Last active
May 25, 2021 19:24
-
-
Save kush789/3e1ce7901591225d7e7b4d89935ceaf0 to your computer and use it in GitHub Desktop.
Using OpenSSL, we attempt to establish a TLS 1.3 connection with 216.58.196.174, corresponding to google.com. However, instead of specifying 'google.com' in the SNI, we specify a potentially blocked website '1337x.be' and an unblocked website 'facebook.com'.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| openssl s_client -state -connect 216.58.196.174:443 -servername 1337x.be -tls1_3 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| SSL_connect:before SSL initialization | |
| SSL_connect:SSLv3/TLS write client hello | |
| SSL_connect:SSLv3/TLS write client hello | |
| SSL_connect:SSLv3/TLS read server hello | |
| SSL_connect:TLSv1.3 read encrypted extensions | |
| depth=2 OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign | |
| verify return:1 | |
| depth=1 C = US, O = Google Trust Services, CN = GTS CA 1O1 | |
| verify return:1 | |
| depth=0 C = US, ST = California, L = Mountain View, O = Google LLC, CN = *.google.com | |
| verify return:1 | |
| SSL_connect:SSLv3/TLS read server certificate | |
| SSL_connect:TLSv1.3 read server certificate verify | |
| SSL_connect:SSLv3/TLS read finished | |
| SSL_connect:SSLv3/TLS write change cipher spec | |
| SSL_connect:SSLv3/TLS write finished | |
| CONNECTED(00000003) | |
| --- | |
| Certificate chain | |
| 0 s:C = US, ST = California, L = Mountain View, O = Google LLC, CN = *.google.com | |
| i:C = US, O = Google Trust Services, CN = GTS CA 1O1 | |
| 1 s:C = US, O = Google Trust Services, CN = GTS CA 1O1 | |
| i:OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign | |
| --- | |
| Server certificate | |
| -----BEGIN CERTIFICATE----- | |
| MIIKEDCCCPigAwIBAgIRAI8EyckMA1DNCAAAAAAU+9IwDQYJKoZIhvcNAQELBQAw | |
| QjELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFUdvb2dsZSBUcnVzdCBTZXJ2aWNlczET | |
| MBEGA1UEAxMKR1RTIENBIDFPMTAeFw0xOTA5MTcxMzMyNTNaFw0xOTEyMTAxMzMy | |
| NTNaMGYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH | |
| Ew1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgTExDMRUwEwYDVQQDDAwq | |
| Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDo4afE | |
| tLsZ9XzmBawxDHN3QMfHFm/5duAq5hBJ+ye752UsmusHUr1ZHfNyk/hmoUeElpdT | |
| Ha2kV4qCPr8+KduonO2FRLOrVpK8+NrcSYCL6uFZGJCMMcTKGpiu02hqAfDQ5ljB | |
| ykAcgpGpVGmqCCUcb6HTLxJ5TLTBm4j5qIYxJs/ilCA4dpNigHII0stHJtwMiY18 | |
| mwmDZhJ+y10aa4rn9TkQQzxGIld6nJCGdyEKNnwPpiYFZuO+H5twpjt687NRU1pC | |
| COckIzyw++MnLK76z/uWj0dhIsnOeDRl4E6nJx7/kQSb7iVGiVej6+1lHhZxBIrC | |
| Sb78Ymp9wBfpTQzXAgMBAAGjggbbMIIG1zAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0l | |
| BAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUgOfNKSyrb1zP | |
| dl9QCcEi5lzPvv8wHwYDVR0jBBgwFoAUmNH4bhDrz5vsYJ8YkBug630J/SswZAYI | |
| KwYBBQUHAQEEWDBWMCcGCCsGAQUFBzABhhtodHRwOi8vb2NzcC5wa2kuZ29vZy9n | |
| dHMxbzEwKwYIKwYBBQUHMAKGH2h0dHA6Ly9wa2kuZ29vZy9nc3IyL0dUUzFPMS5j | |
| cnQwggSdBgNVHREEggSUMIIEkIIMKi5nb29nbGUuY29tgg0qLmFuZHJvaWQuY29t | |
| ghYqLmFwcGVuZ2luZS5nb29nbGUuY29tghIqLmNsb3VkLmdvb2dsZS5jb22CGCou | |
| Y3Jvd2Rzb3VyY2UuZ29vZ2xlLmNvbYIGKi5nLmNvgg4qLmdjcC5ndnQyLmNvbYIR | |
| Ki5nY3BjZG4uZ3Z0MS5jb22CCiouZ2dwaHQuY26CDiouZ2tlY25hcHBzLmNughYq | |
| Lmdvb2dsZS1hbmFseXRpY3MuY29tggsqLmdvb2dsZS5jYYILKi5nb29nbGUuY2yC | |
| DiouZ29vZ2xlLmNvLmlugg4qLmdvb2dsZS5jby5qcIIOKi5nb29nbGUuY28udWuC | |
| DyouZ29vZ2xlLmNvbS5hcoIPKi5nb29nbGUuY29tLmF1gg8qLmdvb2dsZS5jb20u | |
| YnKCDyouZ29vZ2xlLmNvbS5jb4IPKi5nb29nbGUuY29tLm14gg8qLmdvb2dsZS5j | |
| b20udHKCDyouZ29vZ2xlLmNvbS52boILKi5nb29nbGUuZGWCCyouZ29vZ2xlLmVz | |
| ggsqLmdvb2dsZS5mcoILKi5nb29nbGUuaHWCCyouZ29vZ2xlLml0ggsqLmdvb2ds | |
| ZS5ubIILKi5nb29nbGUucGyCCyouZ29vZ2xlLnB0ghIqLmdvb2dsZWFkYXBpcy5j | |
| b22CDyouZ29vZ2xlYXBpcy5jboIRKi5nb29nbGVjbmFwcHMuY26CFCouZ29vZ2xl | |
| Y29tbWVyY2UuY29tghEqLmdvb2dsZXZpZGVvLmNvbYIMKi5nc3RhdGljLmNugg0q | |
| LmdzdGF0aWMuY29tghIqLmdzdGF0aWNjbmFwcHMuY26CCiouZ3Z0MS5jb22CCiou | |
| Z3Z0Mi5jb22CFCoubWV0cmljLmdzdGF0aWMuY29tggwqLnVyY2hpbi5jb22CECou | |
| dXJsLmdvb2dsZS5jb22CEyoud2Vhci5na2VjbmFwcHMuY26CFioueW91dHViZS1u | |
| b2Nvb2tpZS5jb22CDSoueW91dHViZS5jb22CFioueW91dHViZWVkdWNhdGlvbi5j | |
| b22CESoueW91dHViZWtpZHMuY29tggcqLnl0LmJlggsqLnl0aW1nLmNvbYIaYW5k | |
| cm9pZC5jbGllbnRzLmdvb2dsZS5jb22CC2FuZHJvaWQuY29tghtkZXZlbG9wZXIu | |
| YW5kcm9pZC5nb29nbGUuY26CHGRldmVsb3BlcnMuYW5kcm9pZC5nb29nbGUuY26C | |
| BGcuY2+CCGdncGh0LmNuggxna2VjbmFwcHMuY26CBmdvby5nbIIUZ29vZ2xlLWFu | |
| YWx5dGljcy5jb22CCmdvb2dsZS5jb22CD2dvb2dsZWNuYXBwcy5jboISZ29vZ2xl | |
| Y29tbWVyY2UuY29tghhzb3VyY2UuYW5kcm9pZC5nb29nbGUuY26CCnVyY2hpbi5j | |
| b22CCnd3dy5nb28uZ2yCCHlvdXR1LmJlggt5b3V0dWJlLmNvbYIUeW91dHViZWVk | |
| dWNhdGlvbi5jb22CD3lvdXR1YmVraWRzLmNvbYIFeXQuYmUwIQYDVR0gBBowGDAI | |
| BgZngQwBAgIwDAYKKwYBBAHWeQIFAzAvBgNVHR8EKDAmMCSgIqAghh5odHRwOi8v | |
| Y3JsLnBraS5nb29nL0dUUzFPMS5jcmwwggEFBgorBgEEAdZ5AgQCBIH2BIHzAPEA | |
| dwBj8tvN6DvMLM8LcoQnV2szpI1hd4+9daY4scdoVEvYjQAAAW0/pAOeAAAEAwBI | |
| MEYCIQDCyrLt//+wC5kZap7r4QsIU66C+nCF+tcxqUkjnD9MXgIhANZ0wQ6bcuTG | |
| cqpPEdqNvohe/pGJf6HsKyXqIHqBkgSSAHYAdH7agzGtMxCRIZzOJU9CcMK//V5C | |
| IAjGNzV55hB7zFYAAAFtP6QDyAAABAMARzBFAiEA6jE8nuoi/G/q/0Qsox2xmLbs | |
| R/GAWIzL5tfrStazuMsCIBZMKmToRvcwL+Kp1V53QxhWeVZJB53H+Mj8cLSorTYi | |
| MA0GCSqGSIb3DQEBCwUAA4IBAQBn7y1aUxVc+jsfOft0uOn8s+M6LYAnLHoa8O6t | |
| eOhTNgRZ1IVEiwyZRNtptS+wue0yHAyKfYNwkXVcHDkjQZ7ZN1Zzy3FvM8tiHmaf | |
