Ping a Specific Port

Question

Elliot B.

Asked: 2020-10-24 15:54:46 +0800 CST2020-10-24 15:54:46 +0800 CST 2020-10-24 15:54:46 +0800 CST

TLS handshake stall with Apple push notification service

772

I'm deploying a PHP application on a RHEL7 server. This PHP application sends push notifications to Apple and Google. While testing the push notifications, the notifications sent to Google work fine, but the notifications sent to Apple stall.

After some stack tracing, I boiled the problem down to this command:

openssl s_client -connect gateway.push.apple.com:2195 -cert my-app.pem -debug -showcerts -CAfile apple-corp-entrust-ca.cer

When I run that command on the RHEL7 server, I get this output:

CONNECTED(00000003)
write to 0x131c430 [0x13b0860] (289 bytes => 289 (0x121))
0000 - 16 03 01 01 1c 01 00 01-18 03 03 d3 0b e0 5e a2   ..............^.
0010 - 21 74 1b 25 b4 35 b3 bc-66 6f d2 72 7a 19 5f ba   !t.%.5..fo.rz._.
0020 - 90 be 5d d8 23 70 db 1c-17 1b ff 00 00 ac c0 30   ..].#p.........0
0030 - c0 2c c0 28 c0 24 c0 14-c0 0a 00 a5 00 a3 00 a1   .,.(.$..........
0040 - 00 9f 00 6b 00 6a 00 69-00 68 00 39 00 38 00 37   ...k.j.i.h.9.8.7
0050 - 00 36 00 88 00 87 00 86-00 85 c0 32 c0 2e c0 2a   .6.........2...*
0060 - c0 26 c0 0f c0 05 00 9d-00 3d 00 35 00 84 c0 2f   .&.......=.5.../
0070 - c0 2b c0 27 c0 23 c0 13-c0 09 00 a4 00 a2 00 a0   .+.'.#..........
0080 - 00 9e 00 67 00 40 00 3f-00 3e 00 33 00 32 00 31   ...g.@.?.>.3.2.1
0090 - 00 30 00 9a 00 99 00 98-00 97 00 45 00 44 00 43   .0.........E.D.C
00a0 - 00 42 c0 31 c0 2d c0 29-c0 25 c0 0e c0 04 00 9c   .B.1.-.).%......
[REDACTED]
0100 - 06 02 06 03 05 01 05 02-05 03 04 01 04 02 04 03   ................
0110 - 03 01 03 02 03 03 02 01-02 02 02 03 00 0f 00 01   ................
0120 - 01                                                .
read from 0x131c430 [0x13b5dc0] (7 bytes => 7 (0x7))
0000 - 16 03 03 00 31 02                                 ....1.
0007 - <SPACES/NULS>
read from 0x131c430 [0x13b5dca] (47 bytes => 47 (0x2F))
0000 - 00 2d 03 03 5f 86 59 d8-83 20 d2 41 63 ec 8d 58   .-.._.Y.. .Ac..X
0010 - 5a 99 6c a7 72 74 e5 81-ce 9d 7b b2 17 6b 41 50   Z.l.rt....{..kAP
0020 - 8f 0c 2a a9 00 00 0a 00-00 05 ff 01 00 01         ..*...........
002f - <SPACES/NULS>
read from 0x131c430 [0x13b5dc3] (5 bytes => 5 (0x5))
0000 - 16 03 03 0c 4e                                    ....N
read from 0x131c430 [0x13b5dc8] (3150 bytes => 1309 (0x51D))
0000 - 0b 00 0c 4a 00 0c 47 00-07 3f 30 82 07 3b 30 82   ...J..G..?0..;0.
0010 - 06 23 a0 03 02 01 02 02-11 00 b7 88 e1 63 fb b7   .#...........c..
0020 - 7a 17 00 00 00 00 51 00-5b 6e 30 0d 06 09 2a 86   z.....Q.[n0...*.
0030 - 48 86 f7 0d 01 01 0b 05-00 30 81 ba 31 0b 30 09   H........0..1.0.
0040 - 06 03 55 04 06 13 02 55-53 31 16 30 14 06 03 55   ..U....US1.0...U
0050 - 04 0a 13 0d 45 6e 74 72-75 73 74 2c 20 49 6e 63   ....Entrust, Inc
0060 - 2e 31 28 30 26 06 03 55-04 0b 13 1f 53 65 65 20   .1(0&..U....See
0070 - 77 77 77 2e 65 6e 74 72-75 73 74 2e 6e 65 74 2f   www.entrust.net/
0080 - 6c 65 67 61 6c 2d 74 65-72 6d 73 31 39 30 37 06   legal-terms1907.
0090 - 03 55 04 0b 13 30 28 63-29 20 32 30 31 32 20 45   .U...0(c) 2012 E
00a0 - 6e 74 72 75 73 74 2c 20-49 6e 63 2e 20 2d 20 66   ntrust, Inc. - f
00b0 - 6f 72 20 61 75 74 68 6f-72 69 7a 65 64 20 75 73   or authorized us
00c0 - 65 20 6f 6e 6c 79 31 2e-30 2c 06 03 55 04 03 13   e only1.0,..U...
00d0 - 25 45 6e 74 72 75 73 74-20 43 65 72 74 69 66 69   %Entrust Certifi
00e0 - 63 61 74 69 6f 6e 20 41-75 74 68 6f 72 69 74 79   cation Authority
00f0 - 20 2d 20 4c 31 4b 30 1e-17 0d 32 30 30 33 31 30    - L1K0...200310
0100 - 32 31 32 32 34 31 5a 17-0d 32 32 30 33 31 30 32   212241Z..2203102
0110 - 31 35 32 34 30 5a 30 6c-31 0b 30 09 06 03 55 04   15240Z0l1.0...U.
0120 - 06 13 02 55 53 31 13 30-11 06 03 55 04 08 13 0a   ...US1.0...U....
0130 - 43 61 6c 69 66 6f 72 6e-69 61 31 12 30 10 06 03   California1.0...
0140 - 55 04 07 13 09 43 75 70-65 72 74 69 6e 6f 31 13   U....Cupertino1.
0150 - 30 11 06 03 55 04 0a 13-0a 41 70 70 6c 65 20 49   0...U....Apple I
0160 - 6e 63 2e 31 1f 30 1d 06-03 55 04 03 13 16 67 61   nc.1.0...U....ga
0170 - 74 65 77 61 79 2e 70 75-73 68 2e 61 70 70 6c 65   teway.push.apple
0180 - 2e 63 6f 6d 30 82 01 22-30 0d 06 09 2a 86 48 86   .com0.."0...*.H.
