dmesg shows segfaults in openssl.Linux.x86_64 " ... error 14 in openssl.Linux.x86_64[400000+3b9000] likely on CPU 0 (core 0, socket 0)"

[sanderjo]

Version:

  testssl.sh version 3.2rc3 from https://testssl.sh/dev/
  (b5ad5bd 2024-12-06 15:03:47)

  Using OpenSSL 1.0.2-bad   [~179 ciphers]
  on zwarte:./bin/openssl.Linux.x86_64

When running testssl against my local (=on same machine) webserver (cherrypy/cheroot, with self-signed certificate), testssl shows a bad grade (as expected), but the interesting part: dmesg shows segfaults in openssl.Linux.x86_64. It happens quite early in the testssl process

Test 2

When I run testssl against a lookalike webserver (cherrypy/cheroot, with self-signed certificate) on another machine on my LAN, the same dmesg errors occur on the machine running testssl (no messages on the remote machine).

So it's a thing on the machine running testssl?

Test 3

Ah, interesting: Based on #1934 (comment)

No demsg segfaults with `./testssl.sh --openssl=/usr/bin/openssl 127.0.0.1:8080

  Using OpenSSL 3.0.13 30 Jan 2024  [~94 ciphers]
  on zwarte:/usr/bin/openssl

`

So:

• is this OK / expected??
• is this a thing in the openssl provided by testssl?

Ubuntu 24.04, fully updated.

Looks a bit like #1275

[Sun Dec 29 21:36:02 2024] openssl.Linux.x[5546]: segfault at 2a060 ip 000000000002a060 sp 00007ffe5177c4c8 error 14 in openssl.Linux.x86_64[400000+3b9000] likely on CPU 0 (core 0, socket 0)
[Sun Dec 29 21:36:02 2024] Code: Unable to access opcode bytes at 0x2a036.
[Sun Dec 29 21:36:03 2024] openssl.Linux.x[5556]: segfault at 2a060 ip 000000000002a060 sp 00007fff3a82dbd8 error 14 in openssl.Linux.x86_64[400000+3b9000] likely on CPU 3 (core 1, socket 0)
[Sun Dec 29 21:36:03 2024] Code: Unable to access opcode bytes at 0x2a036.
[Sun Dec 29 21:36:04 2024] openssl.Linux.x[5564]: segfault at 2a060 ip 000000000002a060 sp 00007ffcb60cbbf8 error 14 in openssl.Linux.x86_64[400000+3b9000] likely on CPU 0 (core 0, socket 0)
[Sun Dec 29 21:36:04 2024] Code: Unable to access opcode bytes at 0x2a036.
[Sun Dec 29 21:36:05 2024] openssl.Linux.x[5573]: segfault at 2a060 ip 000000000002a060 sp 00007fff822d0588 error 14 in openssl.Linux.x86_64[400000+3b9000] likely on CPU 2 (core 0, socket 0)
[Sun Dec 29 21:36:05 2024] Code: Unable to access opcode bytes at 0x2a036.
[Sun Dec 29 21:36:07 2024] openssl.Linux.x[5581]: segfault at 2a060 ip 000000000002a060 sp 00007fff841846a8 error 14 in openssl.Linux.x86_64[400000+3b9000] likely on CPU 1 (core 1, socket 0)
[Sun Dec 29 21:36:07 2024] Code: Unable to access opcode bytes at 0x2a036.
[Sun Dec 29 21:36:08 2024] openssl.Linux.x[5591]: segfault at 2a060 ip 000000000002a060 sp 00007ffe67810128 error 14 in openssl.Linux.x86_64[400000+3b9000] likely on CPU 3 (core 1, socket 0)
[Sun Dec 29 21:36:08 2024] Code: Unable to access opcode bytes at 0x2a036.
[Sun Dec 29 21:36:09 2024] openssl.Linux.x[5614]: segfault at 2a060 ip 000000000002a060 sp 00007ffdfcaf9ad8 error 14 in openssl.Linux.x86_64[400000+3b9000] likely on CPU 3 (core 1, socket 0)
[Sun Dec 29 21:36:09 2024] Code: Unable to access opcode bytes at 0x2a036.

[drwetter]

Hi,

yes, it is still a thing some under some distributions / constellations. Personally I wasn't able to reproduce that but there are other issues filed here. Don't know whether yours is related.

Atm it's better to use the version from your vendor or just compile the one this project uses for yourself. There's no difference in the result though.

What puzzles me that you weren't getting any segfaults on the terminal?

[sanderjo]

Atm it's better to use the version from your vendor or just compile the one this project uses for yourself. There's no difference in the result though.

Thanks

sander@zwarte:~/git/testssl.sh$ ./testssl.sh --openssl=../openssl-1.0.2.bad/apps/openssl 127.0.0.1:8080

...
  Using OpenSSL 1.0.2-bad   [~183 ciphers]
  on zwarte:../openssl-1.0.2.bad/apps/openssl

... works ... no dmesg segfaults!

What puzzles me that you weren't getting any segfaults on the terminal?

No, nothing in the testssl terminal with the plain ./testssl.sh 127.0.0.1:8080

[drwetter]

... works ... no dmesg segfaults!

Cool! How did you compile it, statically or dynamically?

No, nothing in the testssl terminal with the plain ./testssl.sh 127.0.0.1:8080

Reason why I asked is, It would be great to know where the segfaults occurred. Could you do like script -a mydebug.script -c "SETX=true bash -x testssl.sh 127.0.0.1:8080" and have a look which are the commands which cause problems?

[sanderjo]

Cool! How did you compile it, statically or dynamically?

Just

./config
make

result

sander@zwarte:~/git/testssl.sh$ file ../openssl-1.0.2.bad/apps/openssl
../openssl-1.0.2.bad/apps/openssl: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=48838e2834586496dda71dda8b8d132af9316901, for GNU/Linux 3.2.0, not stripped

[sanderjo]

Reason why I asked is, It would be great to know where the segfaults occurred. Could you do like script -a mydebug.script -c "SETX=true bash -x testssl.sh 127.0.0.1:8080" and have a look which are the commands which cause problems?

That results in a 30MB file, without "segfault" in it. What should I look at? Or should I upload it somewhere?

Notes:

• dmesg does show the mentioned errors, with time and PID. But I cannot correlate with mydebug.script.
• The dmesg segfaults happen in a very early stage of running testssl.sh

sander@zwarte:~/git/testssl.sh$ wc mydebug.script 
  368290  2058455 30543618 mydebug.script
sander@zwarte:~/git/testssl.sh$ cat mydebug.script | grep -i segfault

[sanderjo]

As said earlier: the demsg segfaults happen immediatly after starting testssl.sh

When I start with time ./testssl.sh --protocols 127.0.0.1:8080, they already happen before there is any output from testssl.sh itself. So in the first two or three seconds.

[drwetter]

The dmesg segfaults happen in a very early stage of running testssl.sh

I sense a DNS problem. Strange that the debug output is empty.

Weak try: ./testssl.sh --debug=1 --protocols 127.0.0.1:8080 and then grep for segfault in the created /tmp/testssl*-dir doesn't give a clue either?

[sanderjo]

BTW: Can I still say "Guten Rutsch", or am I too late for that?

I did this:

./testssl.sh --debug=1 --protocols  127.0.0.1:8080
./testssl.sh --debug=1 --protocols  localhost:8080

Both generate segfaults in dmesg.

Directories are there, with a lot of files in there.

sander@zwarte:~/git/testssl.sh$ ll /tmp/ | grep -i testssl
drwx------  2 sander sander  4096 Jan  1 21:40 testssl.euC5te/
drwx------  2 sander sander  4096 Jan  1 21:41 testssl.GpIG9I/
sander@zwarte:~/git/testssl.sh$ 

But nothing if I search on these words:

sander@zwarte:~/git/testssl.sh$ grep -irn -e segfault -e segment -e fault /tmp/testssl.*/* | grep -vi default
Am I doing this correct?

Note: I don't want to take too much of your time on this, so if you have higher prio's that's OK with me.

[drwetter]

Two last tries:

1. echo | ./bin/openssl.Linux.x86_64 s_client -connect localhost:8080
2. script -a testssl.script -c "./testssl.sh --debug=6 --protocols localhost:8080'"

For the 3.2 release I'd like to recompile the supplied openssl-bad statically and provide it. That's why I'd like to understand what's happening. Similar problems were mostly NSS/DNS related. If it's something else, it would be great to know beforehand.

[sanderjo]

Your try 1:

sander@zwarte:~/git/testssl.sh$ echo | ./bin/openssl.Linux.x86_64 s_client -connect localhost:8080
Error configuring OpenSSL
31467584:error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library:dso_dlfcn.c:187:filename(libproviders.so): libproviders.so: cannot open shared object file: No such file or directory
31467584:error:25070067:DSO support routines:DSO_load:could not load the shared library:dso_lib.c:233:
31467584:error:0E07506E:configuration file routines:MODULE_LOAD_DSO:error loading dso:conf_mod.c:271:module=providers, path=providers
31467584:error:0E076071:configuration file routines:MODULE_RUN:unknown module name:conf_mod.c:212:module=providers
sander@zwarte:~/git/testssl.sh$ 

Seems not good? But ... Nothing in dmesg.

