Назад | Перейти на главную страницу

freeradius предоставляет «без общего шифра» для клиента Windows 10

У меня есть рабочая конфигурация аутентификации 802.1X на моем коммутаторе. Сервер radius - это экземпляр freeradius с настроенным EAP-TLS. Все работает нормально на Linux (и устройствах Android), но когда я пытаюсь подключить компьютер с Windows 10, я получаю странную ошибку от сервера freeradius:

<...>
Debug: eap_tls: Continuing EAP-TLS
Debug: eap_tls: Peer sent flags --L
Debug: eap_tls: Peer indicated complete TLS record size will be 174 bytes
Debug: eap_tls: Got complete TLS record (174 bytes)
Debug: eap_tls: [eaptls verify] = length included
Debug: eap_tls: (other): before/accept initialization
Debug: eap_tls: TLS_accept: before/accept initialization
Debug: Ignoring cbtls_msg call with pseudo content type 256, version 0
Debug: eap_tls: <<< recv TLS 1.2  [length 00a9]
Debug: Ignoring cbtls_msg call with pseudo content type 256, version 0
Debug: eap_tls: >>> send TLS 1.2  [length 0002]
ERROR: eap_tls: TLS Alert write:fatal:handshake failure
Error: tls: TLS_accept: Error in error
Error: tls: TLS_accept: Error in error
ERROR: eap_tls: Failed in __FUNCTION__ (SSL_read): s3_srvr.c[1418]:error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
ERROR: eap_tls: System call (I/O) error (-1)
ERROR: eap_tls: TLS receive handshake failed during operation
ERROR: eap_tls: [eaptls process] = fail
<...>

Итак, похоже no shared cipher. Теперь о странной части.

TLSv1.2 используется, когда сервер отвечает на приветственное сообщение клиента, он выбирает один набор шифров и другие переменные параметры конфигурации. Когда система linux подключается, эти параметры: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, null сжатие ECDHE кривая secp384r1, алгоритм подписи SHA512+ECDSA.

Интересно то, что эта конфигурация предлагается / поддерживается системой Windows (в client-hello), но сервер RADIUS выходит из строя с no shared cipher. Единственное различие между этими приветствиями - это расширения tls: ocsp stampling, сеансовые билеты, расширенный главный секрет и повторное согласование (все из системы Windows, см. Ниже).

Возможно ли, что некоторые из этих расширений вызывают ответ freeradius (и openssl) с помощью no shared cipher?

Здесь client-hello пакет из системы windows. Сразу после этого пакета NAS отвечает отказом.

SSL Record Layer: Handshake Protocol: Client Hello
    Content Type: Handshake (22)
    Version: TLS 1.2 (0x0303)
    Length: 169
    Handshake Protocol: Client Hello
        Handshake Type: Client Hello (1)
        Length: 165
        Version: TLS 1.2 (0x0303)
        Random
            GMT Unix Time: Oct 12, 2016 22:32:27.000000000 MSK
            Random Bytes: cfee7182be38061f0202a3b3ec374724eec7a7eea20270ad...
        Session ID Length: 0
        Cipher Suites Length: 60
        Cipher Suites (30 suites)
            Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)
            Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
            Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
            Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
            Cipher Suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009f)
            Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e)
            Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024)
            Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)
            Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
            Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
            Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
            Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
            Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
            Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
            Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
            Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
            Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)
            Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
            Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)
            Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
            Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
            Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
            Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
            Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (0x006a)
            Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (0x0040)
            Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)
            Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
            Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)
            Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005)
            Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004)
        Compression Methods Length: 1
        Compression Methods (1 method)
            Compression Method: null (0)
        Extensions Length: 64
        Extension: status_request
            Type: status_request (0x0005)
            Length: 5
            Certificate Status Type: OCSP (1)
            Responder ID list Length: 0
            Request Extensions Length: 0
        Extension: elliptic_curves
            Type: elliptic_curves (0x000a)
            Length: 8
            Elliptic Curves Length: 6
            Elliptic curves (3 curves)
                Elliptic curve: Unknown (0x001d)
                Elliptic curve: secp256r1 (0x0017)
                Elliptic curve: secp384r1 (0x0018)
        Extension: ec_point_formats
            Type: ec_point_formats (0x000b)
            Length: 2
            EC point formats Length: 1
            Elliptic curves point formats (1)
                EC point format: uncompressed (0)
        Extension: signature_algorithms
            Type: signature_algorithms (0x000d)
            Length: 20
            Signature Hash Algorithms Length: 18
            Signature Hash Algorithms (9 algorithms)
                Signature Hash Algorithm: 0x0401
                    Signature Hash Algorithm Hash: SHA256 (4)
                    Signature Hash Algorithm Signature: RSA (1)
                Signature Hash Algorithm: 0x0501
                    Signature Hash Algorithm Hash: SHA384 (5)
                    Signature Hash Algorithm Signature: RSA (1)
                Signature Hash Algorithm: 0x0201
                    Signature Hash Algorithm Hash: SHA1 (2)
                    Signature Hash Algorithm Signature: RSA (1)
                Signature Hash Algorithm: 0x0403
                    Signature Hash Algorithm Hash: SHA256 (4)
                    Signature Hash Algorithm Signature: ECDSA (3)
                Signature Hash Algorithm: 0x0503
                    Signature Hash Algorithm Hash: SHA384 (5)
                    Signature Hash Algorithm Signature: ECDSA (3)
                Signature Hash Algorithm: 0x0203
                    Signature Hash Algorithm Hash: SHA1 (2)
                    Signature Hash Algorithm Signature: ECDSA (3)
                Signature Hash Algorithm: 0x0202
                    Signature Hash Algorithm Hash: SHA1 (2)
                    Signature Hash Algorithm Signature: DSA (2)
                Signature Hash Algorithm: 0x0601
                    Signature Hash Algorithm Hash: SHA512 (6)
                    Signature Hash Algorithm Signature: RSA (1)
                Signature Hash Algorithm: 0x0603
                    Signature Hash Algorithm Hash: SHA512 (6)
                    Signature Hash Algorithm Signature: ECDSA (3)
        Extension: SessionTicket TLS
            Type: SessionTicket TLS (0x0023)
            Length: 0
            Data (0 bytes)
        Extension: Extended Master Secret
            Type: Extended Master Secret (0x0017)
            Length: 0
        Extension: renegotiation_info
            Type: renegotiation_info (0xff01)
            Length: 1
            Renegotiation Info extension
                Renegotiation info extension length: 0