0190 - f7 0d 01 01 01 05 00 03-82 01 0f 00 30 82 01 0a   ............0...
01a0 - 02 82 01 01 00 b0 46 48-5f 62 55 34 f2 67 e8 3c   ......FH_bU4.g.<
01b0 - 26 9e 33 fd b0 87 ee 32-2c 95 d6 5a 6c 29 f2 e9   &.3....2,..Zl)..
01c0 - d9 ea ac bd 44 fd df dd-3f 20 c4 8b 89 06 1d af   ....D...? ......
01d0 - 1d c5 eb 00 f3 d0 1e 9b-2b 8d 53 3b 9c 3f d9 df   ........+.S;.?..
01e0 - 18 1a e2 71 9e c1 91 de-e9 0b e3 8e 35 35 84 31   ...q........55.1
01f0 - 78 0e f2 6f be e1 ae 12-41 78 61 48 f8 97 01 e1   x..o....AxaH....
0200 - ef f6 e2 6b 8b dc 7c 6f-d8 f9 e7 70 ee bd 0c ef   ...k..|o...p....
0210 - 08 1c fb fe 5f c9 05 90-9c 73 33 03 22 54 27 5e   ...._....s3."T'^
0220 - 18 a1 a2 74 94 4d 65 73-da d5 be 40 6b d8 d1 eb   ...t.Mes...@k...
0230 - 2e c0 68 40 f8 63 f2 7e-d9 e4 be 7b 5a c5 1c 05   [email protected].~...{Z...
0240 - f3 f8 49 a9 3a 19 6a ce-44 1d f6 62 c4 dc 2f 86   ..I.:.j.D..b../.
0250 - d0 c4 1e 2e d1 43 3a d1-b9 a6 ce 22 dc d6 cd 54   .....C:...."...T
0260 - fb d1 2e d4 d6 f9 34 92-71 a2 a3 d4 27 03 46 17   ......4.q...'.F.
0270 - c1 7b 71 b9 1c 52 e7 dd-dd 84 2b bf f5 fb 70 97   .{q..R....+...p.
0280 - 47 4c 4f fc 33 3a c4 fe-30 65 c0 37 8b 81 e6 23   GLO.3:..0e.7...#
0290 - cd a0 31 8e 05 28 e5 ea-27 b1 84 a7 9e bb d9 24   ..1..(..'......$
02a0 - a5 76 9c 21 27 02 03 01-00 01 a3 82 03 87 30 82   .v.!'.........0.
02b0 - 03 83 30 21 06 03 55 1d-11 04 1a 30 18 82 16 67   ..0!..U....0...g
02c0 - 61 74 65 77 61 79 2e 70-75 73 68 2e 61 70 70 6c   ateway.push.appl
02d0 - 65 2e 63 6f 6d 30 82 01-f6 06 0a 2b 06 01 04 01   e.com0.....+....
02e0 - d6 79 02 04 02 04 82 01-e6 04 82 01 e2 01 e0 00   .y..............
02f0 - 77 00 87 75 bf e7 59 7c-f8 8c 43 99 5f bd f3 6e   w..u..Y|..C._..n
0300 - ff 56 8d 47 56 36 ff 4a-b5 60 c1 b4 ea ff 5e a0   .V.GV6.J.`....^.
0310 - 83 0f 00 00 01 70 c6 6f-86 02 00 00 04 03 00 48   .....p.o.......H
0320 - 30 46 02 21 00 dc ce a9-b9 a7 b3 43 15 ec a2 de   0F.!.......C....
0330 - 10 90 4b 88 d0 72 64 31-ed fc af 5b b9 ff 10 75   ..K..rd1...[...u
0340 - d0 13 08 60 a6 02 21 00-da d6 06 b7 90 28 43 b7   ...`..!......(C.
0350 - f6 94 b5 5c a0 e7 47 e4-79 82 66 ed 17 ca 36 52   ...\..G.y.f...6R
0360 - 33 f0 c7 07 36 de f4 81-00 76 00 55 81 d4 c2 16   3...6....v.U....
0370 - 90 36 01 4a ea 0b 9b 57-3c 53 f0 c0 e4 38 78 70   .6.J...W<S...8xp
0380 - 25 08 17 2f a3 aa 1d 07-13 d3 0c 00 00 01 70 c6   %../..........p.
0390 - 6f 86 0e 00 00 04 03 00-47 30 45 02 21 00 b3 a6   o.......G0E.!...
03a0 - 19 96 74 2e eb d2 a1 57-fb 4f 14 3f bb c6 75 ec   ..t....W.O.?..u.
03b0 - 85 8e e8 19 4f 21 53 aa-e9 1c 78 07 3c 79 02 20   ....O!S...x.<y.
03c0 - 1b e7 96 1d 29 c5 74 72-db 14 fc b1 c3 5c 59 7e   ....).tr.....\Y~
03d0 - 27 df 89 aa bf 22 ed c9-fc 1f ea 1e 65 dc 2f 8c   '...."......e./.
03e0 - 00 76 00 56 14 06 9a 2f-d7 c2 ec d3 f5 e1 bd 44   .v.V.../.......D
03f0 - b2 3e c7 46 76 b9 bc 99-11 5c c0 ef 94 98 55 d6   .>.Fv....\....U.
0400 - 89 d0 dd 00 00 01 70 c6-6f 86 35 00 00 04 03 00   ......p.o.5.....
0410 - 47 30 45 02 20 5a 30 3b-d3 7d 59 48 ba f1 d1 44   G0E. Z0;.}YH...D
0420 - a1 db 13 13 b1 90 1e f0-04 77 7e e6 27 64 40 13   .........w~.'d@.
0430 - 79 a1 7e 5b 98 02 21 00-f3 8d da fa e5 43 44 3e   y.~[..!......CD>
0440 - a5 d6 74 7e 64 3f 6a b1-aa 8b a6 77 5c 21 05 72   ..t~d?j....w\!.r
0450 - db 68 46 a0 c3 ac 71 ec-00 75 00 bb d9 df bc 1f   .hF...q..u......
0460 - 8a 71 b5 93 94 23 97 aa-92 7b 47 38 57 95 0a ab   .q...#...{G8W...
0470 - 52 e8 1a 90 96 64 36 8e-1e d1 85 00 00 01 70 c6   R....d6.......p.
0480 - 6f 86 09 00 00 04 03 00-46 30 44 02 20 7f 04 1c   o.......F0D. ...
0490 - 38 f2 4a c7 0b e4 f0 7e-81 72 b9 c4 de 9a 64 93   8.J....~.r....d.
04a0 - cb 2b 67 35 c0 ac ad e5-5f 99 24 ed fc 02 20 20   .+g5...._.$...
04b0 - c9 0b 95 03 a1 78 46 0c-78 27 30 22 01 18 85 a1   .....xF.x'0"....
04c0 - 91 5d db c8 f8 97 3c 0a-c7 71 3d ef 9c 85 d9 30   .]....<..q=....0
04d0 - 0e 06 03 55 1d 0f 01 01-ff 04 04 03 02 05 a0 30   ...U...........0
04e0 - 1d 06 03 55 1d 25 04 16-30 14 06 08 2b 06 01 05   ...U.%..0...+...
04f0 - 05 07 03 01 06 08 2b 06-01 05 05 07 03 02 30 33   ......+.......03
0500 - 06 03 55 1d 1f 04 2c 30-2a 30 28 a0 26 a0 24 86   ..U...,0*0(.&.$.
0510 - 22 68 74 74 70 3a 2f 2f-63 72 6c 2e 65            "http://crl.e

