とりあえずprivate keyと自己署名したcertificationを用意してOpenssl付属のSSLサーバーテストアプリを立ち上げ、玄箱側からSSLクライアントテストアプリで接続してうまくいくか確認してみた。
結果は成功。暗号化のためのKey Exchangeシーケンスにえらく時間がかかる点を除けばSSL通信は実用になる範囲。
以下はサーバー(H8)側のログ
引用:
s_server -key /etc/server.key -cert /etc/server.pem -state -debug
warning, not much extra random data, consider using the -rand option
Using default temp DH parameters
ACCEPT
bad gethostbyaddr
SSL_accept:before/accept initialization
read from 007573A4 [00700004] (11 bytes => 11 (0xB))
0000 - 80 7a 01 03 01 00 51 .z....Q
000b - <SPACES/NULS>
read from 007573A4 [0070000F] (113 bytes => 113 (0x71))
0000 - 00 00 16 00 00 13 00 00-0a 07 00 c0 00 00 66 00 ..............f.
0010 - 00 05 00 00 04 03 00 80-01 00 80 08 00 80 00 00 ................
0020 - 65 00 00 64 00 00 63 00-00 62 00 00 61 00 00 60 e..d..c..b..a..`
0030 - 00 00 15 00 00 12 00 00-09 06 00 40 00 00 14 00 ...........@....
0040 - 00 11 00 00 08 00 00 06-00 00 03 04 00 80 02 00 ................
0050 - 80 b8 b4 b9 91 5c 25 9c-e2 c3 83 b4 29 36 d9 95 .....\%.....)6..
0060 - ad de da c8 16 bd 8d 4d-2d b8 8a 05 61 54 7a 5b .......M-...aTz[
0070 - 0a .
SSL_accept:SSLv3 read client hello A
write to 007573A4 [007CA004] (79 bytes => 79 (0x4F))
0000 - 16 03 01 00 4a 02 00 00-46 03 01 38 43 25 00 9c ....J...F..8C%..
0010 - 36 6e 00 38 5d 2d 5d c1-71 50 9b 3a 96 bb 0f c7 6n.8]-].qP.:....
0020 - 0c fb 2a d5 e4 7d 4f d0-a4 2f 1a 20 8e 83 a5 3e ..*..}O../. ...>
0030 - 71 7a 18 ae 9e 34 c2 cb-6f f9 94 39 55 5e 6f 60 qz...4..o..9U^o`
0040 - cc a0 6e bf 7c ab 58 3f-58 0e c6 e0 00 0a ..n.|.X?X.....
004f - <SPACES/NULS>
SSL_accept:SSLv3 write server hello A
write to 007573A4 [007CA004] (532 bytes => 532 (0x214))
0000 - 16 03 01 02 0f 0b 00 02-0b 00 02 08 00 02 05 30 ...............0
0010 - 82 02 01 30 82 01 6a 02-09 00 f2 c0 01 1b 02 81 ...0..j.........
0020 - 20 13 30 0d 06 09 2a 86-48 86 f7 0d 01 01 05 05 .0...*.H.......
0030 - 00 30 45 31 0b 30 09 06-03 55 04 06 13 02 41 55 .0E1.0...U....AU
0040 - 31 13 30 11 06 03 55 04-08 13 0a 53 6f 6d 65 2d 1.0...U....Some-
0050 - 53 74 61 74 65 31 21 30-1f 06 03 55 04 0a 13 18 State1!0...U....
0060 - 49 6e 74 65 72 6e 65 74-20 57 69 64 67 69 74 73 Internet Widgits
0070 - 20 50 74 79 20 4c 74 64-30 1e 17 0d 30 35 31 32 Pty Ltd0...0512
0080 - 32 34 31 38 34 38 32 34-5a 17 0d 30 36 31 32 32 24184824Z..06122
0090 - 34 31 38 34 38 32 34 5a-30 45 31 0b 30 09 06 03 4184824Z0E1.0...
00a0 - 55 04 06 13 02 41 55 31-13 30 11 06 03 55 04 08 U....AU1.0...U..
00b0 - 13 0a 53 6f 6d 65 2d 53-74 61 74 65 31 21 30 1f ..Some-State1!0.
00c0 - 06 03 55 04 0a 13 18 49-6e 74 65 72 6e 65 74 20 ..U....Internet
00d0 - 57 69 64 67 69 74 73 20-50 74 79 20 4c 74 64 30 Widgits Pty Ltd0
00e0 - 81 9f 30 0d 06 09 2a 86-48 86 f7 0d 01 01 01 05 ..0...*.H.......
00f0 - 00 03 81 8d 00 30 81 89-02 81 81 00 a5 6f 1c ca .....0.......o..