Let's try with the self-compiled openssl-1.0.2.bad (in another directory) ... looks better?

sander@zwarte:~/git/testssl.sh$ echo | ~/git/openssl-1.0.2.bad/apps/openssl s_client -connect localhost:8080
WARNING: can't open config file: /usr/local/ssl/openssl.cnf
CONNECTED(00000003)
depth=0 L = SABnzbd, O = SABnzbd
verify error:num=18:self signed certificate
verify return:1
depth=0 L = SABnzbd, O = SABnzbd
verify return:1
---
Certificate chain
 0 s:/L=SABnzbd/O=SABnzbd
   i:/L=SABnzbd/O=SABnzbd
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDFzCCAf+gAwIBAgIUIsyra+NqFrFK4Nv5GazeLbCKkCcwDQYJKoZIhvcNAQEL
BQAwJDEQMA4GA1UEBwwHU0FCbnpiZDEQMA4GA1UECgwHU0FCbnpiZDAeFw0yNDEy
MTgxNTQxNTVaFw0zNDA5MTcxNTQxNTVaMCQxEDAOBgNVBAcMB1NBQm56YmQxEDAO
BgNVBAoMB1NBQm56YmQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8
MtktKn/QH6I6DIGTeLFRy1iVPDvSn887cb2aEljEy6ZkKbDFbiZp/AOLmCkW8E6O
2PmghBI6GsBrBTRIq6mt016WSEdV3RxB0e/mcg1UXZ1CkyFQHjQpYnT492dkrNXO
SyH2RDCVvr/RKovV7m+WZlPOLRx9SqlJaIC/+V1ALczFh27DjedyjDY+oak2YqCF
VGeBWOIu65j3C/E/ChlLDIn4VfPLnOgK6yUklsIPyD0VjdiXIGEWneG4zFN91tsw
F0yhUFsWPlDNhYvygyzkHOFBQZ65mCndkVLASHeBOdx4GCllUFL4tBQJG9NMLbtk
Hxms6B9I6wa6fiKqaxIVAgMBAAGjQTA/MD0GA1UdEQEB/wQzMDGCCWxvY2FsaG9z
dIIGendhcnRlhwR/AAABhxAAAAAAAAAAAAAAAAAAAAABhwTAqAFmMA0GCSqGSIb3
DQEBCwUAA4IBAQA+1mjiyQrT0dAuWLpJnUPOqzVeTikxSvGN6x2EGs5BV5qxtUjI
35XZKW2v0UdVQ/J734g8ASlKsNOZC1poXXV7go3OpJVCDZ7z4h9vWJ7wBIXdyOIq
GJoHuACJKwKji7TG4dtv210xqhB9oQn9jZmKyej2vGKnYdpuLWfImZpgGqd/ZZfA
Aue9cRS/NqD6S3YT77wCLRkbEo0vOY+8oo+Dxr4QiO3297rtC7ATIvpmhrO+xxov
2SqIAgTxJv123m5qhWtNJDDdj3b88vACZyGJIgVnYx9/FVnHB/T4MIApgX8NdAOi
T6wbp/9c1eMVACVVBax8UQYnf+Mx1uXP4vJd
-----END CERTIFICATE-----
subject=/L=SABnzbd/O=SABnzbd
issuer=/L=SABnzbd/O=SABnzbd
---
No client certificate CA names sent
Peer signing digest: SHA256
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 1449 bytes and written 515 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: B4661919A4FD556722B648798AD6FAE0AB7172CB657BCF959C193DFA378E6AA9
    Session-ID-ctx: 
    Master-Key: 3EA1961BA3AF118879017E3C483313B8F67CB5D95716D6F2EF9E8F1AF301820092ED64D331F4002688AD9C46124BA795
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 7200 (seconds)
    TLS session ticket:
    0000 - 37 20 5b 82 ed 35 cd c8-39 59 98 f6 09 d1 08 0f   7 [..5..9Y......
    0010 - 7d a5 29 b4 e3 58 b0 c9-78 1c bb 8a e0 59 e0 ad   }.)..X..x....Y..
    0020 - 2f a7 7d ea d1 bb 58 1d-e5 41 20 82 8e 75 3b 0c   /.}...X..A ..u;.
    0030 - ed 29 e8 d6 e9 dd 2f e0-16 47 f9 f8 40 b8 98 8b   .)..../..G..@...
    0040 - 0e 76 fb f9 c5 53 10 45-88 e9 50 1b d7 25 6d ad   .v...S.E..P..%m.
    0050 - 30 5c c5 84 a7 68 3d 08-b3 9f 06 54 33 80 45 c1   0\...h=....T3.E.
    0060 - da 71 c6 f3 1d 1d a6 2b-fa 4a b2 fd 2e 89 65 d1   .q.....+.J....e.
    0070 - 91 68 b5 d2 4a df e3 87-66 1c d6 d6 cf df 2a 8c   .h..J...f.....*.
    0080 - a1 f5 ce 3c c8 3e 0c 85-b4 b9 64 3d a1 11 01 b0   ...<.>....d=....
    0090 - c4 8e 1d 9f ee 03 d0 3b-c8 a2 e3 17 18 42 c9 b9   .......;.....B..

    Start Time: 1735908818
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)
---
DONE
sander@zwarte:~/git/testssl.sh$ 

[sanderjo]

Your try 2 (I had to remove the one single-quote ... I hope that's correct). See long output below.

And that generates the segfaults in dmesg.

In /tmp

sander@zwarte:~/git/testssl.sh$ ll /tmp/testssl.fcNODO/
total 1024
drwx------  2 sander sander   4096 Jan  3 13:57 ./
drwxrwxrwt 27 root   root    16384 Jan  3 13:59 ../
-rw-rw-r--  1 sander sander    181 Jan  3 13:57 127.0.0.1.determine_optimal_proto.errorlog
-rw-rw-r--  1 sander sander  10371 Jan  3 13:57 127.0.0.1.determine_optimal_proto.txt
-rw-rw-r--  1 sander sander     34 Jan  3 13:57 127.0.0.1.parse_tls_serverhello.errorlog
-rw-rw-r--  1 sander sander    129 Jan  3 13:57 127.0.0.1.parse_tls_serverhello.txt
-rw-rw-r--  1 sander sander    181 Jan  3 13:57 127.0.0.1.run_alpn.errorlog
-rw-rw-r--  1 sander sander   3086 Jan  3 13:57 127.0.0.1.run_alpn.txt
-rw-rw-r--  1 sander sander    181 Jan  3 13:57 127.0.0.1.run_npn.errorlog
-rw-rw-r--  1 sander sander   3086 Jan  3 13:57 127.0.0.1.run_npn.txt
-rw-rw-r--  1 sander sander    176 Jan  3 13:57 127.0.0.1.service_detection.errorlog
-rw-rw-r--  1 sander sander 910145 Jan  3 13:57 127.0.0.1.service_detection.txt
-rw-------  1 sander sander      7 Jan  3 13:57 127.0.0.1.sslv2_sockets.dd
-rw-------  1 sander sander      7 Jan  3 13:57 127.0.0.1.tls_sockets.dd
-rw-rw-r--  1 sander sander      0 Jan  3 13:57 127.0.0.1.tls_sockets.dd.errorlog
-rw-rw-r--  1 sander sander  17709 Jan  3 13:57 all_local_ciphers.txt
-rw-rw-r--  1 sander sander   3391 Jan  3 13:57 environment.txt
-rw-rw-r--  1 sander sander  12523 Jan  3 13:57 s_client_has2.txt
-rw-rw-r--  1 sander sander   4466 Jan  3 13:57 s_client_has.txt
-rw-rw-r--  1 sander sander    129 Jan  3 13:57 s_client_starttls_has2
-rw-rw-r--  1 sander sander   4445 Jan  3 13:57 s_client_starttls_has.txt

sander@zwarte:~/git/testssl.sh$ script -a testssl.script -c "./testssl.sh --debug=6 --protocols  localhost:8080'"
Script started, output log file is 'testssl.script'.
bash: -c: line 1: unexpected EOF while looking for matching `''
Script done.
sander@zwarte:~/git/testssl.sh$ script -a testssl.script -c "./testssl.sh --debug=6 --protocols  localhost:8080"
Script started, output log file is 'testssl.script'.
do_allciphers          = false
do_vulnerabilities     = false
do_beast               = false
do_lucky13             = false
do_breach              = false
do_ccs_injection       = false
do_ticketbleed         = false
do_cipher_per_proto    = false
do_crime               = false
do_freak               = false
do_logjam              = false
do_drown               = false
do_header              = false
do_heartbleed          = false
do_mx_all_ips          = false
do_fs                  = false
do_protocols           = true
do_rc4                 = false
do_starttls_injection  = false
do_grease              = false
do_robot               = false
do_renego              = false
do_cipherlists         = false
do_server_defaults     = false
do_server_preference   = false
do_ssl_poodle          = false
do_tls_fallback_scsv   = false
do_winshock            = false
do_sweet32             = false
do_client_simulation   = false
do_cipher_match        = false
do_tls_sockets         = false
do_mass_testing        = false
do_display_only        = false
do_rating              = false
URI:                   : localhost:8080

#####################################################################
  testssl.sh version 3.2rc3 from https://testssl.sh/dev/
  (b5ad5bd 2024-12-06 15:03:47)

  This program is free software. Distribution and modification under
  GPLv2 permitted. USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK!