It just abruptly hangs there and won't exit until I break it with Ctrl + C.

If I run that same command again, but with strace, I can see that it's stalling on a read:

write(1, "04f0 - 05 07 03 01 06 08 2b 06-0"..., 7404f0 - 05 07 03 01 06 08 2b 06-01 05 05 07 03 02 30 33   ......+.......03
) = 74
write(1, "0500 - 06 03 55 1d 1f 04 2c 30-2"..., 740500 - 06 03 55 1d 1f 04 2c 30-2a 30 28 a0 26 a0 24 86   ..U...,0*0(.&.$.
) = 74
write(1, "0510 - 22 68 74 74 70 3a 2f 2f-6"..., 710510 - 22 68 74 74 70 3a 2f 2f-63 72 6c 2e 65            "http://crl.e
) = 71
read(3,

And if I run lsof to try to see what it might be trying to read from, I find that the connection to Apple's push notification gateway is held open:

[root@server tmp]# lsof -i |grep 50959
openssl    50959     root    3u  IPv4 66423526      0t0  TCP server:35868->17.188.142.28:2195 (ESTABLISHED)
[root@server tmp]#

And if I run tcpdump -n -v -i ens192 |grep 17.188 before issuing the openssl command, this is what I'm seeing:

[root@icist4med-101 ~]# tcpdump -n -v -i ens192 |grep 17.188
tcpdump: listening on ens192, link-type EN10MB (Ethernet), capture size 262144 bytes
    10.221.40.80.domain > 10.220.12.91.44867: 19585 9/0/0 gateway.push.apple.com. CNAME gateway.push-apple.com.akadns.net., gateway.push-apple.com.akadns.net. A 17.188.141.156, gateway.push-apple.com.akadns.net. A 17.188.133.22, gateway.push-apple.com.akadns.net. A 17.188.133.27, gateway.push-apple.com.akadns.net. A 17.188.142.28, gateway.push-apple.com.akadns.net. A 17.188.138.28, gateway.push-apple.com.akadns.net. A 17.188.129.31, gateway.push-apple.com.akadns.net. A 17.188.135.187, gateway.push-apple.com.akadns.net. A 17.188.128.151 (215)
    10.220.12.91.41638 > 17.188.141.156.2195: Flags [S], cksum 0xb6bd (incorrect -> 0xee8f), seq 1118889121, win 29200, options [mss 1460,sackOK,TS val 178672543 ecr 0,nop,wscale 7], length 0
    17.188.141.156.2195 > 10.220.12.91.41638: Flags [S.], cksum 0xe937 (correct), seq 1970967924, ack 1118889122, win 28960, options [mss 1380,sackOK,TS val 906347922 ecr 178672543,nop,wscale 7], length 0
    10.220.12.91.41638 > 17.188.141.156.2195: Flags [.], cksum 0xb6b5 (incorrect -> 0x86dc), ack 1, win 229, options [nop,nop,TS val 178672818 ecr 906347922], length 0
    10.221.40.80.domain > 10.220.12.91.33340: 38311 9/0/0 gateway.push.apple.com. CNAME gateway.push-apple.com.akadns.net., gateway.push-apple.com.akadns.net. A 17.188.133.27, gateway.push-apple.com.akadns.net. A 17.188.142.28, gateway.push-apple.com.akadns.net. A 17.188.138.28, gateway.push-apple.com.akadns.net. A 17.188.129.31, gateway.push-apple.com.akadns.net. A 17.188.135.187, gateway.push-apple.com.akadns.net. A 17.188.128.151, gateway.push-apple.com.akadns.net. A 17.188.141.156, gateway.push-apple.com.akadns.net. A 17.188.133.22 (215)
    10.220.12.91.41638 > 17.188.141.156.2195: Flags [P.], cksum 0xb7d6 (incorrect -> 0x66c2), seq 1:290, ack 1, win 229, options [nop,nop,TS val 178672821 ecr 906347922], length 289
    17.188.141.156.2195 > 10.220.12.91.41638: Flags [.], cksum 0x849c (correct), ack 290, win 235, options [nop,nop,TS val 906348200 ecr 178672821], length 0
    17.188.141.156.2195 > 10.220.12.91.41638: Flags [.], cksum 0xb9f7 (correct), seq 1:1369, ack 290, win 235, options [nop,nop,TS val 906348200 ecr 178672821], length 1368
    10.220.12.91.41638 > 17.188.141.156.2195: Flags [.], cksum 0xb6b5 (incorrect -> 0x7e20), ack 1369, win 251, options [nop,nop,TS val 178673097 ecr 906348200], length 0