| gieKMPXW2+nKWG8vCiJ7qaXhvMgK//1guTgFptv5Nr58iLkUxec1dRW1agRkfKpL | |
| Kojuz75sP2LOIaxGVrbkW5kGdih+4S9H+5qeNcIqLlemd1dKQlopJT+aQ1DryefA | |
| R3Ua1Zu5SZ0y3AY/bV78AVkSYAQSIzJgmH2aCioPpVNfhXaPknYAeL5iPgx7mTMT | |
| G1fqLndmrSuynOshIiPHoyu2YFJPz4bjN7qGBIN9Iv3jl11S | |
| -----END CERTIFICATE----- | |
| subject=C = US, ST = California, L = Mountain View, O = Google LLC, CN = *.google.com | |
| issuer=C = US, O = Google Trust Services, CN = GTS CA 1O1 | |
| --- | |
| No client certificate CA names sent | |
| Peer signing digest: SHA256 | |
| Peer signature type: RSA-PSS | |
| Server Temp Key: X25519, 253 bits | |
| --- | |
| SSL handshake has read 4177 bytes and written 312 bytes | |
| Verification: OK | |
| --- | |
| New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 | |
| Server public key is 2048 bit | |
| Secure Renegotiation IS NOT supported | |
| Compression: NONE | |
| Expansion: NONE | |
| No ALPN negotiated | |
| Early data was not sent | |
| Verify return code: 0 (ok) | |
| --- | |
| read:errno=0 | |
| SSL3 alert write:warning:close notify |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| openssl s_client -state -connect 216.58.196.174:443 -servername facebook.com -tls1_3 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| CONNECTED(00000003) | |
| SSL_connect:before SSL initialization | |
| SSL_connect:SSLv3/TLS write client hello | |
| SSL_connect:SSLv3/TLS write client hello | |
| SSL_connect:SSLv3/TLS read server hello | |
| SSL_connect:TLSv1.3 read encrypted extensions | |
| depth=2 OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign | |
| verify return:1 | |
| depth=1 C = US, O = Google Trust Services, CN = GTS CA 1O1 | |
| verify return:1 | |
| depth=0 C = US, ST = California, L = Mountain View, O = Google LLC, CN = *.google.com | |
| verify return:1 | |
| SSL_connect:SSLv3/TLS read server certificate | |
| SSL_connect:TLSv1.3 read server certificate verify | |
| SSL_connect:SSLv3/TLS read finished | |
| SSL_connect:SSLv3/TLS write change cipher spec | |
| SSL_connect:SSLv3/TLS write finished | |
| --- | |
| Certificate chain | |
| 0 s:C = US, ST = California, L = Mountain View, O = Google LLC, CN = *.google.com | |
| i:C = US, O = Google Trust Services, CN = GTS CA 1O1 | |
| 1 s:C = US, O = Google Trust Services, CN = GTS CA 1O1 | |
| i:OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign | |
| --- | |
| Server certificate | |
| -----BEGIN CERTIFICATE----- | |
| MIIKEDCCCPigAwIBAgIRAN3ZBLChBcJ1AgAAAABH2HowDQYJKoZIhvcNAQELBQAw | |
| QjELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFUdvb2dsZSBUcnVzdCBTZXJ2aWNlczET | |
| MBEGA1UEAxMKR1RTIENBIDFPMTAeFw0xOTEwMTAyMDU0NDZaFw0yMDAxMDIyMDU0 | |
| NDZaMGYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH | |
| Ew1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgTExDMRUwEwYDVQQDDAwq | |
| Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCm85BO | |
| JdHDM3c0Iupj1OLcqGdBf5GMqQ4IJlbDYiW3Q8KJGfq5U97bNbIUe1KXs/tko3ej | |
| YiGKkkYjnS7h/p9PolqihCtVybiNa8mZgO2yQh3PH2cDnm6zyJmj2ClVqxjkbWs/ | |
| ZDR7/SFmyNE2BwiqaixGRyyzN53zYEeB/Qdsv+cpvDItQ6hzRb4ioObS86gRbNVn | |
| ZD8gcr1B9jLO8IeASMR+kyKbtJjNNTaValx00TLmMjuSpmyrrdWFYBU4nGnMhLhz | |
| xCh5G6NSuNbDBSh2pwnxiQBnqst/X7F4PCHDRzWVCcB2m52VhfI52KTR0HhH4ulu | |
| nJgzllrKBo+pjWFrAgMBAAGjggbbMIIG1zAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0l | |
| BAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUT566EVnzzo3r | |
| UZhIQeINRFV9Uv0wHwYDVR0jBBgwFoAUmNH4bhDrz5vsYJ8YkBug630J/SswZAYI | |
| KwYBBQUHAQEEWDBWMCcGCCsGAQUFBzABhhtodHRwOi8vb2NzcC5wa2kuZ29vZy9n | |
| dHMxbzEwKwYIKwYBBQUHMAKGH2h0dHA6Ly9wa2kuZ29vZy9nc3IyL0dUUzFPMS5j | |
| cnQwggSdBgNVHREEggSUMIIEkIIMKi5nb29nbGUuY29tgg0qLmFuZHJvaWQuY29t | |
| ghYqLmFwcGVuZ2luZS5nb29nbGUuY29tghIqLmNsb3VkLmdvb2dsZS5jb22CGCou | |
| Y3Jvd2Rzb3VyY2UuZ29vZ2xlLmNvbYIGKi5nLmNvgg4qLmdjcC5ndnQyLmNvbYIR | |
| Ki5nY3BjZG4uZ3Z0MS5jb22CCiouZ2dwaHQuY26CDiouZ2tlY25hcHBzLmNughYq | |
| Lmdvb2dsZS1hbmFseXRpY3MuY29tggsqLmdvb2dsZS5jYYILKi5nb29nbGUuY2yC | |
| DiouZ29vZ2xlLmNvLmlugg4qLmdvb2dsZS5jby5qcIIOKi5nb29nbGUuY28udWuC | |
| DyouZ29vZ2xlLmNvbS5hcoIPKi5nb29nbGUuY29tLmF1gg8qLmdvb2dsZS5jb20u | |
| YnKCDyouZ29vZ2xlLmNvbS5jb4IPKi5nb29nbGUuY29tLm14gg8qLmdvb2dsZS5j | |
| b20udHKCDyouZ29vZ2xlLmNvbS52boILKi5nb29nbGUuZGWCCyouZ29vZ2xlLmVz | |
| ggsqLmdvb2dsZS5mcoILKi5nb29nbGUuaHWCCyouZ29vZ2xlLml0ggsqLmdvb2ds | |
| ZS5ubIILKi5nb29nbGUucGyCCyouZ29vZ2xlLnB0ghIqLmdvb2dsZWFkYXBpcy5j | |
| b22CDyouZ29vZ2xlYXBpcy5jboIRKi5nb29nbGVjbmFwcHMuY26CFCouZ29vZ2xl | |
| Y29tbWVyY2UuY29tghEqLmdvb2dsZXZpZGVvLmNvbYIMKi5nc3RhdGljLmNugg0q | |
| LmdzdGF0aWMuY29tghIqLmdzdGF0aWNjbmFwcHMuY26CCiouZ3Z0MS5jb22CCiou | |
| Z3Z0Mi5jb22CFCoubWV0cmljLmdzdGF0aWMuY29tggwqLnVyY2hpbi5jb22CECou | |
| dXJsLmdvb2dsZS5jb22CEyoud2Vhci5na2VjbmFwcHMuY26CFioueW91dHViZS1u | |
| b2Nvb2tpZS5jb22CDSoueW91dHViZS5jb22CFioueW91dHViZWVkdWNhdGlvbi5j | |
| b22CESoueW91dHViZWtpZHMuY29tggcqLnl0LmJlggsqLnl0aW1nLmNvbYIaYW5k | |
| cm9pZC5jbGllbnRzLmdvb2dsZS5jb22CC2FuZHJvaWQuY29tghtkZXZlbG9wZXIu | |
| YW5kcm9pZC5nb29nbGUuY26CHGRldmVsb3BlcnMuYW5kcm9pZC5nb29nbGUuY26C | |
| BGcuY2+CCGdncGh0LmNuggxna2VjbmFwcHMuY26CBmdvby5nbIIUZ29vZ2xlLWFu | |
| YWx5dGljcy5jb22CCmdvb2dsZS5jb22CD2dvb2dsZWNuYXBwcy5jboISZ29vZ2xl | |
| Y29tbWVyY2UuY29tghhzb3VyY2UuYW5kcm9pZC5nb29nbGUuY26CCnVyY2hpbi5j | |
| b22CCnd3dy5nb28uZ2yCCHlvdXR1LmJlggt5b3V0dWJlLmNvbYIUeW91dHViZWVk | |
| dWNhdGlvbi5jb22CD3lvdXR1YmVraWRzLmNvbYIFeXQuYmUwIQYDVR0gBBowGDAI | |
