How is Telegram encryption is poroprietary, yet their client is open-source?

It is often noted (for example in this question&answer) that one of the major flaws of the Telegram messenger is that it uses ‘proprietary‘ encryption instead of peer reviewed and open-source one. At the same time the source code of the app is open-source.

How is this possible that encryption algorithm is ‘proprietary‘ (i.e. close-sourced and can not be reviewed) and yet open-source client is somehow is able to decrypt received messages. To explain what I mean (assuming end-to-end encrypted secret chat): message sent from device A to device B, in order to be end-to-end encrypted must not left device A before it encrypted and must not be decrypted until it reaches device B (at least that is my current understanding), if so – algorithm of encyption/decription must be contained in the client itself, so, how then such encryption algorithm could be considered ‘proprietary‘? What am I missing here?

How do VPN providers exactly encrypt traffic from client to their server?

I’m thinking to build a VPN for personal use on a VPS but am unable to understand one thing. How exactly VPN providers encrypt data from client to their server? Suppose if I simply configure IP of my VPS and port in my browser it would be simple proxy it won’t encrypt traffic that originates from my machine or browser.

If I use OpenVPN would it solve the purpose?

One more thing which I can’t understand is, how do VPN providers exactly restricts usage to a few devices. Do they save device information? If by few devices they mean only X devices can run this VPN in parallel then how do the exactly restrict usage to only X devices because they have limited IPs and tons of users routing their traffic through them and there’s no way to know to know who is using how many devices. If this is mapped to user account and they figure this out via his unique account then technically they are maintaining logs right?

Server encryption, client decryption, without the client having the ability to encrypt?

Is it possible to encrypt data server side and then decrypt it client side; without the client having the ability to encrypt the data themselves after decrypting?

I’m working on a license manager which needs to be able to read the contents of the encrypted file, but ideally we don’t want the client to have the ability to create their own encrypted license file.

Client + server side hashing

I don’t want the password to be sent in clear text over the internet, even when using HTTPS the server admin can read the password if they somehow cache or log post requests,

now what i have come up with is the following.

  1. generate a “salt” from the user email and extend it with padding like this:
var email = "example@example.com" const padding = 0x12564213155763573 (this is constant for all users)  var extended = email.padEnd(100, padding) //appending the padding at the end of the email and maximum string length is 100  var salt = sha256(extended)  

then calculate a hash of the password using PBKDF2 like this:

var password = pbkdf2("user password", salt, 10000, 128) 

now that hashed password will be the actual password of the user, then it will be sent to the server and the server will calculate another hash of that hash

now I’m posting this here because i came up with this on my own and i feel like something is missing or wrong here, as they say about cryptography you shouldn’t invent it yourself. so I’m open for discussions & ideas.

Client wants us to use their SSL certificate on our server [on hold]

Not a sys admin here. So please forgive ignorance. I have read the suggested Q/A here:

My question is: How do I get an SSL Certificate from my client,(even if it is created for use with several names), and apply it to my server?

Here is my situation. We have an AWS instance/DB serving a site we built for a client. The site is at: subdomain.ofourdomain.com. We have our own SSL on that. Client has created a c-name pointing to our site/domain name thusly:

subdomain.ofclientsdomain.com – > subdomain.ofourdomain.com

Browser throws warning using their Cname URL.

Client asked if they can send me THEIR Certificate.

I do not know how that would be done. I have never had someone send me their Certificate.

Should I revert back to the Approved solution in the linked Question/solution and tell them to create a certificate with both our domains? If so how does he apply that? Since it is my server? Thanks James

Server sending RST after Client Hello

We are facing intermittent TLS handshake issue while connecting from a C++ (Openssl 1.0.2e) client to a Java Server (Java 7). The issue is observed on load test after having around 100 session sending concurent requests, that too on linux platform. Server is sending RST message immediately after “Client Hello” message. On client side the SSL_CTX object is created with TLSv1_2_client_method(). On server side the context instance is created by invoking SSLContext.getInstance(“TLSv1.2”). Also we are limiting the enbled protocol to TLSv1.2 on server side. Whenever this issue is observed we have noticed that Client Hello Protocol on Wireshark as “TLSv1”, in all other cases(SUCCESS) the Client Hello Protocol is displayed as TLSv1.2.