A lot of incorrect checksums, but perhaps that's because of TCP checksum offloading and not actually indicative of a problem. I'm not certain.

If I run that same openssl command on another server (different network) where the PHP application is known to successfully dispatch push notifications, I get this response:

CONNECTED(00000003)
write to 0xe23ba0 [0xe23c20] (247 bytes => 247 (0xF7))
0000 - 16 03 01 00 f2 01 00 00-ee 03 03 5f 86 58 3b 83   ..........._.X;.
0010 - 28 3b d6 d4 58 8e 8e 48-ad e0 d4 d9 f9 fd 70 83   (;..X..H......p.
0020 - b2 f7 cf 80 9b d1 2a 80-df cc 31 00 00 84 c0 30   ......*...1....0
0030 - c0 2c c0 28 c0 24 c0 14-c0 0a 00 a3 00 9f 00 6b   .,.(.$.........k
0040 - 00 6a 00 39 00 38 00 88-00 87 c0 32 c0 2e c0 2a   .j.9.8.....2...*
0050 - c0 26 c0 0f c0 05 00 9d-00 3d 00 35 00 84 c0 2f   .&.......=.5.../
0060 - c0 2b c0 27 c0 23 c0 13-c0 09 00 a2 00 9e 00 67   .+.'.#.........g
0070 - 00 40 00 33 00 32 00 9a-00 99 00 45 00 44 c0 31   [email protected]
0080 - c0 2d c0 29 c0 25 c0 0e-c0 04 00 9c 00 3c 00 2f   .-.).%.......<./
0090 - 00 96 00 41 c0 12 c0 08-00 16 00 13 c0 0d c0 03   ...A............
00a0 - 00 0a 00 07 c0 11 c0 07-c0 0c c0 02 00 05 00 04   ................
00b0 - 00 ff 01 00 00 41 00 0b-00 04 03 00 01 02 00 0a   .....A..........
00c0 - 00 08 00 06 00 19 00 18-00 17 00 23 00 00 00 0d   ...........#....
00d0 - 00 20 00 1e 06 01 06 02-06 03 05 01 05 02 05 03   . ..............
00e0 - 04 01 04 02 04 03 03 01-03 02 03 03 02 01 02 02   ................
00f0 - 02 03 00 0f 00 01 01                              .......
read from 0xe23ba0 [0xe29180] (7 bytes => 7 (0x7))
0000 - 16 03 03 00 31 02                                 ....1.
0007 - <SPACES/NULS>
read from 0xe23ba0 [0xe2918a] (47 bytes => 47 (0x2F))
0000 - 00 2d 03 03 5f 86 58 3c-d6 84 42 25 3c 4b e3 3a   .-.._.X<..B%<K.:
0010 - 87 29 1f ca ed 3b 29 eb-f3 8c b7 84 67 48 1f 56   .)...;).....gH.V
0020 - 0f 8c 56 86 00 00 0a 00-00 05 ff 01 00 01         ..V...........
002f - <SPACES/NULS>
read from 0xe23ba0 [0xe29183] (5 bytes => 5 (0x5))
0000 - 16 03 03 0c 4e                                    ....N
read from 0xe23ba0 [0xe29188] (3150 bytes => 3150 (0xC4E))
0000 - 0b 00 0c 4a 00 0c 47 00-07 3f 30 82 07 3b 30 82   ...J..G..?0..;0.
0010 - 06 23 a0 03 02 01 02 02-11 00 b7 88 e1 63 fb b7   .#...........c..
0020 - 7a 17 00 00 00 00 51 00-5b 6e 30 0d 06 09 2a 86   z.....Q.[n0...*.
0030 - 48 86 f7 0d 01 01 0b 05-00 30 81 ba 31 0b 30 09   H........0..1.0.
0040 - 06 03 55 04 06 13 02 55-53 31 16 30 14 06 03 55   ..U....US1.0...U
0050 - 04 0a 13 0d 45 6e 74 72-75 73 74 2c 20 49 6e 63   ....Entrust, Inc
0060 - 2e 31 28 30 26 06 03 55-04 0b 13 1f 53 65 65 20   .1(0&..U....See
0070 - 77 77 77 2e 65 6e 74 72-75 73 74 2e 6e 65 74 2f   www.entrust.net/
0080 - 6c 65 67 61 6c 2d 74 65-72 6d 73 31 39 30 37 06   legal-terms1907.
0090 - 03 55 04 0b 13 30 28 63-29 20 32 30 31 32 20 45   .U...0(c) 2012 E
[REDACTED]
0280 - 47 4c 4f fc 33 3a c4 fe-30 65 c0 37 8b 81 e6 23   GLO.3:..0e.7...#
0290 - cd a0 31 8e 05 28 e5 ea-27 b1 84 a7 9e bb d9 24   ..1..(..'......$
02a0 - a5 76 9c 21 27 02 03 01-00 01 a3 82 03 87 30 82   .v.!'.........0.
02b0 - 03 83 30 21 06 03 55 1d-11 04 1a 30 18 82 16 67   ..0!..U....0...g
02c0 - 61 74 65 77 61 79 2e 70-75 73 68 2e 61 70 70 6c   ateway.push.appl
02d0 - 65 2e 63 6f 6d 30 82 01-f6 06 0a 2b 06 01 04 01   e.com0.....+....
02e0 - d6 79 02 04 02 04 82 01-e6 04 82 01 e2 01 e0 00   .y..............
02f0 - 77 00 87 75 bf e7 59 7c-f8 8c 43 99 5f bd f3 6e   w..u..Y|..C._..n
