Skip to content

Instantly share code, notes, and snippets.

@luciferous
Created June 1, 2011 22:13
Show Gist options
  • Save luciferous/1003478 to your computer and use it in GitHub Desktop.
Save luciferous/1003478 to your computer and use it in GitHub Desktop.
Secure WebSockets in Safari 5.0

Safari's implementation of secure WebSockets (wss) starts off with an SSLv2 handshake[1]. Normal browsing over HTTPs uses TLS[2], so why do WebSocket connections use SSLv2? SSLv2 is known to be insecure[3] and some frameworks even explicitly disable its use[4].

WebSocket connections don't always use SSLv2, however. Opening a secure WebSocket connection to a server immediately after browsing to it over HTTPs results in the WebSocket connection using TLS[2].

Furthermore, Safari's WebSocket connections fail when connecting to a test SSL server that is configured to accept SSLv2[5]. Is Safari's implementation of SSLv2 even correct?

Start up a test server on port 443 using no certificates.

# openssl s_server -nocert -msg -accept 443
Using default temp DH parameters
Using default temp ECDH parameters
ACCEPT

Open a WebSocket to the server in Chrome and in Safari using the following command:

new WebSocket("wss://localhost");

The Chrome handshake:

<<< TLS 1.0 Handshake [length 0173], ClientHello
    01 00 01 6f 03 01 4d e6 b7 52 7a 59 11 49 59 e4
    55 45 57 15 52 3f 1d fd 13 c4 69 d3 36 7a ba ce
    e2 83 eb db 93 40 20 9f 7b 2e 1f d8 fa db f6 b0
    9b b6 43 00 39 50 d8 1f aa f3 f0 7e 33 12 02 0e
    90 38 f7 f9 43 0e c7 00 48 c0 0a c0 14 00 88 00
    87 00 39 00 38 c0 0f c0 05 00 84 00 35 c0 07 c0
    09 c0 11 c0 13 00 45 00 44 00 66 00 33 00 32 c0
    0c c0 0e c0 02 c0 04 00 96 00 41 00 04 00 05 00
    2f c0 08 c0 12 00 16 00 13 c0 0d c0 03 fe ff 00
    0a 02 01 00 00 dd 00 00 00 0e 00 0c 00 00 09 6c
    6f 63 61 6c 68 6f 73 74 ff 01 00 01 00 00 0a 00
    08 00 06 00 17 00 18 00 19 00 0b 00 02 01 00 00
    23 00 b0 6a 31 92 df ad 75 07 2a df ad 8d 87 b6
    2b d3 9c 68 30 9d cb 3b e3 d0 87 fd 4e 0f fd 42
    77 66 97 43 db fa 7c 2b 81 25 33 4b dd 4b e7 9b
    81 0a fb 6a a6 e5 6d 36 dd f8 8b d1 a3 3b 1d c0
    33 c9 ed a8 30 3c b9 69 16 d3 f4 d3 80 78 83 43
    c8 9d 12 57 d7 10 3b 7a 50 37 bd 27 e6 26 f6 34
    0f 01 2a 79 f3 79 bf ba 42 2b d2 2a f7 a9 fd b3
    91 91 4c 1c 5d f4 d1 4a ce 30 8a 36 63 03 de b7
    5b 95 33 bd 01 41 e0 ed 5f 7e 87 73 63 91 fc 3e
    d9 48 79 19 56 2f 34 42 02 17 b0 36 18 f3 d2 43
    c0 17 0b 19 14 9d 23 dc 7b ba 6a e3 47 9b 4d c1
    2c 83 5e
>>> TLS 1.0 Alert [length 0002], fatal handshake_failure
    02 28
ERROR
29593:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher:/SourceCache/OpenSSL098/OpenSSL098-35/src/ssl/s3_srvr.c:1051:
shutting down SSL
CONNECTION CLOSED
ACCEPT

The Safari handshake:

<<< SSL 2.0 [length 0064], CLIENT-HELLO
    01 03 01 00 4b 00 00 00 10 00 00 2f 00 00 05 00
    00 04 00 00 35 00 00 0a 00 00 09 00 00 03 00 00
    08 00 00 06 00 00 32 00 00 33 00 00 38 00 00 39
    00 00 16 00 00 15 00 00 14 00 00 13 00 00 12 00
    00 11 01 00 80 02 00 80 03 00 80 04 00 80 06 00
    40 07 00 c0 c7 db de dc 26 8e 6d 63 8c b7 17 ec
    9a ad 69 d2
>>> TLS 1.0 Alert [length 0002], fatal handshake_failure
    02 28
ERROR
29593:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher:/SourceCache/OpenSSL098/OpenSSL098-35/src/ssl/s3_srvr.c:1051:
shutting down SSL
CONNECTION CLOSED
ACCEPT

Generate a self-signed certificate.

