Topic: curl(PHP) and GOST
Hi, I build OpenSSL package with GOST support.
And test connection with openssl seems Ok.
$ openssl s_client -connect icrs.nbki.ru:443 -tls1 -debug -msg -state
CONNECTED(00000003)
SSL_connect:before/connect initialization
write to 0x9fa6100 [0x9fb51b3] (120 bytes => 120 (0x78))
0000 - 16 03 01 00 73 01 00 00-6f 03 01 50 f4 00 86 e1 ....s...o..P....
0010 - 4b 8c f5 56 84 ef 4a 2d-28 55 2d b4 92 07 1b a0 K..V..J-(U-.....
0020 - 2d 09 0c bd 0b b3 7c 2c-74 2a 43 00 00 3c 00 39 -.....|,t*C..<.9
0030 - 00 38 00 88 00 87 00 35-00 84 00 16 00 13 00 0a .8.....5........
0040 - 00 33 00 32 00 9a 00 99-00 45 00 44 00 2f 00 96 .3.2.....E.D./..
0050 - 00 41 00 07 00 05 00 04-00 15 00 12 00 09 00 14 .A..............
0060 - 00 11 00 08 00 06 00 03-00 ff 02 01 00 00 09 00 ................
0070 - 23 00 00 00 0f 00 01 01- #.......
>>> TLS 1.0 Handshake [length 0073], ClientHello
01 00 00 6f 03 01 50 f4 00 86 e1 4b 8c f5 56 84
ef 4a 2d 28 55 2d b4 92 07 1b a0 2d 09 0c bd 0b
b3 7c 2c 74 2a 43 00 00 3c 00 39 00 38 00 88 00
87 00 35 00 84 00 16 00 13 00 0a 00 33 00 32 00
9a 00 99 00 45 00 44 00 2f 00 96 00 41 00 07 00
05 00 04 00 15 00 12 00 09 00 14 00 11 00 08 00
06 00 03 00 ff 02 01 00 00 09 00 23 00 00 00 0f
00 01 01
SSL_connect:SSLv3 write client hello A
read from 0x9fa6100 [0x9fb0c63] (5 bytes => 5 (0x5))
0000 - 16 03 01 00 2a ....*
read from 0x9fa6100 [0x9fb0c68] (42 bytes => 42 (0x2A))
0000 - 02 00 00 26 03 01 50 f4-00 88 1c a5 c1 c6 28 0e ...&..P.......(.
0010 - 26 c0 9a 49 e3 86 1c dd-e5 3b 78 2f c1 89 6c 72 &..I.....;x/..lr
0020 - 26 08 3c 69 c6 e0 00 00-31 &.<i....1
002a - <SPACES/NULS>
<<< TLS 1.0 Handshake [length 002a], ServerHello
02 00 00 26 03 01 50 f4 00 88 1c a5 c1 c6 28 0e
26 c0 9a 49 e3 86 1c dd e5 3b 78 2f c1 89 6c 72
26 08 3c 69 c6 e0 00 00 31 00
write to 0x9fa6100 [0x9fba670] (7 bytes => 7 (0x7))
0000 - 15 03 01 00 02 02 2f ....../
>>> TLS 1.0 Alert [length 0002], fatal illegal_parameter
02 2f
SSL3 alert write:fatal:illegal parameter
SSL_connect:error in SSLv3 read server hello B
3075868396:error:140920F8:SSL routines:SSL3_GET_SERVER_HELLO:unknown cipher returned:s3_clnt.c:944:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 47 bytes and written 7 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1358168198
Timeout : 7200 (sec)
Verify return code: 0 (ok)
---
[mikhail@telecon_16 444]$ clear
[mikhail@telecon_16 444]$ openssl s_client -connect icrs.nbki.ru:443 -tls1 -debug -msg -state
CONNECTED(00000003)
SSL_connect:before/connect initialization
write to 0x8520100 [0x852f1b3] (120 bytes => 120 (0x78))
0000 - 16 03 01 00 73 01 00 00-6f 03 01 50 f4 00 a4 0d ....s...o..P....
0010 - 9f b9 c4 ea 34 3c 43 3f-2a 53 18 e8 bb 85 a2 77 ....4<C?*S.....w
0020 - 86 f2 70 9c dc 23 79 ca-8a ca 81 00 00 3c 00 39 ..p..#y......<.9
0030 - 00 38 00 88 00 87 00 35-00 84 00 16 00 13 00 0a .8.....5........
0040 - 00 33 00 32 00 9a 00 99-00 45 00 44 00 2f 00 96 .3.2.....E.D./..
0050 - 00 41 00 07 00 05 00 04-00 15 00 12 00 09 00 14 .A..............
0060 - 00 11 00 08 00 06 00 03-00 ff 02 01 00 00 09 00 ................
0070 - 23 00 00 00 0f 00 01 01- #.......
>>> TLS 1.0 Handshake [length 0073], ClientHello
01 00 00 6f 03 01 50 f4 00 a4 0d 9f b9 c4 ea 34
3c 43 3f 2a 53 18 e8 bb 85 a2 77 86 f2 70 9c dc
23 79 ca 8a ca 81 00 00 3c 00 39 00 38 00 88 00
87 00 35 00 84 00 16 00 13 00 0a 00 33 00 32 00
9a 00 99 00 45 00 44 00 2f 00 96 00 41 00 07 00
05 00 04 00 15 00 12 00 09 00 14 00 11 00 08 00
06 00 03 00 ff 02 01 00 00 09 00 23 00 00 00 0f
00 01 01
SSL_connect:SSLv3 write client hello A
read from 0x8520100 [0x852ac63] (5 bytes => 5 (0x5))
0000 - 16 03 01 00 2a ....*
read from 0x8520100 [0x852ac68] (42 bytes => 42 (0x2A))
0000 - 02 00 00 26 03 01 50 f4-00 ac 06 c7 2c 1f 6b 1c ...&..P.....,.k.