  Please file bugs @ https://testssl.sh/bugs/

#####################################################################

  Using OpenSSL 1.0.2-bad   [~179 ciphers]
  on zwarte:./bin/openssl.Linux.x86_64
  built: Sep  1 14:03:44 2022, platform: linux-x86_64
  Using bash 5.2.21

localhost:8080
URL_PATH: /
 Start 2025-01-03 13:57:16                -->> 127.0.0.1:8080 (localhost) <<--

 A record via:           /etc/hosts 
 rDNS (127.0.0.1):       localhost.

sending client hello... sending client hello... 
"\x16\x03\x01\x02\x00\x01\x00\x01\xfc\x03\x03\x54\x51\x1e\x7a\xde\xad\xbe\xef\x31\x33\x07\x00\x00\x00\x00\x00\xcf\xbd\x39\x04\xcc\x16\x0b\x85\x03\x90\x9f\x77\x04\x33\xd4\xde\x20\x44\xb8\x92\x56\xaf\x74\x52\x9e\xd8\xcf\x52\x14\xc8\xaf\xd8\x34\x0b\xe7\x7f\xeb\x86\x01\x84\x50\x5d\xe4\xa1\x6a\x09\x3b\xbf\x6e\x00\x0e\x13\x01\x13\x02\x13\x03\x13\x04\x13\x05\xc0\xb4\xc0\xb5\x01\x00\x01\xa5\x00\x00\x00\x0e\x00\x0c\x00\x00\x09\x6c\x6f\x63\x61\x6c\x68\x6f\x73\x74\x00\x2d\x00\x02\x01\x01\x00\x23\x00\x00\x33\x74\x00\x00\x00\x0d\x00\x22\x00\x20\x04\x03\x05\x03\x06\x03\x08\x04\x08\x05\x08\x06\x04\x01\x05\x01\x06\x01\x08\x09\x08\x0a\x08\x0b\x08\x07\x08\x08\x02\x01\x02\x03\x00\x0a\x00\x16\x00\x14\x00\x1d\x00\x17\x00\x1e\x00\x18\x00\x19\x00\x1f\x00\x20\x00\x21\x01\x00\x01\x01\x00\x33\x00\x6b\x00\x69\x00\x1d\x00\x20\x4d\xfa\x57\x44\xb7\xf7\x48\xb8\x95\x77\x5a\xc1\xff\x86\xbf\xae\xf7\x3a\x33\x69\x54\xde\x6a\xf5\x2e\x89\x84\x6c\xf2\xd8\xb2\x43\x00\x17\x00\x41\x04\xb4\x24\xef\x11\x99\x9c\xa4\xe8\xce\x88\x25\xc3\x8e\x7c\x0c\x6a\x94\xde\x33\x6d\xff\xcd\x17\xb7\x5c\x65\xdb\xd1\x58\x46\x95\x69\x80\xc8\xbc\xfc\xe6\xd9\x22\x39\xbb\x3f\x63\xab\x3d\x5c\xba\xcc\xeb\x1a\x90\x1b\xd4\x75\xff\x58\xc4\x00\x58\x50\x21\xd0\xaa\xe4\x00\x0b\x00\x02\x01\x00\x00\x1b\x00\x07\x06\x00\x01\x00\x02\x00\x03\x00\x2b\x00\x0f\x0e\x03\x04\x7f\x1c\x7f\x1b\x7f\x1a\x7f\x19\x7f\x18\x7f\x17\x00\x0f\x00\x01\x01\x00\x15\x00\xa9\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
reading server hello...
00000000  16 03 03 00 7a 02 00 00  76 03 03 70 ec f8 da cc  |....z...v..p....|
00000010  1a 63 c4 d9 1e 15 8c 3f  9d bb c5 36 9d 3b cd c7  |.c.....?...6.;..|
00000020  9d 6e cf 4f 58 b5 f6 90  00 9a 3e 20 44 b8 92 56  |.n.OX.....> D..V|
00000030  af 74 52 9e d8 cf 52 14  c8 af d8 34 0b e7 7f eb  |.tR...R....4....|
00000040  86 01 84 50 5d e4 a1 6a  09 3b bf 6e 13 02 00 00  |...P]..j.;.n....|
00000050  2e 00 2b 00 02 03 04 00  33 00 24 00 1d 00 20 73  |..+.....3.$... s|

160303007A02000076030370ECF8DACC1A63C4D91E158C3F9DBBC5369D3BCDC79D6ECF4F58B5F690009A3E2044B89256AF74529ED8CF5214C8AFD8340BE77FEB860184505DE4A16A093BBF6E130200002E002B0002030400330024001D0020737F593CB85AB3252E6F3047922E7FA71A6D0D2FAD5002567E83387A3367C809140303000101170303001B18EB09B3383CB132661D8D160D851455523E7EF5D2F0F67E9600D91703030339C9B14A69F2A53880B704CB1039C8FD599E48843ACBE50512FAFE93372A3DCADA96CE2091BC5363FD79C02B0CC0B20D6E5C9F31AEBE9561A751CA9778C0ABAC16DDD37BBE958233706DEEF77F612757938F74E762EC366787A674CFA16C1033F06C7DDEFFB723B8A59103766A0404425A770F2AD794738A9210AB127C80A261C985C577DF875F64397FC29BE4377D9009A54EF7EB3992358133E993406A4E3F1E3823C28631B21ADDBF4758E627A350D020C2960A100C0F879D9C63FAB9DEA635B4BAC4BEA9D3A5037B42F5B3215BA6C7968BA7866B4E7BCEB0556EC7F106E39F41460A05C5AFF5138BC33BAF9C4616C88D4692F63EAFD207808F6CC421577C47798DA2A1F42EBB3FAB47C012A8BE778719F51696B0E11E0B3ECBE91C68B869BF1606A9D9F584DE9EC8A7A8DE079D1FD82CD7BCDFCA67435AED386F10B0713AB8BADCAAB98CF0F880A2DB292921AEF6AB7A762FFF0B0E1DF9369227A0C7415BB6639073565FF3328301DA4DEB2C54763F82313EC95391C63BDE58F5C0DF8F06914DFB95CCE3F8F98F3B6234BE2E6CC7D83FED9D6C8B7A291230191F1442441585269405D17F7F94453F5F3CB187667EDA309F1F10027C090BDABB51617812668343F4C9FD53A4249FF07E60A6B6AB038E080BCEBC23D3D115B415EB558351DE274C8D461A236FEC14B8A2D0009809EE93991E3793B8885D051AC620A08F04328F3124605B1F4C363432F00F9E62FB995F0A139F8286CD9BE9E91A267469D2553B08F8E4A9C3722D815FA22E0E9353582AAFAAA8990C833887CFE35C86DF63FBD21F1898F444BDA649E7156050987E9CD8C5B72D0B6D73F3A3C92657DBF55AFB55D5BF76DCB6B5C5E08DC0E112D8CB827F74C45D2B84A5B8B15E9EE87BF3880E883440ECF08F37AC7063957FB6B2F623935916193ED109F480530F0409FB971C5965EC429C8A863AB5B84F5EA5CFA56D47ABD10D967F78BB2C0346668955DA5A4A9396F3DCB896778317AC2F61890505B79CA849F8E875BF06BEEA518CC707781004F5C425E6A1EC672693BDA56096CA1A4A95DB5EFC35356BC69A60FE66BB913A0E593B59716BF8D3DF6AEA9329D2568AFD6ED4AFA4E3B67BFEB2192CB62576DDAAA17EB345FC33ABB95726B50FB5D530DBE02CC38E0CF83FA51703030119DB4442750ABE73B5AE07B7B518444960D23AE58F8383B01A437DADF7CC2A475247F1BE3CA84A45A1AC7DF1E4EE07212FAC142FA810A7599E6D631FDCCD47C824609580EEA40BC638F894A691227DE49C3D111BEE47E1D361E70B219AB87A204F4862F731D031569AA8188414A599EDBBD6B2C12B7703C116AFBD60E1CF478F982857564CA48367B71AEC1B9E202358EF6E485A3959C8AE9CF9BF583897531AD3D046521CA084EEA97D6A2BBD61422C2DC3E923E759D7E245ACB4D9BF867D00CE556328E2F7696C3E818EB5F52B9509366D90E36223106352B22B1AE19A03ED1692B4F45B89E6604538BBD2AF8329BCF8397F8F8FC21C0EB767E71D7AEF1152AE56DD469EDCE3A137DE0B142C9F047AFFF893419FE18152A3281703030045AF62541D121DC50FAC1BCEF1E74562795650129B33BF8353F12E66FD508E2EFE211169BA52C734DC0C1CE2429449424A9B031D7462D18BCE2C7C20BF8E2C1CBB3913E12498
TLS message fragments:
     protocol (rec. layer):  0x0303
     tls_content_type:       0x16 (handshake)
     msg_len:                122

     protocol (rec. layer):  0x0303
     tls_content_type:       0x14 (change cipher spec)
     msg_len:                1

     protocol (rec. layer):  0x0303
     tls_content_type:       0x17 (application data)
     msg_len:                27

     protocol (rec. layer):  0x0303
     tls_content_type:       0x17 (application data)
     msg_len:                825

     protocol (rec. layer):  0x0303
     tls_content_type:       0x17 (application data)
     msg_len:                281

     protocol (rec. layer):  0x0303
     tls_content_type:       0x17 (application data)
     msg_len:                69

TLS handshake messages:
     handshake type:         0x02 (server_hello)
     msg_len:                118

TLS server hello message:
     tls_protocol:           0x0304
     tls_cipher_suite:       0x1302 (TLS_AES_256_GCM_SHA384)
     tls_extensions: "supported versions/#43" "key share/#51"

sending close_notify...

