Hello all,
i have to debug a script which uses a full SSL-Handshake. Full means
that it requires Client Certificate, Server Certificate and a Keyfile.
The script is written in PHP and uses Curl (it doesn´t matter if i use
PHPs Curl extension or Curl on CLI - same error)
I also tried from my local machine and on the server.
The thing is, that as far as i can see the Handshake works, but then
some error occures which neither i nor the hoster can explain. So
maybe it´s a bug either on my side or on theirs. To come back to the
topic, you find attached a wireshark capture which shows one
connection from my PC to the server. At the bottom wireshark reports an
"Encrypted Alert". "Encrypted Alert" is first send from my PC to the server
followed by TCP/IP [FIN, ACK] to which the server reacts itself with
"Encrypted Alert" (The following RST package then finally
ends TCP/IP). From internet search i learned that "Encrypted Alert"
usually means that either one Partner does not trust the other
or an unclean shutdown of the SSL connection. However i am very unsure
about this. Can anybody help?
A second thing:
How do i decrypt this full SSL Handshake with wireshark? I only found
out something about the keyfile....
Here is the curl commandline i use, maybe this gives you a hint what i
have to do:
c:\tools\curl\curl.exe https://some-url.com/ --header "Content-Type:
text/xml" --basic --user "user" --data "<xml></xml>" --header
"Content-Type: text/xml" --cacert C:\cacert.pem --cert C:\cert.pem --key
C:\key.key --pass pass --show-error --verbose
p.s.: sorry that i only provide a screenshot, but the capture file would
include too much secret information.
Regards from Germany
Sebastian Kratz