0010 - b2 c7 15 36 7f 2c bb 05-1b 3e cd 24 85 5e 50 c2 ...6.,...>.$.^P.
0020 - 84 3e c5 fa 7a da 00 00-31 .>..z...1
002a - <SPACES/NULS>
<<< TLS 1.0 Handshake [length 002a], ServerHello
02 00 00 26 03 01 50 f4 00 ac 06 c7 2c 1f 6b 1c
b2 c7 15 36 7f 2c bb 05 1b 3e cd 24 85 5e 50 c2
84 3e c5 fa 7a da 00 00 31 00
write to 0x8520100 [0x8534670] (7 bytes => 7 (0x7))
0000 - 15 03 01 00 02 02 2f ....../
>>> TLS 1.0 Alert [length 0002], fatal illegal_parameter
02 2f
SSL3 alert write:fatal:illegal parameter
SSL_connect:error in SSLv3 read server hello B
3076171500:error:140920F8:SSL routines:SSL3_GET_SERVER_HELLO:unknown cipher returned:s3_clnt.c:944:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 47 bytes and written 7 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1358168228
Timeout : 7200 (sec)
Verify return code: 0 (ok)
---
[mikhail@telecon_16 444]$ openssl s_client -connect icrs.nbki.ru:443 -tls1 -debug -msg -state
CONNECTED(00000003)
SSL_connect:before/connect initialization
write to 0x9dd5880 [0x9de493b] (216 bytes => 216 (0xD8))
0000 - 16 03 01 00 d3 01 00 00-cf 03 01 50 f4 00 ef ff ...........P....
0010 - 46 c7 e3 bf 8e 95 14 63-db 71 7b 67 fe dd 3d 6f F......c.q{g..=o
0020 - a3 88 43 73 56 64 02 1a-52 ba 64 00 00 5c c0 14 ..CsVd..R.d..\..
0030 - c0 0a 00 39 00 38 00 88-00 87 c0 0f c0 05 00 35 ...9.8.........5
0040 - 00 84 c0 12 c0 08 00 16-00 13 c0 0d c0 03 00 0a ................
0050 - c0 13 c0 09 00 33 00 32-00 9a 00 99 00 45 00 44 .....3.2.....E.D
0060 - c0 0e c0 04 00 2f 00 96-00 41 00 07 c0 11 c0 07 ...../...A......
0070 - c0 0c c0 02 00 05 00 04-00 15 00 12 00 09 00 14 ................
0080 - 00 11 00 08 00 06 00 03-00 ff 02 01 00 00 49 00 ..............I.
0090 - 0b 00 04 03 00 01 02 00-0a 00 34 00 32 00 0e 00 ..........4.2...
00a0 - 0d 00 19 00 0b 00 0c 00-18 00 09 00 0a 00 16 00 ................
00b0 - 17 00 08 00 06 00 07 00-14 00 15 00 04 00 05 00 ................
00c0 - 12 00 13 00 01 00 02 00-03 00 0f 00 10 00 11 00 ................
00d0 - 23 00 00 00 0f 00 01 01- #.......
>>> TLS 1.0 Handshake [length 00d3], ClientHello
01 00 00 cf 03 01 50 f4 00 ef ff 46 c7 e3 bf 8e
95 14 63 db 71 7b 67 fe dd 3d 6f a3 88 43 73 56
64 02 1a 52 ba 64 00 00 5c c0 14 c0 0a 00 39 00
38 00 88 00 87 c0 0f c0 05 00 35 00 84 c0 12 c0
08 00 16 00 13 c0 0d c0 03 00 0a c0 13 c0 09 00
33 00 32 00 9a 00 99 00 45 00 44 c0 0e c0 04 00
2f 00 96 00 41 00 07 c0 11 c0 07 c0 0c c0 02 00
05 00 04 00 15 00 12 00 09 00 14 00 11 00 08 00
06 00 03 00 ff 02 01 00 00 49 00 0b 00 04 03 00
01 02 00 0a 00 34 00 32 00 0e 00 0d 00 19 00 0b
00 0c 00 18 00 09 00 0a 00 16 00 17 00 08 00 06
00 07 00 14 00 15 00 04 00 05 00 12 00 13 00 01
00 02 00 03 00 0f 00 10 00 11 00 23 00 00 00 0f
00 01 01
SSL_connect:SSLv3 write client hello A
read from 0x9dd5880 [0x9de03eb] (5 bytes => 5 (0x5))
0000 - 16 03 01 00 2a ....*
read from 0x9dd5880 [0x9de03f0] (42 bytes => 42 (0x2A))
0000 - 02 00 00 26 03 01 50 f4-00 f0 7a 32 79 c1 47 f7 ...&..P...z2y.G.
0010 - 5b 79 48 12 aa 08 98 81-90 9c 95 53 d9 28 94 15 [yH........S.(..
0020 - ab 90 90 46 36 ae 00 00-31 ...F6...1
002a - <SPACES/NULS>
<<< TLS 1.0 Handshake [length 002a], ServerHello
02 00 00 26 03 01 50 f4 00 f0 7a 32 79 c1 47 f7
5b 79 48 12 aa 08 98 81 90 9c 95 53 d9 28 94 15
ab 90 90 46 36 ae 00 00 31 00
write to 0x9dd5880 [0x9de9df8] (7 bytes => 7 (0x7))
0000 - 15 03 01 00 02 02 2f ....../
>>> TLS 1.0 Alert [length 0002], fatal illegal_parameter
02 2f
SSL3 alert write:fatal:illegal parameter
SSL_connect:error in SSLv3 read server hello B
3076310764:error:140920F8:SSL routines:SSL3_GET_SERVER_HELLO:unknown cipher returned:s3_clnt.c:944:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 47 bytes and written 7 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1358168303
Timeout : 7200 (sec)
Verify return code: 0 (ok)
---
[mikhail@telecon_16 444]$ openssl s_client -connect icrs.nbki.ru:443 -tls1 -debug -msg -state
CONNECTED(00000003)
SSL_connect:before/connect initialization
write to 0x8591398 [0x85a0453] (220 bytes => 220 (0xDC))
0000 - 16 03 01 00 d7 01 00 00-d3 03 01 50 f4 01 01 ef ...........P....