Also I understand the Handshake layer version number is important and any TLS1.2 compliant server MUST accept any value {03,XX} as the record layer version number for ClientHello as per RFC5246. But whenever the failuere is observed, record layer is “TLSv1 Record Layer: Handshake Protocol: Client Hello”. In the case of successful handshake the record layer is “TLSv1.2 Record Layer: Handshake Protocol: Client Hello”. The client hello message for both the cases are given below, note that the cipher suites and signature algorithm are same in both the cases.

Client Hello message when issue occurs:

Transport Layer Security TLSv1 Record Layer: Handshake Protocol: Client Hello     Content Type: Handshake (22)     Version: TLS 1.0 (0x0301)     Length: 358     Handshake Protocol: Client Hello         Handshake Type: Client Hello (1)         Length: 354         Version: TLS 1.2 (0x0303)         Random: 44e153eb9aa960e39e7dd4c01fbc1cc3770d95e0d70d6aac…             GMT Unix Time: Aug 15, 2006 10:26:11.000000000 India Standard Time             Random Bytes: 9aa960e39e7dd4c01fbc1cc3770d95e0d70d6aac83f458ab…         Session ID Length: 0         Cipher Suites Length: 228         Cipher Suites (114 suites)             Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)             Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)             Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)             Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024)             Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)             Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)             Cipher Suite: TLS_DH_DSS_WITH_AES_256_GCM_SHA384 (0x00a5)             Cipher Suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 (0x00a3)             Cipher Suite: TLS_DH_RSA_WITH_AES_256_GCM_SHA384 (0x00a1)             Cipher Suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009f)             Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006b)             Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (0x006a)             Cipher Suite: TLS_DH_RSA_WITH_AES_256_CBC_SHA256 (0x0069)             Cipher Suite: TLS_DH_DSS_WITH_AES_256_CBC_SHA256 (0x0068)             Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)             Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)             Cipher Suite: TLS_DH_RSA_WITH_AES_256_CBC_SHA (0x0037)             Cipher Suite: TLS_DH_DSS_WITH_AES_256_CBC_SHA (0x0036)             Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0088)             Cipher Suite: TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA (0x0087)             Cipher Suite: TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0086)             Cipher Suite: TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA (0x0085)             Cipher Suite: TLS_ECDH_anon_WITH_AES_256_CBC_SHA (0xc019)             Cipher Suite: TLS_DH_anon_WITH_AES_256_GCM_SHA384 (0x00a7)             Cipher Suite: TLS_DH_anon_WITH_AES_256_CBC_SHA256 (0x006d)             Cipher Suite: TLS_DH_anon_WITH_AES_256_CBC_SHA (0x003a)             Cipher Suite: TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA (0x0089)             Cipher Suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 (0xc032)             Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02e)             Cipher Suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 (0xc02a)             Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 (0xc026)             Cipher Suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA (0xc00f)             Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA (0xc005)             Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)             Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)             Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)             Cipher Suite: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0084)             Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)             Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)             Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)             Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)             Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)             Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)             Cipher Suite: TLS_DH_DSS_WITH_AES_128_GCM_SHA256 (0x00a4)             Cipher Suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 (0x00a2)             Cipher Suite: TLS_DH_RSA_WITH_AES_128_GCM_SHA256 (0x00a0)             Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e)             Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067)             Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (0x0040)             Cipher Suite: TLS_DH_RSA_WITH_AES_128_CBC_SHA256 (0x003f)             Cipher Suite: TLS_DH_DSS_WITH_AES_128_CBC_SHA256 (0x003e)             Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)             Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)             Cipher Suite: TLS_DH_RSA_WITH_AES_128_CBC_SHA (0x0031)             Cipher Suite: TLS_DH_DSS_WITH_AES_128_CBC_SHA (0x0030)             Cipher Suite: TLS_DHE_RSA_WITH_SEED_CBC_SHA (0x009a)             Cipher Suite: TLS_DHE_DSS_WITH_SEED_CBC_SHA (0x0099)             Cipher Suite: TLS_DH_RSA_WITH_SEED_CBC_SHA (0x0098)             Cipher Suite: TLS_DH_DSS_WITH_SEED_CBC_SHA (0x0097)             Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0045)             Cipher Suite: TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA (0x0044)             Cipher Suite: TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0043)             Cipher Suite: TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA (0x0042)             Cipher Suite: TLS_ECDH_anon_WITH_AES_128_CBC_SHA (0xc018)             Cipher Suite: TLS_DH_anon_WITH_AES_128_GCM_SHA256 (0x00a6)             Cipher Suite: TLS_DH_anon_WITH_AES_128_CBC_SHA256 (0x006c)             Cipher Suite: TLS_DH_anon_WITH_AES_128_CBC_SHA (0x0034)             Cipher Suite: TLS_DH_anon_WITH_SEED_CBC_SHA (0x009b)             Cipher Suite: TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA (0x0046)             Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 (0xc031)             Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02d)             Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 (0xc029)             Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 (0xc025)             Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e)             Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004)             Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)             Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)             Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)             Cipher Suite: TLS_RSA_WITH_SEED_CBC_SHA (0x0096)             Cipher Suite: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0041)             Cipher Suite: TLS_RSA_WITH_IDEA_CBC_SHA (0x0007)             Cipher Suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011)             Cipher Suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA (0xc007)             Cipher Suite: TLS_ECDH_anon_WITH_RC4_128_SHA (0xc016)             Cipher Suite: TLS_DH_anon_WITH_RC4_128_MD5 (0x0018)             Cipher Suite: TLS_ECDH_RSA_WITH_RC4_128_SHA (0xc00c)             Cipher Suite: TLS_ECDH_ECDSA_WITH_RC4_128_SHA (0xc002)             Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005)             Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004)             Cipher Suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012)             Cipher Suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008)             Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)             Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)             Cipher Suite: TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA (0x0010)             Cipher Suite: TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA (0x000d)             Cipher Suite: TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA (0xc017)             Cipher Suite: TLS_DH_anon_WITH_3DES_EDE_CBC_SHA (0x001b)             Cipher Suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA (0xc00d)             Cipher Suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc003)             Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)             Cipher Suite: TLS_DHE_RSA_WITH_DES_CBC_SHA (0x0015)             Cipher Suite: TLS_DHE_DSS_WITH_DES_CBC_SHA (0x0012)             Cipher Suite: TLS_DH_RSA_WITH_DES_CBC_SHA (0x000f)             Cipher Suite: TLS_DH_DSS_WITH_DES_CBC_SHA (0x000c)             Cipher Suite: TLS_DH_anon_WITH_DES_CBC_SHA (0x001a)             Cipher Suite: TLS_RSA_WITH_DES_CBC_SHA (0x0009)             Cipher Suite: TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA (0x0014)             Cipher Suite: TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA (0x0011)             Cipher Suite: TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA (0x0019)             Cipher Suite: TLS_RSA_EXPORT_WITH_DES40_CBC_SHA (0x0008)             Cipher Suite: TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (0x0006)             Cipher Suite: TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 (0x0017)             Cipher Suite: TLS_RSA_EXPORT_WITH_RC4_40_MD5 (0x0003)             Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)         Compression Methods Length: 1         Compression Methods (1 method)             Compression Method: null (0)         Extensions Length: 85         Extension: ec_point_formats (len=4)             Type: ec_point_formats (11)             Length: 4             EC point formats Length: 3             Elliptic curves point formats (3)                 EC point format: uncompressed (0)                 EC point format: ansiX962_compressed_prime (1)                 EC point format: ansiX962_compressed_char2 (2)         Extension: supported_groups (len=28)             Type: supported_groups (10)             Length: 28             Supported Groups List Length: 26             Supported Groups (13 groups)                 Supported Group: secp256r1 (0x0017)                 Supported Group: secp521r1 (0x0019)                 Supported Group: brainpoolP512r1 (0x001c)                 Supported Group: brainpoolP384r1 (0x001b)                 Supported Group: secp384r1 (0x0018)                 Supported Group: brainpoolP256r1 (0x001a)                 Supported Group: secp256k1 (0x0016)                 Supported Group: sect571r1 (0x000e)                 Supported Group: sect571k1 (0x000d)                 Supported Group: sect409k1 (0x000b)                 Supported Group: sect409r1 (0x000c)                 Supported Group: sect283k1 (0x0009)                 Supported Group: sect283r1 (0x000a)         Extension: session_ticket (len=0)             Type: session_ticket (35)             Length: 0             Data (0 bytes)         Extension: signature_algorithms (len=32)             Type: signature_algorithms (13)             Length: 32             Signature Hash Algorithms Length: 30             Signature Hash Algorithms (15 algorithms)                 Signature Algorithm: rsa_pkcs1_sha512 (0x0601)                     Signature Hash Algorithm Hash: SHA512 (6)                     Signature Hash Algorithm Signature: RSA (1)                 Signature Algorithm: SHA512 DSA (0x0602)                     Signature Hash Algorithm Hash: SHA512 (6)                     Signature Hash Algorithm Signature: DSA (2)                 Signature Algorithm: ecdsa_secp521r1_sha512 (0x0603)                     Signature Hash Algorithm Hash: SHA512 (6)                     Signature Hash Algorithm Signature: ECDSA (3)                 Signature Algorithm: rsa_pkcs1_sha384 (0x0501)                     Signature Hash Algorithm Hash: SHA384 (5)                     Signature Hash Algorithm Signature: RSA (1)                 Signature Algorithm: SHA384 DSA (0x0502)                     Signature Hash Algorithm Hash: SHA384 (5)                     Signature Hash Algorithm Signature: DSA (2)                 Signature Algorithm: ecdsa_secp384r1_sha384 (0x0503)                     Signature Hash Algorithm Hash: SHA384 (5)                     Signature Hash Algorithm Signature: ECDSA (3)                 Signature Algorithm: rsa_pkcs1_sha256 (0x0401)                     Signature Hash Algorithm Hash: SHA256 (4)                     Signature Hash Algorithm Signature: RSA (1)                 Signature Algorithm: SHA256 DSA (0x0402)                     Signature Hash Algorithm Hash: SHA256 (4)                     Signature Hash Algorithm Signature: DSA (2)                 Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)                     Signature Hash Algorithm Hash: SHA256 (4)                     Signature Hash Algorithm Signature: ECDSA (3)                 Signature Algorithm: SHA224 RSA (0x0301)                     Signature Hash Algorithm Hash: SHA224 (3)                     Signature Hash Algorithm Signature: RSA (1)                 Signature Algorithm: SHA224 DSA (0x0302)                     Signature Hash Algorithm Hash: SHA224 (3)                     Signature Hash Algorithm Signature: DSA (2)                 Signature Algorithm: SHA224 ECDSA (0x0303)                     Signature Hash Algorithm Hash: SHA224 (3)                     Signature Hash Algorithm Signature: ECDSA (3)                 Signature Algorithm: rsa_pkcs1_sha1 (0x0201)                     Signature Hash Algorithm Hash: SHA1 (2)                     Signature Hash Algorithm Signature: RSA (1)                 Signature Algorithm: SHA1 DSA (0x0202)                     Signature Hash Algorithm Hash: SHA1 (2)                     Signature Hash Algorithm Signature: DSA (2)                 Signature Algorithm: ecdsa_sha1 (0x0203)                     Signature Hash Algorithm Hash: SHA1 (2)                     Signature Hash Algorithm Signature: ECDSA (3)         Extension: heartbeat (len=1)             Type: heartbeat (15)             Length: 1             Mode: Peer allowed to send requests (1) 