"\x15\x03\x01\x00\x02\x02\x00"
  (86 lines returned)  

sending client hello... sending client hello... 
"\x16\x03\x01\x02\x00\x01\x00\x01\xfc\x03\x03\x54\x51\x1e\x7a\xde\xad\xbe\xef\x31\x33\x07\x00\x00\x00\x00\x00\xcf\xbd\x39\x04\xcc\x16\x0b\x85\x03\x90\x9f\x77\x04\x33\xd4\xde\x00\x01\x00\xc0\x30\xc0\x2c\xc0\x28\xc0\x24\xc0\x14\xc0\x0a\x00\x9f\x00\x6b\x00\x39\x00\x9d\x00\x3d\x00\x35\xc0\x2f\xc0\x2b\xc0\x27\xc0\x23\xc0\x13\xc0\x09\x00\x9e\x00\x67\x00\x33\x00\x9c\x00\x3c\x00\x2f\xcc\xa9\xcc\xa8\xcc\xaa\xcc\x14\xcc\x13\xcc\x15\x00\xa5\x00\xa3\x00\xa1\x00\x6a\x00\x69\x00\x68\x00\x38\x00\x37\x00\x36\xc0\x77\xc0\x73\x00\xc4\x00\xc3\x00\xc2\x00\xc1\x00\x88\x00\x87\x00\x86\x00\x85\xc0\x32\xc0\x2e\xc0\x2a\xc0\x26\xc0\x0f\xc0\x05\xc0\x79\xc0\x75\x00\xc0\x00\x84\x00\xa4\x00\xa2\x00\xa0\x00\x40\x00\x3f\x00\x3e\x00\x32\x00\x31\x00\x30\xc0\x76\xc0\x72\x00\xbe\x00\xbd\x00\xbc\x00\xbb\x00\x9a\x00\x99\x00\x98\x00\x97\x00\x45\x00\x44\x00\x43\x00\x42\xc0\x31\xc0\x2d\xc0\x29\xc0\x25\xc0\x0e\xc0\x04\xc0\x78\xc0\x74\x00\xba\x00\x96\x00\x41\x00\x07\xc0\x11\xc0\x07\x00\x66\xc0\x0c\xc0\x02\x00\x05\x00\x04\xc0\x12\xc0\x08\x00\x16\x00\x13\x00\x10\x00\x0d\xc0\x0d\xc0\x03\x00\x0a\x00\x80\x00\x81\x00\x82\x00\x83\x00\x63\x00\x15\x00\x12\x00\x0f\x00\x0c\x00\x62\x00\x09\x00\x65\x00\x64\x00\x14\x00\x11\x00\x08\x00\x03\x00\xff\x01\x00\x00\xd3\x00\x00\x00\x0e\x00\x0c\x00\x00\x09\x6c\x6f\x63\x61\x6c\x68\x6f\x73\x74\x00\x23\x00\x00\x33\x74\x00\x00\x00\x0d\x00\x30\x00\x2e\x06\x01\x06\x02\x06\x03\x05\x01\x05\x02\x05\x03\x04\x01\x04\x02\x04\x03\x03\x01\x03\x02\x03\x03\x02\x01\x02\x02\x02\x03\x08\x04\x08\x05\x08\x06\x08\x07\x08\x08\x08\x09\x08\x0a\x08\x0b\x00\x0a\x00\x42\x00\x40\x00\x0e\x00\x0d\x00\x19\x00\x1c\x00\x1e\x00\x0b\x00\x0c\x00\x1b\x00\x18\x00\x09\x00\x0a\x00\x1a\x00\x16\x00\x17\x00\x1d\x00\x08\x00\x06\x00\x07\x00\x14\x00\x15\x00\x04\x00\x05\x00\x12\x00\x13\x00\x01\x00\x02\x00\x03\x00\x0f\x00\x10\x00\x11\x01\x00\x01\x01\x00\x0b\x00\x02\x01\x00\x00\x0f\x00\x01\x01\x00\x15\x00\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
reading server hello...
00000000  16 03 03 00 41 02 00 00  3d 03 03 42 8d 7a ee 34  |....A...=..B.z.4|
00000010  5d 42 02 b3 d8 02 b9 9d  e2 4d a8 87 2e 6a 41 4b  |]B.......M...jAK|
00000020  c3 7f 5a 44 4f 57 4e 47  52 44 01 00 c0 30 00 00  |..ZDOWNGRD...0..|
00000030  15 ff 01 00 01 00 00 00  00 00 00 0b 00 04 03 00  |................|
00000040  01 02 00 23 00 00 16 03  03 03 25 0b 00 03 21 00  |...#......%...!.|
00000050  03 1e 00 03 1b 30 82 03  17 30 82 01 ff a0 03 02  |.....0...0......|

16030300410200003D0303428D7AEE345D4202B3D802B99DE24DA8872E6A414BC37F5A444F574E4752440100C030000015FF0100010000000000000B0004030001020023000016030303250B00032100031E00031B30820317308201FFA003020102021422CCAB6BE36A16B14AE0DBF919ACDE2DB08A9027300D06092A864886F70D01010B050030243110300E06035504070C075341426E7A62643110300E060355040A0C075341426E7A6264301E170D3234313231383135343135355A170D3334303931373135343135355A30243110300E06035504070C075341426E7A62643110300E060355040A0C075341426E7A626430820122300D06092A864886F70D01010105000382010F003082010A0282010100BC32D92D2A7FD01FA23A0C819378B151CB58953C3BD29FCF3B71BD9A1258C4CBA66429B0C56E2669FC038B982916F04E8ED8F9A084123A1AC06B053448ABA9ADD35E96484755DD1C41D1EFE6720D545D9D429321501E34296274F8F76764ACD5CE4B21F6443095BEBFD12A8BD5EE6F966653CE2D1C7D4AA9496880BFF95D402DCCC5876EC38DE7728C363EA1A93662A08554678158E22EEB98F70BF13F0A194B0C89F855F3CB9CE80AEB252496C20FC83D158DD8972061169DE1B8CC537DD6DB30174CA1505B163E50CD858BF2832CE41CE141419EB99829DD9152C048778139DC781829655052F8B414091BD34C2DBB641F19ACE81F48EB06BA7E22AA6B12150203010001A341303F303D0603551D110101FF0433303182096C6F63616C686F737482067A776172746587047F0000018710000000000000000000000000000000018704C0A80166300D06092A864886F70D01010B050003820101003ED668E2C90AD3D1D02E58BA499D43CEAB355E4E29314AF18DEB1D841ACE41579AB1B548C8DF95D9296DAFD1475543F27BDF883C01294AB0D3990B5A685D757B828DCEA495420D9EF3E21F6F589EF00485DDC8E22A189A07B800892B02A38BB4C6E1DB6FDB5D31AA107DA109FD8D998AC9E8F6BC62A761DA6E2D67C8999A601AA77F6597C002E7BD7114BF36A0FA4B7613EFBC022D191B128D2F398FBCA28F83C6BE1088EDF6F7BAED0BB01322FA6686B3BEC71A2FD92A880204F126FD76DE6E6A856B4D2430DD8F76FCF2F002672189220567631F7F1559C707F4F8308029817F0D7403A24FAC1BA7FF5CD5E31500255505AC7C5106277FE331D6E5CFE2F25D160303012C0C00012803001D20227C57EFBCCA1636D7B9B071B9FF4826C8A6D44C3DD92EDA20576B14A0DD9C720804010073447A0E86E13DAAE53E4DCB7AC011EC1470F608DCF4E1573CA0ED98DF3CF35D4E33286A701CE166353B3E6DA2DB56F8BDA517083CCE52C2265372C3941DB2790B54206270C6BDBC634C212AE8A1D50D227C78C2B43A531FBF975CE9CCBC7A56756F5E5063A4E06AD5DB2EC0922EAF05593BED7348A99E533716A0DF16E04B8F3106AAF89907C25B64412791A156970A2235E2E6A813932FAD732DF7754BBA6596104F0EB3D8B90B48FE3572054A3F83BB898AE28E84E7FBFAF8FEE12B8BA138EB808568694C574331909EEEED5009115DD5733DBD0B8F829293AFED56A252760C1C41FB461810BED3B38CF874FD9DC8F7E38F0A1458E84E276120807198EB7916030300040E000000
TLS message fragments:
     protocol (rec. layer):  0x0303
     tls_content_type:       0x16 (handshake)
     msg_len:                65

     protocol (rec. layer):  0x0303
     tls_content_type:       0x16 (handshake)
     msg_len:                805

     protocol (rec. layer):  0x0303
     tls_content_type:       0x16 (handshake)
     msg_len:                300

     protocol (rec. layer):  0x0303
     tls_content_type:       0x16 (handshake)
     msg_len:                4

TLS handshake messages:
     handshake type:         0x02 (server_hello)
     msg_len:                61

     handshake type:         0x0B (certificate)
     msg_len:                801

     handshake type:         0x0C (server_key_exchange)
     msg_len:                296

     handshake type:         0x0E (server_hello_done)
     msg_len:                0

TLS server hello message:
     tls_protocol:           0x0303
     tls_sid_len:            0x00 / = 0
     tls_hello_time:         0x428D7AEE date: invalid date '1116568302'
     tls_cipher_suite:       0xC030 (TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384)
     tls_compression_method: 0x00 (NONE)
     tls_extensions: "renegotiation info/#65281" "server name/#0" "EC point formats/#11" "session ticket/#35"

sending close_notify...