0010 - 67 85 3b a5 61 7a f1 1d-1b dd 7b c6 37 50 2d 8c g.;.az....{.7P-.
0020 - ff 38 9f 5f 09 da 2e 28-67 3f de 00 00 60 c0 14 .8._...(g?...`..
0030 - c0 0a 00 39 00 38 00 88-00 87 00 81 00 80 c0 0f ...9.8..........
0040 - c0 05 00 35 00 84 c0 12-c0 08 00 16 00 13 c0 0d ...5............
0050 - c0 03 00 0a c0 13 c0 09-00 33 00 32 00 9a 00 99 .........3.2....
0060 - 00 45 00 44 c0 0e c0 04-00 2f 00 96 00 41 00 07 .E.D...../...A..
0070 - c0 11 c0 07 c0 0c c0 02-00 05 00 04 00 15 00 12 ................
0080 - 00 09 00 14 00 11 00 08-00 06 00 03 00 ff 02 01 ................
0090 - 00 00 49 00 0b 00 04 03-00 01 02 00 0a 00 34 00 ..I...........4.
00a0 - 32 00 0e 00 0d 00 19 00-0b 00 0c 00 18 00 09 00 2...............
00b0 - 0a 00 16 00 17 00 08 00-06 00 07 00 14 00 15 00 ................
00c0 - 04 00 05 00 12 00 13 00-01 00 02 00 03 00 0f 00 ................
00d0 - 10 00 11 00 23 00 00 00-0f 00 01 01 ....#.......
>>> TLS 1.0 Handshake [length 00d7], ClientHello
01 00 00 d3 03 01 50 f4 01 01 ef 67 85 3b a5 61
7a f1 1d 1b dd 7b c6 37 50 2d 8c ff 38 9f 5f 09
da 2e 28 67 3f de 00 00 60 c0 14 c0 0a 00 39 00
38 00 88 00 87 00 81 00 80 c0 0f c0 05 00 35 00
84 c0 12 c0 08 00 16 00 13 c0 0d c0 03 00 0a c0
13 c0 09 00 33 00 32 00 9a 00 99 00 45 00 44 c0
0e c0 04 00 2f 00 96 00 41 00 07 c0 11 c0 07 c0
0c c0 02 00 05 00 04 00 15 00 12 00 09 00 14 00
11 00 08 00 06 00 03 00 ff 02 01 00 00 49 00 0b
00 04 03 00 01 02 00 0a 00 34 00 32 00 0e 00 0d
00 19 00 0b 00 0c 00 18 00 09 00 0a 00 16 00 17
00 08 00 06 00 07 00 14 00 15 00 04 00 05 00 12
00 13 00 01 00 02 00 03 00 0f 00 10 00 11 00 23
00 00 00 0f 00 01 01
SSL_connect:SSLv3 write client hello A
read from 0x8591398 [0x859bf03] (5 bytes => 5 (0x5))
0000 - 16 03 01 00 50 ....P
read from 0x8591398 [0x859bf08] (80 bytes => 80 (0x50))
0000 - 02 00 00 4c 03 01 50 f4-01 03 15 e5 c6 fe 50 51 ...L..P.......PQ
0010 - c5 7e ef e0 58 c6 35 83-26 2d cc 0f 05 9d 29 39 .~..X.5.&-....)9
0020 - 16 0b e3 36 b4 3b 00 00-81 00 00 24 fd e8 00 20 ...6.;.....$...
0030 - 30 1e 30 08 06 06 2a 85-03 02 02 09 30 08 06 06 0.0...*.....0...
0040 - 2a 85 03 02 02 16 30 08-06 06 2a 85 03 02 02 17 *.....0...*.....
<<< TLS 1.0 Handshake [length 0050], ServerHello
02 00 00 4c 03 01 50 f4 01 03 15 e5 c6 fe 50 51
c5 7e ef e0 58 c6 35 83 26 2d cc 0f 05 9d 29 39
16 0b e3 36 b4 3b 00 00 81 00 00 24 fd e8 00 20
30 1e 30 08 06 06 2a 85 03 02 02 09 30 08 06 06
2a 85 03 02 02 16 30 08 06 06 2a 85 03 02 02 17
SSL_connect:SSLv3 read server hello A
read from 0x8591398 [0x859bf03] (5 bytes => 5 (0x5))
0000 - 16 03 01 04 10 .....
read from 0x8591398 [0x859bf08] (1040 bytes => 1040 (0x410))
0000 - 0b 00 04 0c 00 04 09 00-04 06 30 82 04 02 30 82 ..........0...0.
0010 - 03 b1 a0 03 02 01 02 02-0a 6b 9e f8 f4 00 0b 00 .........k......
0020 - 00 ec 79 30 08 06 06 2a-85 03 02 02 03 30 81 92 ..y0...*.....0..
0030 - 31 20 30 1e 06 09 2a 86-48 86 f7 0d 01 09 01 16 1 0...*.H.......
0040 - 11 63 70 63 61 40 63 72-79 70 74 6f 70 72 6f 2e .cpca@cryptopro.