0300 - ff 56 8d 47 56 36 ff 4a-b5 60 c1 b4 ea ff 5e a0   .V.GV6.J.`....^.
0310 - 83 0f 00 00 01 70 c6 6f-86 02 00 00 04 03 00 48   .....p.o.......H
0320 - 30 46 02 21 00 dc ce a9-b9 a7 b3 43 15 ec a2 de   0F.!.......C....
0330 - 10 90 4b 88 d0 72 64 31-ed fc af 5b b9 ff 10 75   ..K..rd1...[...u
0340 - d0 13 08 60 a6 02 21 00-da d6 06 b7 90 28 43 b7   ...`..!......(C.
0350 - f6 94 b5 5c a0 e7 47 e4-79 82 66 ed 17 ca 36 52   ...\..G.y.f...6R
[REDACTED]
0500 - 06 03 55 1d 1f 04 2c 30-2a 30 28 a0 26 a0 24 86   ..U...,0*0(.&.$.
0510 - 22 68 74 74 70 3a 2f 2f-63 72 6c 2e 65 6e 74 72   "http://crl.entr
0520 - 75 73 74 2e 6e 65 74 2f-6c 65 76 65 6c 31 6b 2e   ust.net/level1k.
0530 - 63 72 6c 30 4b 06 03 55-1d 20 04 44 30 42 30 36   crl0K..U. .D0B06
0540 - 06 0a 60 86 48 01 86 fa-6c 0a 01 05 30 28 30 26   ..`.H...l...0(0&
0550 - 06 08 2b 06 01 05 05 07-02 01 16 1a 68 74 74 70   ..+.........http
0560 - 3a 2f 2f 77 77 77 2e 65-6e 74 72 75 73 74 2e 6e   ://www.entrust.n
0570 - 65 74 2f 72 70 61 30 08-06 06 67 81 0c 01 02 02   et/rpa0...g.....
0580 - 30 68 06 08 2b 06 01 05-05 07 01 01 04 5c 30 5a   0h..+........\0Z
0590 - 30 23 06 08 2b 06 01 05-05 07 30 01 86 17 68 74   0#..+.....0...ht
05a0 - 74 70 3a 2f 2f 6f 63 73-70 2e 65 6e 74 72 75 73   tp://ocsp.entrus
05b0 - 74 2e 6e 65 74 30 33 06-08 2b 06 01 05 05 07 30   t.net03..+.....0
05c0 - 02 86 27 68 74 74 70 3a-2f 2f 61 69 61 2e 65 6e   ..'http://aia.en
05d0 - 74 72 75 73 74 2e 6e 65-74 2f 6c 31 6b 2d 63 68   trust.net/l1k-ch
05e0 - 61 69 6e 32 35 36 2e 63-65 72 30 1f 06 03 55 1d   ain256.cer0...U.
05f0 - 23 04 18 30 16 80 14 82-a2 70 74 dd bc 53 3f cf   #..0.....pt..S?.
[REDACTED]
0a50 - ff 02 01 00 30 33 06 08-2b 06 01 05 05 07 01 01   ....03..+.......
0a60 - 04 27 30 25 30 23 06 08-2b 06 01 05 05 07 30 01   .'0%0#..+.....0.
0a70 - 86 17 68 74 74 70 3a 2f-2f 6f 63 73 70 2e 65 6e   ..http://ocsp.en
0a80 - 74 72 75 73 74 2e 6e 65-74 30 32 06 03 55 1d 1f   trust.net02..U..
0a90 - 04 2b 30 29 30 27 a0 25-a0 23 86 21 68 74 74 70   .+0)0'.%.#.!http
0aa0 - 3a 2f 2f 63 72 6c 2e 65-6e 74 72 75 73 74 2e 6e   ://crl.entrust.n
0ab0 - 65 74 2f 32 30 34 38 63-61 2e 63 72 6c 30 3b 06   et/2048ca.crl0;.
0ac0 - 03 55 1d 20 04 34 30 32-30 30 06 04 55 1d 20 00   .U. .40200..U. .
0ad0 - 30 28 30 26 06 08 2b 06-01 05 05 07 02 01 16 1a   0(0&..+.........
0ae0 - 68 74 74 70 3a 2f 2f 77-77 77 2e 65 6e 74 72 75   http://www.entru
0af0 - 73 74 2e 6e 65 74 2f 72-70 61 30 1d 06 03 55 1d   st.net/rpa0...U.
0b00 - 0e 04 16 04 14 82 a2 70-74 dd bc 53 3f cf 7b d4   .......pt..S?.{.
0b10 - f7 cd 7f a7 60 c6 0a 4c-bf 30 1f 06 03 55 1d 23   ....`..L.0...U.#
[REDACTED]
0c00 - 05 80 58 0b c5 de 74 28-81 83 08 84 d0 c8 46 5a   ..X...t(......FZ
0c10 - fe 8a c6 bd a9 0e 3b 64-78 6d 26 dc 3c 4c f7 81   ......;dxm&.<L..
0c20 - 5c 3c 11 7f 25 3a 93 62-a5 a3 91 05 25 23 73 b4   \<..%:.b....%#s.
0c30 - cd ce cc 39 a4 03 78 30-66 46 5e a9 75 b0 b4 67   ...9..x0fF^.u..g
0c40 - 03 a9 b1 9f 57 f0 d3 76-cf e1 93 e8 80 a2         ....W..v......
depth=2 O = Entrust.net, OU = www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU = (c) 1999 Entrust.net Limited, CN = Entrust.net Certification Authority (2048)
verify return:1
depth=1 C = US, O = "Entrust, Inc.", OU = See www.entrust.net/legal-terms, OU = "(c) 2012 Entrust, Inc. - for authorized use only", CN = Entrust Certification Authority - L1K
verify return:1
depth=0 C = US, ST = California, L = Cupertino, O = Apple Inc., CN = gateway.push.apple.com
verify return:1
