Output from Python3.5 with OpenSSL 1.0.2g:
>>> ssl.get_server_certificate(('mail.mani.pt', 993), ssl.PROTOCOL_TLSv1)
'-----BEGIN CERTIFICATE-----\nMIIDdDCCAlygAwIBAgIILeR0neMYiyUwDQYJKoZIhvcNAQEFBQAwSzELMAkGA1UE\nBhMCUFQxJTAjBgNVBAoTHE1BTkkgSU5kdXN0cmlhcyBQbGFzdGljYXMgU0ExFTAT\nBgNVBAMTDG1haWwubWFuaS5wdDAeFw0xODAxMjIxNDA3MDVaFw0yMjAxMjMxNDA3\nMDVaMEsxCzAJBgNVBAYTAlBUMSUwIwYDVQQKExxNQU5JIElOZHVzdHJpYXMgUGxh\nc3RpY2FzIFNBMRUwEwYDVQQDEwxtYWlsLm1hbmkucHQwggEiMA0GCSqGSIb3DQEB\nAQUAA4IBDwAwggEKAoIBAQDdSCNqjELZGKgjPf0NAwHmmR6ZUzDpt2HOwA+97DOP\nWwJ5NOYGeJzhM/yw+P/yAWKB8HzJO6CKCfwe4ilEVxcikK7Gj/rVqfzRb+hWTWC9\nr8lPzWCa3siNdf/rieONz2LR0d/Qf8Uml5NFJ3UkJAo5TZbWizjcLO4/mPrVysau\n5S4yE9pW8dkhENs/IVLce5cjn0WwMQvFntX1x303tAlyC362JEInHePxPmGmDDMo\n3sgBYziv90LlsOviJIbpju5/A1P9r0uXzDQmudZZPqlFHjqNXcdprfVyTgg/C4xQ\nE1UbSL8uIW0CVj9TxXp4njaIC/sr97ptJU/86isFveKBAgMBAAGjXDBaMB0GA1Ud\nDgQWBBSt1Z9m+CaYG+nf39Ty0TqabcaE4TALBgNVHQ8EBAMCArwwEwYDVR0lBAww\nCgYIKwYBBQUHAwEwFwYDVR0RBBAwDoIMbWFpbC5tYW5pLnB0MA0GCSqGSIb3DQEB\nBQUAA4IBAQBk7DQ/+1pYE+0yoHNChFVztjjJASQSas6DaPx9FOFYrPhh9lU5NmBy\nHIzMUHTlkgw/OE713+mPRlxegZWceA7akirhaWocQcOCXzeIQKNouMZ/4ktXIoqY\nmdcYVOS2Et+FBBT1+rAA6OMTDftCRPH/19stA7IcwWo+6GVLWIqCk/2lBNNYrZ0V\nMvwxQeeHcCz5HdU2o0ypROvkhG8Er5qGVeHAv+JCj+Q4EERMoDwocwS8eedwqqPe\nLVCWwSqS8SEizDRNZZfOoXT4AJ/L10RLrnz8wtSffoxS2pZMbhHEBr3WhA72v94L\nCDU+vO9t1YN3WpXeRZfKWLw/qEE8b65H\n-----END CERTIFICATE-----\n'
Output from Python3.6 with OpenSSL 1.1.0:
>>> ssl.get_server_certificate(('mail.mani.pt', 993), ssl.PROTOCOL_TLSv1)
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python3.6/ssl.py", line 1223, in get_server_certificate
with context.wrap_socket(sock) as sslsock:
File "/usr/lib/python3.6/ssl.py", line 407, in wrap_socket
_context=self, _session=session)
File "/usr/lib/python3.6/ssl.py", line 814, in __init__
self.do_handshake()
File "/usr/lib/python3.6/ssl.py", line 1068, in do_handshake
self._sslobj.do_handshake()
File "/usr/lib/python3.6/ssl.py", line 689, in do_handshake
self._sslobj.do_handshake()
OSError: [Errno 0] Error
|
It looks like the server is hard-killing the connection. It doesn't respond with a proper TLS error code. Instead the server response to the CLientHello with a FIN/ACK TCP package. The OSError is all we are getting from the network layer.
19:27:20.956332 IP 192.168.7.168.45884 > 195.22.7.222.imaps: Flags [S], seq 4225502143, win 29200, options [mss 1460,sackOK,TS val 2762111573 ecr 0,nop,wscale 7], length 0
19:27:21.007310 IP 195.22.7.222.imaps > 192.168.7.168.45884: Flags [S.], seq 2527363412, ack 4225502144, win 64240, options [mss 1452,nop,wscale 0,nop,nop,TS val 0 ecr 0,nop,nop,sackOK], length 0
19:27:21.007413 IP 192.168.7.168.45884 > 195.22.7.222.imaps: Flags [.], ack 1, win 229, options [nop,nop,TS val 2762111625 ecr 0], length 0
19:27:21.007775 IP 192.168.7.168.45884 > 195.22.7.222.imaps: Flags [P.], seq 1:111, ack 1, win 229, options [nop,nop,TS val 2762111625 ecr 0], length 110
19:27:21.060476 IP 195.22.7.222.imaps > 192.168.7.168.45884: Flags [F.], seq 1, ack 111, win 64130, options [nop,nop,TS val 37305785 ecr 2762111625], length 0
19:27:21.060767 IP 192.168.7.168.45884 > 195.22.7.222.imaps: Flags [F.], seq 111, ack 2, win 229, options [nop,nop,TS val 2762111678 ecr 37305785], length 0
19:27:21.111577 IP 195.22.7.222.imaps > 192.168.7.168.45884: Flags [.], ack 112, win 64130, options [nop,nop,TS val 37305786 ecr 2762111678], length 0
|