RE: Encrypted Alert: printer on Windows XP vs 2008

[Dave Thompson]

> From: owner-ope...@openssl.org On Behalf Of Nilotpal De
> Sent: Thursday, 11 August, 2011 02:29

> This is my first mail to this Group. Consider me a novice in Openssl
> since I am just getting used to the API's and understanding the behavior.

> I am facing one problem. We have an MFP/Printer which acts as a client
> and is trying to connect to a server through a Secure device. When the
> client is connected to a Win XP machine(server), then it works fine. But
> the same client when connected to a Windows 2k8 Server, is not able to
> complete the SSL handshake.

What do you mean 'through a Secure device' -- what is actually connecting?
You mention APIs; is this a program you wrote or otherwise have source to?

> The flow is as follows in case of Windows XP :
<snip normal handshake, appdata both ways, alert both ways, FIN, repeat>

Those 'Encrypted Alert's are most likely 'close' which is completely
normal. Although we can't be certain because they're encrypted.

> The flow is as follows in case of Windows 2k8 :
<snip normal handshake>
> Client sends Application Data, Application Data.(TLSv1)
> [Different from Win XP flow]
> Server sends Encrypted Alert.(TLSv1)
> Client sends Encrypted Alert.(TLSv1)
> Client sends FIN,ACK.
> Server sends ACK
> Client sends RST,ACK and the connection closes.

The SSL handshake completed just fine; the 'Change Cipher Spec'
and 'Encrypted Handshake Message' (which is actually Finished)
in both directions, not followed immediately by an abort due to
misverify on the Finished, is the end of the handshake.
There is something different about the *application* data,
and since it's encrypted we can't look at that difference.

> I am not able to figure out why(in case of Win 2k8) the Client
> is sending Application Data twice and the server is not sending back
> any data but only encryption alert.
> And why is the connection not starting again.

The alert might be an actual SSL-level problem, or just a close,
but this time a server-initiated close, which might well be
abnormal at the application level.

What software is receiving this connection on the Windows end?
A Microsoft driver, an OEM driver, something else? Does it log
any useful info anywhere? Always try the Windows event logs
to start, and files in %windir% and %temp%. Some software
logs other places like root, under appdata, or even in
programfiles although Vista/2008+ discourages that.

You say the client is an MFP/Printer; devices in that class
typically don't display much detail on their (limited) UIs,
and I'm assuming if yours did you would have provided it.
Does it have any kind of 'remote' or 'network' admin feature
you can look at? Some do; it varies all across the board.

If you can control the cipher configuration, you might get
SSL to negotiate an 'eNULL' suite (with no data encryption)
and then your trace is readable. However, this is usually
prohibited by default, precisely because it is not secure,
so you would need to configure both ends, and this level
of control is very rare on devices, and not common on
'mass market' software not focussed on security.

If the server (Windows) is using or can use a 'kaRSA' suite
and you have or can get a copy of its private key (perhaps a
temporary one) and you trace with Wireshark, it reportedly
can use that private key to decrypt the data (and alert).
Using kaRSA is probably easy; it's often the default, and
almost always supported. Getting the key might be harder.
If the program uses the normal Windows keystore you might
or might not be able to export the key depending on how it
was created, but if not you can probably replace it with
a key you generated (easy to do with OpenSSL), if you have
control of the PC (e.g. it's not someone else's server).
If the program uses its own keystore, who knows.

______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openss...@openssl.org
Automated List Manager majo...@openssl.org

[Frank Downing]

Epson is one of the most well known brands with regards to sublimation printing, and their printers are viable with various inks.

Source: https://www.printersjet.com/7-best-sublimation-inks-for-epson-and-sawgrass-printers/

[Yami San]

Sharjah is regarded as one of the most prosperous cities in the world. There are, however, a sizable number of locals who are looking for a Cheap Storage Sharjah alternative.https://expertmover.ae/sharjah-storage-services

[James Loius]

On Sunday, December 18, 2022 at 8:22:05 AM UTC-8, Yami San wrote:
> Sharjah is regarded as one of the most prosperous cities in the world. There are, however, a sizable number of locals who are looking for a Cheap Storage Sharjah alternative.https://expertmover.ae/sharjah-storage-services

A funeral service, whether traditional or more modern (memorial service or celebration-of-life), has two functions: to acknowledge the death and lifetime achievements of an individual and to bring grieving family members and friends together in support of one another during this difficult time. So, we provides a best funerals services in Gold Coast Brisbane.
Read More : https://www.solacefamilyfunerals.com.au/goldcoastfunerals

[Colin Reigns]

Hello Guys. I am felling very anxious after visiting this web. I got very informational knowledge from here. I am very fond reading about traveling blogs. Such site impressed me a lot. Recently i read a blog from isle of luing. Visit for more information: https://isle-of-luing.com/

[stat apk]

Are You Still Using Windows Xp?
Also Visit This Website https://apkshelf.net/

[Robert Rodriguez]

Back then, salmon was not just a delicacy, but a welcome addition to little people's menus. No wonder, because it is very nutritious, if a bit fatty.
https://genuss-suche.de/super-food/sind-datteln-gesund-ja-datteln-gehoeren-zum-superfood/

[Colin Reigns]

Wood Touch Us is a renowned website in New Jersey, offering exceptional wooden services that enhance outdoor spaces. They excel in crafting custom pergolas, transforming ordinary landscapes into inviting retreats. With their expertise, they bring clients' visions to life, creating pergolas that perfectly suit their preferences and requirements. Recently, Wood Touch Us built me a stunning custom pergola, blending functionality and aesthetics seamlessly. Their dedication to quality and attention to detail make them the ideal choice for anyone seeking a remarkable wooden structure for their outdoor oasis. For More Information Visit: https://woodtouchus.com/pergolas/

[solacefamily funerals]

Service Zone is a premier Home Services Provider in Dubai, catering to the diverse needs of residents in the city. With a team of highly skilled and experienced professionals, they offer a wide range of services including plumbing, electrical work, carpentry, painting, and AC maintenance. Their commitment to quality, reliability, and customer satisfaction sets them apart in the industry. Service Zone takes pride in their prompt response times and efficient service delivery, ensuring that every customer's home service needs are met with utmost professionalism. Trust Service Zone for all your home service requirements in Dubai. https://servicezone.ae/

[Robert Rodriguez]

In any case, the Master's Home is not even remotely recognizable as a BDSM studio or anything like that from the outside.
https://louisa-escort.de

[Pest clean]

Thrilled with the results from https://pestclean.ae/! Their pest control services swiftly cleared out pests, ensuring a comfortable and hygienic space. A top-notch choice for effective pest management.

[John Alles]

The certificate of rental suitability is a valuable document ensuring tenant safety and compliance in Philadelphia. Rental companies should prioritize this requirement for a transparent and secure renting experience. https://philadelphiapropertymanagementsolution.com/philadelphia-rental-property-owner-faq/what-licenses-do-i-need-to-own-a-rental-property-in-philadelphia/

[John Alles]

On Tuesday, 18 April 2023 at 17:51:06 UTC-7, stat apk wrote:
> Are You Still Using Windows Xp?
> Also Visit This Website https://apkshelf.net/

https://philadelphiapropertymanagementsolution.com/philadelphia-rental-property-owner-faq/what-licenses-do-i-need-to-own-a-rental-property-in-philadelphia/