read from 0xe23ba0 [0xe29183] (5 bytes => 5 (0x5))
0000 - 16 03 03 03 8e                                    .....
read from 0xe23ba0 [0xe29188] (910 bytes => 910 (0x38E))
0000 - 0d 00 03 8a 02 01 40 00-12 04 03 08 04 04 01 05   ......@.........
0010 - 03 08 05 05 01 08 06 06-01 02 01 03 71 00 64 30   ............q.d0
0020 - 62 31 0b 30 09 06 03 55-04 06 13 02 55 53 31 13   b1.0...U....US1.
0030 - 30 11 06 03 55 04 0a 13-0a 41 70 70 6c 65 20 49   0...U....Apple I
0040 - 6e 63 2e 31 26 30 24 06-03 55 04 0b 13 1d 41 70   nc.1&0$..U....Ap
0050 - 70 6c 65 20 43 65 72 74-69 66 69 63 61 74 69 6f   ple Certificatio
0060 - 6e 20 41 75 74 68 6f 72-69 74 79 31 16 30 14 06   n Authority1.0..
0070 - 03 55 04 03 13 0d 41 70-70 6c 65 20 52 6f 6f 74   .U....Apple Root
0080 - 20 43 41 00 8f 30 81 8c-31 40 30 3e 06 03 55 04    CA..0..1@0>..U.
0090 - 03 0c 37 41 70 70 6c 65-20 41 70 70 6c 69 63 61   ..7Apple Applica
00a0 - 74 69 6f 6e 20 49 6e 74-65 67 72 61 74 69 6f 6e   tion Integration
[REDACTED]
0310 - 53 31 13 30 11 06 03 55-04 0a 0c 0a 41 70 70 6c   S1.0...U....Appl
0320 - 65 20 49 6e 63 2e 31 26-30 24 06 03 55 04 0b 0c   e Inc.1&0$..U...
0330 - 1d 41 70 70 6c 65 20 43-65 72 74 69 66 69 63 61   .Apple Certifica
0340 - 74 69 6f 6e 20 41 75 74-68 6f 72 69 74 79 31 3e   tion Authority1>
0350 - 30 3c 06 03 55 04 03 0c-35 41 70 70 6c 65 20 41   0<..U...5Apple A
0360 - 70 70 6c 69 63 61 74 69-6f 6e 20 49 6e 74 65 67   pplication Integ
0370 - 72 61 74 69 6f 6e 20 43-65 72 74 69 66 69 63 61   ration Certifica
0380 - 74 69 6f 6e 20 41 75 74-68 6f 72 69 74 79         tion Authority
read from 0xe23ba0 [0xe29183] (5 bytes => 5 (0x5))
0000 - 16 03 03 00 04                                    .....
read from 0xe23ba0 [0xe29188] (4 bytes => 4 (0x4))
0000 - 0e                                                .
0004 - <SPACES/NULS>
write to 0xe23ba0 [0xe33a90] (1675 bytes => 1675 (0x68B))
0000 - 16 03 03 06 86 0b 00 06-82 00 06 7f 00 06 7c 30   ..............|0
0010 - 82 06 78 30 82 05 60 a0-03 02 01 02 02 08 49 bd   ..x0..`.......I.
0020 - a1 b6 49 48 71 87 30 0d-06 09 2a 86 48 86 f7 0d   ..IHq.0...*.H...
0030 - 01 01 0b 05 00 30 81 96-31 0b 30 09 06 03 55 04   .....0..1.0...U.
0040 - 06 13 02 55 53 31 13 30-11 06 03 55 04 0a 0c 0a   ...US1.0...U....
0050 - 41 70 70 6c 65 20 49 6e-63 2e 31 2c 30 2a 06 03   Apple Inc.1,0*..
0060 - 55 04 0b 0c 23 41 70 70-6c 65 20 57 6f 72 6c 64   U...#Apple World
0070 - 77 69 64 65 20 44 65 76-65 6c 6f 70 65 72 20 52   wide Developer R
0080 - 65 6c 61 74 69 6f 6e 73-31 44 30 42 06 03 55 04   elations1D0B..U.
0090 - 03 0c 3b 41 70 70 6c 65-20 57 6f 72 6c 64 77 69   ..;Apple Worldwi
00a0 - 64 65 20 44 65 76 65 6c-6f 70 65 72 20 52 65 6c   de Developer Rel
00b0 - 61 74 69 6f 6e 73 20 43-65 72 74 69 66 69 63 61   ations Certifica
[REDACTED]
01a0 - 30 09 06 03 55 04 06 13-02 55 53 30 82 01 22 30   0...U....US0.."0
01b0 - 0d 06 09 2a 86 48 86 f7-0d 01 01 01 05 00 03 82   ...*.H..........
01c0 - 01 0f 00 30 82 01 0a 02-82 01 01 00 db 2f 0b a8   ...0........./..
01d0 - 80 c2 c5 1e 31 c0 2b d5-2a 05 f9 d9 4a 28 c9 6c   ....1.+.*...J(.l
01e0 - e7 9f bd 1d 07 7e e7 66-9d c5 bd 34 ad 02 b8 94   .....~.f...4....
01f0 - 0c a8 b3 cf 01 0e 82 40-c0 e8 10 06 9e 93 ba e8   .......@........
0200 - 07 d9 c0 99 4d b5 14 c3-f5 48 27 9b 86 c9 cc 69   ....M....H'.....
02f0 - 30 16 80 14 88 27 17 09-a9 b6 18 60 8b ec eb ba   0....'.....`....
0300 - f6 47 59 c5 52 54 a3 b7-30 82 01 1c 06 03 55 1d   .GY.RT..0.....U.
0310 - 20 04 82 01 13 30 82 01-0f 30 82 01 0b 06 09 2a    ....0...0.....*