0050 - 72 75 31 0b 30 09 06 03-55 04 06 13 02 52 55 31 ru1.0...U....RU1
0060 - 15 30 13 06 03 55 04 07-1e 0c 04 1c 04 3e 04 41 .0...U.......>.A
0070 - 04 3a 04 32 04 30 31 25-30 23 06 03 55 04 0a 1e .:.2.01%0#..U...
0080 - 1c 04 1e 04 1e 04 1e 00-20 04 1a 04 20 04 18 04 ........ ... ...
0090 - 1f 04 22 04 1e 00 2d 04-1f 04 20 04 1e 31 23 30 .."...-... ..1#0
00a0 - 21 06 03 55 04 03 1e 1a-04 23 04 26 00 20 00 4b !..U.....#.&. .K
00b0 - 00 50 04 18 04 1f 00 54-00 4f 00 2d 04 1f 00 50 .P.....T.O.-...P
00c0 - 00 4f 30 1e 17 0d 31 32-30 38 30 33 30 36 30 30 .O0...1208030600
00d0 - 30 30 5a 17 0d 31 33 30-38 30 33 30 36 31 30 30 00Z..13080306100
00e0 - 30 5a 30 81 88 31 1e 30-1c 06 09 2a 86 48 86 f7 0Z0..1.0...*.H..
00f0 - 0d 01 09 01 16 0f 73 75-70 70 6f 72 74 40 6e 62 ......support@nb
0100 - 6b 69 2e 72 75 31 0b 30-09 06 03 55 04 06 13 02 ki.ru1.0...U....
0110 - 52 55 31 0f 30 0d 06 03-55 04 07 13 06 4d 6f 73 RU1.0...U....Mos
0120 - 63 6f 77 31 31 30 2f 06-03 55 04 0a 13 28 4f 4a cow110/..U...(OJ
0130 - 53 43 20 4e 61 74 69 6f-6e 61 6c 20 42 75 72 65 SC National Bure
0140 - 61 75 20 6f 66 20 43 72-65 64 69 74 20 48 69 73 au of Credit His
0150 - 74 6f 72 69 65 73 31 15-30 13 06 03 55 04 03 13 tories1.0...U...
0160 - 0c 69 63 72 73 2e 6e 62-6b 69 2e 72 75 30 63 30 .icrs.nbki.ru0c0
0170 - 1c 06 06 2a 85 03 02 02-13 30 12 06 07 2a 85 03 ...*.....0...*..
0180 - 02 02 24 00 06 07 2a 85-03 02 02 1e 01 03 43 00 ..$...*.......C.
0190 - 04 40 ea e7 ad 92 9f 76-9e 21 3d 03 89 27 aa 05 .@.....v.!=..'..
01a0 - fd 5e 47 04 cf c5 7a 95-7c 14 c2 8a 8d cf 69 df .^G...z.|.....i.
01b0 - 7b 0f a9 90 96 72 8d 8a-fb 7e 35 fd 59 b2 ff 43 {....r...~5.Y..C
01c0 - 9b 16 e1 f1 43 b8 12 cf-bc ed 4c 53 6a a0 06 58 ....C.....LSj..X
01d0 - 34 78 a3 82 01 ed 30 82-01 e9 30 0e 06 03 55 1d 4x....0...0...U.
01e0 - 0f 01 01 ff 04 04 03 02-04 f0 30 13 06 03 55 1d ..........0...U.
01f0 - 25 04 0c 30 0a 06 08 2b-06 01 05 05 07 03 01 30 %..0...+.......0
0200 - 1d 06 03 55 1d 0e 04 16-04 14 bb b4 85 b7 9a 44 ...U...........D
0210 - 08 3e 1c c4 fa ba cf d1-c3 c5 b2 22 b9 65 30 1f .>.........".e0.
0220 - 06 03 55 1d 23 04 18 30-16 80 14 28 dc 53 bc fb ..U.#..0...(.S..
0230 - 64 81 6b 97 18 fc 82 31-55 ce 93 2a c0 cc e7 30 d.k....1U..*...0
0240 - 82 01 07 06 03 55 1d 1f-04 81 ff 30 81 fc 30 51 .....U.....0..0Q
0250 - a0 4f a0 4d 86 4b 68 74-74 70 3a 2f 2f 63 64 70 .O.M.Khttp://cdp
0260 - 2e 63 72 79 70 74 6f 70-72 6f 2e 72 75 2f 72 61 .cryptopro.ru/ra
0270 - 2f 63 64 70 2f 32 38 44-43 35 33 42 43 46 42 36 /cdp/28DC53BCFB6
0280 - 34 38 31 36 42 39 37 31-38 46 43 38 32 33 31 35 4816B9718FC82315
0290 - 35 43 45 39 33 32 41 43-30 43 43 45 37 2e 63 72 5CE932AC0CCE7.cr
02a0 - 6c 30 52 a0 50 a0 4e 86-4c 68 74 74 70 3a 2f 2f l0R.P.N.Lhttp://
02b0 - 63 70 63 61 2e 63 72 79-70 74 6f 70 72 6f 2e 72 cpca.cryptopro.r
02c0 - 75 2f 72 61 2f 63 64 70-2f 32 38 44 43 35 33 42 u/ra/cdp/28DC53B
02d0 - 43 46 42 36 34 38 31 36-42 39 37 31 38 46 43 38 CFB64816B9718FC8
02e0 - 32 33 31 35 35 43 45 39-33 32 41 43 30 43 43 45 23155CE932AC0CCE
02f0 - 37 2e 63 72 6c 30 53 a0-51 a0 4f 86 4d 68 74 74 7.crl0S.Q.O.Mhtt
0300 - 70 3a 2f 2f 63 70 63 61-32 2e 63 72 79 70 74 6f p://cpca2.crypto
0310 - 70 72 6f 2e 72 75 2f 72-61 2f 63 64 70 2f 32 38 pro.ru/ra/cdp/28
0320 - 44 43 35 33 42 43 46 42-36 34 38 31 36 42 39 37 DC53BCFB64816B97
0330 - 31 38 46 43 38 32 33 31-35 35 43 45 39 33 32 41 18FC823155CE932A
0340 - 43 30 43 43 45 37 2e 63-72 6c 30 77 06 08 2b 06 C0CCE7.crl0w..+.
