Agent 6 TLS

On Sat, 19 Oct 2019 12:15:32 +0100, "p-0''0-h the cat (coder)"

Post by p-0''0-h the cat (coder)
Anyone know what version of TLS Agent v6 uses and/or what ciphers it
supports?

Agent 6 was released fall of 2009.
TLS1.2 was defined in fall of 2008

Odds are good that it supports TLS1.1, it may have been updated for
TLS1.2 (presuming Agent itself provides the TLS support and is not using a
M$ DLL for such -- Agent 3.2 is when the original SSL support was added,
and it relied upon Internet Explorer v5, which may indicate Agent uses a M$
library).

Running Wireshark to capture Agent transactions might reveal what TLS
protocol was invoked.

I tried two different dependency analyzers but both are taking way too
long to evaluate what libraries are imported.

--
Wulfraed Dennis Lee Bieber AF6VN
***@ix.netcom.com http://wlfraed.microdiversity.freeddns.org/

p-0''0-h the cat (coder)

2019-10-20 08:03:59 UTC

On Sat, 19 Oct 2019 14:37:41 -0400, Dennis Lee Bieber

Post by Dennis Lee Bieber
On Sat, 19 Oct 2019 12:15:32 +0100, "p-0''0-h the cat (coder)"

Post by p-0''0-h the cat (coder)
Anyone know what version of TLS Agent v6 uses and/or what ciphers it
supports?

Agent 6 was released fall of 2009.
TLS1.2 was defined in fall of 2008
Odds are good that it supports TLS1.1, it may have been updated for
TLS1.2 (presuming Agent itself provides the TLS support and is not using a
M$ DLL for such -- Agent 3.2 is when the original SSL support was added,
and it relied upon Internet Explorer v5, which may indicate Agent uses a M$
library).
Running Wireshark to capture Agent transactions might reveal what TLS
protocol was invoked.

Hi Dennis, Thank you for your reply. I'm having an issue with mixmin.
See this thread if you are interested.

Message-ID: <***@4ax.com>

Wireshark, good idea. I'll try that later.

Post by Dennis Lee Bieber
I tried two different dependency analyzers but both are taking way too
long to evaluate what libraries are imported.

Sent from my iFurryUnderbelly.
--
p-0.0-h the cat

Internet Terrorist, Mass sock puppeteer, Agent provocateur, Gutter rat,
Devil incarnate, Linux user#666, BaStarD hacker, Resident evil, Monkey Boy,
Certifiable criminal, Spineless cowardly scum, textbook Psychopath,
the SCOURGE, l33t p00h d3 tr0ll, p00h == lam3r, p00h == tr0ll, troll infâme,
the OVERCAT [The BEARPAIR are dead, and we are its murderers], lowlife troll,
shyster [pending approval by STATE_TERROR], cripple, sociopath, kook,
smug prick, smartarse, arsehole, moron, idiot, imbecile, snittish scumbag,
liar, total ******* retard, shill, pooh-seur, scouringerer, jumped up chav,
punk ass dole whore troll, no nothing innumerate religious maniac,
lycanthropic schizotypal lesbian, the most complete ignoid, joker, and furball.

NewsGroups Numbrer One Terrorist

Honorary SHYSTER and FRAUD awarded for services to Haberdashery.
By Appointment to God Frank-Lin.

Signature integrity check
md5 Checksum: be0b2a8c486d83ce7db9a459b26c4896

I mark any message from »Q« the troll as stinky

Dennis Lee Bieber

2019-10-20 16:13:06 UTC

On Sun, 20 Oct 2019 09:03:59 +0100, "p-0''0-h the cat (coder)"

Post by p-0''0-h the cat (coder)
Hi Dennis, Thank you for your reply. I'm having an issue with mixmin.
See this thread if you are interested.

A google search on that error code indicates that the most likely cause
is a faulty Windows OS file, and many references also point to the use of
Kerberus authentication.

cf: http://www.wiki-errors.com/wiki/0x80090302.php

Maybe
https://answers.microsoft.com/en-us/windows/forum/windows_10-update/system-file-check-sfc-scan-and-repair-system-files/bc609315-da1f-4775-812c-695b60477a93

{Grumble -- don't they have a web page? https://www.mixmin.net just
provides a directory listing of files}

I do note that there is a newcert.txt file dated June 3 of this year,
perhaps that needs to somehow be installed into the Windows certificate
store.