"\x15\x03\x01\x00\x02\x02\x00"
  (76 lines returned)  
one proto determined: tls1_2
OPTIMAL_PROTO: 
    PID TTY      STAT   TIME COMMAND
  36006 pts/5    R+     0:00 ./bin/openssl.Linux.x86_64 s_client -quiet -connect 127.0.0.1 8080 -servername localhost -no_comp
    PID TTY      STAT   TIME COMMAND
  36006 pts/5    R+     0:01 ./bin/openssl.Linux.x86_64 s_client -quiet -connect 127.0.0.1 8080 -servername localhost -no_comp
    PID TTY      STAT   TIME COMMAND
  36006 pts/5    R+     0:02 ./bin/openssl.Linux.x86_64 s_client -quiet -connect 127.0.0.1 8080 -servername localhost -no_comp
    PID TTY      STAT   TIME COMMAND
  36006 pts/5    R+     0:03 ./bin/openssl.Linux.x86_64 s_client -quiet -connect 127.0.0.1 8080 -servername localhost -no_comp
    PID TTY      STAT   TIME COMMAND
  36006 pts/5    R+     0:04 ./bin/openssl.Linux.x86_64 s_client -quiet -connect 127.0.0.1 8080 -servername localhost -no_comp
HTTP/1.1 200 OK
Content-Type: text/html;charset=utf-8
Server: CherryPy/18.9.0
Date: Fri, 03 Jan 2025 12:57:17 GMT
X-Frame-Options: SameOrigin
Vary: Accept-Encoding
Content-Length: 909949

<!DOCTYPE html>

<html lang="en"  id="sabnzbd" data-bind="filedrop: { overlaySelector: '.main-filedrop', onFileDrop: addNZBFromFile }">
    <head>
        <!--
                Glitter V2
                By Safihre (2016) - [email protected]

                Code extended from Shiny-template
                Code examples used from Knockstrap-template

                Many things are inserted on-load, making the
                output hard to read. If you want to know what's
                going on, read the main.tmpl file!
        -->
        <title data-bind="text: title">SABnzbd</title>

        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
        <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no, maximum-scale=1" />
        <meta name="mobile-web-app-capable" content="yes" />
        <meta name="application-name" content="SABnzbd">
        <meta name="apple-mobile-web-app-capable" content="yes" />
        <meta name="apple-mobile-web-app-title" content="SABnzbd" />
        <meta name="apple-mobile-web-app-status-bar-style" content="black" />
        <meta name="msapplication-navbutton-color" content="#000000" />
        <meta name="theme-color" content="#000000" />

        <link rel="apple-touch-icon" sizes="76x76" href="./staticcfg/ico/apple-touch-icon-76x76-precomposed.png" />
        <link rel="apple-touch-icon" sizes="120x120" href="./staticcfg/ico/apple-touch-icon-120x120-precomposed.png" />
        <link rel="apple-touch-icon" sizes="152x152" href="./staticcfg/ico/apple-touch-icon-152x152-precomposed.png" />
        <link rel="apple-touch-icon" sizes="180x180" href="./staticcfg/ico/apple-touch-icon-180x180-precomposed.png" />
        <link rel="apple-touch-icon" sizes="192x192" href="./staticcfg/ico/android-192x192.png" />
        <link rel="mask-icon" href="./staticcfg/ico/safari-pinned-tab.svg" color="#383F45">
        <link rel="shortcut icon" type="image/ico" href="./staticcfg/ico/favicon.ico?v=4.4.1" data-bind="attr: { 'href': SABIcon }" />

        <link rel="stylesheet" type="text/css" href="./static/bootstrap/css/bootstrap.min.css?v=4.4.1" />
        <link rel="stylesheet" type="text/css" href="./static/stylesheets/glitter.css?v=4.4.1" />
        <link rel="stylesheet" type="text/css" href="./static/stylesheets/glitter.mobile.css?v=4.4.1" media="all and (max-width: 768px)" />
        
        <link rel="stylesheet" type="text/css" href="./static/stylesheets/colorschemes/Auto.css?v=4.4.1"/>
        

 Service detected:       HTTP
determine_sizelimitbug sending 129 ciphers

sending client hello... sending client hello... 
"\x16\x03\x01\x02\x00\x01\x00\x01\xfc\x03\x03\x54\x51\x1e\x7a\xde\xad\xbe\xef\x31\x33\x07\x00\x00\x00\x00\x00\xcf\xbd\x39\x04\xcc\x16\x0b\x85\x03\x90\x9f\x77\x04\x33\xd4\xde\x00\x01\x02\xc0\x86\xc0\x30\xc0\x2c\xc0\x28\xc0\x24\xc0\x14\xc0\x0a\x00\x9f\x00\x6b\x00\x39\x00\x9d\x00\x3d\x00\x35\xc0\x2f\xc0\x2b\xc0\x27\xc0\x23\xc0\x13\xc0\x09\x00\x9e\x00\x67\x00\x33\x00\x9c\x00\x3c\x00\x2f\xcc\xa9\xcc\xa8\xcc\xaa\xcc\x14\xcc\x13\xcc\x15\x00\xa5\x00\xa3\x00\xa1\x00\x6a\x00\x69\x00\x68\x00\x38\x00\x37\x00\x36\xc0\x77\xc0\x73\x00\xc4\x00\xc3\x00\xc2\x00\xc1\x00\x88\x00\x87\x00\x86\x00\x85\xc0\x32\xc0\x2e\xc0\x2a\xc0\x26\xc0\x0f\xc0\x05\xc0\x79\xc0\x75\x00\xc0\x00\x84\x00\xa4\x00\xa2\x00\xa0\x00\x40\x00\x3f\x00\x3e\x00\x32\x00\x31\x00\x30\xc0\x76\xc0\x72\x00\xbe\x00\xbd\x00\xbc\x00\xbb\x00\x9a\x00\x99\x00\x98\x00\x97\x00\x45\x00\x44\x00\x43\x00\x42\xc0\x31\xc0\x2d\xc0\x29\xc0\x25\xc0\x0e\xc0\x04\xc0\x78\xc0\x74\x00\xba\x00\x96\x00\x41\x00\x07\xc0\x11\xc0\x07\x00\x66\xc0\x0c\xc0\x02\x00\x05\x00\x04\xc0\x12\xc0\x08\x00\x16\x00\x13\x00\x10\x00\x0d\xc0\x0d\xc0\x03\x00\x0a\x00\x80\x00\x81\x00\x82\x00\x83\x00\x63\x00\x15\x00\x12\x00\x0f\x00\x0c\x00\x62\x00\x09\x00\x65\x00\x64\x00\x14\x00\x11\x00\x08\x00\x03\x00\xff\x01\x00\x00\xd1\x00\x00\x00\x0e\x00\x0c\x00\x00\x09\x6c\x6f\x63\x61\x6c\x68\x6f\x73\x74\x00\x23\x00\x00\x33\x74\x00\x00\x00\x0d\x00\x30\x00\x2e\x06\x01\x06\x02\x06\x03\x05\x01\x05\x02\x05\x03\x04\x01\x04\x02\x04\x03\x03\x01\x03\x02\x03\x03\x02\x01\x02\x02\x02\x03\x08\x04\x08\x05\x08\x06\x08\x07\x08\x08\x08\x09\x08\x0a\x08\x0b\x00\x0a\x00\x42\x00\x40\x00\x0e\x00\x0d\x00\x19\x00\x1c\x00\x1e\x00\x0b\x00\x0c\x00\x1b\x00\x18\x00\x09\x00\x0a\x00\x1a\x00\x16\x00\x17\x00\x1d\x00\x08\x00\x06\x00\x07\x00\x14\x00\x15\x00\x04\x00\x05\x00\x12\x00\x13\x00\x01\x00\x02\x00\x03\x00\x0f\x00\x10\x00\x11\x01\x00\x01\x01\x00\x0b\x00\x02\x01\x00\x00\x0f\x00\x01\x01\x00\x15\x00\x2e\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
reading server hello...
00000000  16 03 03 00 41 02 00 00  3d 03 03 83 0f bb fc 81  |....A...=.......|
00000010  2b 90 59 2a 24 0a 35 ed  d0 61 d0 1b d7 ba 84 86  |+.Y*$.5..a......|
00000020  e4 cd 34 44 4f 57 4e 47  52 44 01 00 c0 30 00 00  |..4DOWNGRD...0..|
00000030  15 ff 01 00 01 00 00 00  00 00 00 0b 00 04 03 00  |................|
00000040  01 02 00 23 00 00 16 03  03 03 25 0b 00 03 21 00  |...#......%...!.|
00000050  03 1e 00 03 1b 30 82 03  17 30 82 01 ff a0 03 02  |.....0...0......|

