Skip to main content


Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » Eclipse Titan » Using TLS/DTLS with Titan test ports part1(TLS with the TCP test port )
Using TLS/DTLS with Titan test ports part1 [message #1753744] Thu, 09 February 2017 14:49 Go to next message
Elemer Lelik is currently offline Elemer LelikFriend
Messages: 807
Registered: January 2015
Senior Member
Dear all,

this is the first part of a series that aims to exemplify usage of TLS/DTLS in Titan test ports.
I don't want to enter in details and subtleties of the transport security layer, but I want to provide code snippets
that can be used as a starting point when someone needs TLS/TCP or DTLS/UDP as a transport.

Introduction. All relevant Titan ports (UDP, TCP, IPL4, HTTP) are borrowing security services from the OpenSSL installation they are built together with.
Hence their security capabilities are strongly influenced by the version of OpenSSL release. So before compilation please make sure your
installation supports the needed methods, ciphers etc. For instance DTLS 1.2 is supported from OpenSSL 1.0.2, but the DTLS 1.2 ciphers mandatory for CoAPS
( TLS_PSK_WITH_AES_128_CCM_8 and TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 ) only from OpenSSL 1.1.0.
Also please bear in mind that Titan itself is using OpenSSL ( for handling big integers for example) and it has to be built with the version you intend to use
for your transport.
This means that first you have to pick the OpenSSL version that covers your needs, install it if needed,
and if your Titan was not built with that version, build Titan from source.

At the moment of writing this post the latest OpenSSL version is 1.1.0d so I will walk you through installing it and using it in parallel with an existing earlier installation.
The example is valid for Ubuntu 16.04, but can be easily translated to other OSs.

On Ubuntu 16.06 the default OpenSSL version is 1.0.2j:

which openssl
/usr/bin/openssl

openssl version
OpenSSL 1.0.2g  1 Mar 2016



We will install OpenSSL 1.1.0d in /usr/local/openssl:

wget  https://www.openssl.org/source/openssl-1.1.0d.tar.gz
tar zxvf openssl-1.1.0d.tar.gz
cd openssl-1.1.0d
./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl
make && sudo make install

/usr/local/openssl/bin/openssl version
OpenSSL 1.1.0d  26 Jan 2017


Switch to the new version:

export PATH=/usr/local/openssl/bin:$PATH
export LD_LIBRARY_PATH=/usr/local/openssl/lib:$LD_LIBRARY_PATH
 
which openssl
/usr/local/openssl/bin/openssl 
openssl version
OpenSSL 1.1.0d  26 Jan 2017


Next, we will compile and install Titan.

Clone Titan source from https://github.com/eclipse/titan.core
and compile according to README.linux

Makefile.personal has to contain the line:

OPENSSL_DIR := /usr/local/openssl



(after make, set the relevant TTCN3_DIR, PATH, LD_LIBRARY_PATH values)

Check that the compiler binary linked the right libcrypto:

ldd compiler 


compiler -v 

should also display the used OpenSLL version.

From this on, we can use this version of OpenSSL and the newly built Titan to compile our TTCN-3 projects including test ports with TLS/DTLS support.


Chapter 1. The UDP test port https://github.com/eclipse/titan.TestPorts.UDPasp

The UDP test port has no standalone support for TLS/DTLS ; however we'll see later that used together with
the TLS_Handler (git://git.eclipse.org/gitroot/titan/titan.Libraries.TLS.git) it can establish a DTLS association.


Chapter 2. The TCP test port https://github.com/eclipse/titan.TestPorts.TCPasp (requires the Abstract Socket https://github.com/eclipse/titan.TestPorts.Common_Components.Abstract_Socket)

The TCP test port con be compiled together with OpenSSL for TLS support. For this, the following needs to be done:

-specifying the OpenSSL location in the Makefile:

OPENSSL_DIR = <location>


e.g.

OPENSSL_DIR = /usr/local/openssl


-CPPFLAGS will have to contain -DAS_USE_SSL and -I$(OPENSSL_DIR)/include

CPPFLAGS = -D$(PLATFORM) -I$(TTCN3_DIR)/include -DAS_USE_SSL -I$(OPENSSL_DIR)/include


-and -lssl will have to be added to LINUX_LIBS (assuming the platform is set to LINUX):

LINUX_LIBS = -lxml2 -lssl


(see Makefile in the attached package)


If we try to establish a connection without TLS to a TLS enabled web server, the connection will be rejected.