Здесь client-hello из системы linux (работает без проблем):

SSL Record Layer: Handshake Protocol: Client Hello
    Content Type: Handshake (22)
    Version: TLS 1.0 (0x0301)
    Length: 293
    Handshake Protocol: Client Hello
        Handshake Type: Client Hello (1)
        Length: 289
        Version: TLS 1.2 (0x0303)
        Random
            GMT Unix Time: May 18, 2087 18:43:39.000000000 MSK
            Random Bytes: a8052b4f8ba5439503d03da61ea2eaad449c9c3a3e9f2ac6...
        Session ID Length: 0
        Cipher Suites Length: 172
        Cipher Suites (86 suites)
            Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
            Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)
            Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
            Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024)
            Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
            Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
            Cipher Suite: TLS_DH_DSS_WITH_AES_256_GCM_SHA384 (0x00a5)
            Cipher Suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 (0x00a3)
            Cipher Suite: TLS_DH_RSA_WITH_AES_256_GCM_SHA384 (0x00a1)
            Cipher Suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009f)
            Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006b)
            Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (0x006a)
            Cipher Suite: TLS_DH_RSA_WITH_AES_256_CBC_SHA256 (0x0069)
            Cipher Suite: TLS_DH_DSS_WITH_AES_256_CBC_SHA256 (0x0068)
            Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
            Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)
            Cipher Suite: TLS_DH_RSA_WITH_AES_256_CBC_SHA (0x0037)
            Cipher Suite: TLS_DH_DSS_WITH_AES_256_CBC_SHA (0x0036)
            Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0088)
            Cipher Suite: TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA (0x0087)
            Cipher Suite: TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0086)
            Cipher Suite: TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA (0x0085)
            Cipher Suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 (0xc032)
            Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02e)
            Cipher Suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 (0xc02a)
            Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 (0xc026)
            Cipher Suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA (0xc00f)
            Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA (0xc005)
            Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)
            Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)
            Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
            Cipher Suite: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0084)
            Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
            Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
            Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
            Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)
            Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
            Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
            Cipher Suite: TLS_DH_DSS_WITH_AES_128_GCM_SHA256 (0x00a4)
            Cipher Suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 (0x00a2)
            Cipher Suite: TLS_DH_RSA_WITH_AES_128_GCM_SHA256 (0x00a0)
            Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e)
            Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067)
            Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (0x0040)
            Cipher Suite: TLS_DH_RSA_WITH_AES_128_CBC_SHA256 (0x003f)
            Cipher Suite: TLS_DH_DSS_WITH_AES_128_CBC_SHA256 (0x003e)
            Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
            Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
            Cipher Suite: TLS_DH_RSA_WITH_AES_128_CBC_SHA (0x0031)
            Cipher Suite: TLS_DH_DSS_WITH_AES_128_CBC_SHA (0x0030)
            Cipher Suite: TLS_DHE_RSA_WITH_SEED_CBC_SHA (0x009a)
            Cipher Suite: TLS_DHE_DSS_WITH_SEED_CBC_SHA (0x0099)
            Cipher Suite: TLS_DH_RSA_WITH_SEED_CBC_SHA (0x0098)
            Cipher Suite: TLS_DH_DSS_WITH_SEED_CBC_SHA (0x0097)
            Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0045)
            Cipher Suite: TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA (0x0044)
            Cipher Suite: TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0043)
            Cipher Suite: TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA (0x0042)
            Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 (0xc031)
            Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02d)
            Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 (0xc029)
            Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 (0xc025)
            Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e)
            Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004)
            Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
            Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
            Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
            Cipher Suite: TLS_RSA_WITH_SEED_CBC_SHA (0x0096)
            Cipher Suite: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0041)