16030300410200003D0303830FBBFC812B90592A240A35EDD061D01BD7BA8486E4CD34444F574E4752440100C030000015FF0100010000000000000B0004030001020023000016030303250B00032100031E00031B30820317308201FFA003020102021422CCAB6BE36A16B14AE0DBF919ACDE2DB08A9027300D06092A864886F70D01010B050030243110300E06035504070C075341426E7A62643110300E060355040A0C075341426E7A6264301E170D3234313231383135343135355A170D3334303931373135343135355A30243110300E06035504070C075341426E7A62643110300E060355040A0C075341426E7A626430820122300D06092A864886F70D01010105000382010F003082010A0282010100BC32D92D2A7FD01FA23A0C819378B151CB58953C3BD29FCF3B71BD9A1258C4CBA66429B0C56E2669FC038B982916F04E8ED8F9A084123A1AC06B053448ABA9ADD35E96484755DD1C41D1EFE6720D545D9D429321501E34296274F8F76764ACD5CE4B21F6443095BEBFD12A8BD5EE6F966653CE2D1C7D4AA9496880BFF95D402DCCC5876EC38DE7728C363EA1A93662A08554678158E22EEB98F70BF13F0A194B0C89F855F3CB9CE80AEB252496C20FC83D158DD8972061169DE1B8CC537DD6DB30174CA1505B163E50CD858BF2832CE41CE141419EB99829DD9152C048778139DC781829655052F8B414091BD34C2DBB641F19ACE81F48EB06BA7E22AA6B12150203010001A341303F303D0603551D110101FF0433303182096C6F63616C686F737482067A776172746587047F0000018710000000000000000000000000000000018704C0A80166300D06092A864886F70D01010B050003820101003ED668E2C90AD3D1D02E58BA499D43CEAB355E4E29314AF18DEB1D841ACE41579AB1B548C8DF95D9296DAFD1475543F27BDF883C01294AB0D3990B5A685D757B828DCEA495420D9EF3E21F6F589EF00485DDC8E22A189A07B800892B02A38BB4C6E1DB6FDB5D31AA107DA109FD8D998AC9E8F6BC62A761DA6E2D67C8999A601AA77F6597C002E7BD7114BF36A0FA4B7613EFBC022D191B128D2F398FBCA28F83C6BE1088EDF6F7BAED0BB01322FA6686B3BEC71A2FD92A880204F126FD76DE6E6A856B4D2430DD8F76FCF2F002672189220567631F7F1559C707F4F8308029817F0D7403A24FAC1BA7FF5CD5E31500255505AC7C5106277FE331D6E5CFE2F25D160303012C0C00012803001D2074670B9E2279620D8DD90BFC81FF6343F9D004A86F9EB5DC0FAFCB59A4E5D46708040100845CC694D3EF436D4914795C086C28598BDB9ABDF4FDD80A4F85C79701DC1C1DA7B794A2A8F669D4648053785D6C61F7C4ED4CBF00B3F69BD45DAF18CF00BD82DE9A2ED27821DAAF487E1680B506CCB5B5A6BE28246D3990EE30578B88230F6F9AA96CE113A3529DAA03D1F34F72EBF2EC8A1666ECAAA9B41AE7395D0826A0D2EC55B2D1A70F2A840CAFC7C5B6AFAD5157F19EEED65C85F44093A3A0652AE531354D9CC7E8D8FB329DF6112574B987CB6121DCD7E4461736D0AB0FF4C838FF7460DC5C1243CCB2D3A08F485A83A209828F3AE5EDC3463A606C454DB16798E1302284C5F676054C68E9A79E456DD71D35C5AE2A1DED8C28F72654898E7F5B4D8D16030300040E000000
TLS message fragments:
     protocol (rec. layer):  0x0303
     tls_content_type:       0x16 (handshake)
     msg_len:                65

     protocol (rec. layer):  0x0303
     tls_content_type:       0x16 (handshake)
     msg_len:                805

     protocol (rec. layer):  0x0303
     tls_content_type:       0x16 (handshake)
     msg_len:                300

     protocol (rec. layer):  0x0303
     tls_content_type:       0x16 (handshake)
     msg_len:                4

TLS handshake messages:
     handshake type:         0x02 (server_hello)
     msg_len:                61

     handshake type:         0x0B (certificate)
     msg_len:                801

     handshake type:         0x0C (server_key_exchange)
     msg_len:                296

     handshake type:         0x0E (server_hello_done)
     msg_len:                0

TLS server hello message:
     tls_protocol:           0x0303
     tls_sid_len:            0x00 / = 0
     tls_hello_time:         0x830FBBFC date: invalid date '2198846460'
     tls_cipher_suite:       0xC030 (TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384)
     tls_compression_method: 0x00 (NONE)
     tls_extensions: "renegotiation info/#65281" "server name/#0" "EC point formats/#11" "session ticket/#35"

sending close_notify...

"\x15\x03\x01\x00\x02\x02\x00"
  (76 lines returned)  

SERVER_SIZE_LIMIT_BUG: false
 Pre-test: No 128 cipher limit bug

 Testing protocols via sockets except NPN+ALPN 

 SSLv2      sending client hello... 
"\x80\x40\x01\x00\x02\x00\x27\x00\x00\x00\x10\x05\x00\x80\x03\x00\x80\x01\x00\x80\x07\x00\xc0\x08\x00\x80\x06\x00\x40\x04\x00\x80\x02\x00\x80\x06\x01\x40\x07\x01\xc0\xFF\x80\x00\xFF\x80\x10\x00\x00\x00\x29\x22\xbe\xb3\x5a\x01\x8b\x04\xfe\x5f\x80\x03\xa0\x13\xeb\xc4"
reading server hello... 
00000000  15 03 03 00 02 02 46                              |......F|
00000007

15030300020246
>TLS< alert message discovered: 15030300020246 (02/fatal: 0x46/protocol version)
SSLv2 server hello length: 0x0503
SSLv2 certificate type:    0x02
SSLv2 certificate length:  0x
SSLv2 cipher spec length:  0x
not offered (OK)

 SSLv3      
sending client hello... sending client hello... 
"\x16\x03\x00\x00\xcb\x01\x00\x00\xc7\x03\x00\x54\x51\x1e\x7a\xde\xad\xbe\xef\x31\x33\x07\x00\x00\x00\x00\x00\xcf\xbd\x39\x04\xcc\x16\x0b\x85\x03\x90\x9f\x77\x04\x33\xd4\xde\x00\x00\xa0\xc0\x14\xc0\x0a\xc0\x22\xc0\x21\xc0\x20\x00\x39\x00\x38\x00\x37\x00\x36\x00\x88\x00\x87\x00\x86\x00\x85\xc0\x0f\xc0\x05\x00\x35\x00\x84\xc0\x13\xc0\x09\xc0\x1f\xc0\x1e\xc0\x1d\x00\x33\x00\x32\x00\x80\x00\x81\x00\x82\x00\x83\x00\x31\x00\x30\x00\x9a\x00\x99\x00\x98\x00\x97\x00\x45\x00\x44\x00\x43\x00\x42\xc0\x0e\xc0\x04\x00\x2f\x00\x96\x00\x41\x00\x07\xc0\x11\xc0\x07\x00\x66\xc0\x0c\xc0\x02\x00\x05\x00\x04\xc0\x12\xc0\x08\xc0\x1c\xc0\x1b\xc0\x1a\x00\x16\x00\x13\x00\x10\x00\x0d\xc0\x0d\xc0\x03\x00\x0a\x00\x63\x00\x15\x00\x12\x00\x0f\x00\x0c\x00\x62\x00\x09\x00\x65\x00\x64\x00\x14\x00\x11\x00\x0e\x00\x0b\x00\x08\x00\x06\x00\x03\x00\xff\x01\x00"
reading server hello...
00000000  15 03 00 00 02 02 28                              |......(|
00000007

15030000020228
TLS message fragments:
     protocol (rec. layer):  0x0300
     tls_content_type:       0x15 (alert)
     msg_len:                2

