Java Card returning 6F00 while installing applet - applet

I have a J3H081, SCP 02, T=1, GP 2.2.1, JC 3.0.4 java card and want to install applets onto it.
Unfortunately I get on every *.cap file I tryed error 6F00 (Command aborted - more exact diagnosis not possible (e.g., operating system error)).
I tried the pre-compiled *.cap from here: https://github.com/LedgerHQ/ledger-u2f-javacard, built it myself with JavaCard v3.0.3 SDK, from AppletPlayground
I tried the OpenPGPApplet and YkneoOath. All result in an 6F00 error while installing.
The only applet I was able to install was the pre-compiled AlgTest_v1.7.4_jc222.
Card info:
java -jar ../gp.jar --info --debug --verbose
GlobalPlatformPro v0.3.10rc9-0-g53bcab8
Running on Linux 4.10.0-28-generic amd64, Java 1.8.0_171 by Oracle Corporation
# Detected readers from JNA2PCSC
[*] Alcor Micro AU9540 00 00
SCardConnect("Alcor Micro AU9540 00 00", T=*) -> T=1, 3BF81800008131FE450073C8400000900080
SCardBeginTransaction("Alcor Micro AU9540 00 00")
Reader: Alcor Micro AU9540 00 00
ATR: 3BF81800008131FE450073C8400000900080
More information about your card:
http://smartcard-atr.appspot.com/parse?ATR=3BF81800008131FE450073C8400000900080
A>> T=1 (4+0000) 00A40400 00
A<< (0018+2) (51ms) 6F108408A000000151000000A5049F6501FF 9000
[DEBUG] GlobalPlatform - Auto-detected ISD: A000000151000000
A>> T=1 (4+0000) 80CA9F7F 00
A<< (0045+2) (24ms) 9F7F2A47906B644700E4D8030063550209109858130000000000000000027B5B32303931300000000000000000 9000
[WARN] GPData - Invalid CPLC date: E4D8
[WARN] GPData - Invalid CPLC date: 5B32
CPLC: ICFabricator=4790
ICType=6B64
OperatingSystemID=4700
OperatingSystemReleaseDate=E4D8 (invalid date format)
OperatingSystemReleaseLevel=0300
ICFabricationDate=6355 (2016-12-20)
ICSerialNumber=02091098
ICBatchIdentifier=5813
ICModuleFabricator=0000
ICModulePackagingDate=0000 (2010-01-01)
ICCManufacturer=0000
ICEmbeddingDate=0000 (2010-01-01)
ICPrePersonalizer=027B
ICPrePersonalizationEquipmentDate=5B32 (invalid date format)
ICPrePersonalizationEquipmentID=30393130
ICPersonalizer=0000
ICPersonalizationDate=0000 (2010-01-01)
ICPersonalizationEquipmentID=00000000
***** GET DATA:
A>> T=1 (4+0000) 80CA0042 00
A<< (0000+2) (17ms) 6A88
GET DATA(IIN): not supported: 0x6A88 (Referenced data not found)
A>> T=1 (4+0000) 80CA0045 00
A<< (0000+2) (16ms) 6A88
GET DATA(CIN): not supported: 0x6A88 (Referenced data not found)
A>> T=1 (4+0000) 80CA00C1 00
A<< (0004+2) (19ms) C1020010 9000
GET DATA(SSC): 0010
***** CARD DATA
A>> T=1 (4+0000) 80CA0066 00
A<< (0080+2) (24ms) 664E734C06072A864886FC6B01600B06092A864886FC6B020202630906072A864886FC6B03640B06092A864886FC6B040255650E060C2A864886FC6B050601000001660C060A2B060104012A026E0103 9000
Tag 6: 1.2.840.114283.1
-> Global Platform card
Tag 60: 1.2.840.114283.2.2.2
-> GP Version: 2.2
Tag 63: 1.2.840.114283.3
Tag 64: 1.2.840.114283.4.2.85
-> GP SCP02 i=55
Tag 65: 1.2.840.114283.5.6.1.0.0.1
Tag 66: 1.3.6.1.4.1.42.2.110.1.3
-> JavaCard v3?
***** KEY INFO
A>> T=1 (4+0000) 80CA00E0 00
A<< (0020+2) (27ms) E012C00401FF8010C00402FF8010C00403FF8010 9000
Version: 255 (0xFF) ID: 1 (0x01) type: DES3 length: 16
Version: 255 (0xFF) ID: 2 (0x02) type: DES3 length: 16
Version: 255 (0xFF) ID: 3 (0x03) type: DES3 length: 16
Key version suggests factory keys
SCardEndTransaction(Alcor Micro AU9540 00 00)
SCardDisconnect("Alcor Micro AU9540 00 00", true)
Content of card:
java -jar ../gp.jar -l --debug --verbose
GlobalPlatformPro v0.3.10rc9-0-g53bcab8
Running on Linux 4.10.0-28-generic amd64, Java 1.8.0_171 by Oracle Corporation
# Detected readers from JNA2PCSC
[*] Alcor Micro AU9540 00 00
SCardConnect("Alcor Micro AU9540 00 00", T=*) -> T=1, 3BF81800008131FE450073C8400000900080
SCardBeginTransaction("Alcor Micro AU9540 00 00")
Reader: Alcor Micro AU9540 00 00
ATR: 3BF81800008131FE450073C8400000900080
More information about your card:
http://smartcard-atr.appspot.com/parse?ATR=3BF81800008131FE450073C8400000900080
A>> T=1 (4+0000) 00A40400 00
A<< (0018+2) (48ms) 6F108408A000000151000000A5049F6501FF 9000
[DEBUG] GlobalPlatform - Auto-detected ISD: A000000151000000
Warning: no keys given, using default test key 404142434445464748494A4B4C4D4E4F
A>> T=1 (4+0008) 80500000 08 9EB971B0B997A506 00
A<< (0028+2) (113ms) 00000000000000000000FF02001075FB090C524005ED5FE35EC4870E 9000
[DEBUG] GlobalPlatform - Host challenge: 9EB971B0B997A506
[DEBUG] GlobalPlatform - Card challenge: 001075FB090C5240
[DEBUG] GlobalPlatform - Card reports SCP02 with key version 255 (0xFF)
[DEBUG] GlobalPlatform - Will do SCP02 (8)
[DEBUG] PlaintextKeys - Card keys: {MAC=type=RAW bytes=404142434445464748494A4B4C4D4E4F, DEK=type=RAW bytes=404142434445464748494A4B4C4D4E4F, ENC=type=RAW bytes=404142434445464748494A4B4C4D4E4F}
[DEBUG] PlaintextKeys - Session keys: {MAC=type=DES3 bytes=4EBEDA3CFAF1AF9F51E5C5C1A209FA12 kcv=56F2E8, DEK=type=DES3 bytes=3D8EE3E7D528FB11B228B6A2A9E67843 kcv=586B99, ENC=type=DES3 bytes=9DCFBA55D0D2D1F93A76F4E664AC7557 kcv=36ACF2}
[DEBUG] GlobalPlatform - Verified card cryptogram: 05ED5FE35EC4870E
[DEBUG] GlobalPlatform - Calculated host cryptogram: 63BF4653BE559138
A>> T=1 (4+0016) 84820100 10 63BF4653BE559138CA2DEC59F3F525DF
A<< (0000+2) (79ms) 9000
A>> T=1 (4+0010) 84F28002 0A 4F008AC3124F676735BA 00
A<< (0021+2) (39ms) E3134F08A0000001510000009F700107C5039EFE80 9000
A>> T=1 (4+0010) 84F24002 0A 4F00B6E52A345E5EDFE1 00
A<< (0000+2) (37ms) 6A88
A>> T=1 (4+0010) 84F22002 0A 4F002244873B1D1B0175 00
A<< (0172+2) (85ms) E31B4F07A00000015153509F700101CE020202CC08A000000151000000E31E4F0AA0000001644C504B49009F700101CE020100CC08A000000151000000E3234F0FA000000396545300000001000306009F700101CE020100CC08A000000151000000E3234F0FA000000396545300000001000605009F700101CE020100CC08A000000151000000E3234F0FA000000396545300000001000404009F700101CE020100CC08A000000151000000 9000
A>> T=1 (4+0010) 84F21002 0A 4F00712BF00E7238B760 00