--
Wulfraed Dennis Lee Bieber AF6VN
***@ix.netcom.com http://wlfraed.microdiversity.freeddns.org/

Ralph Fox

2019-10-20 05:25:43 UTC

Post by p-0''0-h the cat (coder)
Anyone know what version of TLS Agent v6 uses and/or what ciphers it
supports?
Cunning plans to work it out would also be well received.

You will get different versions of TLS in different versions of Windows.
Agent (3.2+) uses whatever the Windows SSL library "schannel.dll" supports
in whatever version of Windows you are running. (To see what your version
of Windows supports, go to "Control Panel >> Internet Options >> Advanced",
and scroll down to the check-boxes "Use SSL 3.0", "Use TLS 1.0", etc.)

Unless, that is, you have messed with the AGENT.INI setting "[Online]
AllowedSSLProtocols=". Messing with this setting cannot add options
which schannel.dll does not support, it can only take options away.
The bit values of this AGENT.INI setting match the 'client' bits in the
'grbitEnabledProtocols' field of the Windows SCHANNEL_CRED structure.
<https://docs.microsoft.com/en-us/windows/win32/api/schannel/ns-schannel-schannel_cred>

The default AGENT.INI setting is AllowedSSLProtocols=0 which supports
whatever your version of Windows does.

Post by p-0''0-h the cat (coder)
BaStarD hacker

If you are running Agent in BSD using Wine, then it will depend on
Wine's replacement for Windows' "schannel.dll".

Wine bug 14797 means your Agent might not get any TLS or SSL at all
under Wine. See comment #42 in Wine bug 14797:
<https://bugs.winehq.org/show_bug.cgi?id=14797#c42>

--
Kind regards
Ralph

p-0''0-h the cat (coder)

2019-10-20 08:01:18 UTC

Post by p-0''0-h the cat (coder)
Anyone know what version of TLS Agent v6 uses and/or what ciphers it
supports?
Cunning plans to work it out would also be well received.

You will get different versions of TLS in different versions of Windows.
Agent (3.2+) uses whatever the Windows SSL library "schannel.dll" supports
in whatever version of Windows you are running. (To see what your version
of Windows supports, go to "Control Panel >> Internet Options >> Advanced",
and scroll down to the check-boxes "Use SSL 3.0", "Use TLS 1.0", etc.)
Unless, that is, you have messed with the AGENT.INI setting "[Online]
AllowedSSLProtocols=". Messing with this setting cannot add options
which schannel.dll does not support, it can only take options away.
The bit values of this AGENT.INI setting match the 'client' bits in the
'grbitEnabledProtocols' field of the Windows SCHANNEL_CRED structure.
<https://docs.microsoft.com/en-us/windows/win32/api/schannel/ns-schannel-schannel_cred>
The default AGENT.INI setting is AllowedSSLProtocols=0 which supports
whatever your version of Windows does.

Post by p-0''0-h the cat (coder)
BaStarD hacker

If you are running Agent in BSD using Wine, then it will depend on
Wine's replacement for Windows' "schannel.dll".
Wine bug 14797 means your Agent might not get any TLS or SSL at all
<https://bugs.winehq.org/show_bug.cgi?id=14797#c42>

Hi Ralph, Thank you for your reply. I'm having an issue with mixmin. See
this thread if you are interested.

Message-ID: <***@4ax.com>

Everything here is at defaults. Windows 10

Sent from my iFurryUnderbelly.
--
p-0.0-h the cat

Internet Terrorist, Mass sock puppeteer, Agent provocateur, Gutter rat,
Devil incarnate, Linux user#666, BaStarD hacker, Resident evil, Monkey Boy,
Certifiable criminal, Spineless cowardly scum, textbook Psychopath,
the SCOURGE, l33t p00h d3 tr0ll, p00h == lam3r, p00h == tr0ll, troll infâme,
the OVERCAT [The BEARPAIR are dead, and we are its murderers], lowlife troll,
shyster [pending approval by STATE_TERROR], cripple, sociopath, kook,
smug prick, smartarse, arsehole, moron, idiot, imbecile, snittish scumbag,
liar, total ******* retard, shill, pooh-seur, scouringerer, jumped up chav,
punk ass dole whore troll, no nothing innumerate religious maniac,
lycanthropic schizotypal lesbian, the most complete ignoid, joker, and furball.

NewsGroups Numbrer One Terrorist

Honorary SHYSTER and FRAUD awarded for services to Haberdashery.
By Appointment to God Frank-Lin.