0350 - 01 05 05 07 01 01 04 6b-30 69 30 32 06 08 2b 06 .......k0i02..+.
0360 - 01 05 05 07 30 01 86 26-68 74 74 70 3a 2f 2f 6f ....0..&http://o
0370 - 63 73 70 2e 63 72 79 70-74 6f 70 72 6f 2e 72 75 csp.cryptopro.ru
0380 - 2f 6f 63 73 70 2f 6f 63-73 70 2e 73 72 66 30 33 /ocsp/ocsp.srf03
0390 - 06 08 2b 06 01 05 05 07-30 01 86 27 68 74 74 70 ..+.....0..'http
03a0 - 3a 2f 2f 6f 63 73 70 32-2e 63 72 79 70 74 6f 70 ://ocsp2.cryptop
03b0 - 72 6f 2e 72 75 2f 6f 63-73 70 2f 6f 63 73 70 2e ro.ru/ocsp/ocsp.
03c0 - 73 72 66 30 08 06 06 2a-85 03 02 02 03 03 41 00 srf0...*......A.
03d0 - 88 dc 73 7a c8 20 6a a5-3a b8 3f c5 2b 7c f8 7c ..sz. j.:.?.+|.|
03e0 - 00 e0 75 b7 fb 4a 4e 91-e1 f1 7d f5 81 d4 de a0 ..u..JN...}.....
03f0 - 97 3c c7 ce 1d 98 be 54-2d 27 de 6f 33 be 96 68 .<.....T-'.o3..h
0400 - 5b db c2 11 16 1a 1d dd-ba cf bd d5 5b a1 f5 3b [...........[..;
<<< TLS 1.0 Handshake [length 0410], Certificate
0b 00 04 0c 00 04 09 00 04 06 30 82 04 02 30 82
03 b1 a0 03 02 01 02 02 0a 6b 9e f8 f4 00 0b 00
00 ec 79 30 08 06 06 2a 85 03 02 02 03 30 81 92
31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16
11 63 70 63 61 40 63 72 79 70 74 6f 70 72 6f 2e
72 75 31 0b 30 09 06 03 55 04 06 13 02 52 55 31
15 30 13 06 03 55 04 07 1e 0c 04 1c 04 3e 04 41
04 3a 04 32 04 30 31 25 30 23 06 03 55 04 0a 1e
1c 04 1e 04 1e 04 1e 00 20 04 1a 04 20 04 18 04
1f 04 22 04 1e 00 2d 04 1f 04 20 04 1e 31 23 30
21 06 03 55 04 03 1e 1a 04 23 04 26 00 20 00 4b
00 50 04 18 04 1f 00 54 00 4f 00 2d 04 1f 00 50
00 4f 30 1e 17 0d 31 32 30 38 30 33 30 36 30 30
30 30 5a 17 0d 31 33 30 38 30 33 30 36 31 30 30
30 5a 30 81 88 31 1e 30 1c 06 09 2a 86 48 86 f7
0d 01 09 01 16 0f 73 75 70 70 6f 72 74 40 6e 62
6b 69 2e 72 75 31 0b 30 09 06 03 55 04 06 13 02
52 55 31 0f 30 0d 06 03 55 04 07 13 06 4d 6f 73
63 6f 77 31 31 30 2f 06 03 55 04 0a 13 28 4f 4a
53 43 20 4e 61 74 69 6f 6e 61 6c 20 42 75 72 65
61 75 20 6f 66 20 43 72 65 64 69 74 20 48 69 73
74 6f 72 69 65 73 31 15 30 13 06 03 55 04 03 13
0c 69 63 72 73 2e 6e 62 6b 69 2e 72 75 30 63 30
1c 06 06 2a 85 03 02 02 13 30 12 06 07 2a 85 03
02 02 24 00 06 07 2a 85 03 02 02 1e 01 03 43 00
04 40 ea e7 ad 92 9f 76 9e 21 3d 03 89 27 aa 05
fd 5e 47 04 cf c5 7a 95 7c 14 c2 8a 8d cf 69 df
7b 0f a9 90 96 72 8d 8a fb 7e 35 fd 59 b2 ff 43
9b 16 e1 f1 43 b8 12 cf bc ed 4c 53 6a a0 06 58
34 78 a3 82 01 ed 30 82 01 e9 30 0e 06 03 55 1d
0f 01 01 ff 04 04 03 02 04 f0 30 13 06 03 55 1d
25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 01 30
1d 06 03 55 1d 0e 04 16 04 14 bb b4 85 b7 9a 44
08 3e 1c c4 fa ba cf d1 c3 c5 b2 22 b9 65 30 1f
06 03 55 1d 23 04 18 30 16 80 14 28 dc 53 bc fb
64 81 6b 97 18 fc 82 31 55 ce 93 2a c0 cc e7 30
82 01 07 06 03 55 1d 1f 04 81 ff 30 81 fc 30 51
a0 4f a0 4d 86 4b 68 74 74 70 3a 2f 2f 63 64 70
2e 63 72 79 70 74 6f 70 72 6f 2e 72 75 2f 72 61
2f 63 64 70 2f 32 38 44 43 35 33 42 43 46 42 36
34 38 31 36 42 39 37 31 38 46 43 38 32 33 31 35
35 43 45 39 33 32 41 43 30 43 43 45 37 2e 63 72
6c 30 52 a0 50 a0 4e 86 4c 68 74 74 70 3a 2f 2f
63 70 63 61 2e 63 72 79 70 74 6f 70 72 6f 2e 72
75 2f 72 61 2f 63 64 70 2f 32 38 44 43 35 33 42
43 46 42 36 34 38 31 36 42 39 37 31 38 46 43 38