Let's initiate a TCP connection with
netcat www.eclipse.org 443


and then type in
HEAD / HTTP/1.0
Host: www.eclipse.org


The server will respond with:
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
Reason: You're speaking plain HTTP to an SSL-enabled server port.<br />
Instead use the HTTPS scheme to access this URL, please.<br />
<blockquote>Hint: <a href="https://www.eclipse.org/"><b>https://www.eclipse.org/</b></a></blockquote></p>
</body></html>



If we use the OpenSSL client :


openssl s_client -connect www.eclipse.org:443
CONNECTED(00000003)
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert SHA2 High Assurance Server CA
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
 0 s:/C=CA/ST=Ontario/L=Ottawa/O=Eclipse.org Foundation, Inc./OU=IT/CN=*.eclipse.org
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 High Assurance Server CA
 1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 High Assurance Server CA
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIHZjCCBk6gAwIBAgIQBXStleLgQwEVQJT+V/d0SzANBgkqhkiG9w0BAQsFADBw
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz
dXJhbmNlIFNlcnZlciBDQTAeFw0xNzAxMTcwMDAwMDBaFw0yMDAzMDIxMjAwMDBa
MHwxCzAJBgNVBAYTAkNBMRAwDgYDVQQIEwdPbnRhcmlvMQ8wDQYDVQQHEwZPdHRh
d2ExJTAjBgNVBAoTHEVjbGlwc2Uub3JnIEZvdW5kYXRpb24sIEluYy4xCzAJBgNV
BAsTAklUMRYwFAYDVQQDDA0qLmVjbGlwc2Uub3JnMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAtiSzPmMwlHagBFfAIhE0eoeconPwKS33vmsYP1NOCvU1
Qq/Kp9I/srR/b0Ive+moXWKvXsn+rXcnfAkmKKjaczjiam86KAvrSjKprSrBAJZ7
oKcl//Dh10GZFK85Q4BRgGAPaL8RtcnV74UMYiIBl0QEt+2hS/SLyvCKJgGbbmZp
blSEM/TcpRludIem9jdo87QVXhg4cnaNCwru5ggoyoLi4WbpZ3divBGVZ8A3I9QX
Y9jxEChAWqb+5pU26b4CV7gpM+AoVYsLHBh6DXgB3eMaw2247qGpAF75V78LcKsK
TtSRkEe2Zjv0+eW9HmCcO7iCFg3DWvCmn3Xje7SSiQIDAQABo4ID7jCCA+owHwYD
VR0jBBgwFoAUUWj/kK8CB3U8zNllZGKiErhZcjswHQYDVR0OBBYEFO+p0az31ile
uby2MgTXMMEIdOmTMCUGA1UdEQQeMByCDSouZWNsaXBzZS5vcmeCC2VjbGlwc2Uu
b3JnMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
AwIwdQYDVR0fBG4wbDA0oDKgMIYuaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3No
YTItaGEtc2VydmVyLWc1LmNybDA0oDKgMIYuaHR0cDovL2NybDQuZGlnaWNlcnQu
Y29tL3NoYTItaGEtc2VydmVyLWc1LmNybDBMBgNVHSAERTBDMDcGCWCGSAGG/WwB
ATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgG
BmeBDAECAjCBgwYIKwYBBQUHAQEEdzB1MCQGCCsGAQUFBzABhhhodHRwOi8vb2Nz
cC5kaWdpY2VydC5jb20wTQYIKwYBBQUHMAKGQWh0dHA6Ly9jYWNlcnRzLmRpZ2lj
ZXJ0LmNvbS9EaWdpQ2VydFNIQTJIaWdoQXNzdXJhbmNlU2VydmVyQ0EuY3J0MAwG
A1UdEwEB/wQCMAAwggH3BgorBgEEAdZ5AgQCBIIB5wSCAeMB4QB3AKS5CZC0GFgU
h7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABWa0p5Z4AAAQDAEgwRgIhAK3wP9Mr