TLS alert messages:
     tls_err_descr_no:       0x28 / = 40 (handshake failure)
     tls_err_level:          02 (fatal)
  (2 lines returned)  
not offered (OK)
 TLS 1      
sending client hello... sending client hello... 
"\x16\x03\x01\x02\x00\x01\x00\x01\xfc\x03\x01\x54\x51\x1e\x7a\xde\xad\xbe\xef\x31\x33\x07\x00\x00\x00\x00\x00\xcf\xbd\x39\x04\xcc\x16\x0b\x85\x03\x90\x9f\x77\x04\x33\xd4\xde\x00\x00\xa0\xc0\x14\xc0\x0a\xc0\x22\xc0\x21\xc0\x20\x00\x39\x00\x38\x00\x37\x00\x36\x00\x88\x00\x87\x00\x86\x00\x85\xc0\x0f\xc0\x05\x00\x35\x00\x84\xc0\x13\xc0\x09\xc0\x1f\xc0\x1e\xc0\x1d\x00\x33\x00\x32\x00\x80\x00\x81\x00\x82\x00\x83\x00\x31\x00\x30\x00\x9a\x00\x99\x00\x98\x00\x97\x00\x45\x00\x44\x00\x43\x00\x42\xc0\x0e\xc0\x04\x00\x2f\x00\x96\x00\x41\x00\x07\xc0\x11\xc0\x07\x00\x66\xc0\x0c\xc0\x02\x00\x05\x00\x04\xc0\x12\xc0\x08\xc0\x1c\xc0\x1b\xc0\x1a\x00\x16\x00\x13\x00\x10\x00\x0d\xc0\x0d\xc0\x03\x00\x0a\x00\x63\x00\x15\x00\x12\x00\x0f\x00\x0c\x00\x62\x00\x09\x00\x65\x00\x64\x00\x14\x00\x11\x00\x0e\x00\x0b\x00\x08\x00\x06\x00\x03\x00\xff\x01\x00\x01\x33\x00\x00\x00\x0e\x00\x0c\x00\x00\x09\x6c\x6f\x63\x61\x6c\x68\x6f\x73\x74\x00\x23\x00\x00\x33\x74\x00\x00\x00\x0a\x00\x42\x00\x40\x00\x0e\x00\x0d\x00\x19\x00\x1c\x00\x1e\x00\x0b\x00\x0c\x00\x1b\x00\x18\x00\x09\x00\x0a\x00\x1a\x00\x16\x00\x17\x00\x1d\x00\x08\x00\x06\x00\x07\x00\x14\x00\x15\x00\x04\x00\x05\x00\x12\x00\x13\x00\x01\x00\x02\x00\x03\x00\x0f\x00\x10\x00\x11\x01\x00\x01\x01\x00\x0b\x00\x02\x01\x00\x00\x0f\x00\x01\x01\x00\x15\x00\xc4\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
reading server hello...
00000000  15 03 01 00 02 02 46                              |......F|
00000007

15030100020246
TLS message fragments:
     protocol (rec. layer):  0x0301
     tls_content_type:       0x15 (alert)
     msg_len:                2

TLS alert messages:
     tls_err_descr_no:       0x46 / = 70 (protocol version)
     tls_err_level:          02 (fatal)
  (2 lines returned)  
not offered
 TLS 1.1    
sending client hello... sending client hello... 
"\x16\x03\x01\x02\x00\x01\x00\x01\xfc\x03\x02\x54\x51\x1e\x7a\xde\xad\xbe\xef\x31\x33\x07\x00\x00\x00\x00\x00\xcf\xbd\x39\x04\xcc\x16\x0b\x85\x03\x90\x9f\x77\x04\x33\xd4\xde\x00\x00\xa0\xc0\x14\xc0\x0a\xc0\x22\xc0\x21\xc0\x20\x00\x39\x00\x38\x00\x37\x00\x36\x00\x88\x00\x87\x00\x86\x00\x85\xc0\x0f\xc0\x05\x00\x35\x00\x84\xc0\x13\xc0\x09\xc0\x1f\xc0\x1e\xc0\x1d\x00\x33\x00\x32\x00\x80\x00\x81\x00\x82\x00\x83\x00\x31\x00\x30\x00\x9a\x00\x99\x00\x98\x00\x97\x00\x45\x00\x44\x00\x43\x00\x42\xc0\x0e\xc0\x04\x00\x2f\x00\x96\x00\x41\x00\x07\xc0\x11\xc0\x07\x00\x66\xc0\x0c\xc0\x02\x00\x05\x00\x04\xc0\x12\xc0\x08\xc0\x1c\xc0\x1b\xc0\x1a\x00\x16\x00\x13\x00\x10\x00\x0d\xc0\x0d\xc0\x03\x00\x0a\x00\x63\x00\x15\x00\x12\x00\x0f\x00\x0c\x00\x62\x00\x09\x00\x65\x00\x64\x00\x14\x00\x11\x00\x0e\x00\x0b\x00\x08\x00\x06\x00\x03\x00\xff\x01\x00\x01\x33\x00\x00\x00\x0e\x00\x0c\x00\x00\x09\x6c\x6f\x63\x61\x6c\x68\x6f\x73\x74\x00\x23\x00\x00\x33\x74\x00\x00\x00\x0a\x00\x42\x00\x40\x00\x0e\x00\x0d\x00\x19\x00\x1c\x00\x1e\x00\x0b\x00\x0c\x00\x1b\x00\x18\x00\x09\x00\x0a\x00\x1a\x00\x16\x00\x17\x00\x1d\x00\x08\x00\x06\x00\x07\x00\x14\x00\x15\x00\x04\x00\x05\x00\x12\x00\x13\x00\x01\x00\x02\x00\x03\x00\x0f\x00\x10\x00\x11\x01\x00\x01\x01\x00\x0b\x00\x02\x01\x00\x00\x0f\x00\x01\x01\x00\x15\x00\xc4\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
reading server hello...
00000000  15 03 02 00 02 02 46                              |......F|
00000007

15030200020246
TLS message fragments:
     protocol (rec. layer):  0x0302
     tls_content_type:       0x15 (alert)
     msg_len:                2

TLS alert messages:
     tls_err_descr_no:       0x46 / = 70 (protocol version)
     tls_err_level:          02 (fatal)
  (2 lines returned)  
not offered
 TLS 1.2    offered (OK)
 TLS 1.3    
sending client hello... sending client hello... 
"\x16\x03\x01\x02\x00\x01\x00\x01\xfc\x03\x03\x54\x51\x1e\x7a\xde\xad\xbe\xef\x31\x33\x07\x00\x00\x00\x00\x00\xcf\xbd\x39\x04\xcc\x16\x0b\x85\x03\x90\x9f\x77\x04\x33\xd4\xde\x20\x44\xb8\x92\x56\xaf\x74\x52\x9e\xd8\xcf\x52\x14\xc8\xaf\xd8\x34\x0b\xe7\x7f\xeb\x86\x01\x84\x50\x5d\xe4\xa1\x6a\x09\x3b\xbf\x6e\x00\x0e\x13\x01\x13\x02\x13\x03\x13\x04\x13\x05\xc0\xb4\xc0\xb5\x01\x00\x01\xa5\x00\x00\x00\x0e\x00\x0c\x00\x00\x09\x6c\x6f\x63\x61\x6c\x68\x6f\x73\x74\x00\x2d\x00\x02\x01\x01\x00\x23\x00\x00\x33\x74\x00\x00\x00\x0d\x00\x22\x00\x20\x04\x03\x05\x03\x06\x03\x08\x04\x08\x05\x08\x06\x04\x01\x05\x01\x06\x01\x08\x09\x08\x0a\x08\x0b\x08\x07\x08\x08\x02\x01\x02\x03\x00\x0a\x00\x16\x00\x14\x00\x1d\x00\x17\x00\x1e\x00\x18\x00\x19\x00\x1f\x00\x20\x00\x21\x01\x00\x01\x01\x00\x28\x00\x6b\x00\x69\x00\x1d\x00\x20\x4d\xfa\x57\x44\xb7\xf7\x48\xb8\x95\x77\x5a\xc1\xff\x86\xbf\xae\xf7\x3a\x33\x69\x54\xde\x6a\xf5\x2e\x89\x84\x6c\xf2\xd8\xb2\x43\x00\x17\x00\x41\x04\xb4\x24\xef\x11\x99\x9c\xa4\xe8\xce\x88\x25\xc3\x8e\x7c\x0c\x6a\x94\xde\x33\x6d\xff\xcd\x17\xb7\x5c\x65\xdb\xd1\x58\x46\x95\x69\x80\xc8\xbc\xfc\xe6\xd9\x22\x39\xbb\x3f\x63\xab\x3d\x5c\xba\xcc\xeb\x1a\x90\x1b\xd4\x75\xff\x58\xc4\x00\x58\x50\x21\xd0\xaa\xe4\x00\x0b\x00\x02\x01\x00\x00\x1b\x00\x07\x06\x00\x01\x00\x02\x00\x03\x00\x2b\x00\x0b\x0a\x7f\x16\x7f\x15\x7f\x14\x7f\x13\x7f\x12\x00\x0f\x00\x01\x01\x00\x15\x00\xad\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
reading server hello...
00000000  15 03 03 00 02 02 46                              |......F|
00000007

15030300020246
TLS message fragments:
     protocol (rec. layer):  0x0303
     tls_content_type:       0x15 (alert)
     msg_len:                2

