ssl debugging
Elliott A. Johnson
elliott at iparadigms.com
Tue Apr 1 19:41:12 UTC 2008
Thanks hachi I've been able to gather more information with debug level 4.
With the intermediate and wildcard cert in the same file I get the following back from perlbal per connection:
Got new conn: IO::Socket::INET=GLOB(0x88a6188) (192.168.51.71:35070) for reverse_proxy
.. socket upgraded to SSL!
and nothing else.
Maxing out the debugging on openssl's s_client end:
elliott at rad ~ $ openssl s_client -host static.host.com -port 443 -showcerts -debug -tlsextdebug -state -msg -pause
CONNECTED(00000003)
SSL_connect:before/connect initialization
write to 0x80c49e8 [0x80c4a30] (142 bytes => 142 (0x8E))
0000 - 80 8c 01 03 01 00 63 00-00 00 20 00 00 39 00 00 ......c... ..9..
0010 - 38 00 00 35 00 00 88 00-00 87 00 00 84 00 00 16 8..5............
0020 - 00 00 13 00 00 0a 07 00-c0 00 00 33 00 00 32 00 ...........3..2.
0030 - 00 2f 00 00 45 00 00 44-00 00 41 00 00 07 05 00 ./..E..D..A.....
0040 - 80 03 00 80 00 00 05 00-00 04 01 00 80 00 00 15 ................
0050 - 00 00 12 00 00 09 06 00-40 00 00 14 00 00 11 00 ........ at .......
0060 - 00 08 00 00 06 04 00 80-00 00 03 02 00 80 7d ee ..............}.
0070 - 44 6d 8b 7c be a7 27 5f-86 7e e6 17 ab 03 03 27 Dm.|..'_.~.....'
0080 - 23 e1 8f b5 20 88 6d 1c-ff dc 5d ae 21 eb #... .m...].!.
>>> SSL 2.0 [length 008c], CLIENT-HELLO
01 03 01 00 63 00 00 00 20 00 00 39 00 00 38 00
00 35 00 00 88 00 00 87 00 00 84 00 00 16 00 00
13 00 00 0a 07 00 c0 00 00 33 00 00 32 00 00 2f
00 00 45 00 00 44 00 00 41 00 00 07 05 00 80 03
00 80 00 00 05 00 00 04 01 00 80 00 00 15 00 00
12 00 00 09 06 00 40 00 00 14 00 00 11 00 00 08
00 00 06 04 00 80 00 00 03 02 00 80 7d ee 44 6d
8b 7c be a7 27 5f 86 7e e6 17 ab 03 03 27 23 e1
8f b5 20 88 6d 1c ff dc 5d ae 21 eb
SSL_connect:SSLv2/v3 write client hello A
read from 0x80c49e8 [0x80c9f90] (7 bytes => -1 (0xFFFFFFFF))
SSL_connect:error in SSLv2/v3 read server hello A
write:errno=104
In looking at SocketSSL.pm I see the following at the head of the file:
use Danga::Socket 1.44;
use IO::Socket::SSL 0.98;
Should I be using those versions or will IO-Socket-SSL 1.13 work?
elliott
----- Original Message -----
From: "hachi" <hachi at kuiki.net>
To: "Elliott A. Johnson" <elliott at iparadigms.com>
Cc: perlbal at lists.danga.com, "bill" <bill at iparadigms.com>, "Christian Storm" <cstorm at iparadigms.com>
Sent: Tuesday, April 1, 2008 10:19:29 AM (GMT-0800) America/Los_Angeles
Subject: Re: ssl debugging
You can set PERLBAL_DEBUG in your environment before starting up perlbal
to an integer where higher numbers are more verbose. I believe the
highest debug value that exists right now is 4.
More information about the perlbal
mailing list