Signature integrity check
md5 Checksum: be0b2a8c486d83ce7db9a459b26c4896

I mark any message from »Q« the troll as stinky

Ralph Fox

2019-10-21 08:44:29 UTC

Post by p-0''0-h the cat (coder)
Anyone know what version of TLS Agent v6 uses and/or what ciphers it
supports?
Cunning plans to work it out would also be well received.

You will get different versions of TLS in different versions of Windows.
Agent (3.2+) uses whatever the Windows SSL library "schannel.dll" supports
in whatever version of Windows you are running. (To see what your version
of Windows supports, go to "Control Panel >> Internet Options >> Advanced",
and scroll down to the check-boxes "Use SSL 3.0", "Use TLS 1.0", etc.)
Unless, that is, you have messed with the AGENT.INI setting "[Online]
AllowedSSLProtocols=". Messing with this setting cannot add options
which schannel.dll does not support, it can only take options away.
The bit values of this AGENT.INI setting match the 'client' bits in the
'grbitEnabledProtocols' field of the Windows SCHANNEL_CRED structure.
<https://docs.microsoft.com/en-us/windows/win32/api/schannel/ns-schannel-schannel_cred>
The default AGENT.INI setting is AllowedSSLProtocols=0 which supports
whatever your version of Windows does.

Post by p-0''0-h the cat (coder)
BaStarD hacker

Hi Ralph, Thank you for your reply. I'm having an issue with mixmin. See
this thread if you are interested.
Everything here is at defaults. Windows 10

I suspect there is something broken in the TLS version negotiation.

I can connect to mixmin When the AGENT.INI setting AllowedSSLProtocols
is set to 2048 to force Agent to use only TLS1.2. Also when
AllowedSSLProtocols is set to 2560 to force Agent to use only TLS1.1 or
TLS1.2. That may be a fix for you.

When AllowedSSLProtocols is set to 0 (the default) to let Agent use any
version of TLS supported by Windows, then I get "Unable to negotiate an SSL
connection with server news.mixmin.net (error 80090302)."

Looking at the data when it fails, it appears that the mixmin server
rejects the initial TLS ClientHello message [1][2] from Agent.

REFS

[1] <https://tls.ulfheim.net/>
[2] <https://www.ibm.com/support/knowledgecenter/en/SSFKSJ_7.1.0/com.ibm.mq.doc/sy10660_.htm>

--
Kind regards
Ralph

p-0''0-h the cat (coder)

2019-10-21 11:02:23 UTC

Post by p-0''0-h the cat (coder)
Anyone know what version of TLS Agent v6 uses and/or what ciphers it
supports?
Cunning plans to work it out would also be well received.

You will get different versions of TLS in different versions of Windows.
Agent (3.2+) uses whatever the Windows SSL library "schannel.dll" supports
in whatever version of Windows you are running. (To see what your version
of Windows supports, go to "Control Panel >> Internet Options >> Advanced",
and scroll down to the check-boxes "Use SSL 3.0", "Use TLS 1.0", etc.)
Unless, that is, you have messed with the AGENT.INI setting "[Online]
AllowedSSLProtocols=". Messing with this setting cannot add options
which schannel.dll does not support, it can only take options away.
The bit values of this AGENT.INI setting match the 'client' bits in the
'grbitEnabledProtocols' field of the Windows SCHANNEL_CRED structure.
<https://docs.microsoft.com/en-us/windows/win32/api/schannel/ns-schannel-schannel_cred>
The default AGENT.INI setting is AllowedSSLProtocols=0 which supports
whatever your version of Windows does.

Post by p-0''0-h the cat (coder)
BaStarD hacker

Hi Ralph, Thank you for your reply. I'm having an issue with mixmin. See
this thread if you are interested.
Everything here is at defaults. Windows 10

2560 works for mixmin and also aioe which worked previously on 0

Both use port 563

It doesn't work for albasani which did work previously on 0

New error

"Unable to negotiate an SSL connection with server
reader.albasani.net (error 80090331)."

However, albasani uses port 443 so I guess it's using SSL and I need to
alter/add to the AllowedSSLProtocols number which I assume is bitwise?

Do you have details of how this variable is formed? I Googled but failed
to find anything.

Thanks for this. You have won the highly coveted golden paw award.