# openssl req -new -x509 -days 1 -nodes -out server.pem -keyout server.key
Generating a 1024 bit RSA private key
[...]

Start a test server with these certificates.

# openssl s_server -accept 443 -state -key server.key -cert server.pem
Using default temp DH parameters
Using default temp ECDH parameters
ACCEPT

The Chrome handshake:

<<< TLS 1.0 Handshake [length 00a3], ClientHello
    01 00 00 9f 03 01 4d e6 b8 7e 13 9a 10 a2 76 e8
    ec ba e7 90 49 26 4c d3 a9 7f 2f 95 7f 7a ca 54
    8e 3c 45 cd c4 46 00 00 48 c0 0a c0 14 00 88 00
    87 00 39 00 38 c0 0f c0 05 00 84 00 35 c0 07 c0
    09 c0 11 c0 13 00 45 00 44 00 66 00 33 00 32 c0
    0c c0 0e c0 02 c0 04 00 96 00 41 00 04 00 05 00
    2f c0 08 c0 12 00 16 00 13 c0 0d c0 03 fe ff 00
    0a 02 01 00 00 2d 00 00 00 0e 00 0c 00 00 09 6c
    6f 63 61 6c 68 6f 73 74 ff 01 00 01 00 00 0a 00
    08 00 06 00 17 00 18 00 19 00 0b 00 02 01 00 00
    23 00 00
>>> TLS 1.0 Handshake [length 0030], ServerHello
    02 00 00 2c 03 01 4d e6 b8 7e 9b f8 61 4b 31 71
    49 17 08 72 d1 9e 25 ed d1 9b 5d 81 2f 8b 53 f8
    dd d8 3f 6e b3 bc 00 00 39 01 00 04 00 23 00 00
>>> TLS 1.0 Handshake [length 02fd], Certificate
    0b 00 02 f9 00 02 f6 00 02 f3 30 82 02 ef 30 82
    02 58 a0 03 02 01 02 02 09 00 a9 a5 d5 76 6c 37
    4f 54 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05
    00 30 59 31 0b 30 09 06 03 55 04 06 13 02 41 55
    31 13 30 11 06 03 55 04 08 13 0a 53 6f 6d 65 2d
    53 74 61 74 65 31 21 30 1f 06 03 55 04 0a 13 18
    49 6e 74 65 72 6e 65 74 20 57 69 64 67 69 74 73
    20 50 74 79 20 4c 74 64 31 12 30 10 06 03 55 04
    03 13 09 6c 6f 63 61 6c 68 6f 73 74 30 1e 17 0d
    31 31 30 36 30 31 32 30 30 32 34 37 5a 17 0d 31
    31 30 36 30 32 32 30 30 32 34 37 5a 30 59 31 0b
    30 09 06 03 55 04 06 13 02 41 55 31 13 30 11 06
    03 55 04 08 13 0a 53 6f 6d 65 2d 53 74 61 74 65
    31 21 30 1f 06 03 55 04 0a 13 18 49 6e 74 65 72
    6e 65 74 20 57 69 64 67 69 74 73 20 50 74 79 20
    4c 74 64 31 12 30 10 06 03 55 04 03 13 09 6c 6f
    63 61 6c 68 6f 73 74 30 81 9f 30 0d 06 09 2a 86
    48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 81 89
    02 81 81 00 bb 8f 88 c5 a7 df f1 ea e1 c3 06 a4
    6f 6a be f1 23 0d 23 b3 16 bd 12 d0 87 b5 ae 4a
    51 18 27 83 aa 71 38 fe 56 07 fc 28 fa d9 94 b2
    7b 39 79 1b e1 23 4e c4 2d cb d8 e4 b5 47 17 11
    75 0b 19 1e 3b ef 23 f1 13 84 d1 c4 de 2c bd ad
    c7 e3 6a 59 c7 5d 4f 08 51 9e cb 82 a9 1b e6 72
    20 af 09 31 ef c5 b0 c9 84 1c 1d 25 4c 11 e2 6d
    54 4d ae 91 a1 23 cc 37 0e 97 b2 d0 65 f6 65 02
    6b 2b b5 bd 02 03 01 00 01 a3 81 be 30 81 bb 30
    1d 06 03 55 1d 0e 04 16 04 14 77 96 cd bf 26 e4
    9f 18 02 01 9e f5 05 6b ba 9d e7 0d 60 b1 30 81
    8b 06 03 55 1d 23 04 81 83 30 81 80 80 14 77 96
    cd bf 26 e4 9f 18 02 01 9e f5 05 6b ba 9d e7 0d
    60 b1 a1 5d a4 5b 30 59 31 0b 30 09 06 03 55 04
    06 13 02 41 55 31 13 30 11 06 03 55 04 08 13 0a
    53 6f 6d 65 2d 53 74 61 74 65 31 21 30 1f 06 03
    55 04 0a 13 18 49 6e 74 65 72 6e 65 74 20 57 69
    64 67 69 74 73 20 50 74 79 20 4c 74 64 31 12 30