0100 - bd 14 0d ed 25 85 fb e0-70 0c 4b 58 b2 e6 01 80 ....%...p.KX....
0110 - 61 67 db 34 97 43 9a bf-21 0f cd c1 2b fd dd b0 ag.4.C..!...+...
0120 - 7b a6 29 a1 e5 9f 02 bf-0d 05 80 32 82 57 f7 a8 {.)........2.W..
0130 - d6 71 d0 aa 82 dc 35 1c-e0 3f dc 5c fe 72 e1 21 .q....5..?.\.r.!
0140 - 42 18 a2 c9 e7 49 e6 bb-a7 48 9c f5 80 58 03 6b B....I...H...X.k
0150 - 2f 90 9f 4e 0b 45 42 0d-ca a9 be 8b c9 66 7b 3b /..N.EB......f{;
0160 - 25 9a 4e c6 f5 b2 98 80-db ca 19 a8 9b ff ba 11 %.N.............
0170 - 99 35 88 93 cf 71 b7 09-93 1b 89 b1 02 03 01 00 .5...q..........
0180 - 01 30 0d 06 09 2a 86 48-86 f7 0d 01 01 05 05 00 .0...*.H........
0190 - 03 81 81 00 73 45 ca b9-30 c5 c5 14 34 6e a2 16 ....sE..0...4n..
01a0 - 64 c5 12 69 44 ea ab 54-cc e1 c4 a0 8a 76 d0 a2 d..iD..T.....v..
01b0 - 04 74 21 fc b8 7f 3b 92-91 c4 57 1f ec 7f e9 f6 .t!...;...W.....
01c0 - 6e 30 3f 16 c7 1a f8 0f-ad 2a 8b d2 0b b6 77 dc n0?......*....w.
01d0 - d1 6d 82 0e 33 74 4b 55-68 f1 89 9a bc dd df fd .m..3tKUh.......
01e0 - 19 37 17 a6 73 e5 51 52-a3 cb 8e 33 ce 19 89 30 .7..s.QR...3...0
01f0 - 2a e3 c1 6d 71 79 88 29-97 3d e7 f5 af d9 2b fc *..mqy.).=....+.
0200 - 41 c2 a7 10 60 2a 72 d9-11 91 88 07 98 3a 79 62 A...`*r......:yb
0210 - 91 88 4f 89 ..O.
SSL_accept:SSLv3 write certificate A
write to 007573A4 [007CA004] (9 bytes => 9 (0x9))
0000 - 16 03 01 00 04 0e ......
0009 - <SPACES/NULS>
SSL_accept:SSLv3 write server done A
SSL_accept:SSLv3 flush data
read from 007573A4 [00700004] (5 bytes => 5 (0x5))
0000 - 16 03 01 00 86 .....
read from 007573A4 [00700009] (134 bytes => 134 (0x86))
0000 - 10 00 00 82 00 80 75 5f-a7 69 b1 35 d2 17 51 50 ......u_.i.5..QP
0010 - 6a 9b cf 61 d0 b3 92 d6-56 47 aa 69 69 01 10 da j..a....VG.ii...
0020 - 95 0c 7e f0 61 87 be fc-b5 c4 09 b5 58 b4 ba e1 ..~.a.......X...
0030 - d8 b1 de b7 41 30 b2 64-f0 95 7e c7 3c 43 ea 11 ....A0.d..~.<C..
0040 - 24 ff 0d 6f 5b ed 23 64-c6 d1 b6 a0 55 16 83 c5 $..o[.#d....U...
0050 - 31 ec d7 a1 c7 48 8a 07-ce ba 7f b8 a9 29 b8 f0 1....H.......)..
0060 - d2 1d 33 c0 b1 51 69 43-8b 52 13 1a 2d cd 78 37 ..3..QiC.R..-.x7
0070 - 31 eb e0 3c 55 be 22 1f-41 fe 65 22 a6 7c f5 e2 1..<U.".A.e".|..
0080 - b1 08 1a 2a 79 90 ...*y.
SSL_accept:SSLv3 read client key exchange A
read from 007573A4 [00700004] (5 bytes => 5 (0x5))
0000 - 14 03 01 00 01 .....
read from 007573A4 [00700009] (1 bytes => 1 (0x1))
0000 - 01 .
read from 007573A4 [00700004] (5 bytes => 5 (0x5))
0000 - 16 03 01 00 28 ....(
read from 007573A4 [00700009] (40 bytes => 40 (0x28))
0000 - 51 c9 69 9a 6e 02 e8 67-23 6a 02 4a 2d b2 21 57 Q.i.n..g#j.J-.!W
0010 - e1 ab 07 a3 84 29 4d ba-34 f6 57 ea 32 b3 94 48 .....)M.4.W.2..H
0020 - 9c 15 2c f5 e3 8b e9 fe- ..,.....