A<< (0239+2) (104ms) E3254F07A00000015153509F700101CE0202028408A000000151535041CC08A000000151000000E32B4F0AA0000001644C504B49009F700101CE020100840BA0000001644C504B490001CC08A000000151000000E3594F0FA000000396545300000001000306009F700101CE0201008410A00000039654530000000100030000008410A00000039654530000000100030000108410A0000003965453000000010003000020CC08A000000151000000E3474F0FA000000396545300000001000605009F700101CE0201008410A00000039654530000000100060000008410A0000003965453000000010006000010CC 6310
A>> T=1 (4+0010) 84F21003 0A 4F003843F0BC3CF26677 00
A<< (0064+2) (62ms) 08A000000151000000E3354F0FA000000396545300000001000404009F700101CE0201008410A0000003965453000000010004040000CC08A000000151000000 9000
ISD: A000000151000000 (INITIALIZED)
Privs: SecurityDomain, CardLock, CardTerminate, CardReset, CVMManagement, TrustedPath, AuthorizedManagement, TokenVerification, GlobalDelete, GlobalLock, GlobalRegistry, FinalApplication, ReceiptGeneration
PKG: A0000001515350 (LOADED) (|....QSP|)
Parent: A000000151000000
Version: 2.2
Applet: A000000151535041 (|....QSPA|)
PKG: A0000001644C504B4900 (LOADED) (|....dLPKI.|)
Parent: A000000151000000
Version: 1.0
Applet: A0000001644C504B490001 (|....dLPKI..|)
PKG: A00000039654530000000100030600 (LOADED) (|.....TS........|)
Parent: A000000151000000
Version: 1.0
Applet: A0000003965453000000010003000000 (|.....TS.........|)
Applet: A0000003965453000000010003000010 (|.....TS.........|)
Applet: A0000003965453000000010003000020 (|.....TS........ |)
PKG: A00000039654530000000100060500 (LOADED) (|.....TS........|)
Parent: A000000151000000
Version: 1.0
Applet: A0000003965453000000010006000000 (|.....TS.........|)
Applet: A0000003965453000000010006000010 (|.....TS.........|)
PKG: A00000039654530000000100040400 (LOADED) (|.....TS........|)
Parent: A000000151000000
Version: 1.0
Applet: A0000003965453000000010004040000 (|.....TS.........|)
SCardEndTransaction(Alcor Micro AU9540 00 00)
SCardDisconnect("Alcor Micro AU9540 00 00", true)
When I try to install OATH:
java -jar ../gp.jar -d -v -install OATH.cap
GlobalPlatformPro v0.3.10rc9-0-g53bcab8
Running on Linux 4.10.0-28-generic amd64, Java 1.8.0_171 by Oracle Corporation
# Detected readers from JNA2PCSC
[*] Alcor Micro AU9540 00 00
SCardConnect("Alcor Micro AU9540 00 00", T=*) -> T=1, 3BF81800008131FE450073C8400000900080
SCardBeginTransaction("Alcor Micro AU9540 00 00")
Reader: Alcor Micro AU9540 00 00
ATR: 3BF81800008131FE450073C8400000900080
More information about your card:
http://smartcard-atr.appspot.com/parse?ATR=3BF81800008131FE450073C8400000900080
A>> T=1 (4+0000) 00A40400 00
A<< (0018+2) (34ms) 6F108408A000000151000000A5049F6501FF 9000
[DEBUG] GlobalPlatform - Auto-detected ISD: A000000151000000
Warning: no keys given, using default test key 404142434445464748494A4B4C4D4E4F
A>> T=1 (4+0008) 80500000 08 0212B343EC673A6B 00
A<< (0028+2) (114ms) 00000000000000000000FF0200123E6DB216F8D55680B3F7A550C757 9000
[DEBUG] GlobalPlatform - Host challenge: 0212B343EC673A6B
[DEBUG] GlobalPlatform - Card challenge: 00123E6DB216F8D5
[DEBUG] GlobalPlatform - Card reports SCP02 with key version 255 (0xFF)
[DEBUG] GlobalPlatform - Will do SCP02 (8)
[DEBUG] PlaintextKeys - Card keys: {MAC=type=RAW bytes=404142434445464748494A4B4C4D4E4F, DEK=type=RAW bytes=404142434445464748494A4B4C4D4E4F, ENC=type=RAW bytes=404142434445464748494A4B4C4D4E4F}
[DEBUG] PlaintextKeys - Session keys: {MAC=type=DES3 bytes=89D93B2D2D7E7AB95B61F82EDE3975B7 kcv=B98C32, DEK=type=DES3 bytes=F162D1055E932F638893C5BCF9F31D70 kcv=04E63C, ENC=type=DES3 bytes=CB4ED15E982DB16EB630FE9F3E04D665 kcv=C98825}
[DEBUG] GlobalPlatform - Verified card cryptogram: 5680B3F7A550C757
[DEBUG] GlobalPlatform - Calculated host cryptogram: F9A02202A22F47BF
A>> T=1 (4+0016) 84820100 10 F9A02202A22F47BF4DB56FD47F42B8B1
A<< (0000+2) (79ms) 9000
CAP file (v2.1), contains: applets for JavaCard 2.2.2
Package: pkgYkneoOath A0000005272101 v0.0
Import: A0000000620001 v1.0
Import: A0000000620102 v1.3
Import: A0000000620101 v1.3
Applet: A000000527210101
Generated by Sun Microsystems Inc. converter 1.3
On Wed May 16 07:15:59 PDT 2018 with JDK 1.8.0_171 (Oracle Corporation)
Total code size: 4122 bytes (5036 with debug)
SHA256 (code): FA159806A9880A6B687E787890F77FCBAF5A6ED63CD553D20E47CA19BC7CD733
SHA1 (code): 864A34575269AD52BC694D24A185763594C91F9D
A>> T=1 (4+0010) 84F28002 0A 4F0019A4B5BCFD8D0E2A 00
A<< (0021+2) (39ms) E3134F08A0000001510000009F700107C5039EFE80 9000
A>> T=1 (4+0010) 84F24002 0A 4F004B9459BB164EFEC9 00
A<< (0000+2) (42ms) 6A88
A>> T=1 (4+0010) 84F22002 0A 4F0061B9817E563CFF60 00
A<< (0172+2) (75ms) E31B4F07A00000015153509F700101CE020202CC08A000000151000000E31E4F0AA0000001644C504B49009F700101CE020100CC08A000000151000000E3234F0FA000000396545300000001000306009F700101CE020100CC08A000000151000000E3234F0FA000000396545300000001000605009F700101CE020100CC08A000000151000000E3234F0FA000000396545300000001000404009F700101CE020100CC08A000000151000000 9000
A>> T=1 (4+0010) 84F21002 0A 4F002D58C5CF80ACEF82 00
A<< (0239+2) (116ms) E3254F07A00000015153509F700101CE0202028408A000000151535041CC08A000000151000000E32B4F0AA0000001644C504B49009F700101CE020100840BA0000001644C504B490001CC08A000000151000000E3594F0FA000000396545300000001000306009F700101CE0201008410A00000039654530000000100030000008410A00000039654530000000100030000108410A0000003965453000000010003000020CC08A000000151000000E3474F0FA000000396545300000001000605009F700101CE0201008410A00000039654530000000100060000008410A0000003965453000000010006000010CC 6310
A>> T=1 (4+0010) 84F21003 0A 4F0056722CCB8A815B1A 00
A<< (0064+2) (67ms) 08A000000151000000E3354F0FA000000396545300000001000404009F700101CE0201008410A0000003965453000000010004040000CC08A000000151000000 9000
A>> T=1 (4+0028) 84E60200 1C 07A000000527210108A00000015100000000000058BCFCB1F099FA44
A<< (0001+2) (207ms) 00 9000
