Server ClientHello to ServerHello


We have been contacted.  The "Is initial handshake:" is the start of the handshake
 
Is initial handshake: true
JsseJCE:  Using AlgorithmParameters EC from provider IBMJCE version 1.8
JsseJCE:  Using AlgorithmParameters EC from provider IBMJCE version 1.8
JsseJCE:  Using AlgorithmParameters EC from provider IBMJCE version 1.8
JsseJCE:  Using AlgorithmParameters EC from provider IBMJCE version 1.8
Read the data 
Default Executor-thread-14, READ: TLSv1.2 Handshake, length = 280

Display what server has been sent
ClientHello is the name of the first part of the handshake.
Display the data in the handshake
*** ClientHello, TLSv1.2
RandomCookie:
GMT: 1604819291
bytes = {...}
Session ID:{}
The following is the list of cipher suites the client will accept 
Cipher Suites: [SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384, ...}
Compression Methods:  { }
Unsupported extension status_request, data: 01:00:00:00:00
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, unknown curve 256, unknown curve 257, unknown curve 258, unknown curve 259, unknown curve 260}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA256withECDSA, SHA384withECDSA, SHA512withECDSA, Unknown (hash:0x8, signature:0x4), Unknown (hash:0x8, signature:0x5), Unknown (hash:0x8, signature:0x6), Unknown (hash:0x8, signature:0x9), Unknown (hash:0x8, signature:0xa), ...
For extension types, see here or look at the midrange trace.

Unsupported extension type_50, data: 00:26:04:03:...
 
Unsupported extension type_17, data: 00:07:02:00:04:00:00:00:00

Extension extended_master_secret

Unsupported extension type_43, data: 02:03:03

End of the data in the initial handshake
***
ALPN – can be ignored

Application-Layer Protocol Negotiation (ALPN) is a Transport Layer Security (TLS) extension that allows the application layer to negotiate which protocol should be performed over a secure connection in a manner that avoids additional round trips and which is independent of the application-layer protocols. It is needed by secure HTTP/2 connections, which improves the compression of web pages and reduces their latency compared to HTTP/1.x.

ALPN not supported, no protocols set
ALPN will not be negotiated6558e265[SSLEngine[hostname=null port=-1] SSL_NULL_WITH_NULL_NULL]
%% Initialized:  [Session-1, SSL_NULL_WITH_NULL_NULL]
End of ALPN

The client sent up TLS 1.3 in the supported_versions of the clientHello message, but the server is only configured for TLS 1.2

Fatal (PROTOCOL_VERSION): The client supported protocol versions [TLSv1.3] are not accepted by server preferences [TLS12]

The client sent up TLS 1.3 in the supported_versions of the clientHello message, but the server is only configured for TLS 1.2
  Fatal (PROTOCOL_VERSION): The client supported protocol 
versions [TLSv1.3] are not accepted by server preferences [TLS12] 

The first three cipher suites (above) were SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384.
The first is …_ECDSA…, the second is …_ECDSA.., the third is …_RSA_…

  • SSL or TLS,
  • the protocol ECDHE
  • Key exchange algorithm ECDSA
  • Authentication/Digital Signature Algorithm: What sort of certificate can be used. ECDSA the server public key is an Elliptic Curve signifies. ECDSA is Elliptic Curve + Digital Signing Algorithm.
  • RSA the server public key is created with RSA public certificate.
  • “WITH”
  • AES_256_GCM the bulk encryption algorithm: Once the handshake has completed, the encryption of the payload is done using symmetric encryption.
  • SHA384 indicates the algorithm for hashing the message

Check to see if the server has a compatible certificate to use. If “Alias” has not been specified

  • For each cipher spec in the list,
  • Extract the key exchange EC DSA etc
  • ..For each certificate in the keystore
  • …. get the list of alias names which match both
  • …. pick one

For Key exchange we have (from above) EC, EC, RSA

ssl: ServerHandshaker.setupPrivateKeyAndChain EC
matching alias: BPECCBPECC
matching alias: TBPECC192
matching alias: NISTECC5
matching alias: TBPECC160
matching alias: TBPECC320
matching alias: BPECC
matching alias: TBPECC512
matching alias: TBPECC256
matching alias: TNISTECC384
matching alias: TBPECC224
matching alias: NISTECC521
matching alias: TNISTECC224
matching alias: TNISTECC521
matching alias: TNISTECC256
matching alias: NISTECC
matching alias: BPECC3
matching alias: TNISTECC192
ssl: ServerHandshaker.setupPrivateKeyAndChain, chooseEngineServerAlias BPECCBPECC
None were found matching EC return false
I think this is a bug in the z/OS code, it does not seem to recognise the
Elliptic curves sent to it.

ssl: ServerHandshaker.setupPrivateKeyAndChain, return false 3 curve index -1
They the next cipher spec - EC again 
ssl: ServerHandshaker.setupPrivateKeyAndChain EC
matching alias: BPECCBPECC
matching alias: TBPECC192
matching alias: NISTECC5
matching alias: TBPECC160
matching alias: TBPECC320
matching alias: BPECC
matching alias: TBPECC512
matching alias: TBPECC256
matching alias: TNISTECC384
matching alias: TBPECC224
matching alias: NISTECC521
matching alias: TNISTECC224
matching alias: TNISTECC521
matching alias: TNISTECC256
matching alias: NISTECC
matching alias: BPECC3
matching alias: TNISTECC192
ssl: ServerHandshaker.setupPrivateKeyAndChain, chooseEngineServerAlias BPECCBPECC
None found .. return false
ssl: ServerHandshaker.setupPrivateKeyAndChain, return false 3 curve index -1

Try the next cipher spec - RSA
ssl: ServerHandshaker.setupPrivateKeyAndChain RSA
matching alias: ZZZZ
ssl: ServerHandshaker.setupPrivateKeyAndChain, chooseEngineServerAlias ZZZZ
It found one!
ssl: ServerHandshaker.setupPrivateKeyAndChain, return true


If you get
fatal error: 40: no cipher suites in common.  Click here for more information

SEND TLSv1.2 ALERT: fatal,


JsseJCE:  Using KeyPairGenerator EC from provider TBD via init
JsseJCE:  Using SecureRandom SHA2DRBG from provider IBMJCE version 1.8
JsseJCE:  Using KeyPairGenerator EC from provider TBD via init
ECDHCrypt:  ECDH KeyPairGenerator  from provider from init IBMJCE version 1.8
Use the agreed cipher spec SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384
%% Negotiating:  [Session-1, SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
JsseJCE:  Using MessageDigest SHA-384 from provider IBMJCE version 1.8
End of processing ClientHello