Figure 1 shows an example
trace of a generic server processing a secure connection. The standard
syslogd prefix information has been removed from the trace.
Trace level 255 was used to generate this trace.
11:10:25 TCPCS3 EZD1281I TTLS Map CONNID: 00000025 LOCAL: 9.42.104.156..21 REMOTE: 9.27.154.171..1271
JOBNAME: FTPD2 USERID: FTPD TYPE: InBound STATUS: Enabled RULE: ftp_serv_21
ACTIONS: grp_act1 env_act_serv **N/A** 1
11:10:28 TCPCS3 EZD1283I TTLS Event GRPID: 00000001 ENVID: 00000000 CONNID: 00000025 RC: 0
Connection Init
11:10:28 TCPCS3 EZD1282I TTLS Start GRPID: 00000001 ENVID: 00000001 CONNID: 00000000 Environment Create
ACTIONS: grp_act1 env_act_serv **N/A** 2
11:10:28 TCPCS3 EZD1283I TTLS Event GRPID: 00000001 ENVID: 00000002 CONNID: 00000000 RC: 0
Environment Master
Create 00000001
11:10:28 TCPCS3 EZD1284I TTLS Flow GRPID: 00000001 ENVID: 00000002 CONNID: 00000025 RC: 0 Call
GSK_ENVIRONMENT_OPEN - 7F1DB058
11:10:28 TCPCS3 EZD1284I TTLS Flow GRPID: 00000001 ENVID: 00000002 CONNID: 00000025 RC: 0 Set
GSK_KEYRING_FILE - FTPDsafkeyring 3
11:10:28 TCPCS3 EZD1284I TTLS Flow GRPID: 00000001 ENVID: 00000002 CONNID: 00000025 RC: 0 Set
GSK_CLIENT_AUTH_TYPE - FULL
11:10:28 TCPCS3 EZD1284I TTLS Flow GRPID: 00000001 ENVID: 00000002 CONNID: 00000025 RC: 0 Set
GSK_SESSION_TYPE - SERVER
11:10:28 TCPCS3 EZD1284I TTLS Flow GRPID: 00000001 ENVID: 00000002 CONNID: 00000025 RC: 0 Set
GSK_PROTOCOL_SSLV2 - ON
11:10:28 TCPCS3 EZD1284I TTLS Flow GRPID: 00000001 ENVID: 00000002 CONNID: 00000025 RC: 0 Set
GSK_PROTOCOL_SSLV3 - ON
11:10:28 TCPCS3 EZD1284I TTLS Flow GRPID: 00000001 ENVID: 00000002 CONNID: 00000025 RC: 0 Set
GSK_PROTOCOL_TLSV1 - ON
11:10:28 TCPCS3 EZD1284I TTLS Flow GRPID: 00000001 ENVID: 00000002 CONNID: 00000025 RC: 0 Set
GSK_IO_CALLBACK -
11:10:28 TCPCS3 EZD1284I TTLS Flow GRPID: 00000001 ENVID: 00000002 CONNID: 00000025 RC: 0 Set
GSK_SSL_HW_DETECT_MESSAGE - 1
11:10:28 TCPCS3 EZD1284I TTLS Flow GRPID: 00000001 ENVID: 00000002 CONNID: 00000025 RC: 0 Call
GSK_ENVIRONMENT_INIT - 7F1DB058
11:10:28 TCPCS3 EZD1284I TTLS Flow GRPID: 00000001 ENVID: 00000002 CONNID: 00000025 RC: 0 Set
GSK_SSL_HW_DETECT_MESSAGE - NULL
11:10:28 TCPCS3 EZD1283I TTLS Event GRPID: 00000001 ENVID: 00000002 CONNID: 00000000 RC: 0
Environment Master
Init 7F1DB058
11:10:28 TCPCS3 EZD1283I TTLS Event GRPID: 00000001 ENVID: 00000001 CONNID: 00000000 RC: 0
Environment
Link 7F1DB058 00000002
11:10:28 TCPCS3 EZD1282I TTLS Start GRPID: 00000001 ENVID: 00000001 CONNID: 00000025 Initial Handshake
ACTIONS: grp_act1 env_act_serv **N/A** HS-Server 4
11:10:28 TCPCS3 EZD1284I TTLS Flow GRPID: 00000001 ENVID: 00000001 CONNID: 00000025 RC: 0 Call
GSK_SECURE_SOCKET_OPEN - 7F0CA118
11:10:28 TCPCS3 EZD1284I TTLS Flow GRPID: 00000001 ENVID: 00000001 CONNID: 00000025 RC: 0 Set
GSK_FD - 00000025
11:10:28 TCPCS3 EZD1284I TTLS Flow GRPID: 00000001 ENVID: 00000001 CONNID: 00000025 RC: 0 Set
GSK_USER_DATA - 7F1DB330
11:10:28 TCPCS3 EZD1285I TTLS Data CONNID: 00000025 RECV CIPHER 807A010301 5
11:10:28 TCPCS3 EZD1285I TTLS Data CONNID: 00000025 RECV CIPHER
00510000002000000401008000000500002F000033000032
00000A0700C00000160000130000090600400000150000120000030200800000080000140000110000010000
0200001800003400001B00001A00001700001941E69D75F7DCB55234895D884B271253A522E4BE211250F546
4FE5C5AB980FBD
11:10:28 TCPCS3 EZD1285I TTLS Data CONNID: 00000025 SEND CIPHER
160301029002000046030141E69D753469372857A71168D9
9D7B93AD6CC30F6F6BDF7F774929CD4D2E8E2A2000000026091B9AAB04F70000000000000000000000000000
41E69D75000000010005000B00023E00023B000238308202343082019DA003020102020100300D06092A8648
86F70D0101050500302E310B30090603550406130275733110300E060355040B130774657374696E67310D30