            Cipher Suite: TLS_RSA_WITH_IDEA_CBC_SHA (0x0007)
            Cipher Suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011)
            Cipher Suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA (0xc007)
            Cipher Suite: TLS_ECDH_RSA_WITH_RC4_128_SHA (0xc00c)
            Cipher Suite: TLS_ECDH_ECDSA_WITH_RC4_128_SHA (0xc002)
            Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005)
            Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004)
            Cipher Suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012)
            Cipher Suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008)
            Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)
            Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)
            Cipher Suite: TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA (0x0010)
            Cipher Suite: TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA (0x000d)
            Cipher Suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA (0xc00d)
            Cipher Suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc003)
            Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
            Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
        Compression Methods Length: 1
        Compression Methods (1 method)
            Compression Method: null (0)
        Extensions Length: 76
        Extension: ec_point_formats
            Type: ec_point_formats (0x000b)
            Length: 4
            EC point formats Length: 3
            Elliptic curves point formats (3)
                EC point format: uncompressed (0)
                EC point format: ansiX962_compressed_prime (1)
                EC point format: ansiX962_compressed_char2 (2)
        Extension: elliptic_curves
            Type: elliptic_curves (0x000a)
            Length: 28
            Elliptic Curves Length: 26
            Elliptic curves (13 curves)
                Elliptic curve: secp256r1 (0x0017)
                Elliptic curve: secp521r1 (0x0019)
                Elliptic curve: brainpoolP512r1 (0x001c)
                Elliptic curve: brainpoolP384r1 (0x001b)
                Elliptic curve: secp384r1 (0x0018)
                Elliptic curve: brainpoolP256r1 (0x001a)
                Elliptic curve: secp256k1 (0x0016)
                Elliptic curve: sect571r1 (0x000e)
                Elliptic curve: sect571k1 (0x000d)
                Elliptic curve: sect409k1 (0x000b)
                Elliptic curve: sect409r1 (0x000c)
                Elliptic curve: sect283k1 (0x0009)
                Elliptic curve: sect283r1 (0x000a)
        Extension: signature_algorithms
            Type: signature_algorithms (0x000d)
            Length: 32
            Signature Hash Algorithms Length: 30
            Signature Hash Algorithms (15 algorithms)
                Signature Hash Algorithm: 0x0601
                    Signature Hash Algorithm Hash: SHA512 (6)
                    Signature Hash Algorithm Signature: RSA (1)
                Signature Hash Algorithm: 0x0602
                    Signature Hash Algorithm Hash: SHA512 (6)
                    Signature Hash Algorithm Signature: DSA (2)
                Signature Hash Algorithm: 0x0603
                    Signature Hash Algorithm Hash: SHA512 (6)
                    Signature Hash Algorithm Signature: ECDSA (3)
                Signature Hash Algorithm: 0x0501
                    Signature Hash Algorithm Hash: SHA384 (5)
                    Signature Hash Algorithm Signature: RSA (1)
                Signature Hash Algorithm: 0x0502
                    Signature Hash Algorithm Hash: SHA384 (5)
                    Signature Hash Algorithm Signature: DSA (2)
                Signature Hash Algorithm: 0x0503
                    Signature Hash Algorithm Hash: SHA384 (5)
                    Signature Hash Algorithm Signature: ECDSA (3)
                Signature Hash Algorithm: 0x0401
                    Signature Hash Algorithm Hash: SHA256 (4)
                    Signature Hash Algorithm Signature: RSA (1)
                Signature Hash Algorithm: 0x0402
                    Signature Hash Algorithm Hash: SHA256 (4)
                    Signature Hash Algorithm Signature: DSA (2)
                Signature Hash Algorithm: 0x0403
                    Signature Hash Algorithm Hash: SHA256 (4)
                    Signature Hash Algorithm Signature: ECDSA (3)
                Signature Hash Algorithm: 0x0301
                    Signature Hash Algorithm Hash: SHA224 (3)
                    Signature Hash Algorithm Signature: RSA (1)
                Signature Hash Algorithm: 0x0302
                    Signature Hash Algorithm Hash: SHA224 (3)
                    Signature Hash Algorithm Signature: DSA (2)
                Signature Hash Algorithm: 0x0303
                    Signature Hash Algorithm Hash: SHA224 (3)
                    Signature Hash Algorithm Signature: ECDSA (3)
                Signature Hash Algorithm: 0x0201
                    Signature Hash Algorithm Hash: SHA1 (2)
                    Signature Hash Algorithm Signature: RSA (1)
                Signature Hash Algorithm: 0x0202
                    Signature Hash Algorithm Hash: SHA1 (2)
                    Signature Hash Algorithm Signature: DSA (2)
                Signature Hash Algorithm: 0x0203
                    Signature Hash Algorithm Hash: SHA1 (2)
                    Signature Hash Algorithm Signature: ECDSA (3)