    10 06 03 55 04 03 13 09 6c 6f 63 61 6c 68 6f 73
    74 82 09 00 a9 a5 d5 76 6c 37 4f 54 30 0c 06 03
    55 1d 13 04 05 30 03 01 01 ff 30 0d 06 09 2a 86
    48 86 f7 0d 01 01 05 05 00 03 81 81 00 24 08 d3
    ec 25 4c 41 34 dc 59 c7 22 b1 27 fb 62 f3 0a 34
    63 c9 ed ce 73 4b 65 78 b1 12 59 f3 7c 23 ae 7e
    87 60 bb f0 60 1b 57 61 e6 a5 f8 a0 e3 67 a7 30
    d7 81 7c 45 c4 08 12 18 a6 b3 e0 a3 ba 89 6b 54
    5c e8 f8 95 40 9b ea 15 02 c6 22 a1 2a 99 0d 08
    71 f6 74 de 3a 1c 96 98 b3 7d 78 8c 1d c0 77 0d
    9f f2 61 48 c4 cc 42 7b aa cb 35 fc e8 b2 b1 6e
    77 66 c6 4b e0 d0 1c c1 28 da f6 8a a8
>>> TLS 1.0 Handshake [length 010d], ServerKeyExchange
    0c 00 01 09 00 40 da 58 3c 16 d9 85 22 89 d0 e4
    af 75 6f 4c ca 92 dd 4b e5 33 b8 04 fb 0f ed 94
    ef 9c 8a 44 03 ed 57 46 50 d3 69 99 db 29 d7 76
    27 6b a2 d3 d4 12 e2 18 f4 dd 1e 08 4c f6 d8 00
    3e 7c 47 74 e8 33 00 01 02 00 40 7f 52 91 ed 1a
    e7 e3 e6 0b 5a 2c 3a 85 05 41 79 a4 5a 5c e9 ef
    c2 a1 63 eb 8f 4a b5 7d 3a 70 b3 e5 fd eb 32 63
    59 2e ab ac 22 08 a8 a7 5b d6 d1 a6 b7 ec b9 2a
    59 a8 ef 4c b9 62 b6 d0 e3 89 d6 00 80 4c 47 02
    a6 9a e3 49 20 d4 29 17 97 4e 6a d9 95 b1 1b 65
    6e 3a d8 1b cd fb 56 c8 a5 ea a8 4b 08 b5 6a 63
    09 a5 16 46 cc 58 b9 5d 0f a7 a8 cc 32 88 02 cf
    48 d7 20 09 f1 29 ed 7c d4 8a bb 79 53 c6 6f 05
    59 fa 71 47 ff c5 d0 37 62 d8 e7 e1 91 83 5c 44
    38 71 d7 a3 8e 0e d6 9c 9c 4f 1e f8 c9 53 85 56
    90 97 7c ba e4 db 50 0d 7c 70 7d 04 47 e9 f3 c8
    5f 24 4a e6 de 49 bd df b7 e7 19 3e 0d
>>> TLS 1.0 Handshake [length 0004], ServerHelloDone
    0e 00 00 00
<<< TLS 1.0 Handshake [length 0046], ClientKeyExchange
    10 00 00 42 00 40 bd ff ec 4b 16 81 58 1f 88 63
    0e ca 0d 1b 3b d4 7b ba 97 88 58 fd be 94 a3 01
    df 5a 30 16 7d bb af f4 db a8 62 8f 0e cd f3 54
    40 85 b6 b2 36 4e 6b bb 04 5b 34 e4 60 2b 81 52
    ac 14 08 4f 06 e2
<<< TLS 1.0 ChangeCipherSpec [length 0001]
    01
<<< TLS 1.0 Handshake [length 0010], Finished
    14 00 00 0c 94 41 27 b8 2c cb 8a 3c 4e dc cc a5
>>> TLS 1.0 Handshake [length 00ba]???
    04 00 00 b6 00 00 00 00 00 b0 50 3b e4 c4 fb 93
    82 f2 c6 6c 66 f8 0d 1d 4f 9e da 9a 9f 41 91 b3
    85 d3 10 6a 40 10 2f 53 d9 28 c9 6e 47 22 2a 27
    da b0 2d bc 16 f2 9f 27 7b 13 06 43 18 03 2c fd
    9b da 70 1f fd a5 e4 df 33 d2 2e ff 65 da b5 d3
    55 25 e4 e4 53 b7 60 fd e5 db 3c 7b 27 92 a8 c1
    9c e0 43 3b 40 01 36 00 cd 07 fb 20 c6 d5 91 dc
    10 36 fc 82 81 13 43 b9 45 cf 86 e1 98 7d c0 a5
    27 90 25 fe 2d 4f 18 49 52 22 06 13 1b 1c 7e 12
    a8 2e b0 31 7b 5c 2e 11 23 7a ab 1f 05 cf 3f 4d
    95 31 55 b0 17 82 bd f9 fb e1 65 58 27 99 62 6e
    53 5d 28 38 e6 07 45 a6 3f 9c
>>> TLS 1.0 ChangeCipherSpec [length 0001]
    01
>>> TLS 1.0 Handshake [length 0010], Finished
    14 00 00 0c 16 5b 74 a8 be 22 cd 02 fd 54 ec 81
GET / HTTP/1.1
Upgrade: WebSocket
Connection: Upgrade
Host: localhost
Origin: chrome://newtab
Sec-WebSocket-Key1: , 2 L Tj69 197 8"F68 4J
Sec-WebSocket-Key2: 1v  50 xP3  `6L 6K4  o0D0P