Client Hello when handshake is successful:

TLSv1.2 Record Layer: Handshake Protocol: Client Hello Content Type: Handshake (22) Version: TLS 1.0 (0x0301) Length: 358 Handshake Protocol: Client Hello     Handshake Type: Client Hello (1)     Length: 354     Version: TLS 1.2 (0x0303)     Random: b2e7fe85a0e4403ae4fec4d698094b919375f9afed8efff4…     Session ID Length: 0     Cipher Suites Length: 228     Cipher Suites (114 suites)         Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)         Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)         Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)         Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024)         Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)         Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)         Cipher Suite: TLS_DH_DSS_WITH_AES_256_GCM_SHA384 (0x00a5)         Cipher Suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 (0x00a3)         Cipher Suite: TLS_DH_RSA_WITH_AES_256_GCM_SHA384 (0x00a1)         Cipher Suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009f)         Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006b)         Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (0x006a)         Cipher Suite: TLS_DH_RSA_WITH_AES_256_CBC_SHA256 (0x0069)         Cipher Suite: TLS_DH_DSS_WITH_AES_256_CBC_SHA256 (0x0068)         Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)         Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)         Cipher Suite: TLS_DH_RSA_WITH_AES_256_CBC_SHA (0x0037)         Cipher Suite: TLS_DH_DSS_WITH_AES_256_CBC_SHA (0x0036)         Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0088)         Cipher Suite: TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA (0x0087)         Cipher Suite: TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0086)         Cipher Suite: TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA (0x0085)         Cipher Suite: TLS_ECDH_anon_WITH_AES_256_CBC_SHA (0xc019)         Cipher Suite: TLS_DH_anon_WITH_AES_256_GCM_SHA384 (0x00a7)         Cipher Suite: TLS_DH_anon_WITH_AES_256_CBC_SHA256 (0x006d)         Cipher Suite: TLS_DH_anon_WITH_AES_256_CBC_SHA (0x003a)         Cipher Suite: TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA (0x0089)         Cipher Suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 (0xc032)         Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02e)         Cipher Suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 (0xc02a)         Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 (0xc026)         Cipher Suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA (0xc00f)         Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA (0xc005)         Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)         Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)         Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)         Cipher Suite: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0084)         Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)         Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)         Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)         Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)         Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)         Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)         Cipher Suite: TLS_DH_DSS_WITH_AES_128_GCM_SHA256 (0x00a4)         Cipher Suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 (0x00a2)         Cipher Suite: TLS_DH_RSA_WITH_AES_128_GCM_SHA256 (0x00a0)         Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e)         Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067)         Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (0x0040)         Cipher Suite: TLS_DH_RSA_WITH_AES_128_CBC_SHA256 (0x003f)         Cipher Suite: TLS_DH_DSS_WITH_AES_128_CBC_SHA256 (0x003e)         Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)         Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)         Cipher Suite: TLS_DH_RSA_WITH_AES_128_CBC_SHA (0x0031)         Cipher Suite: TLS_DH_DSS_WITH_AES_128_CBC_SHA (0x0030)         Cipher Suite: TLS_DHE_RSA_WITH_SEED_CBC_SHA (0x009a)         Cipher Suite: TLS_DHE_DSS_WITH_SEED_CBC_SHA (0x0099)         Cipher Suite: TLS_DH_RSA_WITH_SEED_CBC_SHA (0x0098)         Cipher Suite: TLS_DH_DSS_WITH_SEED_CBC_SHA (0x0097)         Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0045)         Cipher Suite: TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA (0x0044)         Cipher Suite: TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0043)         Cipher Suite: TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA (0x0042)         Cipher Suite: TLS_ECDH_anon_WITH_AES_128_CBC_SHA (0xc018)         Cipher Suite: TLS_DH_anon_WITH_AES_128_GCM_SHA256 (0x00a6)         Cipher Suite: TLS_DH_anon_WITH_AES_128_CBC_SHA256 (0x006c)         Cipher Suite: TLS_DH_anon_WITH_AES_128_CBC_SHA (0x0034)         Cipher Suite: TLS_DH_anon_WITH_SEED_CBC_SHA (0x009b)         Cipher Suite: TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA (0x0046)         Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 (0xc031)         Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02d)         Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 (0xc029)         Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 (0xc025)         Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e)         Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004)         Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)         Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)         Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)         Cipher Suite: TLS_RSA_WITH_SEED_CBC_SHA (0x0096)         Cipher Suite: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0041)         Cipher Suite: TLS_RSA_WITH_IDEA_CBC_SHA (0x0007)         Cipher Suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011)         Cipher Suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA (0xc007)         Cipher Suite: TLS_ECDH_anon_WITH_RC4_128_SHA (0xc016)         Cipher Suite: TLS_DH_anon_WITH_RC4_128_MD5 (0x0018)         Cipher Suite: TLS_ECDH_RSA_WITH_RC4_128_SHA (0xc00c)         Cipher Suite: TLS_ECDH_ECDSA_WITH_RC4_128_SHA (0xc002)         Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005)         Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004)         Cipher Suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012)         Cipher Suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008)         Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)         Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)         Cipher Suite: TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA (0x0010)         Cipher Suite: TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA (0x000d)         Cipher Suite: TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA (0xc017)         Cipher Suite: TLS_DH_anon_WITH_3DES_EDE_CBC_SHA (0x001b)         Cipher Suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA (0xc00d)         Cipher Suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc003)         Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)         Cipher Suite: TLS_DHE_RSA_WITH_DES_CBC_SHA (0x0015)         Cipher Suite: TLS_DHE_DSS_WITH_DES_CBC_SHA (0x0012)         Cipher Suite: TLS_DH_RSA_WITH_DES_CBC_SHA (0x000f)         Cipher Suite: TLS_DH_DSS_WITH_DES_CBC_SHA (0x000c)         Cipher Suite: TLS_DH_anon_WITH_DES_CBC_SHA (0x001a)         Cipher Suite: TLS_RSA_WITH_DES_CBC_SHA (0x0009)         Cipher Suite: TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA (0x0014)         Cipher Suite: TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA (0x0011)         Cipher Suite: TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA (0x0019)         Cipher Suite: TLS_RSA_EXPORT_WITH_DES40_CBC_SHA (0x0008)         Cipher Suite: TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (0x0006)         Cipher Suite: TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 (0x0017)         Cipher Suite: TLS_RSA_EXPORT_WITH_RC4_40_MD5 (0x0003)         Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)     Compression Methods Length: 1     Compression Methods (1 method)         Compression Method: null (0)     Extensions Length: 85     Extension: ec_point_formats (len=4)         Type: ec_point_formats (11)         Length: 4         EC point formats Length: 3         Elliptic curves point formats (3)             EC point format: uncompressed (0)             EC point format: ansiX962_compressed_prime (1)             EC point format: ansiX962_compressed_char2 (2)     Extension: supported_groups (len=28)         Type: supported_groups (10)         Length: 28         Supported Groups List Length: 26         Supported Groups (13 groups)             Supported Group: secp256r1 (0x0017)             Supported Group: secp521r1 (0x0019)             Supported Group: brainpoolP512r1 (0x001c)             Supported Group: brainpoolP384r1 (0x001b)             Supported Group: secp384r1 (0x0018)             Supported Group: brainpoolP256r1 (0x001a)             Supported Group: secp256k1 (0x0016)             Supported Group: sect571r1 (0x000e)             Supported Group: sect571k1 (0x000d)             Supported Group: sect409k1 (0x000b)             Supported Group: sect409r1 (0x000c)             Supported Group: sect283k1 (0x0009)             Supported Group: sect283r1 (0x000a)     Extension: session_ticket (len=0)         Type: session_ticket (35)         Length: 0         Data (0 bytes)     Extension: signature_algorithms (len=32)         Type: signature_algorithms (13)         Length: 32         Signature Hash Algorithms Length: 30         Signature Hash Algorithms (15 algorithms)             Signature Algorithm: rsa_pkcs1_sha512 (0x0601)                 Signature Hash Algorithm Hash: SHA512 (6)                 Signature Hash Algorithm Signature: RSA (1)             Signature Algorithm: SHA512 DSA (0x0602)                 Signature Hash Algorithm Hash: SHA512 (6)                 Signature Hash Algorithm Signature: DSA (2)             Signature Algorithm: ecdsa_secp521r1_sha512 (0x0603)                 Signature Hash Algorithm Hash: SHA512 (6)                 Signature Hash Algorithm Signature: ECDSA (3)             Signature Algorithm: rsa_pkcs1_sha384 (0x0501)                 Signature Hash Algorithm Hash: SHA384 (5)                 Signature Hash Algorithm Signature: RSA (1)             Signature Algorithm: SHA384 DSA (0x0502)                 Signature Hash Algorithm Hash: SHA384 (5)                 Signature Hash Algorithm Signature: DSA (2)             Signature Algorithm: ecdsa_secp384r1_sha384 (0x0503)                 Signature Hash Algorithm Hash: SHA384 (5)                 Signature Hash Algorithm Signature: ECDSA (3)             Signature Algorithm: rsa_pkcs1_sha256 (0x0401)                 Signature Hash Algorithm Hash: SHA256 (4)                 Signature Hash Algorithm Signature: RSA (1)             Signature Algorithm: SHA256 DSA (0x0402)                 Signature Hash Algorithm Hash: SHA256 (4)                 Signature Hash Algorithm Signature: DSA (2)             Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)                 Signature Hash Algorithm Hash: SHA256 (4)                 Signature Hash Algorithm Signature: ECDSA (3)             Signature Algorithm: SHA224 RSA (0x0301)                 Signature Hash Algorithm Hash: SHA224 (3)                 Signature Hash Algorithm Signature: RSA (1)             Signature Algorithm: SHA224 DSA (0x0302)                 Signature Hash Algorithm Hash: SHA224 (3)                 Signature Hash Algorithm Signature: DSA (2)             Signature Algorithm: SHA224 ECDSA (0x0303)                 Signature Hash Algorithm Hash: SHA224 (3)                 Signature Hash Algorithm Signature: ECDSA (3)             Signature Algorithm: rsa_pkcs1_sha1 (0x0201)                 Signature Hash Algorithm Hash: SHA1 (2)                 Signature Hash Algorithm Signature: RSA (1)             Signature Algorithm: SHA1 DSA (0x0202)                 Signature Hash Algorithm Hash: SHA1 (2)                 Signature Hash Algorithm Signature: DSA (2)             Signature Algorithm: ecdsa_sha1 (0x0203)                 Signature Hash Algorithm Hash: SHA1 (2)                 Signature Hash Algorithm Signature: ECDSA (3)     Extension: heartbeat (len=1)         Type: heartbeat (15)         Length: 1         Mode: Peer allowed to send requests (1) 