Post by Ralph Fox
When AllowedSSLProtocols is set to 0 (the default) to let Agent use any
version of TLS supported by Windows, then I get "Unable to negotiate an SSL
connection with server news.mixmin.net (error 80090302)."
Looking at the data when it fails, it appears that the mixmin server
rejects the initial TLS ClientHello message [1][2] from Agent.
REFS
[1] <https://tls.ulfheim.net/>
[2] <https://www.ibm.com/support/knowledgecenter/en/SSFKSJ_7.1.0/com.ibm.mq.doc/sy10660_.htm>

Ralph Fox

2019-10-21 17:45:47 UTC

Post by p-0''0-h the cat (coder)
Anyone know what version of TLS Agent v6 uses and/or what ciphers it
supports?
Cunning plans to work it out would also be well received.

You will get different versions of TLS in different versions of Windows.
Agent (3.2+) uses whatever the Windows SSL library "schannel.dll" supports
in whatever version of Windows you are running. (To see what your version
of Windows supports, go to "Control Panel >> Internet Options >> Advanced",
and scroll down to the check-boxes "Use SSL 3.0", "Use TLS 1.0", etc.)
Unless, that is, you have messed with the AGENT.INI setting "[Online]
AllowedSSLProtocols=". Messing with this setting cannot add options
which schannel.dll does not support, it can only take options away.
The bit values of this AGENT.INI setting match the 'client' bits in the
'grbitEnabledProtocols' field of the Windows SCHANNEL_CRED structure.
<https://docs.microsoft.com/en-us/windows/win32/api/schannel/ns-schannel-schannel_cred>
The default AGENT.INI setting is AllowedSSLProtocols=0 which supports
whatever your version of Windows does.

Post by p-0''0-h the cat (coder)
BaStarD hacker

Hi Ralph, Thank you for your reply. I'm having an issue with mixmin. See
this thread if you are interested.
Everything here is at defaults. Windows 10

2560 works for mixmin and also aioe which worked previously on 0
Both use port 563
It doesn't work for albasani which did work previously on 0
New error
"Unable to negotiate an SSL connection with server
reader.albasani.net (error 80090331)."
However, albasani uses port 443 so I guess it's using SSL and I need to
alter/add to the AllowedSSLProtocols number which I assume is bitwise?
Do you have details of how this variable is formed? I Googled but failed
to find anything.

Sure. See my first reply, which has a reference.

Post by p-0''0-h the cat (coder)
Thanks for this. You have won the highly coveted golden paw award.

Sent from my iFurryUnderbelly.

--
Kind regards
Ralph

p-0''0-h the cat (coder)

2019-10-21 18:46:15 UTC

Post by p-0''0-h the cat (coder)
Anyone know what version of TLS Agent v6 uses and/or what ciphers it
supports?
Cunning plans to work it out would also be well received.

You will get different versions of TLS in different versions of Windows.
Agent (3.2+) uses whatever the Windows SSL library "schannel.dll" supports
in whatever version of Windows you are running. (To see what your version
of Windows supports, go to "Control Panel >> Internet Options >> Advanced",
and scroll down to the check-boxes "Use SSL 3.0", "Use TLS 1.0", etc.)
Unless, that is, you have messed with the AGENT.INI setting "[Online]
AllowedSSLProtocols=". Messing with this setting cannot add options
which schannel.dll does not support, it can only take options away.
The bit values of this AGENT.INI setting match the 'client' bits in the
'grbitEnabledProtocols' field of the Windows SCHANNEL_CRED structure.
<https://docs.microsoft.com/en-us/windows/win32/api/schannel/ns-schannel-schannel_cred>
The default AGENT.INI setting is AllowedSSLProtocols=0 which supports
whatever your version of Windows does.

Post by p-0''0-h the cat (coder)
BaStarD hacker

Hi Ralph, Thank you for your reply. I'm having an issue with mixmin. See
this thread if you are interested.
Everything here is at defaults. Windows 10

2560 works for mixmin and also aioe which worked previously on 0
Both use port 563
It doesn't work for albasani which did work previously on 0
New error
"Unable to negotiate an SSL connection with server
reader.albasani.net (error 80090331)."
However, albasani uses port 443 so I guess it's using SSL and I need to
alter/add to the AllowedSSLProtocols number which I assume is bitwise?
Do you have details of how this variable is formed? I Googled but failed
to find anything.

Sure. See my first reply, which has a reference.

Ah! I wasn't paying attention. It turns out albasani is using TLS 1 so
for the record the magic number is now 2688