Agent 6 TLS

[p-0''0-h the cat (coder)]

Anyone know what version of TLS Agent v6 uses and/or what ciphers it
supports?

Cunning plans to work it out would also be well received.

Sent from my iFurryUnderbelly.

--
p-0.0-h the cat

Internet Terrorist, Mass sock puppeteer, Agent provocateur, Gutter rat,
Devil incarnate, Linux user#666, BaStarD hacker, Resident evil, Monkey Boy,
Certifiable criminal, Spineless cowardly scum, textbook Psychopath,
the SCOURGE, l33t p00h d3 tr0ll, p00h == lam3r, p00h == tr0ll, troll infâme,
the OVERCAT [The BEARPAIR are dead, and we are its murderers], lowlife troll,
shyster [pending approval by STATE_TERROR], cripple, sociopath, kook,
smug prick, smartarse, arsehole, moron, idiot, imbecile, snittish scumbag,
liar, total ******* retard, shill, pooh-seur, scouringerer, jumped up chav,
punk ass dole whore troll, no nothing innumerate religious maniac,
lycanthropic schizotypal lesbian, the most complete ignoid, joker, and furball.

NewsGroups Numbrer One Terrorist

Honorary SHYSTER and FRAUD awarded for services to Haberdashery.
By Appointment to God Frank-Lin.

Signature integrity check
md5 Checksum: be0b2a8c486d83ce7db9a459b26c4896

I mark any message from »Q« the troll as stinky

[Ralph Fox]

On Sat, 19 Oct 2019 12:15:32 +0100, p-0''0-h the cat (coder) wrote:

>
> Anyone know what version of TLS Agent v6 uses and/or what ciphers it
> supports?
>
> Cunning plans to work it out would also be well received.

You will get different versions of TLS in different versions of Windows.
Agent (3.2+) uses whatever the Windows SSL library "schannel.dll" supports
in whatever version of Windows you are running. (To see what your version
of Windows supports, go to "Control Panel >> Internet Options >> Advanced",
and scroll down to the check-boxes "Use SSL 3.0", "Use TLS 1.0", etc.)

Unless, that is, you have messed with the AGENT.INI setting "[Online]
AllowedSSLProtocols=". Messing with this setting cannot add options
which schannel.dll does not support, it can only take options away.
The bit values of this AGENT.INI setting match the 'client' bits in the
'grbitEnabledProtocols' field of the Windows SCHANNEL_CRED structure.
<https://docs.microsoft.com/en-us/windows/win32/api/schannel/ns-schannel-schannel_cred>

The default AGENT.INI setting is AllowedSSLProtocols=0 which supports
whatever your version of Windows does.


> BaStarD hacker

If you are running Agent in BSD using Wine, then it will depend on
Wine's replacement for Windows' "schannel.dll".

Wine bug 14797 means your Agent might not get any TLS or SSL at all
under Wine. See comment #42 in Wine bug 14797:
<https://bugs.winehq.org/show_bug.cgi?id=14797#c42>



--
Kind regards
Ralph

[p-0''0-h the cat (coder)]

Hi Ralph, Thank you for your reply. I'm having an issue with mixmin. See
this thread if you are interested.

Message-ID: <1107qel7snth7phle...@4ax.com>

Everything here is at defaults. Windows 10

[p-0''0-h the cat (coder)]

On Sat, 19 Oct 2019 14:37:41 -0400, Dennis Lee Bieber
<wlf...@ix.netcom.com> wrote:

>On Sat, 19 Oct 2019 12:15:32 +0100, "p-0''0-h the cat (coder)"

><super...@fluffyunderbelly.invalid> declaimed the following:

>
>>
>>Anyone know what version of TLS Agent v6 uses and/or what ciphers it
>>supports?
>>
>

> Agent 6 was released fall of 2009.
> TLS1.2 was defined in fall of 2008
>
> Odds are good that it supports TLS1.1, it may have been updated for
>TLS1.2 (presuming Agent itself provides the TLS support and is not using a
>M$ DLL for such -- Agent 3.2 is when the original SSL support was added,
>and it relied upon Internet Explorer v5, which may indicate Agent uses a M$
>library).
>
> Running Wireshark to capture Agent transactions might reveal what TLS
>protocol was invoked.