32 33 31 35 35 43 45 39 33 32 41 43 30 43 43 45
37 2e 63 72 6c 30 53 a0 51 a0 4f 86 4d 68 74 74
70 3a 2f 2f 63 70 63 61 32 2e 63 72 79 70 74 6f
70 72 6f 2e 72 75 2f 72 61 2f 63 64 70 2f 32 38
44 43 35 33 42 43 46 42 36 34 38 31 36 42 39 37
31 38 46 43 38 32 33 31 35 35 43 45 39 33 32 41
43 30 43 43 45 37 2e 63 72 6c 30 77 06 08 2b 06
01 05 05 07 01 01 04 6b 30 69 30 32 06 08 2b 06
01 05 05 07 30 01 86 26 68 74 74 70 3a 2f 2f 6f
63 73 70 2e 63 72 79 70 74 6f 70 72 6f 2e 72 75
2f 6f 63 73 70 2f 6f 63 73 70 2e 73 72 66 30 33
06 08 2b 06 01 05 05 07 30 01 86 27 68 74 74 70
3a 2f 2f 6f 63 73 70 32 2e 63 72 79 70 74 6f 70
72 6f 2e 72 75 2f 6f 63 73 70 2f 6f 63 73 70 2e
73 72 66 30 08 06 06 2a 85 03 02 02 03 03 41 00
88 dc 73 7a c8 20 6a a5 3a b8 3f c5 2b 7c f8 7c
00 e0 75 b7 fb 4a 4e 91 e1 f1 7d f5 81 d4 de a0
97 3c c7 ce 1d 98 be 54 2d 27 de 6f 33 be 96 68
5b db c2 11 16 1a 1d dd ba cf bd d5 5b a1 f5 3b
depth=0 emailAddress = support@nbki.ru, C = RU, L = Moscow, O = OJSC National Bureau of Credit Histories, CN = icrs.nbki.ru
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 emailAddress = support@nbki.ru, C = RU, L = Moscow, O = OJSC National Bureau of Credit Histories, CN = icrs.nbki.ru
verify error:num=27:certificate not trusted
verify return:1
depth=0 emailAddress = support@nbki.ru, C = RU, L = Moscow, O = OJSC National Bureau of Credit Histories, CN = icrs.nbki.ru
verify error:num=21:unable to verify the first certificate
verify return:1
SSL_connect:SSLv3 read server certificate A
read from 0x8591398 [0x859bf03] (5 bytes => 5 (0x5))
0000 - 16 03 01 00 04 .....
read from 0x8591398 [0x859bf08] (4 bytes => 4 (0x4))
0000 - 0e .
0004 - <SPACES/NULS>
<<< TLS 1.0 Handshake [length 0004], ServerHelloDone
0e 00 00 00
SSL_connect:SSLv3 read server done A
>>> TLS 1.0 Handshake [length 00ae], ClientKeyExchange
10 00 00 aa 30 81 a7 30 81 a4 30 28 04 20 3e 8b
2e fc df 1d c7 f3 37 80 76 d3 4c 5d 2e 92 55 a2
12 a8 12 2c 44 b7 69 87 db c8 b1 12 d8 8d 04 04
3d 89 4e 4f a0 78 06 07 2a 85 03 02 02 1f 01 a0
63 30 1c 06 06 2a 85 03 02 02 13 30 12 06 07 2a
85 03 02 02 24 00 06 07 2a 85 03 02 02 1e 01 03
43 00 04 40 6f 29 0a 5b fe d4 5c e6 3f c9 9a bc
2c 4c f9 e7 07 d3 7b d2 8f ac 1e 28 2b 01 c5 80
e8 e5 79 b3 3e aa 29 cf 86 cd fe b1 76 6f 9f 22
7f a9 49 0b 7a 33 f0 e1 27 22 88 a8 0e 58 72 4c
80 db 15 56 04 08 48 3c ff 4d ea 59 01 8a
write to 0x8591398 [0x85a5910] (179 bytes => 179 (0xB3))
0000 - 16 03 01 00 ae 10 00 00-aa 30 81 a7 30 81 a4 30 .........0..0..0
0010 - 28 04 20 3e 8b 2e fc df-1d c7 f3 37 80 76 d3 4c (. >.......7.v.L
0020 - 5d 2e 92 55 a2 12 a8 12-2c 44 b7 69 87 db c8 b1 ]..U....,D.i....
0030 - 12 d8 8d 04 04 3d 89 4e-4f a0 78 06 07 2a 85 03 .....=.NO.x..*..
0040 - 02 02 1f 01 a0 63 30 1c-06 06 2a 85 03 02 02 13 .....c0...*.....
0050 - 30 12 06 07 2a 85 03 02-02 24 00 06 07 2a 85 03 0...*....$...*..
0060 - 02 02 1e 01 03 43 00 04-40 6f 29 0a 5b fe d4 5c .....C..@o).[..\
0070 - e6 3f c9 9a bc 2c 4c f9-e7 07 d3 7b d2 8f ac 1e .?...,L....{....
0080 - 28 2b 01 c5 80 e8 e5 79-b3 3e aa 29 cf 86 cd fe (+.....y.>.)....
0090 - b1 76 6f 9f 22 7f a9 49-0b 7a 33 f0 e1 27 22 88 .vo."..I.z3..'".