A>> T=1 (4+0255) 84E80000 FF C482101A010011DECAFFED010204000007A000000527210102001F0011001F000C001F015E00360C9B001001650000038F000C0001000303010004001F03000107A0000000620001030107A0000000620102030107A000000062010103000C0108A00000052721010104610600360080000E000701100000002C00E000E700EC00F1010D011D0122014A01CF036603CB03D303D803DF0403008203070007070100000475070C9B000210188C002D1803890018038801181040900B8702181040900B87037B0017670B1020058D00267F00177A04511F100F53046A0F1F100F53056A081169848D00271F10F05310106A101F10F05310201D5868D2CA481656
A<< (0001+2) (468ms) 00 9000
A>> T=1 (4+0255) 84E80001 FF 6A081169848D0027160410406F08116A808D00271F100F53046B177B0028670A04038D002B7F0028187B00288704701C1F100F53056B157B002E670A07038D002B7F002E187B002E8704181F880518038900AD0203104010368D001D3BAD03031040105C8D001D3B032905160516046D20AD021605191E2510365738AD031605191E25105C573859050159020170DE7A0220181D88067A0110AE06780110AE05780540AD076709181040900B8707181F8908191EAD07031F8D002A3B7A0530AD0703191EAF088D002A3BAF08780110AF08780420181D88091D0453046B1DAD0A670B181040900B870A7010AD0A031040038D001D3B1803EEAFB39948DE4504
A<< (0001+2) (95ms) 00 9000
A>> T=1 (4+0255) 84E80002 FF 890B7A03107B0015670C183D7F00167F001570207B00157B0016690E7B0015183D7F0016870C700C7B0016183D7F0016870C7A02017B00152B186610188B00186104700818830C2B70F118670E8F00193D8C001A2B188B001B187705317B00152E1B66241B8B001860181E1B85086A047010181D1B8307031E8D001C610470081B830C2E70DD1B770666012806AE0510F0531020A300831F10406E051F6108116A808D0027AE090453046B6710401F432907AF0B16076D06AF0B700416072908160810406D1C160816076D16AD0A160825610470081169828D002759080170E216081607431E412909191609AD0A16081F8D001C290A16ED59A85672172320
A<< (0001+2) (98ms) 00 9000
A>> T=1 (4+0255) 84E80003 FF 0A026B081169828D0027181607890B191EAD0A16071F8D002A3B192806A800CEAE0510F0531010A300BE7B0017031008038D001D3BAD0D661AAD0D03256121AD0D0425611BAD0D05256115AD0D0625610F7B00171006AF008D001E3B7075AD0D037B001707078D001F3B032907AF001008511100FF532908AF001100FF5329091007290A160A654B7B0017160A251100FF53290B160A10076B0B160B160941290B700F160A10066B09160B160841290B160B160741290B160B1008515B29077B0017160A160B5B38160A04435B290A70B5183D8500044189007B00172806033110083270081169848D0027AD048B0020AD04AD02031040E4FB448E42109016
A<< (0001+2) (96ms) 00 9000
A>> T=1 (4+0255) 84E80004 FF 8B0021AD0415061E1F150416058B00222907AD048B0020AD04AD030310408B0021AD04150416051607150416058B002278066218191E1F7B0017038B002329067B00171606044325100F532907150416055905017B0017160759070125107F5338150416055905017B001716075907012538150416055905017B001716075907012538150416055905017B00171607590701253807780110AD048B0024780110AE01780220181D88017A0631AD0D67081807900B870D03321F076D13AD0D1F191E59020125381F04415B3270ED7A0410AD0D660BAD0D0307038D001D3B7A0410188C0025181020058D0026870E18110800058D0026870F3BB361109887B6F5
A<< (0001+2) (98ms) 00 9000
A>> T=1 (4+0255) 84E80005 FF 1808058D0026871018048D00298711181008900B8712AD11AD120310088B002C188F00193D8C001A8713188F00193D8C001A87147A05308F002F3D8C0030181D0441181D258B00317A0626188B0032980090198B00332D03321A1F5903011079381A1F5903017B0034925B387B0034031A1F7B0034928D001F3B1F7B0034925B41321A1F590301107138AD129229041A1F59030116045B38AD12031A1F16048D001F3B1F16044132AD138B0018602B1A1F5903011074381A1F590301100838AD111A1F10088B002CAD131A1F1008AD0E038B00233B59030819031F8B00357A198B00332D198B00363B03321A052529041A06252905160481BBBFD1CCD35C16
A<< (0001+2) (95ms) 00 9000
A>> T=1 (4+0255) 84E80006 FF 16058D003729061A04252907AD138B0018601A160710A36A141607076A0FAD100325046A081169828D002716077500F50009FFA1007FFFA20094FFA300B5FFA400CBFFA500EC000100290002003E00030053000400681606610A181A8C0038A800C9116B008D0027A800C01606610A181A8C0039A800B4116B008D0027A800AB1606610A181A8C003AA8009F116B008D0027A80096160611DEAD6B09188C003BA80088116B008D0027A8007F1606610B18AD0F8C003C327071116B008D0027706916046117160560071605046B0E181A1605AD0F8C003D327050116B008D002770481606610C181AAD0F8C003E32703A116B008D002770ACC58C344F680C4A
A<< (0001+2) (96ms) 00 9000
A>> T=1 (4+0255) 84E80007 FF 3216046117160560071605046B0E181A1605AD0F8C003F327019116B008D00277011AD10068D0040327008116D008D00271F650818191F8C00417A0410AD13038B0042017F0015017F0016AD100308038D001D3BAD11AD120310088B002C8D00437A0633AD138B001861081169848D00270832191F5903012510756A08116A808D002718191F8C004429041604AD138B00456A08116A808D00271F1816048C00464132191FAD0E0316048D001C6109AD100304387008116A808D00271F16044132191F5903012510746A08116A808D002718191F8C00442904160410086D08116A808D00271F1816048C00464132AD13191F1604AD0E035FFB418CABF3111C
A<< (0001+2) (96ms) 00 9000
A>> T=1 (4+0255) 84E80008 FF 8B002329051A031075381A0416055B38AD0E031A0516058D001F3B160505417806250831191E5902012510736A08116A808D002718191E8C0044321E181F8C004641311F610BAD13038B0042A800A4191E590201252904AD14191E16041F04438B00471E1F04434131191E5902012510746A08116A808D002718191E8C0044321E181F8C00464131AD14191E1FAD0E038B002329051E1F4131191E5902012510756A08116A808D002718191E8C0044321E181F8C004641311F16056A08116A808D0027191EAD0E031F8D001C611EAD13280618AD14871318150687141506038B0042AD13048B004270081169848D00277A064408290419582074F67C3AB076
A<< (0001+2) (96ms) 00 9000
A>> T=1 (4+0255) 84E80009 FF 16045904012510716A08116A808D0027181916048C0044290516041816058C004641290419160416058D00482806150667081169848D0027160416054129041916045904012510746A08116A808D0027181916048C0044290516041816058C00464129040329071E611C15061916041605AD0E038B002329051B1607590701107538701A15061916041605AD0E038B004929051B16075907011076381607181B1607160504418C004A4129071B160759070115068B004B38AD0E031B160716058D002A3B16051816058C00464105417807440829041916045904012510746A08116A808D0027181916045904018C00442905191604AD0E5A89361AE2EE1309
A<< (0001+2) (98ms) 00 9000
A>> T=1 (4+0255) 84E8000A FF 0316058D001F3B0329047B0015280615069E00AB15068B00186105A800981B16045904011071381B160459040115068B004C5B38160415061B16048B004D41290403290715068B004E10F05310206B3D1E611E1B16045904011075381506AD0E0316051B160405418B0023290770271B16045904011076381506AD0E0316051B160405418B00492907700B1B16045904011077381B1604590401160704415B381B160459040115068B004B38160416074129041506830C2806A8FF56160478042203317B00152E1B66381B8B00186104702A191E590201107238191E5902011B8B004C04415B38191E5902011B8B004E381E1B191E8B00791A625D7F4ADD8D