В server-hello для системы linux (с согласованными параметрами):

Version: 802.1X-2001 (1)
Type: EAP Packet (0)
Length: 558
Extensible Authentication Protocol
    Code: Request (1)
    Id: 183
    Length: 558
    Type: TLS EAP (EAP-TLS) (13)
    EAP-TLS Flags: 0x80
        1... .... = Length Included: True
        .0.. .... = More Fragments: False
        ..0. .... = Start: False
    EAP-TLS Length: 1562
    [2 EAP-TLS Fragments (1562 bytes): #6(1014), #8(548)]
        [Frame: 6, payload: 0-1013 (1014 bytes)]
        [Frame: 8, payload: 1014-1561 (548 bytes)]
        [Fragment Count: 2]
        [Reassembled EAP-TLS Length: 1562]
    Secure Sockets Layer
        TLSv1.2 Record Layer: Handshake Protocol: Server Hello
            Content Type: Handshake (22)
            Version: TLS 1.2 (0x0303)
            Length: 57
            Handshake Protocol: Server Hello
                Handshake Type: Server Hello (2)
                Length: 53
                Version: TLS 1.2 (0x0303)
                Random
                    GMT Unix Time: Jun 23, 2069 22:43:44.000000000 MSK
                    Random Bytes: f55c140ff16bab468b8f5d2f21e3cc8237090f9eebf23476...
                Session ID Length: 0
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)
                Compression Method: null (0)
                Extensions Length: 13
                Extension: renegotiation_info
                    Type: renegotiation_info (0xff01)
                    Length: 1
                    Renegotiation Info extension
                        Renegotiation info extension length: 0
                Extension: ec_point_formats
                    Type: ec_point_formats (0x000b)
                    Length: 4
                    EC point formats Length: 3
                    Elliptic curves point formats (3)
                        EC point format: uncompressed (0)
                        EC point format: ansiX962_compressed_prime (1)
                        EC point format: ansiX962_compressed_char2 (2)
        TLSv1.2 Record Layer: Handshake Protocol: Certificate
            Content Type: Handshake (22)
            Version: TLS 1.2 (0x0303)
            Length: 1155
            Handshake Protocol: Certificate
                Handshake Type: Certificate (11)
                Length: 1151
                Certificates Length: 1148
                Certificates (1148 bytes)
                    REDACTED
        TLSv1.2 Record Layer: Handshake Protocol: Server Key Exchange
            Content Type: Handshake (22)
            Version: TLS 1.2 (0x0303)
            Length: 247
            Handshake Protocol: Server Key Exchange
                Handshake Type: Server Key Exchange (12)
                Length: 243
                EC Diffie-Hellman Server Params
                    Curve Type: named_curve (0x03)
                    Named Curve: secp384r1 (0x0018)
                    Pubkey Length: 97
                    Pubkey: 0409c1e40a860e38d72cc95fe4bed9bc01b2874f79fa74d3...
                    Signature Hash Algorithm: 0x0603
                        Signature Hash Algorithm Hash: SHA512 (6)
                        Signature Hash Algorithm Signature: ECDSA (3)
                    Signature Length: 138
                    Signature: 30818702414f82bf2dc1f20e19ca281784a1023607d4ae4f...
        TLSv1.2 Record Layer: Handshake Protocol: Multiple Handshake Messages
            Content Type: Handshake (22)
            Version: TLS 1.2 (0x0303)
            Length: 83
            Handshake Protocol: Certificate Request
                Handshake Type: Certificate Request (13)
                Length: 75
                Certificate types count: 3
                Certificate types (3 types)
                    Certificate type: RSA Sign (1)
                    Certificate type: DSS Sign (2)
                    Certificate type: ECDSA Sign (64)
                Signature Hash Algorithms Length: 30
                Signature Hash Algorithms (15 algorithms)
                    Signature Hash Algorithm: 0x0601