0320 - 86 48 86 f7 63 64 05 01-30 81 fd 30 81 c3 06 08   .H..cd..0..0....
0330 - 2b 06 01 05 05 07 02 02-30 81 b6 0c 81 b3 52 65   +.......0.....Re
0340 - 6c 69 61 6e 63 65 20 6f-6e 20 74 68 69 73 20 63   liance on this c
0350 - 65 72 74 69 66 69 63 61-74 65 20 62 79 20 61 6e   ertificate by an
0360 - 79 20 70 61 72 74 79 20-61 73 73 75 6d 65 73 20   y party assumes
0370 - 61 63 63 65 70 74 61 6e-63 65 20 6f 66 20 74 68   acceptance of th
0380 - 65 20 74 68 65 6e 20 61-70 70 6c 69 63 61 62 6c   e then applicabl
0390 - 65 20 73 74 61 6e 64 61-72 64 20 74 65 72 6d 73   e standard terms
03a0 - 20 61 6e 64 20 63 6f 6e-64 69 74 69 6f 6e 73 20    and conditions
03b0 - 6f 66 20 75 73 65 2c 20-63 65 72 74 69 66 69 63   of use, certific
03c0 - 61 74 65 20 70 6f 6c 69-63 79 20 61 6e 64 20 63   ate policy and c
03d0 - 65 72 74 69 66 69 63 61-74 69 6f 6e 20 70 72 61   ertification pra
[REDACTED]
0650 - ac 24 4f 32 ce 72 0a 3b-a6 dd 6a d3 7b a2 d9 b5   .$O2.r.;..j.{...
0660 - bd 15 82 ae 41 78 bb 35-a4 85 85 09 55 2d 17 63   ....Ax.5....U-.c
0670 - 34 75 b9 27 b4 51 05 6b-56 70 d4 72 41 48 57 5c   4u.'.Q.kVp.rAHW\
0680 - a2 53 45 2c ff 6b 1d ab-7b 60 2f                  .SE,.k..{`/
write to 0xe23ba0 [0xe33a90] (267 bytes => 267 (0x10B))
0000 - 16 03 03 01 06 10 00 01-02 01 00 86 64 43 63 25   ............dCc%
0010 - 95 af 01 b9 6f 70 db af-c8 6a 4f 8b 9d 34 b9 2d   ....op...jO..4.-
0020 - 70 9c b2 28 5d f3 ae c4-8d a6 18 6f b6 36 f3 c2   p..(]......o.6..
0030 - 4a 93 b0 af 0c 3d 2a 80-5a 42 49 4a 86 b6 20 51   J....=*.ZBIJ.. Q
[REDACTED]
00d0 - ca 56 29 64 cb 59 c1 c2-3c 6d 97 b7 10 fa 1a 3f   .V)d.Y..<m.....?
00e0 - 3c f5 41 d1 c1 10 5f 90-24 71 ff a0 b1 9a 3e 7c   <.A..._.$q....>|
00f0 - 34 dc e6 2f 9a 9b 06 d7-7e 11 2a 19 21 b8 14 56   4../....~.*.!..V
0100 - c3 50 b6 e5 1f aa d5 f4-58 6b ff                  .P......Xk.
write to 0xe23ba0 [0xe33a90] (269 bytes => 269 (0x10D))
0000 - 16 03 03 01 08 0f 00 01-04 04 01 01 00 60 f6 c6   .............`..
0010 - ee cc 4a fc 31 8e 72 25-bb 7a a5 e7 4c 85 7c 92   ..J.1.r%.z..L.|.
0020 - 34 81 09 2e 49 5d b5 5d-79 14 ee ac 52 94 30 d7   4...I].]y...R.0.
0030 - 9d b3 f2 9d ff 16 7d df-49 1f df d8 6b 02 08 a9   ......}.I...k...
0040 - ee cd 28 08 49 c5 42 81-8a fb 49 94 e1 4d 9d 49   ..(.I.B...I..M.I
0050 - f9 5c 94 c4 26 2e c1 cb-02 c0 8a f0 62 f2 f5 40   .\..&.......b..@
0060 - 9b 16 ca f3 28 90 17 98-d0 30 75 c1 54 db 10 2d   ....(....0u.T..-
0070 - b7 69 2f 34 0c 09 f7 11-de 5f e4 d9 d3 0a 61 7e   .i/4....._....a~
0080 - f7 54 ce a4 a3 1e 31 ab-39 2b 73 4b 98 3e 09 de   .T....1.9+sK.>..
0090 - 4b 8f 7d 54 fe f2 3e 0f-13 02 5c 68 45 39 bb 37   K.}T..>...\hE9.7
00a0 - ac c8 1c 8d 71 3f 53 84-90 1e f4 f5 c8 5e a7 94   ....q?S......^..
00b0 - df 7a e7 ae 33 88 46 45-a5 2d 55 dd 31 30 d5 d7   .z..3.FE.-U.10..
00c0 - c8 81 3e 2f 2e 6d 1d 43-4a c0 fc 9a fa ff 22 8e   ..>/.m.CJ.....".
00d0 - 69 e3 04 6c 71 68 42 41-c5 d0 7f 88 56 7a 33 06   i..lqhBA....Vz3.
00e0 - df 4e 72 bb dc 46 af f3-0d 71 4e 56 b5 c5 8f 1b   .Nr..F...qNV....
00f0 - d4 cc 50 ad 7b d1 01 1d-2f 94 a7 94 a1 1a a4 4a   ..P.{.../......J
0100 - 45 f5 23 93 0e 27 86 bf-ae df 4d 75 67            E.#..'....Mug
write to 0xe23ba0 [0xe33a90] (6 bytes => 6 (0x6))
0000 - 14 03 03 00 01 01                                 ......
write to 0xe23ba0 [0xe33a90] (53 bytes => 53 (0x35))
0000 - 16 03 03 00 30 f8 09 df-92 00 0b b3 11 e7 ae 20   ....0..........
0010 - d5 2a 86 7d 90 3d 3f 42-ec 5a 5a 6a 81 83 70 2d   .*.}.=?B.ZZj..p-