A<< (0001+2) (126ms) 00 9000
A>> T=1 (4+0255) 84E8000B FF 4D41311B830C2E70C91E7804230831191E5902012510716A08116A808D002718191E8C0044321E181F8C00464131191E1F8D004828041504660A1504038B004270081169848D00277A031203307B00152D1A661A1A8B00186104700C1D1A8B004C10094141301A830C2D70E71D7806250831191E5902012510716A08116A808D002718191E8C0044321E181F8C00464131188C004F1F411009411108006F08116A848D0027191E1F8D004828041504670F8D005028041504191E1F8B00511E1F4131191E5902012510736A08116A808D002718191E8C0044321E181F8C00464131191E5902012529051605100F53046A101605100F53057BDA2F5ADF5F159F
A<< (0001+2) (98ms) 00 9000
A>> T=1 (4+0255) 84E8000C FF 6A08116A808D0027160510F05310206A11160510F05310106A08116A808D0027191E5902012529061504038B0042150416068B00521504191E16051F05438B00471E1F054341311E19926D19191E2510786B125902011504191E590201258B005370081504038B00531E19926D29191E25107A6B22590201191E59020125076B0E1504191E8B0054590204700F116A808D0027700715048B00551504048B00427A03310332191E25107F6E08191E25327028191E2510816B0A191E044125327019191E2510826B0C191E04418D00403270081169848D00271F7802201D1100806D0404781D1100FF6E040578067804401F1100806D0919FEFCE3F24CA8BA05
A<< (0001+2) (102ms) 00 9000
A>> T=1 (4+0255) 84E8000D FF 1E1F5B3804781F1100FF6E11191E590201108138191E1F5B380578191E590201108238191E1F8D001E3B06780536198B00332E8D0056290416042907AD10048D004029081E16046D051E2907AD0F16081B0316078D002A3B1E16046F2C1E160443290616081604412908160431160616046F0C116100160455290570171161001606552905700D0329080329061190002905AD100416088D001E3BAD100616068D001E3B19031E8B003516051190006A0716058D00277A080010000C000600010300030002020000000005015E00570200000A0200000B020000030200000402000005020000080200000902000001020000070200000D275B8F0A7D2C2813
A<< (0001+2) (171ms) 00 9000
A>> T=1 (4+0255) 84E8000E FF 020000060200000C020000000200000202002A0002002A0102002A0402002A0502002A0602002A0202002A0305000002050000040500000A0300000D0100000006000001030000090682100006821003068210060682100203810B0403810B0503810B010300000A03810B03068203000682080D068207010500000606810E000682100106810B0003810E01068000000500000801002A0006000413038203020382030303820A010500000003820A0803820A060682100506000A6406000A010600073106000655060009BE060008020600067C060008D80682100406000C100300000E0682081206000B8E0300000C06000BC70300007178E2227A144A89
A<< (0001+2) (97ms) 00 9000
A>> T=1 (4+0255) 84E8000F FF 01060001A20300000B06000BDB0300000303000007030000060300000406000A3F0600017A0300000503000002030000080300000F0300001006820A01090165007F0A040707611C0404020B140B180505050904040B050605070809040C240C1527090C0C180D06142018040F15040606060B080F0B5B04140502080F0502087708070508081404170A0807070202100A580E10170906351293211621101B0E09020E29180A3F061336113105380905020508861A2D3D601C3B4663FFC410460900E20519080317160C0A0703040E070304140B540E2B0B070305030505070508081004050708142936190D0F14072007090522371A0FDFEAAE235DEE254C
A<< (0001+2) (94ms) 00 9000
A>> T=1 (4+0182) 84E88010 B6 050A0D070A0F0A040514141111103F08070A0807130404060408040A07071306060405240B1B0C0A0505140C1A34090C090C090E090D0918090D091809080909090404080B03080812060908070C0F15060E070E171A06070B171606070D1606070D0916060817070A0B0C18070A161A180E0C091A0A0D070C190C0B221C241B08150D081E0607080C08080809210607061006090A14060720180E070C20081F0B07062F094809040C154309070CDB5802F6E3CB92AB
A<< (0001+2) (2s5ms) 00 9000
CAP loaded
A>> T=1 (4+0010) 84F28002 0A 4F00CE1365F547E4B025 00
A<< (0021+2) (39ms) E3134F08A0000001510000009F700107C5039EFE80 9000
A>> T=1 (4+0010) 84F24002 0A 4F00F8EA3A41D6663EF4 00
A<< (0000+2) (43ms) 6A88
A>> T=1 (4+0010) 84F22002 0A 4F00ACF0434BA5896E89 00
A<< (0201+2) (83ms) E31B4F07A00000015153509F700101CE020202CC08A000000151000000E31E4F0AA0000001644C504B49009F700101CE020100CC08A000000151000000E3234F0FA000000396545300000001000306009F700101CE020100CC08A000000151000000E3234F0FA000000396545300000001000605009F700101CE020100CC08A000000151000000E3234F0FA000000396545300000001000404009F700101CE020100CC08A000000151000000E31B4F07A00000052721019F700101CE020000CC08A000000151000000 9000
A>> T=1 (4+0010) 84F21002 0A 4F005758A6044FC20332 00
A<< (0239+2) (105ms) E3254F07A00000015153509F700101CE0202028408A000000151535041CC08A000000151000000E32B4F0AA0000001644C504B49009F700101CE020100840BA0000001644C504B490001CC08A000000151000000E3594F0FA000000396545300000001000306009F700101CE0201008410A00000039654530000000100030000008410A00000039654530000000100030000108410A0000003965453000000010003000020CC08A000000151000000E3474F0FA000000396545300000001000605009F700101CE0201008410A00000039654530000000100060000008410A0000003965453000000010006000010CC 6310
A>> T=1 (4+0010) 84F21003 0A 4F004806318F830710EE 00
A<< (0103+2) (80ms) 08A000000151000000E3354F0FA000000396545300000001000404009F700101CE0201008410A0000003965453000000010004040000CC08A000000151000000E3254F07A00000052721019F700101CE0200008408A000000527210101CC08A000000151000000 9000
A>> T=1 (4+0040) 84E60C00 28 07A000000527210108A00000052721010108A000000527210101010002C90000957AA3B988C90CF0
A<< (0000+2) (799ms) 6F00
Install for Install and make selectable failed: 0x6F00
After installation:
PKG: A0000005272101 (LOADED)
Parent: A000000151000000
Version: 0.0
Applet: A000000527210101
But I am not able to use it:
>> 00A4040008A000000527210101
<< 6A 82 (File not found)
Why am I not able to install any applet besides AlgTest?

Because you probably don't have the features necessary for those applets and applet initialization throws an exception which is not handled. This specific case seems to be no support for ECC.

During installation of the applet, some exception has been raised in constructor/install method of class and because this exception is never catch. The installer applet (in JCRE) returns 0x6F00 (or sometimes 0x6400).
You best bet to resolve this issue is to apply try-catch at different sections of code and try to install the applet. By this way, you may come to know about the un-supported feature of the applet in the card-OS.