Hi Dennis, Thank you for your reply. I'm having an issue with mixmin.

See this thread if you are interested.

Message-ID: <1107qel7snth7phle...@4ax.com>

Wireshark, good idea. I'll try that later.



> I tried two different dependency analyzers but both are taking way too
>long to evaluate what libraries are imported.

[Ralph Fox]

I suspect there is something broken in the TLS version negotiation.


I can connect to mixmin When the AGENT.INI setting AllowedSSLProtocols
is set to 2048 to force Agent to use only TLS1.2. Also when
AllowedSSLProtocols is set to 2560 to force Agent to use only TLS1.1 or
TLS1.2. That may be a fix for you.


When AllowedSSLProtocols is set to 0 (the default) to let Agent use any
version of TLS supported by Windows, then I get "Unable to negotiate an SSL
connection with server news.mixmin.net (error 80090302)."

Looking at the data when it fails, it appears that the mixmin server
rejects the initial TLS ClientHello message [1][2] from Agent.


REFS

[1] <https://tls.ulfheim.net/>
[2] <https://www.ibm.com/support/knowledgecenter/en/SSFKSJ_7.1.0/com.ibm.mq.doc/sy10660_.htm>



--
Kind regards
Ralph

[p-0''0-h the cat (coder)]

2560 works for mixmin and also aioe which worked previously on 0

Both use port 563

It doesn't work for albasani which did work previously on 0

New error

"Unable to negotiate an SSL connection with server

reader.albasani.net (error 80090331)."

However, albasani uses port 443 so I guess it's using SSL and I need to
alter/add to the AllowedSSLProtocols number which I assume is bitwise?

Do you have details of how this variable is formed? I Googled but failed
to find anything.

Thanks for this. You have won the highly coveted golden paw award.

>When AllowedSSLProtocols is set to 0 (the default) to let Agent use any
>version of TLS supported by Windows, then I get "Unable to negotiate an SSL
>connection with server news.mixmin.net (error 80090302)."
>
>Looking at the data when it fails, it appears that the mixmin server
>rejects the initial TLS ClientHello message [1][2] from Agent.
>
>
>REFS
>
>[1] <https://tls.ulfheim.net/>
>[2] <https://www.ibm.com/support/knowledgecenter/en/SSFKSJ_7.1.0/com.ibm.mq.doc/sy10660_.htm>

[Ralph Fox]

Sure. See my first reply, which has a reference.

> Thanks for this. You have won the highly coveted golden paw award.
>
>
>> When AllowedSSLProtocols is set to 0 (the default) to let Agent use any
>> version of TLS supported by Windows, then I get "Unable to negotiate an SSL
>> connection with server news.mixmin.net (error 80090302)."
>>
>> Looking at the data when it fails, it appears that the mixmin server
>> rejects the initial TLS ClientHello message [1][2] from Agent.
>>
>>
>> REFS
>>
>> [1] <https://tls.ulfheim.net/>
>> [2] <https://www.ibm.com/support/knowledgecenter/en/SSFKSJ_7.1.0/com.ibm.mq.doc/sy10660_.htm>
>
> Sent from my iFurryUnderbelly.


--

Kind regards
Ralph

[p-0''0-h the cat (coder)]

Ah! I wasn't paying attention. It turns out albasani is using TLS 1 so
for the record the magic number is now 2688

>> Thanks for this. You have won the highly coveted golden paw award.
>>
>>
>>> When AllowedSSLProtocols is set to 0 (the default) to let Agent use any
>>> version of TLS supported by Windows, then I get "Unable to negotiate an SSL
>>> connection with server news.mixmin.net (error 80090302)."
>>>
>>> Looking at the data when it fails, it appears that the mixmin server
>>> rejects the initial TLS ClientHello message [1][2] from Agent.
>>>
>>>
>>> REFS
>>>
>>> [1] <https://tls.ulfheim.net/>
>>> [2] <https://www.ibm.com/support/knowledgecenter/en/SSFKSJ_7.1.0/com.ibm.mq.doc/sy10660_.htm>
>>
>> Sent from my iFurryUnderbelly.

Sent from my iFurryUnderbelly.

--