                        Signature Hash Algorithm Hash: SHA512 (6)
                        Signature Hash Algorithm Signature: RSA (1)
                    Signature Hash Algorithm: 0x0602
                        Signature Hash Algorithm Hash: SHA512 (6)
                        Signature Hash Algorithm Signature: DSA (2)
                    Signature Hash Algorithm: 0x0603
                        Signature Hash Algorithm Hash: SHA512 (6)
                        Signature Hash Algorithm Signature: ECDSA (3)
                    Signature Hash Algorithm: 0x0501
                        Signature Hash Algorithm Hash: SHA384 (5)
                        Signature Hash Algorithm Signature: RSA (1)
                    Signature Hash Algorithm: 0x0502
                        Signature Hash Algorithm Hash: SHA384 (5)
                        Signature Hash Algorithm Signature: DSA (2)
                    Signature Hash Algorithm: 0x0503
                        Signature Hash Algorithm Hash: SHA384 (5)
                        Signature Hash Algorithm Signature: ECDSA (3)
                    Signature Hash Algorithm: 0x0401
                        Signature Hash Algorithm Hash: SHA256 (4)
                        Signature Hash Algorithm Signature: RSA (1)
                    Signature Hash Algorithm: 0x0402
                        Signature Hash Algorithm Hash: SHA256 (4)
                        Signature Hash Algorithm Signature: DSA (2)
                    Signature Hash Algorithm: 0x0403
                        Signature Hash Algorithm Hash: SHA256 (4)
                        Signature Hash Algorithm Signature: ECDSA (3)
                    Signature Hash Algorithm: 0x0301
                        Signature Hash Algorithm Hash: SHA224 (3)
                        Signature Hash Algorithm Signature: RSA (1)
                    Signature Hash Algorithm: 0x0302
                        Signature Hash Algorithm Hash: SHA224 (3)
                        Signature Hash Algorithm Signature: DSA (2)
                    Signature Hash Algorithm: 0x0303
                        Signature Hash Algorithm Hash: SHA224 (3)
                        Signature Hash Algorithm Signature: ECDSA (3)
                    Signature Hash Algorithm: 0x0201
                        Signature Hash Algorithm Hash: SHA1 (2)
                        Signature Hash Algorithm Signature: RSA (1)
                    Signature Hash Algorithm: 0x0202
                        Signature Hash Algorithm Hash: SHA1 (2)
                        Signature Hash Algorithm Signature: DSA (2)
                    Signature Hash Algorithm: 0x0203
                        Signature Hash Algorithm Hash: SHA1 (2)
                        Signature Hash Algorithm Signature: ECDSA (3)
                Distinguished Names Length: 37
                    REDACTED
            Handshake Protocol: Server Hello Done
                Handshake Type: Server Hello Done (14)
                Length: 0

Из 3 расширений, упомянутых в Client Hello, расширенный главный секрет является наиболее вероятной причиной. Это «новое» расширение TLS, помогающее справляться с попытками атак MITM.

Вы можете попробовать отключить расширение Extended Master Secret в Windows, добавив значение DWORD к следующему ключу: [HKLM \ System \ CurrentControlSet \ Control \ SecurityProviders \ Schannel]

Если ваш компьютер Windows является клиентом, вы добавляете:

REG_DWORD: DisableClientExtendedMasterSecret = 1

Если ваша машина Windows является сервером, вы добавляете:

REG_DWORD: DisableServerExtendedMasterSecret = 1

Нет необходимости перезагружать машину, это учитывается для всех подключений TLE, которые происходят с этого момента.

Мне пришлось отключить его, чтобы иметь возможность использовать BMC TrueSight для расшифровки трафика на проводе и анализа взаимодействия пользователей с SSL-соединением. Версия BMC TrueSight для OpenSSL была слишком старой, она поддерживается только начиная с OpenSSL 1.1.10. Он также поддерживается на Android и iPhone.