Related

Enabling 802.11w mode with hostapd

I'm trying to setup a WiFi Access Point with a Raspberry Pi 3B+ having 802.11w enabled.
Kernel version: Linux efb-ap-0 4.19.66-Re4son-v7+ #1 SMP Sun Aug 18 22:25:39 AEST 2019 armv7l GNU/Linux
Driver: brcmfmac
hostapd (Deb package): 2:2.9-1 armel
During the 4-Way Handshake, wpa_supplicant immediatly disconnects at the 3/4 msg, with following logs:
wlan0: WPA: IE in 3/4 msg does not match with IE in Beacon/ProbeResp (src=b8:27:eb:3b:3f:0e)
WPA: RSN IE in Beacon/ProbeResp - hexdump(len=28): 30 1a 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ac 06 c0 00 00 00 00 0f ac 06
WPA: RSN IE in 3/4 msg - hexdump(len=26): 30 18 01 00 00 0f ac 04 01 00 00 0f ac 04 02 00 00 0f ac 02 00 0f ac 06 c0 00
Comparing 3/4 msg hexdump and Beacon hexdump via Wireshark shows that the Beacon contains the following additional fields that are not in the 3/4 msg: PMKID Count (0x00 00)+ PMKID List + Group Management Cipher Suite
(0x00 0f ac 06).
Why is the 3/4 msg not matching the Beacon ? Is this an issue in hostapd ? in driver ? in hostapd<->driver communication ?
Thanks for any information about that.
You can find below the hostapd.conf content:
interface=wlan0
driver=nl80211
logger_syslog=-1
logger_syslog_level=2
auth_algs=1
wpa_pairwise=CCMP
rsn_pairwise=CCMP
wpa=2
hw_mode=g
ieee80211w=2
ssid=XXXXXXXXXX
channel=1
wpa_key_mgmt=WPA-PSK-SHA256
wpa_passphrase=XXXXXXXXXX
And the wpa_supplicant.conf used to connect:
ctrl_interface=DIR=/var/run/
network={
ssid="XXXXXXXX"
proto=RSN
scan_ssid=1
key_mgmt=WPA-PSK-SHA256
pairwise=CCMP
psk="XXXXXXXX"
ieee80211w=2
}
Note: this thread is a duplicate from a message I had posted on hostap mailing list for which I didn't have answer: http://lists.infradead.org/pipermail/hostap/2019-November/040764.html

MimeMultipart count is zero when an email is read using JavaMail

My application sends an email to an Exchange mail server, mail server is configured with a third party application where it routes email to agent and agent replies to that email. Application reads agent reply from the mailbox which is used to send the email.
Email sending code is below;
Message mimeMessage = new MimeMessage(session);
mimeMessage.setFrom(new InternetAddress(from));
mimeMessage.addRecipient(Message.RecipientType.TO, new InternetAddress(to));
mimeMessage.setSubject(subject);
mimeMessage.setContent(emailText,"text/plain");
mimeMessage.setReplyTo(replyToAddress);
Transport.send(mimeMessage);
This works perfectly. When agent reply is received, Application read it as;
if (message.isMimeType("multipart/MIXED")) {
logger.info("Email MIME Type is: multipart/MIXED");
MimeMultipart multipart =(MimeMultipart)message.getContent();
logger.info("Content type = "+multipart.getContentType());
int count = multipart.getCount();
}
The content type is "multipart/mixed" but the count is 0 means there are no parts in this emails.
I need to set System property,
System.setProperty("mail.mime.multipart.allowempty", "true");
if it is not set, multipart.getCount() throws "missingBoundryException".
Why it is so ?
I can see that the agent's reply is not empty.
The email was sent with content type as text/plain, why reply type is multipart/mixed?
Is this due to any invalid formatting of email by third party application, what is the workaround?
Below is the snap of agent reply.
Below is the raw MIME content,
Received: from sociaminer.host (192.168.1.29) by thirdpartHost
(192.168.1.53) with Microsoft SMTP Server (TLS) id 14.1.218.12; Thu, 19 Jan
2017 17:06:26 +0500
To: hafiz <hafiz#bla.bla>
Message-ID: <hassan.MESSAGEID#bla.bla>
In-Reply-To: <CF72F94#bla.bla>
References: <CF72F945A#bla.bla>
Subject: Re: 1122+50
Content-Type: multipart/mixed;
boundary="----=_Part_127_14151461.1484827604583"
From: <reply#bla.bla>
Return-Path: reply#bla.bla
Date: Thu, 19 Jan 2017 17:06:26 +0500
X-MS-Exchange-Organization-AuthSource: bla.bla
X-MS-Exchange-Organization-AuthAs: Internal
X-MS-Exchange-Organization-AuthMechanism: 06
X-Originating-IP: [SocialMinerIP]
MIME-Version: 1.0
------=_Part_127_14151461.1484827604583
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: 7bit
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">Reply to 50<br>
<blockquote><hr>
<b>From:</b> hafiz <hafiz#bla.bla><br><b>Sent:</b> Thursday, January 19, 2017 5:05 PM<br><b>To:</b> testing2 <testing2#bla.bla><br><b>Subject:</b> 1122+50<br>
<html dir="ltr">
<head>
<style type="text/css" id="owaParaStyle"></style>
</head>
<body fpstyle="1" ocsi="0">
<div style="direction: ltr;font-family: Tahoma;color: #000000;font-size: 10pt;">Testing 50</div>
</body>
</html>
</blockquote>
------=_Part_127_14151461.1484827604583--
JavaMail debug output looks like below,
DEBUG: setDebug: JavaMail version 1.4.7
DEBUG: getProvider() returning javax.mail.Provider[STORE,imap,com.sun.mail.imap.IMAPStore,Oracle]
DEBUG IMAP: mail.imap.fetchsize: 16384
DEBUG IMAP: mail.imap.ignorebodystructuresize: false
DEBUG IMAP: mail.imap.statuscachetimeout: 1000
DEBUG IMAP: mail.imap.appendbuffersize: -1
DEBUG IMAP: mail.imap.minidletime: 10
DEBUG IMAP: disable AUTH=PLAIN
DEBUG IMAP: enable STARTTLS
DEBUG IMAP: trying to connect to host "Echange IP", port 143, isSSL false
* OK The Microsoft Exchange IMAP4 service is ready.
A0 CAPABILITY
* CAPABILITY IMAP4 IMAP4rev1 LOGINDISABLED STARTTLS UIDPLUS CHILDREN IDLE NAMESPACE LITERAL+
A0 OK CAPABILITY completed.
DEBUG IMAP: protocolConnect login, host=192.168.1.53, user=hafiz#bla.bla, password=<non-null>
A1 STARTTLS
A1 OK Begin TLS negotiation now.
A2 CAPABILITY
* CAPABILITY IMAP4 IMAP4rev1 AUTH=NTLM AUTH=GSSAPI AUTH=PLAIN UIDPLUS CHILDREN IDLE NAMESPACE LITERAL+
A2 OK CAPABILITY completed.
DEBUG IMAP: AUTH: NTLM
DEBUG IMAP: AUTH: GSSAPI
DEBUG IMAP: AUTH: PLAIN
DEBUG IMAP: AUTHENTICATE NTLM command trace suppressed
DEBUG NTLM: type 1 message: 4E 54 4C 4D 53 53 50 00 01 00 00 00 03 A2 00 00 00 00 00 00 23 00 00 00 03 00 03 00 20 00 00 00 31 39 32
DEBUG NTLM: type 3 message: 4E 54 4C 4D 53 53 50 00 03 00 00 00 18 00 18 00 68 00 00 00 18 00 18 00 80 00 00 00 00 00 00 00 40 00 00 00 22 00 22 00 40 00 00 00 06 00 06 00 62 00 00 00 00 00 00 00 98 00 00 00 01 82 00 00 68 00 61 00 66 00 69 00 7A 00 40 00 65 00 66 00 6C 00 61 00 62 00 2E 00 6C 00 6F 00 63 00 61 00 6C 00 31 00 39 00 32 00 3B 5E 2B 86 67 49 E3 01 C9 9E F2 CA ED 54 21 11 81 89 94 C6 EC E0 26 E3 BA DB E7 5A F4 CA 28 17 7C 0E 8A 08 18 B5 5A 4E 72 4F C5 7F 52 64 FA 76
DEBUG IMAP: AUTHENTICATE NTLM command result: A3 OK AUTHENTICATE completed.