Ú2Ÿvµ<i

The Safari handshake:

<<< SSL 2.0 [length 0064], CLIENT-HELLO
    01 03 01 00 4b 00 00 00 10 00 00 2f 00 00 05 00
    00 04 00 00 35 00 00 0a 00 00 09 00 00 03 00 00
    08 00 00 06 00 00 32 00 00 33 00 00 38 00 00 39
    00 00 16 00 00 15 00 00 14 00 00 13 00 00 12 00
    00 11 01 00 80 02 00 80 03 00 80 04 00 80 06 00
    40 07 00 c0 9c 81 66 a1 47 4b e7 38 6a ae 58 d9
    15 47 04 d2
>>> TLS 1.0 Handshake [length 004a], ServerHello
    02 00 00 46 03 01 4d e6 b8 cb 34 97 fc 7b 5d eb
    d0 fd 2b fb 1d ba 42 88 4b 09 1d f5 76 c2 96 08
    93 2c 77 8b ce d2 20 ad 63 c6 f2 97 db d5 20 ab
    21 12 88 1c eb bb 43 63 73 ea 73 dc 03 2b 0e cd
    14 0f 01 51 ac 36 15 00 2f 00
>>> TLS 1.0 Handshake [length 02fd], Certificate
    0b 00 02 f9 00 02 f6 00 02 f3 30 82 02 ef 30 82
    02 58 a0 03 02 01 02 02 09 00 a9 a5 d5 76 6c 37
    4f 54 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05
    00 30 59 31 0b 30 09 06 03 55 04 06 13 02 41 55
    31 13 30 11 06 03 55 04 08 13 0a 53 6f 6d 65 2d
    53 74 61 74 65 31 21 30 1f 06 03 55 04 0a 13 18
    49 6e 74 65 72 6e 65 74 20 57 69 64 67 69 74 73
    20 50 74 79 20 4c 74 64 31 12 30 10 06 03 55 04
    03 13 09 6c 6f 63 61 6c 68 6f 73 74 30 1e 17 0d
    31 31 30 36 30 31 32 30 30 32 34 37 5a 17 0d 31
    31 30 36 30 32 32 30 30 32 34 37 5a 30 59 31 0b
    30 09 06 03 55 04 06 13 02 41 55 31 13 30 11 06
    03 55 04 08 13 0a 53 6f 6d 65 2d 53 74 61 74 65
    31 21 30 1f 06 03 55 04 0a 13 18 49 6e 74 65 72
    6e 65 74 20 57 69 64 67 69 74 73 20 50 74 79 20
    4c 74 64 31 12 30 10 06 03 55 04 03 13 09 6c 6f
    63 61 6c 68 6f 73 74 30 81 9f 30 0d 06 09 2a 86
    48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 81 89
    02 81 81 00 bb 8f 88 c5 a7 df f1 ea e1 c3 06 a4
    6f 6a be f1 23 0d 23 b3 16 bd 12 d0 87 b5 ae 4a
    51 18 27 83 aa 71 38 fe 56 07 fc 28 fa d9 94 b2
    7b 39 79 1b e1 23 4e c4 2d cb d8 e4 b5 47 17 11
    75 0b 19 1e 3b ef 23 f1 13 84 d1 c4 de 2c bd ad
    c7 e3 6a 59 c7 5d 4f 08 51 9e cb 82 a9 1b e6 72
    20 af 09 31 ef c5 b0 c9 84 1c 1d 25 4c 11 e2 6d
    54 4d ae 91 a1 23 cc 37 0e 97 b2 d0 65 f6 65 02
    6b 2b b5 bd 02 03 01 00 01 a3 81 be 30 81 bb 30
    1d 06 03 55 1d 0e 04 16 04 14 77 96 cd bf 26 e4
    9f 18 02 01 9e f5 05 6b ba 9d e7 0d 60 b1 30 81
    8b 06 03 55 1d 23 04 81 83 30 81 80 80 14 77 96
    cd bf 26 e4 9f 18 02 01 9e f5 05 6b ba 9d e7 0d
    60 b1 a1 5d a4 5b 30 59 31 0b 30 09 06 03 55 04
    06 13 02 41 55 31 13 30 11 06 03 55 04 08 13 0a
    53 6f 6d 65 2d 53 74 61 74 65 31 21 30 1f 06 03
    55 04 0a 13 18 49 6e 74 65 72 6e 65 74 20 57 69
    64 67 69 74 73 20 50 74 79 20 4c 74 64 31 12 30
    10 06 03 55 04 03 13 09 6c 6f 63 61 6c 68 6f 73
    74 82 09 00 a9 a5 d5 76 6c 37 4f 54 30 0c 06 03
    55 1d 13 04 05 30 03 01 01 ff 30 0d 06 09 2a 86
    48 86 f7 0d 01 01 05 05 00 03 81 81 00 24 08 d3
    ec 25 4c 41 34 dc 59 c7 22 b1 27 fb 62 f3 0a 34
    63 c9 ed ce 73 4b 65 78 b1 12 59 f3 7c 23 ae 7e
    87 60 bb f0 60 1b 57 61 e6 a5 f8 a0 e3 67 a7 30
    d7 81 7c 45 c4 08 12 18 a6 b3 e0 a3 ba 89 6b 54
    5c e8 f8 95 40 9b ea 15 02 c6 22 a1 2a 99 0d 08
    71 f6 74 de 3a 1c 96 98 b3 7d 78 8c 1d c0 77 0d
    9f f2 61 48 c4 cc 42 7b aa cb 35 fc e8 b2 b1 6e
    77 66 c6 4b e0 d0 1c c1 28 da f6 8a a8
>>> TLS 1.0 Handshake [length 0004], ServerHelloDone
    0e 00 00 00
ERROR
29757:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:/SourceCache/OpenSSL098/OpenSSL098-35/src/ssl/s23_lib.c:188:
shutting down SSL
CONNECTION CLOSED
ACCEPT