When this issue occurs (ie. SSL_do_handshake() fails) SSL_get_error returns SSL_ERROR_SYSCALL, but ERR_get_error() returns 0. We are calling these two methods immediately after SSL_do_handshake().

Appreciate your assistance as this is going for some time.

Using WinSCP to connect Windows Client to Linux server

I am trying to understand how to set up an SFTP connection between Windows 7 PCs (yes, these PCs will be supported through part of next year) to a Linux Server. I think I’m finally getting it – but it’s the where to put things and how to actually connect that I’m not following.

I’m testing all of this out in a test lab before these new Linux Servers go out. I have generated a key pair. I’ve given the public key to my test server admin, who has placed it in /root/.ssh/authorized_keys (is this the correct location?) on the Linux server.

I have placed my private key in \Users\user\.ssh\keyname.ppk on my Windows PC. Is that correct?

And now I am trying to write a test batch script that will create a .dat file with my connection command, my PUT and GET commands, and which will be called by WinSCP to connect to that server and run those commands. If I can get this working, I will be using this same batch code and WinSCP call in several different scripts which currently use FTP, not SFTP.

What I’m not sure how do is how to connect. I have the call to my .dat file –

winscp /script=\temp\sftp.dat 

But my current authentication method is to use a username/password combination – here is the first line of the .dat file:

open sftp://username:password@servername -hostkey="ssh-ed25519 xxxxxxxxxxxx"         

…but username/password authentication will not be available to me. So how do I connect with just the key pair? Is there a particular line I need to write in place of that open sftp line for it to connect?