Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 1443406 Details for
Bug 1577572
openconnect doesn't work with key on rutoken
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
patched openconnect, actual gnutls, full cert url
openconnect.patched.gnutls-f28.f28.full-cert-url.log (text/plain), 70.40 KB, created by
Denis Kostousov
on 2018-05-28 15:42:28 UTC
(
hide
)
Description:
patched openconnect, actual gnutls, full cert url
Filename:
MIME Type:
Creator:
Denis Kostousov
Created:
2018-05-28 15:42:28 UTC
Size:
70.40 KB
patch
obsolete
>[kostousov-ds@irtysh 20:34:12]~(0)% p11tool --list-all --login "pkcs11:token=User%20PIN%20%28Rutoken%20ECP%29" >Token 'User PIN (Rutoken ECP)' with URL 'pkcs11:model=PKCS%2315;manufacturer=Aktiv%20Co.;serial=0000000031296E36;token=User%20PIN%20%28Rutoken%20ECP%29' requires user PIN >Enter PIN: >Object 0: > URL: pkcs11:model=PKCS%2315;manufacturer=Aktiv%20Co.;serial=0000000031296E36;token=User%20PIN%20%28Rutoken%20ECP%29;id=%6e%65%77%6b%65%79%73%65%74;object=current;type=private > Type: Private key (RSA) > Label: current > Flags: CKA_WRAP/UNWRAP; CKA_PRIVATE; > ID: 6e:65:77:6b:65:79:73:65:74 > >Object 1: > URL: pkcs11:model=PKCS%2315;manufacturer=Aktiv%20Co.;serial=0000000031296E36;token=User%20PIN%20%28Rutoken%20ECP%29;id=%6e%65%77%6b%65%79%73%65%74;object=kostousov-ds-ra;type=public > Type: Public key (RSA-2048) > Label: kostousov-ds-ra > Flags: CKA_WRAP/UNWRAP; > ID: 6e:65:77:6b:65:79:73:65:74 > >Object 2: > URL: pkcs11:model=PKCS%2315;manufacturer=Aktiv%20Co.;serial=0000000031296E36;token=User%20PIN%20%28Rutoken%20ECP%29;id=%6e%65%77%6b%65%79%73%65%74;object=current;type=cert > Type: X.509 Certificate (RSA-2048) > Label: current > ID: 6e:65:77:6b:65:79:73:65:74 > >[kostousov-ds@irtysh 20:34:27]~(0)% sudo GNUTLS_DEBUG_LEVEL=6 openconnect -c "pkcs11:model=PKCS%2315;manufacturer=Aktiv%20Co.;serial=0000000031296E36;token=User%20PIN%20%28Rutoken%20ECP%29;id=%6e%65%77%6b%65%79%73%65%74;object=current;type=cert" --script /etc/openconnect/vpnc-script https://vpn.company.com/+webvpn+/index.html >[sudo] паÑÐ¾Ð»Ñ Ð´Ð»Ñ kostousov-ds: >gnutls[2]: Enabled GnuTLS 3.6.2 logging... >gnutls[2]: getrandom random generator was detected >gnutls[2]: Intel SSSE3 was detected >gnutls[2]: Intel AES accelerator was detected >gnutls[2]: Intel GCM accelerator was detected >gnutls[2]: cached system priority /etc/crypto-policies/back-ends/gnutls.config mtime 1526676780 >POST https://vpn.company.com/+webvpn+/index.html >Connected to x.x.x.x:443 >gnutls[2]: Initializing needed PKCS #11 modules >gnutls[2]: p11: Initializing module: p11-kit-trust >gnutls[2]: p11: No login requested. >gnutls[3]: p11 attrs: CKA_CLASS (CERT), CKA_CERTIFICATE_TYPE >gnutls[3]: p11 attrs: CKA_TRUSTED >gnutls[3]: p11 attrs: CKA_CERTIFICATE_CATEGORY=CA >gnutls[2]: p11: No login requested. >gnutls[3]: p11 attrs: CKA_CLASS (CERT), CKA_CERTIFICATE_TYPE >gnutls[3]: p11 attrs: CKA_TRUSTED >gnutls[3]: p11 attrs: CKA_CERTIFICATE_CATEGORY=CA >gnutls[3]: ASSERT: pkcs11.c[find_objs_cb]:2888 >gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_obj_list_import_url3]:3209 >gnutls[2]: Initializing all PKCS #11 modules >gnutls[2]: p11: Initializing module: p11-kit-trust >gnutls[2]: p11: module p11-kit-trust is already loaded. >gnutls[3]: ASSERT: pkcs11.c[auto_load]:812 >gnutls[2]: Cannot load PKCS #11 module: p11-kit-trust >gnutls[2]: p11: Initializing module: opensc >gnutls[3]: ASSERT: pkcs11.c[compat_load]:757 >gnutls[2]: p11: No login requested. >PIN required for User PIN (Rutoken ECP) >Enter PIN: >gnutls[2]: p11: Login result = ok (0) >gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_token_check_mechanism]:3648 >Using client certificate 'kostousov-ds-ra' >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3781 >gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_get_raw_issuer]:4040 >gnutls[3]: ASSERT: verify-high.c[gnutls_x509_trust_list_get_issuer]:980 >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3781 >gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_get_raw_issuer]:4040 >gnutls[3]: ASSERT: x509_ext.c[gnutls_subject_alt_names_get]:110 >gnutls[3]: ASSERT: x509.c[get_alt_name]:1811 >gnutls[5]: REC[0x563978c49aa0]: Allocating epoch #0 >gnutls[2]: system priority /etc/crypto-policies/back-ends/gnutls.config has not changed >gnutls[2]: resolved 'SYSTEM' to 'NONE:+AEAD:+SHA256:+SHA1:+SHA384:+SHA512:+GROUP-X25519:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-SECP521R1:+GROUP-FFDHE2048:+GROUP-FFDHE3072:+GROUP-FFDHE4096:+GROUP-FFDHE8192:+SIGN-ALL:-SIGN-RSA-MD5:-SIGN-DSA-SHA1:-SIGN-DSA-SHA224:-SIGN-DSA-SHA256:-SIGN-DSA-SHA384:-SIGN-DSA-SHA512:+AES-256-GCM:+AES-256-CCM:+CHACHA20-POLY1305:+CAMELLIA-256-GCM:+AES-256-CBC:+CAMELLIA-256-CBC:+AES-128-GCM:+AES-128-CCM:+CAMELLIA-128-GCM:+AES-128-CBC:+CAMELLIA-128-CBC:+ECDHE-RSA:+ECDHE-ECDSA:+RSA:+DHE-RSA:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-DTLS1.2:+VERS-DTLS1.0:+COMP-NULL:%PROFILE_LOW', next '' >gnutls[2]: selected priority string: NONE:+AEAD:+SHA256:+SHA1:+SHA384:+SHA512:+GROUP-X25519:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-SECP521R1:+GROUP-FFDHE2048:+GROUP-FFDHE3072:+GROUP-FFDHE4096:+GROUP-FFDHE8192:+SIGN-ALL:-SIGN-RSA-MD5:-SIGN-DSA-SHA1:-SIGN-DSA-SHA224:-SIGN-DSA-SHA256:-SIGN-DSA-SHA384:-SIGN-DSA-SHA512:+AES-256-GCM:+AES-256-CCM:+CHACHA20-POLY1305:+CAMELLIA-256-GCM:+AES-256-CBC:+CAMELLIA-256-CBC:+AES-128-GCM:+AES-128-CCM:+CAMELLIA-128-GCM:+AES-128-CBC:+CAMELLIA-128-CBC:+ECDHE-RSA:+ECDHE-ECDSA:+RSA:+DHE-RSA:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-DTLS1.2:+VERS-DTLS1.0:+COMP-NULL:%PROFILE_LOW:%COMPAT >gnutls[2]: added 53 ciphersuites, 11 sig algos and 8 groups into priority list >SSL negotiation with vpn.company.com >gnutls[5]: REC[0x563978c49aa0]: Allocating epoch #1 >gnutls[4]: HSK[0x563978c49aa0]: Adv. version: 3.3 >gnutls[2]: Keeping ciphersuite c0.30 (GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384) >gnutls[2]: Keeping ciphersuite cc.a8 (GNUTLS_ECDHE_RSA_CHACHA20_POLY1305) >gnutls[2]: Keeping ciphersuite c0.8b (GNUTLS_ECDHE_RSA_CAMELLIA_256_GCM_SHA384) >gnutls[2]: Keeping ciphersuite c0.14 (GNUTLS_ECDHE_RSA_AES_256_CBC_SHA1) >gnutls[2]: Keeping ciphersuite c0.28 (GNUTLS_ECDHE_RSA_AES_256_CBC_SHA384) >gnutls[2]: Keeping ciphersuite c0.77 (GNUTLS_ECDHE_RSA_CAMELLIA_256_CBC_SHA384) >gnutls[2]: Keeping ciphersuite c0.2f (GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256) >gnutls[2]: Keeping ciphersuite c0.8a (GNUTLS_ECDHE_RSA_CAMELLIA_128_GCM_SHA256) >gnutls[2]: Keeping ciphersuite c0.27 (GNUTLS_ECDHE_RSA_AES_128_CBC_SHA256) >gnutls[2]: Keeping ciphersuite c0.13 (GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1) >gnutls[2]: Keeping ciphersuite c0.76 (GNUTLS_ECDHE_RSA_CAMELLIA_128_CBC_SHA256) >gnutls[2]: Keeping ciphersuite c0.2c (GNUTLS_ECDHE_ECDSA_AES_256_GCM_SHA384) >gnutls[2]: Keeping ciphersuite c0.ad (GNUTLS_ECDHE_ECDSA_AES_256_CCM) >gnutls[2]: Keeping ciphersuite cc.a9 (GNUTLS_ECDHE_ECDSA_CHACHA20_POLY1305) >gnutls[2]: Keeping ciphersuite c0.87 (GNUTLS_ECDHE_ECDSA_CAMELLIA_256_GCM_SHA384) >gnutls[2]: Keeping ciphersuite c0.0a (GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA1) >gnutls[2]: Keeping ciphersuite c0.24 (GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA384) >gnutls[2]: Keeping ciphersuite c0.73 (GNUTLS_ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384) >gnutls[2]: Keeping ciphersuite c0.2b (GNUTLS_ECDHE_ECDSA_AES_128_GCM_SHA256) >gnutls[2]: Keeping ciphersuite c0.ac (GNUTLS_ECDHE_ECDSA_AES_128_CCM) >gnutls[2]: Keeping ciphersuite c0.86 (GNUTLS_ECDHE_ECDSA_CAMELLIA_128_GCM_SHA256) >gnutls[2]: Keeping ciphersuite c0.23 (GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA256) >gnutls[2]: Keeping ciphersuite c0.09 (GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA1) >gnutls[2]: Keeping ciphersuite c0.72 (GNUTLS_ECDHE_ECDSA_CAMELLIA_128_CBC_SHA256) >gnutls[2]: Keeping ciphersuite 00.9d (GNUTLS_RSA_AES_256_GCM_SHA384) >gnutls[2]: Keeping ciphersuite c0.9d (GNUTLS_RSA_AES_256_CCM) >gnutls[2]: Keeping ciphersuite c0.7b (GNUTLS_RSA_CAMELLIA_256_GCM_SHA384) >gnutls[2]: Keeping ciphersuite 00.3d (GNUTLS_RSA_AES_256_CBC_SHA256) >gnutls[2]: Keeping ciphersuite 00.35 (GNUTLS_RSA_AES_256_CBC_SHA1) >gnutls[2]: Keeping ciphersuite 00.c0 (GNUTLS_RSA_CAMELLIA_256_CBC_SHA256) >gnutls[2]: Keeping ciphersuite 00.84 (GNUTLS_RSA_CAMELLIA_256_CBC_SHA1) >gnutls[2]: Keeping ciphersuite 00.9c (GNUTLS_RSA_AES_128_GCM_SHA256) >gnutls[2]: Keeping ciphersuite c0.9c (GNUTLS_RSA_AES_128_CCM) >gnutls[2]: Keeping ciphersuite c0.7a (GNUTLS_RSA_CAMELLIA_128_GCM_SHA256) >gnutls[2]: Keeping ciphersuite 00.3c (GNUTLS_RSA_AES_128_CBC_SHA256) >gnutls[2]: Keeping ciphersuite 00.2f (GNUTLS_RSA_AES_128_CBC_SHA1) >gnutls[2]: Keeping ciphersuite 00.ba (GNUTLS_RSA_CAMELLIA_128_CBC_SHA256) >gnutls[2]: Keeping ciphersuite 00.41 (GNUTLS_RSA_CAMELLIA_128_CBC_SHA1) >gnutls[2]: Keeping ciphersuite 00.9f (GNUTLS_DHE_RSA_AES_256_GCM_SHA384) >gnutls[2]: Keeping ciphersuite c0.9f (GNUTLS_DHE_RSA_AES_256_CCM) >gnutls[2]: Keeping ciphersuite cc.aa (GNUTLS_DHE_RSA_CHACHA20_POLY1305) >gnutls[2]: Keeping ciphersuite c0.7d (GNUTLS_DHE_RSA_CAMELLIA_256_GCM_SHA384) >gnutls[2]: Keeping ciphersuite 00.6b (GNUTLS_DHE_RSA_AES_256_CBC_SHA256) >gnutls[2]: Keeping ciphersuite 00.39 (GNUTLS_DHE_RSA_AES_256_CBC_SHA1) >gnutls[2]: Keeping ciphersuite 00.c4 (GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA256) >gnutls[2]: Keeping ciphersuite 00.88 (GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1) >gnutls[2]: Keeping ciphersuite 00.9e (GNUTLS_DHE_RSA_AES_128_GCM_SHA256) >gnutls[2]: Keeping ciphersuite c0.9e (GNUTLS_DHE_RSA_AES_128_CCM) >gnutls[2]: Keeping ciphersuite c0.7c (GNUTLS_DHE_RSA_CAMELLIA_128_GCM_SHA256) >gnutls[2]: Keeping ciphersuite 00.67 (GNUTLS_DHE_RSA_AES_128_CBC_SHA256) >gnutls[2]: Keeping ciphersuite 00.33 (GNUTLS_DHE_RSA_AES_128_CBC_SHA1) >gnutls[2]: Keeping ciphersuite 00.be (GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA256) >gnutls[2]: Keeping ciphersuite 00.45 (GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1) >gnutls[4]: EXT[0x563978c49aa0]: Sending extension OCSP Status Request (5 bytes) >gnutls[2]: HSK[0x563978c49aa0]: sent server name: 'vpn.company.com' >gnutls[4]: EXT[0x563978c49aa0]: Sending extension Server Name Indication (19 bytes) >gnutls[4]: EXT[0x563978c49aa0]: Sending extension Safe Renegotiation (1 bytes) >gnutls[4]: EXT[0x563978c49aa0]: Sending extension Session Ticket (0 bytes) >gnutls[4]: EXT[0x563978c49aa0]: sent group X25519 (0x1d) >gnutls[4]: EXT[0x563978c49aa0]: sent group SECP256R1 (0x17) >gnutls[4]: EXT[0x563978c49aa0]: sent group SECP384R1 (0x18) >gnutls[4]: EXT[0x563978c49aa0]: sent group SECP521R1 (0x19) >gnutls[4]: EXT[0x563978c49aa0]: sent group FFDHE2048 (0x100) >gnutls[4]: EXT[0x563978c49aa0]: sent group FFDHE3072 (0x101) >gnutls[4]: EXT[0x563978c49aa0]: sent group FFDHE4096 (0x102) >gnutls[4]: EXT[0x563978c49aa0]: sent group FFDHE8192 (0x104) >gnutls[4]: EXT[0x563978c49aa0]: Sending extension Negotiated Groups (18 bytes) >gnutls[4]: EXT[0x563978c49aa0]: Sending extension Supported ECC Point Formats (2 bytes) >gnutls[4]: EXT[0x563978c49aa0]: sent signature algo (4.1) RSA-SHA256 >gnutls[4]: EXT[0x563978c49aa0]: sent signature algo (4.3) ECDSA-SHA256 >gnutls[4]: EXT[0x563978c49aa0]: sent signature algo (5.1) RSA-SHA384 >gnutls[4]: EXT[0x563978c49aa0]: sent signature algo (5.3) ECDSA-SHA384 >gnutls[4]: EXT[0x563978c49aa0]: sent signature algo (6.1) RSA-SHA512 >gnutls[4]: EXT[0x563978c49aa0]: sent signature algo (6.3) ECDSA-SHA512 >gnutls[4]: EXT[0x563978c49aa0]: sent signature algo (2.1) RSA-SHA1 >gnutls[4]: EXT[0x563978c49aa0]: sent signature algo (2.3) ECDSA-SHA1 >gnutls[4]: EXT[0x563978c49aa0]: sent signature algo (8.7) EdDSA-Ed25519 >gnutls[4]: EXT[0x563978c49aa0]: Sending extension Signature Algorithms (20 bytes) >gnutls[4]: HSK[0x563978c49aa0]: CLIENT HELLO was queued [244 bytes] >gnutls[5]: REC[0x563978c49aa0]: Preparing Packet Handshake(22) with length: 244 and min pad: 0 >gnutls[5]: REC[0x563978c49aa0]: Sent Packet[1] Handshake(22) in epoch 0 and length: 249 >gnutls[3]: ASSERT: buffers.c[get_last_packet]:1157 >gnutls[5]: REC[0x563978c49aa0]: SSL 3.3 Handshake packet received. Epoch 0, length: 93 >gnutls[5]: REC[0x563978c49aa0]: Expected Packet Handshake(22) >gnutls[5]: REC[0x563978c49aa0]: Received Packet Handshake(22) with length: 93 >gnutls[5]: REC[0x563978c49aa0]: Decrypted Packet[0] Handshake(22) with length: 93 >gnutls[4]: HSK[0x563978c49aa0]: SERVER HELLO (2) was received. Length 89[89], frag offset 0, frag length: 89, sequence: 0 >gnutls[4]: HSK[0x563978c49aa0]: Server's version: 3.3 >gnutls[4]: HSK[0x563978c49aa0]: SessionID length: 32 >gnutls[4]: HSK[0x563978c49aa0]: SessionID: c2b82d6550231010b210fded5cf3747f7e4770033113615de46b9781d992a6c8 >gnutls[4]: HSK[0x563978c49aa0]: Selected cipher suite: GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384 >gnutls[4]: EXT[0x563978c49aa0]: Parsing extension 'Server Name Indication/0' (0 bytes) >gnutls[4]: EXT[0x563978c49aa0]: Parsing extension 'Safe Renegotiation/65281' (1 bytes) >gnutls[4]: EXT[0x563978c49aa0]: Parsing extension 'Supported ECC Point Formats/11' (4 bytes) >gnutls[4]: HSK[0x563978c49aa0]: Safe renegotiation succeeded >gnutls[3]: ASSERT: buffers.c[get_last_packet]:1157 >gnutls[5]: REC[0x563978c49aa0]: SSL 3.3 Handshake packet received. Epoch 0, length: 5664 >gnutls[5]: REC[0x563978c49aa0]: Expected Packet Handshake(22) >gnutls[5]: REC[0x563978c49aa0]: Received Packet Handshake(22) with length: 5664 >gnutls[5]: REC[0x563978c49aa0]: Decrypted Packet[1] Handshake(22) with length: 5664 >gnutls[4]: HSK[0x563978c49aa0]: CERTIFICATE (11) was received. Length 5660[5660], frag offset 0, frag length: 5660, sequence: 0 >gnutls[3]: ASSERT: status_request.c[gnutls_ocsp_status_request_get]:335 >gnutls[3]: ASSERT: verify.c[verify_crt]:663 >gnutls[3]: ASSERT: verify.c[verify_crt]:815 >gnutls[3]: ASSERT: verify.c[_gnutls_verify_crt_status]:985 >gnutls[2]: issuer in verification was not found or insecure; trying against trust list >gnutls[3]: ASSERT: verify.c[verify_crt]:663 >gnutls[3]: ASSERT: verify.c[verify_crt]:815 >gnutls[3]: ASSERT: verify.c[_gnutls_verify_crt_status]:985 >gnutls[3]: ASSERT: verify-high.c[gnutls_x509_trust_list_verify_crt2]:1362 >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3781 >gnutls[2]: crt_is_known: did not find cert, using issuer DN + serial, using DN only >gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4321 >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3781 >gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4334 >gnutls[2]: crt_is_known: did not find any cert >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3781 >gnutls[2]: crt_is_known: did not find cert, using issuer DN + serial, using DN only >gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4321 >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3781 >gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4334 >gnutls[2]: crt_is_known: did not find any cert >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3781 >gnutls[2]: crt_is_known: did not find cert, using issuer DN + serial, using DN only >gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4321 >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[2]: p11: No login requested. >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3781 >gnutls[2]: crt_is_known: did not find cert, using issuer DN + serial, using DN only >gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4321 >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3781 >gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4334 >gnutls[2]: crt_is_known: did not find any cert >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3781 >gnutls[2]: crt_is_known: did not find cert, using issuer DN + serial, using DN only >gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4321 >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3781 >gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4334 >gnutls[2]: crt_is_known: did not find any cert >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[2]: p11: No login requested. >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3781 >gnutls[2]: crt_is_known: did not find cert, using issuer DN + serial, using DN only >gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4321 >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3781 >gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4334 >gnutls[2]: crt_is_known: did not find any cert >gnutls[2]: looking for key purpose '1.3.6.1.5.5.7.3.1', but have '1.3.6.1.5.5.7.3.4' >gnutls[3]: ASSERT: name_constraints.c[gnutls_x509_crt_get_name_constraints]:470 >gnutls[3]: ASSERT: name_constraints.c[gnutls_x509_crt_get_name_constraints]:470 >gnutls[3]: ASSERT: buffers.c[get_last_packet]:1157 >gnutls[5]: REC[0x563978c49aa0]: SSL 3.3 Handshake packet received. Epoch 0, length: 333 >gnutls[5]: REC[0x563978c49aa0]: Expected Packet Handshake(22) >gnutls[5]: REC[0x563978c49aa0]: Received Packet Handshake(22) with length: 333 >gnutls[5]: REC[0x563978c49aa0]: Decrypted Packet[2] Handshake(22) with length: 333 >gnutls[4]: HSK[0x563978c49aa0]: SERVER KEY EXCHANGE (12) was received. Length 329[329], frag offset 0, frag length: 329, sequence: 0 >gnutls[2]: received curve SECP256R1 >gnutls[4]: HSK[0x563978c49aa0]: Selected group SECP256R1 (2) >gnutls[4]: HSK[0x563978c49aa0]: verify TLS 