vY3NInHsgTEVLTFsbRyb4SII/IN3k/7zBQdKAiEAuVzrW7DjAcRgTpSBmBeKuS4D
xLZ3XctjMUWBXGe0KpwAdwBWFAaaL9fC7NP14b1Esj7HRna5vJkRXMDvlJhV1onQ
3QAAAVmtKebsAAAEAwBIMEYCIQCj/7M6ErrE/8FhC+RwRv3nqJXYpKX9SO+4S9to
2IuLewIhANWWO1513MvKWrUM/qPFu0VmdtxzixI+txtBOAI7M7gQAHUA7ku9t3XO
YLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo/csAAAFZrSnolwAABAMARjBEAiBS1jJm
hor35Nq2pdlk/8Tv1ROgoEKdjv3NMkPXwlyNSgIgExCMMTqg8R7P/lfeXMYUVs6H
1oO61MaRQKsw3J7pWE8AdgC72d+8H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7R
hQAAAVmtKeZZAAAEAwBHMEUCIDBh9E282+1YdpEUtIDYfvzdPf+WiGskLCiXDeL9
BGRRAiEAppRRkUk+9K+wCX1qfjQMUhXCJ/ljcX9tWtp4WX9R3bswDQYJKoZIhvcN
AQELBQADggEBAIDYXOtpWtOi232kg/4bMqhELBqFUwlOVYYpfkRxfBEQtKCpD7x2
VBjGUEu1R3ZQqVTRJxpzUapbw/KfHdMeRc7eDNtySAT91XU156prE8FCFXb54H+/
D9kWV2TsBtgYcJnRi1VjueL9UxKV+0YlzICoYD+Rup7FnWvRwuvH1D7A6IIE3og2
YHCeXBo4OKxHlP5t9dHPggYLNH+CPeNU+mSPaFOI026OTzpjESeyQzp3Rhv/nvoM
FN98A1T6KFWswl9GI4QfFrJkhBmLIviv7XRiRvEWZAZb4rQ9WfxYXnBmD4bVhe6s
1Hy4W4HP+FYcbKAYj2T4Sx619BFDbb5d+AA=
-----END CERTIFICATE-----
subject=/C=CA/ST=Ontario/L=Ottawa/O=Eclipse.org Foundation, Inc./OU=IT/CN=*.eclipse.org
issuer=/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 High Assurance Server CA
---
No client certificate CA names sent
---
SSL handshake has read 3790 bytes and written 429 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : ECDHE-RSA-AES256-SHA
    Session-ID: E72FE33DBAD77086DE61196916EDF3ECDFDD5EAA810CA7C80F7EA014B9257B0C
    Session-ID-ctx: 
    Master-Key: 505D7A98BB19FC71832EBF15BD0047E147E54FA341FA908FBA67F245D02A79CF4B54099706DE400053AB2A5EB3FC832B
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket:
    0000 - 16 c4 b3 dd 0a 21 58 e3-bb 8f 76 5b bc 4a 0d 9e   .....!X...v[.J..
    0010 - 3b 7e ce 30 2e 47 1d 10-3d 8c ec a7 8b 70 02 26   ;~.0.G..=....p.&
    0020 - 1d 79 46 dc 47 0c 19 2e-2e a9 d4 0d ce 7e 22 20   .yF.G........~" 
    0030 - 0c ac 20 9f 87 98 0e 4b-c5 b4 1f e9 4e 87 de a4   .. ....K....N...
    0040 - 4d f6 16 44 eb c2 a0 5f-7c af f6 e0 68 dd 33 b0   M..D..._|...h.3.
    0050 - e6 3b 52 3c 98 5a f9 86-ee 91 2f 5d ea b3 cc 95   .;R<.Z..../]....
    0060 - c0 7f 85 68 02 99 01 90-d3 fc 4c 43 fc 50 6e 3a   ...h......LC.Pn:
    0070 - 2c 2c 2c c9 7d 3f db a0-db 19 9c ce 5d 0a 03 ee   ,,,.}?......]...
    0080 - 34 cc d7 29 92 de a2 69-5a 9f da cd 46 0c f1 16   4..)...iZ...F...
    0090 - 21 f3 4c f1 be 57 9e 81-aa db 09 85 fb 60 b0 73   !.L..W.......`.s
    00a0 - 7e 85 64 44 27 91 2d 6e-bf 90 3b e7 c8 e9 5f 6e   ~.dD'.-n..;..._n
    00b0 - d7 9e 01 b3 99 ba 48 ab-ec 9a c8 ad f5 5d 1c 1f   ......H......]..