00a0 - a8 0e 58 72 4c 80 db 15-56 04 08 48 3c ff 4d ea ..XrL...V..H<.M.
00b0 - 59 01 8a Y..
SSL_connect:SSLv3 write client key exchange A
>>> TLS 1.0 ChangeCipherSpec [length 0001]
01
write to 0x8591398 [0x85a5910] (6 bytes => 6 (0x6))
0000 - 14 03 01 00 01 01 ......
SSL_connect:SSLv3 write change cipher spec A
>>> TLS 1.0 Handshake [length 0010], Finished
14 00 00 0c 28 e3 c0 f1 7c 34 9e c2 d5 7d de 8c
write to 0x8591398 [0x85a5910] (25 bytes => 25 (0x19))
0000 - 16 03 01 00 14 b8 1a 9b-3a 50 9b 48 46 4c 92 0c ........:P.HFL..
0010 - 31 db cc ae 7b 39 dc 92-b3 1...{9...
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
read from 0x8591398 [0x859bf03] (5 bytes => 5 (0x5))
0000 - 14 03 01 00 01 .....
read from 0x8591398 [0x859bf08] (1 bytes => 1 (0x1))
0000 - 01 .
<<< TLS 1.0 ChangeCipherSpec [length 0001]
01
read from 0x8591398 [0x859bf03] (5 bytes => 5 (0x5))
0000 - 16 03 01 00 14 .....
read from 0x8591398 [0x859bf08] (20 bytes => 20 (0x14))
0000 - 0c 89 65 91 af 66 cc 56-2c 03 e0 40 aa 04 c0 a1 ..e..f.V,..@....
0010 - 52 87 6f a3 R.o.
<<< TLS 1.0 Handshake [length 0010], Finished
14 00 00 0c f9 3b ce f3 8e 1a a9 00 9c b1 62 19
SSL_connect:SSLv3 read finished A
---
Certificate chain
0 s:/emailAddress=support@nbki.ru/C=RU/L=Moscow/O=OJSC National Bureau of Credit Histories/CN=icrs.nbki.ru
i:/emailAddress=cpca@cryptopro.ru/C=RU/L=\x04\x1C\x04>\x04A\x04:\x042\x040/O=\x04\x1E\x04\x1E\x04\x1E\x00 \x04\x1A\x04 \x04\x18\x04\x1F\x04"\x04\x1E\x00-\x04\x1F\x04 \x04\x1E/CN=\x04#\x04&\x00 \x00K\x00P\x04\x18\x04\x1F\x00T\x00O\x00-\x04\x1F\x00P\x00O
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEAjCCA7GgAwIBAgIKa5749AALAADseTAIBgYqhQMCAgMwgZIxIDAeBgkqhkiG
9w0BCQEWEWNwY2FAY3J5cHRvcHJvLnJ1MQswCQYDVQQGEwJSVTEVMBMGA1UEBx4M
BBwEPgRBBDoEMgQwMSUwIwYDVQQKHhwEHgQeBB4AIAQaBCAEGAQfBCIEHgAtBB8E
IAQeMSMwIQYDVQQDHhoEIwQmACAASwBQBBgEHwBUAE8ALQQfAFAATzAeFw0xMjA4
MDMwNjAwMDBaFw0xMzA4MDMwNjEwMDBaMIGIMR4wHAYJKoZIhvcNAQkBFg9zdXBw
b3J0QG5ia2kucnUxCzAJBgNVBAYTAlJVMQ8wDQYDVQQHEwZNb3Njb3cxMTAvBgNV
BAoTKE9KU0MgTmF0aW9uYWwgQnVyZWF1IG9mIENyZWRpdCBIaXN0b3JpZXMxFTAT
BgNVBAMTDGljcnMubmJraS5ydTBjMBwGBiqFAwICEzASBgcqhQMCAiQABgcqhQMC
Ah4BA0MABEDq562Sn3aeIT0DiSeqBf1eRwTPxXqVfBTCio3Pad97D6mQlnKNivt+
Nf1Zsv9Dmxbh8UO4Es+87UxTaqAGWDR4o4IB7TCCAekwDgYDVR0PAQH/BAQDAgTw
MBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1UdDgQWBBS7tIW3mkQIPhzE+rrP0cPF
siK5ZTAfBgNVHSMEGDAWgBQo3FO8+2SBa5cY/IIxVc6TKsDM5zCCAQcGA1UdHwSB
/zCB/DBRoE+gTYZLaHR0cDovL2NkcC5jcnlwdG9wcm8ucnUvcmEvY2RwLzI4REM1
M0JDRkI2NDgxNkI5NzE4RkM4MjMxNTVDRTkzMkFDMENDRTcuY3JsMFKgUKBOhkxo
dHRwOi8vY3BjYS5jcnlwdG9wcm8ucnUvcmEvY2RwLzI4REM1M0JDRkI2NDgxNkI5
NzE4RkM4MjMxNTVDRTkzMkFDMENDRTcuY3JsMFOgUaBPhk1odHRwOi8vY3BjYTIu
Y3J5cHRvcHJvLnJ1L3JhL2NkcC8yOERDNTNCQ0ZCNjQ4MTZCOTcxOEZDODIzMTU1
Q0U5MzJBQzBDQ0U3LmNybDB3BggrBgEFBQcBAQRrMGkwMgYIKwYBBQUHMAGGJmh0
dHA6Ly9vY3NwLmNyeXB0b3Byby5ydS9vY3NwL29jc3Auc3JmMDMGCCsGAQUFBzAB
hidodHRwOi8vb2NzcDIuY3J5cHRvcHJvLnJ1L29jc3Avb2NzcC5zcmYwCAYGKoUD
AgIDA0EAiNxzesggaqU6uD/FK3z4fADgdbf7Sk6R4fF99YHU3qCXPMfOHZi+VC0n
3m8zvpZoW9vCERYaHd26z73VW6H1Ow==
-----END CERTIFICATE-----
subject=/emailAddress=support@nbki.ru/C=RU/L=Moscow/O=OJSC National Bureau of Credit Histories/CN=icrs.nbki.ru
issuer=/emailAddress=cpca@cryptopro.ru/C=RU/L=\x04\x1C\x04>\x04A\x04:\x042\x040/O=\x04\x1E\x04\x1E\x04\x1E\x00 \x04\x1A\x04 \x04\x18\x04\x1F\x04"\x04\x1E\x00-\x04\x1F\x04 \x04\x1E/CN=\x04#\x04&\x00 \x00K\x00P\x04\x18\x04\x1F\x00T\x00O\x00-\x04\x1F\x00P\x00O