TLS alert messages:
     tls_err_descr_no:       0x46 / = 70 (protocol version)
     tls_err_level:          02 (fatal)
  (2 lines returned)  

sending client hello... sending client hello... 
"\x16\x03\x01\x02\x00\x01\x00\x01\xfc\x03\x03\x54\x51\x1e\x7a\xde\xad\xbe\xef\x31\x33\x07\x00\x00\x00\x00\x00\xcf\xbd\x39\x04\xcc\x16\x0b\x85\x03\x90\x9f\x77\x04\x33\xd4\xde\x20\x44\xb8\x92\x56\xaf\x74\x52\x9e\xd8\xcf\x52\x14\xc8\xaf\xd8\x34\x0b\xe7\x7f\xeb\x86\x01\x84\x50\x5d\xe4\xa1\x6a\x09\x3b\xbf\x6e\x00\x0e\x13\x01\x13\x02\x13\x03\x13\x04\x13\x05\xc0\xb4\xc0\xb5\x01\x00\x01\xa5\x00\x00\x00\x0e\x00\x0c\x00\x00\x09\x6c\x6f\x63\x61\x6c\x68\x6f\x73\x74\x00\x2d\x00\x02\x01\x01\x00\x23\x00\x00\x33\x74\x00\x00\x00\x0d\x00\x22\x00\x20\x04\x03\x05\x03\x06\x03\x08\x04\x08\x05\x08\x06\x04\x01\x05\x01\x06\x01\x08\x09\x08\x0a\x08\x0b\x08\x07\x08\x08\x02\x01\x02\x03\x00\x0a\x00\x16\x00\x14\x00\x1d\x00\x17\x00\x1e\x00\x18\x00\x19\x00\x1f\x00\x20\x00\x21\x01\x00\x01\x01\x00\x33\x00\x6b\x00\x69\x00\x1d\x00\x20\x4d\xfa\x57\x44\xb7\xf7\x48\xb8\x95\x77\x5a\xc1\xff\x86\xbf\xae\xf7\x3a\x33\x69\x54\xde\x6a\xf5\x2e\x89\x84\x6c\xf2\xd8\xb2\x43\x00\x17\x00\x41\x04\xb4\x24\xef\x11\x99\x9c\xa4\xe8\xce\x88\x25\xc3\x8e\x7c\x0c\x6a\x94\xde\x33\x6d\xff\xcd\x17\xb7\x5c\x65\xdb\xd1\x58\x46\x95\x69\x80\xc8\xbc\xfc\xe6\xd9\x22\x39\xbb\x3f\x63\xab\x3d\x5c\xba\xcc\xeb\x1a\x90\x1b\xd4\x75\xff\x58\xc4\x00\x58\x50\x21\xd0\xaa\xe4\x00\x0b\x00\x02\x01\x00\x00\x1b\x00\x07\x06\x00\x01\x00\x02\x00\x03\x00\x2b\x00\x0d\x0c\x7f\x1c\x7f\x1b\x7f\x1a\x7f\x19\x7f\x18\x7f\x17\x00\x0f\x00\x01\x01\x00\x15\x00\xab\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
reading server hello...
00000000  15 03 03 00 02 02 46                              |......F|
00000007

15030300020246
TLS message fragments:
     protocol (rec. layer):  0x0303
     tls_content_type:       0x15 (alert)
     msg_len:                2

TLS alert messages:
     tls_err_descr_no:       0x46 / = 70 (protocol version)
     tls_err_level:          02 (fatal)
  (2 lines returned)  
offered (OK): final
PROTOS_OFFERED: tls1_3:yes tls1_3_rfc8446:yes tls1_2:yes ssl2:no ssl3:no tls1:no tls1_1:no 
 NPN/SPDY   not offered
 ALPN/HTTP2 not offered


 Done 2025-01-03 13:57:23 [  16s] -->> 127.0.0.1:8080 (localhost) <<--


DEBUG (level 6): see files in /tmp/testssl.fcNODO

Script done.
sander@zwarte:~/git/testssl.sh$

[drwetter]

Thanks!

Some comments and questions:

a) The problem encountered so far were related to the static binary. And being static was a part of the problem. The binaries I supplied were compiled under a very old Ubuntu distro. Probably that was part of the prolem

b) The testssl.script file: do you see a segfault there?

c) Try 1 should be rather echo | OPENSSL_CONF='' ./bin/openssl.Linux.x86_64 s_client -connect localhost:8080 and echo | OPENSSL_CONF='' ./bin/openssl.Linux.x86_64 s_client -connect 127.0.0.1:8080.

[sanderjo]

After a fresh script -a testssl.script -c "./testssl.sh --debug=6 --protocols localhost:8080"

... no segfault in the temp dir:

sander@zwarte:~/git/testssl.sh$ grep -i -e segfault -e segment -e dump /tmp/testssl.gzayLo/*
/tmp/testssl.gzayLo/s_client_has2.txt: -tlsextdebug               Hex dump of all TLS extensions received
/tmp/testssl.gzayLo/s_client_has.txt: -tlsextdebug      - hex dump of all TLS extensions received
/tmp/testssl.gzayLo/s_client_starttls_has.txt: -tlsextdebug      - hex dump of all TLS extensions received

[drwetter]

@sanderjo : the segfault is supposed to be in testssl.script, see script(1)

[sanderjo]

Altered Try 1:

sander@zwarte:~/git/testssl.sh$ echo | OPENSSL_CONF='' ./bin/openssl.Linux.x86_64 s_client -connect localhost:8080
WARNING: can't open config file: 
Segmentation fault (core dumped)
sander@zwarte:~/git/testssl.sh$ 

with in dmesg:

[72333.456692] openssl.Linux.x[14769]: segfault at 2a060 ip 000000000002a060 sp 00007fffbdb5b6e8 error 14 in openssl.Linux.x86_64[400000+3b9000] likely on CPU 2 (core 0, socket 0)
[72333.456749] Code: Unable to access opcode bytes at 0x2a036.

That's nice (I think?)

No problem with "127.0.0.1" below.

NOTE: my issue report is about running ./testssl.sh 127.0.0.1:8080 causing the dmesg messages. So: 127.0.0.1, not localhost

sander@zwarte:~/git/testssl.sh$ echo | OPENSSL_CONF='' ./bin/openssl.Linux.x86_64 s_client -connect 127.0.0.1:8080
WARNING: can't open config file: 
CONNECTED(00000003)
depth=0 L = SABnzbd, O = SABnzbd
verify error:num=18:self signed certificate
verify return:1
depth=0 L = SABnzbd, O = SABnzbd
verify return:1
---
Certificate chain
 0 s:/L=SABnzbd/O=SABnzbd
   i:/L=SABnzbd/O=SABnzbd
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDFzCCAf+gAwIBAgIUIsyra+NqFrFK4Nv5GazeLbCKkCcwDQYJKoZIhvcNAQEL

[sanderjo]

@sanderjo : the segfault is supposed to be in testssl.script, see script(1)

Nothing, AFAIK

sander@zwarte:~/git/testssl.sh$ ll testssl.script 
-rw-rw-r-- 1 sander sander 76406 Jan  4 12:50 testssl.script
sander@zwarte:~/git/testssl.sh$ 
sander@zwarte:~/git/testssl.sh$ grep -i -e segfault -e segment -e dump testssl.script 
sander@zwarte:~/git/testssl.sh$ 
sander@zwarte:~/git/testssl.sh$ 

[drwetter]

in the meatime I was able to reproduce it under debian 12 when running

OPENSSL_CONF=''  strace -f ./bin/openssl.Linux.x86_64 s_client -connect testssl.sh:443
[..]
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P\252\1\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=210904, ...}) = 0
mmap(NULL, 209624, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f1124005000
mmap(0x7f1124006000, 151552, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1000) = 0x7f1124006000
mmap(0x7f112402b000, 40960, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x26000) = 0x7f112402b000
mmap(0x7f1124035000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x30000) = 0x7f1124035000
close(3)                                = 0
mprotect(0x7f1124035000, 8192, PROT_READ) = 0
mprotect(0x7f1124207000, 16384, PROT_READ) = 0
mprotect(0x7f112421d000, 4096, PROT_READ) = 0
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x270e0} ---
+++ killed by SIGSEGV +++
zsh: segmentation fault  OPENSSL_CONF='' strace -f ./bin/openssl.Linux.x86_64 s_client -connect

dmesg shows the same as for you [2029174.913831] openssl.Linux.x[85671]: segfault at 270e0 ip 00000000000270e0 sp 00007fff788b95c8 error 14 in openssl.Linux.x86_64[400000+3b9000] likely on CPU 1 (core 0, socket 1) [2029174.947562] Code: Unable to access opcode bytes at 0x270b6.

Error 14 is a page fault. So either the loader or openssl trries to execute code where it is not mapped (https://utcc.utoronto.ca/~cks/space/blog/linux/KernelSegfaultErrorCodes).

[sanderjo]

And being static was a part of the problem. The binaries I supplied were compiled under a very old Ubuntu distro. Probably that was part of the prolem

So ... provide a more recent openssl binary for newer Linux versions? Or the newev version as default, and provide older binary for older Linux versions?

[drwetter]

I'll recompile a POC first under a newer distro ASAP.

There's also a backport which needs to be done: testssl/openssl-1.0.2.bad#2

[drwetter]

FYI: A static binary complied under Ubuntu 20.04 shows the same problem under Debian 12 and as reported from you.

[drwetter]

A new binary which is meant for testing is @ https://testssl.sh/openssl-1.0.2k-bad/openssl.Linux.x86_64.static . It was compiled under Ubuntu 2204. Hope it works also for older distros.

The backport for sieve is missing as mentioned in testssl/openssl-1.0.2.bad#2 + #2356 .

If it doesn't work, please let me know.

[sanderjo]

Yes, works, without segfaults in dmesg!

wget https://testssl.sh/openssl-1.0.2k-bad/openssl.Linux.x86_64.static
chmod +x openssl.Linux.x86_64.static
./openssl.Linux.x86_64.static --version

and then

./testssl.sh --openssl=./openssl.Linux.x86_64.static 127.0.0.1:8080

sander@zwarte:~/git/testssl.sh$ ll *static
-rwxrwxr-x 1 sander sander 4890832 Jan  4 14:16 openssl.Linux.x86_64.static*
sander@zwarte:~/git/testssl.sh$ 
sander@zwarte:~/git/testssl.sh$ md5sum openssl.Linux.x86_64.static
ea99f8d5db087de1b39d32ec4641f065  openssl.Linux.x86_64.static

This is on my Ubuntu 24.04.