    Start Time: 1486193060
    Timeout   : 300 (sec)
    Verify return code: 20 (unable to get local issuer certificate)
---



then type in the same

HEAD / HTTP/1.0
Host: www.eclipse.org


the server will respond

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2017 07:24:24 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Sat, 04 Feb 2017 07:24:25 GMT
cache-Control: no-store, no-cache, must-revalidate
cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=79f4uuk21j8ipvn27829dmqf0h4q8aj5; path=/; HttpOnly
X-NodeID: www-vm2
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8

closed


We will use the below TTCN-3 code to try to connect to the server:

module TCPTest {

modulepar {

charstring tsp_hostname:="www.eclipse.org"  
integer tsp_portnumber:=443  
}

import from TCPasp_Types all;
import from TCPasp_PortType all;

  type component GeneralComp
    {
        port TCPasp_PT p;
        timer t;    
    }
    
    type component SystemComp
    {
        port TCPasp_PT p;

    }

template ASP_TCP_Connect  t_connect:= {
   hostname:=tsp_hostname,
  portnumber:=tsp_portnumber,
  local_hostname:= omit,
  local_portnumber:=omit
};

template  ASP_TCP_Connect_result t_connect_result:= {
  client_id:=?
}

template ASP_TCP_Close t_close:= {
  client_id:=omit
};

template ASP_TCP t_data0(in integer p_id):= {
  client_id:=p_id,   
  data:=char2oct("HEAD / HTTP/1.0")& '0D0A'O &char2oct("Host: "&tsp_hostname)& '0D0A'O & '0D0A'O & '0D0A'O
}


    testcase TC_TCPTest() runs on GeneralComp system SystemComp {
		
    var ASP_TCP_Connect_result v_res
    map(self:p, system:p); 

                p.send(t_connect);
                t.start(5.0) 
        alt 
        { 
              [] p.receive(t_connect_result) -> value v_res{t.stop};
              [] t.timeout{log("Bye")}
        } 
                p.send(t_data0(v_res.client_id));
                t.start(5.0) 
        alt 
        { 
              [] p.receive;
              [] t.timeout{log("Bye")}
        } 
              p.send(t_close);


		setverdict(pass);
    }
	
    control{
        execute(TC_TCPTest());
    }

}


Let's start with the below test port parameters:

[TESTPORT_PARAMETERS]


*.p.socket_debugging := "Yes"
*.p.server_mode := "No"
*.p.use_connection_ASPs := "Yes"
*.p.ssl_use_ssl := "No"



The execution result is negative:


04:56:52.874760 - TTCN-3 Main Test Component started on ntaf. Version: CRL 113 200/5 R5A.
04:56:52.874879 - TTCN Logger v2.2 options: TimeStampFormat:=Time; LogEntityName:=No; LogEventTypes:=No; SourceInfoFormat:=Single; *.FileMask:=LOG_ALL; *.ConsoleMask:=ERROR | USER; LogFileSize:=0; LogFileNumber:=1; DiskFullAction:=Error
04:56:52.875160 - Connected to MC.
04:56:52.875910 - Executing control part of module TCPTest.
04:56:52.875947 TCPTest.ttcn:88 Execution of control part in module TCPTest started.
04:56:52.876246 TCPTest.ttcn:51 Test case TC_TCPTest started.
04:56:52.876286 TCPTest.ttcn:51 Initializing variables, timers and ports of component type TCPTest.GeneralComp inside testcase TC_TCPTest.
04:56:52.876392 TCPTest.ttcn:51 Port p was started.
04:56:52.876437 TCPTest.ttcn:51 Component type TCPTest.GeneralComp was initialized.
04:56:52.876469 TCPTest.ttcn:54 Mapping port mtc:p to system:p.
04:56:52.877362 TCPTest.ttcn:54 Port p was mapped to system:p.
04:56:52.877499 TCPTest.ttcn:54 Map operation of mtc:p to system:p finished.
04:56:52.877563 TCPTest.ttcn:57 Sent on p to system @TCPasp_Types.ASP_TCP_Connect : {
    hostname := "www.eclipse.org",
    portnumber := 443,
    local_hostname := omit,
    local_portnumber := omit
}
04:56:53.052865 TCPTest.ttcn:57 Message enqueued on p from system @TCPasp_Types.ASP_TCP_Connect_result : {
    client_id := 6
} id 1
04:56:53.053100 TCPTest.ttcn:59 Start timer t: 5 s
04:56:53.053144 TCPTest.ttcn:64 Receive operation on port p succeeded, message from system(): @TCPasp_Types.ASP_TCP_Connect_result : {
    client_id := 6
} id 1
04:56:53.053162 TCPTest.ttcn:64 Message with id 1 was extracted from the queue of p.
04:56:53.053175 TCPTest.ttcn:64 Stop timer t: 5 s
04:56:53.053202 TCPTest.ttcn:68 Sent on p to system @TCPasp_Types.ASP_TCP : {
    client_id := 6,
    data := '48454144202F20485454502F312E300D0A486F73743A207777772E65636C697073652E6F72670D0A0D0A0D0A'O ("HEAD / HTTP/1.0\r
Host: www.eclipse.org\r
\r
\r
")
}
04:56:53.053297 TCPTest.ttcn:70 Start timer t: 5 s
04:56:53.185228 TCPTest.ttcn:71 Message enqueued on p from system @TCPasp_Types.ASP_TCP : {
    client_id := 6,
    data := '3C21444F43545950452048544D4C205055424C494320222D2F2F494554462F2F4454442048544D4C20322E302F2F454E223E0A3C68746D6C3E3C686561643E0A3C7469746C653E3430302042616420526571756573743C2F7469746C653E0A3C2F686561643E3C626F64793E0A3C68313E42616420526571756573743C2F68313E0A3C703E596F75722062726F777365722073656E7420612072657175657374207468617420746869732073657276657220636F756C64206E6F7420756E6465727374616E642E3C6272202F3E0A526561736F6E3A20596F7527726520737065616B696E6720706C61696E204854545020746F20616E2053534C2D656E61626C65642073657276657220706F72742E3C6272202F3E0A496E7374656164207573652074686520485454505320736368656D6520746F2061636365737320746869732055524C2C20706C656173652E3C6272202F3E0A3C626C6F636B71756F74653E48696E743A203C6120687265663D2268747470733A2F2F7777772E65636C697073652E6F72672F223E3C623E68747470733A2F2F7777772E65636C697073652E6F72672F3C2F623E3C2F613E3C2F626C6F636B71756F74653E3C2F703E0A3C2F626F64793E3C2F68746D6C3E0A'O ("<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
Reason: You're speaking plain HTTP to an SSL-enabled server port.<br />
Instead use the HTTPS scheme to access this URL, please.<br />
<blockquote>Hint: <a href=\"https://www.eclipse.org/\"><b>https://www.eclipse.org/</b></a></blockquote></p>
</body></html>
")
} id 2
04:56:53.185355 TCPTest.ttcn:75 Receive operation on port p succeeded, message from system(): @TCPasp_Types.ASP_TCP: {
    client_id := 6,
    data := '3C21444F43545950452048544D4C205055424C494320222D2F2F494554462F2F4454442048544D4C20322E302F2F454E223E0A3C68746D6C3E3C686561643E0A3C7469746C653E3430302042616420526571756573743C2F7469746C653E0A3C2F686561643E3C626F64793E0A3C68313E42616420526571756573743C2F68313E0A3C703E596F75722062726F777365722073656E7420612072657175657374207468617420746869732073657276657220636F756C64206E6F7420756E6465727374616E642E3C6272202F3E0A526561736F6E3A20596F7527726520737065616B696E6720706C61696E204854545020746F20616E2053534C2D656E61626C65642073657276657220706F72742E3C6272202F3E0A496E7374656164207573652074686520485454505320736368656D6520746F2061636365737320746869732055524C2C20706C656173652E3C6272202F3E0A3C626C6F636B71756F74653E48696E743A203C6120687265663D2268747470733A2F2F7777772E65636C697073652E6F72672F223E3C623E68747470733A2F2F7777772E65636C697073652E6F72672F3C2F623E3C2F613E3C2F626C6F636B71756F74653E3C2F703E0A3C2F626F64793E3C2F68746D6C3E0A'O ("<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
Reason: You're speaking plain HTTP to an SSL-enabled server port.<br />
Instead use the HTTPS scheme to access this URL, please.<br />
<blockquote>Hint: <a href=\"https://www.eclipse.org/\"><b>https://www.eclipse.org/</b></a></blockquote></p>
</body></html>
")
} id 2
04:56:53.185397 TCPTest.ttcn:75 Message with id 2 was extracted from the queue of p.
04:56:53.185422 TCPTest.ttcn:82 Sent on p to system @TCPasp_Types.ASP_TCP_Close : {
    client_id := omit
}
04:56:53.185536 TCPTest.ttcn:85 setverdict(pass): none -> pass
04:56:53.185563 TCPTest.ttcn:85 Terminating component type TCPTest.GeneralComp.
04:56:53.185579 TCPTest.ttcn:85 Stop timer t: 5 s
04:56:53.185605 TCPTest.ttcn:85 Removing unterminated mapping between port p and system:p.
04:56:53.185627 TCPTest.ttcn:85 Port p was unmapped from system:p.
04:56:53.185746 TCPTest.ttcn:85 Port p was stopped.
04:56:53.185767 TCPTest.ttcn:85 Component type TCPTest.GeneralComp was shut down inside testcase TC_TCPTest.
04:56:53.185782 TCPTest.ttcn:85 Waiting for PTCs to finish.
04:56:53.185846 TCPTest.ttcn:85 Setting final verdict of the test case.
04:56:53.185871 TCPTest.ttcn:85 Local verdict of MTC: pass
04:56:53.185885 TCPTest.ttcn:85 No PTCs were created.
04:56:53.185897 TCPTest.ttcn:85 Test case TC_TCPTest finished. Verdict: pass
04:56:53.185912 TCPTest.ttcn:89 Execution of control part in module TCPTest finished.
04:56:53.186506 - Verdict statistics: 0 none (0.00 %), 1 pass (100.00 %), 0 inconc (0.00 %), 0 fail (0.00 %), 0 error (0.00 %).
04:56:53.186542 - Test execution summary: 1 test case was executed. Overall verdict: pass
04:56:53.186553 - Exit was requested from MC. Terminating MTC.


as expected, the server rejects the connection.

Let's switch on TLS:


[TESTPORT_PARAMETERS]


*.p.socket_debugging := "Yes"
*.p.server_mode := "No"
*.p.use_connection_ASPs := "Yes"
*.p.ssl_use_ssl := "Yes"


and Yaaay! the server accepts the connection and responds to our "HEAD" request:


04:58:44.668649 - TTCN-3 Main Test Component started on ntaf. Version: CRL 113 200/5 R5A.
04:58:44.668747 - TTCN Logger v2.2 options: TimeStampFormat:=Time; LogEntityName:=No; LogEventTypes:=No; SourceInfoFormat:=Single; *.FileMask:=LOG_ALL; *.ConsoleMask:=ERROR | USER; LogFileSize:=0; LogFileNumber:=1; DiskFullAction:=Error
04:58:44.668985 - Connected to MC.
04:58:44.669748 - Executing control part of module TCPTest.
04:58:44.669790 TCPTest.ttcn:88 Execution of control part in module TCPTest started.
04:58:44.669861 TCPTest.ttcn:51 Test case TC_TCPTest started.
04:58:44.669889 TCPTest.ttcn:51 Initializing variables, timers and ports of component type TCPTest.GeneralComp inside testcase TC_TCPTest.
04:58:44.669976 TCPTest.ttcn:51 Port p was started.
04:58:44.670012 TCPTest.ttcn:51 Component type TCPTest.GeneralComp was initialized.
04:58:44.670037 TCPTest.ttcn:54 Mapping port mtc:p to system:p.
04:58:44.670149 TCPTest.ttcn:54 Port p was mapped to system:p.
04:58:44.670231 TCPTest.ttcn:54 Map operation of mtc:p to system:p finished.
04:58:44.670281 TCPTest.ttcn:57 Sent on p to system @TCPasp_Types.ASP_TCP_Connect : {
    hostname := "www.eclipse.org",
    portnumber := 443,
    local_hostname := omit,
    local_portnumber := omit
}
04:58:45.129217 TCPTest.ttcn:57 Message enqueued on p from system @TCPasp_Types.ASP_TCP_Connect_result : {
    client_id := 6
} id 1
04:58:45.131895 TCPTest.ttcn:59 Start timer t: 5 s
04:58:45.131998 TCPTest.ttcn:64 Receive operation on port p succeeded, message from system(): @TCPasp_Types.ASP_TCP_Connect_result : {
    client_id := 6
} id 1
04:58:45.132041 TCPTest.ttcn:64 Message with id 1 was extracted from the queue of p.
04:58:45.132066 TCPTest.ttcn:64 Stop timer t: 5 s
04:58:45.132104 TCPTest.ttcn:68 Sent on p to system @TCPasp_Types.ASP_TCP : {
    client_id := 6,
    data := '48454144202F20485454502F312E300D0A486F73743A207777772E65636C697073652E6F72670D0A0D0A0D0A'O ("HEAD / HTTP/1.0\r
Host: www.eclipse.org\r
\r
\r
")
}
04:58:45.132360 TCPTest.ttcn:70 Start timer t: 5 s
04:58:45.347320 TCPTest.ttcn:71 Message enqueued on p from system @TCPasp_Types.ASP_TCP : {
    client_id := 6,
    data := '485454502F312E3120323030204F4B0D0A446174653A205468752C2030392046656220323031372031323A35383A343520474D540D0A5365727665723A204170616368650D0A457870697265733A204D6F6E2C203236204A756C20313939372030353A30303A303020474D540D0A4C6173742D4D6F6469666965643A205468752C2030392046656220323031372031323A35383A343520474D540D0A63616368652D436F6E74726F6C3A206E6F2D73746F72652C206E6F2D63616368652C206D7573742D726576616C69646174650D0A63616368652D436F6E74726F6C3A20706F73742D636865636B3D302C207072652D636865636B3D300D0A507261676D613A206E6F2D63616368650D0A5365742D436F6F6B69653A205048505345535349443D68717476336B306A336D6B656B6831673961383631646B766630616C6D746B703B20706174683D2F3B20487474704F6E6C790D0A582D4E6F646549443A207777772D766D310D0A582D4672616D652D4F7074696F6E733A2053414D454F524947494E0D0A566172793A204163636570742D456E636F64696E670D0A436F6E6E656374696F6E3A20636C6F73650D0A436F6E74656E742D547970653A20746578742F68746D6C3B20636861727365743D7574662D380D0A0D0A'O ("HTTP/1.1 200 OK\r
Date: Thu, 09 Feb 2017 12:58:45 GMT\r
Server: Apache\r
Expires: Mon, 26 Jul 1997 05:00:00 GMT\r
Last-Modified: Thu, 09 Feb 2017 12:58:45 GMT\r
cache-Control: no-store, no-cache, must-revalidate\r
cache-Control: post-check=0, pre-check=0\r
Pragma: no-cache\r
Set-Cookie: PHPSESSID=hqtv3k0j3mkekh1g9a861dkvf0almtkp; path=/; HttpOnly\r
X-NodeID: www-vm1\r
X-Frame-Options: SAMEORIGIN\r
Vary: Accept-Encoding\r
Connection: close\r
Content-Type: text/html; charset=utf-8\r
\r
")
} id 2
04:58:45.347636 TCPTest.ttcn:75 Receive operation on port p succeeded, message from system(): @TCPasp_Types.ASP_TCP: {
    client_id := 6,
    data := '485454502F312E3120323030204F4B0D0A446174653A205468752C2030392046656220323031372031323A35383A343520474D540D0A5365727665723A204170616368650D0A457870697265733A204D6F6E2C203236204A756C20313939372030353A30303A303020474D540D0A4C6173742D4D6F6469666965643A205468752C2030392046656220323031372031323A35383A343520474D540D0A63616368652D436F6E74726F6C3A206E6F2D73746F72652C206E6F2D63616368652C206D7573742D726576616C69646174650D0A63616368652D436F6E74726F6C3A20706F73742D636865636B3D302C207072652D636865636B3D300D0A507261676D613A206E6F2D63616368650D0A5365742D436F6F6B69653A205048505345535349443D68717476336B306A336D6B656B6831673961383631646B766630616C6D746B703B20706174683D2F3B20487474704F6E6C790D0A582D4E6F646549443A207777772D766D310D0A582D4672616D652D4F7074696F6E733A2053414D454F524947494E0D0A566172793A204163636570742D456E636F64696E670D0A436F6E6E656374696F6E3A20636C6F73650D0A436F6E74656E742D547970653A20746578742F68746D6C3B20636861727365743D7574662D380D0A0D0A'O ("HTTP/1.1 200 OK\r
Date: Thu, 09 Feb 2017 12:58:45 GMT\r
Server: Apache\r
Expires: Mon, 26 Jul 1997 05:00:00 GMT\r
Last-Modified: Thu, 09 Feb 2017 12:58:45 GMT\r
cache-Control: no-store, no-cache, must-revalidate\r
cache-Control: post-check=0, pre-check=0\r
Pragma: no-cache\r
Set-Cookie: PHPSESSID=hqtv3k0j3mkekh1g9a861dkvf0almtkp; path=/; HttpOnly\r
X-NodeID: www-vm1\r
X-Frame-Options: SAMEORIGIN\r
Vary: Accept-Encoding\r
Connection: close\r
Content-Type: text/html; charset=utf-8\r
\r
")
} id 2
04:58:45.347742 TCPTest.ttcn:75 Message with id 2 was extracted from the queue of p.
04:58:45.347799 TCPTest.ttcn:82 Sent on p to system @TCPasp_Types.ASP_TCP_Close : {
    client_id := omit
}
04:58:45.348348 TCPTest.ttcn:85 setverdict(pass): none -> pass
04:58:45.348412 TCPTest.ttcn:85 Terminating component type TCPTest.GeneralComp.
04:58:45.348442 TCPTest.ttcn:85 Stop timer t: 5 s
04:58:45.348476 TCPTest.ttcn:85 Removing unterminated mapping between port p and system:p.
04:58:45.348520 TCPTest.ttcn:85 Port p was unmapped from system:p.
04:58:45.348660 TCPTest.ttcn:85 Port p was stopped.
04:58:45.348701 TCPTest.ttcn:85 Component type TCPTest.GeneralComp was shut down inside testcase TC_TCPTest.
04:58:45.348745 TCPTest.ttcn:85 Waiting for PTCs to finish.
04:58:45.348887 TCPTest.ttcn:85 Setting final verdict of the test case.
04:58:45.348937 TCPTest.ttcn:85 Local verdict of MTC: pass
04:58:45.348964 TCPTest.ttcn:85 No PTCs were created.
04:58:45.348989 TCPTest.ttcn:85 Test case TC_TCPTest finished. Verdict: pass
04:58:45.349019 TCPTest.ttcn:89 Execution of control part in module TCPTest finished.
04:58:45.349906 - Verdict statistics: 0 none (0.00 %), 1 pass (100.00 %), 0 inconc (0.00 %), 0 fail (0.00 %), 0 error (0.00 %).
04:58:45.349974 - Test execution summary: 1 test case was executed. Overall verdict: pass
04:58:45.349997 - Exit was requested from MC. Terminating MTC.