0B0603550403130446545044301E170D30343038303930343030305A170D3035303831303 6
11:10:28 TCPCS3 EZD1285I TTLS Data CONNID: 00000025 RECV CIPHER 1603010086
11:10:28 TCPCS3 EZD1285I TTLS Data CONNID: 00000025 RECV CIPHER
10000082008037A6573A4C160A8C0810C542A1CEB73A9FF5
899D767711EF3BF86D4C2D2743837AA4D5E247DE35F79C8A71A9E6A18DF8CC845D5E0F8F386DF84D746A4004
B641C14DD7A002FAC5538ED52E3194C2ADE6010381BFC70D1CA6D9F34EDC0F345F0A015575A6C9D85602B1BF
2877760BA91FC6296625A16A274426112C65DB7A2685
11:10:29 TCPCS3 EZD1285I TTLS Data CONNID: 00000025 RECV CIPHER 1403010001
11:10:29 TCPCS3 EZD1285I TTLS Data CONNID: 00000025 RECV CIPHER 01
11:10:29 TCPCS3 EZD1285I TTLS Data CONNID: 00000025 RECV CIPHER 1603010024
11:10:29 TCPCS3 EZD1285I TTLS Data CONNID: 00000025 RECV CIPHER
789DBBACAE9D6F19F62B1AF2B529B1850F7057A6EDDE64CD 2301D91CA43C4EBBB5A3DFE5
11:10:29 TCPCS3 EZD1285I TTLS Data CONNID: 00000025 SEND CIPHER 140301000101
11:10:29 TCPCS3 EZD1285I TTLS Data CONNID: 00000025 SEND CIPHER
603010024FE6548CCBA0D820D73FF439A6B475B4116BCE4
6FF225DAE1A0F7EC2AEA4690595E63F036
11:10:29 TCPCS3 EZD1284I TTLS Flow GRPID: 00000001 ENVID: 00000001 CONNID: 00000025 RC: 0 Call
GSK_SECURE_SOCKET_INIT - 7F0CA118
11:10:29 TCPCS3 EZD1284I TTLS Flow GRPID: 00000001 ENVID: 00000001 CONNID: 00000025 RC: 0 Get
GSK_CONNECT_SEC_TYPE - TLSV1
11:10:29 TCPCS3 EZD1284I TTLS Flow GRPID: 00000001 ENVID: 00000001 CONNID: 00000025 RC: 0 Get
GSK_CONNECT_CIPHER_SPEC - 05
11:10:29 TCPCS3 EZD1283I TTLS Event GRPID: 00000001 ENVID: 00000001 CONNID: 00000025 RC: 0
Initial Handshake
7F0CA118 7F1DB058 TLSV1 05 7
11:11:05 TCPCS3 EZD1285I TTLS Data CONNID: 00000025 SEND CIPHER
1503010016D47A7AEC70D317976ACEEF3418CDCC8B2DF7
D3491D 8
11:11:13 TCPCS3 EZD1283I TTLS Event GRPID: 00000001 ENVID: 00000001 CONNID: 00000025 RC: 0 Receive
Reset
11:11:13 TCPCS3 EZD1282I TTLS Start GRPID: 00000001 ENVID: 00000001 CONNID: 00000025 Connection Close
ACTIONS: grp_act1 env_act_serv **N/A** 9
11:11:13 TCPCS3 EZD1284I TTLS Flow GRPID: 00000001 ENVID: 00000001 CONNID: 00000025 RC: 0 Call
GSK_SECURE_SOCKET_CLOSE - 7F0CA118
11:11:13 TCPCS3 EZD1283I TTLS Event GRPID: 00000001 ENVID: 00000001 CONNID: 00000025 RC: 0 Connection
Close 7F0CA118 7F1DB058
Figure 1. Example trace of a generic server
processing
The following information corresponds to the line numbers
in
Figure 1.
- A TCP connection has mapped to an AT-TLS rule. The parameters
used to search the AT-TLS rules are listed. The TTLSRule, TTLSGroupAction,
TTLSEnvironmentAction, and TTLSConnectionAction names are also displayed.
Note the ConnID for the connection. This ConnID appears in all future
AT-TLS messages for this connection.
- AT-TLS is creating an environment instance for the application.
- AT-TLS is establishing the parameters for this environment. These
parameters are obtained from the TTLSEnvironmentAction statement.
System SSL calls are made to set up the parameters. This trace message
is defining the key ring to be used by this environment.
- AT-TLS has successfully set up the secure environment and is now
initializing the secure connection. This initiates network flows
with the remote partner.
- Secure data has been received for this connection. During secure
handshake, all the data is traced. For this trace example, some of
the data has been removed.
- Secure data is being sent for this connection.
- The secure handshake has completed. The protocol negotiated (TLSV1)
and the cipher suite negotiated(05) are displayed.
- AT-TLS is sending a secure alert message, because the application
closed the socket.
- The secure connection is being closed.