| BgZngQwBAgIwDAYKKwYBBAHWeQIFAzAvBgNVHR8EKDAmMCSgIqAghh5odHRwOi8v | |
| Y3JsLnBraS5nb29nL0dUUzFPMS5jcmwwggEFBgorBgEEAdZ5AgQCBIH2BIHzAPEA | |
| dgCyHgXMi6LNiiBOh2b5K7mKJSBna9r6cOeySVMt74uQXgAAAW23qtRAAAAEAwBH | |
| MEUCIQDtQ54pgum8vzgOOfsLfgclhZ8lA06YzQqQhU5iZB0J9wIgFDDSprpfCnSS | |
| WblJKkhiZtwVKwJ0oC9Gs96HPzxf7HIAdwBep3P531bA57U2SH3QSeAyepGaDISh | |
| EhKEGHWWgXFFWAAAAW23qtRfAAAEAwBIMEYCIQDel4ZWD0N7vy9E6yOVjagIWoF0 | |
| UqOZ7cKbjRil+crGvgIhAKdP1gkPRAwNUY3lZrxz09Qa0sVRTLxh6wBV5HYp7beu | |
| MA0GCSqGSIb3DQEBCwUAA4IBAQCgVTkcWtDxRWlKGM6JflYOpMSUJgNzPXotjm42 | |
| 4pG20owmUiA/lh3gm6lBLX5fY4mM2iboQT60P83XpcIk81TpAojbweYuTvIqFxqg | |
| Uqoafrd7IP0yRzvTcJ3K4sL+vN0IPQ+YbbCrHGqkOWczXRs+QW/lOkDlLcecx8uK | |
| OSQoLHUzDxCmxtlZvfyFTitoWDDQUUbk6rS/6INanr64Ld3BlBFlkp+aHeWsyEZn | |
| 6iTqD0TkudalliEgMWCJT7v9dYxnfXmJcFZ6Ui1ynPkNAhsSWA+ACgG75vq+5XDo | |
| U1ub9YTMJPtH2xf11jRcsNLOuLN1T2se30hRpayL4Is8mVKd | |
| -----END CERTIFICATE----- | |
| subject=C = US, ST = California, L = Mountain View, O = Google LLC, CN = *.google.com | |
| issuer=C = US, O = Google Trust Services, CN = GTS CA 1O1 | |
| --- | |
| No client certificate CA names sent | |
| Peer signing digest: SHA256 | |
| Peer signature type: RSA-PSS | |
| Server Temp Key: X25519, 253 bits | |
| --- | |
| SSL handshake has read 4177 bytes and written 316 bytes | |
| Verification: OK | |
| --- | |
| New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 | |
| Server public key is 2048 bit | |
| Secure Renegotiation IS NOT supported | |
| Compression: NONE | |
| Expansion: NONE | |
| No ALPN negotiated | |
| Early data was not sent | |
| Verify return code: 0 (ok) | |
| --- | |
| Q | |
| DONE | |
| SSL3 alert write:warning:close notify |
The TCP RST comes after the ServerHello.
I do agree with you, it is strange for the censor to adopt such behaviour. I don't think it has been documented before in any context
@fortuna As Kush said, the TCP RST comes after the ServerHello. Just wanted to add that this is also one of the reasons why we used TLS 1.3 (in older versions, they could be relying on the server cert, in which case they would need to wait for the ServerHello).
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In Reliance Jio is using SNI inspection to block websites, you say you receive a TCP RST right after the connection is established.
That must be after the ClientHello is sent, but is it before or after the ServerHello is received?
Your log suggests it's after the ServerHello, since you have the certificate. However, that's a behavior I've never seen before. Usually the censor resets the connection before the ServerHello is received. So I'm interested in making sure that's really the case.
Thanks for sharing the logs!