A4 CAPABILITY
* CAPABILITY IMAP4 IMAP4rev1 AUTH=NTLM AUTH=GSSAPI AUTH=PLAIN UIDPLUS CHILDREN IDLE NAMESPACE LITERAL+
A4 OK CAPABILITY completed.
DEBUG IMAP: AUTH: NTLM
DEBUG IMAP: AUTH: GSSAPI
DEBUG IMAP: AUTH: PLAIN
DEBUG IMAP: connection available -- size: 1
A5 SELECT INBOX
* 40 EXISTS
* 0 RECENT
* FLAGS (\Seen \Answered \Flagged \Deleted \Draft $MDNSent)
* OK [PERMANENTFLAGS (\Seen \Answered \Flagged \Deleted \Draft $MDNSent)] Permanent flags
* OK [UNSEEN 39] Is the first unseen message
* OK [UIDVALIDITY 436] UIDVALIDITY value
* OK [UIDNEXT 46] The next unique identifier value
A5 OK [READ-WRITE] SELECT completed.
A6 SEARCH UNSEEN ALL
* SEARCH 39
A6 OK SEARCH completed.
A7 SEARCH UNSEEN ALL
* SEARCH 39
A7 OK SEARCH completed.
main INFO emailToSms.EmailReader - 1 unread emails read from inbox.
A8 STORE 39 +FLAGS (\Seen)
* 39 FETCH (FLAGS (\Seen))
A8 OK STORE completed.
A9 FETCH 39 (BODY.PEEK[HEADER])
* 39 FETCH (BODY[HEADER] {851}
MIME-Version: 1.0
Received: from HOST (IP) by HOST
(192.168.1.53) with Microsoft SMTP Server (TLS) id 14.1.218.12; Thu, 19 Jan
2017 17:06:26 +0500
To: hafiz <hafiz#bla.bla>
Message-ID: <hassan.B69E3DD110000159000004A73F57FEE3.1484827604448.cisco-ccp#bla.bla>
In-Reply-To: <CF72F945A1ED2E438A53A11DA9415F65A0E981#Expert.bla.bla>
References: <CF72F945A1ED2E438A53A11DA9415F65A0E981#Expert.bla.bla>
Subject: Re: 1122+50
Content-Type: multipart/mixed;
boundary="----=_Part_127_14151461.1484827604583"
From: <testing2#bla.bla>
Return-Path: testing2#bla.bla
Date: Thu, 19 Jan 2017 17:06:26 +0500
X-MS-Exchange-Organization-AuthSource: Expert.bla.bla
X-MS-Exchange-Organization-AuthAs: Internal
X-MS-Exchange-Organization-AuthMechanism: 06
X-Originating-IP: [IP]
)
A9 OK FETCH completed.
A10 FETCH 39 (ENVELOPE INTERNALDATE RFC822.SIZE)
* 39 FETCH (ENVELOPE ("Thu, 19 Jan 2017 17:06:26 +0500" "Re: 1122+50" ((NIL NIL "testing2" "bla.bla")) NIL NIL (("hafiz" NIL "hafiz" "bla.bla")) NIL NIL "<CF72F945A1ED2E438A53A11DA9415F65A0E981#Expert.bla.bla>" "<hassan.B69E3DD110000159000004A73F57FEE3.1484827604448.cisco-ccp#bla.bla>") INTERNALDATE "19-Jan-2017 17:06:26 +0500" RFC822.SIZE 1250)
A10 OK FETCH completed.
A11 FETCH 39 (BODYSTRUCTURE)
* 39 FETCH (BODYSTRUCTURE ("multipart" "mixed" ("boundary" "----=_Part_127_14151461.1484827604583") NIL NIL 7BIT 0 NIL NIL NIL NIL))
A11 OK FETCH completed.
DEBUG IMAP: IMAPProtocol noop
A12 NOOP
A12 OK NOOP completed.
This is a bug in Microsoft Exchange. Report this bug to Microsoft and upgrade to a newer version or newer service pack if possible in case they've already fixed it.
Exchange is returning the BODYSTRUCTURE information for the message as if it were a single part message when in fact it is a multipart message. This is a violation of the IMAP protocol spec.
You can use the workaround in the JavaMail FAQ.
Also, you might want to upgrade to a newer version of JavaMail - 1.4.7 is pretty old, the current version is 1.5.6.

Application won't exit after downloading a file with scala-ssh

I'm using scala-ssh 0.7.0 to download a file from a remote server.
The download itself seems to be successful (I can find the downloaded file). Here is the last part of the log output:
16:14:43.824 [main] TRACE
net.schmizz.sshj.xfer.LoggingTransferListener -- transferred 100% of
log-file.txt 16:14:43.824 [main] INFO
net.schmizz.sshj.common.StreamCopier -- 44.82421875 KiB transferred in
1.572 seconds (28.514134064885496 KiB/s) 16:14:43.825 [main] DEBUG net.schmizz.sshj.xfer.scp.SCPEngine -- Remote agrees transfer done
16:14:43.826 [main] DEBUG net.schmizz.sshj.xfer.scp.SCPEngine --
Signalling: Transfer done 16:14:43.826 [main] TRACE
net.schmizz.sshj.transport.Encoder -- Encoding packet #10: 5e 00 00 00
00 00 00 00 01 00 16:14:43.826 [main] DEBUG
net.schmizz.sshj.connection.channel.Window$Remote -- Consuming by 1
down to 2097148 16:14:44.220 [reader] TRACE
net.schmizz.sshj.transport.Decoder -- Received packet #14: 62 00 00 00
00 00 00 00 0b 65 78 69 74 2d 73 74 61 74 75 73 00 00 00 00 00
16:14:44.221 [reader] TRACE net.schmizz.sshj.transport.TransportImpl
-- Received packet CHANNEL_REQUEST 16:14:44.221 [reader] DEBUG net.schmizz.sshj.connection.channel.direct.SessionChannel -- Got chan
request for exit-status 16:14:44.222 [reader] TRACE
net.schmizz.sshj.transport.Decoder -- Received packet #15: 60 00 00 00
00 16:14:44.222 [reader] TRACE
net.schmizz.sshj.transport.TransportImpl -- Received packet
CHANNEL_EOF 16:14:44.222 [reader] DEBUG
net.schmizz.sshj.connection.channel.direct.SessionChannel -- Got EOF
16:14:44.223 [reader] TRACE net.schmizz.sshj.transport.Decoder --
Received packet #16: 61 00 00 00 00 16:14:44.223 [reader] TRACE
net.schmizz.sshj.transport.TransportImpl -- Received packet
CHANNEL_CLOSE 16:14:44.223 [main] DEBUG
net.schmizz.sshj.connection.channel.direct.SessionChannel -- Sending
close 16:14:44.223 [reader] DEBUG
net.schmizz.sshj.connection.channel.direct.SessionChannel -- Got close
16:14:44.224 [main] TRACE net.schmizz.sshj.transport.Encoder --
Encoding packet #11: 61 00 00 00 00 16:14:44.225 [main] DEBUG
net.schmizz.concurrent.Promise -- Awaiting <>
16:14:44.225 [reader] DEBUG net.schmizz.sshj.connection.ConnectionImpl
-- Forgetting session channel (#0)
16:14:44.225 [reader] DEBUG net.schmizz.concurrent.Promise -- Setting <> to SOME
My code is very simple:
import com.decodified.scalassh._
val sshClient = new SshClient(new HostConfig(login = PasswordLogin(userName, SimplePasswordProducer(password)), hostName))
sshClient.download(filePath, targetDirectory)
Now, although the download finishes successfully, and the application execution continues after the download command, the application itself doesn't exit.
Any ideas?
The implicit conversion to RichSshClient seems to be behind this.
I avoided the implicit convertion to RichSshClient by creating a new class -- 'SshClientEnhanced' which extends SshClient with ScpTransferable. Invoking download method on an instance of SshClientEnhanced works fine.

OpenSSL 1.0.1 handshake workaround in Ubuntu? [closed]

This question is unlikely to help any future visitors; it is only relevant to a small geographic area, a specific moment in time, or an extraordinarily narrow situation that is not generally applicable to the worldwide audience of the internet. For help making this question more broadly applicable, visit the help center.
Closed 10 years ago.
I've encountered a serious bug in OpenSSL 1.0.1 on Ubuntu 12.04:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665452
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=666051 <- dated Oct 3 2012!
The gist of it is that I'm able to connect to some servers but not others. Connecting to google works:
openssl s_client -connect mail.google.com:443 -debug -state -msg -CAfile /etc/ssl/certs/ca-certificates.crt
...
Protocol : TLSv1.1
Cipher : ECDHE-RSA-RC4-SHA
Session-ID: 94DB1AC8531115C501434B16A5E9B735722768581778E4FEA4D9B19988551397
Session-ID-ctx:
Master-Key: 8694BF510CD7568CBAB39ECFD32D115C511529871F3030B67A4F7AEAF957D714D3E94E4CE6117F686C975EFF21FB8708
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 100800 (seconds)
TLS session ticket:
0000 - fb 52 d6 d3 3c a8 75 e1-1f 1d f6 23 ab ce 55 44 .R..<.u....#..UD
0010 - 27 bf ad c4 7a 0d 83 c8-48 59 48 4b 39 bb 3c c7 '...z...HYHK9.<.
0020 - 01 1e ad b3 13 de 65 d4-e8 ea e4 35 89 83 55 8e ......e....5..U.
0030 - e4 d5 9f 60 58 51 33 9b-83 34 b9 35 3d 46 cb a3 ...`XQ3..4.5=F..
0040 - 35 7b 48 5d 7b 86 5c d5-a1 14 9d 8c 3e 93 eb fb 5{H]{.\.....>...
0050 - ac 78 75 72 9b d2 bc 67-f2 fa 5b 75 80 a6 31 d8 .xur...g..[u..1.
0060 - 71 15 85 7f 55 4d dc fb-b0 b5 33 db 6d 36 8c c6 q...UM....3.m6..
0070 - e8 f9 54 7a 29 69 87 2c-dd f3 c5 cf 26 55 6f 6e ..Tz)i.,....&Uon
0080 - 45 73 7a 1d e4 b3 be b2-92 3f 0b ed c4 1c a5 24 Esz......?.....$
0090 - 3c f0 ca a5 <...
Start Time: 1354063165
Timeout : 300 (sec)
Verify return code: 0 (ok)
But connecting to facebook doesn't:
openssl s_client -connect graph.facebook.com:443 -debug -state -msg -CAfile /etc/ssl/certs/ca-certificates.crt -cipher SRP-AES-256-CBC-SHA
CONNECTED(00000003)
SSL_connect:before/connect initialization
write to 0xddd2c0 [0xddd340] (64 bytes => 64 (0x40))
0000 - 16 03 01 00 3b 01 00 00-37 03 02 50 b5 5d 75 42 ....;...7..P.]uB
0010 - c2 78 55 49 b5 2e de 4f-00 a6 a8 d5 cf 10 92 44 .xUI...O.......D
0020 - 28 62 34 d6 61 5e 88 c3-68 8b 96 00 00 04 c0 20 (b4.a^..h......
0030 - 00 ff 02 01 00 00 09 00-23 00 00 00 0f 00 01 01 ........#.......
>>> TLS 1.1 [length 003b]
01 00 00 37 03 02 50 b5 5d 75 42 c2 78 55 49 b5
2e de 4f 00 a6 a8 d5 cf 10 92 44 28 62 34 d6 61
5e 88 c3 68 8b 96 00 00 04 c0 20 00 ff 02 01 00
00 09 00 23 00 00 00 0f 00 01 01
SSL_connect:unknown state
read from 0xddd2c0 [0xde28a0] (7 bytes => 7 (0x7))
0000 - 15 03 02 00 02 02 28 ......(
SSL3 alert read:fatal:handshake failure
<<< TLS 1.1 [length 0002]
02 28
SSL_connect:error in unknown state
140581179446944:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:724:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 64 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
The facebook connection either hangs after the client sends its hello buffer and never receives the server hello response, or returns with an error code if I pass in a cipher it recognizes. This happens with both -tls1 and -ssl3. I've tried every parameter to openssl I can think of.
apt-cache showpkg openssl
...
Provides:
1.0.1-4ubuntu5.5 -
1.0.1-4ubuntu5.3 -
1.0.1-4ubuntu3 -
I've also tried every parameter I can think of to curl but with no success, because it uses openssl under the hood.
I'm concerned that Ubuntu can't establish secure connections (an astounding statement, I realize). After two solid days of beating my head against this problem, I'm basically praying at this point that someone knows a workaround. I'm considering a downgrade to OpenSSL 1.0.0 or using libcurl4-dev with gnutls-dev instead. Both solutions leave a rotten taste in my mouth. Thanks in advance for any help you can provide.
P.S. all of this work is so that my server can interface with external https REST APIs. I consider this a fundamental requirement in any webserver today, no excuses.
UPDATE: Here is my output without passing a cipher. It doesn't matter if I pass -CAfile or not either:
openssl s_client -connect graph.facebook.com:443 -debug -state -msg -CAfile /etc/ssl/certs/ca-certificates.crt
CONNECTED(00000003)
SSL_connect:before/connect initialization
write to 0x14ed1a0 [0x1515bf0] (226 bytes => 226 (0xE2))
0000 - 16 03 01 00 dd 01 00 00-d9 03 02 50 b6 39 78 6a ...........P.9xj
0010 - 24 95 8e dc 62 19 37 4b-ab 77 b8 66 cd 48 ba a2 $...b.7K.w.f.H..
0020 - a1 2a f8 1d f8 c9 5d fb-9d db 84 00 00 66 c0 14 .*....]......f..
0030 - c0 0a c0 22 c0 21 00 39-00 38 00 88 00 87 c0 0f ...".!.9.8......
0040 - c0 05 00 35 00 84 c0 12-c0 08 c0 1c c0 1b 00 16 ...5............
0050 - 00 13 c0 0d c0 03 00 0a-c0 13 c0 09 c0 1f c0 1e ................
0060 - 00 33 00 32 00 9a 00 99-00 45 00 44 c0 0e c0 04 .3.2.....E.D....
0070 - 00 2f 00 96 00 41 c0 11-c0 07 c0 0c c0 02 00 05 ./...A..........
0080 - 00 04 00 15 00 12 00 09-00 14 00 11 00 08 00 06 ................
0090 - 00 03 00 ff 02 01 00 00-49 00 0b 00 04 03 00 01 ........I.......
00a0 - 02 00 0a 00 34 00 32 00-0e 00 0d 00 19 00 0b 00 ....4.2.........
00b0 - 0c 00 18 00 09 00 0a 00-16 00 17 00 08 00 06 00 ................
00c0 - 07 00 14 00 15 00 04 00-05 00 12 00 13 00 01 00 ................
00d0 - 02 00 03 00 0f 00 10 00-11 00 23 00 00 00 0f 00 ..........#.....
00e0 - 01 01 ..
>>> TLS 1.1 [length 00dd]
01 00 00 d9 03 02 50 b6 39 78 6a 24 95 8e dc 62
19 37 4b ab 77 b8 66 cd 48 ba a2 a1 2a f8 1d f8
c9 5d fb 9d db 84 00 00 66 c0 14 c0 0a c0 22 c0
21 00 39 00 38 00 88 00 87 c0 0f c0 05 00 35 00
84 c0 12 c0 08 c0 1c c0 1b 00 16 00 13 c0 0d c0
03 00 0a c0 13 c0 09 c0 1f c0 1e 00 33 00 32 00
9a 00 99 00 45 00 44 c0 0e c0 04 00 2f 00 96 00
41 c0 11 c0 07 c0 0c c0 02 00 05 00 04 00 15 00
12 00 09 00 14 00 11 00 08 00 06 00 03 00 ff 02
01 00 00 49 00 0b 00 04 03 00 01 02 00 0a 00 34
00 32 00 0e 00 0d 00 19 00 0b 00 0c 00 18 00 09
00 0a 00 16 00 17 00 08 00 06 00 07 00 14 00 15
00 04 00 05 00 12 00 13 00 01 00 02 00 03 00 0f
00 10 00 11 00 23 00 00 00 0f 00 01 01
SSL_connect:unknown state
Why are you passing -cipher SRP-AES-256-CBC-SHA when connecting to graph.facebook.com? Facebook certainly doesn't support SRP: http://srp.stanford.edu/.
Does it work if you don't pass that?
Also, can you give the IP address that you're getting? With 69.171.229.17, I can reproduce that exact ClientHello (modulo the nonce and with RC4-SHA are the only cipher save the SCSV) and I get a successful handshake.
Lastly, have you tried doing over an SSH tunnel to somewhere else? Sadly, when deploying TLS features in Chrome we have repeatedly found networking hardware that breaks TLS connections. (Although I can't think of a case where -ssl3 wouldn't fix it unless the hardware was actively trying to censor connections.)
Setting the MTU on my Ubuntu box from 1500 to 1496 (due to one of our firewalls being set too low) allows me to receive a response from the server without having to reboot (be sure to call ifconfig first and write down your original MTU which should be 1500):
sudo ifconfig eth0 mtu 1496
I discovered my MTU by pinging with successively larger buffers (add 28 bytes for UDP header):
Fails for 1472 + 28 = 1500:
ping -s 1472 facebook.com
PING facebook.com (66.220.158.16) 1472(1500) bytes of data.
...
Works for 1468 + 28 = 1496:
ping -s 1468 facebook.com
PING facebook.com (69.171.229.16) 1468(1496) bytes of data.
1476 bytes from www-slb-ecmp-06-prn1.facebook.com (69.171.229.16): icmp_req=1 ttl=242 time=30.0 ms
...
With 1496 I'm now able to curl to facebook.com:
curl -v https://facebook.com
* About to connect() to facebook.com port 443 (#0)
* Trying 66.220.152.16... connected
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using RC4-SHA
* Server certificate:
* subject: C=US; ST=California; L=Palo Alto; O=Facebook, Inc.; CN=www.facebook.com
* start date: 2012-06-21 00:00:00 GMT
* expire date: 2013-12-31 23:59:59 GMT
* subjectAltName: facebook.com matched
* issuer: O=VeriSign Trust Network; OU=VeriSign, Inc.; OU=VeriSign International Server CA - Class 3; OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
* SSL certificate verify ok.
> GET / HTTP/1.1
> User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3
> Host: facebook.com
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Location: https://www.facebook.com/
< Content-Type: text/html; charset=utf-8
< X-FB-Debug: 3vAg1O5OG9hB/EWC+gk1Kl3WLJRGmlQDaEodirWb+i0=
< Date: Wed, 28 Nov 2012 19:52:25 GMT
< Connection: keep-alive
< Content-Length: 0
<
* Connection #0 to host facebook.com left intact
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
I personally think that MTU should have absolutely nothing to do with what the user sees at the stream level with TCP so I hope the OpenSSL folks fix this. I also wish that someone would invent an automagic bug submitter for bugs that are profoundly widespread and time-sucking.

Why I receive no answer from an ARP request?

I'm working on an embedded device that connects on local network with RJ45 and when the system sends an ARP request to know the mac address of the gateway, no answer at all.
If I clear the arp table on my Windows, the Windows asks exactly the same ARP request and got an answer!
I sniffed the packet and the only difference inside the request packet is a 0 trailer on the embedded device at the end of the packet and that the target mac address is ff:ff:ff:ff:ff:ff where the windows one is 00:00:00:00:00:00 (wikipedia seems to say that it should be ffffffffff)
I tried to changed the mac address in case my gateway banned the mac due to arp spam but it doesn't change anything. I also try with DHCP IP and static IP, same problem...
Windows packet:
Frame 1 (42 bytes on wire, 42 bytes captured)
Frame is marked: False
Arrival Time: Jan 29, 2010 12:05:49.775534000
Time delta from previous packet: -77.580549000 seconds
Time since reference or first frame: 6354.738379000 seconds
Frame Number: 1
Packet Length: 42 bytes
Capture Length: 42 bytes
Protocols in frame: eth:arp
Ethernet II, Src: 00:1e:8c:b5:d0:00, Dst: ff:ff:ff:ff:ff:ff
Type: ARP (0x0806)
Address Resolution Protocol (request)
Hardware type: Ethernet (0x0001)
Protocol type: IP (0x0800)
Hardware size: 6
Protocol size: 4
Opcode: request (0x0001)
Sender MAC address: 00:1e:8c:b5:d0:00 (00:1e:8c:b5:d0:00)
Sender IP address: 192.168.0.14 (192.168.0.14)
Target MAC address: 00:00:00:00:00:00 (00:00:00:00:00:00)
Target IP address: 192.168.0.1 (192.168.0.1)
0000: FF FF FF FF FF FF 00 1E 8C B5 D0 00 08 06 00 01 ................
0010: 08 00 06 04 00 01 00 1E 8C B5 D0 00 C0 A8 00 0E ................
0020: 00 00 00 00 00 00 C0 A8 00 01 ..........
Embedded device packet:
Frame 1 (60 bytes on wire, 60 bytes captured)
Frame is marked: False
Arrival Time: Jan 29, 2010 12:07:04.257748000
Time delta from previous packet: -3.098335000 seconds
Time since reference or first frame: 6429.220593000 seconds
Frame Number: 1
Packet Length: 60 bytes
Capture Length: 60 bytes
Protocols in frame: eth:arp
Ethernet II, Src: 00:04:a3:12:34:05, Dst: ff:ff:ff:ff:ff:ff
Type: ARP (0x0806)
Trailer: 000000000000000000000000000000000000
Address Resolution Protocol (request)
Hardware type: Ethernet (0x0001)
Protocol type: IP (0x0800)
Hardware size: 6
Protocol size: 4
Opcode: request (0x0001)
Sender MAC address: 00:04:a3:12:34:05 (00:04:a3:12:34:05)
Sender IP address: 192.168.0.129 (192.168.0.129)
Target MAC address: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff)
Target IP address: 192.168.0.1 (192.168.0.1)
0000: FF FF FF FF FF FF 00 04 A3 12 34 05 08 06 00 01 ..........4.....
0010: 08 00 06 04 00 01 00 04 A3 12 34 05 C0 A8 00 81 ..........4.....
0020: FF FF FF FF FF FF C0 A8 00 01 00 00 00 00 00 00 ................
0030: 00 00 00 00 00 00 00 00 00 00 00 00 ............
In fact, It was a problem with the TX where the polarity was inverted and cause these problems.
I inverted the polarity and now it works perfectly.