0020 - 24 ae 27 5b 0c 1c d5 24-48 c2 22 8b b1 68 cf f9   $.'[...$H."..h..
0030 - 14 5a dc a5 ce                                    .Z...
read from 0xe23ba0 [0xe29183] (5 bytes => 5 (0x5))
0000 - 14 03 03 00 01                                    .....
read from 0xe23ba0 [0xe29188] (1 bytes => 1 (0x1))
0000 - 01                                                .
read from 0xe23ba0 [0xe29183] (5 bytes => 5 (0x5))
0000 - 16 03 03 00 30                                    ....0
read from 0xe23ba0 [0xe29188] (48 bytes => 48 (0x30))
0000 - 46 69 6d 5d c5 67 68 cb-4d 54 b3 27 8b 17 a7 39   Fim].gh.MT.'...9
0010 - 48 35 5f 7b 78 af f8 67-41 84 84 ca 08 1b 65 22   H5_{x..gA.....e"
0020 - 1b f9 04 ee d0 75 58 be-c8 7f 9a 52 f0 ab 62 3e   .....uX....R..b>
---
Certificate chain
 0 s:/C=US/ST=California/L=Cupertino/O=Apple Inc./CN=gateway.push.apple.com
   i:/C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2012 Entrust, Inc. - for authorized use only/CN=Entrust Certification Authority - L1K
-----BEGIN CERTIFICATE-----
MIIHOzCCBiOgAwIBAgIRALeI4WP7t3oXAAAAAFEAW24wDQYJKoZIhvcNAQELBQAw
[REDACTED]
5ouFov18ZldA3XzhqaXz4MSkiCHB4h1ad8h012/6xv+P6e5BXc4TrBGT6sXy6qKI
zi1LiYCsIPbHViqyz4/QNjj6liNZhlXKOthNVDVSKQ==
-----END CERTIFICATE-----
 1 s:/C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2012 Entrust, Inc. - for authorized use only/CN=Entrust Certification Authority - L1K
   i:/O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Certification Authority (2048)
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIEUc4A/jANBgkqhkiG9w0BAQsFADCBtDEUMBIGA1UEChML
RW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBp
[REDACTED]
ukSHMQWAWAvF3nQogYMIhNDIRlr+isa9qQ47ZHhtJtw8TPeBXDwRfyU6k2Klo5EF
JSNztM3OzDmkA3gwZkZeqXWwtGcDqbGfV/DTds/hk+iAog==
-----END CERTIFICATE-----
---
Server certificate
subject=/C=US/ST=California/L=Cupertino/O=Apple Inc./CN=gateway.push.apple.com
issuer=/C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2012 Entrust, Inc. - for authorized use only/CN=Entrust Certification Authority - L1K
---
Acceptable client certificate CA names
/C=US/O=Apple Inc./OU=Apple Certification Authority/CN=Apple Root CA
/CN=Apple Application Integration 2 Certification Authority/OU=Apple Certification Authority/O=Apple Inc./C=US
/CN=Apple Corporate Authentication CA 1/OU=Certification Authority/O=Apple Inc./C=US
/C=US/ST=California/L=Cupertino/O=Apple Inc./CN=gateway.push.apple.com
/C=US/O=Apple Inc./OU=Apple Worldwide Developer Relations/CN=Apple Worldwide Developer Relations Certification Authority
/CN=Apple Corporate Root CA/OU=Certification Authority/O=Apple Inc./C=US
/C=US/O=Apple Inc./OU=Apple Certification Authority/CN=Apple Application Integration Certification Authority
---
SSL handshake has read 4192 bytes and written 2517 bytes
---
New, TLSv1/SSLv3, Cipher is DES-CBC3-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : DES-CBC3-SHA
    Session-ID:
    Session-ID-ctx:
    Master-Key: CC618AFCA4710DD1C405[REDACTED]1065EFD6CA155B9B423FCF
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    Start Time: 1602639932
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---

As you can see the response is complete, SSL has been negotiated and it's awaiting me to enter the next command.

Does anyone know what might be causing the openssl command on the first server to stall?

TLS handshake stall with Apple push notification service

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?

TLS handshake stall with Apple push notification service

0 Answers