SSL_accept:SSLv3 read finished A
write to 007573A4 [007CA004] (6 bytes => 6 (0x6))
0000 - 14 03 01 00 01 01 ......
SSL_accept:SSLv3 write change cipher spec A
write to 007573A4 [007CA004] (45 bytes => 45 (0x2D))
0000 - 16 03 01 00 28 60 86 ed-3a fc 3e 5e 59 0c 71 9c ....(`..:.>^Y.q.
0010 - 4b 7f f3 83 13 eb 61 6a-7f 87 28 79 d6 f8 51 53 K.....aj..(y..QS
0020 - 9a fe 7f 0c 8c 7b 77 8f-67 c7 0d 01 32 .....{w.g...2
SSL_accept:SSLv3 write finished A
SSL_accept:SSLv3 flush data
-----BEGIN SSL SESSION PARAMETERS-----
MHUCAQECAgMBBAIACgQgjoOlPnF6GK6eNMLLb/mUOVVeb2DMoG6/fKtYP1gOxuAE
MHWIfdoZPobm7S0ikZOt/lJUh0JCaE3Z0uh+tvy47951wemKRpGy8ANYIESomSuu
a6EGAgQ4QyT/ogQCAgEspAYEBAAAAAE=
-----END SSL SESSION PARAMETERS-----
Shared ciphers:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DHE-DSS-RC4-SHA:RC4-SHA:RC4-MD5:
EXP1024-DHE-DSS-RC4-SHA:EXP1024-RC4-SHA:EXP1024-DHE-DSS-DES-CBC-SHA:EXP1024-DES-CBC-SHA:EXP1024-RC2-CB
C-MD5:EXP1024-RC4-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-
EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5
CIPHER is DES-CBC3-SHA
read from 007573A4 [00700004] (5 bytes => 5 (0x5))
0000 - 17 03 01 00 18 .....
read from 007573A4 [00700009] (24 bytes => 24 (0x18))
0000 - e6 a0 64 89 70 00 d5 79-7f aa db 89 73 18 bd 6d ..d.p..y....s..m
0010 - 65 ca 23 33 06 83 c2 c8- e.#3....
read from 007573A4 [00700004] (5 bytes => 5 (0x5))
0000 - 17 03 01 00 28 ....(
read from 007573A4 [00700009] (40 bytes => 40 (0x28))
0000 - 01 de 32 1e f3 b1 88 d4-8c 1f 33 e6 68 04 a4 2a ..2.......3.h..*
0010 - c5 4b 62 14 b9 98 62 33-82 1f 59 0b 2b 69 c8 5c .Kb...b3..Y.+i.\
0020 - 5e 56 7b e9 f4 d3 1e 98- ^V{.....
Hello World!
read from 007573A4 [00700004] (5 bytes => 5 (0x5))
0000 - 17 03 01 00 18 .....
read from 007573A4 [00700009] (24 bytes => 24 (0x18))
0000 - 65 c1 65 60 a7 ce e6 3f-41 7d 80 48 39 9a 53 2f e.e`...?A}.H9.S/
0010 - 7d f4 8d 2e 08 93 0e 19- }.......
read from 007573A4 [00700004] (5 bytes => 5 (0x5))
0000 - 17 03 01 ...
0005 - <SPACES/NULS>
read from 007573A4 [00700009] (32 bytes => 32 (0x20))
0000 - 83 3d 03 51 e5 98 15 0c-41 c2 4b f4 1e b3 df c8 .=.Q....A.K.....
0010 - 3c f8 a3 2c ee 65 d8 68-25 f3 77 7c fa ab ca f1 <..,.e.h%.w|....
OK poi
read from 007573A4 [00700004] (5 bytes => 5 (0x5))
0000 - 17 03 01 00 18 .....
read from 007573A4 [00700009] (24 bytes => 24 (0x18))
0000 - 18 cc da 1f bb 44 39 98-9f 95 6c 99 0e f9 77 d6 .....D9...l...w.
0010 - 64 0f 31 78 e8 25 3a 4a- d.1x.%:J
read from 007573A4 [00700004] (5 bytes => 5 (0x5))
0000 - 17 03 01 00 28 ....(
read from 007573A4 [00700009] (40 bytes => 40 (0x28))
0000 - ae 4d 15 d2 da fb 36 a2-de c7 db da 6e f4 53 86 .M....6.....n.S.
0010 - fd cb b2 78 89 c7 ab 0e-a3 c9 6c 3f 7b b4 9e 38 ...x......l?{..8
0020 - ad c5 f0 83 64 e5 97 35- ....d..5
openssl work!
read from 007573A4 [00700004] (5 bytes => 0 (0x0))
ERROR
shutting down SSL
CONNECTION CLOSED
ACCEPT