Safari's handshake when opening https://localhost/:

<<< TLS 1.0 Handshake [length 0097], ClientHello
    01 00 00 93 03 01 4d e6 bc b3 73 33 d3 ab e1 81
    8f e6 a6 3a db 19 87 73 c9 4b 5d a5 95 a8 bb 04
    13 16 c0 ac a8 fb 00 00 46 c0 0a c0 09 c0 07 c0
    08 c0 13 c0 14 c0 11 c0 12 c0 04 c0 05 c0 02 c0
    03 c0 0e c0 0f c0 0c c0 0d 00 2f 00 05 00 04 00
    35 00 0a 00 09 00 03 00 08 00 06 00 32 00 33 00
    38 00 39 00 16 00 15 00 14 00 13 00 12 00 11 01
    00 00 24 00 00 00 0e 00 0c 00 00 09 6c 6f 63 61
    6c 68 6f 73 74 00 0a 00 08 00 06 00 17 00 18 00
    19 00 0b 00 02 01 00
>>> TLS 1.0 Handshake [length 004a], ServerHello
    02 00 00 46 03 01 4d e6 bc b3 c9 e5 bc 1a 7c bb
    fb 67 75 2f a8 91 e0 31 5d 62 37 cc 5a 68 22 ac
    1a 30 fa 6d 19 c3 20 14 4f 1f b6 aa 79 99 f3 6d
    48 b5 08 ee 05 70 a6 32 cd 9e 6b 0b c5 22 0f 73
    57 b5 0b e1 27 f2 fe 00 2f 00
>>> TLS 1.0 Handshake [length 02fd], Certificate
    0b 00 02 f9 00 02 f6 00 02 f3 30 82 02 ef 30 82
    02 58 a0 03 02 01 02 02 09 00 a9 a5 d5 76 6c 37
    4f 54 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05
    00 30 59 31 0b 30 09 06 03 55 04 06 13 02 41 55
    31 13 30 11 06 03 55 04 08 13 0a 53 6f 6d 65 2d
    53 74 61 74 65 31 21 30 1f 06 03 55 04 0a 13 18
    49 6e 74 65 72 6e 65 74 20 57 69 64 67 69 74 73
    20 50 74 79 20 4c 74 64 31 12 30 10 06 03 55 04
    03 13 09 6c 6f 63 61 6c 68 6f 73 74 30 1e 17 0d
    31 31 30 36 30 31 32 30 30 32 34 37 5a 17 0d 31
    31 30 36 30 32 32 30 30 32 34 37 5a 30 59 31 0b
    30 09 06 03 55 04 06 13 02 41 55 31 13 30 11 06
    03 55 04 08 13 0a 53 6f 6d 65 2d 53 74 61 74 65
    31 21 30 1f 06 03 55 04 0a 13 18 49 6e 74 65 72
    6e 65 74 20 57 69 64 67 69 74 73 20 50 74 79 20
    4c 74 64 31 12 30 10 06 03 55 04 03 13 09 6c 6f
    63 61 6c 68 6f 73 74 30 81 9f 30 0d 06 09 2a 86
    48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 81 89
    02 81 81 00 bb 8f 88 c5 a7 df f1 ea e1 c3 06 a4
    6f 6a be f1 23 0d 23 b3 16 bd 12 d0 87 b5 ae 4a
    51 18 27 83 aa 71 38 fe 56 07 fc 28 fa d9 94 b2
    7b 39 79 1b e1 23 4e c4 2d cb d8 e4 b5 47 17 11
    75 0b 19 1e 3b ef 23 f1 13 84 d1 c4 de 2c bd ad
    c7 e3 6a 59 c7 5d 4f 08 51 9e cb 82 a9 1b e6 72
    20 af 09 31 ef c5 b0 c9 84 1c 1d 25 4c 11 e2 6d