1.2 handshake data: using RSA-SHA512 >gnutls[3]: ASSERT: buffers.c[get_last_packet]:1157 >gnutls[5]: REC[0x563978c49aa0]: SSL 3.3 Handshake packet received. Epoch 0, length: 4 >gnutls[5]: REC[0x563978c49aa0]: Expected Packet Handshake(22) >gnutls[5]: REC[0x563978c49aa0]: Received Packet Handshake(22) with length: 4 >gnutls[5]: REC[0x563978c49aa0]: Decrypted Packet[3] Handshake(22) with length: 4 >gnutls[4]: HSK[0x563978c49aa0]: SERVER HELLO DONE (14) was received. Length 0[0], frag offset 0, frag length: 1, sequence: 0 >gnutls[3]: ASSERT: buffers.c[get_last_packet]:1148 >gnutls[3]: ASSERT: buffers.c[_gnutls_handshake_io_recv_int]:1377 >gnutls[4]: HSK[0x563978c49aa0]: CLIENT KEY EXCHANGE was queued [70 bytes] >gnutls[4]: REC[0x563978c49aa0]: Sent ChangeCipherSpec >gnutls[5]: REC[0x563978c49aa0]: Initializing epoch #1 >gnutls[5]: REC[0x563978c49aa0]: Epoch #1 ready >gnutls[4]: HSK[0x563978c49aa0]: Cipher Suite: GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384 >gnutls[4]: HSK[0x563978c49aa0]: Initializing internal [write] cipher sessions >gnutls[4]: HSK[0x563978c49aa0]: recording tls-unique CB (send) >gnutls[4]: HSK[0x563978c49aa0]: FINISHED was queued [16 bytes] >gnutls[5]: REC[0x563978c49aa0]: Preparing Packet Handshake(22) with length: 70 and min pad: 0 >gnutls[5]: REC[0x563978c49aa0]: Sent Packet[2] Handshake(22) in epoch 0 and length: 75 >gnutls[5]: REC[0x563978c49aa0]: Preparing Packet ChangeCipherSpec(20) with length: 1 and min pad: 0 >gnutls[5]: REC[0x563978c49aa0]: Sent Packet[3] ChangeCipherSpec(20) in epoch 0 and length: 6 >gnutls[5]: REC[0x563978c49aa0]: Preparing Packet Handshake(22) with length: 16 and min pad: 0 >gnutls[5]: REC[0x563978c49aa0]: Sent Packet[1] Handshake(22) in epoch 1 and length: 45 >gnutls[5]: REC[0x563978c49aa0]: SSL 3.3 ChangeCipherSpec packet received. Epoch 0, length: 1 >gnutls[5]: REC[0x563978c49aa0]: Expected Packet ChangeCipherSpec(20) >gnutls[5]: REC[0x563978c49aa0]: Received Packet ChangeCipherSpec(20) with length: 1 >gnutls[5]: REC[0x563978c49aa0]: Decrypted Packet[4] ChangeCipherSpec(20) with length: 1 >gnutls[4]: HSK[0x563978c49aa0]: Cipher Suite: GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384 >gnutls[3]: ASSERT: buffers.c[get_last_packet]:1157 >gnutls[5]: REC[0x563978c49aa0]: SSL 3.3 Handshake packet received. Epoch 0, length: 40 >gnutls[5]: REC[0x563978c49aa0]: Expected Packet Handshake(22) >gnutls[5]: REC[0x563978c49aa0]: Received Packet Handshake(22) with length: 40 >gnutls[5]: REC[0x563978c49aa0]: Decrypted Packet[0] Handshake(22) with length: 16 >gnutls[4]: HSK[0x563978c49aa0]: FINISHED (20) was received. Length 12[12], frag offset 0, frag length: 12, sequence: 0 >gnutls[5]: REC[0x563978c49aa0]: Start of epoch cleanup >gnutls[5]: REC[0x563978c49aa0]: Epoch #0 freed >gnutls[5]: REC[0x563978c49aa0]: End of epoch cleanup >Connected to HTTPS on vpn.company.com >gnutls[5]: REC[0x563978c49aa0]: Preparing Packet Application Data(23) with length: 592 and min pad: 0 >gnutls[5]: REC[0x563978c49aa0]: Sent Packet[2] Application Data(23) in epoch 1 and length: 621 >gnutls[3]: ASSERT: buffers.c[_gnutls_io_read_buffered]:589 >gnutls[3]: ASSERT: record.c[_gnutls_recv_int]:1488 >gnutls[5]: REC[0x563978c49aa0]: SSL 3.3 Application Data packet received. Epoch 0, length: 199 >gnutls[5]: REC[0x563978c49aa0]: Expected Packet Application Data(23) >gnutls[5]: REC[0x563978c49aa0]: Received Packet Application Data(23) with length: 199 >gnutls[5]: REC[0x563978c49aa0]: Decrypted Packet[1] Application Data(23) with length: 175 >Got HTTP response: HTTP/1.1 301 Moved Permanently >gnutls[5]: REC[0x563978c49aa0]: Start of epoch cleanup >gnutls[5]: REC[0x563978c49aa0]: End of epoch cleanup >gnutls[5]: REC[0x563978c49aa0]: Epoch #1 freed >GET https://vpn.company.com/+webvpn+/index.html >Connected to x.x.x.x:443 >gnutls[5]: REC[0x563978e91fe0]: Allocating epoch #0 >gnutls[2]: system priority /etc/crypto-policies/back-ends/gnutls.config has not changed >gnutls[2]: resolved 'SYSTEM' to 'NONE:+AEAD:+SHA256:+SHA1:+SHA384:+SHA512:+GROUP-X25519:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-SECP521R1:+GROUP-FFDHE2048:+GROUP-FFDHE3072:+GROUP-FFDHE4096:+GROUP-FFDHE8192:+SIGN-ALL:-SIGN-RSA-MD5:-SIGN-DSA-SHA1:-SIGN-DSA-SHA224:-SIGN-DSA-SHA256:-SIGN-DSA-SHA384:-SIGN-DSA-SHA512:+AES-256-GCM:+AES-256-CCM:+CHACHA20-POLY1305:+CAMELLIA-256-GCM:+AES-256-CBC:+CAMELLIA-256-CBC:+AES-128-GCM:+AES-128-CCM:+CAMELLIA-128-GCM:+AES-128-CBC:+CAMELLIA-128-CBC:+ECDHE-RSA:+ECDHE-ECDSA:+RSA:+DHE-RSA:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-DTLS1.2:+VERS-DTLS1.0:+COMP-NULL:%PROFILE_LOW', next '' >gnutls[2]: selected priority string: NONE:+AEAD:+SHA256:+SHA1:+SHA384:+SHA512:+GROUP-X25519:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-SECP521R1:+GROUP-FFDHE2048:+GROUP-FFDHE3072:+GROUP-FFDHE4096:+GROUP-FFDHE8192:+SIGN-ALL:-SIGN-RSA-MD5:-SIGN-DSA-SHA1:-SIGN-DSA-SHA224:-SIGN-DSA-SHA256:-SIGN-DSA-SHA384:-SIGN-DSA-SHA512:+AES-256-GCM:+AES-256-CCM:+CHACHA20-POLY1305:+CAMELLIA-256-GCM:+AES-256-CBC:+CAMELLIA-256-CBC:+AES-128-GCM:+AES-128-CCM:+CAMELLIA-128-GCM:+AES-128-CBC:+CAMELLIA-128-CBC:+ECDHE-RSA:+ECDHE-ECDSA:+RSA:+DHE-RSA:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-DTLS1.2:+VERS-DTLS1.0:+COMP-NULL:%PROFILE_LOW:%COMPAT >gnutls[2]: added 53 ciphersuites, 11 sig algos and 8 groups into priority list >SSL negotiation with vpn.company.com >gnutls[5]: REC[0x563978e91fe0]: Allocating epoch #1 >gnutls[4]: HSK[0x563978e91fe0]: Adv. version: 3.3 >gnutls[2]: Keeping ciphersuite c0.30 (GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384) >gnutls[2]: Keeping ciphersuite cc.a8 (GNUTLS_ECDHE_RSA_CHACHA20_POLY1305) >gnutls[2]: Keeping ciphersuite c0.8b (GNUTLS_ECDHE_RSA_CAMELLIA_256_GCM_SHA384) >gnutls[2]: Keeping ciphersuite c0.14 (GNUTLS_ECDHE_RSA_AES_256_CBC_SHA1) >gnutls[2]: Keeping ciphersuite c0.28 (GNUTLS_ECDHE_RSA_AES_256_CBC_SHA384) >gnutls[2]: Keeping ciphersuite c0.77 (GNUTLS_ECDHE_RSA_CAMELLIA_256_CBC_SHA384) >gnutls[2]: Keeping ciphersuite c0.2f (GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256) >gnutls[2]: Keeping ciphersuite c0.8a (GNUTLS_ECDHE_RSA_CAMELLIA_128_GCM_SHA256) >gnutls[2]: Keeping ciphersuite c0.27 (GNUTLS_ECDHE_RSA_AES_128_CBC_SHA256) >gnutls[2]: Keeping ciphersuite c0.13 (GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1) >gnutls[2]: Keeping ciphersuite c0.76 (GNUTLS_ECDHE_RSA_CAMELLIA_128_CBC_SHA256) >gnutls[2]: Keeping ciphersuite c0.2c (GNUTLS_ECDHE_ECDSA_AES_256_GCM_SHA384) >gnutls[2]: Keeping ciphersuite c0.ad (GNUTLS_ECDHE_ECDSA_AES_256_CCM) >gnutls[2]: Keeping ciphersuite cc.a9 (GNUTLS_ECDHE_ECDSA_CHACHA20_POLY1305) >gnutls[2]: Keeping ciphersuite c0.87 (GNUTLS_ECDHE_ECDSA_CAMELLIA_256_GCM_SHA384) >gnutls[2]: Keeping ciphersuite c0.0a (GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA1) >gnutls[2]: Keeping ciphersuite c0.24 (GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA384) >gnutls[2]: Keeping ciphersuite c0.73 (GNUTLS_ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384) >gnutls[2]: Keeping ciphersuite c0.2b (GNUTLS_ECDHE_ECDSA_AES_128_GCM_SHA256) >gnutls[2]: Keeping ciphersuite c0.ac (GNUTLS_ECDHE_ECDSA_AES_128_CCM) >gnutls[2]: Keeping ciphersuite c0.86 (GNUTLS_ECDHE_ECDSA_CAMELLIA_128_GCM_SHA256) >gnutls[2]: Keeping ciphersuite c0.23 (GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA256) >gnutls[2]: Keeping ciphersuite c0.09 (GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA1) >gnutls[2]: Keeping ciphersuite c0.72 (GNUTLS_ECDHE_ECDSA_CAMELLIA_128_CBC_SHA256) >gnutls[2]: Keeping ciphersuite 00.9d (GNUTLS_RSA_AES_256_GCM_SHA384) >gnutls[2]: Keeping ciphersuite c0.9d (GNUTLS_RSA_AES_256_CCM) >gnutls[2]: Keeping ciphersuite c0.7b (GNUTLS_RSA_CAMELLIA_256_GCM_SHA384) >gnutls[2]: Keeping ciphersuite 00.3d (GNUTLS_RSA_AES_256_CBC_SHA256) >gnutls[2]: Keeping ciphersuite 00.35 (GNUTLS_RSA_AES_256_CBC_SHA1) >gnutls[2]: Keeping ciphersuite 00.c0 (GNUTLS_RSA_CAMELLIA_256_CBC_SHA256) >gnutls[2]: Keeping ciphersuite 00.84 (GNUTLS_RSA_CAMELLIA_256_CBC_SHA1) >gnutls[2]: Keeping ciphersuite 00.9c (GNUTLS_RSA_AES_128_GCM_SHA256) >gnutls[2]: Keeping ciphersuite c0.9c (GNUTLS_RSA_AES_128_CCM) >gnutls[2]: Keeping ciphersuite c0.7a (GNUTLS_RSA_CAMELLIA_128_GCM_SHA256) >gnutls[2]: Keeping ciphersuite 00.3c (GNUTLS_RSA_AES_128_CBC_SHA256) >gnutls[2]: Keeping ciphersuite 00.2f (GNUTLS_RSA_AES_128_CBC_SHA1) >gnutls[2]: Keeping ciphersuite 00.ba (GNUTLS_RSA_CAMELLIA_128_CBC_SHA256) >gnutls[2]: Keeping ciphersuite 00.41 (GNUTLS_RSA_CAMELLIA_128_CBC_SHA1) >gnutls[2]: Keeping ciphersuite 00.9f (GNUTLS_DHE_RSA_AES_256_GCM_SHA384) >gnutls[2]: Keeping ciphersuite c0.9f (GNUTLS_DHE_RSA_AES_256_CCM) >gnutls[2]: Keeping ciphersuite cc.aa (GNUTLS_DHE_RSA_CHACHA20_POLY1305) >gnutls[2]: Keeping ciphersuite c0.7d (GNUTLS_DHE_RSA_CAMELLIA_256_GCM_SHA384) >gnutls[2]: Keeping ciphersuite 00.6b (GNUTLS_DHE_RSA_AES_256_CBC_SHA256) >gnutls[2]: Keeping ciphersuite 00.39 (GNUTLS_DHE_RSA_AES_256_CBC_SHA1) >gnutls[2]: Keeping ciphersuite 00.c4 (GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA256) >gnutls[2]: Keeping ciphersuite 00.88 (GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1) >gnutls[2]: Keeping ciphersuite 00.9e (GNUTLS_DHE_RSA_AES_128_GCM_SHA256) >gnutls[2]: Keeping ciphersuite c0.9e (GNUTLS_DHE_RSA_AES_128_CCM) >gnutls[2]: Keeping ciphersuite c0.7c (GNUTLS_DHE_RSA_CAMELLIA_128_GCM_SHA256) >gnutls[2]: Keeping ciphersuite 00.67 (GNUTLS_DHE_RSA_AES_128_CBC_SHA256) >gnutls[2]: Keeping ciphersuite 00.33 (GNUTLS_DHE_RSA_AES_128_CBC_SHA1) >gnutls[2]: Keeping ciphersuite 00.be (GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA256) >gnutls[2]: Keeping ciphersuite 00.45 (GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1) >gnutls[4]: EXT[0x563978e91fe0]: Sending extension OCSP Status Request (5 bytes) >gnutls[2]: HSK[0x563978e91fe0]: sent server name: 'vpn.company.com' >gnutls[4]: EXT[0x563978e91fe0]: Sending extension Server Name Indication (19 bytes) >gnutls[4]: EXT[0x563978e91fe0]: Sending extension Safe Renegotiation (1 bytes) >gnutls[4]: EXT[0x563978e91fe0]: Sending extension Session Ticket (0 bytes) >gnutls[4]: EXT[0x563978e91fe0]: sent group X25519 (0x1d) >gnutls[4]: EXT[0x563978e91fe0]: sent group SECP256R1 (0x17) >gnutls[4]: EXT[0x563978e91fe0]: sent group SECP384R1 (0x18) >gnutls[4]: EXT[0x563978e91fe0]: sent group SECP521R1 (0x19) >gnutls[4]: EXT[0x563978e91fe0]: sent group FFDHE2048 (0x100) >gnutls[4]: EXT[0x563978e91fe0]: sent group FFDHE3072 (0x101) >gnutls[4]: EXT[0x563978e91fe0]: sent group FFDHE4096 (0x102) >gnutls[4]: EXT[0x563978e91fe0]: sent group FFDHE8192 (0x104) >gnutls[4]: EXT[0x563978e91fe0]: Sending extension Negotiated Groups (18 bytes) >gnutls[4]: EXT[0x563978e91fe0]: Sending extension Supported ECC Point Formats (2 bytes) >gnutls[4]: EXT[0x563978e91fe0]: sent signature algo (4.1) RSA-SHA256 >gnutls[4]: EXT[0x563978e91fe0]: sent signature algo (4.3) ECDSA-SHA256 >gnutls[4]: EXT[0x563978e91fe0]: sent signature algo (5.1) RSA-SHA384 >gnutls[4]: EXT[0x563978e91fe0]: sent signature algo (5.3) ECDSA-SHA384 >gnutls[4]: EXT[0x563978e91fe0]: sent signature algo (6.1) RSA-SHA512 >gnutls[4]: EXT[0x563978e91fe0]: sent signature algo (6.3) ECDSA-SHA512 >gnutls[4]: EXT[0x563978e91fe0]: sent signature algo (2.1) RSA-SHA1 >gnutls[4]: EXT[0x563978e91fe0]: sent signature algo (2.3) ECDSA-SHA1 >gnutls[4]: EXT[0x563978e91fe0]: sent signature algo (8.7) EdDSA-Ed25519 >gnutls[4]: EXT[0x563978e91fe0]: Sending extension Signature Algorithms (20 bytes) >gnutls[4]: HSK[0x563978e91fe0]: CLIENT HELLO was queued [244 bytes] >gnutls[5]: REC[0x563978e91fe0]: Preparing Packet Handshake(22) with length: 244 and min pad: 0 >gnutls[5]: REC[0x563978e91fe0]: Sent Packet[1] Handshake(22) in epoch 0 and length: 249 >gnutls[3]: ASSERT: buffers.c[get_last_packet]:1157 >gnutls[5]: REC[0x563978e91fe0]: SSL 3.3 Handshake packet received. Epoch 0, length: 93 >gnutls[5]: REC[0x563978e91fe0]: Expected Packet Handshake(22) >gnutls[5]: REC[0x563978e91fe0]: Received Packet Handshake(22) with length: 93 >gnutls[5]: REC[0x563978e91fe0]: Decrypted Packet[0] Handshake(22) with length: 93 >gnutls[4]: HSK[0x563978e91fe0]: SERVER HELLO (2) was received. Length 89[89], frag offset 0, frag length: 89, sequence: 0 >gnutls[4]: HSK[0x563978e91fe0]: Server's version: 3.3 >gnutls[4]: HSK[0x563978e91fe0]: SessionID length: 32 >gnutls[4]: HSK[0x563978e91fe0]: SessionID: 440cd5a0e9068587c8570f1be99af9510a9b86f9376bd4f9ebf3584a7ee1dd78 >gnutls[4]: HSK[0x563978e91fe0]: Selected cipher suite: GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384 >gnutls[4]: EXT[0x563978e91fe0]: Parsing extension 'Server Name Indication/0' (0 bytes) >gnutls[4]: EXT[0x563978e91fe0]: Parsing extension 'Safe Renegotiation/65281' (1 bytes) >gnutls[4]: EXT[0x563978e91fe0]: Parsing extension 'Supported ECC Point Formats/11' (4 bytes) >gnutls[4]: HSK[0x563978e91fe0]: Safe renegotiation succeeded >gnutls[3]: ASSERT: buffers.c[get_last_packet]:1157 >gnutls[5]: REC[0x563978e91fe0]: SSL 3.3 Handshake packet received. Epoch 0, length: 5664 >gnutls[5]: REC[0x563978e91fe0]: Expected Packet Handshake(22) >gnutls[5]: REC[0x563978e91fe0]: Received Packet Handshake(22) with length: 5664 >gnutls[5]: REC[0x563978e91fe0]: Decrypted Packet[1] Handshake(22) with length: 5664 >gnutls[4]: HSK[0x563978e91fe0]: CERTIFICATE (11) was received. Length 5660[5660], frag offset 0, frag length: 5660, sequence: 0 >gnutls[3]: ASSERT: status_request.c[gnutls_ocsp_status_request_get]:335 >gnutls[3]: ASSERT: verify.c[verify_crt]:663 >gnutls[3]: ASSERT: verify.c[verify_crt]:815 >gnutls[3]: ASSERT: verify.c[_gnutls_verify_crt_status]:985 >gnutls[2]: issuer in verification was not found or insecure; trying against trust list >gnutls[3]: ASSERT: verify.c[verify_crt]:663 >gnutls[3]: ASSERT: verify.c[verify_crt]:815 >gnutls[3]: ASSERT: verify.c[_gnutls_verify_crt_status]:985 >gnutls[3]: ASSERT: verify-high.c[gnutls_x509_trust_list_verify_crt2]:1362 >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3781 >gnutls[2]: crt_is_known: did not find cert, using issuer DN + serial, using DN only >gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4321 >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3781 >gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4334 >gnutls[2]: crt_is_known: did not find any cert >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3781 >gnutls[2]: crt_is_known: did not find cert, using issuer DN + serial, using DN only >gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4321 >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3781 >gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4334 >gnutls[2]: crt_is_known: did not find any cert >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3781 >gnutls[2]: crt_is_known: did not find cert, using issuer DN + serial, using DN only >gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4321 >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[2]: p11: No login requested. >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3781 >gnutls[2]: crt_is_known: did not find cert, using issuer DN + serial, using DN only >gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4321 >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3781 >gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4334 >gnutls[2]: crt_is_known: did not find any cert >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3781 >gnutls[2]: crt_is_known: did not find cert, using issuer DN + serial, using DN only >gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4321 >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3781 >gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4334 >gnutls[2]: crt_is_known: did not find any cert >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[2]: p11: No login requested. >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3781 >gnutls[2]: crt_is_known: did not find cert, using issuer DN + serial, using DN only >gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4321 >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3781 >gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4334 >gnutls[2]: crt_is_known: did not find any cert >gnutls[2]: looking for key purpose '1.3.6.1.5.5.7.3.1', but have '1.3.6.1.5.5.7.3.4' >gnutls[3]: ASSERT: name_constraints.c[gnutls_x509_crt_get_name_constraints]:470 >gnutls[3]: ASSERT: name_constraints.c[gnutls_x509_crt_get_name_constraints]:470 >gnutls[3]: ASSERT: buffers.c[get_last_packet]:1157 >gnutls[5]: REC[0x563978e91fe0]: SSL 3.3 Handshake packet received. Epoch 0, length: 333 >gnutls[5]: REC[0x563978e91fe0]: Expected Packet Handshake(22) >gnutls[5]: REC[0x563978e91fe0]: Received Packet Handshake(22) with length: 333 >gnutls[5]: REC[0x563978e91fe0]: Decrypted Packet[2] Handshake(22) with length: 333 >gnutls[4]: HSK[0x563978e91fe0]: SERVER KEY EXCHANGE (12) was received. Length 329[329], frag offset 0, frag length: 329, sequence: 0 >gnutls[2]: received curve SECP256R1 >gnutls[4]: HSK[0x563978e91fe0]: Selected group SECP256R1 (2) >gnutls[4]: HSK[0x563978e91fe0]: verify TLS 1.2 handshake data: using RSA-SHA512 >gnutls[3]: ASSERT: buffers.c[get_last_packet]:1157 >gnutls[5]: REC[0x563978e91fe0]: SSL 3.3 Handshake packet received. Epoch 0, length: 781 >gnutls[5]: REC[0x563978e91fe0]: Expected Packet Handshake(22) >gnutls[5]: REC[0x563978e91fe0]: Received Packet Handshake(22) with length: 781 >gnutls[5]: REC[0x563978e91fe0]: Decrypted Packet[3] Handshake(22) with length: 781 >gnutls[4]: HSK[0x563978e91fe0]: CERTIFICATE REQUEST (13) was received. Length 773[777], frag offset 0, frag length: 773, sequence: 0 >gnutls[4]: EXT[0x563978e91fe0]: rcvd signature algo (6.1) RSA-SHA512 >gnutls[4]: EXT[0x563978e91fe0]: rcvd signature algo (6.3) ECDSA-SHA512 >gnutls[4]: EXT[0x563978e91fe0]: rcvd signature algo (5.1) RSA-SHA384 >gnutls[4]: EXT[0x563978e91fe0]: rcvd signature algo (5.3) ECDSA-SHA384 >gnutls[4]: EXT[0x563978e91fe0]: rcvd signature algo (4.1) RSA-SHA256 >gnutls[4]: EXT[0x563978e91fe0]: rcvd signature algo (4.3) ECDSA-SHA256 >gnutls[4]: EXT[0x563978e91fe0]: rcvd signature algo (2.1) RSA-SHA1 >gnutls[3]: Peer requested CA: C=RU,O=Billing Systems Ltd,OU=Project Department,CN=ACQ Global CA >gnutls[3]: ASSERT: buffers.c[get_last_packet]:1157 >gnutls[4]: HSK[0x563978e91fe0]: SERVER HELLO DONE (14) was received. Length 0[0], frag offset 0, frag length: 1, sequence: 0 >gnutls[3]: ASSERT: buffers.c[_gnutls_handshake_io_recv_int]:1395 >gnutls[4]: HSK[0x563978e91fe0]: CERTIFICATE was queued [1459 bytes] >gnutls[4]: HSK[0x563978e91fe0]: CLIENT KEY EXCHANGE was queued [70 bytes] >gnutls[2]: sign handshake cert vrfy: picked RSA-SHA512 >gnutls[4]: HSK[0x563978e91fe0]: CERTIFICATE VERIFY was queued [264 bytes] >gnutls[4]: REC[0x563978e91fe0]: Sent ChangeCipherSpec >gnutls[5]: REC[0x563978e91fe0]: Initializing epoch #1 >gnutls[5]: REC[0x563978e91fe0]: Epoch #1 ready >gnutls[4]: HSK[0x563978e91fe0]: Cipher Suite: GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384 >gnutls[4]: HSK[0x563978e91fe0]: Initializing internal [write] cipher sessions >gnutls[4]: HSK[0x563978e91fe0]: recording tls-unique CB (send) >gnutls[4]: HSK[0x563978e91fe0]: FINISHED was queued [16 bytes] >gnutls[5]: REC[0x563978e91fe0]: Preparing Packet Handshake(22) with length: 1459 and min pad: 0 >gnutls[5]: REC[0x563978e91fe0]: Sent Packet[2] Handshake(22) in epoch 0 and length: 1464 >gnutls[5]: REC[0x563978e91fe0]: Preparing Packet Handshake(22) with length: 70 and min pad: 0 >gnutls[5]: REC[0x563978e91fe0]: Sent Packet[3] Handshake(22) in epoch 0 and length: 75 >gnutls[5]: REC[0x563978e91fe0]: Preparing Packet Handshake(22) with length: 264 and min pad: 0 >gnutls[5]: REC[0x563978e91fe0]: Sent Packet[4] Handshake(22) in epoch 0 and length: 269 >gnutls[5]: REC[0x563978e91fe0]: Preparing Packet ChangeCipherSpec(20) with length: 1 and min pad: 0 >gnutls[5]: REC[0x563978e91fe0]: Sent Packet[5] ChangeCipherSpec(20) in epoch 0 and length: 6 >gnutls[5]: REC[0x563978e91fe0]: Preparing Packet Handshake(22) with length: 16 and min pad: 0 >gnutls[5]: REC[0x563978e91fe0]: Sent Packet[1] Handshake(22) in epoch 1 and length: 45 >gnutls[5]: REC[0x563978e91fe0]: SSL 3.3 ChangeCipherSpec packet received. Epoch 0, length: 1 >gnutls[5]: REC[0x563978e91fe0]: Expected Packet ChangeCipherSpec(20) >gnutls[5]: REC[0x563978e91fe0]: Received Packet ChangeCipherSpec(20) with length: 1 >gnutls[5]: REC[0x563978e91fe0]: Decrypted Packet[4] ChangeCipherSpec(20) with length: 1 >gnutls[4]: HSK[0x563978e91fe0]: Cipher Suite: GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384 >gnutls[3]: ASSERT: buffers.c[get_last_packet]:1157 >gnutls[5]: REC[0x563978e91fe0]: SSL 3.3 Handshake packet received. Epoch 0, length: 40 >gnutls[5]: REC[0x563978e91fe0]: Expected Packet Handshake(22) >gnutls[5]: REC[0x563978e91fe0]: Received Packet Handshake(22) with length: 40 >gnutls[5]: REC[0x563978e91fe0]: Decrypted Packet[0] Handshake(22) with length: 16 >gnutls[4]: HSK[0x563978e91fe0]: FINISHED (20) was received. Length 12[12], frag offset 0, frag length: 12, sequence: 0 >gnutls[5]: REC[0x563978e91fe0]: Start of epoch cleanup >gnutls[5]: REC[0x563978e91fe0]: Epoch #0 freed >gnutls[5]: REC[0x563978e91fe0]: End of epoch cleanup >Connected to HTTPS on vpn.company.com >gnutls[5]: REC[0x563978e91fe0]: Preparing Packet Application Data(23) with length: 202 and min pad: 0 >gnutls[5]: REC[0x563978e91fe0]: Sent Packet[2] Application Data(23) in epoch 1 and length: 231 >gnutls[3]: ASSERT: buffers.c[_gnutls_io_read_buffered]:589 >gnutls[3]: ASSERT: record.c[_gnutls_recv_int]:1488 >gnutls[5]: REC[0x563978e91fe0]: SSL 3.3 Application Data packet received. Epoch 0, length: 762 >gnutls[5]: REC[0x563978e91fe0]: Expected Packet Application Data(23) >gnutls[5]: REC[0x563978e91fe0]: Received Packet Application Data(23) with length: 762 >gnutls[5]: REC[0x563978e91fe0]: Decrypted Packet[1] Application Data(23) with length: 738 >gnutls[5]: REC[0x563978e91fe0]: SSL 3.3 Application Data packet received. Epoch 0, length: 280 >gnutls[5]: REC[0x563978e91fe0]: Expected Packet Application Data(23) >gnutls[5]: REC[0x563978e91fe0]: Received Packet Application Data(23) with length: 280 >gnutls[5]: REC[0x563978e91fe0]: Decrypted Packet[2] Application Data(23) with length: 256 >gnutls[5]: REC[0x563978e91fe0]: Start of epoch cleanup >gnutls[5]: REC[0x563978e91fe0]: End of epoch cleanup >gnutls[5]: REC[0x563978e91fe0]: Epoch #1 freed >Please enter your username and password. >Password: >POST https://vpn.company.com/+webvpn+/index.html >gnutls[5]: REC[0x563978e7ef50]: Allocating epoch #0 >gnutls[2]: system priority /etc/crypto-policies/back-ends/gnutls.config has not changed >gnutls[2]: resolved 'SYSTEM' to 'NONE:+AEAD:+SHA256:+SHA1:+SHA384:+SHA512:+GROUP-X25519:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-SECP521R1:+GROUP-FFDHE2048:+GROUP-FFDHE3072:+GROUP-FFDHE4096:+GROUP-FFDHE8192:+SIGN-ALL:-SIGN-RSA-MD5:-SIGN-DSA-SHA1:-SIGN-DSA-SHA224:-SIGN-DSA-SHA256:-SIGN-DSA-SHA384:-SIGN-DSA-SHA512:+AES-256-GCM:+AES-256-CCM:+CHACHA20-POLY1305:+CAMELLIA-256-GCM:+AES-256-CBC:+CAMELLIA-256-CBC:+AES-128-GCM:+AES-128-CCM:+CAMELLIA-128-GCM:+AES-128-CBC:+CAMELLIA-128-CBC:+ECDHE-RSA:+ECDHE-ECDSA:+RSA:+DHE-RSA:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-DTLS1.2:+VERS-DTLS1.0:+COMP-NULL:%PROFILE_LOW', next '' >gnutls[2]: selected priority string: NONE:+AEAD:+SHA256:+SHA1:+SHA384:+SHA512:+GROUP-X25519:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-SECP521R1:+GROUP-FFDHE2048:+GROUP-FFDHE3072:+GROUP-FFDHE4096:+GROUP-FFDHE8192:+SIGN-ALL:-SIGN-RSA-MD5:-SIGN-DSA-SHA1:-SIGN-DSA-SHA224:-SIGN-DSA-SHA256:-SIGN-DSA-SHA384:-SIGN-DSA-SHA512:+AES-256-GCM:+AES-256-CCM:+CHACHA20-POLY1305:+CAMELLIA-256-GCM:+AES-256-CBC:+CAMELLIA-256-CBC:+AES-128-GCM:+AES-128-CCM:+CAMELLIA-128-GCM:+AES-128-CBC:+CAMELLIA-128-CBC:+ECDHE-RSA:+ECDHE-ECDSA:+RSA:+DHE-RSA:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-DTLS1.2:+VERS-DTLS1.0:+COMP-NULL:%PROFILE_LOW:%COMPAT >gnutls[2]: added 53 ciphersuites, 11 sig algos and 8 groups into priority list >SSL negotiation with vpn.company.com >gnutls[5]: REC[0x563978e7ef50]: Allocating epoch #1 >gnutls[4]: HSK[0x563978e7ef50]: Adv. version: 3.3 >gnutls[2]: Keeping ciphersuite c0.30 (GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384) >gnutls[2]: Keeping ciphersuite cc.a8 (GNUTLS_ECDHE_RSA_CHACHA20_POLY1305) >gnutls[2]: Keeping ciphersuite c0.8b (GNUTLS_ECDHE_RSA_CAMELLIA_256_GCM_SHA384) >gnutls[2]: Keeping ciphersuite c0.14 (GNUTLS_ECDHE_RSA_AES_256_CBC_SHA1) >gnutls[2]: Keeping ciphersuite c0.28 (GNUTLS_ECDHE_RSA_AES_256_CBC_SHA384) >gnutls[2]: Keeping ciphersuite c0.77 (GNUTLS_ECDHE_RSA_CAMELLIA_256_CBC_SHA384) >gnutls[2]: Keeping ciphersuite c0.2f (GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256) >gnutls[2]: Keeping ciphersuite c0.8a (GNUTLS_ECDHE_RSA_CAMELLIA_128_GCM_SHA256) >gnutls[2]: Keeping ciphersuite c0.27 (GNUTLS_ECDHE_RSA_AES_128_CBC_SHA256) >gnutls[2]: Keeping ciphersuite c0.13 (GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1) >gnutls[2]: Keeping ciphersuite c0.76 (GNUTLS_ECDHE_RSA_CAMELLIA_128_CBC_SHA256) >gnutls[2]: Keeping ciphersuite c0.2c (GNUTLS_ECDHE_ECDSA_AES_256_GCM_SHA384) >gnutls[2]: Keeping ciphersuite c0.ad (GNUTLS_ECDHE_ECDSA_AES_256_CCM) >gnutls[2]: Keeping ciphersuite cc.a9 (GNUTLS_ECDHE_ECDSA_CHACHA20_POLY1305) >gnutls[2]: Keeping ciphersuite c0.87 (GNUTLS_ECDHE_ECDSA_CAMELLIA_256_GCM_SHA384) >gnutls[2]: Keeping ciphersuite c0.0a (GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA1) >gnutls[2]: Keeping ciphersuite c0.24 (GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA384) >gnutls[2]: Keeping ciphersuite c0.73 (GNUTLS_ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384) >gnutls[2]: Keeping ciphersuite c0.2b (GNUTLS_ECDHE_ECDSA_AES_128_GCM_SHA256) >gnutls[2]: Keeping ciphersuite c0.ac (GNUTLS_ECDHE_ECDSA_AES_128_CCM) >gnutls[2]: Keeping ciphersuite c0.86 (GNUTLS_ECDHE_ECDSA_CAMELLIA_128_GCM_SHA256) >gnutls[2]: Keeping ciphersuite c0.23 (GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA256) >gnutls[2]: Keeping ciphersuite c0.09 (GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA1) >gnutls[2]: Keeping ciphersuite c0.72 (GNUTLS_ECDHE_ECDSA_CAMELLIA_128_CBC_SHA256) >gnutls[2]: Keeping ciphersuite 00.9d (GNUTLS_RSA_AES_256_GCM_SHA384) >gnutls[2]: Keeping ciphersuite c0.9d (GNUTLS_RSA_AES_256_CCM) >gnutls[2]: Keeping ciphersuite c0.7b (GNUTLS_RSA_CAMELLIA_256_GCM_SHA384) >gnutls[2]: Keeping ciphersuite 00.3d (GNUTLS_RSA_AES_256_CBC_SHA256) >gnutls[2]: Keeping ciphersuite 00.35 (GNUTLS_RSA_AES_256_CBC_SHA1) >gnutls[2]: Keeping ciphersuite 00.c0 (GNUTLS_RSA_CAMELLIA_256_CBC_SHA256) >gnutls[2]: Keeping ciphersuite 00.84 (GNUTLS_RSA_CAMELLIA_256_CBC_SHA1) >gnutls[2]: Keeping ciphersuite 00.9c (GNUTLS_RSA_AES_128_GCM_SHA256) >gnutls[2]: Keeping ciphersuite c0.9c (GNUTLS_RSA_AES_128_CCM) >gnutls[2]: Keeping ciphersuite c0.7a (GNUTLS_RSA_CAMELLIA_128_GCM_SHA256) >gnutls[2]: Keeping ciphersuite 00.3c (GNUTLS_RSA_AES_128_CBC_SHA256) >gnutls[2]: Keeping ciphersuite 00.2f (GNUTLS_RSA_AES_128_CBC_SHA1) >gnutls[2]: Keeping ciphersuite 00.ba (GNUTLS_RSA_CAMELLIA_128_CBC_SHA256) >gnutls[2]: Keeping ciphersuite 00.41 (GNUTLS_RSA_CAMELLIA_128_CBC_SHA1) >gnutls[2]: Keeping ciphersuite 00.9f (GNUTLS_DHE_RSA_AES_256_GCM_SHA384) >gnutls[2]: Keeping ciphersuite c0.9f (GNUTLS_DHE_RSA_AES_256_CCM) >gnutls[2]: Keeping ciphersuite cc.aa (GNUTLS_DHE_RSA_CHACHA20_POLY1305) >gnutls[2]: Keeping ciphersuite c0.7d (GNUTLS_DHE_RSA_CAMELLIA_256_GCM_SHA384) >gnutls[2]: Keeping ciphersuite 00.6b (GNUTLS_DHE_RSA_AES_256_CBC_SHA256) >gnutls[2]: Keeping ciphersuite 00.39 (GNUTLS_DHE_RSA_AES_256_CBC_SHA1) >gnutls[2]: Keeping ciphersuite 00.c4 (GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA256) >gnutls[2]: Keeping ciphersuite 00.88 (GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1) >gnutls[2]: Keeping ciphersuite 00.9e (GNUTLS_DHE_RSA_AES_128_GCM_SHA256) >gnutls[2]: Keeping ciphersuite c0.9e (GNUTLS_DHE_RSA_AES_128_CCM) >gnutls[2]: Keeping ciphersuite c0.7c (GNUTLS_DHE_RSA_CAMELLIA_128_GCM_SHA256) >gnutls[2]: Keeping ciphersuite 00.67 (GNUTLS_DHE_RSA_AES_128_CBC_SHA256) >gnutls[2]: Keeping ciphersuite 00.33 (GNUTLS_DHE_RSA_AES_128_CBC_SHA1) >gnutls[2]: Keeping ciphersuite 00.be (GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA256) >gnutls[2]: Keeping ciphersuite 00.45 (GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1) >gnutls[4]: EXT[0x563978e7ef50]: Sending extension OCSP Status Request (5 bytes) >gnutls[2]: HSK[0x563978e7ef50]: sent server name: 'vpn.company.com' >gnutls[4]: EXT[0x563978e7ef50]: Sending extension Server Name Indication (19 bytes) >gnutls[4]: EXT[0x563978e7ef50]: Sending extension Safe Renegotiation (1 bytes) >gnutls[4]: EXT[0x563978e7ef50]: Sending extension Session Ticket (0 bytes) >gnutls[4]: EXT[0x563978e7ef50]: sent group X25519 (0x1d) >gnutls[4]: EXT[0x563978e7ef50]: sent group SECP256R1 (0x17) >gnutls[4]: EXT[0x563978e7ef50]: sent group SECP384R1 (0x18) >gnutls[4]: EXT[0x563978e7ef50]: sent group SECP521R1 (0x19) >gnutls[4]: EXT[0x563978e7ef50]: sent group FFDHE2048 (0x100) >gnutls[4]: EXT[0x563978e7ef50]: sent group FFDHE3072 (0x101) >gnutls[4]: EXT[0x563978e7ef50]: sent group FFDHE4096 (0x102) >gnutls[4]: EXT[0x563978e7ef50]: sent group FFDHE8192 (0x104) >gnutls[4]: EXT[0x563978e7ef50]: Sending extension Negotiated Groups (18 bytes) >gnutls[4]: EXT[0x563978e7ef50]: Sending extension Supported ECC Point Formats (2 bytes) >gnutls[4]: EXT[0x563978e7ef50]: sent signature algo (4.1) RSA-SHA256 >gnutls[4]: EXT[0x563978e7ef50]: sent signature algo (4.3) ECDSA-SHA256 >gnutls[4]: EXT[0x563978e7ef50]: sent signature algo (5.1) RSA-SHA384 >gnutls[4]: EXT[0x563978e7ef50]: sent signature algo (5.3) ECDSA-SHA384 >gnutls[4]: EXT[0x563978e7ef50]: sent signature algo (6.1) RSA-SHA512 >gnutls[4]: EXT[0x563978e7ef50]: sent signature algo (6.3) ECDSA-SHA512 >gnutls[4]: EXT[0x563978e7ef50]: sent signature algo (2.1) RSA-SHA1 >gnutls[4]: EXT[0x563978e7ef50]: sent signature algo (2.3) ECDSA-SHA1 >gnutls[4]: EXT[0x563978e7ef50]: sent signature algo (8.7) EdDSA-Ed25519 >gnutls[4]: EXT[0x563978e7ef50]: Sending extension Signature Algorithms (20 bytes) >gnutls[4]: HSK[0x563978e7ef50]: CLIENT HELLO was queued [244 bytes] >gnutls[5]: REC[0x563978e7ef50]: Preparing Packet Handshake(22) with length: 244 and min pad: 0 >gnutls[5]: REC[0x563978e7ef50]: Sent Packet[1] Handshake(22) in epoch 0 and length: 249 >gnutls[3]: ASSERT: buffers.c[get_last_packet]:1157 >gnutls[5]: REC[0x563978e7ef50]: SSL 3.3 Handshake packet received. Epoch 0, length: 93 >gnutls[5]: REC[0x563978e7ef50]: Expected Packet Handshake(22) >gnutls[5]: REC[0x563978e7ef50]: Received Packet Handshake(22) with length: 93 >gnutls[5]: REC[0x563978e7ef50]: Decrypted Packet[0] Handshake(22) with length: 93 >gnutls[4]: HSK[0x563978e7ef50]: SERVER HELLO (2) was received. Length 89[89], frag offset 0, frag length: 89, sequence: 0 >gnutls[4]: HSK[0x563978e7ef50]: Server's version: 3.3 >gnutls[4]: HSK[0x563978e7ef50]: SessionID length: 32 >gnutls[4]: HSK[0x563978e7ef50]: SessionID: c1dab8c074006244b009e091fadfe06398321bd03aa2e93f45fc93ac712e7204 >gnutls[4]: HSK[0x563978e7ef50]: Selected cipher suite: GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384 >gnutls[4]: EXT[0x563978e7ef50]: Parsing extension 'Server Name Indication/0' (0 bytes) >gnutls[4]: EXT[0x563978e7ef50]: Parsing extension 'Safe Renegotiation/65281' (1 bytes) >gnutls[4]: EXT[0x563978e7ef50]: Parsing extension 'Supported ECC Point Formats/11' (4 bytes) >gnutls[4]: HSK[0x563978e7ef50]: Safe renegotiation succeeded >gnutls[3]: ASSERT: buffers.c[get_last_packet]:1157 >gnutls[5]: REC[0x563978e7ef50]: SSL 3.3 Handshake packet received. Epoch 0, length: 5664 >gnutls[5]: REC[0x563978e7ef50]: Expected Packet Handshake(22) >gnutls[5]: REC[0x563978e7ef50]: Received Packet Handshake(22) with length: 5664 >gnutls[5]: REC[0x563978e7ef50]: Decrypted Packet[1] Handshake(22) with length: 5664 >gnutls[4]: HSK[0x563978e7ef50]: CERTIFICATE (11) was received. Length 5660[5660], frag offset 0, frag length: 5660, sequence: 0 >gnutls[3]: ASSERT: status_request.c[gnutls_ocsp_status_request_get]:335 >gnutls[3]: ASSERT: verify.c[verify_crt]:663 >gnutls[3]: ASSERT: verify.c[verify_crt]:815 >gnutls[3]: ASSERT: verify.c[_gnutls_verify_crt_status]:985 >gnutls[2]: issuer in verification was not found or insecure; trying against trust list >gnutls[3]: ASSERT: verify.c[verify_crt]:663 >gnutls[3]: ASSERT: verify.c[verify_crt]:815 >gnutls[3]: ASSERT: verify.c[_gnutls_verify_crt_status]:985 >gnutls[3]: ASSERT: verify-high.c[gnutls_x509_trust_list_verify_crt2]:1362 >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3781 >gnutls[2]: crt_is_known: did not find cert, using issuer DN + serial, using DN only >gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4321 >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3781 >gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4334 >gnutls[2]: crt_is_known: did not find any cert >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3781 >gnutls[2]: crt_is_known: did not find cert, using issuer DN + serial, using DN only >gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4321 >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3781 >gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4334 >gnutls[2]: crt_is_known: did not find any cert >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3781 >gnutls[2]: crt_is_known: did not find cert, using issuer DN + serial, using DN only >gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4321 >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[2]: p11: No login requested. >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3781 >gnutls[2]: crt_is_known: did not find cert, using issuer DN + serial, using DN only >gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4321 >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3781 >gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4334 >gnutls[2]: crt_is_known: did not find any cert >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3781 >gnutls[2]: crt_is_known: did not find cert, using issuer DN + serial, using DN only >gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4321 >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3781 >gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4334 >gnutls[2]: crt_is_known: did not find any cert >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[2]: p11: No login requested. >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3781 >gnutls[2]: crt_is_known: did not find cert, using issuer DN + serial, using DN only >gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4321 >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[2]: p11: No login requested. >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3956 >gnutls[3]: ASSERT: pkcs11.c[find_cert_cb]:3781 >gnutls[3]: ASSERT: pkcs11.c[gnutls_pkcs11_crt_is_known]:4334 >gnutls[2]: crt_is_known: did not find any cert >gnutls[2]: looking for key purpose '1.3.6.1.5.5.7.3.1', but have '1.3.6.1.5.5.7.3.4' >gnutls[3]: ASSERT: name_constraints.c[gnutls_x509_crt_get_name_constraints]:470 >gnutls[3]: ASSERT: name_constraints.c[gnutls_x509_crt_get_name_constraints]:470 >gnutls[3]: ASSERT: buffers.c[get_last_packet]:1157 >gnutls[5]: REC[0x563978e7ef50]: SSL 3.3 Handshake packet received. Epoch 0, length: 333 >gnutls[5]: REC[0x563978e7ef50]: Expected Packet Handshake(22) >gnutls[5]: REC[0x563978e7ef50]: Received Packet Handshake(22) with length: 333 >gnutls[5]: REC[0x563978e7ef50]: Decrypted Packet[2] Handshake(22) with length: 333 >gnutls[4]: HSK[0x563978e7ef50]: SERVER KEY EXCHANGE (12) was received. Length 329[329], frag offset 0, frag length: 329, sequence: 0 >gnutls[2]: received curve SECP256R1 >gnutls[4]: HSK[0x563978e7ef50]: Selected group SECP256R1 (2) >gnutls[4]: HSK[0x563978e7ef50]: verify TLS 1.2 handshake data: using RSA-SHA512 >gnutls[3]: ASSERT: buffers.c[get_last_packet]:1157 >gnutls[5]: REC[0x563978e7ef50]: SSL 3.3 Handshake packet received. Epoch 0, length: 781 >gnutls[5]: REC[0x563978e7ef50]: Expected Packet Handshake(22) >gnutls[5]: REC[0x563978e7ef50]: Received Packet Handshake(22) with length: 781 >gnutls[5]: REC[0x563978e7ef50]: Decrypted Packet[3] Handshake(22) with length: 781 >gnutls[4]: HSK[0x563978e7ef50]: CERTIFICATE REQUEST (13) was received. Length 773[777], frag offset 0, frag length: 773, sequence: 0 >gnutls[4]: EXT[0x563978e7ef50]: rcvd signature algo (6.1) RSA-SHA512 >gnutls[4]: EXT[0x563978e7ef50]: rcvd signature algo (6.3) ECDSA-SHA512 >gnutls[4]: EXT[0x563978e7ef50]: rcvd signature algo (5.1) RSA-SHA384 >gnutls[4]: EXT[0x563978e7ef50]: rcvd signature algo (5.3) ECDSA-SHA384 >gnutls[4]: EXT[0x563978e7ef50]: rcvd signature algo (4.1) RSA-SHA256 >gnutls[4]: EXT[0x563978e7ef50]: rcvd signature algo (4.3) ECDSA-SHA256 >gnutls[4]: EXT[0x563978e7ef50]: rcvd signature algo (2.1) RSA-SHA1 >gnutls[3]: Peer requested CA: C=RU,O=Billing Systems Ltd,OU=Project Department,CN=ACQ Global CA >gnutls[3]: ASSERT: buffers.c[get_last_packet]:1157 >gnutls[4]: HSK[0x563978e7ef50]: SERVER HELLO DONE (14) was received. Length 0[0], frag offset 0, frag length: 1, sequence: 0 >gnutls[3]: ASSERT: buffers.c[_gnutls_handshake_io_recv_int]:1395 >gnutls[4]: HSK[0x563978e7ef50]: CERTIFICATE was queued [1459 bytes] >gnutls[4]: HSK[0x563978e7ef50]: CLIENT KEY EXCHANGE was queued [70 bytes] >gnutls[2]: sign handshake cert vrfy: picked RSA-SHA512 >gnutls[4]: HSK[0x563978e7ef50]: CERTIFICATE VERIFY was queued [264 bytes] >gnutls[4]: REC[0x563978e7ef50]: Sent ChangeCipherSpec >gnutls[5]: REC[0x563978e7ef50]: Initializing epoch #1 >gnutls[5]: REC[0x563978e7ef50]: Epoch #1 ready >gnutls[4]: HSK[0x563978e7ef50]: Cipher Suite: GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384 >gnutls[4]: HSK[0x563978e7ef50]: Initializing internal [write] cipher sessions >gnutls[4]: HSK[0x563978e7ef50]: recording tls-unique CB (send) >gnutls[4]: HSK[0x563978e7ef50]: FINISHED was queued [16 bytes] >gnutls[5]: REC[0x563978e7ef50]: Preparing Packet Handshake(22) with length: 1459 and min pad: 0 >gnutls[5]: REC[0x563978e7ef50]: Sent Packet[2] Handshake(22) in epoch 0 and length: 1464 >gnutls[5]: REC[0x563978e7ef50]: Preparing Packet Handshake(22) with length: 70 and min pad: 0 >gnutls[5]: REC[0x563978e7ef50]: Sent Packet[3] Handshake(22) in epoch 0 and length: 75 >gnutls[5]: REC[0x563978e7ef50]: Preparing Packet Handshake(22) with length: 264 and min pad: 0 >gnutls[5]: REC[0x563978e7ef50]: Sent Packet[4] Handshake(22) in epoch 0 and length: 269 >gnutls[5]: REC[0x563978e7ef50]: Preparing Packet ChangeCipherSpec(20) with length: 1 and min pad: 0 >gnutls[5]: REC[0x563978e7ef50]: Sent Packet[5] ChangeCipherSpec(20) in epoch 0 and length: 6 >gnutls[5]: REC[0x563978e7ef50]: Preparing Packet Handshake(22) with length: 16 and min pad: 0 >gnutls[5]: REC[0x563978e7ef50]: Sent Packet[1] Handshake(22) in epoch 1 and length: 45 >gnutls[5]: REC[0x563978e7ef50]: SSL 3.3 ChangeCipherSpec packet received. Epoch 0, length: 1 >gnutls[5]: REC[0x563978e7ef50]: Expected Packet ChangeCipherSpec(20) >gnutls[5]: REC[0x563978e7ef50]: Received Packet ChangeCipherSpec(20) with length: 1 >gnutls[5]: REC[0x563978e7ef50]: Decrypted Packet[4] ChangeCipherSpec(20) with length: 1 >gnutls[4]: HSK[0x563978e7ef50]: Cipher Suite: GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384 >gnutls[3]: ASSERT: buffers.c[get_last_packet]:1157 >gnutls[5]: REC[0x563978e7ef50]: SSL 3.3 Handshake packet received. Epoch 0, length: 40 >gnutls[5]: REC[0x563978e7ef50]: Expected Packet Handshake(22) >gnutls[5]: REC[0x563978e7ef50]: Received Packet Handshake(22) with length: 40 >gnutls[5]: REC[0x563978e7ef50]: Decrypted Packet[0] Handshake(22) with length: 16 >gnutls[4]: HSK[0x563978e7ef50]: FINISHED (20) was received. Length 12[12], frag offset 0, frag length: 12, sequence: 0 >gnutls[5]: REC[0x563978e7ef50]: Start of epoch cleanup >gnutls[5]: REC[0x563978e7ef50]: Epoch #0 freed >gnutls[5]: REC[0x563978e7ef50]: End of epoch cleanup >Connected to HTTPS on vpn.company.com >gnutls[5]: REC[0x563978e7ef50]: Preparing Packet Application Data(23) with length: 368 and min pad: 0 >gnutls[5]: REC[0x563978e7ef50]: Sent Packet[2] Application Data(23) in epoch 1 and length: 397 >gnutls[3]: ASSERT: buffers.c[_gnutls_io_read_buffered]:589 >gnutls[3]: ASSERT: record.c[_gnutls_recv_int]:1488 >gnutls[5]: REC[0x563978e7ef50]: SSL 3.3 Application Data packet received. Epoch 0, length: 974 >gnutls[5]: REC[0x563978e7ef50]: Expected Packet Application Data(23) >gnutls[5]: REC[0x563978e7ef50]: Received Packet Application Data(23) with length: 974 >gnutls[5]: REC[0x563978e7ef50]: Decrypted Packet[1] Application Data(23) with length: 950 >gnutls[2]: system priority /etc/crypto-policies/back-ends/gnutls.config has not changed >gnutls[2]: resolved 'SYSTEM' to 'NONE:+AEAD:+SHA256:+SHA1:+SHA384:+SHA512:+GROUP-X25519:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-SECP521R1:+GROUP-FFDHE2048:+GROUP-FFDHE3072:+GROUP-FFDHE4096:+GROUP-FFDHE8192:+SIGN-ALL:-SIGN-RSA-MD5:-SIGN-DSA-SHA1:-SIGN-DSA-SHA224:-SIGN-DSA-SHA256:-SIGN-DSA-SHA384:-SIGN-DSA-SHA512:+AES-256-GCM:+AES-256-CCM:+CHACHA20-POLY1305:+CAMELLIA-256-GCM:+AES-256-CBC:+CAMELLIA-256-CBC:+AES-128-GCM:+AES-128-CCM:+CAMELLIA-128-GCM:+AES-128-CBC:+CAMELLIA-128-CBC:+ECDHE-RSA:+ECDHE-ECDSA:+RSA:+DHE-RSA:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-DTLS1.2:+VERS-DTLS1.0:+COMP-NULL:%PROFILE_LOW', next '' >gnutls[2]: selected priority string: NONE:+AEAD:+SHA256:+SHA1:+SHA384:+SHA512:+GROUP-X25519:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-SECP521R1:+GROUP-FFDHE2048:+GROUP-FFDHE3072:+GROUP-FFDHE4096:+GROUP-FFDHE8192:+SIGN-ALL:-SIGN-RSA-MD5:-SIGN-DSA-SHA1:-SIGN-DSA-SHA224:-SIGN-DSA-SHA256:-SIGN-DSA-SHA384:-SIGN-DSA-SHA512:+AES-256-GCM:+AES-256-CCM:+CHACHA20-POLY1305:+CAMELLIA-256-GCM:+AES-256-CBC:+CAMELLIA-256-CBC:+AES-128-GCM:+AES-128-CCM:+CAMELLIA-128-GCM:+AES-128-CBC:+CAMELLIA-128-CBC:+ECDHE-RSA:+ECDHE-ECDSA:+RSA:+DHE-RSA:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-DTLS1.2:+VERS-DTLS1.0:+COMP-NULL:%PROFILE_LOW:%COMPAT >gnutls[2]: added 53 ciphersuites, 11 sig algos and 8 groups into priority list >gnutls[5]: REC[0x563978e7ef50]: Preparing Packet Application Data(23) with length: 712 and min pad: 0 >gnutls[5]: REC[0x563978e7ef50]: Sent Packet[3] Application Data(23) in epoch 1 and length: 741 >gnutls[3]: ASSERT: buffers.c[_gnutls_io_read_buffered]:589 >gnutls[3]: ASSERT: record.c[_gnutls_recv_int]:1488 >gnutls[5]: REC[0x563978e7ef50]: SSL 3.3 Application Data packet received. Epoch 0, length: 1069 >gnutls[5]: REC[0x563978e7ef50]: Expected Packet Application Data(23) >gnutls[5]: REC[0x563978e7ef50]: Received Packet Application Data(23) with length: 1069 >gnutls[5]: REC[0x563978e7ef50]: Decrypted Packet[2] Application Data(23) with length: 1045 >Got CONNECT response: HTTP/1.1 200 OK >CSTP connected. DPD 30, Keepalive 20 >gnutls[5]: REC[0x563978ee9c40]: Allocating epoch #0 >gnutls[2]: added 1 ciphersuites, 0 sig algos and 0 groups into priority list >gnutls[5]: REC[0x563978ee9c40]: Allocating epoch #1 >gnutls[4]: HSK[0x563978ee9c40]: Adv. version: 1.0 >gnutls[2]: Keeping ciphersuite 00.39 (GNUTLS_DHE_RSA_AES_256_CBC_SHA1) >gnutls[4]: EXT[0x563978ee9c40]: Sending extension Safe Renegotiation (1 bytes) >gnutls[4]: EXT[0x563978ee9c40]: Sending extension Session Ticket (0 bytes) >gnutls[4]: HSK[0x563978ee9c40]: CLIENT HELLO was queued [97 bytes] >gnutls[6]: DTLS[0x563978ee9c40]: Start of flight transmission. >gnutls[6]: DTLS[0x563978ee9c40]: Sending Packet[0] fragment CLIENT HELLO(1) with length: 85, offset: 0, fragment length: 85, mtu: 1175 >gnutls[5]: REC[0x563978ee9c40]: Preparing Packet Handshake(22) with length: 97 and min pad: 0 >gnutls[5]: REC[0x563978ee9c40]: Sent Packet[1] Handshake(22) in epoch 0 and length: 110 >gnutls[3]: ASSERT: dtls.c[_dtls_transmit]:420 >Connected as 10.100.1.6, using SSL >gnutls[3]: ASSERT: buffers.c[_gnutls_io_write_flush]:696 >gnutls[3]: ASSERT: dtls.c[_dtls_transmit]:263 >gnutls[3]: ASSERT: dtls.c[_dtls_transmit]:420 >gnutls[3]: ASSERT: buffers.c[_gnutls_io_read_buffered]:589 >gnutls[3]: ASSERT: record.c[_gnutls_recv_int]:1488 >gnutls[3]: ASSERT: buffers.c[_gnutls_io_write_flush]:696 >gnutls[5]: REC[0x563978ee9c40]: SSL 1.0 Handshake packet received. Epoch 0, length: 35 >gnutls[5]: REC[0x563978ee9c40]: Expected Packet Handshake(22) >gnutls[5]: REC[0x563978ee9c40]: Received Packet Handshake(22) with length: 35 >gnutls[5]: REC[0x563978ee9c40]: Decrypted Packet[0.0] Handshake(22) with length: 35 >gnutls[4]: HSK[0x563978ee9c40]: HELLO VERIFY REQUEST (3) was received. Length 23[23], frag offset 0, frag length: 23, sequence: 0 >gnutls[6]: DTLS[0x563978ee9c40]: End of flight transmission. >gnutls[3]: ASSERT: buffers.c[_gnutls_handshake_io_recv_int]:1377 >gnutls[4]: HSK[0x563978ee9c40]: Adv. version: 1.0 >gnutls[2]: Keeping ciphersuite 00.39 (GNUTLS_DHE_RSA_AES_256_CBC_SHA1) >gnutls[4]: EXT[0x563978ee9c40]: Sending extension Safe Renegotiation (1 bytes) >gnutls[4]: EXT[0x563978ee9c40]: Sending extension Session Ticket (0 bytes) >gnutls[4]: HSK[0x563978ee9c40]: CLIENT HELLO was queued [117 bytes] >gnutls[6]: DTLS[0x563978ee9c40]: Start of flight transmission. >gnutls[6]: DTLS[0x563978ee9c40]: Sending Packet[1] fragment CLIENT HELLO(1) with length: 105, offset: 0, fragment length: 105, mtu: 1175 >gnutls[5]: REC[0x563978ee9c40]: Preparing Packet Handshake(22) with length: 117 and min pad: 0 >gnutls[5]: REC[0x563978ee9c40]: Sent Packet[2] Handshake(22) in epoch 0 and length: 130 >gnutls[3]: ASSERT: dtls.c[_dtls_transmit]:420 >gnutls[3]: ASSERT: buffers.c[_gnutls_io_read_buffered]:589 >gnutls[3]: ASSERT: record.c[_gnutls_recv_int]:1488 >gnutls[3]: ASSERT: buffers.c[_gnutls_io_write_flush]:696 >gnutls[5]: REC[0x563978ee9c40]: SSL 1.0 Handshake packet received. Epoch 0, length: 82 >gnutls[5]: REC[0x563978ee9c40]: Expected Packet Handshake(22) >gnutls[5]: REC[0x563978ee9c40]: Received Packet Handshake(22) with length: 82 >gnutls[5]: REC[0x563978ee9c40]: Decrypted Packet[0.1] Handshake(22) with length: 82 >gnutls[4]: HSK[0x563978ee9c40]: SERVER HELLO (2) was received. Length 70[70], frag offset 0, frag length: 70, sequence: 1 >gnutls[6]: DTLS[0x563978ee9c40]: End of flight transmission. >gnutls[3]: ASSERT: buffers.c[get_last_packet]:1118 >gnutls[3]: ASSERT: buffers.c[_gnutls_handshake_io_recv_int]:1377 >gnutls[3]: ASSERT: buffers.c[_gnutls_handshake_io_recv_int]:1377 >gnutls[4]: HSK[0x563978ee9c40]: Server's version: 1.0 >gnutls[4]: HSK[0x563978ee9c40]: SessionID length: 32 >gnutls[4]: HSK[0x563978ee9c40]: SessionID: ca3fa4c48ff10920a5fbb1d1e169c336b72a262d4413dfe2dcc84fc4812c8953 >gnutls[4]: HSK[0x563978ee9c40]: Allowing unsafe initial negotiation >gnutls[5]: REC[0x563978ee9c40]: SSL 1.0 ChangeCipherSpec packet received. Epoch 0, length: 3 >gnutls[5]: REC[0x563978ee9c40]: Expected Packet ChangeCipherSpec(20) >gnutls[5]: REC[0x563978ee9c40]: Received Packet ChangeCipherSpec(20) with length: 3 >gnutls[5]: REC[0x563978ee9c40]: Decrypted Packet[0.2] ChangeCipherSpec(20) with length: 3 >gnutls[5]: REC[0x563978ee9c40]: Initializing epoch #1 >gnutls[5]: REC[0x563978ee9c40]: Epoch #1 ready >gnutls[4]: HSK[0x563978ee9c40]: Cipher Suite: GNUTLS_DHE_RSA_AES_256_CBC_SHA1 >gnutls[3]: ASSERT: buffers.c[get_last_packet]:1161 >gnutls[5]: REC[0x563978ee9c40]: SSL 1.0 Handshake packet received. Epoch 1, length: 64 >gnutls[5]: REC[0x563978ee9c40]: Expected Packet Handshake(22) >gnutls[5]: REC[0x563978ee9c40]: Received Packet Handshake(22) with length: 64 >gnutls[5]: REC[0x563978ee9c40]: Decrypted Packet[1.0] Handshake(22) with length: 24 >gnutls[4]: HSK[0x563978ee9c40]: FINISHED (20) was received. Length 12[12], frag offset 0, frag length: 12, sequence: 3 >gnutls[4]: HSK[0x563978ee9c40]: recording tls-unique CB (recv) >gnutls[4]: REC[0x563978ee9c40]: Sent ChangeCipherSpec >gnutls[4]: HSK[0x563978ee9c40]: Cipher Suite: GNUTLS_DHE_RSA_AES_256_CBC_SHA1 >gnutls[4]: HSK[0x563978ee9c40]: Initializing internal [write] cipher sessions >gnutls[4]: HSK[0x563978ee9c40]: FINISHED was queued [24 bytes] >gnutls[6]: DTLS[0x563978ee9c40]: Start of flight transmission. >gnutls[6]: DTLS[0x563978ee9c40]: Sending Packet[2] fragment CHANGE CIPHER SPEC(254), mtu 1135 >gnutls[5]: REC[0x563978ee9c40]: Preparing Packet ChangeCipherSpec(20) with length: 3 and min pad: 0 >gnutls[5]: REC[0x563978ee9c40]: Sent Packet[3] ChangeCipherSpec(20) in epoch 0 and length: 16 >gnutls[6]: DTLS[0x563978ee9c40]: Sending Packet[3] fragment FINISHED(20) with length: 12, offset: 0, fragment length: 12, mtu: 1135 >gnutls[5]: REC[0x563978ee9c40]: Preparing Packet Handshake(22) with length: 24 and min pad: 0 >gnutls[5]: REC[0x563978ee9c40]: Sent Packet[1] Handshake(22) in epoch 1 and length: 77 >gnutls[6]: DTLS[0x563978ee9c40]: Initializing timer for handshake state. >gnutls[5]: REC[0x563978ee9c40]: Start of epoch cleanup >gnutls[5]: REC[0x563978ee9c40]: Note inactive epoch 0 has 1 users >gnutls[5]: REC[0x563978ee9c40]: End of epoch cleanup >gnutls[3]: ASSERT: dh-session.c[gnutls_dh_get_prime_bits]:319 >Established DTLS connection (using GnuTLS). Ciphersuite (DTLS0.9)-(DHE-CUSTOM4294967237)-(AES-256-CBC)-(SHA1). >gnutls[5]: REC[0x563978ee9c40]: Preparing Packet Application Data(23) with length: 1403 and min pad: 0 >gnutls[5]: REC[0x563978ee9c40]: Sent Packet[2] Application Data(23) in epoch 1 and length: 1453 >gnutls[3]: ASSERT: buffers.c[_gnutls_io_read_buffered]:589 >gnutls[3]: ASSERT: record.c[_gnutls_recv_int]:1488 >gnutls[3]: ASSERT: buffers.c[_gnutls_io_read_buffered]:589 >gnutls[3]: ASSERT: record.c[_gnutls_recv_in_buffers]:1187 >gnutls[3]: ASSERT: record.c[_gnutls_recv_int]:1488 >Failed to read from SSL socket: The transmitted packet is too large (EMSGSIZE). >Failed to recv DPD request (1402) >gnutls[3]: ASSERT: buffers.c[_gnutls_io_read_buffered]:589 >gnutls[3]: ASSERT: record.c[_gnutls_recv_int]:1488 >gnutls[3]: ASSERT: buffers.c[_gnutls_io_read_buffered]:589 >gnutls[3]: ASSERT: record.c[_gnutls_recv_int]:1488 >gnutls[3]: ASSERT: buffers.c[_gnutls_io_read_buffered]:589 >gnutls[3]: ASSERT: record.c[_gnutls_recv_int]:1488 >gnutls[3]: ASSERT: buffers.c[_gnutls_io_read_buffered]:589 >gnutls[3]: ASSERT: record.c[_gnutls_recv_int]:1488 >gnutls[5]: REC[0x563978ee9c40]: Preparing Packet Application Data(23) with length: 49 and min pad: 0 >gnutls[5]: REC[0x563978ee9c40]: Sent Packet[3] Application Data(23) in epoch 1 and length: 109 >gnutls[3]: ASSERT: buffers.c[_gnutls_io_read_buffered]:589 >gnutls[3]: ASSERT: record.c[_gnutls_recv_int]:1488 >^Cgnutls[3]: ASSERT: buffers.c[_gnutls_io_read_buffered]:589 >gnutls[3]: ASSERT: record.c[_gnutls_recv_int]:1488 >gnutls[3]: ASSERT: buffers.c[_gnutls_io_read_buffered]:589 >gnutls[3]: ASSERT: record.c[_gnutls_recv_int]:1488 >Send BYE packet: Aborted by caller >gnutls[5]: REC[0x563978e7ef50]: Preparing Packet Application Data(23) with length: 26 and min pad: 0 >gnutls[5]: REC[0x563978e7ef50]: Sent Packet[4] Application Data(23) in epoch 1 and length: 55 >User cancelled (SIGINT); exiting. >gnutls[5]: REC[0x563978e7ef50]: Start of epoch cleanup >gnutls[5]: REC[0x563978e7ef50]: End of epoch cleanup >gnutls[5]: REC[0x563978e7ef50]: Epoch #1 freed >gnutls[5]: REC[0x563978ee9c40]: Start of epoch cleanup >gnutls[5]: REC[0x563978ee9c40]: Note inactive epoch 0 has 1 users >gnutls[5]: REC[0x563978ee9c40]: End of epoch cleanup >gnutls[5]: REC[0x563978ee9c40]: Epoch #0 freed >gnutls[5]: REC[0x563978ee9c40]: Epoch #1 freed >[kostousov-ds@irtysh 20:36:14]~(0)% rpm -qa p11\* pcsc\* opensc\* gnutls\* openconnect\* >gnutls-3.6.2-1.fc28.x86_64 >gnutls-dane-3.6.2-1.fc28.x86_64 >p11-kit-trust-0.23.10-1.fc28.x86_64 >pcsc-lite-libs-1.8.23-2.fc28.x86_64 >p11-kit-0.23.10-1.fc28.x86_64 >opensc-0.17.0-10.fc28.x86_64 >openconnect-7.08-7.fc28.x86_64 >gnutls-utils-3.6.2-1.fc28.x86_64 >pcsc-lite-1.8.23-2.fc28.x86_64 >pcsc-lite-ccid-1.4.29-1.fc28.x86_64 >[kostousov-ds@irtysh 20:36:31]~(0)% >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=1443406">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 1577572
:
1436073
|
1436219
|
1436638
|
1436640
|
1437472
|
1437774
|
1438050
|
1438051
|
1438052
|
1438989
|
1438990
|
1442008
| 1443406 |
1445372