm Signature: ECDSA (3)
                    Signature Hash Algorithm: 0x0501
                        Signature Hash Algorithm Hash: SHA384 (5)
                        Signature Hash Algorithm Signature: RSA (1)
                    Signature Hash Algorithm: 0x0502
                        Signature Hash Algorithm Hash: SHA384 (5)
                        Signature Hash Algorithm Signature: DSA (2)
                    Signature Hash Algorithm: 0x0503
                        Signature Hash Algorithm Hash: SHA384 (5)
                        Signature Hash Algorithm Signature: ECDSA (3)
                    Signature Hash Algorithm: 0x0401
                        Signature Hash Algorithm Hash: SHA256 (4)
                        Signature Hash Algorithm Signature: RSA (1)
                    Signature Hash Algorithm: 0x0402
                        Signature Hash Algorithm Hash: SHA256 (4)
                        Signature Hash Algorithm Signature: DSA (2)
                    Signature Hash Algorithm: 0x0403
                        Signature Hash Algorithm Hash: SHA256 (4)
                        Signature Hash Algorithm Signature: ECDSA (3)
                    Signature Hash Algorithm: 0x0301
                        Signature Hash Algorithm Hash: SHA224 (3)
                        Signature Hash Algorithm Signature: RSA (1)
                    Signature Hash Algorithm: 0x0302
                        Signature Hash Algorithm Hash: SHA224 (3)
                        Signature Hash Algorithm Signature: DSA (2)
                    Signature Hash Algorithm: 0x0303
                        Signature Hash Algorithm Hash: SHA224 (3)
                        Signature Hash Algorithm Signature: ECDSA (3)
                    Signature Hash Algorithm: 0x0201
                        Signature Hash Algorithm Hash: SHA1 (2)
                        Signature Hash Algorithm Signature: RSA (1)
                    Signature Hash Algorithm: 0x0202
                        Signature Hash Algorithm Hash: SHA1 (2)
                        Signature Hash Algorithm Signature: DSA (2)
                    Signature Hash Algorithm: 0x0203
                        Signature Hash Algorithm Hash: SHA1 (2)
                        Signature Hash Algorithm Signature: ECDSA (3)
                Distinguished Names Length: 37
                    REDACTED
            Handshake Protocol: Server Hello Done
                Handshake Type: Server Hello Done (14)
                Length: 0
2
  • why in client hello from linux machine different versions of TLS are shown in same request .. some thing wrong Commented Oct 21, 2016 at 9:01
  • @8zero2.ops Yes, I noticed this too; the linux setup is working though, while windows tls numbers are more consistent but whole transaction is not working. Commented Oct 21, 2016 at 10:06

1 Answer 1

0

Out of the 3 extensions mentionned in the Client Hello, the Extended Master Secret seems to be the most likely cause. It is a "new" extension of TLS to help cope with MITM attack attempts.

You can sure try to disable the Extended Master Secret extention in Windows, by adding a DWORD value to the following key: [HKLM\System\CurrentControlSet\Control\SecurityProviders\Schannel]

If your Windows machine is the client, you add:

REG_DWORD : DisableClientExtendedMasterSecret = 1

If your Windows machine is the server, you add:

REG_DWORD : DisableServerExtendedMasterSecret = 1

No need to restart the machine, it is taken into account for all the TLE connections that occur from this point on.

I had to disable it in order to be able to use BMC TrueSight to decrypt trafic on the wire and analyze user experience on an SSL connection. The OpenSSL version of BMC TrueSight was too old, it is only supported starting at OpenSSL 1.1.10. It is also supported on Android and iPhones.

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .