Short memo for SSL/TLS debugging and session decrypting

When trying to automate recurring or annoying operations on a network client, you must be lucky to have a special SDK, well-known documentation on API and plain-text protocols. Otherwise, it often happens that you have to start capturing tcpdump outputs to study application layer dataflows. But things may turn even worse if you must look inside the encrypted connection.

Here are some useful hints, which I have collected during the recent session on a Java based application.

First of all, run the application with network debugging:

# java -Djavax.net.debug=all MySSLJavaApplication

Yes, it allows to see just everything you need in hex and plain-text.

Read this to get help on the available network debugging options. Detailed example of the SSl/TLS connection debugging session is here.

Sometimes it is useful to disassemble one or more java class to see it’s code:

# javap -c -constants MySSLJavaApplication

See this perfect example with detailed descriptions.

Browsers are able to store all the keys, so we can literally intercept TLS encrypted session. Do you feel more secure now? ūüėČ Set SSLKEYLOGFILE environment variable, then run Firefox or Chrome:

# SSLKEYLOGFILE=~/sslkeys.log firefox

Here is SSLKEYLOGFILE format description along with instructions for Wireshark on how to use it to decrypt TLS connections.

Use ssldump if you are lucky to have a Private key in advance:

# ssldump -k /path/to/private.key -i 'interface' -dnq 'expression'
Posted in Tips & tricks | Tagged , , , , , , , , | Leave a comment

There is a super nice typical problem scenario #4…

… according to the NetApp¬ģ Manageability SDK Printable Online Help, October 2016 | 215-11740_A0, page 147 exists on DataONTAP prior to 7.3/7.2.3P1 versions ūüôā

The storage system crashes when the client application sends a request to it

Posted in IRL, Offtop | Tagged , , | Leave a comment

The BeaST Classic with RAID arrays and CTL HA + the BeaST Quorum

I have just uploaded the guide for the BeaST Classic in the confuguration with RAID arrays and CTL HA + the BeaST Quorum, so now we have complete documentation for the RAID part of the BeaST Classic.

The BeaST with zpools will be implemented with CTL HA + the BeaST Quorum only.

 

Posted in BeaST, BeaST Quorum, My projects | Tagged , , , , , , , | Leave a comment

The BeaST storage is one year old

A year has passed since I got early results with the BeaST storage system concept. The first public announce was made on 2016.04.22 and the full paper was published a week after.

Thanks to the BSD Magazine for republishing all my papers and for the BSD Now for discussing the BeaST online.

Now I have several news on the project.

First, I have updated its project page to be more clean and informative.

Second, I have posted a new Approaching online zpool switching between two FreeBSD machines article. It shows a simple solution for online or, truly saying, almost online safe Fail-over and Fail-back of ZFS pool between two storage controllers.

Third, I have updated¬†the most important¬†paper about the BeaST storage concept. See The BeaST Classic ‚Äď dual-controller storage system with RAID arrays and fail-over Arbitrator mechanism¬†for details.

The_BeaST_Classic_RAID_Arbitrator

Posted in BeaST, My projects, Storage | Tagged , , , , , , , | Leave a comment

The new BSD Magazine with my article is finally out

“Simple Quorum Drive for the FreeBSD CTL HA and the BeaST Storage System¬†by Mikhail Zakharov

During our experiments on developing the BeaST storage system we faced the lack of an automatic LUN failover function of the CTL HA subsystem. Yes, we can switch LUNs with CTL HA, but we have to do it manually setting ‚ÄúPrimary role‚ÄĚ to the alive controller: sysctl kern.cam.ctl.ha_role=0

We also have to do it fast enough, otherwise, a client host may lose access to the drives of the storage system”.

Click on the image below to download the full issue. Also you can read my article here and get more information about the whole BeaST storage concept there.

10_2016-89

Thank you Marta and the BSD Magazine team for their great job on the fresh issue.

Posted in BeaST, BeaST Quorum, Storage | Tagged , , , , , | Leave a comment

Solaris 2.6

That is how my first Solaris with CDE looked like when I installed it years ago on a home computer with Intel Pentium CPU onboard.

I begged a copy of the installation CDROM and a bootable floppy drive in the institute lab. Then downloaded as much packages as possible from http://www.sunfreeware.com (yes, all packages were free to download that time), brought everything home and installed.

It was fun to discover inverted console colours, delete key works instead of backspace and home directory hidden under /export/home path.

And I was absolutely happy because it was real UNIX just here at my home ūüôā

Posted in Computer history | Tagged , | Leave a comment

Online command-line reference for scripting

SS64.com is a Command line reference ‚Äď Web, Database and OS scripting.

I have found this brilliant site, while trying to learn PowerShell in a day for writing the script which fetches hosts to LDEVs relationships from Hitachi Command Suite. It’s a good idea to add ss64.com¬†into bookmarks.

ss64

Posted in Tips & tricks | Tagged , , , , , | Leave a comment