---
No client certificate CA names sent
---
SSL handshake has read 1170 bytes and written 430 bytes
---
New, TLSv1/SSLv3, Cipher is GOST2001-GOST89-GOST89
Server public key is 256 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : GOST2001-GOST89-GOST89
Session-ID:
Session-ID-ctx:
Master-Key: 6A64655D5A2C2E405076D8E6D58275F9BCE6D698E4377B7F9FB1392A337DD2C797A04A0691A39D326C8EBCD574A69A25
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1358168321
Timeout : 7200 (sec)
Verify return code: 21 (unable to verify the first certificate)
---
kjkjkjk
write to 0x8591398 [0x85a0456] (26 bytes => 26 (0x1A))
0000 - 17 03 01 00 04 38 f9 71-4b 17 03 01 00 0c 15 54 .....8.qK......T
0010 - e0 3f ec 6c f5 27 47 58-48 4c .?.l.'GXHL
read from 0x8591398 [0x859bf03] (5 bytes => 5 (0x5))
0000 - 17 03 01 01 1b .....
read from 0x8591398 [0x859bf08] (283 bytes => 283 (0x11B))
0000 - 9b 12 6c 6b 24 96 90 27-e5 ee ab 82 55 ee 2e ac ..lk$..'....U...
0010 - 5a cb 83 c1 b4 fd 79 a5-f0 94 cf c6 77 fb f1 0b Z.....y.....w...
0020 - bf a3 4a 3d fb 48 df d2-08 04 02 28 1b d7 40 25 ..J=.H.....(..@%
0030 - b7 30 19 bb b7 6a 3d ce-eb f1 d0 d5 91 05 8a 2f .0...j=......../
0040 - 07 f0 a0 ad 4e 3b 65 a4-fb 66 f8 1e 4c 84 9e d1 ....N;e..f..L...
0050 - de eb 25 af df 84 7e 22-be 3e a9 97 3d 0a ae 1c ..%...~".>..=...
0060 - 1d 35 b5 37 58 ac 00 2f-af 35 6e 7d 67 c5 5f 13 .5.7X../.5n}g._.
0070 - b4 94 b8 32 c8 f2 e8 31-68 79 6d 18 af db 8b ec ...2...1hym.....
0080 - 58 b6 2d 03 80 83 2f d4-bc 23 e1 5a b8 73 b2 f9 X.-.../..#.Z.s..
0090 - ce 92 af 96 f5 71 5a fd-3d ae 41 a4 8b cb ed a8 .....qZ.=.A.....
00a0 - 50 4b 1a a3 b6 a2 1f 62-94 67 e5 b2 bf f7 9a 0e PK.....b.g......
00b0 - 35 5d 7b d1 e2 48 34 9d-83 d1 e2 e3 f3 7d 26 65 5]{..H4......}&e
00c0 - 64 83 ab 83 a6 5d 21 67-3d 96 56 43 92 ca 2b 4c d....]!g=.VC..+L
00d0 - 7a e0 3f 28 a8 d0 09 b2-b0 cb 40 c6 69 b6 df 1c z.?(......@.i...
00e0 - 6a 49 d2 c4 ea 31 ca 4d-ea a8 4e c3 47 b6 0a 9d jI...1.M..N.G...
00f0 - fc 43 e5 fc 38 b6 af 85-29 25 1b 27 9f 9b 2d 33 .C..8...)%.'..-3
0100 - ee bf 70 ff 83 93 24 c4-6a a3 a6 32 d5 f0 db 2f ..p...$.j..2.../
0110 - 1d b3 4c f7 98 32 66 99-b9 ed 3f ..L..2f...?
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="https://icrs.nbki.ru/main">here</a>.</p>
<hr>
<address>Apache/2.2.21 Server at icrs.nbki.ru Port 443</address>
</body></html>
read from 0x8591398 [0x859bf03] (5 bytes => 0 (0x0))
read:errno=0
write to 0x8591398 [0x85a0453] (11 bytes => 11 (0xB))
0000 - 15 03 01 00 06 1c 86 f5-0d b6 0c ...........
>>> TLS 1.0 Alert [length 0002], warning close_notify
01 00
SSL3 alert write:warning:close notifyBut when I try connect from curl (PHP) I have error: 'Cannot communicate securely with peer: no common encryption algorithm(s).'
Why? I needed recompile whole PHP?
--
What settings are used PHP script when working OpenSSL ?
I added the following lines in openssl.cnf for include GOST engine.
openssl_conf = openssl_def
[openssl_def]
engines = engine_section
[engine_section]
gost = gost_section
[gost_section]
engine_id = gost
default_algorithms = ALL
dynamic_path = /usr/lib/openssl/engines/libgost.so
CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSetThere is a suspicion that I can not yet in any way deny that PHP scripts do not use this additional configuration.