If we mistype the list of allowed ciphers:

*.p.ssl_allowed_ciphers_list:="ECDHE-RSA-AES256-SHAX"


again the conection is rejected:
 05:01:50.416789 - TTCN-3 Main Test Component started on ntaf. Version: CRL 113 200/5 R5A.
05:01:50.416865 - TTCN Logger v2.2 options: TimeStampFormat:=Time; LogEntityName:=No; LogEventTypes:=No; SourceInfoFormat:=Single; *.FileMask:=LOG_ALL; *.ConsoleMask:=ERROR | USER; LogFileSize:=0; LogFileNumber:=1; DiskFullAction:=Error
05:01:50.417109 - Connected to MC.
05:01:50.417620 - Executing control part of module TCPTest.
05:01:50.417646 TCPTest.ttcn:88 Execution of control part in module TCPTest started.
05:01:50.417700 TCPTest.ttcn:51 Test case TC_TCPTest started.
05:01:50.417721 TCPTest.ttcn:51 Initializing variables, timers and ports of component type TCPTest.GeneralComp inside testcase TC_TCPTest.
05:01:50.417791 TCPTest.ttcn:51 Port p was started.
05:01:50.417817 TCPTest.ttcn:51 Component type TCPTest.GeneralComp was initialized.
05:01:50.417836 TCPTest.ttcn:54 Mapping port mtc:p to system:p.
05:01:50.417934 TCPTest.ttcn:54 Port p was mapped to system:p.
05:01:50.418038 TCPTest.ttcn:54 Map operation of mtc:p to system:p finished.
05:01:50.418105 TCPTest.ttcn:57 Sent on p to system @TCPasp_Types.ASP_TCP_Connect : {
    hostname := "www.eclipse.org",
    portnumber := 443,
    local_hostname := omit,
    local_portnumber := omit
}
05:01:50.607228 TCPTest.ttcn:57 Dynamic test case error: TCP test port (p): Cipher list restriction failed for ECDHE-RSA-AES256-SHAX
05:01:50.607591 TCPTest.ttcn:57 setverdict(error): none -> error
05:01:50.607651 TCPTest.ttcn:57 Performing error recovery.
05:01:50.607805 TCPTest.ttcn:57 Terminating component type TCPTest.GeneralComp.
05:01:50.607831 TCPTest.ttcn:57 Removing unterminated mapping between port p and system:p.
05:01:50.607863 TCPTest.ttcn:57 TCP test port (p): warning: SSL object not found for client 6
05:01:50.608351 TCPTest.ttcn:57 Port p was unmapped from system:p.
05:01:50.608453 TCPTest.ttcn:57 Port p was stopped.
05:01:50.608474 TCPTest.ttcn:57 Component type TCPTest.GeneralComp was shut down inside testcase TC_TCPTest.
05:01:50.608490 TCPTest.ttcn:57 Waiting for PTCs to finish.
05:01:50.608561 TCPTest.ttcn:57 Setting final verdict of the test case.
05:01:50.608603 TCPTest.ttcn:57 Local verdict of MTC: error
05:01:50.608618 TCPTest.ttcn:57 No PTCs were created.
05:01:50.608631 TCPTest.ttcn:57 Test case TC_TCPTest finished. Verdict: error
05:01:50.608648 TCPTest.ttcn:89 Execution of control part in module TCPTest finished.
05:01:50.609134 - Verdict statistics: 0 none (0.00 %), 0 pass (0.00 %), 0 inconc (0.00 %), 0 fail (0.00 %), 1 error (100.00 %).
05:01:50.609178 - Test execution summary: 1 test case was executed. Overall verdict: error
05:01:50.609191 - Exit was requested from MC. Terminating MTC.



Please find attached the log with TTCN_DEBUG set and the following port config:
[TESTPORT_PARAMETERS]


*.p.socket_debugging := "Yes"
*.p.server_mode := "No"
*.p.use_connection_ASPs := "Yes"
*.p.ssl_use_ssl := "Yes"
*.p.ssl_verify_certificate := "Yes"
*.p.ssl_trustedCAlist_file:= "/etc/ssl/certs/ca-certificates.crt"//Ubuntu 16.04
*.p.ssl_allowed_ciphers_list:="ECDHE-RSA-AES256-SHA"//"DHE-RSA-AES128-SHA"




Next we will look into doing the same, namely establishing a TLS connection to a web server, using the IPL4 test port.


Best regards

Elemer

[Updated on: Mon, 13 February 2017 12:10]

Report message to a moderator

Re: Using TLS/DTLS with Titan test ports part1 [message #1754200 is a reply to message #1753744] Wed, 15 February 2017 09:27 Go to previous message
Elemer Lelik is currently offline Elemer LelikFriend
Messages: 807
Registered: January 2015
Senior Member
Dear all,

Due to a server glitch, the attachments were lost , so here they are:
( debug log plus the compile-able package produced by make archive )

BR
Elemer
Previous Topic:May I use Titan in Commercial Product
Next Topic:Using TLS/DTLS with Titan test ports part2
Goto Forum:
  


Current Time: Thu Sep 20 05:41:56 GMT 2018

Powered by FUDForum. Page generated in 0.03223 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top