    54 4d ae 91 a1 23 cc 37 0e 97 b2 d0 65 f6 65 02
    6b 2b b5 bd 02 03 01 00 01 a3 81 be 30 81 bb 30
    1d 06 03 55 1d 0e 04 16 04 14 77 96 cd bf 26 e4
    9f 18 02 01 9e f5 05 6b ba 9d e7 0d 60 b1 30 81
    8b 06 03 55 1d 23 04 81 83 30 81 80 80 14 77 96
    cd bf 26 e4 9f 18 02 01 9e f5 05 6b ba 9d e7 0d
    60 b1 a1 5d a4 5b 30 59 31 0b 30 09 06 03 55 04
    06 13 02 41 55 31 13 30 11 06 03 55 04 08 13 0a
    53 6f 6d 65 2d 53 74 61 74 65 31 21 30 1f 06 03
    55 04 0a 13 18 49 6e 74 65 72 6e 65 74 20 57 69
    64 67 69 74 73 20 50 74 79 20 4c 74 64 31 12 30
    10 06 03 55 04 03 13 09 6c 6f 63 61 6c 68 6f 73
    74 82 09 00 a9 a5 d5 76 6c 37 4f 54 30 0c 06 03
    55 1d 13 04 05 30 03 01 01 ff 30 0d 06 09 2a 86
    48 86 f7 0d 01 01 05 05 00 03 81 81 00 24 08 d3
    ec 25 4c 41 34 dc 59 c7 22 b1 27 fb 62 f3 0a 34
    63 c9 ed ce 73 4b 65 78 b1 12 59 f3 7c 23 ae 7e
    87 60 bb f0 60 1b 57 61 e6 a5 f8 a0 e3 67 a7 30
    d7 81 7c 45 c4 08 12 18 a6 b3 e0 a3 ba 89 6b 54
    5c e8 f8 95 40 9b ea 15 02 c6 22 a1 2a 99 0d 08
    71 f6 74 de 3a 1c 96 98 b3 7d 78 8c 1d c0 77 0d
    9f f2 61 48 c4 cc 42 7b aa cb 35 fc e8 b2 b1 6e
    77 66 c6 4b e0 d0 1c c1 28 da f6 8a a8
>>> TLS 1.0 Handshake [length 0004], ServerHelloDone
    0e 00 00 00
<<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
    10 00 00 82 00 80 76 03 dd 52 ee b1 9c cc 73 76
    d7 14 e9 34 55 94 72 a9 88 f8 8a 8b 33 77 c2 fc
    de de c1 c1 fc 21 ba 1b 98 a8 b9 4e 9d 74 59 ee
    5f 25 d6 9f f7 19 e9 65 b1 c4 94 cf b2 8d a2 d9
    b1 2a f1 91 5f 2a 6d 0b fb 51 93 6c 16 ba 3b 59
    88 9c 0f 4e fa 15 d0 55 ed 53 82 da f3 bb 4e 66
    41 f8 1c 0d d9 69 2e 11 4d c9 2c 1c 40 33 d0 f9
    36 15 90 8c 58 09 f5 7d d1 f3 a2 42 cc 79 bd 5e
    b2 c7 c0 04 6c d1
<<< TLS 1.0 ChangeCipherSpec [length 0001]
    01
<<< TLS 1.0 Handshake [length 0010], Finished
    14 00 00 0c 67 7d d3 c0 15 19 fa 2e 6b b0 b5 4d
>>> TLS 1.0 ChangeCipherSpec [length 0001]
    01
>>> TLS 1.0 Handshake [length 0010], Finished
    14 00 00 0c 1c a8 3c 68 b2 97 fe ca 43 f1 7e 3c
GET / HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_6; en-us) AppleWebKit/533.19.4 (KHTML, like Gecko) Version/5.0.3 Safari/533.19.4
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us
Accept-Encoding: gzip, deflate
Connection: keep-alive

