Actions
Bug #7575
openTLS invalid certificate generated for CN=*.his.msappproxy.net
Affected Versions:
Effort:
Difficulty:
Label:
Description
We are seeing this alert triggered for this specific cert.
{"timestamp":"2025-03-03T13:27:20.424054-0800","flow_id":147038621003572,"in_iface":"igb2","event_type":"alert","src_ip":"192.168.172.15","src_port":40920,"dest_ip":"151.206.86.2","dest_port":443,"proto":"TCP","pkt_src":"wire/pcap","metadata":{"flowints":{"tls.anomaly.count":2}},"tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2230004,"rev":1,"signature":"SURICATA TLS invalid certificate","category":"Generic Protocol Command Decode","severity":3},"tls":{"subject":"C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=*.his.msappproxy.net","issuerdn":"C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing CA 08","serial":"33:01:21:73:BE:CE:28:F3:03:E6:87:DE:27:00:00:01:21:73:BE","fingerprint":"e7:85:8c:a6:e9:06:d5:cd:40:37:17:80:48:17:65:08:8f:21:3c:f8","sni":"761303a3-2ec2-424e-8122-be8b689b4996.syncfabric.bootstrap.his.msappproxy.net","version":"TLS 1.2","notbefore":"2025-01-14T18:32:07","notafter":"2025-07-13T18:32:07"},"app_proto":"tls","direction":"to_server","flow":{"pkts_toserver":11,"pkts_toclient":7,"bytes_toserver":4951,"bytes_toclient":5036,"start":"2025-03-03T13:27:20.230843-0800","src_ip":"192.168.172.15","dest_ip":"151.206.86.2","src_port":40920,"dest_port":443},"payload":"FgMDDosLAA0ZAA0WAA0TMIINDzCCC/egAwIBAgIQ1AosfXzNTq9FbStVvQEHtzANBgkqhkiG9w0BAQsFADA4MTYwNAYDVQQDEy1ISVNDb25uZWN0b3JSZWdpc3RyYXRpb25DQS5oaXMubXNhcHBwcm94eS5uZXQwHhcNMjUwMjE0MTQ1ODM0WhcNMjUwNzI5MTMxNDE2WjAvMS0wKwYDVQQDEyQ3NjEzMDNhMy0yZWMyLTQyNGUtODEyMi1iZThiNjg5YjQ5OTYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaMWd+mAAaiBYnLPfKKgxC3qd9epi0y0g4DKf2ht3PP5BCBDb2YhMEQJcExyQQpKaYGcXoFdMNHv+1YS4fBuBo/5QLyhAPXAqm8tsz4BkpW/Q5mjTlunKsz8Vxnv7+hTtMmTlbmt1xleZblWecFeLDuu2rhlQAUhhDnPWjaN5chDyoDJb0ihvomvHTTkKQIlnWCxRSkSZUadILAsUhHfkKWSuBzhz5QPKy6/oJxt1Vg/ylCM96dydgI+aq0UrQmh1TkqeQR9kue3tjA75G6bbouWz6U+2v0NHUOg2Ywskl2nmaZadjKkyDuQHiHmUPf7DpSbWW04LLgzp82M05SWRtAgMBAAGCEQCjAxN2wi5OQoEivotom0mWo4IKCTCCCgUwHQYJKwYBBAGCN1IBBBCtFMZqdoIySYY50SzlUM+6MBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMCMIIJygYJKwYBBAGCN1ICBIIJu3YyOjCCCbQGCSqGSIb3DQEHAqCCCaUwggmhAgEBMQ8wDQYJYIZIAWUDBAIBBQAwOgYJKoZIhvcNAQcBoC0EK1N5bmNGYWJyaWM6nbg/8gai93gSpDBqM+9m0vpOtRsTVagYcsxWe6VfwRegggfDMIIHvzCCBqegAwIBAgITOgTGytF0RvoCtMDX8gAEBMbK0TANBgkqhkiG9w0BAQsFADBEMRMwEQYKCZImiZPyLGQBGRYDR0JMMRMwEQYKCZImiZPyLGQBGRYDQU1FMRgwFgYDVQQDEw9BTUUgSU5GUkEgQ0EgMDEwHhcNMjUwMTMwMTMxNDE2WhcNMjUwNzI5MTMxNDE2WjAsMSowKAYDVQQDEyFSZWdpc3RyYXRpb25TZXJ2ZXIubXNhcHBwcm94eS5uZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCoOlo12L3dHe2Ja4U9BQhDnvQ9bMq5wmpDbEKDGKiz/FVJrJF1Xh281FPi8N/e2ysdwoK7Rkf6ozP+bD/5IfLxBhh/keHWYpmyDP1YgU62aup3xb1M7JxZAYUslnnOIk2OEACPUNyo+SS43iDKjcXIEGUGVxzHlcoIURrwM62dhAommfpLxRfvjOy/v0s+asUvx6I/FkFxIvNqshpoQ16Cd/wE2xaiInpf3AwKskB/prpKuTI33pU4NcUSNeAyA4SaL71OJotn388Qn7/+v+FiX4+0lYQ6uzN8naoifb8BDVU6Rf8pieixQE47tunHCGLVBdv8K87HP0bXZZ3iK+lNAgMBAAGjggTAMIIEvDAnBgkrBgEEAYI3FQoEGjAYMAoGCCsGAQUFBwMBMAoGCCsGAQUFBwMCMD0GCSsGAQQBgjcVBwQwMC4GJisGAQQBgjcVCIaQ4w2E1bR4hPGLPoWb3RbOnRKBYIX5kUuFrJk0AgFkAgEHMIIB2gYIKwYBBQUHAQEEggHMMIIByDBmBggrBgEFBQcwAoZaaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraWluZnJhL0NlcnRzL0JZMlBLSUlOVENBMDEuQU1FLkdCTF9BTUUlMjBJTkZSQSUyMENBJTIwMDEoNCkuY3J0MFYGCCsGAQUFBzAChkpodHRwOi8vY3JsMS5hbWUuZ2JsL2FpYS9CWTJQS0lJTlRDQTAxLkFNRS5HQkxfQU1FJTIwSU5GUkElMjBDQSUyMDAxKDQpLmNydDBWBggrBgEFBQcwAoZKaHR0cDovL2NybDIuYW1lLmdibC9haWEvQlkyUEtJSU5UQ0EwMS5BTUUuR0JMX0FNRSUyMElORlJBJTIwQ0ElMjAwMSg0KS5jcnQwVgYIKwYBBQUHMAKGSmh0dHA6Ly9jcmwzLmFtZS5nYmwvYWlhL0JZMlBLSUlOVENBMDEuQU1FLkdCTF9BTUUlMjBJTkZSQSUyMENBJTIwMDEoNCkuY3J0MFYGCCsGAQUFBzAChkpodHRwOi8vY3JsNC5hbWUuZ2JsL2FpYS9CWTJQS0lJTlRDQTAxLkFNRS5HQkxfQU1FJTIwSU5GUkElMjBDQSUyMDAxKDQpLmNydDAdBgNVHQ4EFgQUlDZeBJWXa66d5XWoJi5W4+L0xnkwDgYDVR0PAQH/BAQDAgWgMCwGA1UdEQQlMCOCIXJlZ2lzdHJhdGlvbnNlcnZlci5tc2FwcHByb3h5Lm5ldDCCATUGA1UdHwSCASwwggEoMIIBJKCCASCgggEchkJodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpaW5mcmEvQ1JML0FNRSUyMElORlJBJTIwQ0ElMjAwMSg0KS5jcmyGNGh0dHA6Ly9jcmwxLmFtZS5nYmwvY3JsL0FNRSUyMElORlJBJTIwQ0ElMjAwMSg0KS5jcmyGNGh0dHA6Ly9jcmwyLmFtZS5nYmwvY3JsL0FNRSUyMElORlJBJTIwQ0ElMjAwMSg0KS5jcmyGNGh0dHA6Ly9jcmwzLmFtZS5nYmwvY3JsL0FNRSUyMElORlJBJTIwQ0ElMjAwMSg0KS5jcmyGNGh0dHA6Ly9jcmw0LmFtZS5nYmwvY3JsL0FNRSUyMElORlJBJTIwQ0ElMjAwMSg0KS5jcmwwgZ0GA1UdIASBlTCBkjAMBgorBgEEAYI3ewEBMGYGCisGAQQBgjd7AgIwWDBWBggrBgEFBQcCAjBKHkgAMwAzAGUAMAAxADkAMgAxAC0ANABkADYANAAtADQAZgA4AGMALQBhADAANQA1AC0ANQBiAGQAYQBmAGYAZAA1AGUAMwAzAGQwDAYKKwYBBAGCN3sDAjAMBgorBgEEAYI3ewQCMB8GA1UdIwQYMBaAFOXZm2f8+Oy6u/DAqJ2KV4i53z5jMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEADEIujN7Z+u47ktR9n9AEdUDjvVP+YZXSbRd9YsXD9b/PyT7wMqvgwTvZHTvJQ7RObfuGx4rRyLyyn1d8UVErVlfYVFMek9wlTIQHp6v0yVbGmsRt8Aw98wYf7VtfHu0vv8Atb5GKmi2Gdx0nhbzB0t7CyfzwVWXCin88kCjjloJGJsacv8AeEJtyHM5S4qPu3JmfCXV/wG8p5KVPVx4Jvv+uoYKH3nsV1sECqTK4N2lux74qnvnuS9bS7nMmB1fn+aaWLc769ESRtmo4I+56KnbvF0thRi/HiEyvohx3Lik+/mwDNvQD8Sb+y3G7HvlSyBZbd3haXDzIE+8+DAJ//DGCAYYwggGCAgEBMFswRDETMBEGCgmSJomT8ixkARkWA0dCTDETMBEGCgmSJomT8ixkARkWA0FNRTEYMBYGA1UEAxMPQU1FIElORlJBIENBIDAxAhM6BMbK0XRG+gK0wNfyAAQExsrRMA0GCWCGSAFlAwQCAQUAMA0GCSqGSIb3DQEBAQUABIIBAGHzZsgyCA5SqgUHZSgOCHWPzUk5AAGjPGTpY7eY4jhxZObx9CumOdyZEIgpsLTB46mBilHzFyJOKFFtTaaTg95NQOPMXrrD45s1OGRO88ylwByQLRAUfASqF0X+eF6r2KB4D4I5th0C/PE1GdYkUnjwfHrwS2UsvHAr7tXEylC3zMnmbIDCO2xT57Wva5NVZtFIt+YGMQ0Hxx3jyzx8Fcwh1Gn2c8sZUE5eYjdawc86sr2v5QyRLUAEUntd2QfUqLEJZa0nnRdVrOIhjRa7EVDP0mrWkSJ1oXYovGGxb2uZ/9jBsNQug46LFoHCUhqtqzr57kwpr0u5whAhnXAYE4cwDQYJKoZIhvcNAQELBQADggEBAByXoBubeq94QRHPjSHxU52KntzUy/qKuw+OQBIH5XusdDYbj7Hob0S7UVKzmzJCAyKb2CZW+1UiIaASPf9bHcHmExa7JbhQDsBqqtwKNouViJZG5l0Xfrch8RweWVu/mJ1I3dApPYlZ3auphJ7jPnv8SVu+2WgLteX6dyQl3VS+AiejRYd9PPWt7NO7wQABOH0zmvnzj4YbfNa3SKwZ8CpjqpCTT7HAf/LXih2LP4utmw2fVo9oedi3x1zyj+QioheZ1qi0UgjmufyRf/+xauqKALprFBSKYBAf+MSol2hrBjNJXOy9U++2AGAuFi3tk8guSyWWeQHsNz8v+rlCu1QQAABiYQRqtIacwSXMe2PTgxVt/xv+DFu7g6PfdNVYQeN0+N1siHN/sYv2KOjC/nab9wlLK2LQ9rmS3hxitgD5jey+ArqlbYcHQ/MdBhmQ2+YyBjMOuzDvJF//ETTPyL+u7MLjDGMPAAEEBAEBADIb/A8LjiMvyjcK7AiZajb5S4wHPXvCZ8CCKOGg2Pd4LmJ6zxx80A850SZj90qtfPv/sOVMtO6appAvj9T8zZOqlmf2yUcx2RfrHgtM4bv/wwiCPYi4MdWjdVMMgtymn5wObTkEAxGKkIwbg00at6MVGt1msS6Jsd7u1Vq2RBEm3W9EPD2OinolZhyxBqP2qXUy1bsTdhhGCOW74uVqee3MlVJJlil1TTtV/LjzsD6/UsWzv99UOJSWh6UJETfql6V5Za/KzxLsNKA7FOZswC1W1wXq8GYjqPnJXSWtoX70Pk8RvprKiPfvBKF/d17RalREY0W/0ESBRIZemv+o0/4UAwMAAQEWAwMAKAAAAAAAAAAAgBmxXNWedldDzUGp/RBw3I/TPQ14NL5hCPVa/AFrFdM=","payload_printable":".......\r..\r..\r.0.\r.0...........\n,}|.N.Em+U....0\r..*.H..\r.....081604..U...