Re: Net::SSLeay and secure renegotiation

Replies are listed 'Best First'.
Re^2: Net::SSLeay and secure renegotiation by iThunder (Beadle) on Dec 11, 2016 at 10:08 UTC
#!/usr/bin/perl -w use Socket; use strict; use Net::SSLeay qw(die_now die_if_ssl_error copy_session_id); Net::SSLeay::load_error_strings(); Net::SSLeay::SSLeay_add_ssl_algorithms(); Net::SSLeay::randomize(); my ($res,$got); my $msg = "GET / HTTP/1.0"; my $dest_ip = 1.1.1.115; my $dest_serv_params = sockaddr_in( 443, $dest_ip ); socket( S, &AF_INET, &SOCK_STREAM, 0 ) or die "socket: $!"; connect( S, $dest_serv_params ) or die "connect: $!"; my $ctx = Net::SSLeay::CTX_new() or die_now("Cannot create SSL_CTX $!" +); Net::SSLeay::CTX_set_options($ctx,$Net::SSLeay::ssl_version = 2) and d +ie_if_ssl_error("ssl ctx set options"); Net::SSLeay::CTX_set_cipher_list($ctx,'ALL'); my $ssl1 = Net::SSLeay::new($ctx) or die_now("Cannot create SSL #1 $!" +); Net::SSLeay::set_fd( $ssl1, fileno(S) ); Net::SSLeay::renegotiate($ssl1); $res = Net::SSLeay::connect($ssl1) and die_if_ssl_error("ssl connect") +; $res = Net::SSLeay::write( $ssl1, $msg . "\n\n" ); die_if_ssl_error("ssl write"); $got = Net::SSLeay::read($ssl1); die_if_ssl_error("ssl read"); print $got; close S; [download]	[reply] [d/l]
Re^3: Net::SSLeay and secure renegotiation by noxxi (Pilgrim) on Dec 11, 2016 at 20:48 UTC
`> Net::SSLeay::CTX_set_options($ctx,$Net::SSLeay::ssl_version = 2) ..` [download] This line makes no sense for me. Could you explain what you are trying to do here? Apart from that TLS_EMPTY_RENEGOTIATION_INFO_SCSV will not be set by calling renegotiate. Instead this pseudo cipher is included in the initial handshake (ClientHello) and signals to the server that secure renegotiation is supported. Could you explain what you are actually trying to achieve by attempting to set TLS_EMPTY_RENEGOTIATION_INFO_SCSV?	[reply] [d/l]
Re^4: Net::SSLeay and secure renegotiation by iThunder (Beadle) on Dec 11, 2016 at 23:45 UTC
With that line, i am forcing SSLv2 to be wrapper for client hello I need to test server behavior when TLS_EMPTY_RENEGOTIATION_INFO_SCSV is set/included in client hello.	[reply]
Re^5: Net::SSLeay and secure renegotiation by noxxi (Pilgrim) on Dec 12, 2016 at 07:29 UTC
Re^6: Net::SSLeay and secure renegotiation by iThunder (Beadle) on Dec 13, 2016 at 04:49 UTC
Some notes below your chosen depth have not been shown here
Re^4: Net::SSLeay and secure renegotiation by afoken (Chancellor) on Dec 16, 2016 at 20:37 UTC
`Net::SSLeay::CTX_set_options($ctx,$Net::SSLeay::ssl_version = 2)` If that's not a copy and paste error that should read `Net::SSLeay::CTX_set_options($ctx,$Net::SSLeay::ssl_version => 2)`, this is what will happen: `$Net::SSLeay::ssl_version = 2; # oops! Net::SSLeay::CTX_set_options($ctx, 2);` [download] Alexander -- Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)	[reply] [d/l] [select]