In the same Safari browser instance, directly after navigating to https://localhost/ opening a WebSocket results in a TLS handshake:

<<< TLS 1.0 Handshake [length 0085], ClientHello
    01 00 00 81 03 01 4d e6 bd 88 91 d0 ab 0e e5 e5
    4e 0f 1a 51 16 bc f8 cb 1c 91 ed 45 e4 c4 c5 f2
    ae b2 00 bd 6a f5 20 14 4f 1f b6 aa 79 99 f3 6d
    48 b5 08 ee 05 70 a6 32 cd 9e 6b 0b c5 22 0f 73
    57 b5 0b e1 27 f2 fe 00 26 00 2f 00 05 00 04 00
    35 00 0a 00 09 00 03 00 08 00 06 00 32 00 33 00
    38 00 39 00 16 00 15 00 14 00 13 00 12 00 11 01
    00 00 12 00 00 00 0e 00 0c 00 00 09 6c 6f 63 61
    6c 68 6f 73 74
>>> TLS 1.0 Handshake [length 004a], ServerHello
    02 00 00 46 03 01 4d e6 bd 8d 47 96 40 27 f2 a5
    cb cc 1b 58 e2 fc 81 1b 3b e6 bb 39 42 a0 e4 2a
    ca ff dd fb 4b 7a 20 14 4f 1f b6 aa 79 99 f3 6d
    48 b5 08 ee 05 70 a6 32 cd 9e 6b 0b c5 22 0f 73
    57 b5 0b e1 27 f2 fe 00 2f 00
>>> TLS 1.0 ChangeCipherSpec [length 0001]
    01
>>> TLS 1.0 Handshake [length 0010], Finished
    14 00 00 0c 29 92 09 96 e4 88 e6 b8 7a ee 9c ed
<<< TLS 1.0 ChangeCipherSpec [length 0001]
    01
<<< TLS 1.0 Handshake [length 0010], Finished
    14 00 00 0c d7 0e 76 27 b5 c4 03 99 3a ab b1 05
-----BEGIN SSL SESSION PARAMETERS-----
MIGCAgEBAgIDAQQCAC8EIBRPH7aqeZnzbUi1CO4FcKYyzZ5rC8UiD3NXtQvhJ/L+
BDAP9mXvA+HoJJzFjCXcxjOQPWlA6vOPsYEb2fdVIfqR/BBvrVWosWgGzS4SMokl
1HShBgIETea8s6IEAgIBLKQGBAQBAAAApgsECWxvY2FsaG9zdA==
-----END SSL SESSION PARAMETERS-----
Shared ciphers:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-RC4-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDH-ECDSA-AES128-SHA:ECDH-ECDSA-AES256-SHA:ECDH-ECDSA-RC4-SHA:ECDH-ECDSA-DES-CBC3-SHA:ECDH-RSA-AES128-SHA:ECDH-RSA-AES256-SHA:ECDH-RSA-RC4-SHA:ECDH-RSA-DES-CBC3-SHA:AES128-SHA:RC4-SHA:RC4-MD5:AES256-SHA:DES-CBC3-SHA:DES-CBC-SHA:EXP-RC4-MD5:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:DHE-DSS-AES128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC3-SHA:EDH-DSS-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA
CIPHER is AES128-SHA
Reused session-id
GET / HTTP/1.1
Upgrade: WebSocket
Connection: Upgrade
Host: localhost
Origin: https://localhost
Sec-WebSocket-Key1: 1  89b 3o   1 5 e5 B59  4
Sec-WebSocket-Key2: .3a10  HCJ4h"75B Q 28>4 0

…T J»´

A test server that only speaks SSLv2.