-HISConnectorRegistrationCA.his.msappproxy.net0..\r250214145834Z.\r250729131416Z0/1-0+..U...$761303a3-2ec2-424e-8122-be8b689b49960..\"0\r..*.H..\r..........0..\n......1g~.....',..*.B..}z...H8......?.B.6.b..@...$.........\r...a....h......\\\n...3..)[.9.4..r...q....;L.9[..q..[.g........T.R.C...h.\\.<..........NB.\"Y...R.&Ti....!..\nY+....@.......U.....zw'`#...J...S...G..{{c..F....l.S.....:\r...%.y.e.c*L.....e....I......:|..9Idm...........v..NB.\"..h.I...\n.0.\n.0...+.....7R......jv.2I.9.,.P..0...U.%.....0\n..+.......0.....+.....7R.....v2:0.....*.H..\r.......0......1.0\r..`.H.e......0:..*.H..\r....-.+SyncFabric:..?....x..0j3.f..N...U..r.V{._......0...0..........:....tF............0\r..*.H..\r.....0D1.0..\n..&...,d....GBL1.0..\n..&...,d....AME1.0...U....AME INFRA CA 010..\r250130131416Z.\r250729131416Z0,1*0(..U...!RegistrationServer.msappproxy.net0..\"0\r..*.H..\r..........0..\n......:Z5......k.=..C..=l...jClB.....UI..u^...S.....+....FG..3.l?.!........b....X.N.j.w..L..Y..,.y.\"M....P...$.. .....e.W.....Q..3...\n&..K.......K>j./..?.Aq\".j..hC^.w.....\"z_..\n.@...J.27..85..5.2.../.N&.g........b_....:.3|..\"}..\rU:E.)...@N;....b....+..?F.e..+.M.........0...0'..+.....7.\n..0.0\n..+.......0\n..+.......0=..+.....7...00..&+.....7.....\r...x...>........`...K...4..d...0.....+...........0...0f..+.....0..Zhttp://crl.microsoft.com/pkiinfra/Certs/BY2PKIINTCA01.AME.GBL_AME%20INFRA%20CA%2001(4).crt0V..+.....0..Jhttp://crl1.ame.gbl/aia/BY2PKIINTCA01.AME.GBL_AME%20INFRA%20CA%2001(4).crt0V..+.....0..Jhttp://crl2.ame.gbl/aia/BY2PKIINTCA01.AME.GBL_AME%20INFRA%20CA%2001(4).crt0V..+.....0..Jhttp://crl3.ame.gbl/aia/BY2PKIINTCA01.AME.GBL_AME%20INFRA%20CA%2001(4).crt0V..+.....0..Jhttp://crl4.ame.gbl/aia/BY2PKIINTCA01.AME.GBL_AME%20INFRA%20CA%2001(4).crt0...U.......6^...k...u.&.V....y0...U...........0,..U...%0#.!registrationserver.msappproxy.net0..5..U.....,0..(0..$... .....Bhttp://crl.microsoft.com/pkiinfra/CRL/AME%20INFRA%20CA%2001(4).crl.4http://crl1.ame.gbl/crl/AME%20INFRA%20CA%2001(4).crl.4http://crl2.ame.gbl/crl/AME%20INFRA%20CA%2001(4).crl.4http://crl3.ame.gbl/crl/AME%20INFRA%20CA%2001(4).crl.4http://crl4.ame.gbl/crl/AME%20INFRA%20CA%2001(4).crl0....U. ...0..0..\n+.....7{..0f.\n+.....7{..0X0V..+.......0J.H.3.3.e.0.1.9.2.1.-.4.d.6.4.-.4.f.8.c.-.a.0.5.5.-.5.b.d.a.f.f.d.5.e.3.3.d0..\n+.....7{..0..\n+.....7{..0...U.#..0......g..........W...>c0...U.%..0...+.........+.......0\r..*.H..\r...........B......;..}...u@..S.a..m.}b......>.2...;..;.C.Nm.........W|QQ+VW.TS...%L......V...m..=....[_../..-o...-.w.'.........Ue...<.(...F&.......r..R.......u..o)..OW.........{.....2.7in..*...K...s&.W....-...D..j8#.z*v..KaF/..L...w.)>.l.6...&..q...R..[wxZ\\<...>....1...0......0[0D1.0..\n..&...,d....GBL1.0..\n..&...,d....AME1.0...U....AME INFRA CA 01..:....tF............0\r..`.H.e......0\r..*.H..\r.........a.f.2..R...e(..u..I9...<d.c...8qd...+.9....).......Q..\"N(QmM....M@..^....58dN......-..|...E.x^...x..9.....5..$Rx.|z.Ke,.p+....P....l..;lS...k.Uf.H...1\r.....<|..!.i.s..PN^b7Z..:......-@.R{]......e.'..U..!....P..j..\"u.v(.a.ok.............R...:..L).K...!.p...0\r..*.H..\r...............z.xA...!.S...........@...{.t6....oD.QR..2B.\"..&V.U\"!..=.[......%.P..j..\n6....F.].~.!...Y[...H..)=.Y......>{.I[..h....w$%.T..'.E.}<........8}3......|..H...*c...O........?...\r.V.hy...\\...\"......R........j....k...`......hk.3I\\..S...`..-....K%.y..7?/..B.T...ba.j....%.{c...m....[....t.XA.t..l.s....(...v...K+b......b.........m..C.......2.3..0.$_..4........c........2.....#/.7\n...j6.K..={.g..(....x.bz..|..9.&c.J.|....L...../.......g..G1.....L......=..1..uS.......m9........M......f.......Z.D.&.oD<=..z%f......u2...v.F.....jy...RI.)uM;U....>.R....T8......7...ye.....4.;..l.-V....f#...]%..~.>O..........w^.jTDcE..D.D.^...............(...........\\..vWC.A...p...=\rx4.a..Z..k..","stream":1,"packet":"rB9rFcyCABY+CToLCABFAAEiAqlAAEAG3KTAqKwPl85WAp/YAbuDAucrce/I1FAYAPkGigAAFwMDAPUAAAAAAAAAAW+jyo9KgwpDMAVYxqDUGW1MHOc/RRHILdRSqMRNp9m9tMn/GaxAoFuZsqF1N+qk0YatN7ntKhy9kw4R36EEm2wUf9807YuycRT6zvEbn/V8G4b8i8+EuLg/xEycePkF9z8XVvJc+nwu4fexF3O1IWjeN5rksr/Ioub9uPDPOv8ihLk02A+kt+lH1Kt3GYtf4wNSsUHXWQ7QQrlKhugG54GohDVt9vHfG8StHl/Rr55krNZn3n8jaXLOZcRrm+cGxQLd+qg7k2NZ6ux4yeflSzk2sSzVm34WAJOFvrla7zq8ODyA5hf5lqunOSG9FQ==","packet_info":{"linktype":1}}
I'm not sure I'm going to be able to capture a pcap trace. Is the payload sufficient? How can one decode the payload? I was hoping to check the cert myself but not sure I can.
Perhaps this is useful as well:
openssl s_client -connect 761303a3-2ec2-424e-8122-be8b689b4996.syncfabric.bootstrap.his.msappproxy.net:443
Connecting to 151.206.86.2
CONNECTED(00000003)
depth=2 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
verify return:1
depth=1 C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing CA 08
verify return:1
depth=0 C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=*.his.msappproxy.net
verify return:1
---
Certificate chain
0 s:C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=*.his.msappproxy.net
i:C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing CA 08
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA384
v:NotBefore: Jan 14 18:32:07 2025 GMT; NotAfter: Jul 13 18:32:07 2025 GMT
1 s:C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing CA 08
i:C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA384
v:NotBefore: Jun 8 00:00:00 2023 GMT; NotAfter: Aug 25 23:59:59 2026 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIKQzCCCCugAwIBAgITMwEhc77OKPMD5ofeJwAAASFzvjANBgkqhkiG9w0BAQwF
ADBdMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9u
MS4wLAYDVQQDEyVNaWNyb3NvZnQgQXp1cmUgUlNBIFRMUyBJc3N1aW5nIENBIDA4
MB4XDTI1MDExNDE4MzIwN1oXDTI1MDcxMzE4MzIwN1owazELMAkGA1UEBhMCVVMx
CzAJBgNVBAgTAldBMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3Nv
ZnQgQ29ycG9yYXRpb24xHTAbBgNVBAMMFCouaGlzLm1zYXBwcHJveHkubmV0MIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtzLXcxJZoMcVo04RqDNpzqPn
g9dcuBgYab6s+UE73+YGZAsOjrvafZyA9Eh/mUojhhwlRKLeB8ZUphHHE5mnvEhN
xOjewlYWPK4WG6GFd21co/pON3Jt8X3BwPDm1SpdwIyQG2NITRG5+lKNkHoGSgRn
+18w2PgLo9PJO3+IoshfJ+KjSN/qJ3Rj1CtvCKgifRpcGXHwXvjnpc5uUgP3gr17
sJC2mM/CG0+gnhmqB6Kmh+PuIKXFt9deP7qERNjj1m9chLyDTs9172woTnHHkJXS
sP8bYeVy0BzQNI7WfNNkEJ0YWY8D4bdcdRv0r91/P7R8CCLepSxd8/4P5xA7SQID
AQABo4IF7DCCBegwggF/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2AN3cyjSV1+EW
BeeVMvrHn/g9HFDf2wA6FBJ2Ciysu8gqAAABlGYfiKkAAAQDAEcwRQIhAIM2ou55
RfMqzjTY/jvqrzBCFpG6H3+POD4dkz9V3A+rAiAU2ekE3jOQamxNnNUS0vKzsRJo
q6wys1a4DUfQGTrCCgB2AH1ZHhLheCp7HGFnfF79+NCHXBSgTpWeuQMv2Q6MLnm4
AAABlGYfiYEAAAQDAEcwRQIgVJ1g+tao6NnFFOm2PY2UEXBbh8wRe1B6k78OVvjE
r8QCIQDuKcoycxP67nvMe1l/zTHxzMaCHGbQmw80qmAFJfa8WAB3ABoE/0nQVB1A
r/agw7/x2MRnL07s7iNAaJhrF0Au3Il9AAABlGYfifgAAAQDAEgwRgIhAM9UBCcf
Qed+fqjSfeHXuT26+mD2XuVdheGxyzP5pH93AiEA7wnBvzgozlwkPSMhLDJghfJz
n5RRmDK41ubWFwMahDEwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggr
BgEFBQcDATA8BgkrBgEEAYI3FQcELzAtBiUrBgEEAYI3FQiHvdcbgefrRoKBnS6O
0AyH8NodXYKr5zCH7fEfAgFkAgEtMIG0BggrBgEFBQcBAQSBpzCBpDBzBggrBgEF
BQcwAoZnaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNy
b3NvZnQlMjBBenVyZSUyMFJTQSUyMFRMUyUyMElzc3VpbmclMjBDQSUyMDA4JTIw
LSUyMHhzaWduLmNydDAtBggrBgEFBQcwAYYhaHR0cDovL29uZW9jc3AubWljcm9z
b2Z0LmNvbS9vY3NwMB0GA1UdDgQWBBQA7bMj20JpX1HkXa7O8aV83WyrEDAOBgNV
HQ8BAf8EBAMCBaAwggHyBgNVHREEggHpMIIB5YIvKi5hZGFkbWluaXN0cmF0aW9u
LmJvb3RzdHJhcC5oaXMubXNhcHBwcm94eS5uZXSCHiouYm9vdHN0cmFwLmhpcy5t
c2FwcHByb3h5Lm5ldIIaKi5ib290c3RyYXAubXNhcHBwcm94eS5uZXSCHiouY29u
bmVjdG9yLmhpcy5tc2FwcHByb3h5Lm5ldIInKi5leGNoYW5nZS5ib290c3RyYXAu
aGlzLm1zYXBwcHJveHkubmV0ghQqLmhpcy5tc2FwcHByb3h5Lm5ldIIiKi5wdGEu
Ym9vdHN0cmFwLmhpcy5tc2FwcHByb3h5Lm5ldIImKi5yZXNvdXJjZS5mcmVlYnVz
eS5oaXMubXNhcHBwcm94eS5uZXSCLioucmVzb3VyY2UubWFpbGJveG1pZ3JhdGlv
bi5oaXMubXNhcHBwcm94eS5uZXSCICoucmlkLnJ1bnRpbWUuaGlzLm1zYXBwcHJv
eHkubmV0gikqLnN5bmNmYWJyaWMuYm9vdHN0cmFwLmhpcy5tc2FwcHByb3h5Lm5l
dIIgKi50aWQucnVudGltZS5oaXMubXNhcHBwcm94eS5uZXSCGGJvb3RzdHJhcC5t
c2FwcHByb3h5Lm5ldIISaGlzLm1zYXBwcHJveHkubmV0MAwGA1UdEwEB/wQCMAAw
agYDVR0fBGMwYTBfoF2gW4ZZaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9w
cy9jcmwvTWljcm9zb2Z0JTIwQXp1cmUlMjBSU0ElMjBUTFMlMjBJc3N1aW5nJTIw
Q0ElMjAwOC5jcmwwZgYDVR0gBF8wXTBRBgwrBgEEAYI3TIN9AQEwQTA/BggrBgEF
BQcCARYzaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9Eb2NzL1JlcG9z
aXRvcnkuaHRtMAgGBmeBDAECAjAfBgNVHSMEGDAWgBT2fi+9gKNKsnBb69+aH9jt
ymGABzAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDQYJKoZIhvcNAQEM
BQADggIBAD2RIobQ4q/WjflJV7RRgUmybRlgzngEMf5/3eAr840Kp9Vxe/XxquO3
t4rbODuTJVYd7cBV/Atr40thUS5EqbBQh0BA2vrSuB5mTWOLEooFJG7JIX4P02Ie
NiUsDqjgguPEJOTTEfiFQb761cZgWoA8rMBRyVq0dV21RlXkhYXgF/EwKKsDblfX
J1S7BfjonLRZPcnHsiID6QOwn/55Hg+tZBOmZSfw/2g3JyYYYA8YWWDUB8kTexRs
55bkQz4HTHv7QoTIxpimXM/xK7y1Gz5+WspErbsRZguudT5CDQQxjSH/Citdvlre
TEKoy5T8gKlk3W5icGw7D3FJFkfa7M2uy+5r5heS5Ud7rEk4nHIVM0WSSogKGuY4
5qnXX3F1I5L+w6Y9imvPHWv845Y/gl+xMZH0AVS6OE8/i5n+LnndBbTYwGbY14TQ
OD/aP+uAhMgXtlqGGT06jUwU3z7EWTYGGlbbpMpLnexVmYTmTvKrI2G1BtROso1z
epUip6wjtGpHYgMj4QaFjlw3QiTErmLQWMz6GX3Q5VLPsNusVCbDYOZ2wkh5UTSJ
47D5krWs7iTNfhF/pNpEPmKamIYseNpmfrleQhN2c7oNrTpfvEdRLOK+Hg5OJbLb
L72yPNBGOrCg9CbbR9BqL6xKljojf/aRa4NsHAPZJGwlQzNcHe+b
-----END CERTIFICATE-----
subject=C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=*.his.msappproxy.net
issuer=C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing CA 08
---
No client certificate CA names sent
Requested Signature Algorithms: RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA1:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA1:DSA+SHA1:RSA+SHA512:ECDSA+SHA512
Shared Requested Signature Algorithms: RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:ECDSA+SHA256:ECDSA+SHA384:RSA+SHA512:ECDSA+SHA512
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: ECDH, secp384r1, 384 bits
---
SSL handshake has read 4777 bytes and written 957 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 9C2FFB9C52A3ABBCDD914AD885A2E2B07C3EBA98E585EE49446699EF1F25BC13
Session-ID-ctx:
Resumption PSK: 1AAD873D5BA4F5D19135D1F37AD536CCA9172AB24435022A79802196EC2FBD4C87657BF8E59E262264777427F132C0E2
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 36000 (seconds)
TLS session ticket:
0000 - 49 0a 00 00 e2 a5 3a f5-5c 81 1e a5 52 32 07 25 I.....:.\...R2.%
0010 - d1 04 b3 9d 94 cf 80 b2-14 35 54 7d 83 2b a2 6f .........5T}.+.o
Start Time: 1741039064
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
No data to display
Actions