# openssl s_server -accept 443 -msg -key server.key -cert server.pem -ssl2
Using default temp DH parameters
Using default temp ECDH parameters
ACCEPT
<<< SSL 2.0 [length 0064], CLIENT-HELLO
    01 03 01 00 4b 00 00 00 10 00 00 2f 00 00 05 00
    00 04 00 00 35 00 00 0a 00 00 09 00 00 03 00 00
    08 00 00 06 00 00 32 00 00 33 00 00 38 00 00 39
    00 00 16 00 00 15 00 00 14 00 00 13 00 00 12 00
    00 11 01 00 80 02 00 80 03 00 80 04 00 80 06 00
    40 07 00 c0 d0 34 91 cc da fd d0 62 c9 23 ec c5
    b4 80 c0 eb
>>> SSL 2.0 [length 0320], SERVER-HELLO
    04 00 01 00 02 02 f3 00 12 00 10 30 82 02 ef 30
    82 02 58 a0 03 02 01 02 02 09 00 a9 a5 d5 76 6c
    37 4f 54 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05
    05 00 30 59 31 0b 30 09 06 03 55 04 06 13 02 41
    55 31 13 30 11 06 03 55 04 08 13 0a 53 6f 6d 65
    2d 53 74 61 74 65 31 21 30 1f 06 03 55 04 0a 13
    18 49 6e 74 65 72 6e 65 74 20 57 69 64 67 69 74
    73 20 50 74 79 20 4c 74 64 31 12 30 10 06 03 55
    04 03 13 09 6c 6f 63 61 6c 68 6f 73 74 30 1e 17
    0d 31 31 30 36 30 31 32 30 30 32 34 37 5a 17 0d
    31 31 30 36 30 32 32 30 30 32 34 37 5a 30 59 31
    0b 30 09 06 03 55 04 06 13 02 41 55 31 13 30 11
    06 03 55 04 08 13 0a 53 6f 6d 65 2d 53 74 61 74
    65 31 21 30 1f 06 03 55 04 0a 13 18 49 6e 74 65
    72 6e 65 74 20 57 69 64 67 69 74 73 20 50 74 79
    20 4c 74 64 31 12 30 10 06 03 55 04 03 13 09 6c
    6f 63 61 6c 68 6f 73 74 30 81 9f 30 0d 06 09 2a
    86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 81
    89 02 81 81 00 bb 8f 88 c5 a7 df f1 ea e1 c3 06
    a4 6f 6a be f1 23 0d 23 b3 16 bd 12 d0 87 b5 ae
    4a 51 18 27 83 aa 71 38 fe 56 07 fc 28 fa d9 94
    b2 7b 39 79 1b e1 23 4e c4 2d cb d8 e4 b5 47 17
    11 75 0b 19 1e 3b ef 23 f1 13 84 d1 c4 de 2c bd
    ad c7 e3 6a 59 c7 5d 4f 08 51 9e cb 82 a9 1b e6
    72 20 af 09 31 ef c5 b0 c9 84 1c 1d 25 4c 11 e2
    6d 54 4d ae 91 a1 23 cc 37 0e 97 b2 d0 65 f6 65
    02 6b 2b b5 bd 02 03 01 00 01 a3 81 be 30 81 bb
    30 1d 06 03 55 1d 0e 04 16 04 14 77 96 cd bf 26
    e4 9f 18 02 01 9e f5 05 6b ba 9d e7 0d 60 b1 30
    81 8b 06 03 55 1d 23 04 81 83 30 81 80 80 14 77
    96 cd bf 26 e4 9f 18 02 01 9e f5 05 6b ba 9d e7
    0d 60 b1 a1 5d a4 5b 30 59 31 0b 30 09 06 03 55
    04 06 13 02 41 55 31 13 30 11 06 03 55 04 08 13
    0a 53 6f 6d 65 2d 53 74 61 74 65 31 21 30 1f 06
    03 55 04 0a 13 18 49 6e 74 65 72 6e 65 74 20 57
    69 64 67 69 74 73 20 50 74 79 20 4c 74 64 31 12
    30 10 06 03 55 04 03 13 09 6c 6f 63 61 6c 68 6f
    73 74 82 09 00 a9 a5 d5 76 6c 37 4f 54 30 0c 06
    03 55 1d 13 04 05 30 03 01 01 ff 30 0d 06 09 2a
    86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 24 08
    d3 ec 25 4c 41 34 dc 59 c7 22 b1 27 fb 62 f3 0a
    34 63 c9 ed ce 73 4b 65 78 b1 12 59 f3 7c 23 ae
    7e 87 60 bb f0 60 1b 57 61 e6 a5 f8 a0 e3 67 a7
    30 d7 81 7c 45 c4 08 12 18 a6 b3 e0 a3 ba 89 6b
    54 5c e8 f8 95 40 9b ea 15 02 c6 22 a1 2a 99 0d
    08 71 f6 74 de 3a 1c 96 98 b3 7d 78 8c 1d c0 77
    0d 9f f2 61 48 c4 cc 42 7b aa cb 35 fc e8 b2 b1
    6e 77 66 c6 4b e0 d0 1c c1 28 da f6 8a a8 01 00
    80 02 00 80 03 00 80 04 00 80 06 00 40 07 00 c0
    0c fe 7f 8e b2 4b da e5 35 f5 08 3f 0e 75 c7 19
ERROR
34673:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure:/SourceCache/OpenSSL098/OpenSSL098-35/src/ssl/s2_pkt.c:428:
shutting down SSL
CONNECTION CLOSED
ACCEPT
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment