Cryptograhpy cipher RC4 2048bit in JDK1.5
I need to use RC4 key size of (256 bytes) 2048 bits. From JCE JavaDoc
http://java.sun.com/j2se/1.5.0/docs/guide/security/jce/JCERefGuide.html#AppE
RC4 can only support 128 bytes/1024 bits
I wonder, does any of the JDK/JCE version support RC4 for 2048 bits key?
Or can you suggest a shareware provider which supports RC4 2048 bits?
I had this topic posted orginaly in
http://forum.java.sun.com/thread.jspa?threadID=757353
Thanks a lot.
Thanks for your reply:
I have downloaded Unlimited Strength Jurisdiction Policy Files and replaced jars in my jre/lib/security. I still have the same problem.
Here is my code: The parameter keyBytes is the same as we use on the other side of the wire implemented in C version of openssl.
private Cipher quickTestRC4(byte[] keyBytes){
SecretKey key = new SecretKeySpec(keyBytes, "RC4");
Cipher cipher = null;
try {
cipher = Cipher.getInstance("RC4");
System.out.println("Testing RC4: initialize by passing keyBytes size = "+keyBytes.length+" bytes");
cipher.init(Cipher.ENCRYPT_MODE, key);
catch (Exception e1){
e1.printStackTrace();
return cipher;
Here is the exception:
Testing RC4: initialize by passing keyBytes size = 256 bytes
java.security.InvalidKeyException: Key length must be between 40 and 1024 bit
at com.sun.crypto.provider.ARCFOURCipher.a(DashoA12275)
at com.sun.crypto.provider.ARCFOURCipher.a(DashoA12275)
at com.sun.crypto.provider.ARCFOURCipher.engineInit(DashoA12275)
at javax.crypto.Cipher.a(DashoA12275)
at javax.crypto.Cipher.a(DashoA12275)
at javax.crypto.Cipher.init(DashoA12275)
at javax.crypto.Cipher.init(DashoA12275)
at com.MyTest.quickTestRC4(MyTest.java:138)
If I pass in 128 bytes keyBytes, it works fine.
I wonder, what could be the problem here and how to solve it?
Thanks a lot.
Similar Messages
-
BB Browser Cipher RC4 128 bit Security Concerns
When you check Browserspy from your BlackBerry browser via this link:
http://browserspy.dk/
Then select "Security" from the list
Then select "SSL Encryption Check"
For my Z30 I get RC4 128 bit (see picture.)
I also get the same results using this test:
https://www.fortify.net/
There are security concerns for RC4 128 bit to the extent Microsoft has recommended not using it. See these two links:
http://en.wikipedia.org/wiki/RC4
http://technet.microsoft.com/en-us/library/cc179125.aspx
I do not have any device connecting to the web using RC4 128 bit.
Is there a way to change the cipher strength or order for the BlackBerry browser?
(Just as a side note - because BlackBerry uses WebKit for the browser (Apple uses WebKit) a lot of the browser tester sites pick it up as Safari. I woder if browser testing to determine market share doesn't flag some of Blackberry as Apple due to this "confusion.")
Solved!
Go to Solution.foryour information, here is what I get for my desktop browsers :
AES128 for Mozilla Firefox 36.0
AES128 for Google Chromium 42.0
AES256 for MS Internet Explorer 11
and also...
AES128 for Mozilla Firefox 35.0.1 APK on my Passport
The search box on top-right of this page is your true friend, and the public Knowledge Base too: -
Handshake failure with client authentication
Hi,
I am using the JDK1.4 beta 3 to accomplish the following: I want to request an HTML page on an Apache webserver configured with SSL and client-authentication. It works with Netscape and Internet Explorer (and also with the openssl s_client test program)...
But now I want to try it using Java... So, I wrote a very simple program based on some examples found on this forum... But i keep getting the following error (excerpt from the javax.net.debug=all command)
As you can see the server request a client certificate that's issued by the certificate authority mentioned...
*** CertificateRequest
Cert Types: RSA, DSS,
Cert Authorities:
<[email protected], CN=Andy Zaidman, OU=stage, O=Kava's Certif
icate Authority, L=Antwerp, ST=Antwerp, C=BE>
[read] MD5 and SHA1 hashes: len = 180
0000: 0D 00 00 B0 02 01 02 00 AB 00 A9 30 81 A6 31 0B ...........0..1.
0010: 30 09 06 03 55 04 06 13 02 42 45 31 10 30 0E 06 0...U....BE1.0..
0020: 03 55 04 08 13 07 41 6E 74 77 65 72 70 31 10 30 .U....Antwerp1.0
0030: 0E 06 03 55 04 07 13 07 41 6E 74 77 65 72 70 31 ...U....Antwerp1
0040: 25 30 23 06 03 55 04 0A 13 1C 4B 61 76 61 27 73 %0#..U....Kava's
0050: 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 Certificate Aut
0060: 68 6F 72 69 74 79 31 0E 30 0C 06 03 55 04 0B 13 hority1.0...U...
0070: 05 73 74 61 67 65 31 15 30 13 06 03 55 04 03 13 .stage1.0...U...
0080: 0C 41 6E 64 79 20 5A 61 69 64 6D 61 6E 31 25 30 .Andy Zaidman1%0
0090: 23 06 09 2A 86 48 86 F7 0D 01 09 01 16 16 41 6E #..*.H........An
00A0: 64 79 2E 5A 61 69 64 6D 61 6E 40 75 69 61 2E 61 [email protected]
00B0: 63 2E 62 65 c.be
*** ServerHelloDone
[read] MD5 and SHA1 hashes: len = 4
0000: 0E 00 00 00 ....
*** Certificate chain
JsseJCE: Using JSSE internal implementation for cipher RSA/ECB/PKCS1Padding
*** ClientKeyExchange, RSA PreMasterSecret, v3.1
Random Secret: { 3, 1, 38, 54, 219, 158, 32, 158, 155, 15, 55, 137, 216, 164, 4
5, 65, 153, 142, 200, 98, 57, 251, 55, 6, 46, 124, 181, 161, 164, 234, 218, 75,
195, 72, 218, 187, 182, 197, 4, 11, 249, 45, 3, 136, 207, 114, 236, 172 }
[write] MD5 and SHA1 hashes: len = 141
0000: 0B 00 00 03 00 00 00 10 00 00 82 00 80 64 92 2E .............d..
0010: 42 2C A5 79 1D 2B A9 A5 D0 46 2A 1F 67 F3 49 28 B,.y.+...F*.g.I(
0020: E0 ED 1D 85 E3 06 22 49 8A 79 02 48 E2 DD E6 75 ......"I.y.H...u
0030: F3 C0 D3 A8 31 C0 18 94 7C 81 24 75 6A A1 0C 4F ....1.....$uj..O
0040: 99 03 66 B8 37 4F 05 0D 5D CD F2 A0 10 F5 D5 F5 ..f.7O..].......
0050: 50 66 49 91 CA C0 18 F1 07 E9 70 D0 CB EA 70 D3 PfI.......p...p.
0060: 8E 13 55 E7 43 BD 94 1C D3 96 1F E9 67 93 57 62 ..U.C.......g.Wb
0070: 91 5C E6 ED B1 75 9C A8 55 B7 50 DE CE 9B 1C EE .\...u..U.P.....
0080: 57 62 20 9C F3 11 36 68 7A 38 62 79 D1 Wb ...6hz8by.
main, WRITE: SSL v3.1 Handshake, length = 141
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 26 36 DB 9E 20 9E 9B 0F 37 89 D8 A4 2D 41 ..&6.. ...7...-A
0010: 99 8E C8 62 39 FB 37 06 2E 7C B5 A1 A4 EA DA 4B ...b9.7........K
0020: C3 48 DA BB B6 C5 04 0B F9 2D 03 88 CF 72 EC AC .H.......-...r..
CONNECTION KEYGEN:
Client Nonce:
0000: 3B E9 51 EF F3 13 65 11 4E D6 B7 B1 9F E8 F6 CB ;.Q...e.N.......
0010: B5 2B 34 8F 87 53 66 61 33 BF 5A AD 7D 22 57 7D .+4..Sfa3.Z.."W.
Server Nonce:
0000: 3B E9 53 4E 03 37 E9 CD E8 DB 7C 54 9A 9E 53 B9 ;.SN.7.....T..S.
0010: 78 E0 36 DF 06 17 07 90 2C D1 83 5E 20 05 DC E9 x.6.....,..^ ...
Master Secret:
0000: B5 A0 37 0A 2C 29 AD AC 99 B6 2F E0 4D 80 38 68 ..7.,)..../.M.8h
0010: F7 4F 24 C4 AA 8C ED 25 A9 D6 90 33 4B 5A 0B 1D .O$....%...3KZ..
0020: 11 A5 C9 E8 DB DE EF 9B 8D EB 7C 84 D6 AC 94 4F ...............O
Client MAC write Secret:
0000: F5 AF 61 5B B4 C2 A8 12 DA 7A FE A6 82 79 7F FC ..a[.....z...y..
0010: B9 86 B2 C0 ....
Server MAC write Secret:
0000: 62 22 C6 39 91 E4 45 50 2A 49 E0 26 CF 16 3E 6A b".9..EP*I.&..>j
0010: 46 19 00 D9 F...
Client write key:
0000: D9 D2 99 89 5C CA 2E 7D F3 B8 52 24 9E 01 9B 3B ....\.....R$...;
Server write key:
0000: 37 C3 37 78 8B 85 B0 FE 01 83 E2 6C F7 C6 73 33 7.7x.......l..s3
... no IV for cipher
main, WRITE: SSL v3.1 Change Cipher Spec, length = 1
JsseJCE: Using JSSE internal implementation for cipher RC4
*** Finished, v3.1
verify_data: { 51, 236, 194, 3, 230, 37, 147, 76, 251, 233, 132, 207 }
[write] MD5 and SHA1 hashes: len = 16
0000: 14 00 00 0C 33 EC C2 03 E6 25 93 4C FB E9 84 CF ....3....%.L....
Plaintext before ENCRYPTION: len = 36
0000: 14 00 00 0C 33 EC C2 03 E6 25 93 4C FB E9 84 CF ....3....%.L....
0010: 64 30 E3 0B 31 CF 7D C7 D6 17 D8 FB 31 23 F9 34 d0..1.......1#.4
0020: 5D B9 47 F9 ].G.
main, WRITE: SSL v3.1 Handshake, length = 36
main, READ: SSL v3.1 Alert, length = 2
main, RECV SSLv3 ALERT: fatal, handshake_failure
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
at java.io.OutputStream.write(OutputStream.java:61)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275)
at HttpClient.main(HttpClient.java:105)
Now, I am sure the certificate is in the keystore, because one of the first things I do in the program is print the certificates available in the keystore...
Does anyone know what I'm doing wrong? If you need the code to make a proper judgement, I will post it...
Tnx in advance!
Greetz,
Andy Zaidman
[email protected]import java.net.*;
import java.io.*;
import java.security.*;
import java.security.cert.*;
import javax.net.ssl.*;
import java.util.*;
public class HttpClient
public HttpClient(){}
public static void main (String args[])
try
//This is my server certificate - public key
String serverCertificateFile = "MyCA.cer";
//This is my client personal certificate
String clientCertificateFile = "MyPersonal.pfx";
CertificateFactory cf = CertificateFactory.getInstance("X.509");
KeyStore ks = KeyStore.getInstance("JKS");
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SUNX509");
ks.load(null, null);
java.security.cert.X509Certificate the_cert = (java.security.cert.X509Certificate) cf.generateCertificate(new FileInputStream(serverCertificateFile));
ks.setCertificateEntry("server", the_cert);
tmf.init(ks);
for (Enumeration e = ks.aliases() ; e.hasMoreElements() ;)
System.out.println(ks.getCertificate(e.nextElement().toString()).toString());
KeyStore ks2 = KeyStore.getInstance("PKCS12", "SunJSSE");
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SUNX509");
ks2.load(null, null);
FileInputStream fin = new FileInputStream(clientCertificateFile);
ks2.load(fin, "xxx".toCharArray());
kmf.init(ks2, "xxx".toCharArray());
fin.close();
for (Enumeration e = ks2.aliases() ; e.hasMoreElements() ;)
System.out.println(ks2.getCertificate(e.nextElement().toString()).toString());
SSLContext ctx = SSLContext.getInstance("SSLv3");
KeyManager[] km = kmf.getKeyManagers();
for(int i = 0; i < km.length; ++i)
System.out.println(km);
TrustManager[] tm = tmf.getTrustManagers();
ctx.init(km, tm, null);
// connection part
SSLSocketFactory factory = ctx.getSocketFactory();
SSLSocket socket = (SSLSocket)factory.createSocket("localhost", 443);
for(int i = 0; i < socket.getEnabledCipherSuites().length; ++i)
System.out.println(socket.getEnabledCipherSuites()[i]);
socket.startHandshake();
PrintWriter out = new PrintWriter(
new BufferedWriter(
new OutputStreamWriter(
socket.getOutputStream())));
out.println("GET " + "/" + " HTTP/1.1");
out.println();
out.flush();
catch(Exception e)
e.printStackTrace(); -
Problems Emailing to Web Gallery From Camera Phone
I have a Sony Ericcson camera phone that has a mail client which I have set up to use GMail for both incoming and outgoing mail. I can't seem to get Web Gallery to accept the picture emails I send from the phone. The only thing I can conclude is that the server accepting the emails has problems parsing the message. I can use my desktop computer to send the image to Web Gallery, so it's there's nothing wrong with the image itself. I've also tried configuring my phone to use an AT&T mail server to send the picture, but have the same problems, so it's not the mail servers. I've also sent a full sized image (2 megapixels) as well as a small version (640x480) to see if it's related to file size, but they fail as well. Interestingly enough, I can send videos that I take from my phone to Web Gallery and it gets posted, so I figure it's not the phone.
Has anyone else encountered this problem? I've included the failure notice email I get back from the Web Gallery mail servers below if it can help diagnose the problem. Thanks.
This is an automatically generated Delivery Status Notification
Delivery to the following recipient failed permanently:
[email protected]
Technical details of permanent failure:
PERM_FAILURE: SMTP Error (state 16): 521 5.2.1 Fatal failure of WOA
----- Original message -----
Received: by 10.115.54.1 with SMTP id g1mr3950254wak.1186779997656;
Fri, 10 Aug 2007 14:06:37 -0700 (PDT)
Return-Path: <[email protected]>
Received: from ?10.173.60.148? ( [208.54.14.20])
by mx.google.com with ESMTPS id n22sm5661856pof.2007.08.10.14.05.35
(version=SSLv3 cipher=RC4-MD5);
Fri, 10 Aug 2007 14:06:36 -0700 (PDT)
From: "=?ISO-8859-1?Q?xxxx?=" <[email protected]>
To: [email protected]
Subject: =?ISO-8859-1?Q?Bike?=
Mime-Version: 1.0
Content-Type: MULTIPART/MIXED;
boundary="--MULTIPART_BOUNDARY00004E2D0000616C"
Date: Fri, 10 Aug 2007 14:06:36 -0700 (PDT)
Message-ID: <[email protected]>
----MULTIPART_BOUNDARY00004E2D0000616C
Content-Type: TEXT/PLAIN;
charset="ISO-8859-1"
Content-Transfer-Encoding: QUOTED-PRINTABLE
----MULTIPART_BOUNDARY00004E2D0000616C
Content-Type: application/octet-stream;
charset="US-ASCII";
----- Message truncated -----After many trial and errors, I figured out that the web gallery mail servers were choking because the filenames my phone gives photos have capital ".JPG" extensions. If I change them to lowercase, the pictures get posted. Unfortunately, I can't rename the files inside the phone and need to transfer them out to my mac via bluetooth before I can rename it. To solve the problem for myself, I created an email address on another hosted website that pipes mail to a script that rewrites the problematic portions before sending it to my web gallery. It's somewhat of a roundabout way of doing it, but it works for now.
Hopefully the web gallery mail servers will be corrected to handle this situation. -
How can I find out this person who has been emailing me every few months. I have one of the emails full header that I retrieved on my iPhone. I omitted my email address for privacy, but mostly it is original. Is this email a scam? I don't know who this person is. Thanks in advance!
Delivered-To: myemailaddress
Received: by 10.194.200.42 with SMTP id jp10csp681530wjc;
Sat, 5 Jul 2014 14:14:16 -0700 (PDT)
X-Received: by 10.50.56.84 with SMTP id y20mr28216830igp.8.1404594856368;
Sat, 05 Jul 2014 14:14:16 -0700 (PDT)
Return-Path: <[email protected]>
Received: from nm33.bullet.mail.ne1.yahoo.com (nm33.bullet.mail.ne1.yahoo.com. [98.138.229.26])
by mx.google.com with ESMTPS id m3si35722810igx.17.2014.07.05.14.14.15
for <myemailaddress>
(version=TLSv1 cipher=RC4-SHA bits=128/128);
Sat, 05 Jul 2014 14:14:16 -0700 (PDT)
Received-SPF: none (google.com: [email protected] does not designate permitted sender hosts) client-ip=98.138.229.26;
Authentication-Results: mx.google.com;
spf=neutral (google.com: [email protected] does not designate permitted sender hosts) [email protected];
dkim=pass (test mode) [email protected]
Received: from [127.0.0.1] by nm33.bullet.mail.ne1.yahoo.com with NNFMP; 05 Jul 2014 21:14:14 -0000
Received: from [98.138.226.180] by nm33.bullet.mail.ne1.yahoo.com with NNFMP; 05 Jul 2014 21:11:31 -0000
Received: from [216.39.60.172] by tm15.bullet.mail.ne1.yahoo.com with NNFMP; 05 Jul 2014 21:11:31 -0000
Received: from [216.39.60.235] by tm8.access.bullet.mail.gq1.yahoo.com with NNFMP; 05 Jul 2014 21:11:31 -0000
Received: from [127.0.0.1] by omp1006.access.mail.gq1.yahoo.com with NNFMP; 05 Jul 2014 21:11:31 -0000
X-Yahoo-Newman-Property: ymail-4
X-Yahoo-Newman-Id: [email protected]
Received: (qmail 10573 invoked by uid 60001); 5 Jul 2014 21:11:30 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bellsouth.net; s=s1024; t=1404594690; bh=8lP9IZEfjYYvkNMfRPgse4H7Tdyw/p0f3ooOSB7OIWQ=; h=References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=cPhLMVvHd7njmUyKFL8pNlQ0EXM+UFVsNWmHYcJMzKp4uWRlYckCEh+YQ+bkGMfCSgyUf5wEagOx6V4yIZ/7exoVJ0o1Njv7B/MbasfBtay6mz78OZH+NpblaoXu4sCVOzWEac1D4V5C4IZkrw+gs6YR8j7r69MTbDiIgkNx+M8=
X-YMail-OSG: YIV3Og8VM1n.PMXdFiukRw_37cXcu7K4JqrkCRRAd4uAIqh
7bDt6_LpjPVNd_7061V2HtSOshQ5IhAM6cHrANh11vcCPels0RxQAo42gFw9
WqvBpNbW47_ShV.gbS7FEh2bp01k38s9DF9rDZE2yfMoZx145AsWCJcHwL_B
OzdCrD.IeJPFFPTfbumbwibDSriFOpkX32K6QCbITIE0eK9XEDBW87UqBh1N
H8dHrTTUp7SCHa6WVIXbcn93Zvk6DdM4gqypxDqeEIsFcRcXWIp_yP_5E2zr
VCeW6CYrGgYukU8H1Xv2kIDdJDa2ohHmPGgme44wJjk6PbhBZ_V_nsTYiOsi
YY0FB5vwVlif7rw7EWozVUVXst_YOjpr1M0QQc.aztb8O_5DgdzSLXLj1bcy
UgTvu9dknKMzu4CfYIYOOag_8iCQS6B9t8750NRn2XEdreWAsIcjvOmuRZ5p
G.1hOcP0e2pKM6ZXkfDcLesDpTyRX2k39kkhaOQLKjQfu15v5vgSkHAdaGR5
vlEqufGG0mUygckQ4whX29pjbiKAwltm9C8Kwv98PCCt4o1k6GEjShLJ7lze
u2HthiVEBWHEWxCluIQ0zoV6euEyjyHcFPMsNalbM.Wf6GyL4w.Eb7L.kxIC
IY4qCJMW8byI5myLQtE6CuqPpVOPuUrXM3sksYCsKO2OJ5sJBJ99DuZ8TbYG
pWDoaGQhSnuokIjgV_9qFYH5JX17XGUvcFTwc3Bt8lUpihXKpnGNjAD2Ix14
tOYJwOGqsgm97ELPLKPN0hUVslr7bWcv81fuWkCwBYFOlwqJWaGY-
Received: from [69.197.222.248] by web181604.mail.ne1.yahoo.com via HTTP; Sat, 05 Jul 2014 14:11:30 PDT
X-Rocket-MIMEInfo: 002.001,CgogCk9uIFNhdHVyZGF5LCBKdWx5IDUsIDIwMTQgMzo0NyBQTSwgRSBMIEpSIEhFUk1BTk4gPGVoZXJtYW5uOTE0OEBiZWxsc291dGgubmV0PiB3cm90ZToKICAKCgpUSEFUIFdBUyBHUkVBVCBJVCBSRUFMTFkgR0lUUyBUSEUgUE9JTlQgQUNST1NTIQrCoApJIHNlbmRpbmcgaXQgdG8gYWxsIG9uIG15IGUtbWFpbCBsaXN0LiBIT1BFIFlPVSBETyBUSEUgU0FNRS4KwqAKQWwgSGVybWFubiAKCgpPbiBXZWRuZXNkYXksIEp1bHkgMiwgMjAxNCAxMDoxNCBBTSwgQm9iYmllIFJhZ3NkYWxlIDxicmFnczI4MDRAYXQBMAEBAQE-
X-Mailer: YahooMailWebService/0.8.191.1
References: <DCB3F2E14C7D47B8AC60CB1A86EE0D75@RaleighHP3> <[email protected]> <[email protected]>
Message-ID: <[email protected]>
Date: Sat, 5 Jul 2014 14:11:30 -0700
From: E L JR HERMANN <[email protected]>
Reply-To: E L JR HERMANN <[email protected]>
Subject: Fw: Volkswagen Ad (FROM AL HERMANN, PLEASE WATCH THIS ONE)
To: undisclosed recipients: ;
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="2017413661-1636348801-1404594690=:35141"
--2017413661-1636348801-1404594690=:35141
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
=0A=0A =0AOn Saturday, July 5, 2014 3:47 PM, E L JR HERMANN <ehermann9148@b=
ellsouth.net> wrote:=0A =0A=0A=0ATHAT WAS GREAT IT REALLY GITS THE POINT A=
CROSS!=0A=A0=0AI sending it to all on my e-mail list. HOPE YOU DO THE SAME.=
=0A=A0=0AAl Hermann =0A=0A=0AOn Wednesday, July 2, 2014 10:14 AM, Bobbie Ra=
gsdale <[email protected]> wrote:=0A =0A=0A=0A=0A=0A=0A =0A=0A =0A=0A=0A =
=0A=0A =0A=0A =A0 =0A=0A =0A=A0 =0A>>>=A0 =0A>>>What a brilliant =
way to communicate how risky it is to use mobile phones while driving! Mor=
e than 1.5 million views in 3 days! =0A>>> =0A>>>https://www.youtube.com/e=
mbed/JHixeIr_6BM?rel=3D0&autoplay=3D1&iv_load_policy=3D3
--2017413661-1636348801-1404594690=:35141
Content-Type: multipart/related; boundary="2017413661-447096318-1404594690=:35141"
--2017413661-447096318-1404594690=:35141
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
<html><body><div style=3D"color:#000; background-color:#fff; font-family:He=
lveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;fo=
nt-size:18pt"><div><span></span></div><div class="3D""qtdSeparateBR"><br><br>=
</div> <div class="3D""yahoo_quoted" style=3D"display: block;"> <div style=
=3D"font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Gr=
ande, sans-serif; font-size: 18pt;"> <div style=3D"font-family: HelveticaNe=
ue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size:=
12pt;"> <div dir=3D"ltr"> <font face=3D"Arial" size=3D"2"> On Saturday, Ju=
ly 5, 2014 3:47 PM, E L JR HERMANN <[email protected]> wrote=
:<br> </font> </div> <br><br> <div class="3D""y_msg_container"><div id=3D"yi=
v2053837142"><div><div style=3D"color: rgb(0, 0, 0); font-family: Helvetica=
Neue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-siz=
e: 18pt; background-color: rgb(255, 255, 255);"><div><span>THAT WAS GREAT I=
T REALLY GITS THE
POINT ACROSS!</span></div><div><span></span> </div><div><span>I sendi=
ng it to all on my e-mail list. HOPE YOU DO THE SAME.</span></div><div><spa=
n></span> </div><div><span>Al Hermann</span></div> <div class="3D""yiv20=
53837142qtdSeparateBR"><br clear=3D"none"><br clear=3D"none"></div><div cla=
ss=3D"yiv2053837142yqt7474766236" id=3D"yiv2053837142yqt52974"><div class=
=3D"yiv2053837142yahoo_quoted" style=3D"display: block;"> <div style=3D"fon=
t-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, s=
ans-serif; font-size: 18pt;"> <div style=3D"font-family: HelveticaNeue, Hel=
vetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 12pt;"=
> <div dir=3D"ltr"> <font face=3D"Arial" size=3D"2"> On Wednesday, July 2, =
2014 10:14 AM, Bobbie Ragsdale <[email protected]> wrote:<br clear=3D=
"none"> </font> </div> <br clear=3D"none"><br clear=3D"none"> <div class=
=3D"yiv2053837142y_msg_container"><div id=3D"yiv2053837142"><div><div style=
=3D"color: rgb(0, 0, 0);
font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grand=
e, sans-serif; font-size: 14pt; background-color: rgb(255, 255, 255);"><div=
><span><br clear=3D"none"></span></div><div class="3D""yiv2053837142qtdSepara=
teBR"><br clear=3D"none"><br clear=3D"none"></div> <div class="3D""yiv205383=
7142yahoo_quoted" style=3D"display: block;"> <div style=3D"font-family: Hel=
veticaNeue,;"> <div style=3D"font-family: HelveticaNeue,;"> <div dir=3D"ltr=
"><font face=3D"Arial" size=3D"2"><br clear=3D"none"> </font> </div> <br c=
lear=3D"none"><br clear=3D"none"> <div class="3D""yiv2053837142y_msg_containe=
r"><div id=3D"yiv2053837142">=0A =0A =0A<style>#yiv2053837142 v\00003a* {=
}=0A#yiv2053837142 o\00003a* {}=0A#yiv2053837142 w\00003a* {}=0A#yiv205=
3837142 .yiv2053837142shape {}=0A</style>=0A=0A<style>#yiv2053837142 #yiv=
2053837142 --=0A =0A filtered {panose-1:2 4 5 3 5 4 6 3 2 4;}=0A#yiv2053=
837142 filtered {font-family:Calibri;panose-1:2 15 5 2 2 2 4 3 2 4;}=0A#y=
iv2053837142 filtered {font-family:Tahoma;panose-1:2 11 6 4 3 5 4 4 2 4;}=
=0A#yiv2053837142 filtered {panose-1:0 0 0 0 0 0 0 0 0 0;}=0A#yiv20538371=
42 =0A p.yiv2053837142MsoNormal, #yiv2053837142 li.yiv2053837142MsoNor=
mal, #yiv2053837142 div.yiv2053837142MsoNormal=0A=09{margin:0in;margin-bo=
ttom:.0001pt;font-size:12.0pt;color:black;}=0A#yiv2053837142 a:link, #yiv=
2053837142 span.yiv2053837142MsoHyperlink=0A=09{color:blue;text-decoratio=
n:underline;}=0A#yiv2053837142 a:visited, #yiv2053837142 span.yiv205383=
7142MsoHyperlinkFollowed=0A=09{color:purple;text-decoration:underline;}=0A#=
yiv2053837142 p=0A=09{margin-right:0in;margin-left:0in;font-size:12.0pt;c=
olor:black;}=0A#yiv2053837142 p.yiv2053837142MsoAcetate, #yiv2053837142 =
li.yiv2053837142MsoAcetate, #yiv2053837142 div.yiv2053837142MsoAcetate=
=0A=09{margin:0in;margin-bottom:.0001pt;font-size:8.0pt;color:black;}=0A#yi=
v2053837142 span.yiv2053837142BalloonTextChar=0A=09{}=0A#yiv2053837142 =
p.yiv2053837142ecxmsonormal, #yiv2053837142 li.yiv2053837142ecxmsonormal,=
#yiv2053837142 div.yiv2053837142ecxmsonormal=0A=09{margin-right:0in;marg=
in-left:0in;font-size:12.0pt;color:black;}=0A#yiv2053837142 p.yiv20538371=
42ecxmsoacetate, #yiv2053837142 li.yiv2053837142ecxmsoacetate, #yiv205383=
7142 div.yiv2053837142ecxmsoacetate=0A=09{margin-right:0in;margin-left:0i=
n;font-size:12.0pt;color:black;}=0A#yiv2053837142 p.yiv2053837142ecxmsoch=
pdefault, #yiv2053837142 li.yiv2053837142ecxmsochpdefault, #yiv2053837142=
div.yiv2053837142ecxmsochpdefault=0A=09{margin-right:0in;margin-left:0in=
;font-size:12.0pt;color:black;}=0A#yiv2053837142 p.yiv2053837142ecxmsonor=
mal1, #yiv2053837142 li.yiv2053837142ecxmsonormal1, #yiv2053837142 div.=
yiv2053837142ecxmsonormal1=0A=09{margin-right:0in;margin-left:0in;font-size=
:12.0pt;color:black;}=0A#yiv2053837142 p.yiv2053837142ecxmsoacetate1, #yi=
v2053837142 li.yiv2053837142ecxmsoacetate1, #yiv2053837142 div.yiv20538=
37142ecxmsoacetate1=0A=09{margin-right:0in;margin-left:0in;font-size:8.0pt;=
color:black;}=0A#yiv2053837142 p.yiv2053837142ecxmsochpdefault1, #yiv2053=
837142 li.yiv2053837142ecxmsochpdefault1, #yiv2053837142 div.yiv2053837=
142ecxmsochpdefault1=0A=09{margin-right:0in;margin-left:0in;font-size:10.0p=
t;color:black;}=0A#yiv2053837142 span.yiv2053837142ecxmsohyperlink=0A=09{=
}=0A#yiv2053837142 span.yiv2053837142ecxmsohyperlinkfollowed=0A=09{}=0A#y=
iv2053837142 span.yiv2053837142ecxballoontextchar=0A=09{}=0A#yiv205383714=
2 span.yiv2053837142ecxemailstyle21=0A=09{}=0A#yiv2053837142 span.yiv20=
53837142ecxemailstyle22=0A=09{}=0A#yiv2053837142 span.yiv2053837142ecxema=
ilstyle23=0A=09{}=0A#yiv2053837142 span.yiv2053837142ecxmsohyperlink1=0A=
=09{color:blue;text-decoration:underline;}=0A#yiv2053837142 span.yiv20538=
37142ecxmsohyperlinkfollowed1=0A=09{color:purple;text-decoration:underline;=
}=0A#yiv2053837142 span.yiv2053837142ecxballoontextchar1=0A=09{}=0A#yiv20=
53837142 span.yiv2053837142ecxemailstyle211=0A=09{color:#1F497D;}=0A#yiv2=
053837142 span.yiv2053837142ecxemailstyle221=0A=09{color:#1F497D;}=0A#yiv=
2053837142 span.yiv2053837142ecxemailstyle231=0A=09{color:#1F497D;}=0A#yi=
v2053837142 span.yiv2053837142ecxapple-converted-space=0A=09{}=0A#yiv2053=
837142 span.yiv2053837142EmailStyle39=0A=09{color:#1F497D;font-weight:nor=
mal;font-style:normal;}=0A#yiv2053837142 span.yiv2053837142EmailStyle40=
=0A=09{color:#1F497D;}=0A#yiv2053837142 .yiv2053837142MsoChpDefault=0A=09=
{font-size:10.0pt;}=0A#yiv2053837142 filtered {margin:1.0in 1.0in 1.0in 1=
.0in;}=0A#yiv2053837142 div.yiv2053837142WordSection1=0A=09{}=0A#yiv20538=
37142 </style>=0A=0A<div dir=3D"ltr">=0A<div dir=3D"ltr">=0A<div style=3D"c=
olor: rgb(0, 0, 0);">=0A<div>=0A<div style=3D"color: rgb(0, 0, 0); font-fam=
ily: Calibri; font-size: small; font-style: normal; font-weight: normal; te=
xt-decoration: none; display: inline;"><font face=3D"Times New Roman" size=
=3D"4"></font><br clear=3D"none"></div> =0A<div class="3D""yiv2053837142WordS=
ection1">=0A<div>=0A<table class="3D""yiv2053837142MsoNormalTable" style=3D"c=
olor: rgb(0, 0, 0);" border=3D"0" cellspacing=3D"0" cellpadding=3D"0"><tbod=
y><tr><td nowrap=3D"" valign=3D"top" style=3D"padding: 0in;" rowspan=3D"1" =
colspan=3D"1">=0A <div align=3D"right" class="3D""yiv2053837142MsoNormal=
" style=3D"text-align: right;"> </div></td><td style=3D"padding: 0in;"=
rowspan=3D"1" colspan=3D"1">=0A <div class="3D""yiv2053837142MsoNormal"=
><font size=3D"4"></font> </div></td></tr><tr><td nowrap=3D"" valign=
=3D"top" style=3D"padding: 0in;" rowspan=3D"1" colspan=3D"1"><font face=3D"=
Times New Roman" size=3D"4"></font></td><td style=3D"padding: 0in;" rowspan=
=3D"1" colspan=3D"1"><font face=3D"Times New Roman" size=3D"4"></font></td>=
</tr><tr><td nowrap=3D"" valign=3D"top" style=3D"padding: 0in;" rowspan=3D"=
1" colspan=3D"1"></td><td style=3D"padding: 0in;" rowspan=3D"1" colspan=3D"=
1"><font face=3D"Times New Roman" size=3D"4"></font></td></tr><tr><td nowra=
p=3D"" valign=3D"top" style=3D"padding: 0in;" rowspan=3D"1" colspan=3D"1"><=
/td><td style=3D"padding: 0in;" rowspan=3D"1" colspan=3D"1"></td></tr><tr><=
td nowrap=3D"" valign=3D"top" style=3D"padding: 0in;" rowspan=3D"1" colspan=
=3D"1"></td><td style=3D"padding: 0in;" rowspan=3D"1" colspan=3D"1"><font f=
ace=3D"Times New Roman" size=3D"4"></font></td></tr></tbody></table>=0A<div=
class=3D"yiv2053837142MsoNormal"><font size=3D"4"></font><font size=3D"4">=
</font><font size=3D"4"></font><font size=3D"4"></font><font size=3D"4"></f=
ont><br clear=3D"none"><br clear=3D"none"></div> =0A<div>=0A<div>=0A<div>=
=0A<blockquote style=3D"margin-top: 5pt; margin-bottom: 5pt;">=0A <blockqu=
ote style=3D"margin-top: 5pt; margin-bottom: 5pt;">=0A <blockquote style=
=3D"margin-top: 5pt; margin-bottom: 5pt;">=0A <div>=0A <div>=0A =
<table width=3D"100%" class="3D""yiv2053837142MsoNormalTable" style=3D"wi=
dth: 100%; color: rgb(0, 0, 0);" border=3D"0" cellspacing=3D"0" cellpadding=
=3D"0"><tbody><tr><td width=3D"100%" style=3D"padding: 1.5pt; width: 100%;"=
rowspan=3D"1" colspan=3D"1">=0A <div>=0A <div class=
=3D"yiv2053837142MsoNormal"> </div></div>=0A <div>=0A =
<table width=3D"100%" class="3D""yiv2053837142MsoNormalTable" style=3D=
"width: 100%; color: rgb(0, 0, 0);" border=3D"0" cellspacing=3D"0" cellpadd=
ing=3D"0"><tbody><tr><td width=3D"100%" style=3D"padding: 1.5pt; width: 100=
%;" rowspan=3D"1" colspan=3D"1">=0A <div>=0A =
<div>=0A <div class="3D""yiv2053837142MsoNormal"> =
</div></div>=0A <div>=0A <div class="3D""yi=
v2053837142MsoNormal"><span style=3D"font-size: 18pt;">What a brilliant way=
to communicate =0A how risky it is to use mobile phones w=
hile driving! More than =0A 1.5 million views in 3 days!</=
span></div></div></div> =0A <div>=0A <div=
>=0A <div>=0A <div class="3D""yiv2053837142=
MsoNormal"><span style=3D"font-size: 18pt;"><img width=3D"119" height=3D"61=
" id=3D"yiv2053837142ecx0FC17514-10D6-4769-AAAF-4EC172FC576B" src=3D"cid:1.=
[email protected]"></span></div></div> =0A =
<div>=0A <div class="3D""yiv2053837142MsoNormal"><spa=
n style=3D"font-size: 18pt;"><a href=3D"https://www.youtube.com/embed/JHixe=
Ir_6BM?rel=3D0&autoplay=3D1&iv_load_policy=3D3" target=3D"_blank" r=
el=3D"nofollow" shape=3D"rect"><span style=3D"color: purple;">https://www.y=
outube.com/embed/JHixeIr_6BM?rel=3D0&autoplay=3D1&iv_load_policy=3D=
3</span></a></span></div></div></div></div></td></tr></tbody></table></div>=
</td></tr></tbody></table></div></div></blockquote></blockquote></blockquot=
e></div></div> =0A<div class="3D""yiv2053837142MsoNormal"><span style=3D"font=
-family: serif;"><br clear=3D"none"><br clear=3D"none"><br clear=3D"none"><=
br clear=3D"none"></span></div></div> =0A<div class="3D""yiv2053837142MsoNorm=
al"> </div></div>=0A<div class="3D""yiv2053837142MsoNormal"> </di=
v></div></div></div></div></div></div><br clear=3D"none"><br clear=3D"none"=
></div> </div> </div> </div> </div></div></div><br clear=3D"none"><br cle=
ar=3D"none"></div> </div> </div> </div></div> </div></div></div><br><br><=
/div> </div> </div> </div> </div></body></html>
--2017413661-447096318-1404594690=:35141
Content-Type: image/gif; name="ATT00001.gif"
Content-Transfer-Encoding: base64
Content-Id: <[email protected]>
R0lGODlhdwA9ANU8AAEBATMAADQ0NEESEmYAAGgDNmYzM0ZGRlhXV3JDQ31RUXVHdVdXgZkAAJkA
M5kzM4FXV8wAAMwAM8wzAMwzM/8AAP8AM/8zAP8zM8wzZv8zZsxmM/9mM8xmZv9mZoxmjMxmmf9m
mcyZZv+ZZoaGhpCPj5iXl7uZmaOioqbDw7HKysyZmcKkpP+ZmcyZzP+ZzMzMmf/MmcvLy9HQ0NXU
6dTo09zs7P/MzP/M////zODu7v38/P79/QAAAAAAAP79/SH/C05FVFNDQVBFMi4wAwEAAAAh+QQJ
MgA8ACwAAAAAdwA9AAAG/kCecEgk7orCI1JZZCKf0Kh0Sq1ar9isdsud6mQynrNLLpu5MkMiMdOd
3/D4U+CIUAiQ0s69fI6TfnKCWjMKDRUVEQ0FBid8g5CRUTomBBgRl5cSeCQ6f5KgcjYGh5eIlxER
DwQmYaGvcEckD5i1mbUUDQoKM0yfv4GwkDSGFhEWFaYRiYiJDQQKMo/C1FY7MwQUtrXGGhS3ig8H
bWLV5pOky8nqFRIhN/AtGM2pnJ7n+ESz27ctMjEb/MXg12AVizBjgPVZmE/KjhKHaiXq9iLGhHY3
YmDw0IICImOKFLD51DCSjGz8MGW40SETBQ8SMnLYluiOiRPlSoI6QABT/jNTFTzcmCkhVYR3IyoY
SzYPkaICbKbplLNDxoAHDW65vLECgwQPdlzc+IZJwgt5x5zegdDpiFRADI1MLaKDBAQCDdKa6gAP
RwwPK0dMMIoUkwYN84w+MEBixtxBNmYkwJrKZYwVI8zCmKkNw4ocFFrcyAGPbE08Cu49jvOFRDpU
duzc+LHB6MoW72JwENriAlBnjKWt1gLsy668WWu1WMEV5osbHlxYTPRi88oJ4AqOc+MrWBPvOme4
dpDXKAW+I0R3xDHCPAYKFWdimO80gr0fw994IlGpQfJUgI3lgQwjNKBNKiEQOEEIzG2gVUEBsOAY
SfllUVUC6Rj13gQx/sVAwUsRSLDCDy08B11TPoGkS2MUVpjTd3TxRwBWndmx0ojQZfDDbDK0sI0G
IMi3jCqsTAjeEArBmE9VC9yV14GhieBBaDeMQAF7g11iQQg/cJAIiiFF5WIZR8xQQgE0ahiBBtKF
dUNsXuHQgnwd+KilHay0NSYZe9iFV3nadEDBBA78c6A7GV10ZQsaZECfYoy9VWGScgkxg2SrFHWJ
NhSAAJo2bP4gA0v+jKBjj2RtiocJqr1YqZKvTlVXfw0UpU0GgoaYAXseMEdiBs+ldwNa9DQQXIt7
UlHVAQpkkxynZulmBwi0Jdjeex2F0FIt4Rwgwxg6mJmsFeKRAmiI/h6AJVsLHVA7LAXdzHYimNBI
o8QOAgCAgKTVUIrkE56U4GRyNTXQgZw6irDcDy11wLA/oN1SQUEGyOBYCgL0EMC+/sIFaz42uJah
MR+2kAG1GxjYwQYr3XCJUElNCeaKCPRQBwEC8DvuErPOaCAufK3QEYI8euCwlC78sAJYWkJYACbP
HIDszkbI0CRe3GawHEsZiDXCaBlhAMKwMcDDAYoHrkOAt1Of0/GLZVaSpgQGdwAYbZ3msAEFMcHw
sgjXpoTBMzm//XZDVfnpX1GpaH0JtTONTaLExwwJ1CU4u0I1FuWuUllsFCScAXN8/SM4QWu3vbkR
dTkZWyoUrNDu/g8i2NFBrspcrg7mB9Sg+lSG8xDuAavksmkEA3LVwc9anT44zq3G+u/qwsvgmn9G
2cEcqkVpOqQxyOiOMw3Ub2HcwKiEtm3z7NsS9e/lF1Eu1uapecru+N+/tg3wlxQ86yb4AAHIU6P2
GRBq0Dtc/KpmgAwpYynrmIg6wKc2AdRggVzoE60OyMH3YbALy8KL7u5Hwgiq7QA2+KDHXtUdHswA
ALTgoPOiFr3pqRBgKAiAXpqBjPANiRkRrBzOUnjDK8xAAAFYBY1qJbh1sM+DRayCDgRAxYwhMQBY
DAABtIiXP2GPWyfs36SOlIRwVSVcMzCBCkxgggOUgIoBQGLGQAwQADoSAC8B6AEC9hDFMuDHE4D8
gnjEw0YGHAACCEAACvooie6UiY+MjKT/yOgqG0pPkpjMpCY3OZf/fewJQQAAIfkEBTIAPAAsAAAA
AHcAPQAABv5AnnBILBqPyKRyyWw6n9CodEqtWq/YrHZb3B29RnCXSy6bz2itTibjidPwuFFmSCRm
OrleL3BEKAQQJTt5YV+HhntyMwoNFRURDQUGJ4WKl1g6JgQYEZ2dEoEkOm+Ypk82Bo6dj50REQ8E
Jm2ntUteJA+eu5+7FA0KCjNipULFboi2VzSNFhEWFawRkI+QDQQKMpbKtjszBBS8u84aFL2RDwd4
yNymOqrT0fEVEiE39y0Y1a+ipO2YucT1aiEjxgaCMQQ2iMWiTaljEJP9I7KjhKNdkMi9iDGB3o0Y
GDy0oPDIWSQFd45N5CIDnEBPGW50+ETBg4SPHMRBAmTiBP67lWQOEPBUjVUFDzdySngVwd6ICs6i
6XsUqcCdbUCx7JAx4EGDXjRvrMAgwcMfFzfMeZLwIt8zqoAgjPKC1ZjEISpt6SABgUCDt6w63MMR
w0PMEROYOvWkQYM+pg8MkJiRdYuNGQm8vqIZY8UItjByhsOwIgeFFjdy3FO7M5ACf5UzySABz9Wf
Pzd+bGAas4W9GByQtrhg1JpkbbGdRFwT7O/XXS1WiLX54oYHFxwhvQgdc8K5heryELtrN1G7GbQd
/GVKQfAI1CNxjGCPgcLGnBjyU43Q70dyK6SQsEkDz71iWFoeyDBCA+If you don't know the sender, then it is most likely a scam or spam email. I get them every day - I just delete them. I also get daily notices from Facebook or someone called Adriana at Facebook even though i do not have an account there. Can't do anything about it - just delete it.
-
Client authentication not working
Hi all,
I am using Apache's HTTPClient to connect with a server running https. The server is the latest stable Tomcat (version 4.1.27). If I set clientAuth="false" in the Tomcat configuration, everything is working fine. I am able to comunicate with the server, since the server's certificate is in the trusted store. If I want to authenticate myself (by setting clientAuth="true") it doesn't work. It seems that the application I have written doesn't send the client's certificate.
Here's the code:
HttpClient httpclient = new HttpClient();
Protocol myhttps =
new Protocol(
"https",
new StrictSSLProtocolSocketFactory(false),
8443);
httpclient.getHostConfiguration().setHost("rigel", 8443, myhttps);
GetMethod httpget = new GetMethod("/");
httpclient.executeMethod(httpget);
If I turn on all sorts of debugging this is what I get:
2003/10/08 14:54:26:898 CEST [DEBUG] HttpClient - -Java version: 1.4.0_02
2003/10/08 14:54:26:898 CEST [DEBUG] HttpClient - -Java vendor: Sun Microsystems Inc.
2003/10/08 14:54:26:898 CEST [DEBUG] HttpClient - -Java class path: f:\myhome\projects\NextiraOne\class;f:\myhome\projects\NextiraOne\lib\commons-httpclient-2.0-rc1.jar;f:\myhome\projects\NextiraOne\lib\log4j-1.2.6.jar;f:\myhome\projects\NextiraOne\lib\commons-logging.jar;f:\myhome\projects\NextiraOne\lib\commons-logging-api.jar;f:\myhome\projects\NextiraOne\lib\com.ibm.mq.jar;f:\myhome\projects\NextiraOne\lib\xmlparserv2new.jar;f:\myhome\projects\NextiraOne\lib\connector.jar
2003/10/08 14:54:26:898 CEST [DEBUG] HttpClient - -Operating system name: Windows 2000
2003/10/08 14:54:26:898 CEST [DEBUG] HttpClient - -Operating system architecture: x86
2003/10/08 14:54:26:898 CEST [DEBUG] HttpClient - -Operating system version: 5.0
2003/10/08 14:54:27:078 CEST [DEBUG] HttpClient - -SUN 1.2: SUN (DSA key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom; X.509 certificates; JKS keystore; PKIX CertPathValidator; PKIX CertPathBuilder; LDAP, Collection CertStores)
2003/10/08 14:54:27:078 CEST [DEBUG] HttpClient - -SunJSSE 1.4002: Sun JSSE provider(implements RSA Signatures, PKCS12, SunX509 key/trust factories, SSLv3, TLSv1)
2003/10/08 14:54:27:078 CEST [DEBUG] HttpClient - -SunRsaSign 1.0: SUN's provider for RSA signatures
2003/10/08 14:54:27:078 CEST [DEBUG] HttpClient - -SunJCE 1.4: SunJCE Provider (implements DES, Triple DES, Blowfish, PBE, Diffie-Hellman, HMAC-MD5, HMAC-SHA1)
2003/10/08 14:54:27:088 CEST [DEBUG] HttpClient - -SunJGSS 1.0: Sun (Kerberos v5)
2003/10/08 14:54:27:188 CEST [DEBUG] HttpConnection - -HttpConnection.setSoTimeout(0)
keyStore is :
keyStore type is : jks
init keystore
init keymanager of type SunX509
trustStore is: f:\client.keystore
trustStore type is : jks
init truststore
adding private entry as trusted cert: [
Version: V1
Subject: CN=rigel, OU=ECS, O=DC, L=MER, ST=OVL, C=BE
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@8fd984
Validity: [From: Wed Oct 08 13:48:24 CEST 2003,
To: Tue Jan 06 12:48:24 CET 2004]
Issuer: CN=rigel, OU=ECS, O=DC, L=MER, ST=OVL, C=BE
SerialNumber: [ 3f83f988 ]
Algorithm: [MD5withRSA]
Signature:
0000: 04 24 63 44 43 26 CA 79 BC 0B 96 2D 27 1A 40 DA .$cDC&.y...-'.@.
0010: E0 92 FE D6 57 F8 4C C4 C6 97 F7 13 24 4B 30 F9 ....W.L.....$K0.
0020: E7 C3 06 2B A3 67 FD 70 E1 A5 8E E7 16 3D 59 16 ...+.g.p.....=Y.
0030: DB 7B 73 AC 30 B1 43 C1 F2 96 DD 8F 52 0E 61 1F ..s.0.C.....R.a.
0040: 0E 23 0F 88 8E 1A 6F 24 54 B9 87 4C 2C A1 97 78 .#....o$T..L,..x
0050: FD 80 6A A1 F8 65 C3 CE 39 F4 AA A6 6C 3C 7A 98 ..j..e..9...l<z.
0060: 86 4E 5B 6A 2D 7F BC 89 E8 36 29 54 22 0A 3F C7 .N[j-....6)T".?.
0070: B3 83 4E 47 36 F1 C9 09 25 E7 9C D6 11 10 3B 3C ..NG6...%.....;<
adding as trusted cert: [
Version: V1
Subject: CN=rigel, OU=ECS, O=DC, L=MER, ST=OVL, C=BE
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@f99ff5
Validity: [From: Wed Oct 08 11:56:42 CEST 2003,
To: Tue Jan 06 10:56:42 CET 2004]
Issuer: CN=rigel, OU=ECS, O=DC, L=MER, ST=OVL, C=BE
SerialNumber: [ 3f83df5a ]
Algorithm: [MD5withRSA]
Signature:
0000: E0 21 80 C9 4C 8C BC FC 48 B3 36 6A 0B E1 C1 94 .!..L...H.6j....
0010: 79 E1 E7 6B 27 B0 71 7D CF 17 A6 B9 E6 71 D6 85 y..k'.q......q..
0020: 6F 9F EB 66 73 4B CB A2 C1 A2 7F F3 38 A1 A7 8B o..fsK......8...
0030: 92 F0 82 1F 4A A4 E9 F5 8C 64 0B 7E 86 61 C0 D5 ....J....d...a..
0040: 74 60 7D D3 B0 11 3F 77 B9 D8 EC 7D 17 22 D8 7C t`....?w....."..
0050: 77 42 CB C1 24 CC 26 5E CF 8A 20 7D 77 44 D4 29 wB..$.&^.. .wD.)
0060: DF 59 D1 17 CE D2 51 59 BC 53 35 B0 EB CE 51 CE .Y....QY.S5...Q.
0070: 79 F7 D2 53 CE FD 2F 9A FD 1A A8 E3 3C 58 AF EB y..S../.....<X..
init context
trigger seeding of SecureRandom
done seeding SecureRandom
2003/10/08 14:54:32:456 CEST [DEBUG] HttpMethodBase - -Execute loop try 1
2003/10/08 14:54:32:466 CEST [DEBUG] wire - ->> "GET / HTTP/1.1[\r][\n]"
2003/10/08 14:54:32:466 CEST [DEBUG] HttpMethodBase - -Adding Host request header
2003/10/08 14:54:32:476 CEST [DEBUG] wire - ->> "User-Agent: Jakarta Commons-HttpClient/2.0rc1[\r][\n]"
2003/10/08 14:54:32:476 CEST [DEBUG] wire - ->> "Host: rigel[\r][\n]"
%% No cached client session
*** ClientHello, v3.1
RandomCookie: GMT: 1048840456 bytes = { 43, 4, 244, 103, 54, 110, 99, 128, 162, 132, 22, 2, 197, 112, 91, 105, 4, 133, 249, 114, 142, 122, 44, 203, 156, 188, 132, 100 }
Session ID: {}
Cipher Suites: { 0, 5, 0, 4, 0, 9, 0, 10, 0, 18, 0, 19, 0, 3, 0, 17 }
Compression Methods: { 0 }
[write] MD5 and SHA1 hashes: len = 59
0000: 01 00 00 37 03 01 3F 84 09 08 2B 04 F4 67 36 6E ...7..?...+..g6n
0010: 63 80 A2 84 16 02 C5 70 5B 69 04 85 F9 72 8E 7A c......p[i...r.z
0020: 2C CB 9C BC 84 64 00 00 10 00 05 00 04 00 09 00 ,....d..........
0030: 0A 00 12 00 13 00 03 00 11 01 00 ...........
main, WRITE: SSL v3.1 Handshake, length = 59
[write] MD5 and SHA1 hashes: len = 77
0000: 01 03 01 00 24 00 00 00 20 00 00 05 00 00 04 01 ....$... .......
0010: 00 80 00 00 09 06 00 40 00 00 0A 07 00 C0 00 00 .......@........
0020: 12 00 00 13 00 00 03 02 00 80 00 00 11 3F 84 09 .............?..
0030: 08 2B 04 F4 67 36 6E 63 80 A2 84 16 02 C5 70 5B .+..g6nc......p[
0040: 69 04 85 F9 72 8E 7A 2C CB 9C BC 84 64 i...r.z,....d
main, WRITE: SSL v2, contentType = 22, translated length = 16310
main, READ: SSL v3.1 Handshake, length = 2275
*** ServerHello, v3.1
RandomCookie: GMT: 1048840456 bytes = { 2, 207, 237, 54, 101, 119, 116, 33, 59, 54, 56, 111, 170, 110, 92, 129, 178, 67, 124, 46, 187, 153, 247, 27, 216, 197, 21, 232 }
Session ID: {63, 132, 9, 8, 85, 66, 130, 20, 34, 100, 122, 131, 137, 133, 143, 214, 43, 232, 151, 61, 12, 216, 23, 84, 58, 241, 194, 116, 67, 44, 43, 44}
Cipher Suite: { 0, 5 }
Compression Method: 0
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_SHA]
** SSL_RSA_WITH_RC4_128_SHA
[read] MD5 and SHA1 hashes: len = 74
0000: 02 00 00 46 03 01 3F 84 09 08 02 CF ED 36 65 77 ...F..?......6ew
0010: 74 21 3B 36 38 6F AA 6E 5C 81 B2 43 7C 2E BB 99 t!;68o.n\..C....
0020: F7 1B D8 C5 15 E8 20 3F 84 09 08 55 42 82 14 22 ...... ?...UB.."
0030: 64 7A 83 89 85 8F D6 2B E8 97 3D 0C D8 17 54 3A dz.....+..=...T:
0040: F1 C2 74 43 2C 2B 2C 00 05 00 ..tC,+,...
*** Certificate chain
chain [0] = [
Version: V1
Subject: CN=rigel, OU=ECS, O=DC, L=MER, ST=OVL, C=BE
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@b2a2d8
Validity: [From: Wed Oct 08 11:56:42 CEST 2003,
To: Tue Jan 06 10:56:42 CET 2004]
Issuer: CN=rigel, OU=ECS, O=DC, L=MER, ST=OVL, C=BE
SerialNumber: [ 3f83df5a ]
Algorithm: [MD5withRSA]
Signature:
0000: E0 21 80 C9 4C 8C BC FC 48 B3 36 6A 0B E1 C1 94 .!..L...H.6j....
0010: 79 E1 E7 6B 27 B0 71 7D CF 17 A6 B9 E6 71 D6 85 y..k'.q......q..
0020: 6F 9F EB 66 73 4B CB A2 C1 A2 7F F3 38 A1 A7 8B o..fsK......8...
0030: 92 F0 82 1F 4A A4 E9 F5 8C 64 0B 7E 86 61 C0 D5 ....J....d...a..
0040: 74 60 7D D3 B0 11 3F 77 B9 D8 EC 7D 17 22 D8 7C t`....?w....."..
0050: 77 42 CB C1 24 CC 26 5E CF 8A 20 7D 77 44 D4 29 wB..$.&^.. .wD.)
0060: DF 59 D1 17 CE D2 51 59 BC 53 35 B0 EB CE 51 CE .Y....QY.S5...Q.
0070: 79 F7 D2 53 CE FD 2F 9A FD 1A A8 E3 3C 58 AF EB y..S../.....<X..
stop on trusted cert: [
Version: V1
Subject: CN=rigel, OU=ECS, O=DC, L=MER, ST=OVL, C=BE
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@b2a2d8
Validity: [From: Wed Oct 08 11:56:42 CEST 2003,
To: Tue Jan 06 10:56:42 CET 2004]
Issuer: CN=rigel, OU=ECS, O=DC, L=MER, ST=OVL, C=BE
SerialNumber: [ 3f83df5a ]
Algorithm: [MD5withRSA]
Signature:
0000: E0 21 80 C9 4C 8C BC FC 48 B3 36 6A 0B E1 C1 94 .!..L...H.6j....
0010: 79 E1 E7 6B 27 B0 71 7D CF 17 A6 B9 E6 71 D6 85 y..k'.q......q..
0020: 6F 9F EB 66 73 4B CB A2 C1 A2 7F F3 38 A1 A7 8B o..fsK......8...
0030: 92 F0 82 1F 4A A4 E9 F5 8C 64 0B 7E 86 61 C0 D5 ....J....d...a..
0040: 74 60 7D D3 B0 11 3F 77 B9 D8 EC 7D 17 22 D8 7C t`....?w....."..
0050: 77 42 CB C1 24 CC 26 5E CF 8A 20 7D 77 44 D4 29 wB..$.&^.. .wD.)
0060: DF 59 D1 17 CE D2 51 59 BC 53 35 B0 EB CE 51 CE .Y....QY.S5...Q.
0070: 79 F7 D2 53 CE FD 2F 9A FD 1A A8 E3 3C 58 AF EB y..S../.....<X..
[read] MD5 and SHA1 hashes: len = 552
0000: 0B 00 02 24 00 02 21 00 02 1E 30 82 02 1A 30 82 ...$..!...0...0.
0010: 01 83 02 04 3F 83 DF 5A 30 0D 06 09 2A 86 48 86 ....?..Z0...*.H.
0020: F7 0D 01 01 04 05 00 30 54 31 0B 30 09 06 03 55 .......0T1.0...U
0030: 04 06 13 02 42 45 31 0C 30 0A 06 03 55 04 08 13 ....BE1.0...U...
0040: 03 4F 56 4C 31 0C 30 0A 06 03 55 04 07 13 03 4D .OVL1.0...U....M
0050: 45 52 31 0B 30 09 06 03 55 04 0A 13 02 44 43 31 ER1.0...U....DC1
0060: 0C 30 0A 06 03 55 04 0B 13 03 45 43 53 31 0E 30 .0...U....ECS1.0
0070: 0C 06 03 55 04 03 13 05 72 69 67 65 6C 30 1E 17 ...U....rigel0..
0080: 0D 30 33 31 30 30 38 30 39 35 36 34 32 5A 17 0D .031008095642Z..
0090: 30 34 30 31 30 36 30 39 35 36 34 32 5A 30 54 31 040106095642Z0T1
00A0: 0B 30 09 06 03 55 04 06 13 02 42 45 31 0C 30 0A .0...U....BE1.0.
00B0: 06 03 55 04 08 13 03 4F 56 4C 31 0C 30 0A 06 03 ..U....OVL1.0...
00C0: 55 04 07 13 03 4D 45 52 31 0B 30 09 06 03 55 04 U....MER1.0...U.
00D0: 0A 13 02 44 43 31 0C 30 0A 06 03 55 04 0B 13 03 ...DC1.0...U....
00E0: 45 43 53 31 0E 30 0C 06 03 55 04 03 13 05 72 69 ECS1.0...U....ri
00F0: 67 65 6C 30 81 9F 30 0D 06 09 2A 86 48 86 F7 0D gel0..0...*.H...
0100: 01 01 01 05 00 03 81 8D 00 30 81 89 02 81 81 00 .........0......
0110: F0 8B 5A 91 87 97 AB 55 2A 6A AA 96 1F CF 77 D7 ..Z....U*j....w.
0120: 73 C2 23 4D 78 51 CF 6E 3F 10 46 C5 DA D7 9D 75 s.#MxQ.n?.F....u
0130: 77 3A 94 4A 07 5B D6 38 82 18 AE 71 6A 76 F9 6F w:.J.[.8...qjv.o
0140: 58 19 9D 2F 97 EE 4E 38 0E 3F E1 B2 5D 2D C1 1A X../..N8.?..]-..
0150: 0E F2 08 B2 D6 FF 0A 5E FC BD 57 73 C1 F0 09 C3 .......^..Ws....
0160: 8E E4 20 C2 CC 96 E3 DE 24 2C 76 DD 9C BA F3 D2 .. .....$,v.....
0170: 14 FC 94 86 C6 A3 6D 90 02 6B 5C 6E C7 94 0A 44 ......m..k\n...D
0180: A2 64 F6 A2 31 16 1E AC 97 36 17 84 7E 60 EC 2B .d..1....6...`.+
0190: 02 03 01 00 01 30 0D 06 09 2A 86 48 86 F7 0D 01 .....0...*.H....
01A0: 01 04 05 00 03 81 81 00 E0 21 80 C9 4C 8C BC FC .........!..L...
01B0: 48 B3 36 6A 0B E1 C1 94 79 E1 E7 6B 27 B0 71 7D H.6j....y..k'.q.
01C0: CF 17 A6 B9 E6 71 D6 85 6F 9F EB 66 73 4B CB A2 .....q..o..fsK..
01D0: C1 A2 7F F3 38 A1 A7 8B 92 F0 82 1F 4A A4 E9 F5 ....8.......J...
01E0: 8C 64 0B 7E 86 61 C0 D5 74 60 7D D3 B0 11 3F 77 .d...a..t`....?w
01F0: B9 D8 EC 7D 17 22 D8 7C 77 42 CB C1 24 CC 26 5E ....."..wB..$.&^
0200: CF 8A 20 7D 77 44 D4 29 DF 59 D1 17 CE D2 51 59 .. .wD.).Y....QY
0210: BC 53 35 B0 EB CE 51 CE 79 F7 D2 53 CE FD 2F 9A .S5...Q.y..S../.
0220: FD 1A A8 E3 3C 58 AF EB ....<X..
*** CertificateRequest
Cert Types: DSS, RSA,
Cert Authorities:
<OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US>
<[email protected], CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA>
<[email protected], CN=Thawte Personal Basic CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA>
<OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US>
<OU=Class 4 Public Primary Certification Authority, O="VeriSign, Inc.", C=US>
<OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US>
<[email protected], CN=Thawte Personal Premium CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA>
<[email protected], CN=Thawte Personal Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA>
<CN=kws, OU=Delaware, O=Delaware, L=BE, ST=BE, C=BE>
<OU=Class 2 Public Primary Certification Authority, O="VeriSign, Inc.", C=US>
<[email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA>
[read] MD5 and SHA1 hashes: len = 1645
0000: 0D 00 06 69 02 02 01 06 64 00 61 30 5F 31 0B 30 ...i....d.a0_1.0
0010: 09 06 03 55 04 06 13 02 55 53 31 17 30 15 06 03 ...U....US1.0...
0020: 55 04 0A 13 0E 56 65 72 69 53 69 67 6E 2C 20 49 U....VeriSign, I
0030: 6E 63 2E 31 37 30 35 06 03 55 04 0B 13 2E 43 6C nc.1705..U....Cl
0040: 61 73 73 20 33 20 50 75 62 6C 69 63 20 50 72 69 ass 3 Public Pri
0050: 6D 61 72 79 20 43 65 72 74 69 66 69 63 61 74 69 mary Certificati
0060: 6F 6E 20 41 75 74 68 6F 72 69 74 79 00 D1 30 81 on Authority..0.
0070: CE 31 0B 30 09 06 03 55 04 06 13 02 5A 41 31 15 .1.0...U....ZA1.
0080: 30 13 06 03 55 04 08 13 0C 57 65 73 74 65 72 6E 0...U....Western
0090: 20 43 61 70 65 31 12 30 10 06 03 55 04 07 13 09 Cape1.0...U....
00A0: 43 61 70 65 20 54 6F 77 6E 31 1D 30 1B 06 03 55 Cape Town1.0...U
00B0: 04 0A 13 14 54 68 61 77 74 65 20 43 6F 6E 73 75 ....Thawte Consu
00C0: 6C 74 69 6E 67 20 63 63 31 28 30 26 06 03 55 04 lting cc1(0&..U.
00D0: 0B 13 1F 43 65 72 74 69 66 69 63 61 74 69 6F 6E ...Certification
00E0: 20 53 65 72 76 69 63 65 73 20 44 69 76 69 73 69 Services Divisi
00F0: 6F 6E 31 21 30 1F 06 03 55 04 03 13 18 54 68 61 on1!0...U....Tha
0100: 77 74 65 20 50 72 65 6D 69 75 6D 20 53 65 72 76 wte Premium Serv
0110: 65 72 20 43 41 31 28 30 26 06 09 2A 86 48 86 F7 er CA1(0&..*.H..
0120: 0D 01 09 01 16 19 70 72 65 6D 69 75 6D 2D 73 65 ......premium-se
0130: 72 76 65 72 40 74 68 61 77 74 65 2E 63 6F 6D 00 [email protected].
0140: CE 30 81 CB 31 0B 30 09 06 03 55 04 06 13 02 5A .0..1.0...U....Z
0150: 41 31 15 30 13 06 03 55 04 08 13 0C 57 65 73 74 A1.0...U....West
0160: 65 72 6E 20 43 61 70 65 31 12 30 10 06 03 55 04 ern Cape1.0...U.
0170: 07 13 09 43 61 70 65 20 54 6F 77 6E 31 1A 30 18 ...Cape Town1.0.
0180: 06 03 55 04 0A 13 11 54 68 61 77 74 65 20 43 6F ..U....Thawte Co
0190: 6E 73 75 6C 74 69 6E 67 31 28 30 26 06 03 55 04 nsulting1(0&..U.
01A0: 0B 13 1F 43 65 72 74 69 66 69 63 61 74 69 6F 6E ...Certification
01B0: 20 53 65 72 76 69 63 65 73 20 44 69 76 69 73 69 Services Divisi
01C0: 6F 6E 31 21 30 1F 06 03 55 04 03 13 18 54 68 61 on1!0...U....Tha
01D0: 77 74 65 20 50 65 72 73 6F 6E 61 6C 20 42 61 73 wte Personal Bas
01E0: 69 63 20 43 41 31 28 30 26 06 09 2A 86 48 86 F7 ic CA1(0&..*.H..
01F0: 0D 01 09 01 16 19 70 65 72 73 6F 6E 61 6C 2D 62 ......personal-b
0200: 61 73 69 63 40 74 68 61 77 74 65 2E 63 6F 6D 00 [email protected].
0210: 61 30 5F 31 0B 30 09 06 03 55 04 06 13 02 55 53 a0_1.0...U....US
0220: 31 20 30 1E 06 03 55 04 0A 13 17 52 53 41 20 44 1 0...U....RSA D
0230: 61 74 61 20 53 65 63 75 72 69 74 79 2C 20 49 6E ata Security, In
0240: 63 2E 31 2E 30 2C 06 03 55 04 0B 13 25 53 65 63 c.1.0,..U...%Sec
0250: 75 72 65 20 53 65 72 76 65 72 20 43 65 72 74 69 ure Server Certi
0260: 66 69 63 61 74 69 6F 6E 20 41 75 74 68 6F 72 69 fication Authori
0270: 74 79 00 61 30 5F 31 0B 30 09 06 03 55 04 06 13 ty.a0_1.0...U...
0280: 02 55 53 31 17 30 15 06 03 55 04 0A 13 0E 56 65 .US1.0...U....Ve
0290: 72 69 53 69 67 6E 2C 20 49 6E 63 2E 31 37 30 35 riSign, Inc.1705
02A0: 06 03 55 04 0B 13 2E 43 6C 61 73 73 20 34 20 50 ..U....Class 4 P
02B0: 75 62 6C 69 63 20 50 72 69 6D 61 72 79 20 43 65 ublic Primary Ce
02C0: 72 74 69 66 69 63 61 74 69 6F 6E 20 41 75 74 68 rtification Auth
02D0: 6F 72 69 74 79 00 61 30 5F 31 0B 30 09 06 03 55 ority.a0_1.0...U
02E0: 04 06 13 02 55 53 31 17 30 15 06 03 55 04 0A 13 ....US1.0...U...
02F0: 0E 56 65 72 69 53 69 67 6E 2C 20 49 6E 63 2E 31 .VeriSign, Inc.1
0300: 37 30 35 06 03 55 04 0B 13 2E 43 6C 61 73 73 20 705..U....Class
0310: 31 20 50 75 62 6C 69 63 20 50 72 69 6D 61 72 79 1 Public Primary
0320: 20 43 65 72 74 69 66 69 63 61 74 69 6F 6E 20 41 Certification A
0330: 75 74 68 6F 72 69 74 79 00 D2 30 81 CF 31 0B 30 uthority..0..1.0
0340: 09 06 03 55 04 06 13 02 5A 41 31 15 30 13 06 03 ...U....ZA1.0...
0350: 55 04 08 13 0C 57 65 73 74 65 72 6E 20 43 61 70 U....Western Cap
0360: 65 31 12 30 10 06 03 55 04 07 13 09 43 61 70 65 e1.0...U....Cape
0370: 20 54 6F 77 6E 31 1A 30 18 06 03 55 04 0A 13 11 Town1.0...U....
0380: 54 68 61 77 74 65 20 43 6F 6E 73 75 6C 74 69 6E Thawte Consultin
0390: 67 31 28 30 26 06 03 55 04 0B 13 1F 43 65 72 74 g1(0&..U....Cert
03A0: 69 66 69 63 61 74 69 6F 6E 20 53 65 72 76 69 63 ification Servic
03B0: 65 73 20 44 69 76 69 73 69 6F 6E 31 23 30 21 06 es Division1#0!.
03C0: 03 55 04 03 13 1A 54 68 61 77 74 65 20 50 65 72 .U....Thawte Per
03D0: 73 6F 6E 61 6C 20 50 72 65 6D 69 75 6D 20 43 41 sonal Premium CA
03E0: 31 2A 30 28 06 09 2A 86 48 86 F7 0D 01 09 01 16 1*0(..*.H.......
03F0: 1B 70 65 72 73 6F 6E 61 6C 2D 70 72 65 6D 69 75 .personal-premiu
0400: 6D 40 74 68 61 77 74 65 2E 63 6F 6D 00 D4 30 81 [email protected].
0410: D1 31 0B 30 09 06 03 55 04 06 13 02 5A 41 31 15 .1.0...U....ZA1.
0420: 30 13 06 03 55 04 08 13 0C 57 65 73 74 65 72 6E 0...U....Western
0430: 20 43 61 70 65 31 12 30 10 06 03 55 04 07 13 09 Cape1.0...U....
0440: 43 61 70 65 20 54 6F 77 6E 31 1A 30 18 06 03 55 Cape Town1.0...U
0450: 04 0A 13 11 54 68 61 77 74 65 20 43 6F 6E 73 75 ....Thawte Consu
0460: 6C 74 69 6E 67 31 28 30 26 06 03 55 04 0B 13 1F lting1(0&..U....
0470: 43 65 72 74 69 66 69 63 61 74 69 6F 6E 20 53 65 Certification Se
0480: 72 76 69 63 65 73 20 44 69 76 69 73 69 6F 6E 31 rvices Division1
0490: 24 30 22 06 03 55 04 03 13 1B 54 68 61 77 74 65 $0"..U....Thawte
04A0: 20 50 65 72 73 6F 6E 61 6C 20 46 72 65 65 6D 61 Personal Freema
04B0: 69 6C 20 43 41 31 2B 30 29 06 09 2A 86 48 86 F7 il CA1+0)..*.H..
04C0: 0D 01 09 01 16 1C 70 65 72 73 6F 6E 61 6C 2D 66 ......personal-f
04D0: 72 65 65 6D 61 69 6C 40 74 68 61 77 74 65 2E 63 [email protected]
04E0: 6F 6D 00 5D 30 5B 31 0B 30 09 06 03 55 04 06 13 om.]0[1.0...U...
04F0: 02 42 45 31 0B 30 09 06 03 55 04 08 13 02 42 45 .BE1.0...U....BE
0500: 31 0B 30 09 06 03 55 04 07 13 02 42 45 31 11 30 1.0...U....BE1.0
0510: 0F 06 03 55 04 0A 13 08 44 65 6C 61 77 61 72 65 ...U....Delaware
0520: 31 11 30 0F 06 03 55 04 0B 13 08 44 65 6C 61 77 1.0...U....Delaw
0530: 61 72 65 31 0C 30 0A 06 03 55 04 03 13 03 6B 77 are1.0...U....kw
0540: 73 00 61 30 5F 31 0B 30 09 06 03 55 04 06 13 02 s.a0_1.0...U....
0550: 55 53 31 17 30 15 06 03 55 04 0A 13 0E 56 65 72 US1.0...U....Ver
0560: 69 53 69 67 6E 2C 20 49 6E 63 2E 31 37 30 35 06 iSign, Inc.1705.
0570: 03 55 04 0B 13 2E 43 6C 61 73 73 20 32 20 50 75 .U....Class 2 Pu
0580: 62 6C 69 63 20 50 72 69 6D 61 72 79 20 43 65 72 blic Primary Cer
0590: 74 69 66 69 63 61 74 69 6F 6E 20 41 75 74 68 6F tification Autho
05A0: 72 69 74 79 00 C7 30 81 C4 31 0B 30 09 06 03 55 rity..0..1.0...U
05B0: 04 06 13 02 5A 41 31 15 30 13 06 03 55 04 08 13 ....ZA1.0...U...
05C0: 0C 57 65 73 74 65 72 6E 20 43 61 70 65 31 12 30 .Western Cape1.0
05D0: 10 06 03 55 04 07 13 09 43 61 70 65 20 54 6F 77 ...U....Cape Tow
05E0: 6E 31 1D 30 1B 06 03 55 04 0A 13 14 54 68 61 77 n1.0...U....Thaw
05F0: 74 65 20 43 6F 6E 73 75 6C 74 69 6E 67 20 63 63 te Consulting cc
0600: 31 28 30 26 06 03 55 04 0B 13 1F 43 65 72 74 69 1(0&..U....Certi
0610: 66 69 63 61 74 69 6F 6E 20 53 65 72 76 69 63 65 fication Service
0620: 73 20 44 69 76 69 73 69 6F 6E 31 19 30 17 06 03 s Division1.0...
0630: 55 04 03 13 10 54 68 61 77 74 65 20 53 65 72 76 U....Thawte Serv
0640: 65 72 20 43 41 31 26 30 24 06 09 2A 86 48 86 F7 er CA1&0$..*.H..
0650: 0D 01 09 01 16 17 73 65 72 76 65 72 2D 63 65 72 ......server-cer
0660: 74 73 40 74 68 61 77 74 65 2E 63 6F 6D [email protected]
*** ServerHelloDone
[read] MD5 and SHA1 hashes: len = 4
0000: 0E 00 00 00 ....
*** Certificate chain
JsseJCE: Using JSSE internal implementation for cipher RSA/ECB/PKCS1Padding
*** ClientKeyExchange, RSA PreMasterSecret, v3.1
Random Secret: { 3, 1, 183, 52, 32, 171, 15, 252, 104, 26, 122, 4, 33, 152, 207, 169, 53, 3, 54, 92, 207, 235, 108, 124, 43, 137, 189, 40, 155, 244, 16, 195, 171, 111, 45, 24, 118, 251, 161, 5, 255, 221, 102, 77, 136, 92, 253, 146 }
[write] MD5 and SHA1 hashes: len = 141
0000: 0B 00 00 03 00 00 00 10 00 00 82 00 80 E7 73 AF ..............s.
0010: 77 3C B9 37 C3 23 58 BB 44 7E B0 E1 EE D1 6F 37 w<.7.#X.D.....o7
0020: E9 C2 CB CD 5B 36 80 61 76 69 28 FA 66 E5 19 31 ....[6.avi(.f..1
0030: AF C5 CE 1D D0 B1 C0 A3 31 D4 2E 1A DB 1E CC 21 ........1......!
0040: 7F B9 9F 8C 6A B8 4C 43 50 78 95 CF 51 E3 9E 97 ....j.LCPx..Q...
0050: BF 07 DC 25 DE 56 D7 A5 7C D7 7D 5C D4 47 16 5D ...%.V.....\.G.]
0060: 54 FC FE 6C D8 C7 17 AB 18 A0 EE 31 B6 38 10 29 T..l.......1.8.)
0070: C4 D6 75 5B DB 1F B2 2B 20 28 40 C5 96 E4 E3 7A ..u[...+ (@....z
0080: 5C D6 85 C3 03 05 F5 38 FE 34 72 EF 3F \......8.4r.?
main, WRITE: SSL v3.1 Handshake, length = 141
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 B7 34 20 AB 0F FC 68 1A 7A 04 21 98 CF A9 ...4 ...h.z.!...
0010: 35 03 36 5C CF EB 6C 7C 2B 89 BD 28 9B F4 10 C3 5.6\..l.+..(....
0020: AB 6F 2D 18 76 FB A1 05 FF DD 66 4D 88 5C FD 92 .o-.v.....fM.\..
CONNECTION KEYGEN:
Client Nonce:
0000: 3F 84 09 08 2B 04 F4 67 36 6E 63 80 A2 84 16 02 ?...+..g6nc.....
0010: C5 70 5B 69 04 85 F9 72 8E 7A 2C CB 9C BC 84 64 .p[i...r.z,....d
Server Nonce:
0000: 3F 84 09 08 02 CF ED 36 65 77 74 21 3B 36 38 6F ?......6ewt!;68o
0010: AA 6E 5C 81 B2 43 7C 2E BB 99 F7 1B D8 C5 15 E8 .n\..C..........
Master Secret:
0000: 92 AB 4A D6 D4 F1 35 46 3D F8 20 64 7D 0D 1D 3C ..J...5F=. d...<
0010: 6D 12 61 D7 B6 21 1D F9 9E F2 A3 1E C8 72 16 48 m.a..!.......r.H
0020: 7E EB ED BD 71 66 89 36 8D A4 AA 30 A7 B6 F9 E3 ....qf.6...0....
Client MAC write Secret:
0000: FB B5 C5 28 A0 EF A9 2C 6F 6E 9A 8E 46 21 F8 5D ...(...,on..F!.]
0010: 21 3A F3 5A !:.Z
Server MAC write Secret:
0000: AC B4 8C 0C 19 E9 70 87 86 2C 88 19 74 96 CB 86 ......p..,..t...
0010: E1 57 28 D0 .W(.
Client write key:
0000: 67 8C 40 8A 0E F6 66 02 AA 57 A9 46 3E 4C 2B 0B [email protected]>L+.
Server write key:
0000: 39 79 50 0C 26 2A 0C 06 34 57 9F D0 ED 9E 76 1A 9yP.&*..4W....v.
... no IV for cipher
main, WRITE: SSL v3.1 Change Cipher Spec, length = 1
JsseJCE: Using JSSE internal implementation for cipher RC4
*** Finished, v3.1
verify_data: { 2, 131, 239, 184, 3, 52, 180, 31, 246, 47, 142, 241 }
[write] MD5 and SHA1 hashes: len = 16
0000: 14 00 00 0C 02 83 EF B8 03 34 B4 1F F6 2F 8E F1 .........4.../..
Plaintext before ENCRYPTION: len = 36
0000: 14 00 00 0C 02 83 EF B8 03 34 B4 1F F6 2F 8E F1 .........4.../..
0010: E8 92 3D 1E 0C A5 0A B2 E3 71 7A E9 02 41 91 20 ..=......qz..A.
0020: 30 86 A2 47 0..G
main, WRITE: SSL v3.1 Handshake, length = 36
waiting for close_notify or alert: state 1
Exception while waiting for close java.net.SocketException: Software caused connection abort: JVM_recv in socket input stream read
main, SEND SSL v3.1 ALERT: warning, description = close_notify
Plaintext before ENCRYPTION: len = 22
0000: 01 00 BD 94 A3 63 BB DA 73 4F 7A 85 4B 79 25 76 .....c..sOz.Ky%v
0010: 8B 08 0F FF CE FC ......
main, WRITE: SSL v3.1 Alert, length = 22
java.net.SocketException: Software caused connection abort: JVM_recv in socket input stream read
at java.net.SocketInputStream.socketRead0(Native Method)
at java.net.SocketInputStream.read(SocketInputStream.java:116)
at com.sun.net.ssl.internal.ssl.InputRecord.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.InputRecord.read(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.HandshakeOutStream.flush(DashoA6275)
at com.sun.net.ssl.internal.ssl.Handshaker.sendChangeCipherSpec(DashoA6275)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.g(DashoA6275)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(DashoA6275)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
at org.apache.commons.httpclient.HttpConnection$WrappedOutputStream.write(HttpConnection.java:1344)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:69)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:127)
at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:779)
at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2179)
at org.apache.commons.httpclient.HttpMethodBase.processRequest(HttpMethodBase.java:2534)
at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1047)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:638)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:500)
at kws.testing.out.HTTPClient.main(HTTPClient.java:60)
Exception in thread "main"
Does someone have an idea on how to get client authentication (without password) work?
regards,
Kenneth... no IV for cipher
This line is in my debug and the debug posted in the original message.
Am having the same problem of accessing a page with a Client Side Cert that uses a password. I get debug that has the "no IV for cipher" message. It does not throw
an exception, but gets a 403 from server.
Does anyone know? Will a Client Side Cert with a Symmetric Key work in Java APIs?
I load the .pfx cert into a Java KeyStore and send this to Apache HTTPClient. -
Mail Services connection times out after 10.5.8 - 10.6.4 upgrade
I have been running a mail server on my macosxserver02.binghamton.edu (128.226.xx.x) for Podcast Producer email notifications only. The mail service has been running fine until I recently upgraded the server to Apple's latest server software: Snow Leopard Server (10.6.4).
After the upgrade I'm no longer able to receive mail to the mail server from outside it's domain (macosxserver02.binghamton.edu). I can send and receive mail locally from within that domain. I can send mail outside of the domain without any trouble to my personal email account [email protected], but not my work account: [email protected]. If I try to send from outside the domain -- say with my Binghamton Univ account -- the mail bounces back with this message:
Delivery to the following recipient has been delayed:
[email protected]
Message will be retried for 2 more day(s)
Technical details of temporary failure:
The recipient server did not accept our requests to connect. Learn more at http://mail.google.com/support/bin/answer.py?answer=7720
[macosxserver02.binghamton.edu (1): Connection timed out]
---- Original message -----
Received: by 10.224.102.202 with SMTP id h10mr6012071qao.49.1277903965341;
Wed, 30 Jun 2010 06:19:25 -0700 (PDT)
Return-Path: <[email protected]>
Received: from [128.226.62.7] ([128.226.62.7])
by mx.google.com with ESMTPS id v20sm41975621qce.46.2010.06.30.06.19.24
(version=TLSv1/SSLv3 cipher=RC4-MD5);
Wed, 30 Jun 2010 06:19:24 -0700 (PDT)
From: Cheryl Tarbox <[email protected]>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Subject: another attempt
Date: Wed, 30 Jun 2010 09:19:22 -0400
Message-Id: <[email protected]>
To: [email protected],
[email protected]
Mime-Version: 1.0 (Apple Message framework v1078)
X-Mailer: Apple Mail (2.1078)
One thing to note about the .binghamton.edu domain is that we recently switched to Google Mail and .binghamton.edu is our branded domain within google.com.
DNS is managed on another server. I had an MX record added to my server this morning.
I have these ports open on my firewall: 143, 993, 25, 587 (POP is not enabled)
In ServerAdmin>Mail>Settings>Relay 'Accept SMTP relays only from these hosts and networks' is checked with
127.0.0.0/8
128.226.62.0/26 (my local subnet)
In ServerAdmin>Mail>Settings>Filters Junk Mail and Virus filtering is not enabled, so greylisting should not be a problem. I did confirm this line in main.cf: smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks reje ct_unauth_destination permit
10MB quota is set, Mailing Lists not enabled, Logging set at Information
In ServerAdmin>Mail>Settings>Advanced>Security I am not using SSL. I do have a valid certificate that I would like to use after I get this back up and running.
In ServerAdmin>Mail>Settings>Hosting 'Include server's domain as local host alias' is checked with
localhost
binghamton.edu
Virtual hosting is not enabled.
Here is the output of: postconf -n:
macosxserver02:~ academic$ postconf -n
2bounce_notice_recipient = postmaster
access_map_reject_code = 554
address_verify_default_transport = $default_transport
address_verify_local_transport = $local_transport
address_verify_map =
address_verify_negative_cache = yes
address_verify_negative_expire_time = 3d
address_verify_negative_refresh_time = 3h
address_verify_poll_count = 3
address_verify_poll_delay = 3s
address_verify_positive_expire_time = 31d
address_verify_positive_refresh_time = 7d
address_verify_relay_transport = $relay_transport
address_verify_relayhost = $relayhost
address_verify_sender = $double_bounce_sender
address_verify_sender_dependent_relayhost_maps = $sender_dependent_relayhost_maps
address_verify_service_name = verify
address_verify_transport_maps = $transport_maps
address_verify_virtual_transport = $virtual_transport
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
allow_mail_to_commands = alias, forward
allow_mail_to_files = alias, forward
always_bcc =
anvil_rate_time_unit = 60s
anvil_status_update_time = 600s
application_event_drain_time = 100s
authorized_flush_users = static:anyone
authorized_mailq_users = static:anyone
authorized_submit_users = static:anyone
backwards_bounce_logfile_compatibility = yes
berkeley_db_create_buffer_size = 16777216
berkeley_db_read_buffer_size = 131072
best_mx_transport =
body_checks_size_limit = 51200
bounce_notice_recipient = postmaster
bounce_queue_lifetime = 5d
bounce_service_name = bounce
bounce_size_limit = 50000
bounce_template_file =
canonical_classes = envelope_sender, envelope_recipient, header_sender, header_recipient
check_for_od_forward = yes
cleanup_service_name = cleanup
command_directory = /usr/sbin
command_execution_directory =
command_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
command_time_limit = 1000s
config_directory = /etc/postfix
connection_cache_protocol_timeout = 5s
connection_cache_service_name = scache
connection_cache_status_update_time = 600s
connection_cache_ttl_limit = 2s
content_filter =
cyrus_sasl_config_path =
daemon_directory = /usr/libexec/postfix
daemon_timeout = 18000s
data_directory = /var/lib/postfix
debug_peer_level = 2
debug_peer_list =
default_database_type = hash
default_delivery_slot_cost = 5
default_delivery_slot_discount = 50
default_delivery_slot_loan = 3
default_destination_concurrency_failed_cohort_limit = 1
default_destination_concurrency_limit = 20
default_destination_concurrency_negative_feedback = 1
default_destination_concurrency_positive_feedback = 1
default_destination_rate_delay = 0s
default_destination_recipient_limit = 50
default_extra_recipient_limit = 1000
default_minimum_delivery_slots = 3
default_privs = nobody
default_process_limit = 100
default_rbl_reply = $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using $rbl_domain${rbl_reason?; $rbl_reason}
default_recipient_limit = 20000
default_recipient_refill_delay = 5s
default_recipient_refill_limit = 100
default_transport = smtp
default_verp_delimiters = +=
defer_code = 450
defer_service_name = defer
defer_transports =
delay_logging_resolution_limit = 2
delay_notice_recipient = postmaster
delay_warning_time = 0h
deliver_lock_attempts = 20
deliver_lock_delay = 1s
destination_concurrency_feedback_debug = no
detect_8bit_encoding_header = yes
dont_remove = 0
double_bounce_sender = double-bounce
duplicate_filter_limit = 1000
empty_address_recipient = MAILER-DAEMON
empty_address_relayhost_maps_lookup_key =
enable_original_recipient = yes
enable_server_options = yes
error_notice_recipient = postmaster
error_service_name = error
execution_directory_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
export_environment = TZ MAIL_CONFIG LANG
fallback_transport =
fallback_transport_maps =
fast_flush_domains = $relay_domains
fast_flush_purge_time = 7d
fast_flush_refresh_time = 12h
fault_injection_code = 0
flush_service_name = flush
fork_attempts = 5
fork_delay = 1s
forward_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
forward_path = $home/.forward${recipient_delimiter}${extension}, $home/.forward
frozen_delivered_to = yes
hash_queue_depth = 1
hash_queue_names = deferred,defer
header_address_token_limit = 10240
header_checks =
header_size_limit = 102400
hopcount_limit = 50
html_directory = no
import_environment = MAIL_CONFIG MAIL_DEBUG MAIL_LOGTAG TZ XAUTHORITY DISPLAY LANG=C
in_flow_delay = 1s
inet_interfaces = all
inet_protocols = ipv4
initial_destination_concurrency = 5
internal_mail_filter_classes =
invalid_hostname_reject_code = 501
ipc_idle = 5s
ipc_timeout = 3600s
ipc_ttl = 1000s
line_length_limit = 2048
lmtp_bind_address =
lmtp_bind_address6 =
lmtp_body_checks =
lmtp_cname_overrides_servername = no
lmtp_connect_timeout = 0s
lmtp_connection_cache_destinations =
lmtp_connection_cache_on_demand = yes
lmtp_connection_cache_time_limit = 2s
lmtp_connection_reuse_time_limit = 300s
lmtp_data_done_timeout = 600s
lmtp_data_init_timeout = 120s
lmtp_data_xfer_timeout = 180s
lmtp_defer_if_no_mx_address_found = no
lmtp_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
lmtp_destination_concurrency_limit = $default_destination_concurrency_limit
lmtp_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
lmtp_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
lmtp_destination_rate_delay = $default_destination_rate_delay
lmtp_destination_recipient_limit = $default_destination_recipient_limit
lmtp_discard_lhlo_keyword_address_maps =
lmtp_discard_lhlo_keywords =
lmtp_enforce_tls = no
lmtp_generic_maps =
lmtp_header_checks =
lmtp_host_lookup = dns
lmtp_initial_destination_concurrency = $initial_destination_concurrency
lmtp_lhlo_name = $myhostname
lmtp_lhlo_timeout = 300s
lmtp_line_length_limit = 990
lmtp_mail_timeout = 300s
lmtp_mime_header_checks =
lmtp_mx_address_limit = 5
lmtp_mx_session_limit = 2
lmtp_nested_header_checks =
lmtp_pix_workaround_delay_time = 10s
lmtp_pix_workaround_maps =
lmtp_pix_workaround_threshold_time = 500s
lmtp_pix_workarounds = disable_esmtp,delay_dotcrlf
lmtp_quit_timeout = 300s
lmtp_quote_rfc821_envelope = yes
lmtp_randomize_addresses = yes
lmtp_rcpt_timeout = 300s
lmtp_rset_timeout = 20s
lmtp_sasl_auth_cache_name =
lmtp_sasl_auth_cache_time = 90d
lmtp_sasl_auth_soft_bounce = yes
lmtp_sasl_mechanism_filter =
lmtp_sasl_path =
lmtp_sasl_security_options = noplaintext, noanonymous
lmtp_sasl_tls_security_options = $lmtp_sasl_security_options
lmtp_sasl_tls_verified_security_options = $lmtp_sasl_tls_security_options
lmtp_sasl_type = cyrus
lmtp_send_xforward_command = no
lmtp_sender_dependent_authentication = no
lmtp_skip_5xx_greeting = yes
lmtp_starttls_timeout = 300s
lmtp_tcp_port = 24
lmtp_tls_CAfile =
lmtp_tls_CApath =
lmtp_tls_cert_file =
lmtp_tls_dcert_file =
lmtp_tls_dkey_file = $lmtp_tls_dcert_file
lmtp_tls_enforce_peername = yes
lmtp_tls_exclude_ciphers =
lmtp_tls_fingerprint_cert_match =
lmtp_tls_fingerprint_digest = md5
lmtp_tls_key_file = $lmtp_tls_cert_file
lmtp_tls_loglevel = 0
lmtp_tls_mandatory_ciphers = medium
lmtp_tls_mandatory_exclude_ciphers =
lmtp_tls_mandatory_protocols = SSLv3, TLSv1
lmtp_tls_note_starttls_offer = no
lmtp_tls_per_site =
lmtp_tls_policy_maps =
lmtp_tls_scert_verifydepth = 9
lmtp_tls_secure_cert_match = nexthop
lmtp_tls_security_level =
lmtp_tls_session_cache_database =
lmtp_tls_session_cache_timeout = 3600s
lmtp_tls_verify_cert_match = hostname
lmtp_use_tls = no
lmtp_xforward_timeout = 300s
local_command_shell =
local_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
local_destination_concurrency_limit = 2
local_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
local_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
local_destination_rate_delay = $default_destination_rate_delay
local_destination_recipient_limit = 1
local_header_rewrite_clients = permit_inet_interfaces
local_initial_destination_concurrency = $initial_destination_concurrency
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
local_transport = local:$myhostname
luser_relay = pcastadmin
mail_name = Postfix
mail_owner = _postfix
mail_release_date = 20080902
mail_spool_directory = /var/mail
mail_version = 2.5.5
mailbox_command =
mailbox_command_maps =
mailbox_delivery_lock = flock, dotlock
mailbox_size_limit = 0
mailbox_transport = dovecot
mailbox_transport_maps =
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
maps_rbl_domains =
maps_rbl_reject_code = 554
masquerade_classes = envelope_sender, header_sender, header_recipient
masquerade_domains =
masquerade_exceptions =
max_idle = 100s
max_use = 100
maximal_backoff_time = 4000s
maximal_queue_lifetime = 5d
message_reject_characters =
message_size_limit = 10485760
message_strip_characters =
milter_command_timeout = 30s
milter_connect_macros = j {daemon_name} v
milter_connect_timeout = 30s
milter_content_timeout = 300s
milter_data_macros = i
milter_default_action = tempfail
milter_end_of_data_macros = i
milter_end_of_header_macros = i
milter_helo_macros = {tls_version} {cipher} {cipher_bits} {cert_subject} {cert_issuer}
milter_macro_daemon_name = $myhostname
milter_macro_v = $mail_name $mail_version
milter_mail_macros = i {auth_type} {auth_authen} {auth_author} {mail_addr}
milter_protocol = 2
milter_rcpt_macros = i {rcpt_addr}
milter_unknown_command_macros =
mime_boundary_length_limit = 2048
mime_header_checks = $header_checks
mime_nesting_limit = 100
minimal_backoff_time = 300s
multi_recipient_bounce_reject_code = 550
mydestination = $myhostname, localhost.$mydomain, localhost, binghamton.edu, $mydomain
mydomain = binghamton.edu
mydomain_fallback = localhost
myhostname = macosxserver02.binghamton.edu
mynetworks = 127.0.0.0/8,128.226.62.0/26
mynetworks_style = subnet
myorigin = $myhostname
nested_header_checks = $header_checks
newaliases_path = /usr/bin/newaliases
non_fqdn_reject_code = 504
non_smtpd_milters =
notify_classes = resource, software
parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_a uthorized_clients,relay_domains,smtpd_access_maps
permit_mx_backup_networks =
pickup_service_name = pickup
plaintext_reject_code = 450
prepend_delivered_header = command, file, forward
process_id_directory = pid
propagate_unmatched_extensions = canonical, virtual
proxy_interfaces =
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $sender_bcc_maps $recipient_bcc_maps $smtp_generic_maps $lmtp_generic_maps
proxy_write_maps = $smtp_sasl_auth_cache_name $lmtp_sasl_auth_cache_name
qmgr_clog_warn_time = 300s
qmgr_fudge_factor = 100
qmgr_message_active_limit = 20000
qmgr_message_recipient_limit = 20000
qmgr_message_recipient_minimum = 10
qmqpd_authorized_clients =
qmqpd_client_port_logging = no
qmqpd_error_delay = 1s
qmqpd_timeout = 300s
queue_directory = /private/var/spool/postfix
queue_file_attribute_count_limit = 100
queue_minfree = 0
queue_run_delay = 300s
queue_service_name = qmgr
rbl_reply_maps =
readme_directory = /usr/share/doc/postfix
receive_override_options =
recipient_bcc_maps =
recipient_canonical_classes = envelope_recipient, header_recipient
reject_code = 554
relay_clientcerts =
relay_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
relay_destination_concurrency_limit = $default_destination_concurrency_limit
relay_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
relay_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
relay_destination_rate_delay = $default_destination_rate_delay
relay_destination_recipient_limit = $default_destination_recipient_limit
relay_domains = $mydestination
relay_domains_reject_code = 554
relay_initial_destination_concurrency = $initial_destination_concurrency
relay_recipient_maps =
relay_transport = relay
relayhost =
relocated_maps =
remote_header_rewrite_domain =
resolve_null_domain = no
resolve_numeric_domain = no
rewrite_service_name = rewrite
sample_directory = /usr/share/doc/postfix/examples
send_cyrus_sasl_authzid = no
sender_bcc_maps =
sender_canonical_classes = envelope_sender, header_sender
sender_canonical_maps =
sender_dependent_relayhost_maps =
sendmail_path = /usr/sbin/sendmail
service_throttle_time = 60s
setgid_group = _postdrop
showq_service_name = showq
smtp_bind_address6 =
smtp_body_checks =
smtp_cname_overrides_servername = no
smtp_connect_timeout = 30s
smtp_connection_cache_destinations =
smtp_connection_cache_on_demand = yes
smtp_connection_cache_time_limit = 2s
smtp_connection_reuse_time_limit = 300s
smtp_data_done_timeout = 600s
smtp_data_init_timeout = 120s
smtp_data_xfer_timeout = 180s
smtp_defer_if_no_mx_address_found = no
smtp_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
smtp_destination_concurrency_limit = $default_destination_concurrency_limit
smtp_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
smtp_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
smtp_destination_rate_delay = $default_destination_rate_delay
smtp_destination_recipient_limit = $default_destination_recipient_limit
smtp_discard_ehlo_keyword_address_maps =
smtp_discard_ehlo_keywords =
smtp_enforce_tls = no
smtp_fallback_relay = $fallback_relay
smtp_generic_maps =
smtp_header_checks =
smtp_helo_name = $myhostname
smtp_helo_timeout = 300s
smtp_host_lookup = dns
smtp_initial_destination_concurrency = $initial_destination_concurrency
smtp_line_length_limit = 990
smtp_mail_timeout = 300s
smtp_mime_header_checks =
smtp_mx_address_limit = 5
smtp_mx_session_limit = 2
smtp_nested_header_checks =
smtp_pix_workaround_delay_time = 10s
smtp_pix_workaround_maps =
smtp_pix_workaround_threshold_time = 500s
smtp_pix_workarounds = disable_esmtp,delay_dotcrlf
smtp_quit_timeout = 300s
smtp_quote_rfc821_envelope = yes
smtp_rcpt_timeout = 300s
smtp_rset_timeout = 20s
smtp_sasl_auth_cache_name =
smtp_sasl_auth_cache_time = 90d
smtp_sasl_auth_soft_bounce = yes
smtp_sasl_mechanism_filter =
smtp_sasl_password_maps =
smtp_sasl_path =
smtp_sasl_security_options = noplaintext, noanonymous
smtp_sasl_tls_security_options = $smtp_sasl_security_options
smtp_sasl_tls_verified_security_options = $smtp_sasl_tls_security_options
smtp_sasl_type = cyrus
smtp_send_xforward_command = no
smtp_sender_dependent_authentication = no
smtp_starttls_timeout = 300s
smtp_tls_CAfile =
smtp_tls_CApath =
smtp_tls_cert_file =
smtp_tls_dcert_file =
smtp_tls_dkey_file = $smtp_tls_dcert_file
smtp_tls_enforce_peername = yes
smtp_tls_exclude_ciphers =
smtp_tls_fingerprint_cert_match =
smtp_tls_fingerprint_digest = md5
smtp_tls_key_file = $smtp_tls_cert_file
smtp_tls_loglevel = 0
smtp_tls_mandatory_ciphers = medium
smtp_tls_mandatory_exclude_ciphers =
smtp_tls_mandatory_protocols = SSLv3, TLSv1
smtp_tls_note_starttls_offer = no
smtp_tls_per_site =
smtp_tls_policy_maps =
smtp_tls_scert_verifydepth = 9
smtp_tls_secure_cert_match = nexthop, dot-nexthop
smtp_tls_security_level =
smtp_tls_session_cache_database =
smtp_tls_session_cache_timeout = 3600s
smtp_tls_verify_cert_match = hostname
smtp_use_tls = no
smtp_xforward_timeout = 300s
smtpd_authorized_verp_clients = $authorized_verp_clients
smtpd_authorized_xclient_hosts =
smtpd_authorized_xforward_hosts =
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_connection_count_limit = 50
smtpd_client_connection_rate_limit = 0
smtpd_client_event_limit_exceptions = ${smtpd_client_connection_limit_exceptions:$mynetworks}
smtpd_client_message_rate_limit = 0
smtpd_client_new_tls_session_rate_limit = 0
smtpd_client_port_logging = no
smtpd_client_recipient_rate_limit = 0
smtpd_client_restrictions =
smtpd_data_restrictions =
smtpd_delay_open_until_valid_rcpt = yes
smtpd_discard_ehlo_keyword_address_maps =
smtpd_discard_ehlo_keywords =
smtpd_end_of_data_restrictions =
smtpd_enforce_tls = no
smtpd_error_sleep_time = 1s
smtpd_etrn_restrictions =
smtpd_expansion_filter = \t\40!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghi jklmnopqrstuvwxyz{|}~
smtpd_forbidden_commands = CONNECT GET POST
smtpd_hard_error_limit = 20
smtpd_helo_required = no
smtpd_helo_restrictions =
smtpd_history_flush_threshold = 100
smtpd_junk_command_limit = 100
smtpd_milters =
smtpd_noop_commands =
smtpd_null_access_lookup_key =
smtpd_peername_lookup = yes
smtpd_policy_service_max_idle = 300s
smtpd_policy_service_max_ttl = 1000s
smtpd_policy_service_timeout = 100s
smtpd_proxy_ehlo = $myhostname
smtpd_proxy_filter =
smtpd_proxy_timeout = 100s
smtpd_pw_server_security_options = login,plain
smtpd_recipient_limit = 1000
smtpd_recipient_overshoot_limit = 1000
smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks reject_unauth_destination permit
smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = no
smtpd_restriction_classes =
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_exceptions_networks =
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_sasl_type = cyrus
smtpd_sender_login_maps =
smtpd_sender_restrictions =
smtpd_soft_error_limit = 10
smtpd_starttls_timeout = 300s
smtpd_timeout = 300s
smtpd_tls_CAfile = /etc/certificates/*.binghamton.edu.1C15A00CCD190A0295A8587B951BA187BFD560ED.cha in.pem
smtpd_tls_CApath =
smtpd_tls_always_issue_session_ids = yes
smtpd_tls_ask_ccert = no
smtpd_tls_auth_only = no
smtpd_tls_ccert_verifydepth = 9
smtpd_tls_cert_file = /etc/certificates/*.binghamton.edu.1C15A00CCD190A0295A8587B951BA187BFD560ED.cer t.pem
smtpd_tls_dcert_file =
smtpd_tls_dh1024_param_file =
smtpd_tls_dh512_param_file =
smtpd_tls_dkey_file = $smtpd_tls_dcert_file
smtpd_tls_exclude_ciphers =
smtpd_tls_fingerprint_digest = md5
smtpd_tls_key_file = /etc/certificates/*.binghamton.edu.1C15A00CCD190A0295A8587B951BA187BFD560ED.key .pem
smtpd_tls_loglevel = 0
smtpd_tls_mandatory_ciphers = medium
smtpd_tls_mandatory_exclude_ciphers =
smtpd_tls_mandatory_protocols = SSLv3, TLSv1
smtpd_tls_received_header = no
smtpd_tls_req_ccert = no
smtpd_tls_security_level =
smtpd_tls_session_cache_database =
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_wrappermode = no
smtpd_use_pw_server = yes
smtpd_use_tls = no
stale_lock_time = 500s
stress =
strict_mailbox_ownership = yes
syslog_facility = mail
syslog_name = postfix
tls_daemon_random_bytes = 32
tls_export_cipherlist = ALL:+RC4:@STRENGTH
tls_high_cipherlist = ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH
tls_low_cipherlist = ALL:!EXPORT:+RC4:@STRENGTH
tls_medium_cipherlist = ALL:!EXPORT:!LOW:+RC4:@STRENGTH
tls_null_cipherlist = eNULL:!aNULL
tls_random_bytes = 32
tls_random_exchange_name = ${data_directory}/prng_exch
tls_random_prng_update_period = 3600s
tls_random_reseed_period = 3600s
tls_random_source = dev:/dev/urandom
trace_service_name = trace
transport_maps =
transport_retry_time = 60s
trigger_timeout = 10s
undisclosed_recipients_header = To: undisclosed-recipients:;
unknown_address_reject_code = 450
unknown_client_reject_code = 450
unknown_hostname_reject_code = 450
unknown_local_recipient_reject_code = 550
unknown_relay_recipient_reject_code = 550
unknown_virtual_alias_reject_code = 550
unknown_virtual_mailbox_reject_code = 550
unverified_recipient_reject_code = 450
unverified_sender_reject_code = 450
use_getpwnam_ext = yes
use_od_delivery_path = no
verp_delimiter_filter = -=+
virtual_alias_domains = $virtual_alias_maps
virtual_alias_expansion_limit = 1000
virtual_alias_maps =
virtual_alias_recursion_limit = 1000
virtual_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
virtual_destination_concurrency_limit = $default_destination_concurrency_limit
virtual_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
virtual_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
virtual_destination_rate_delay = $default_destination_rate_delay
virtual_destination_recipient_limit = $default_destination_recipient_limit
virtual_gid_maps =
virtual_initial_destination_concurrency = $initial_destination_concurrency
virtual_mailbox_base =
virtual_mailbox_domains = $virtual_mailbox_maps
virtual_mailbox_limit = 51200000
virtual_mailbox_lock = fcntl, dotlock
virtual_mailbox_maps =
virtual_minimum_uid = 100
virtual_transport = virtual
virtual_uid_maps =
macosxserver02:~ academic$
Could someone please help me figure out what is wrong?
Cheryl Tarbox
Macintosh Support Specialist
Binghamton University
[email protected]I found two things that were causing my troubles.
First, port 25 on the switch going to the server was blocked. After this was opened I was able to receive mail to macosxserver02.binghamton.edu. Since this mail server is only used for Podcast Producer notifications, I'm hoping to have this port closed back down after I get Pcast Producer back up and running and fully tested.
Second, when the upgrade from 10.5 -> 10.6 was performed, in ServerAdmin>Mail>Settings>Domain Name, only the .binghamton.edu was populated in this field, not the full domain name of macosxserver02.binghamton.edu. This was preventing me sending mail to our Google branded .binghamton.edu email addresses. Apparently 10.6 was looking locally for all the .binghamton.edu email addresses.
A big thank you to Gordon for looking into this and helping me get this resolved.
Cheryl -
SChannel Fails Authentication on Windows Server 2008 R2 Using TLS1
I am trying to use SChannel to secure a socket connection. I modified the example at
https://msdn.microsoft.com/en-us/library/windows/desktop/aa380537(v=vs.85).aspx, converting it from Negotiate to SChannel. Following the specs for the SSPI APIs I was able the get a Client & Server connection authenticated on Windows 7.
However, when I try running the same programs on Windows Server 2008 R2, either the Client side or Server side fails, depending on how I select the security protocol.
Here is the modified example code, details about my results follow the code.
Client.cpp
// Client-side program to establish an SSPI socket connection
// with a server and exchange messages.
// Define macros and constants.
#include "StdAfx.h"
#include <windows.h>
#include <winsock.h>
#include <stdio.h>
#include <stdlib.h>
#include "SspiExample.h"
#include <string>
#include <iostream>
CredHandle g_hCred;
SecHandle g_hCtext;
#define SSPI_CLIENT "SChannelClient:" __FUNCTION__
void main(int argc, char * argv[])
SOCKET Client_Socket;
BYTE Data[BIG_BUFF];
PCHAR pMessage;
WSADATA wsaData;
SECURITY_STATUS ss;
DWORD cbRead;
ULONG cbHeader;
ULONG cbMaxMessage;
ULONG cbTrailer;
SecPkgContext_StreamSizes SecPkgSizes;
SecPkgContext_PackageInfo SecPkgPkgInfo;
SecPkgContext_ConnectionInfo ConnectionInfo;
BOOL DoAuthentication (SOCKET s, WCHAR * pCertName);
char Server[512] = {0};
WCHAR CertName[512] = {0};
// Validate cmd line parameters
if ( argc != 3 )
LOGA ( ( __log_buf, SSPI_CLIENT " required parameters ServerName & CertName not entered.\n"));
LOGA( ( __log_buf, SSPI_CLIENT " Abort and start over with required parameters.\n") );
std::cin.get();
else
// argv[1] - ServerName - the name of the computer running the server sample.
// argv[2] - TargetName the common name of the certificate provided
// by the target server program.
memcpy(Server, argv[1], strlen(argv[1]));
size_t sizCN;
mbstowcs_s(&sizCN, CertName, strlen(argv[2])+1, argv[2], _TRUNCATE);
LOGA ( ( __log_buf, SSPI_CLIENT " input parameters - ServerName %s CertName %ls.\n", Server, CertName ));
// Initialize the socket and the SSP security package.
if(WSAStartup (0x0101, &wsaData))
MyHandleError( __FUNCTION__ " Could not initialize winsock ");
// Connect to a server.
SecInvalidateHandle( &g_hCtext );
if (!ConnectAuthSocket (
&Client_Socket,
&g_hCred,
&g_hCtext,
Server,
CertName))
MyHandleError( __FUNCTION__ " Authenticated server connection ");
LOGA ( ( __log_buf, SSPI_CLIENT " connection authenticated.\n"));
// An authenticated session with a server has been established.
// Receive and manage a message from the server.
// First, find and display the name of the SSP,
// the transport protocol supported by the SSP,
// and the size of the header, maximum message, and
// trailer blocks for this SSP.
ss = QueryContextAttributes(
&g_hCtext,
SECPKG_ATTR_PACKAGE_INFO,
&SecPkgPkgInfo );
if (!SEC_SUCCESS(ss))
LOGA ( ( __log_buf, SSPI_CLIENT "QueryContextAttributes failed: 0x%08x\n", ss));
MyHandleError( __FUNCTION__ " QueryContextAttributes failed.\n");
else
LOGA ( ( __log_buf, SSPI_CLIENT " Package Name: %ls\n", SecPkgPkgInfo.PackageInfo->Name));
// Free the allocated buffer.
FreeContextBuffer(SecPkgPkgInfo.PackageInfo);
ss = QueryContextAttributes(
&g_hCtext,
SECPKG_ATTR_STREAM_SIZES,
&SecPkgSizes );
if (!SEC_SUCCESS(ss))
LOGA ( ( __log_buf, SSPI_CLIENT " QueryContextAttributes failed: 0x%08x\n", ss));
MyHandleError( __FUNCTION__ " Query context ");
cbHeader = SecPkgSizes.cbHeader;
cbMaxMessage = SecPkgSizes.cbMaximumMessage;
cbTrailer = SecPkgSizes.cbTrailer;
LOGA ( ( __log_buf, SSPI_CLIENT " cbHeader %u, cbMaxMessage %u, cbTrailer %u\n", cbHeader, cbMaxMessage, cbTrailer ));
ss = QueryContextAttributes(
&g_hCtext,
SECPKG_ATTR_CONNECTION_INFO,
&ConnectionInfo );
if (!SEC_SUCCESS(ss))
LOGA ( ( __log_buf, SSPI_CLIENT " QueryContextAttributes failed: 0x%08x\n", ss));
MyHandleError( __FUNCTION__ " Query context ");
switch(ConnectionInfo.dwProtocol)
case SP_PROT_TLS1_CLIENT:
LOGA ( ( __log_buf, SSPI_CLIENT " Protocol: TLS1\n"));
break;
case SP_PROT_SSL3_CLIENT:
LOGA ( ( __log_buf, SSPI_CLIENT " Protocol: SSL3\n"));
break;
case SP_PROT_PCT1_CLIENT:
LOGA ( ( __log_buf, SSPI_CLIENT " Protocol: PCT\n"));
break;
case SP_PROT_SSL2_CLIENT:
LOGA ( ( __log_buf, SSPI_CLIENT " Protocol: SSL2\n"));
break;
default:
LOGA ( ( __log_buf, SSPI_CLIENT " Unknown Protocol: 0x%x\n", ConnectionInfo.dwProtocol));
switch(ConnectionInfo.aiCipher)
case CALG_RC4:
LOGA ( ( __log_buf, SSPI_CLIENT " Cipher: RC4\n");)
break;
case CALG_3DES:
LOGA ( ( __log_buf, SSPI_CLIENT " Cipher: Triple DES\n"));
break;
case CALG_RC2:
LOGA ( ( __log_buf, SSPI_CLIENT " Cipher: RC2\n"));
break;
case CALG_DES:
case CALG_CYLINK_MEK:
LOGA ( ( __log_buf, SSPI_CLIENT " Cipher: DES\n"));
break;
case CALG_SKIPJACK:
LOGA ( ( __log_buf, SSPI_CLIENT " Cipher: Skipjack\n"));
break;
case CALG_AES_256:
LOGA ( ( __log_buf, SSPI_CLIENT " Cipher: AES 256\n"));
break;
default:
LOGA ( ( __log_buf, SSPI_CLIENT " Unknown Cipher: 0x%x\n", ConnectionInfo.aiCipher));
LOGA ( ( __log_buf, SSPI_CLIENT " Cipher strength: %d\n", ConnectionInfo.dwCipherStrength));
switch(ConnectionInfo.aiHash)
case CALG_MD5:
LOGA ( ( __log_buf, SSPI_CLIENT " Hash: MD5\n"));
break;
case CALG_SHA:
LOGA ( ( __log_buf, SSPI_CLIENT " Hash: SHA\n"));
break;
default:
LOGA ( ( __log_buf, SSPI_CLIENT " Unknown Hash: 0x%x\n", ConnectionInfo.aiHash));
LOGA ( ( __log_buf, SSPI_CLIENT " Hash strength: %d\n", ConnectionInfo.dwHashStrength));
switch(ConnectionInfo.aiExch)
case CALG_RSA_KEYX:
case CALG_RSA_SIGN:
LOGA ( ( __log_buf, SSPI_CLIENT " Key exchange: RSA\n"));
break;
case CALG_KEA_KEYX:
LOGA ( ( __log_buf, SSPI_CLIENT " Key exchange: KEA\n"));
break;
case CALG_DH_EPHEM:
LOGA ( ( __log_buf, SSPI_CLIENT " Key exchange: DH Ephemeral\n"));
break;
default:
LOGA ( ( __log_buf, SSPI_CLIENT " Unknown Key exchange: 0x%x\n", ConnectionInfo.aiExch));
LOGA ( ( __log_buf, SSPI_CLIENT " Key exchange strength: %d\n", ConnectionInfo.dwExchStrength));
// Decrypt and display the message from the server.
if (!ReceiveBytes(
Client_Socket,
Data,
BIG_BUFF,
&cbRead))
MyHandleError( __FUNCTION__ " No response from server\n");
if (0 == cbRead)
MyHandleError(__FUNCTION__ " Zero bytes received.\n");
pMessage = (PCHAR) DecryptThis(
Data,
&cbRead,
&g_hCtext);
// Skip the header to get the decrypted message
pMessage += cbHeader;
ULONG cbMessage = cbRead-cbHeader-cbTrailer;
if ((cbMessage == strlen(TEST_MSG)) &&
!strncmp(pMessage, TEST_MSG, strlen(TEST_MSG)) )
LOGA ( ( __log_buf, SSPI_CLIENT " SUCCESS!! The message from the server is \n -> %.*s \n",
cbMessage, pMessage ))
else
LOGA ( ( __log_buf, SSPI_CLIENT " UNEXPECTED message from the server: \n -> %.*s \n",
cbMessage, pMessage ));
LOGA ( ( __log_buf, SSPI_CLIENT " rcvd msg size %u, exp size %u\n", cbMessage, strlen(TEST_MSG) ));
// Terminate socket and security package.
DeleteSecurityContext (&g_hCtext);
FreeCredentialHandle (&g_hCred);
shutdown (Client_Socket, 2);
closesocket (Client_Socket);
if (SOCKET_ERROR == WSACleanup ())
MyHandleError( __FUNCTION__ " Problem with socket cleanup ");
exit (EXIT_SUCCESS);
} // end main
// ConnectAuthSocket establishes an authenticated socket connection
// with a server and initializes needed security package resources.
BOOL ConnectAuthSocket (
SOCKET *s,
CredHandle *g_hCred,
PSecHandle phCtext,
char * pServer,
WCHAR * pCertName)
unsigned long ulAddress;
struct hostent *pHost;
SOCKADDR_IN sin;
// Lookup the server's address.
LOGA ( ( __log_buf, SSPI_CLIENT " entry.\n"));
ulAddress = inet_addr (pServer);
if (INADDR_NONE == ulAddress)
LOGA ( ( __log_buf, SSPI_CLIENT " calling gethostbyname with %s.\n", pServer ));
pHost = gethostbyname (pServer);
if (NULL == pHost)
MyHandleError(__FUNCTION__ " Unable to resolve host name ");
memcpy((char FAR *)&ulAddress, pHost->h_addr, pHost->h_length);
std::string ipAddrStr;
ipAddrStr = inet_ntoa( *(struct in_addr*)*pHost->h_addr_list);
LOGA ( ( __log_buf, __FUNCTION__ " gethostbyname - ipAddress %s, name %s.\n", ipAddrStr.c_str(), pHost->h_name ) );
// Create the socket.
*s = socket (
PF_INET,
SOCK_STREAM,
0);
if (INVALID_SOCKET == *s)
MyHandleError(__FUNCTION__ " Unable to create socket");
else
LOGA ( ( __log_buf, SSPI_CLIENT " Socket created.\n"));
sin.sin_family = AF_INET;
sin.sin_addr.s_addr = ulAddress;
sin.sin_port = htons (g_usPort);
// Connect to the server.
if (connect (*s, (LPSOCKADDR) &sin, sizeof (sin)))
closesocket (*s);
MyHandleError( __FUNCTION__ " Connect failed ");
LOGA ( ( __log_buf, SSPI_CLIENT " Connection established.\n"));
// Authenticate the connection.
if (!DoAuthentication (*s, pCertName))
closesocket (*s);
MyHandleError( __FUNCTION__ " Authentication ");
LOGA ( ( __log_buf, SSPI_CLIENT " success.\n"));
return(TRUE);
} // end ConnectAuthSocket
BOOL DoAuthentication (SOCKET s, WCHAR * pCertName)
BOOL fDone = FALSE;
DWORD cbOut = 0;
DWORD cbIn = 0;
PBYTE pInBuf;
PBYTE pOutBuf;
if(!(pInBuf = (PBYTE) malloc(MAXMESSAGE)))
MyHandleError( __FUNCTION__ " Memory allocation ");
if(!(pOutBuf = (PBYTE) malloc(MAXMESSAGE)))
MyHandleError( __FUNCTION__ " Memory allocation ");
cbOut = MAXMESSAGE;
LOGA ( ( __log_buf, SSPI_CLIENT " 1st message.\n"));
if (!GenClientContext (
NULL,
0,
pOutBuf,
&cbOut,
&fDone,
pCertName,
&g_hCred,
&g_hCtext
LOGA ( ( __log_buf, SSPI_CLIENT " GenClientContext failed\n"));
return(FALSE);
if (!SendMsg (s, pOutBuf, cbOut ))
MyHandleError(__FUNCTION__ " Send message failed ");
while (!fDone)
if (!ReceiveMsg (
s,
pInBuf,
MAXMESSAGE,
&cbIn))
MyHandleError( __FUNCTION__ " Receive message failed ");
cbOut = MAXMESSAGE;
LOGA ( ( __log_buf, SSPI_CLIENT " Message loop.\n"));
if (!GenClientContext (
pInBuf,
cbIn,
pOutBuf,
&cbOut,
&fDone,
pCertName,
&g_hCred,
&g_hCtext))
MyHandleError( __FUNCTION__ " GenClientContext failed");
if (!SendMsg (
s,
pOutBuf,
cbOut))
MyHandleError( __FUNCTION__ " Send message failed");
LOGA ( ( __log_buf, SSPI_CLIENT " fDone %s.\n", fDone ? "Yes" : "No" ));
if (NULL != pInBuf)
free(pInBuf);
pInBuf = NULL;
if (NULL != pOutBuf)
free(pOutBuf);
pOutBuf = NULL;
LOGA ( ( __log_buf, SSPI_CLIENT " exit.\n"));
return(TRUE);
BOOL GenClientContext (
BYTE *pIn,
DWORD cbIn,
BYTE *pOut,
DWORD *pcbOut,
BOOL *pfDone,
WCHAR *pCertName,
CredHandle *g_hCred,
struct _SecHandle *g_hCtext)
SECURITY_STATUS ss;
TimeStamp Lifetime;
SecBufferDesc OutBuffDesc;
SecBuffer OutSecBuff;
SecBufferDesc InBuffDesc;
SecBuffer InSecBuff[2];
ULONG ContextAttributes;
static TCHAR lpPackageName[1024];
if( NULL == pIn )
wcscpy_s(lpPackageName, 1024 * sizeof(TCHAR), UNISP_NAME );
ss = AcquireCredentialsHandle (
NULL,
lpPackageName,
SECPKG_CRED_OUTBOUND,
NULL,
NULL,
NULL,
NULL,
g_hCred,
&Lifetime);
if (!(SEC_SUCCESS (ss)))
MyHandleError( __FUNCTION__ " AcquireCreds failed ");
// Prepare the buffers.
OutBuffDesc.ulVersion = 0;
OutBuffDesc.cBuffers = 1;
OutBuffDesc.pBuffers = &OutSecBuff;
OutSecBuff.cbBuffer = *pcbOut;
OutSecBuff.BufferType = SECBUFFER_TOKEN;
OutSecBuff.pvBuffer = pOut;
// The input buffer is created only if a message has been received
// from the server.
if (pIn)
LOGA ( ( __log_buf, SSPI_CLIENT " Call InitializeSecurityContext with pIn supplied.\n"));
InBuffDesc.ulVersion = 0;
InBuffDesc.cBuffers = 1;
InBuffDesc.pBuffers = InSecBuff;
InSecBuff[0].cbBuffer = cbIn;
InSecBuff[0].BufferType = SECBUFFER_TOKEN;
InSecBuff[0].pvBuffer = pIn;
InSecBuff[1].pvBuffer = NULL;
InSecBuff[1].cbBuffer = 0;
InSecBuff[1].BufferType = SECBUFFER_EMPTY;
ss = InitializeSecurityContext (
g_hCred,
g_hCtext,
pCertName,
MessageAttribute,
0,
0,
&InBuffDesc,
0,
g_hCtext,
&OutBuffDesc,
&ContextAttributes,
&Lifetime);
else
LOGA ( ( __log_buf, SSPI_CLIENT " Call InitializeSecurityContext with NULL pIn.\n"));
ss = InitializeSecurityContext (
g_hCred,
NULL,
pCertName,
MessageAttribute,
0,
0,
NULL,
0,
g_hCtext,
&OutBuffDesc,
&ContextAttributes,
&Lifetime);
if (!SEC_SUCCESS (ss))
LOGA ( ( __log_buf, SSPI_CLIENT " InitializeSecurityContext failed with error 0x%08x\n", ss));
MyHandleError ( __FUNCTION__ " InitializeSecurityContext failed " );
LOGA ( ( __log_buf, SSPI_CLIENT " InitializeSecurityContext returned 0x%08x\n", ss));
// If necessary, complete the token.
if ((SEC_I_COMPLETE_NEEDED == ss)
|| (SEC_I_COMPLETE_AND_CONTINUE == ss))
ss = CompleteAuthToken (g_hCtext, &OutBuffDesc);
if (!SEC_SUCCESS(ss))
LOGA ( ( __log_buf, SSPI_CLIENT " complete failed: 0x%08x\n", ss));
return FALSE;
*pcbOut = OutSecBuff.cbBuffer;
*pfDone = !((SEC_I_CONTINUE_NEEDED == ss) ||
(SEC_I_COMPLETE_AND_CONTINUE == ss));
LOGA ( ( __log_buf, SSPI_CLIENT " Token buffer generated (%lu bytes):\n", OutSecBuff.cbBuffer));
PrintHexDump (OutSecBuff.cbBuffer, (PBYTE)OutSecBuff.pvBuffer);
return TRUE;
PBYTE DecryptThis(
PBYTE pBuffer,
LPDWORD pcbMessage,
struct _SecHandle *hCtxt)
SECURITY_STATUS ss;
SecBufferDesc BuffDesc;
SecBuffer SecBuff[4];
ULONG ulQop = 0;
// By agreement, the server encrypted the message and set the size
// of the trailer block to be just what it needed. DecryptMessage
// needs the size of the trailer block.
// The size of the trailer is in the first DWORD of the
// message received.
LOGA ( ( __log_buf, SSPI_CLIENT " data before decryption including trailer (%lu bytes):\n",
*pcbMessage));
PrintHexDump (*pcbMessage, (PBYTE) pBuffer);
// Prepare the buffers to be passed to the DecryptMessage function.
BuffDesc.ulVersion = 0;
BuffDesc.cBuffers = 4;
BuffDesc.pBuffers = SecBuff;
SecBuff[0].cbBuffer = *pcbMessage;
SecBuff[0].BufferType = SECBUFFER_DATA;
SecBuff[0].pvBuffer = pBuffer;
SecBuff[1].cbBuffer = 0;
SecBuff[1].BufferType = SECBUFFER_EMPTY;
SecBuff[1].pvBuffer = NULL;
SecBuff[2].cbBuffer = 0;
SecBuff[2].BufferType = SECBUFFER_EMPTY;
SecBuff[2].pvBuffer = NULL;
SecBuff[3].cbBuffer = 0;
SecBuff[3].BufferType = SECBUFFER_EMPTY;
SecBuff[3].pvBuffer = NULL;
ss = DecryptMessage(
hCtxt,
&BuffDesc,
0,
&ulQop);
if (!SEC_SUCCESS(ss))
LOGA ( ( __log_buf, SSPI_CLIENT " DecryptMessage failed with error 0x%08x\n", ss))
else
LOGA ( ( __log_buf, SSPI_CLIENT " DecryptMessage success? Status: 0x%08x\n", ss));
// Return a pointer to the decrypted data. The trailer data
// is discarded.
return pBuffer;
PBYTE VerifyThis(
PBYTE pBuffer,
LPDWORD pcbMessage,
struct _SecHandle *hCtxt,
ULONG cbMaxSignature)
SECURITY_STATUS ss;
SecBufferDesc BuffDesc;
SecBuffer SecBuff[2];
ULONG ulQop = 0;
PBYTE pSigBuffer;
PBYTE pDataBuffer;
// The global cbMaxSignature is the size of the signature
// in the message received.
LOGA ( ( __log_buf, SSPI_CLIENT " data before verifying (including signature):\n"));
PrintHexDump (*pcbMessage, pBuffer);
// By agreement with the server,
// the signature is at the beginning of the message received,
// and the data that was signed comes after the signature.
pSigBuffer = pBuffer;
pDataBuffer = pBuffer + cbMaxSignature;
// The size of the message is reset to the size of the data only.
*pcbMessage = *pcbMessage - (cbMaxSignature);
// Prepare the buffers to be passed to the signature verification
// function.
BuffDesc.ulVersion = 0;
BuffDesc.cBuffers = 2;
BuffDesc.pBuffers = SecBuff;
SecBuff[0].cbBuffer = cbMaxSignature;
SecBuff[0].BufferType = SECBUFFER_TOKEN;
SecBuff[0].pvBuffer = pSigBuffer;
SecBuff[1].cbBuffer = *pcbMessage;
SecBuff[1].BufferType = SECBUFFER_DATA;
SecBuff[1].pvBuffer = pDataBuffer;
ss = VerifySignature(
hCtxt,
&BuffDesc,
0,
&ulQop
if (!SEC_SUCCESS(ss))
LOGA ( ( __log_buf, SSPI_CLIENT " VerifyMessage failed with error 0x%08x\n", ss));
else
LOGA ( ( __log_buf, SSPI_CLIENT " Message was properly signed.\n"));
return pDataBuffer;
} // end VerifyThis
void PrintHexDump(
DWORD length,
PBYTE buffer)
DWORD i,count,index;
CHAR rgbDigits[]="0123456789abcdef";
CHAR rgbLine[100];
char cbLine;
for(index = 0; length;
length -= count, buffer += count, index += count)
count = (length > 16) ? 16:length;
sprintf_s(rgbLine, 100, "%4.4x ",index);
cbLine = 6;
for(i=0;i<count;i++)
rgbLine[cbLine++] = rgbDigits[buffer[i] >> 4];
rgbLine[cbLine++] = rgbDigits[buffer[i] & 0x0f];
if(i == 7)
rgbLine[cbLine++] = ':';
else
rgbLine[cbLine++] = ' ';
for(; i < 16; i++)
rgbLine[cbLine++] = ' ';
rgbLine[cbLine++] = ' ';
rgbLine[cbLine++] = ' ';
rgbLine[cbLine++] = ' ';
for(i = 0; i < count; i++)
if(buffer[i] < 32 || buffer[i] > 126)
rgbLine[cbLine++] = '.';
else
rgbLine[cbLine++] = buffer[i];
rgbLine[cbLine++] = 0;
LOGA ( ( __log_buf, SSPI_CLIENT " %s\n", rgbLine));
BOOL SendMsg (
SOCKET s,
PBYTE pBuf,
DWORD cbBuf)
if (0 == cbBuf)
return(TRUE);
// Send the size of the message.
LOGA ( ( __log_buf, SSPI_CLIENT " %lu bytes\n", cbBuf ));
if (!SendBytes (s, (PBYTE)&cbBuf, sizeof (cbBuf)))
LOGA ( ( __log_buf, SSPI_CLIENT " size failed.\n" ) );
return(FALSE);
// Send the body of the message.
if (!SendBytes (
s,
pBuf,
cbBuf))
LOGA ( ( __log_buf, SSPI_CLIENT " body failed.\n" ) );
return(FALSE);
LOGA ( ( __log_buf, SSPI_CLIENT " success\n" ) );
return(TRUE);
BOOL ReceiveMsg (
SOCKET s,
PBYTE pBuf,
DWORD cbBuf,
DWORD *pcbRead)
DWORD cbRead;
DWORD cbData;
// Receive the number of bytes in the message.
LOGA ( ( __log_buf, SSPI_CLIENT " entry.\n" ));
if (!ReceiveBytes (
s,
(PBYTE)&cbData,
sizeof (cbData),
&cbRead))
return(FALSE);
if (sizeof (cbData) != cbRead)
LOGA ( ( __log_buf, SSPI_CLIENT " failed: size of cbData %lu, bytes %lu\n", sizeof (cbData), cbRead));
return(FALSE);
// Read the full message.
if (!ReceiveBytes (
s,
pBuf,
cbData,
&cbRead))
return(FALSE);
if (cbRead != cbData)
return(FALSE);
*pcbRead = cbRead;
return(TRUE);
} // end ReceiveMessage
BOOL SendBytes (
SOCKET s,
PBYTE pBuf,
DWORD cbBuf)
PBYTE pTemp = pBuf;
int cbSent;
int cbRemaining = cbBuf;
if (0 == cbBuf)
return(TRUE);
while (cbRemaining)
LOGA ( ( __log_buf, SSPI_CLIENT " %lu bytes.\n", cbRemaining ));
cbSent = send (
s,
(const char *)pTemp,
cbRemaining,
0);
if (SOCKET_ERROR == cbSent)
LOGA ( ( __log_buf, SSPI_CLIENT " send failed: 0x%08.8X\n", GetLastError ()));
return FALSE;
pTemp += cbSent;
cbRemaining -= cbSent;
LOGA ( ( __log_buf, SSPI_CLIENT " success\n" ) );
return TRUE;
BOOL ReceiveBytes (
SOCKET s,
PBYTE pBuf,
DWORD cbBuf,
DWORD *pcbRead)
PBYTE pTemp = pBuf;
int cbRead, cbRemaining = cbBuf;
LOGA ( ( __log_buf, SSPI_CLIENT " Entry: %lu bytes.\n", cbRemaining ));
while (cbRemaining)
cbRead = recv (
s,
(char *)pTemp,
cbRemaining,
0);
LOGA ( ( __log_buf, SSPI_CLIENT " %lu bytes remaining.\n", cbRemaining ));
if (0 == cbRead)
break;
if (SOCKET_ERROR == cbRead)
LOGA ( ( __log_buf, SSPI_CLIENT " recv failed: 0x%08.8X\n", GetLastError ()));
return FALSE;
cbRemaining -= cbRead;
pTemp += cbRead;
*pcbRead = cbBuf - cbRemaining;
LOGA ( ( __log_buf, SSPI_CLIENT " success.\n" ));
return TRUE;
} // end ReceiveBytes
void MyHandleError(char *s)
DWORD err = GetLastError();
if (err)
LOGA ( ( __log_buf, SSPI_CLIENT " %s error (0x%08.8X). Exiting.\n",s, err ))
else
LOGA ( ( __log_buf, SSPI_CLIENT " %s error (no error info). Exiting.\n",s ));
exit (EXIT_FAILURE);
Server.cpp
// This is a server-side SSPI Windows Sockets program.
#include "StdAfx.h"
#include <windows.h>
#include <winsock.h>
#include <stdio.h>
#include <stdlib.h>
#include "Sspiexample.h"
#include <iostream>
CredHandle g_hcred;
struct _SecHandle g_hctxt;
static PBYTE g_pInBuf = NULL;
static PBYTE g_pOutBuf = NULL;
static DWORD g_cbMaxMessage;
static TCHAR g_lpPackageName[1024];
BOOL AcceptAuthSocket (SOCKET *ServerSocket, std::string certThumb );
#define SSPI_SERVER "SChannelServer:" __FUNCTION__
void main (int argc, char * argv[])
CHAR pMessage[200];
DWORD cbMessage;
PBYTE pDataToClient = NULL;
DWORD cbDataToClient = 0;
PWCHAR pUserName = NULL;
DWORD cbUserName = 0;
SOCKET Server_Socket;
WSADATA wsaData;
SECURITY_STATUS ss;
PSecPkgInfo pkgInfo;
SecPkgContext_StreamSizes SecPkgSizes;
SecPkgContext_PackageInfo SecPkgPkgInfo;
ULONG cbMaxMessage;
ULONG cbHeader;
ULONG cbTrailer;
std::string certThumb;
// Create a certificate if no thumbprint is supplied. Otherwise, use the provided
// thumbprint to find the certificate.
if ( (argc > 1) && (strlen( argv[1]) > 0) )
certThumb.assign(argv[1]);
else
LOGA( ( __log_buf, SSPI_SERVER " : No certificate thumbprint supplied.\n") );
LOGA( ( __log_buf, SSPI_SERVER " : Press ENTER to create a certificate, or abort and start over with a thumbprint.\n") );
std::cin.get();
certThumb.clear();
Insert code to find or create X.509 certificate.
// Set the default package to SChannel.
wcscpy_s(g_lpPackageName, 1024 * sizeof(TCHAR), UNISP_NAME);
// Initialize the socket interface and the security package.
if( WSAStartup (0x0101, &wsaData))
LOGA ( ( __log_buf, SSPI_SERVER " Could not initialize winsock: \n") );
cleanup();
ss = QuerySecurityPackageInfo (
g_lpPackageName,
&pkgInfo);
if (!SEC_SUCCESS(ss))
LOGA ( ( __log_buf, SSPI_SERVER " Could not query package info for %s, error 0x%08x\n",
g_lpPackageName, ss) );
cleanup();
g_cbMaxMessage = pkgInfo->cbMaxToken;
FreeContextBuffer(pkgInfo);
g_pInBuf = (PBYTE) malloc (g_cbMaxMessage);
g_pOutBuf = (PBYTE) malloc (g_cbMaxMessage);
if (NULL == g_pInBuf || NULL == g_pOutBuf)
LOGA ( ( __log_buf, SSPI_SERVER " Memory allocation error.\n"));
cleanup();
// Start looping for clients.
while(TRUE)
LOGA ( ( __log_buf, SSPI_SERVER " Waiting for client to connect...\n"));
// Make an authenticated connection with client.
if (!AcceptAuthSocket (&Server_Socket, certThumb ))
LOGA ( ( __log_buf, SSPI_SERVER " Could not authenticate the socket.\n"));
cleanup();
ss = QueryContextAttributes(
&g_hctxt,
SECPKG_ATTR_STREAM_SIZES,
&SecPkgSizes );
if (!SEC_SUCCESS(ss))
LOGA ( ( __log_buf, SSPI_SERVER " failed: 0x%08x\n", ss));
exit(1);
// The following values are used for encryption and signing.
cbMaxMessage = SecPkgSizes.cbMaximumMessage;
cbHeader = SecPkgSizes.cbHeader;
cbTrailer = SecPkgSizes.cbTrailer;
LOGA ( ( __log_buf, SSPI_SERVER " cbHeader %u, cbMaxMessage %u, cbTrailer %u\n", cbHeader, cbMaxMessage, cbTrailer ));
ss = QueryContextAttributes(
&g_hctxt,
SECPKG_ATTR_PACKAGE_INFO,
&SecPkgPkgInfo );
if (!SEC_SUCCESS(ss))
LOGA ( ( __log_buf, SSPI_SERVER " failed: 0x%08x\n", ss));
exit(1);
else
LOGA ( ( __log_buf, SSPI_SERVER " Package Name: %ls\n", SecPkgPkgInfo.PackageInfo->Name));
// Free the allocated buffer.
FreeContextBuffer(SecPkgPkgInfo.PackageInfo);
// Send the client an encrypted message.
strcpy_s(pMessage, sizeof(pMessage),
TEST_MSG);
cbMessage = (DWORD)strlen(pMessage);
EncryptThis (
(PBYTE) pMessage,
cbMessage,
&pDataToClient,
&cbDataToClient,
cbHeader,
cbTrailer);
// Send the encrypted data to client.
if (!SendBytes(
Server_Socket,
pDataToClient,
cbDataToClient))
LOGA ( ( __log_buf, SSPI_SERVER " send message failed. \n"));
cleanup();
LOGA ( ( __log_buf, SSPI_SERVER " %d encrypted bytes sent. \n", cbDataToClient));
if (Server_Socket)
DeleteSecurityContext (&g_hctxt);
FreeCredentialHandle (&g_hcred);
shutdown (Server_Socket, 2) ;
closesocket (Server_Socket);
Server_Socket = 0;
if (pUserName)
free (pUserName);
pUserName = NULL;
cbUserName = 0;
if(pDataToClient)
free (pDataToClient);
pDataToClient = NULL;
cbDataToClient = 0;
} // end while loop
LOGA ( ( __log_buf, SSPI_SERVER " Server ran to completion without error.\n"));
cleanup();
} // end main
BOOL AcceptAuthSocket (SOCKET *ServerSocket, std::string certThumb )
SOCKET sockListen;
SOCKET sockClient;
SOCKADDR_IN sockIn;
// Create listening socket.
sockListen = socket (
PF_INET,
SOCK_STREAM,
0);
if (INVALID_SOCKET == sockListen)
LOGA ( ( __log_buf, SSPI_SERVER " Failed to create socket: %u\n", GetLastError ()));
return(FALSE);
// Bind to local port.
sockIn.sin_family = AF_INET;
sockIn.sin_addr.s_addr = 0;
sockIn.sin_port = htons(usPort);
if (SOCKET_ERROR == bind (
sockListen,
(LPSOCKADDR) &sockIn,
sizeof (sockIn)))
LOGA ( ( __log_buf, SSPI_SERVER " bind failed: %u\n", GetLastError ()));
return(FALSE);
// Listen for client.
if (SOCKET_ERROR == listen (sockListen, 1))
LOGA ( ( __log_buf, SSPI_SERVER " Listen failed: %u\n", GetLastError ()));
return(FALSE);
else
LOGA ( ( __log_buf, SSPI_SERVER " Listening ! \n"));
// Accept client.
sockClient = accept (
sockListen,
NULL,
NULL);
if (INVALID_SOCKET == sockClient)
LOGA ( ( __log_buf, SSPI_SERVER " accept failed: %u\n",GetLastError() ) );
return(FALSE);
closesocket (sockListen);
*ServerSocket = sockClient;
return(DoAuthentication (sockClient, certThumb ));
} // end AcceptAuthSocket
BOOL DoAuthentication (SOCKET AuthSocket, std::string certThumb )
SECURITY_STATUS ss;
DWORD cbIn, cbOut;
BOOL done = FALSE;
TimeStamp Lifetime;
BOOL fNewConversation;
fNewConversation = TRUE;
PCCERT_CONTEXT pCertCtxt;
Insert code to retrieve pCertCtxt
// Build SCHANNEL_CRED structure to hold CERT_CONTEXT for call to AcquireCredentialsHandle
SCHANNEL_CRED credSchannel = {0};
credSchannel.dwVersion = SCHANNEL_CRED_VERSION;
credSchannel.grbitEnabledProtocols = SP_PROT_SSL2_SERVER | SP_PROT_TLS1_SERVER;
credSchannel.cCreds = 1;
credSchannel.paCred = &pCertCtxt;
ss = AcquireCredentialsHandle (
NULL, //pszPrincipal
g_lpPackageName, //pszPackage
SECPKG_CRED_INBOUND, //fCredentialuse
NULL, //pvLogonID
&credSchannel, //pAuthData - need SCHANNEL_CRED structure that indicates the protocol to use and the settings for various customizable channel features.
NULL, //pGetKeyFn
NULL, //pvGetKeyArgument
&g_hcred, //phCredential
&Lifetime); //ptsExpiry
if (!SEC_SUCCESS (ss))
LOGA ( ( __log_buf, SSPI_SERVER " AcquireCreds failed: 0x%08x\n", ss));
return(FALSE);
while(!done)
if (!ReceiveMsg (
AuthSocket,
g_pInBuf,
g_cbMaxMessage,
&cbIn))
return(FALSE);
cbOut = g_cbMaxMessage;
if (!GenServerContext (
g_pInBuf,
cbIn,
g_pOutBuf,
&cbOut,
&done,
fNewConversation))
LOGA ( ( __log_buf, SSPI_SERVER " GenServerContext failed.\n"));
return(FALSE);
fNewConversation = FALSE;
if (!SendMsg (
AuthSocket,
g_pOutBuf,
cbOut))
LOGA ( ( __log_buf, SSPI_SERVER " Send message failed.\n"));
return(FALSE);
return(TRUE);
} // end DoAuthentication
BOOL GenServerContext (
BYTE *pIn,
DWORD cbIn,
BYTE *pOut,
DWORD *pcbOut,
BOOL *pfDone,
BOOL fNewConversation)
SECURITY_STATUS ss;
TimeStamp Lifetime;
SecBufferDesc OutBuffDesc;
SecBuffer OutSecBuff;
SecBufferDesc InBuffDesc;
SecBuffer InSecBuff;
ULONG Attribs = 0;
// Prepare output buffers.
OutBuffDesc.ulVersion = 0;
OutBuffDesc.cBuffers = 1;
OutBuffDesc.pBuffers = &OutSecBuff;
OutSecBuff.cbBuffer = *pcbOut;
OutSecBuff.BufferType = SECBUFFER_TOKEN;
OutSecBuff.pvBuffer = pOut;
// Prepare input buffers.
InBuffDesc.ulVersion = 0;
InBuffDesc.cBuffers = 1;
InBuffDesc.pBuffers = &InSecBuff;
InSecBuff.cbBuffer = cbIn;
InSecBuff.BufferType = SECBUFFER_TOKEN;
InSecBuff.pvBuffer = pIn;
LOGA ( ( __log_buf, SSPI_SERVER " Token buffer received (%lu bytes):\n", InSecBuff.cbBuffer));
PrintHexDump (InSecBuff.cbBuffer, (PBYTE)InSecBuff.pvBuffer);
ss = AcceptSecurityContext (
&g_hcred,
fNewConversation ? NULL : &g_hctxt,
&InBuffDesc,
Attribs,
SECURITY_NATIVE_DREP,
&g_hctxt,
&OutBuffDesc,
&Attribs,
&Lifetime);
if (!SEC_SUCCESS (ss))
LOGA ( ( __log_buf, SSPI_SERVER " AcceptSecurityContext failed: 0x%08x\n", ss));
OutputDebugStringA( "." );
return FALSE;
// Complete token if applicable.
if ((SEC_I_COMPLETE_NEEDED == ss)
|| (SEC_I_COMPLETE_AND_CONTINUE == ss))
ss = CompleteAuthToken (&g_hctxt, &OutBuffDesc);
if (!SEC_SUCCESS(ss))
LOGA ( ( __log_buf, SSPI_SERVER " complete failed: 0x%08x\n", ss));
OutputDebugStringA( "." );
return FALSE;
*pcbOut = OutSecBuff.cbBuffer;
// fNewConversation equals FALSE.
LOGA ( ( __log_buf, SSPI_SERVER " Token buffer generated (%lu bytes):\n",
OutSecBuff.cbBuffer));
PrintHexDump (
OutSecBuff.cbBuffer,
(PBYTE)OutSecBuff.pvBuffer);
*pfDone = !((SEC_I_CONTINUE_NEEDED == ss)
|| (SEC_I_COMPLETE_AND_CONTINUE == ss));
LOGA ( ( __log_buf, SSPI_SERVER " AcceptSecurityContext result = 0x%08x\n", ss));
return TRUE;
} // end GenServerContext
BOOL EncryptThis (
PBYTE pMessage,
ULONG cbMessage,
BYTE ** ppOutput,
ULONG * pcbOutput,
ULONG cbHeader,
ULONG cbTrailer)
SECURITY_STATUS ss;
SecBufferDesc BuffDesc;
SecBuffer SecBuff[4];
ULONG ulQop = 0;
// The size of the trailer (signature + padding) block is
// determined from the global cbSecurityTrailer.
LOGA ( ( __log_buf, SSPI_SERVER " Data before encryption: %s\n", pMessage));
LOGA ( ( __log_buf, SSPI_SERVER " Length of data before encryption: %d \n",cbMessage));
// Prepare buffers.
BuffDesc.ulVersion = 0;
BuffDesc.cBuffers = 4;
BuffDesc.pBuffers = SecBuff;
PBYTE pHeader;
pHeader = (PBYTE) malloc (cbHeader);
SecBuff[0].cbBuffer = cbHeader;
SecBuff[0].BufferType = SECBUFFER_STREAM_HEADER;
SecBuff[0].pvBuffer = pHeader;
SecBuff[1].cbBuffer = cbMessage;
SecBuff[1].BufferType = SECBUFFER_DATA;
SecBuff[1].pvBuffer = pMessage;
PBYTE pTrailer;
pTrailer = (PBYTE) malloc (cbTrailer);
SecBuff[2].cbBuffer = cbTrailer;
SecBuff[2].BufferType = SECBUFFER_STREAM_TRAILER;
SecBuff[2].pvBuffer = pTrailer;
SecBuff[3].cbBuffer = 0;
SecBuff[3].BufferType = SECBUFFER_EMPTY;
SecBuff[3].pvBuffer = NULL;
ss = EncryptMessage(
&g_hctxt,
ulQop,
&BuffDesc,
0);
if (!SEC_SUCCESS(ss))
LOGA ( ( __log_buf, SSPI_SERVER " EncryptMessage failed: 0x%08x\n", ss));
return(FALSE);
else
LOGA ( ( __log_buf, SSPI_SERVER " The message has been encrypted. \n"));
// Allocate a buffer to hold the encrypted data constructed from the 3 buffers.
*pcbOutput = cbHeader + cbMessage + cbTrailer;
* ppOutput = (PBYTE) malloc (*pcbOutput);
memset (*ppOutput, 0, *pcbOutput);
memcpy (*ppOutput, pHeader, cbHeader);
memcpy (*ppOutput + cbHeader, pMessage, cbMessage);
memcpy (*ppOutput + cbHeader + cbMessage, pTrailer, cbTrailer);
LOGA ( ( __log_buf, SSPI_SERVER " data after encryption including trailer (%lu bytes):\n",
*pcbOutput));
PrintHexDump (*pcbOutput, *ppOutput);
return TRUE;
} // end EncryptThis
void PrintHexDump(DWORD length, PBYTE buffer)
DWORD i,count,index;
CHAR rgbDigits[]="0123456789abcdef";
CHAR rgbLine[100];
char cbLine;
for(index = 0; length;
length -= count, buffer += count, index += count)
count = (length > 16) ? 16:length;
sprintf_s(rgbLine, 100, "%4.4x ",index);
cbLine = 6;
for(i=0;i<count;i++)
rgbLine[cbLine++] = rgbDigits[buffer[i] >> 4];
rgbLine[cbLine++] = rgbDigits[buffer[i] & 0x0f];
if(i == 7)
rgbLine[cbLine++] = ':';
else
rgbLine[cbLine++] = ' ';
for(; i < 16; i++)
rgbLine[cbLine++] = ' ';
rgbLine[cbLine++] = ' ';
rgbLine[cbLine++] = ' ';
rgbLine[cbLine++] = ' ';
for(i = 0; i < count; i++)
if(buffer[i] < 32 || buffer[i] > 126)
rgbLine[cbLine++] = '.';
else
rgbLine[cbLine++] = buffer[i];
rgbLine[cbLine++] = 0;
LOGA ( ( __log_buf, SSPI_SERVER " %s\n", rgbLine));
} // end PrintHexDump
BOOL SendMsg (
SOCKET s,
PBYTE pBuf,
DWORD cbBuf)
LOGA ( ( __log_buf, SSPI_SERVER " %lu bytes\n", cbBuf ));
if (0 == cbBuf)
return(TRUE);
// Send the size of the message.
if (!SendBytes (
s,
(PBYTE)&cbBuf,
sizeof (cbBuf)))
return(FALSE);
// Send the body of the message.
if (!SendBytes (
s,
pBuf,
cbBuf))
return(FALSE);
return(TRUE);
} // end SendMsg
BOOL ReceiveMsg (
SOCKET s,
PBYTE pBuf,
DWORD cbBuf,
DWORD *pcbRead)
DWORD cbRead;
DWORD cbData;
LOGA ( ( __log_buf, SSPI_SERVER " %lu bytes\n", cbBuf ));
// Retrieve the number of bytes in the message.
if (!ReceiveBytes (
s,
(PBYTE)&cbData,
sizeof (cbData),
&cbRead))
LOGA ( ( __log_buf, SSPI_SERVER " ReceiveBytes failed retrieving byte count.\n", cbBuf ));
return(FALSE);
if (sizeof (cbData) != cbRead)
LOGA ( ( __log_buf, SSPI_SERVER " Error: buffer size (%lu) differs from reported size (%lu)\n", sizeof(cbData), cbRead ));
return(FALSE);
// Read the full message.
if (!ReceiveBytes (
s,
pBuf,
cbData,
&cbRead))
LOGA ( ( __log_buf, SSPI_SERVER " ReceiveBytes failed.\n", cbBuf ));
return(FALSE);
if (cbRead != cbData)
LOGA ( ( __log_buf, SSPI_SERVER " Error: buffer bytes (%lu) differs from reported bytes (%lu)\n", cbData, cbRead ));
return(FALSE);
*pcbRead = cbRead;
return(TRUE);
} // end ReceiveMsg
BOOL SendBytes (
SOCKET s,
PBYTE pBuf,
DWORD cbBuf)
PBYTE pTemp = pBuf;
int cbSent, cbRemaining = cbBuf;
LOGA ( ( __log_buf, SSPI_SERVER " %lu bytes\n", cbBuf ));
if (0 == cbBuf)
return(TRUE);
while (cbRemaining)
cbSent = send (
s,
(const char *)pTemp,
cbRemaining,
0);
if (SOCKET_ERROR == cbSent)
LOGA ( ( __log_buf, SSPI_SERVER " send failed: %u\n", GetLastError ()));
return FALSE;
LOGA ( ( __log_buf, SSPI_SERVER " %lu bytes sent\n", cbSent ));
pTemp += cbSent;
cbRemaining -= cbSent;
return TRUE;
} // end SendBytes
BOOL ReceiveBytes (
SOCKET s,
PBYTE pBuf,
DWORD cbBuf,
DWORD *pcbRead)
PBYTE pTemp = pBuf;
int cbRead, cbRemaining = cbBuf;
LOGA ( ( __log_buf, SSPI_SERVER " %lu bytes\n", cbBuf ));
while (cbRemaining)
cbRead = recv (
s,
(char *)pTemp,
cbRemaining,
0);
if (0 == cbRead)
break;
if (SOCKET_ERROR == cbRead)
LOGA ( ( __log_buf, SSPI_SERVER " recv failed: %u\n", GetLastError () ) );
return FALSE;
cbRemaining -= cbRead;
pTemp += cbRead;
*pcbRead = cbBuf - cbRemaining;
return TRUE;
} // end ReceivesBytes
void cleanup()
if (g_pInBuf)
free (g_pInBuf);
g_pInBuf = NULL;
if (g_pOutBuf)
free (g_pOutBuf);
g_pOutBuf = NULL;
WSACleanup ();
exit(0);
SspiExample.h
// SspiExample.h
#include <schnlsp.h>
#include <sspi.h>
#include <windows.h>
#include <string>
BOOL SendMsg (SOCKET s, PBYTE pBuf, DWORD cbBuf);
BOOL ReceiveMsg (SOCKET s, PBYTE pBuf, DWORD cbBuf, DWORD *pcbRead);
BOOL SendBytes (SOCKET s, PBYTE pBuf, DWORD cbBuf);
BOOL ReceiveBytes (SOCKET s, PBYTE pBuf, DWORD cbBuf, DWORD *pcbRead);
void cleanup();
BOOL GenClientContext (
BYTE *pIn,
DWORD cbIn,
BYTE *pOut,
DWORD *pcbOut,
BOOL *pfDone,
WCHAR *pCertName,
CredHandle *hCred,
PSecHandle phCtext
BOOL GenServerContext (
BYTE *pIn,
DWORD cbIn,
BYTE *pOut,
DWORD *pcbOut,
BOOL *pfDone,
BOOL fNewCredential
BOOL EncryptThis (
PBYTE pMessage,
ULONG cbMessage,
BYTE ** ppOutput,
LPDWORD pcbOutput,
ULONG cbHeader,
ULONG cbTrailer
PBYTE DecryptThis(
PBYTE achData,
LPDWORD pcbMessage,
struct _SecHandle *hCtxt
BOOL
SignThis (
PBYTE pMessage,
ULONG cbMessage,
BYTE ** ppOutput,
LPDWORD pcbOutput
PBYTE VerifyThis(
PBYTE pBuffer,
LPDWORD pcbMessage,
struct _SecHandle *hCtxt,
ULONG cbMaxSignature
void PrintHexDump(DWORD length, PBYTE buffer);
BOOL ConnectAuthSocket (
SOCKET *s,
CredHandle *hCred,
PSecHandle phCtext,
char * pServer,
WCHAR * pCertName
BOOL CloseAuthSocket (SOCKET s);
BOOL DoAuthentication (SOCKET s, WCHAR * pCertName );
BOOL DoAuthentication (SOCKET s, std::string certThumb );
void MyHandleError(char *s);
#define DBG_SIZE 1024
int OutputDebug( char buff[DBG_SIZE] )
int retval;
char debugstring[DBG_SIZE+32];
retval = _snprintf_s( debugstring, DBG_SIZE+32, _TRUNCATE, " %s", buff );
OutputDebugStringA( debugstring );
return retval;
int DbgBufCopy( char *buff, const char *format, ...)
int iLen;
va_list args;
/// Call va_start to start the variable list
va_start(args, format);
/// Call _vsnprintf_s to copy debug information to the buffer
iLen = _vsnprintf_s(buff, DBG_SIZE, _TRUNCATE, format, args);
/// Call va_end to end the variable list
va_end(args);
return iLen;
#define LOGA(_format_and_args_)\
{ char __log_buf[DBG_SIZE];\
DbgBufCopy _format_and_args_;\
printf("%s", __log_buf );\
OutputDebug(__log_buf);\
#define TEST_MSG "This is your server speaking"
My initial attempt built an SCHANNEL_CRED structure following the documentation to set
grbitEnabledProtocols to 0, and let SChannel select the protocol. This worked on Windows 7, selecting TLS1. When I ran the same exe-s on 2008 R2, the Client program failed, with InitializeSecurityContext returning SEC_E_DECRYPT_FAILURE.
The failure occurred on the 2nd call, using phNewContext returned on the first call.
My next attempt set grbitEnabledProtocols to SP_PROT_TLS1_SERVER. This also worked on Win 7, but 2008R2 failed again, this time on the Server side. AcceptSecurityContext failed, returning SEC_E_ALGORITHM_MISMATCH.
TLS is a requirement for my project, but to try getting the sample to run, I next set grbitEnabledProtocols to SP_PROT_SSL2_SERVER. This did work for 2008R2, selecting SSL2, but now the Server failed on Win7 with AcceptSecurityContext returning
SEC_E_ALGORITHM_MISMATCH.
My final try was to set grbitEnabledProtocols to SP_PROT_TLS1_SERVER | SP_PROT_SSL2_SERVER, but that failed identically to the first case, with the Client on 2008R2 returning SEC_E_DECRYPT_FAILURE.
So my question is - What is required to get SChannel to select TLS regardless of the Windows version on which the programs are running?Thank you for the reference. That did provide the information I needed to get TLS working. However, the documentation is not accurate with regard to setting the registry keys and values.
The tables all show DisabledByDefault as a subkey under the protocol. They also describe a DWORD value, Enabled, as the mechanism to enable/disable a protocol.
What I found is DisabledByDefault is a DWORD value under Client/Server and it appears to be the determining factor to whether a protocol is enabled/disabled.
The only way I was able to get TLS 1.1 working is with the following path present:
HKLM SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client
Under Client, I must have DisabledByDefault set to 0. With that, the Enabled value does not need to be present.
This held true for any level of TLS.
I also found the setting of grbitEnabledProtocols in the SCHANNEL_CRED structure to be misleading. From the description at
https://msdn.microsoft.com/en-us/library/windows/desktop/aa379810(v=vs.85).aspx, I thought my Server program could set this field to 0, and SChannel would select the protocol as directed by the registry. What I found is that the structure flag must
agree with the registry setting for TLS to work. That is with the resgistry key above for TLS 1.1, I must set grbitEnabledProtocols to SP_PROT_TLS1_1.
Can you confirm the relationship between the SCHANNEL_CRED contents and registry state? -
Blackberry Internet Service Failure
I am trying to setup the Blackberry Internet Service to access my email server to obviously forward those emails to my Blackberry. Using the web service, I attempt to add my email account, but it always fails with this error: "An error occurred while validating your login. Please check your user name and password." Now I know after numerous attempts that at least one of the times I had to enter that info correctly. This will be followed by an email from the Blackberry server to my email address containing the settings I used. I have my .Mac and ISP emails working with my Blackberry without a problem.
I'll admit I'm an amateur at this, so any help would be greatly appreciated. Thanks in advance.
Eric
Additional info:
SMTP Log
Apr 10 21:49:42 powermacg4 postfix/smtpd[11243]: connect from smtp04.bis.na.blackberry.com[216.9.248.51]
Apr 10 21:49:42 powermacg4 postfix/smtpd[11243]: 2CE95146D76: client=smtp04.bis.na.blackberry.com[216.9.248.51]
Apr 10 21:49:42 powermacg4 postfix/cleanup[11245]: 2CE95146D76: message-id=<[email protected]be rry>
Apr 10 21:49:42 powermacg4 postfix/qmgr[1610]: 2CE95146D76: from=<[email protected]>, size=3440, nrcpt=1 (queue active)
Apr 10 21:49:47 powermacg4 postfix/smtpd[11243]: disconnect from smtp04.bis.na.blackberry.com[216.9.248.51]
Mailaccess Log
Apr 10 21:48:40 powermacg4 imaps[11212]: starttls: SSLv3 with cipher RC4-MD5 (128/128 bits new) no authentication
Apr 10 21:48:40 powermacg4 imaps[11231]: starttls: SSLv3 with cipher RC4-MD5 (128/128 bits new) no authentication
Apr 10 21:48:41 powermacg4 imaps[11232]: starttls: SSLv3 with cipher RC4-MD5 (128/128 bits new) no authentication
Apr 10 21:48:41 powermacg4 imaps[11233]: starttls: SSLv3 with cipher RC4-MD5 (128/128 bits new) no authentication
Apr 10 21:49:41 powermacg4 imaps[11212]: starttls: SSLv3 with cipher RC4-MD5 (128/128 bits new) no authentication
postconf -n
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
debugpeerlevel = 2
enableserveroptions = yes
html_directory = no
inet_interfaces = all
localrecipientmaps =
luser_relay = postmaster
mail_owner = postfix
mailboxsizelimit = 0
mailbox_transport = cyrus
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
messagesizelimit = 52428800
mydestination = $myhostname,localhost.$mydomain,$mydomain, localhost,mail.xxxxxxx.us,XX.YY.ZZ.106
mydomain = xxxxxxx.us
mydomain_fallback = localhost
myhostname = mail.xxxxxxx.us
mynetworks = 127.0.0.1/32,XX.YY.ZZ.106,192.168.225.192/26,XX.YY.ZZ.143,bis.na.blackberry.com
mynetworks_style = host
newaliases_path = /usr/bin/newaliases
queue_directory = /private/var/spool/postfix
readme_directory = /usr/share/doc/postfix
sample_directory = /usr/share/doc/postfix/examples
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpddatarestrictions = permit_mynetworks, rejectunauthpipelining, permit
smtpdenforcetls = no
smtpdhelorequired = yes
smtpdhelorestrictions = permitsaslauthenticated, permit_mynetworks, checkheloaccess hash:/etc/postfix/helo_access, rejectnon_fqdnhostname, rejectinvalidhostname, permit
smtpdpw_server_securityoptions = cram-md5,gssapi
smtpdrecipientrestrictions = rejectinvalidhostname, rejectnon_fqdnsender, rejectnon_fqdnrecipient, permitsaslauthenticated, permit_mynetworks, rejectunauthdestination, rejectunlistedrecipient, permit
smtpdsasl_authenable = yes
smtpdsenderrestrictions = permitsaslauthenticated, permit_mynetworks, rejectnon_fqdnsender, permit
smtpdtlsCAfile = /etc/certificates/powermacg4.xxxxxxx.us.chcrt
smtpdtls_certfile = /etc/certificates/powermacg4.xxxxxxx.us.crt
smtpdtls_keyfile = /etc/certificates/powermacg4.xxxxxxx.us.key
smtpduse_pwserver = yes
smtpdusetls = yes
unknownlocal_recipient_rejectcode = 550
PowerMac G5 2GHz DP Mac OS X (10.4.9) PowerMac G4 DP ServerUptimeJeff,
Thank you for the prompt reply. I will post my IMAP config tomorrow when I am home. As far as the authentication goes, it appears that BB is using RC4-MD5. Am I correct? There is no way to change that on the BB end as far as I know. Can the OS X mailserver use RC4-MD5? Currently I have only Kerberos and CRAM-MD5 enabled.
Eric -
E-mail is marked as phishing attempt
Hi.
We have an issue that some e-mails from our internal system that are sent through Rackspace Exchange are marked in Outlook 2007 as phishing attempts. Could you please advice me why? The header from one of such "phishing" e-mails is:
Received: from smtp30.relay.dfw1a.emailsrvr.com (172.26.0.1) by
ORD2HUB13.mex05.mlsrvr.com (172.26.1.43) with Microsoft SMTP Server (TLS) id
14.3.169.1; Tue, 29 Jul 2014 09:27:43 -0500
Received: from smtp30.relay.dfw1a.emailsrvr.com (localhost.localdomain
[127.0.0.1]) by smtp30.relay.dfw1a.emailsrvr.com (SMTP Server) with ESMTP id
A371B180196 for ; Tue, 29 Jul 2014 10:27:43 -0400 (EDT)
X-SMTPDoctor-Processed: csmtpprox 2.7.1
Received: from localhost (localhost.localdomain [127.0.0.1]) by
smtp30.relay.dfw1a.emailsrvr.com (SMTP Server) with ESMTP id 9DA1E1801B5 for
; Tue, 29 Jul 2014 10:27:43 -0400 (EDT)
X-Virus-Scanned: OK
Received: by smtp30.relay.dfw1a.emailsrvr.com (Authenticated sender:
it-support-AT-eddocs.com) with ESMTPSA id 355081801BB for ;
Tue, 29 Jul 2014 10:27:43 -0400 (EDT)
X-Sender-Id: [email protected]
Received: from webhelpdesk.eddocs.local
(67-198-51-60.static.grandenetworks.net [67.198.51.60]) (using TLSv1 with
cipher RC4-MD5) by 0.0.0.0:465 (trex/5.2.10); Tue, 29 Jul 2014 14:27:43 GMT
Date: Tue, 29 Jul 2014 14:27:42 +0000
From: IT Support
To: Nick Kallinikos
Message-ID:
Subject: Ticket 265 Open --> test July 29 2014: test
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_3_677929052.1406644062228"
X-Mailer: Web Help Desk
X-Auto-Generated: Web Help Desk
Precedence: bulk
X-Loop: WebHelpDesk-secure.emailsrvr.com
Return-Path: [email protected]
X-MS-Exchange-Organization-AuthSource: ORD2HUB13.mex05.mlsrvr.com
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Exchange-Organization-AVStamp-Mailbox: SMEXtG}w;1094900;0;This mail has
been scanned by Trend Micro ScanMail for Microsoft Exchange;
X-MS-Exchange-Organization-SCL: 0
Thanx, Stepan.Hi Stepan,
Please try to add the sending addresses to the Outlook safe senders list and see if it works.
A similar issue was discussed here, you might want to have a look and see if the info provided by MVP <Brian> in it is helpful to you:
http://social.technet.microsoft.com/Forums/en-US/f509e8ef-ca02-4050-a31f-4c9a45c4ab17/internal-mails-are-receiving-as-phishing?forum=exchangesvrgeneral
Regards,
Ethan Hua
TechNet Community Support
It's recommended to download and install
Configuration Analyzer Tool (OffCAT), which is developed by Microsoft Support teams. Once the tool is installed, you can run it at any time to scan for hundreds of known issues in Office
programs. -
How to use Message FIlter to log postfix authenticated sender header
I'm trying to log the username from the postfix authenticated sender header information.
Here is an example of the header:
Received: from [123.123.123.123] (client.domain.edu [234.234.234.234])
(using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client
certificate requested) (Authenticated sender: [email protected]) by
postfix.domain.edu (Postfix) with ESMTPSA id DE8A3E9429 for
<[email protected]>; Thu, 12 Jun 2014 12:16:56 -0700 (PDT)
And here is the message filter I'm working on:
if (recv-int == "OutboundIP") {
if(header('Received') == '\\(Authenticated sender: .+@ad\\.domain\\.edu\\)') {
log-entry("Authenticated Sender: '$MatchedContent'");
Everything is working except for the $MatchedContent variable. It is creating the custom log entry but it is only showing as "Authenticated Sender: "
Does anyone have any ideas on how to get the $MatchedContent variable to work or another way to log that username?Try taking out the ' from around your '$MatchedContent'...
My example:
dictionary_match:
if (dictionary-match('not_allowed_words')){
edit-header-text ("Subject", "^", "Notice Content Matched on: $MatchedContent");
log-entry("#---# This email had: $MatchedContent #---#");
notify('[email protected]');
Sent an email with a known "secret" in the email body... and "secret" is in my "not_allowed_words" dictionary... so it'll trip my "dictionary_match" message filter...
Mail logs --->
Thu Jun 12 23:10:46 2014 Info: New SMTP ICID 181 interface Management (172.16.6.165) address 172.16.6.1 reverse dns host unknown verified no
Thu Jun 12 23:10:46 2014 Info: ICID 181 ACCEPT SG UNKNOWNLIST match sbrs[none] SBRS rfc1918
Thu Jun 12 23:10:46 2014 Info: Start MID 105 ICID 181
Thu Jun 12 23:10:46 2014 Info: MID 105 ICID 181 From: <[email protected]>
Thu Jun 12 23:10:46 2014 Info: MID 105 ICID 181 RID 0 To: <[email protected]>
Thu Jun 12 23:10:46 2014 Info: MID 105 Message-ID '<[email protected]>'
Thu Jun 12 23:10:46 2014 Info: MID 105 Subject 'This email has an issue'
Thu Jun 12 23:10:46 2014 Info: MID 105 ready 561 bytes from <[email protected]>
Thu Jun 12 23:10:46 2014 Info: MID 105 Custom Log Entry: #---# This email had: secret #---#
Thu Jun 12 23:10:46 2014 Info: Start MID 106 ICID 0
Thu Jun 12 23:10:46 2014 Info: MID 106 was generated based on MID 105 by notify filter 'dictionary_match'
Thu Jun 12 23:10:46 2014 Info: MID 106 ICID 0 From: <[email protected]>
Thu Jun 12 23:10:46 2014 Info: MID 106 ICID 0 RID 0 To: <[email protected]>
Thu Jun 12 23:10:46 2014 Info: MID 106 DomainKeys: cannot sign - no profile matches [email protected]
Thu Jun 12 23:10:46 2014 Info: MID 106 DKIM: cannot sign - no profile matches [email protected]
Thu Jun 12 23:10:46 2014 Info: MID 106 ready 970 bytes from <[email protected]>
Thu Jun 12 23:10:46 2014 Info: MID 106 queued for delivery
Thu Jun 12 23:10:46 2014 Info: MID 105 matched all recipients for per-recipient policy mygmail_inbound in the inbound table
Thu Jun 12 23:10:46 2014 Info: MID 105 queued for delivery
Thu Jun 12 23:10:46 2014 Info: New SMTP DCID 53 interface 172.16.6.165 address 173.36.13.143 port 25
Thu Jun 12 23:10:46 2014 Info: New SMTP DCID 54 interface 172.16.6.165 address 173.36.13.143 port 25
Thu Jun 12 23:10:46 2014 Info: Delivery start DCID 54 MID 105 to RID [0]
Thu Jun 12 23:10:47 2014 Info: DCID 53 TLS success protocol TLSv1 cipher RC4-SHA
Thu Jun 12 23:10:47 2014 Info: Delivery start DCID 53 MID 106 to RID [0]
Thu Jun 12 23:10:47 2014 Info: Message done DCID 54 MID 105 to RID [0]
Thu Jun 12 23:10:47 2014 Info: MID 105 RID [0] Response '2.0.0 s5D3Aobe022251 Message accepted for delivery'
Thu Jun 12 23:10:47 2014 Info: Message finished MID 105 done
Thu Jun 12 23:10:47 2014 Info: Message done DCID 53 MID 106 to RID [0]
Thu Jun 12 23:10:47 2014 Info: MID 106 RID [0] Response '2.0.0 s5D3AoFH012632 Message accepted for delivery'
Thu Jun 12 23:10:47 2014 Info: Message finished MID 106 done
Thu Jun 12 23:10:52 2014 Info: DCID 54 close
Thu Jun 12 23:10:52 2014 Info: DCID 53 close
I hope this helps!
-Robert
(*If you have received the answer to your original question, and found this helpful/correct - please mark the question as answered, and be sure to leave a rating to reflect!) -
I am having problems donloading and editing .asx files
I am trying to edit some video that can only be downloaded in .asx format. It is drm-ed. I may just have to contact the poeple I am partenring with that I need the original video files but I will need to do this with many of the cliebts that I am partnering with. Not only will it become a nuisance and make my business move as though stuck in the mud...it makes it hard for me to trumpet the relative merits of Apple anything electronic in the world if I have to get parralel or something so that I can run (gasp) Windows.
Please help!
If there is another section I should post this in let me know. i figured Fimal Cut would be where the most knowledgeable amble about.FCE is video editing application. ASX are not video files, they're metadata information. By the sound of it you haven't downloaded the video files at all. ASF is a Windows format used for streaming, not for download.
The ASX Format
ASX (Advanced Stream Redirector) files are not media files, but metafiles.
Metafiles provides information about files. ASX files are plain text files used to describe multimedia content:
<ASX VERSION="3.0">
<Title>Holiday 2001</Title>
<Entry>
<ref href="holiday-1.avi"/>
</Entry>
<Entry>
<ref href="holiday-2.avi"/>
</Entry>
<Entry>
<ref href="holiday-2.avi"/>
</Entry>
</ASX>
The file above describes three multimedia files. When the ASX file is read by a player, the player can play the files described.
Advanced Systems Format (formerly Advanced Streaming Format) is Microsoft's proprietary digital audio/digital video container format, especially meant for streaming media. ASF is part of the Windows Media framework.
The format does not specify how (i.e. with which codec) the video or audio should be encoded; it just specifies the structure of the video/audio stream. This is similar to the function performed by the QuickTime, AVI, or Ogg container formats. One of the objectives of ASF was to support playback from digital media servers, HTTP servers, and local storage devices such as hard disk drives.
ASF is based on serialized objects which are essentially byte sequences identified by a GUID marker.
The most common filetypes contained within an ASF file are Windows Media Audio (WMA) and Windows Media Video (WMV). Note that the file extension abbreviations are similar in name to the codecs of the same name but are different things.
ASF files can also contain objects representing metadata, such as the artist, title, album and genre for an audio track, or the director of a video track, much like the ID3 tags of MP3 files.
Files containing only WMA audio can be named using a .wma extension, and files of only audio and video content may have the extension .wmv. Both may use the .asf extension if desired.
Certain error-correcting techniques related to ASF are patented in the United States (United States Patent 6,041,345 Levi, et al. March 21, 2000) by Microsoft. Although the format is publicly documented by Microsoft, its license limits implementations to closed-source development projects only. Apple's iTunes software (for Windows) now has the capability to convert WMA files to any iTunes-supported format.[1]
The ASF container provides the framework for digital rights management in Windows Media Audio and Windows Media Video. An analysis of an older scheme used in WMA reveals that it is using a combination of elliptic curve cryptography key exchange, DES block cipher, a custom block cipher, RC4 stream cipher and the SHA-1 hashing function.
ASF files have MIME type application/vnd.ms-asf or video/x-ms-asf. (Advanced Stream Redirector (ASX) files also have MIME type video/x-ms-asf.)
ASF container-based media is usually streamed on the internet either through the MMS protocol or the RTSP protocol. -
Unable to connect to internal SSL sites with unknown CA's after 36.0 update.
Last week my browser auto-updated to version 36.0 and I am now no longer able to connect to certain internal corporate websites. These sites either have self-signed certs, or certs signed by an internal CA. They do not use certs signed by publicly known "trusted" CA's.
For example, one of the errors that I receive is below:
Secure Connection Failed
An error occurred during a connection to [HOST]:[PORT]. SSL peer rejected a handshake message for unacceptable content. (Error code: ssl_error_illegal_parameter_alert)
Although a warning message is received in IE or Chrome we are given the option to proceed and the site opens correctly, despite those browsers also indicating that the servers cert is not trusted.
I have added the internal CA's cert to the Authorities tab in the Firefox Certificate Manager, but am still not able to connect to the internal site.
Firefox allows me to accept some incorrect certs (or at least it did in the past), why is this not the default behavior with *all* certificate related problems? I realize that there are malicious sites out there, but there are also internal ones that are being blocked as well. Is there a config option that can be set so a user is prompted for all cert errors and they can decide to proceed if desired instead of just being blocked from the site? I understand blocking by default, but there also needs to be a way to proceed for advanced users.
Are there any configuration options to loosen the cert standards for sites? All other sites seem to load properly and otherwise there are no problems with the browser.
Sorry if this is the wrong place to post, I wasn't sure where to.
Thanks for any assistance!
-BeatyFirst, sorry for the delay in responding, things have been crazy here lately.
Secondly, here is the output from openSSL for connecting to the server:
OpenSSL> s_client -connect qrsa01.qnao.net:443
Loading 'screen' into random state - done
CONNECTED(00000180)
depth=1 CN = RSA root CA for qrsa01.qnao.net, serialNumber = 15702a01a563d5b8f2b
a65250ad81947eef537554eae2320efed2159a8193bd5
verify error:num=19:self signed certificate in certificate chain
Certificate chain
0 s:/CN=qrsa01.qnao.net/serialNumber=3b444eeb8355fb2b5b686d03ce1c0a61cd3552a184
001b9564700f7cebcbe9f0
i:/CN=RSA root CA for qrsa01.qnao.net/serialNumber=15702a01a563d5b8f2ba65250a
d81947eef537554eae2320efed2159a8193bd5
1 s:/CN=RSA root CA for qrsa01.qnao.net/serialNumber=15702a01a563d5b8f2ba65250a
d81947eef537554eae2320efed2159a8193bd5
i:/CN=RSA root CA for qrsa01.qnao.net/serialNumber=15702a01a563d5b8f2ba65250a
d81947eef537554eae2320efed2159a8193bd5
Server certificate
-----BEGIN CERTIFICATE-----
MIIDdDCCAlygAwIBAgIQYNRTnyH83tfcpTKMxP2kbTANBgkqhkiG9w0BAQUFADB1
MSgwJgYDVQQDDB9SU0Egcm9vdCBDQSBmb3IgcXJzYTAxLnFuYW8ubmV0MUkwRwYD
VQQFE0AxNTcwMmEwMWE1NjNkNWI4ZjJiYTY1MjUwYWQ4MTk0N2VlZjUzNzU1NGVh
ZTIzMjBlZmVkMjE1OWE4MTkzYmQ1MB4XDTEzMTExMTIxMTcwMloXDTMzMTExMjIx
MTcwMlowZTEYMBYGA1UEAwwPcXJzYTAxLnFuYW8ubmV0MUkwRwYDVQQFE0AzYjQ0
NGVlYjgzNTVmYjJiNWI2ODZkMDNjZTFjMGE2MWNkMzU1MmExODQwMDFiOTU2NDcw
MGY3Y2ViY2JlOWYwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwgkK
Lx1fAgNJsejbev9HP/j6I1quZH3oH4mQ5sy/Hx/F2yWXnf0vUFjclP8swte3OFA+
+okNqESCUDTZYHA4b3GCJDbzLKTWXOZ9GuZ8f2xAGbTYNEVdzTD2io0HBVwvd0O/
XGYn1vF1J+PghKJq40fQgdvVSJ2ZKeFc8U1yBRrEbL7/9XG7cgQxMkyzwdaWUg8k
9aGWn7ajSduJqYAb0NFbycZyY9JqKLRaI+L4bUyZZSUiDNV08dzPca7zDlA/G26K
mVfxdnQDp5sX6x7LMUDfo25gJVHOB7bp25/XCSASWBKG0BQx+Snl/mPmiY+00B6l
PTjyV4h3j2e4o255rQIDAQABoxAwDjAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEB
BQUAA4IBAQCdUBdHPPmMzArZ8w5+FLoOo6VFA1gNDtOa+YDpt1H5K/ki0lO49W2v
vKDPC6J60gTnvwtNe7zT2l6QIEf/k1Ene+ZvWFmOW1Eco2cWnXaxEmbb3L1uxvid
6vMCWscKvbo0LRLrskAWhzionoziGazkt8XqM7prmlroH7n9keLyIFRFhbzSYKhp
q3Zd2Ys/7AFzwIGymTe8MncU1bYw5vYl5hvy8KR8t+qqz/DNBXDCQ2FPpEK9SWrT
7LF7iPrrCi0Zd8gSFkcCWWojCcOpk+FKU3Lo3geURvNypNZMihenuWPoTSn+PCE/
vJZCWnp7n2DDeDOBmNvaV2K2R5w81+xN
-----END CERTIFICATE-----
subject=/CN=qrsa01.qnao.net/serialNumber=3b444eeb8355fb2b5b686d03ce1c0a61cd3552a
184001b9564700f7cebcbe9f0
issuer=/CN=RSA root CA for qrsa01.qnao.net/serialNumber=15702a01a563d5b8f2ba6525
0ad81947eef537554eae2320efed2159a8193bd5
No client certificate CA names sent
SSL handshake has read 1948 bytes and written 675 bytes
New, TLSv1/SSLv3, Cipher is RC4-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : RC4-SHA
Session-ID: 550194FCFA9BE4A1060430A13EBA67B9EBD793485253412053534C4A20202020
Session-ID-ctx:
Master-Key: F1FD3AB4846FBC14D35EB7BBAFF8704821940DDE5A0549519A0AFF2EC8CAF245
08DCAA6D4F9FB1D125664FC7BFE87E95
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1426167036
Timeout : 300 (sec)
Verify return code: 19 (self signed certificate in certificate chain)
read:errno=0
OpenSSL>
I had already set the tls.security.version.min to 0, so would have expected to be able to connect.
At this point it seems like the problem is that we are using an internal CA to sign the cert for this server, but Firefox won't allow me to proceed despite this. Is there an option that I can set to have firefox prompt on all certificate issues and give me the option to proceed anyways?
Any other thoughts/suggestions? -
Correct address not used in MAILTOfield of iCal files
I'm not sure if this is the correct forum for this, as it does have something to do with the GWIA (kind of) but I'm not sure if the GWIa should be responsible for dealing with the situation.
When GroupWise sends out an iCal file, it uses the userid in the email address instead of the preferred internet address. While this typically isn't an issue, we are having issues with some other email services adding the address in the iCal file as another attendee and not showing the original address (the preferred internet address) as having accepted the meeting. This causes further issue if the users of those other email systems modify the appointments, as it ends up removing the appointment from our GroupWise calendars.
For a more visual understanding:
Userid: mhk1234
Preferred Internet Address: [email protected]
Source of email sent when accepting appointment sent by [email protected]
Code:
Received: from mailserver (unknown [127.0.0.1])
by mailgateway with ESMTP id 165EB6FC159
for <[email protected]>; Tue, 15 May 2012 11:43:42 -0400 (EDT)
Received: from mailserver ([127.0.0.1]) by mailgateway with ESMTP id EiWHxRmVCUhQMQA8 for <[email protected]>; Tue, 15 May 2012 11:43:42 -0400 (EDT)
Received: from MTA by mailserver
with Novell_GroupWise; Tue, 15 May 2012 11:43:41 -0400
Message-Id: <4FB2416A0200008D000678F7@mailserver>
X-Mailer: Novell GroupWise Internet Agent 8.0.2
Content-class: urn:content-classes:calendarmessage
Date: Tue, 15 May 2012 11:43:38 -0400
From: "Carol Heinicke" <[email protected]>
To: "Carol A Heinicke" <[email protected]>
X-ASG-Orig-Subj: Accepted: test2
Subject: Accepted: test2
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="=__Part5678A6BA.0__="
This is a MIME message. If you are reading this text, you may want to
consider changing to a mail reader or gateway that understands how to
properly handle MIME multipart messages.
--=__Part5678A6BA.0__=
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
Item Type: Appointment
Start Date: Thursday, 17 May 2012, 08:00:00am (EDT)
Duration: 1 Hour
Place: here
Action: Accepted
This electronic message is intended to be for the named recipient, and may =
contain information that is confidential or privileged. If you are not the =
intended recipient, you are hereby notified that any disclosure, copying, d=
istribution or use of the contents of this message is strictly prohibited. =
If you have received this message in error, or are not the named recipient,=
please notify us immediately by contacting the sender at the electronic ma=
il address noted above, and delete and destroy all copies of this message. =
Thank you.
--=__Part5678A6BA.0__=
Content-class: urn:content-classes:calendarmessage
Content-Type: text/calendar; method=REPLY; name=meeting.ics; charset=UTF-8
Content-Transfer-Encoding: 8bit
BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//Novell Inc//Groupwise 8.0.2
METHOD:REPLY
BEGIN:VTIMEZONE
TZID:(GMT-0500) EST
BEGIN:STANDARD
TZOFFSETFROM:-0400
TZOFFSETTO:-0500
DTSTART:20001104T020000
RRULE:FREQ=YEARLY;INTERVAL=1;BYDAY=1SU;BYMONTH=11
TZNAME:EST
END:STANDARD
BEGIN:DAYLIGHT
TZOFFSETFROM:-0500
TZOFFSETTO:-0400
DTSTART:20000311T020000
RRULE:FREQ=YEARLY;INTERVAL=1;BYDAY=2SU;BYMONTH=3
TZNAME:Daylight Savings Time
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
DTSTART;TZID="(GMT-0500) EST":20120517T080000
DTSTAMP:20120515T154338Z
ATTENDEE;CN="Mark Kendall";PARTSTAT=ACCEPTED:
MAILTO:[email protected]
ORGANIZER;CN="Some Guy";ROLE=CHAIR:
MAILTO:[email protected]
SUMMARY:test2
LOCATION:here
DTEND;TZID="(GMT-0500) EST":20120517T090000
UID:52fac24d-024e-4079-ac80-298c99a7a2db
PRIORITY:5
CLASS:PUBLIC
X-GWCLASS:NORMAL
END:VEVENT
END:VCALENDAR
--=__Part5678A6BA.0__=--
So, is there something we need to change so that iCal files have the correct addresses in them or is this fixed in GroupWise 2012?Here is another example I happen to own both accounts so both are my name. I removed all IP addresses and changed the domains.
Appointment from outside:
Code:
Return-path: <[email protected]>
Received: from mailgateway.ours.edu ([])
by mailserver.ours.edu with ESMTP; Tue, 22 May 2012 11:19:22 -0400
X-ASG-Debug-ID: 1337699962-04a200340000-O3jTvS
X-Barracuda-URL: http:///cgi-bin/mark.cgi
Received: from mx-tmp.outside.edu (localhost [])
by mailgateway.ours.edu (Spam & Virus Firewall) with ESMTP id 720C0A90B0
for <[email protected]>; Tue, 22 May 2012 11:19:22 -0400 (EDT)
Received: from mx-tmp.outside.edu (mx-tmp.outside.edu []) by mailgateway.ours.edu with ESMTP id Y7SNFPBBn2Xt6XNN (version=TLSv1 cipher=RC4-MD5 bits=128 verify=NO) for <[email protected]>; Tue, 22 May 2012 11:19:22 -0400 (EDT)
X-Barracuda-Envelope-From: [email protected]
Received: from avs02.service.private (avs02.service.private [])
by mta03.service.private
(Sun Java System Messaging Server 6.1 HotFix 0.13 (built Jun 8 2005))
with ESMTP id <[email protected]> for
[email protected]; Tue, 22 May 2012 11:19:21 -0400 (EDT)
Received: from mta-avs03.service.private
(mta-avs03.service.private [])
by avs02.service.private (8.14.4/8.14.4) with ESMTP id q4MFIV9j003016 for
<[email protected]>; Tue,
22 May 2012 11:19:20 -0400 (EDT envelope-from [email protected])
Received: from wmu-mailstore02.merit.edu
(wmu-mailstore02.merit.edu [])
by mta03.service.private (Sun Java System Messaging Server 6.1 HotFix 0.13
(built Jun 8 2005)) with ESMTP id <[email protected]> for
[email protected]; Tue, 22 May 2012 11:18:48 -0400 (EDT)
Date: Tue, 22 May 2012 11:18:47 -0400 (EDT)
From: Doug Jaquays <[email protected]>
X-ASG-Orig-Subj: Test
Subject: Test
X-Originating-IP: []
To: [email protected]
Message-id: <2096173697.114690.1337699927851.JavaMail.root@wmu-mailstore02>
MIME-version: 1.0
X-Mailer: Zimbra 6.0.15_GA_2995 (zclient/6.0.15_GA_2995)
Content-type: multipart/alternative;
boundary="Boundary_(ID_ImJ4PLpNObjAdaPs3nf0OQ)"
X-WMU-PMX-Version: 5.5.9.395186, Antispam-Engine: 2.7.2.376379,
Antispam-Data: 2012.5.22.150615 - Tue May 22 11:19:21 2012
X-WMU-PerlMx-Spam: Gauge=IIIIIIIII, Probability=9% on Tue May 22 11:19:21 2012,
Report=' HTML_50_70 0.1, HTML_NO_HTTP 0.1, SUBJ_1WORD 0.1,
BODYTEXTH_SIZE_10000_LESS 0, BODYTEXTP_SIZE_3000_LESS 0,
BODY_SIZE_3000_3999 0, BODY_SIZE_5000_LESS 0, BODY_SIZE_7000_LESS 0,
FROM_EDU_TLD 0, INVALID_MSGID_NO_FQDN 0, SPF_NEUTRAL 0, WEBMAIL_SOURCE 0,
WEBMAIL_XOIP 0, WEBMAIL_X_IP_HDR 0, __ANY_URI 0, __CT 0,
__CTYPE_HAS_BOUNDARY 0, __CTYPE_MULTIPART 0, __CTYPE_MULTIPART_ALT 0,
__HAS_HTML 0, __HAS_MSGID 0, __HAS_XOIP 0, __HAS_X_MAILER 0, __MIME_HTML 0,
__MIME_VERSION 0, __SANE_MSGID 0, __TAG_EXISTS_HTML 0, __TO_MALFORMED_2 0,
__TO_NO_NAME 0, __URI_NO_PATH 0, __URI_NO_WWW 0, __URI_NS '
X-Barracuda-Connect: mx-tmp.outside.edu[]
X-Barracuda-Start-Time: 1337699962
X-Barracuda-Encrypted: RC4-MD5
X-Barracuda-Bayes: INNOCENT GLOBAL 0.0000 1.0000 -2.0210
X-Barracuda-Virus-Scanned: by Barracuda Spam & Virus Firewall at ours.edu
X-Barracuda-Spam-Score: -2.02
X-Barracuda-Spam-Status: No, SCORE=-2.02 using global scores of TAG_LEVEL=1.8 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=2.3 tests=HTML_MESSAGE
X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.2.97691
Rule breakdown below
pts rule name description
0.00 HTML_MESSAGE BODY: HTML included in message
--Boundary_(ID_ImJ4PLpNObjAdaPs3nf0OQ)
Content-type: text/plain; charset=utf-8
Content-transfer-encoding: 7BIT
The following is a new meeting request:
Subject: Test
Organizer: [email protected]
Location: Here
Time: Tuesday, May 22, 2012 from 2:00 PM - 3:00 PM America/New_York
Invitees: [email protected]
*~*~*~*~*~*~*~*~*~*
--Boundary_(ID_ImJ4PLpNObjAdaPs3nf0OQ)
Content-type: text/html; charset=utf-8
Content-transfer-encoding: 7BIT
<html><body><h3>The following is a new meeting request:</h3>
<p>
<table border='0'>
<tr><th valign='top' align='left'>Subject:</th><td>Test</td></tr>
<tr><th valign='top' align='left'>Organizer:</th><td>[email protected]</td></tr>
</table>
<p>
<table border='0'>
<tr><th valign='top' align='left'>Location:</th><td>Here</td></tr>
<tr><th valign='top' align='left'>Time:</th><td>Tuesday, May 22, 2012 from 2:00 PM - 3:00 PM <span style='color: #686357'>America/New_York</span></td></tr>
</table>
<p>
<table border='0'>
<tr><th valign='top' align='left'>Invitees:</th><td>[email protected]</td></tr></table>
<div>*~*~*~*~*~*~*~*~*~*</div><br></body></html>
--Boundary_(ID_ImJ4PLpNObjAdaPs3nf0OQ)
Content-type: text/calendar; charset=utf-8; method=REQUEST; name=meeting.ics
Content-transfer-encoding: 7BIT
Content-disposition: attachment; filename=meeting.ics
BEGIN:VCALENDAR
PRODID:Zimbra-Calendar-Provider
VERSION:2.0
METHOD:REQUEST
BEGIN:VTIMEZONE
TZID:America/New_York
BEGIN:STANDARD
DTSTART:19710101T020000
TZOFFSETTO:-0500
TZOFFSETFROM:-0400
RRULE:FREQ=YEARLY;WKST=MO;INTERVAL=1;BYMONTH=11;BYDAY=1SU
TZNAME:EST
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:19710101T020000
TZOFFSETTO:-0400
TZOFFSETFROM:-0500
RRULE:FREQ=YEARLY;WKST=MO;INTERVAL=1;BYMONTH=3;BYDAY=2SU
TZNAME:EDT
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:171ace1e-09bd-4720-a30c-84dbfa2ed5de
SUMMARY:Test
LOCATION:Here
ATTENDEE;ROLE=REQ-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP=TRUE:mailto:jaquays
@ours.edu
ORGANIZER:mailto:[email protected]
DTSTART;TZID="America/New_York":20120522T140000
DTEND;TZID="America/New_York":20120522T150000
STATUS:CONFIRMED
CLASS:PUBLIC
X-MICROSOFT-CDO-INTENDEDSTATUS:BUSY
TRANSP:OPAQUE
DTSTAMP:20120522T151847Z
SEQUENCE:0
DESCRIPTION:The following is a new meeting request:\n\nSubject: Test\nOrgani
zer: [email protected]\n\nLocation: Here\nTime: Tuesday\, May 22\, 2012
from 2:00 PM - 3:00 PM America/New_York\n\nInvitees: [email protected]\n
\n*~*~*~*~*~*~*~*~*~*\n\n
X-ALT-DESC;FMTTYPE=text/html:<html><body><h3>The following is a new meeting
request:</h3>\n\n<p>\n<table border='0'>\n<tr><th valign='top' align='left'>
Subject:</th><td>Test</td></tr>\n<tr><th valign='top' align='left'>Organizer
:</th><td>[email protected]</td></tr>\n</table>\n\n<p>\n<table border='
0'>\n<tr><th valign='top' align='left'>Location:</th><td>Here</td></tr>\n<tr
><th valign='top' align='left'>Time:</th><td>Tuesday\, May 22\, 2012 from 2:
00 PM - 3:00 PM <span style='color: #686357'>America/New_York</span></td></t
r>\n</table>\n<p>\n<table border='0'>\n\n<tr><th valign='top' align='left'>I
nvitees:</th><td>[email protected]</td></tr></table>\n<div>*~*~*~*~*~*~*~
*~*~*</div><br></body></html>
END:VEVENT
END:VCALENDAR
--Boundary_(ID_ImJ4PLpNObjAdaPs3nf0OQ)--
My acknowledgement:
Code:
Return-Path: [email protected]
Received: from proxy01.outside.edu (LHLO proxy01.outside.edu)
(10.108.1.55) by wmu-mailstore02.outside.edu with LMTP; Tue, 22 May 2012
11:29:27 -0400 (EDT)
Received: from mx-tmp.outside.edu (mx-tmp.outside.edu [])
by proxy01.outside.edu (Postfix) with ESMTP id 68F2A102BB61
for <[email protected]>; Tue, 22 May 2012 11:29:27 -0400 (EDT)
Received: from avs04.service.private (avs04.service.private [])
by mta03.service.private
(Sun Java System Messaging Server 6.1 HotFix 0.13 (built Jun 8 2005))
with ESMTP id <[email protected]> for [email protected]
(ORCPT [email protected]); Tue, 22 May 2012 11:29:26 -0400 (EDT)
Received: from mta-avs03.service.private
(mta-avs03.service.private [])
by avs04.service.private (8.14.4/8.14.4) with ESMTP id q4MFSxFW024753 for
<[email protected]>; Tue,
22 May 2012 11:29:00 -0400 (EDT envelope-from [email protected])
Received: from mailgateway.ours.edu (mailgateway.ours.edu [])
by mta03.service.private
(Sun Java System Messaging Server 6.1 HotFix 0.13 (built Jun 8 2005))
with ESMTPS id <[email protected]> for
[email protected] (ORCPT [email protected]); Tue,
22 May 2012 11:28:58 -0400 (EDT)
Received: from mailserver.ours.edu (unknown [])
by mailgateway.ours.edu (Spam & Virus Firewall) with ESMTP id 461B36FC159
for <[email protected]>; Tue, 22 May 2012 11:28:58 -0400 (EDT)
Received: from mailserver.ours.edu ([])
by mailgateway.ours.edu with ESMTP id LLo6Jrxzne9upWoz for
<[email protected]>; Tue, 22 May 2012 11:28:58 -0400 (EDT)
Received: from KCMS-MTA by mailserver.ours.edu with Novell_GroupWise; Tue,
22 May 2012 11:28:58 -0400
Date: Tue, 22 May 2012 11:28:54 -0400
From: Doug Jaquays <[email protected]>
Subject: Accepted: Test
To: Doug Jaquays <[email protected]>
Message-id: <[email protected]>
MIME-version: 1.0
X-Mailer: Novell GroupWise Internet Agent 8.0.2
Content-type: multipart/alternative;
boundary="Boundary_(ID_qC6PCHl2hokBeG2aJp/IMQ)"
Content-class: urn:content-classes:calendarmessage
X-WMU-PMX-Version: 5.5.9.395186, Antispam-Engine: 2.7.2.376379,
Antispam-Data: 2012.3.13.151816 - Tue May 22 11:29:02 2012
X-WMU-PerlMx-Spam: Gauge=IIIIIIII, Probability=8% on Tue May 22 11:29:26 2012,
Report=' HTML_00_01 0.05, HTML_00_10 0.05, SUPERLONG_LINE 0.05,
BODYTEXTP_SIZE_3000_LESS 0, BODY_SIZE_2000_2999 0, BODY_SIZE_5000_LESS 0,
BODY_SIZE_7000_LESS 0, DATE_TZ_NA 0, MIME_TEXT_ONLY_MULTI 0, NO_URI_FOUND 0,
SPF_PASS 0, __CT 0, __CTYPE_HAS_BOUNDARY 0, __CTYPE_MULTIPART 0,
__CTYPE_MULTIPART_ALT 0, __HAS_MSGID 0, __HAS_X_MAILER 0, __MIME_TEXT_ONLY 0,
__MIME_VERSION 0, __SANE_MSGID 0, __SUBJ_ALPHA_END 0, __TO_MALFORMED_2 0'
This is a MIME message. If you are reading this text, you may want to
consider changing to a mail reader or gateway that understands how to
properly handle MIME multipart messages.
--Boundary_(ID_qC6PCHl2hokBeG2aJp/IMQ)
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Item Type: Appointment
Start Date: Tuesday, 22 May 2012, 02:00:00pm (EDT)
Duration: 1 Hour
Place: Here
Action: Accepted
This electronic message is intended to be for the named recipient, and may contain information that is confidential or privileged. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of the contents of this message is strictly prohibited. If you have received this message in error, or are not the named recipient, please notify us immediately by contacting the sender at the electronic mail address noted above, and delete and destroy all copies of this message. Thank you.
--Boundary_(ID_qC6PCHl2hokBeG2aJp/IMQ)
Content-type: text/calendar; method=REPLY; name=meeting.ics; charset=UTF-8
Content-transfer-encoding: 7BIT
Content-disposition: attachment; filename=meeting.ics
Content-class: urn:content-classes:calendarmessage
BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//Novell Inc//Groupwise 8.0.2
METHOD:REPLY
BEGIN:VTIMEZONE
TZID:(GMT-0500) EST
BEGIN:STANDARD
TZOFFSETFROM:-0400
TZOFFSETTO:-0500
DTSTART:20001104T020000
RRULE:FREQ=YEARLY;INTERVAL=1;BYDAY=1SU;BYMONTH=11
TZNAME:EST
END:STANDARD
BEGIN:DAYLIGHT
TZOFFSETFROM:-0500
TZOFFSETTO:-0400
DTSTART:20000311T020000
RRULE:FREQ=YEARLY;INTERVAL=1;BYDAY=2SU;BYMONTH=3
TZNAME:Daylight Savings Time
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
DTSTART;TZID="(GMT-0500) EST":20120522T140000
DTSTAMP:20120522T152854Z
ATTENDEE;CN="Doug Jaquays";PARTSTAT=ACCEPTED:MAILTO:[email protected]
ORGANIZER;CN="Doug Jaquays";ROLE=CHAIR:MAILTO:[email protected]
SUMMARY:Test
LOCATION:Here
DTEND;TZID="(GMT-0500) EST":20120522T150000
UID:171ace1e-09bd-4720-a30c-84dbfa2ed5de
PRIORITY:5
CLASS:PUBLIC
X-GWCLASS:NORMAL
END:VEVENT
END:VCALENDAR
--Boundary_(ID_qC6PCHl2hokBeG2aJp/IMQ)-- -
HTTPS Client not sending the certificate chain
Hi,
I have HTTPS java programme with client authendication.
When the server request for the certificate from the client, the client is not sending the certificate chain, the server says Thread-1, handling exception: javax.net.ssl.SSLHandshakeException: null cert chain
In the client I an setting the keystore properties properly
Below is the ssl trace from the server and the client.
The trace clearly says that the client has loded its certificate from the key store.
One thing I noticed is the validity period of the client certificate is different in client and the server.
I am not sure why it is different. I followed the steps properly to create the certificate.
Can anyone help me to resolve this
==========================Server Trace==========================
SecureServer version 1.0
found key for : server
chain [0] = [
Version: V1
Subject: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@fffffd8e
Validity: [From: Sun Oct 08 12:36:57 GMT+04:00 2006,
To: Sat Jan 06 12:36:57 GMT+04:00 2007]
Issuer: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
SerialNumber: [ 4528b8a9]
Algorithm: [MD5withRSA]
Signature:
0000: 54 CC 61 97 1A 69 6C 1F 4B 53 1B 7C 54 B3 65 A9 T.a..il.KS..T.e.
0010: 15 C6 1A C0 1B BD FC E5 15 ED 57 F7 29 E7 5E 34 ..........W.).^4
0020: 3F D3 9C 40 4E D8 0B AC 79 5B 01 64 4E DD D2 FE [email protected][.dN...
0030: 57 6A 02 1E 8F C7 00 11 77 0F C8 20 06 0E DB 78 Wj......w.. ...x
0040: E3 45 57 9B 7D A4 95 0C 20 85 B8 A4 87 D8 AE 29 .EW..... ......)
0050: 69 B5 CC DC A1 B4 32 8C 6F 77 F0 9A A8 12 27 C6 i.....2.ow....'.
0060: 96 98 E9 EB AC 74 6E 39 2C D4 1B 1C A1 4B 81 C8 .....tn9,....K..
0070: 0B B9 CD 0A 18 DC 01 74 5D 99 4E 14 7A 2C 37 1E .......t].N.z,7.
trustStore is: d:\babu\ssltest\sscerts\jsseclient1
trustStore type is : jks
init truststore
adding as trusted cert: [
Version: V1
Subject: OU=For VeriSign authorized testing only. No assurances (C)VS1997, OU=www.verisign.com/repository/TestCPS Incorp. By Ref. Liab. LTD., O="VeriSign, Inc"
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@166
Validity: [From: Sun Jun 07 04:00:00 GMT+04:00 1998,
To: Tue Jun 07 03:59:59 GMT+04:00 2011]
Issuer: OU=For VeriSign authorized testing only. No assurances (C)VS1997, OU=www.verisign.com/repository/TestCPS Incorp. By Ref. Liab. LTD., O="VeriSign, Inc"
SerialNumber: [ 32f057e7 153096f5 1fb86e5b 5a49104b]
Algorithm: [SHA1withRSA]
Signature:
0000: A6 96 37 75 1C FD 95 95 40 E0 C9 53 25 8D E7 12 [email protected]%...
0010: AC 44 51 10 AC F2 BA 98 4D 72 EF 0B 75 2D 51 19 .DQ.....Mr..u-Q.
0020: 11 C9 47 E2 2F 96 67 61 0F 36 1D CA E7 C7 23 48 ..G./.ga.6....#H
0030: 46 97 63 C4 32 AE FF 7B 5A 65 64 50 CA 67 F7 14 F.c.2...ZedP.g..
adding as trusted cert: [
Version: V3
Subject: CN=ebms, OU=ebg, O=emirates, L=dubai, ST=emirates, C=AE
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@fffff956
Validity: [From: Mon Oct 09 04:00:00 GMT+04:00 2006,
To: Tue Oct 24 03:59:59 GMT+04:00 2006]
Issuer: OU=For VeriSign authorized testing only. No assurances (C)VS1997, OU=www.verisign.com/repository/TestCPS Incorp. By Ref. Liab. LTD., O="VeriSign, Inc"
SerialNumber: [ 5f2e369d 92ccf119 5d9a0371 c2f19ba4]
Certificate Extensions: 6
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 28 30 26 30 24 06 08 2B 06 01 05 05 07 30 01 .(0&0$..+.....0.
0010: 86 18 68 74 74 70 3A 2F 2F 6F 63 73 70 2E 76 65 ..http://ocsp.ve
0020: 72 69 73 69 67 6E 2E 63 6F 6D risign.com
[2]: ObjectId: 2.5.29.31 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 35 30 33 30 31 A0 2F A0 2D 86 2B 68 74 74 70 .50301./.-.+http
0010: 3A 2F 2F 63 72 6C 2E 76 65 72 69 73 69 67 6E 2E ://crl.verisign.
0020: 63 6F 6D 2F 52 53 41 53 65 63 75 72 65 53 65 72 com/RSASecureSer
0030: 76 65 72 2E 63 72 6C ver.crl
[3]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
[1.3.6.1.5.5.7.3.1, 1.3.6.1.5.5.7.3.2]]
[4]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.840.1.113733.1.7.1.1]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.2
qualifier: 0000: 30 56 30 15 16 0E 56 65 72 69 53 69 67 6E 2C 20 0V0...VeriSign,
0010: 49 6E 63 2E 30 03 02 01 01 1A 3D 56 65 72 69 53 Inc.0.....=VeriS
0020: 69 67 6E 27 73 20 43 50 53 20 69 6E 63 6F 72 70 ign's CPS incorp
0030: 2E 20 62 79 20 72 65 66 65 72 65 6E 63 65 20 6C . by reference l
0040: 69 61 62 2E 20 6C 74 64 2E 20 28 63 29 39 37 20 iab. ltd. (c)97
0050: 56 65 72 69 53 69 67 6E VeriSign
], PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 76 65 ..https://www.ve
0010: 72 69 73 69 67 6E 2E 63 6F 6D 2F 43 50 53 risign.com/CPS
[5]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Key_Encipherment
[6]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [SHA1withRSA]
Signature:
0000: 9D FC BF B3 A3 5D 94 B8 44 32 23 A5 B4 C2 BD 01 .....]..D2#.....
0010: 90 54 CE 0F 23 1A 08 9D F3 E2 55 9A 4B C9 FE 3E .T..#.....U.K..>
0020: F8 AD 45 DF 84 53 52 87 00 FA 66 2D 35 3F 48 53 ..E..SR...f-5?HS
0030: 4A D5 77 0F FB E4 20 1B E5 4F 19 60 F9 EC 79 FF J.w... ..O.`..y.
trigger seeding of SecureRandom
done seeding SecureRandom
SecureServer is listening on port 443.
matching alias: server
Accepted connection to ebms.uae.ebg.com (172.16.178.62) on port 3379.
----------1-1-1-----
[read] MD5 and SHA1 hashes: len = 3
0000: 01 03 01 ...
[read] MD5 and SHA1 hashes: len = 74
0000: 00 24 00 00 00 20 00 00 04 01 00 80 00 00 05 00 .$... ..........
0010: 00 0A 07 00 C0 00 00 13 00 00 09 06 00 40 00 00 .............@..
0020: 12 00 00 03 02 00 80 00 00 11 45 29 F4 B8 D5 0B ..........E)....
0030: F1 F5 52 D2 E4 FF 50 FA 04 49 E7 50 46 AA 2D A7 ..R...P..I.PF.-.
0040: 29 47 67 95 15 48 97 75 97 2C )Gg..H.u.,
Thread-1, READ: SSL v2, contentType = Handshake, translated length = 59
*** ClientHello, TLSv1
RandomCookie: GMT: 1160311736 bytes = { 213, 11, 241, 245, 82, 210, 228, 255, 80, 250, 4, 73, 231, 80, 70, 170, 45, 167, 41, 71, 103, 149, 21, 72, 151, 117, 151, 44 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
*** ServerHello, TLSv1
RandomCookie: GMT: 1160311736 bytes = { 227, 31, 215, 114, 116, 219, 59, 159, 156, 232, 234, 78, 209, 15, 134, 102, 46, 207, 102, 33, 202, 146, 164, 74, 99, 27, 76, 229 }
Session ID: {69, 41, 244, 184, 75, 140, 3, 113, 8, 43, 97, 188, 121, 254, 105, 189, 119, 89, 132, 185, 240, 133, 165, 13, 109, 244, 91, 98, 210, 139, 161, 214}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
Cipher suite: SSL_RSA_WITH_RC4_128_MD5
*** Certificate chain
chain [0] = [
Version: V1
Subject: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@fffffd8e
Validity: [From: Sun Oct 08 12:36:57 GMT+04:00 2006,
To: Sat Jan 06 12:36:57 GMT+04:00 2007]
Issuer: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
SerialNumber: [ 4528b8a9]
Algorithm: [MD5withRSA]
Signature:
0000: 54 CC 61 97 1A 69 6C 1F 4B 53 1B 7C 54 B3 65 A9 T.a..il.KS..T.e.
0010: 15 C6 1A C0 1B BD FC E5 15 ED 57 F7 29 E7 5E 34 ..........W.).^4
0020: 3F D3 9C 40 4E D8 0B AC 79 5B 01 64 4E DD D2 FE [email protected][.dN...
0030: 57 6A 02 1E 8F C7 00 11 77 0F C8 20 06 0E DB 78 Wj......w.. ...x
0040: E3 45 57 9B 7D A4 95 0C 20 85 B8 A4 87 D8 AE 29 .EW..... ......)
0050: 69 B5 CC DC A1 B4 32 8C 6F 77 F0 9A A8 12 27 C6 i.....2.ow....'.
0060: 96 98 E9 EB AC 74 6E 39 2C D4 1B 1C A1 4B 81 C8 .....tn9,....K..
0070: 0B B9 CD 0A 18 DC 01 74 5D 99 4E 14 7A 2C 37 1E .......t].N.z,7.
*** CertificateRequest
Cert Types: RSA, DSS,
Cert Authorities:
<CN=ebms, OU=ebg, O=emirates, L=dubai, ST=emirates, C=AE>
<OU=For VeriSign authorized testing only. No assurances (C)VS1997, OU=www.verisign.com/repository/TestCPS Incorp. By Ref. Liab. LTD., O="VeriSign, Inc">
*** ServerHelloDone
[write] MD5 and SHA1 hashes: len = 912
0000: 02 00 00 46 03 01 45 29 F4 B8 E3 1F D7 72 74 DB ...F..E).....rt.
0010: 3B 9F 9C E8 EA 4E D1 0F 86 66 2E CF 66 21 CA 92 ;....N...f..f!..
0020: A4 4A 63 1B 4C E5 20 45 29 F4 B8 4B 8C 03 71 08 .Jc.L. E)..K..q.
0030: 2B 61 BC 79 FE 69 BD 77 59 84 B9 F0 85 A5 0D 6D +a.y.i.wY......m
0040: F4 5B 62 D2 8B A1 D6 00 04 00 0B 00 02 18 00 02 .[b.............
0050: 15 00 02 12 30 82 02 0E 30 82 01 77 02 04 45 28 ....0...0..w..E(
0060: B8 A9 30 0D 06 09 2A 86 48 86 F7 0D 01 01 04 05 ..0...*.H.......
0070: 00 30 4E 31 0B 30 09 06 03 55 04 06 13 02 61 65 .0N1.0...U....ae
0080: 31 0A 30 08 06 03 55 04 08 13 01 61 31 0A 30 08 1.0...U....a1.0.
0090: 06 03 55 04 07 13 01 61 31 0A 30 08 06 03 55 04 ..U....a1.0...U.
00A0: 0A 13 01 61 31 0A 30 08 06 03 55 04 0B 13 01 61 ...a1.0...U....a
00B0: 31 0F 30 0D 06 03 55 04 03 13 06 69 74 6E 35 34 1.0...U....itn54
00C0: 37 30 1E 17 0D 30 36 31 30 30 38 30 38 33 36 35 70...06100808365
00D0: 37 5A 17 0D 30 37 30 31 30 36 30 38 33 36 35 37 7Z..070106083657
00E0: 5A 30 4E 31 0B 30 09 06 03 55 04 06 13 02 61 65 Z0N1.0...U....ae
00F0: 31 0A 30 08 06 03 55 04 08 13 01 61 31 0A 30 08 1.0...U....a1.0.
0100: 06 03 55 04 07 13 01 61 31 0A 30 08 06 03 55 04 ..U....a1.0...U.
0110: 0A 13 01 61 31 0A 30 08 06 03 55 04 0B 13 01 61 ...a1.0...U....a
0120: 31 0F 30 0D 06 03 55 04 03 13 06 69 74 6E 35 34 1.0...U....itn54
0130: 37 30 81 9F 30 0D 06 09 2A 86 48 86 F7 0D 01 01 70..0...*.H.....
0140: 01 05 00 03 81 8D 00 30 81 89 02 81 81 00 9C 86 .......0........
0150: FA C2 EC 96 1B 02 01 27 08 D2 70 4D 3B AE D0 38 .......'..pM;..8
0160: 15 97 E9 1D 94 D2 BE A1 2A 54 39 F8 2E AF 71 4C ........*T9...qL
0170: FD 9A 71 BF 8A 1E 92 9F 3A 07 DA E9 5E 49 2C C6 ..q.....:...^I,.
0180: 7D FD AA 1F C6 13 39 38 BC 16 34 04 FE E8 6B 4C ......98..4...kL
0190: EA E9 BA 29 58 9E 6C 61 B8 1F B8 29 6F 83 5D 44 ...)X.la...)o.]D
01A0: 7B 47 E5 BC 8E 2E D0 C1 E0 6F 73 15 E2 03 A8 49 .G.......os....I
01B0: C9 42 39 87 0B 70 A0 80 0D 11 98 76 AE 2B B6 A3 .B9..p.....v.+..
01C0: 5A BA 5D 3B BF C0 90 86 F6 E3 AB 9B A0 49 02 03 Z.];.........I..
01D0: 01 00 01 30 0D 06 09 2A 86 48 86 F7 0D 01 01 04 ...0...*.H......
01E0: 05 00 03 81 81 00 54 CC 61 97 1A 69 6C 1F 4B 53 ......T.a..il.KS
01F0: 1B 7C 54 B3 65 A9 15 C6 1A C0 1B BD FC E5 15 ED ..T.e...........
0200: 57 F7 29 E7 5E 34 3F D3 9C 40 4E D8 0B AC 79 5B W.).^[email protected][
0210: 01 64 4E DD D2 FE 57 6A 02 1E 8F C7 00 11 77 0F .dN...Wj......w.
0220: C8 20 06 0E DB 78 E3 45 57 9B 7D A4 95 0C 20 85 . ...x.EW..... .
0230: B8 A4 87 D8 AE 29 69 B5 CC DC A1 B4 32 8C 6F 77 .....)i.....2.ow
0240: F0 9A A8 12 27 C6 96 98 E9 EB AC 74 6E 39 2C D4 ....'......tn9,.
0250: 1B 1C A1 4B 81 C8 0B B9 CD 0A 18 DC 01 74 5D 99 ...K.........t].
0260: 4E 14 7A 2C 37 1E 0D 00 01 22 02 01 02 01 1D 00 N.z,7...."......
0270: 6D 30 6B 31 0B 30 09 06 03 55 04 06 13 02 41 45 m0k1.0...U....AE
0280: 31 11 30 0F 06 03 55 04 08 13 08 65 6D 69 72 61 1.0...U....emira
0290: 74 65 73 31 0E 30 0C 06 03 55 04 07 14 05 64 75 tes1.0...U....du
02A0: 62 61 69 31 11 30 0F 06 03 55 04 0A 14 08 65 6D bai1.0...U....em
02B0: 69 72 61 74 65 73 31 15 30 13 06 03 55 04 0B 14 irates1.0...U...
02C0: 0C 65 6D 69 72 61 74 65 73 62 61 6E 6B 31 0F 30 .ebg1.0
02D0: 0D 06 03 55 04 03 14 06 69 74 6E 35 34 37 00 AC ...U....ebms..
02E0: 30 81 A9 31 16 30 14 06 03 55 04 0A 13 0D 56 65 0..1.0...U....Ve
02F0: 72 69 53 69 67 6E 2C 20 49 6E 63 31 47 30 45 06 riSign, Inc1G0E.
0300: 03 55 04 0B 13 3E 77 77 77 2E 76 65 72 69 73 69 .U...>www.verisi
0310: 67 6E 2E 63 6F 6D 2F 72 65 70 6F 73 69 74 6F 72 gn.com/repositor
0320: 79 2F 54 65 73 74 43 50 53 20 49 6E 63 6F 72 70 y/TestCPS Incorp
0330: 2E 20 42 79 20 52 65 66 2E 20 4C 69 61 62 2E 20 . By Ref. Liab.
0340: 4C 54 44 2E 31 46 30 44 06 03 55 04 0B 13 3D 46 LTD.1F0D..U...=F
0350: 6F 72 20 56 65 72 69 53 69 67 6E 20 61 75 74 68 or VeriSign auth
0360: 6F 72 69 7A 65 64 20 74 65 73 74 69 6E 67 20 6F orized testing o
0370: 6E 6C 79 2E 20 4E 6F 20 61 73 73 75 72 61 6E 63 nly. No assuranc
0380: 65 73 20 28 43 29 56 53 31 39 39 37 0E 00 00 00 es (C)VS1997....
Thread-1, WRITE: TLSv1 Handshake, length = 912
Thread-1, READ: TLSv1 Handshake, length = 141
*** Certificate chain
Thread-1, SEND TLSv1 ALERT: fatal, description = bad_certificate
Thread-1, WRITE: TLSv1 Alert, length = 2
Thread-1, called closeSocket()
Thread-1, handling exception: javax.net.ssl.SSLHandshakeException: null cert chain
IOException occurred when processing request.
Thread-1, called close()
Thread-1, called closeInternal(true)
==========================Client Trace==========================
--->>>--------
keyStore is : d:\babu\ssltest\sscerts\clientpk1
keyStore type is : jks
init keystore
init keymanager of type SunX509
found key for : client
chain [0] = [
Version: V1
Subject: CN=ebms, OU=ebg, O=emirates, L=dubai, ST=emirates, C=AE
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@fffff956
Validity: [From: Mon Oct 09 09:44:01 GMT+04:00 2006,
To: Sun Jan 07 09:44:01 GMT+04:00 2007]
Issuer: CN=ebms, OU=ebg, O=emirates, L=dubai, ST=emirates, C=AE
SerialNumber: [ 4529e1a1]
Algorithm: [MD5withRSA]
Signature:
0000: 20 C7 89 9C 04 64 E8 62 AD D2 64 DD 0A E4 2A A1 ....d.b..d...*.
0010: B6 9A B5 06 DC 3E F8 AA BE B5 8A 12 B5 75 91 EC .....>.......u..
0020: 33 77 12 27 85 15 14 15 52 B3 7F 4B 03 18 B5 E0 3w.'....R..K....
0030: 31 E4 0C A7 0A E1 52 3E 9F D1 58 B7 F2 CC F2 DD 1.....R>..X.....
0040: D4 61 D6 C8 12 39 60 4D C9 FB DC 01 0C 0D FC 98 .a...9`M........
0050: C6 AD A6 56 3E 05 1B 4E 20 1B 93 77 16 67 0E D1 ...V>..N ..w.g..
0060: E0 A1 B6 7F CA 13 53 F2 53 92 14 63 9A 82 01 AE ......S.S..c....
0070: 83 B2 FD FC 2E 29 22 F9 E7 18 DB 6A 14 73 83 E3 .....)"....j.s..
trustStore is: d:\babu\ssltest\sscerts\jsseserver
trustStore type is : jks
init truststore
adding as trusted cert: [
Version: V1
Subject: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@fffffd8e
Validity: [From: Sun Oct 08 12:36:57 GMT+04:00 2006,
To: Sat Jan 06 12:36:57 GMT+04:00 2007]
Issuer: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
SerialNumber: [ 4528b8a9]
Algorithm: [MD5withRSA]
Signature:
0000: 54 CC 61 97 1A 69 6C 1F 4B 53 1B 7C 54 B3 65 A9 T.a..il.KS..T.e.
0010: 15 C6 1A C0 1B BD FC E5 15 ED 57 F7 29 E7 5E 34 ..........W.).^4
0020: 3F D3 9C 40 4E D8 0B AC 79 5B 01 64 4E DD D2 FE [email protected][.dN...
0030: 57 6A 02 1E 8F C7 00 11 77 0F C8 20 06 0E DB 78 Wj......w.. ...x
0040: E3 45 57 9B 7D A4 95 0C 20 85 B8 A4 87 D8 AE 29 .EW..... ......)
0050: 69 B5 CC DC A1 B4 32 8C 6F 77 F0 9A A8 12 27 C6 i.....2.ow....'.
0060: 96 98 E9 EB AC 74 6E 39 2C D4 1B 1C A1 4B 81 C8 .....tn9,....K..
0070: 0B B9 CD 0A 18 DC 01 74 5D 99 4E 14 7A 2C 37 1E .......t].N.z,7.
init context
trigger seeding of SecureRandom
done seeding SecureRandom
---<<<--------
THE HEADERS
---111--------
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1160311736 bytes = { 213, 11, 241, 245, 82, 210, 228, 255, 80, 250, 4, 73, 231, 80, 70, 170, 45, 167, 41, 71, 103, 149, 21, 72, 151, 117, 151, 44 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
[write] MD5 and SHA1 hashes: len = 59
0000: 01 00 00 37 03 01 45 29 F4 B8 D5 0B F1 F5 52 D2 ...7..E)......R.
0010: E4 FF 50 FA 04 49 E7 50 46 AA 2D A7 29 47 67 95 ..P..I.PF.-.)Gg.
0020: 15 48 97 75 97 2C 00 00 10 00 04 00 05 00 0A 00 .H.u.,..........
0030: 13 00 09 00 12 00 03 00 11 01 00 ...........
main, WRITE: TLSv1 Handshake, length = 59
[write] MD5 and SHA1 hashes: len = 77
0000: 01 03 01 00 24 00 00 00 20 00 00 04 01 00 80 00 ....$... .......
0010: 00 05 00 00 0A 07 00 C0 00 00 13 00 00 09 06 00 ................
0020: 40 00 00 12 00 00 03 02 00 80 00 00 11 45 29 F4 @............E).
0030: B8 D5 0B F1 F5 52 D2 E4 FF 50 FA 04 49 E7 50 46 .....R...P..I.PF
0040: AA 2D A7 29 47 67 95 15 48 97 75 97 2C .-.)Gg..H.u.,
main, WRITE: SSLv2 client hello message, length = 77
main, READ: TLSv1 Handshake, length = 912
*** ServerHello, TLSv1
RandomCookie: GMT: 1160311736 bytes = { 227, 31, 215, 114, 116, 219, 59, 159, 156, 232, 234, 78, 209, 15, 134, 102, 46, 207, 102, 33, 202, 146, 164, 74, 99, 27, 76, 229 }
Session ID: {69, 41, 244, 184, 75, 140, 3, 113, 8, 43, 97, 188, 121, 254, 105, 189, 119, 89, 132, 185, 240, 133, 165, 13, 109, 244, 91, 98, 210, 139, 161, 214}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
[read] MD5 and SHA1 hashes: len = 74
0000: 02 00 00 46 03 01 45 29 F4 B8 E3 1F D7 72 74 DB ...F..E).....rt.
0010: 3B 9F 9C E8 EA 4E D1 0F 86 66 2E CF 66 21 CA 92 ;....N...f..f!..
0020: A4 4A 63 1B 4C E5 20 45 29 F4 B8 4B 8C 03 71 08 .Jc.L. E)..K..q.
0030: 2B 61 BC 79 FE 69 BD 77 59 84 B9 F0 85 A5 0D 6D +a.y.i.wY......m
0040: F4 5B 62 D2 8B A1 D6 00 04 00 .[b.......
*** Certificate chain
chain [0] = [
Version: V1
Subject: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@fffffd8e
Validity: [From: Sun Oct 08 12:36:57 GMT+04:00 2006,
To: Sat Jan 06 12:36:57 GMT+04:00 2007]
Issuer: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
SerialNumber: [ 4528b8a9]
Algorithm: [MD5withRSA]
Signature:
0000: 54 CC 61 97 1A 69 6C 1F 4B 53 1B 7C 54 B3 65 A9 T.a..il.KS..T.e.
0010: 15 C6 1A C0 1B BD FC E5 15 ED 57 F7 29 E7 5E 34 ..........W.).^4
0020: 3F D3 9C 40 4E D8 0B AC 79 5B 01 64 4E DD D2 FE [email protected][.dN...
0030: 57 6A 02 1E 8F C7 00 11 77 0F C8 20 06 0E DB 78 Wj......w.. ...x
0040: E3 45 57 9B 7D A4 95 0C 20 85 B8 A4 87 D8 AE 29 .EW..... ......)
0050: 69 B5 CC DC A1 B4 32 8C 6F 77 F0 9A A8 12 27 C6 i.....2.ow....'.
0060: 96 98 E9 EB AC 74 6E 39 2C D4 1B 1C A1 4B 81 C8 .....tn9,....K..
0070: 0B B9 CD 0A 18 DC 01 74 5D 99 4E 14 7A 2C 37 1E .......t].N.z,7.
stop on trusted cert: [
Version: V1
Subject: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@fffffd8e
Validity: [From: Sun Oct 08 12:36:57 GMT+04:00 2006,
To: Sat Jan 06 12:36:57 GMT+04:00 2007]
Issuer: CN=ebms, OU=a, O=a, L=a, ST=a, C=ae
SerialNumber: [ 4528b8a9]
Algorithm: [MD5withRSA]
Signature:
0000: 54 CC 61 97 1A 69 6C 1F 4B 53 1B 7C 54 B3 65 A9 T.a..il.KS..T.e.
0010: 15 C6 1A C0 1B BD FC E5 15 ED 57 F7 29 E7 5E 34 ..........W.).^4
0020: 3F D3 9C 40 4E D8 0B AC 79 5B 01 64 4E DD D2 FE [email protected][.dN...
0030: 57 6A 02 1E 8F C7 00 11 77 0F C8 20 06 0E DB 78 Wj......w.. ...x
0040: E3 45 57 9B 7D A4 95 0C 20 85 B8 A4 87 D8 AE 29 .EW..... ......)
0050: 69 B5 CC DC A1 B4 32 8C 6F 77 F0 9A A8 12 27 C6 i.....2.ow....'.
0060: 96 98 E9 EB AC 74 6E 39 2C D4 1B 1C A1 4B 81 C8 .....tn9,....K..
0070: 0B B9 CD 0A 18 DC 01 74 5D 99 4E 14 7A 2C 37 1E .......t].N.z,7.
[read] MD5 and SHA1 hashes: len = 540
0000: 0B 00 02 18 00 02 15 00 02 12 30 82 02 0E 30 82 ..........0...0.
0010: 01 77 02 04 45 28 B8 A9 30 0D 06 09 2A 86 48 86 .w..E(..0...*.H.
0020: F7 0D 01 01 04 05 00 30 4E 31 0B 30 09 06 03 55 .......0N1.0...U
0030: 04 06 13 02 61 65 31 0A 30 08 06 03 55 04 08 13 ....ae1.0...U...
0040: 01 61 31 0A 30 08 06 03 55 04 07 13 01 61 31 0A .a1.0...U....a1.
0050: 30 08 06 03 55 04 0A 13 01 61 31 0A 30 08 06 03 0...U....a1.0...
0060: 55 04 0B 13 01 61 31 0F 30 0D 06 03 55 04 03 13 U....a1.0...U...
0070: 06 69 74 6E 35 34 37 30 1E 17 0D 30 36 31 30 30 .ebms0...06100
0080: 38 30 38 33 36 35 37 5A 17 0D 30 37 30 31 30 36 8083657Z..070106
0090: 30 38 33 36 35 37 5A 30 4E 31 0B 30 09 06 03 55 083657Z0N1.0...U
00A0: 04 06 13 02 61 65 31 0A 30 08 06 03 55 04 08 13 ....ae1.0...U...
00B0: 01 61 31 0A 30 08 06 03 55 04 07 13 01 61 31 0A .a1.0...U....a1.
00C0: 30 08 06 03 55 04 0A 13 01 61 31 0A 30 08 06 03 0...U....a1.0...
00D0: 55 04 0B 13 01 61 31 0F 30 0D 06 03 55 04 03 13 U....a1.0...U...
00E0: 06 69 74 6E 35 34 37 30 81 9F 30 0D 06 09 2A 86 .ebms0..0...*.
00F0: 48 86 F7 0D 01 01 01 05 00 03 81 8D 00 30 81 89 H............0..
0100: 02 81 81 00 9C 86 FA C2 EC 96 1B 02 01 27 08 D2 .............'..
0110: 70 4D 3B AE D0 38 15 97 E9 1D 94 D2 BE A1 2A 54 pM;..8........*T
0120: 39 F8 2E AF 71 4C FD 9A 71 BF 8A 1E 92 9F 3A 07 9...qL..q.....:.
0130: DA E9 5E 49 2C C6 7D FD AA 1F C6 13 39 38 BC 16 ..^I,.......98..
0140: 34 04 FE E8 6B 4C EA E9 BA 29 58 9E 6C 61 B8 1F 4...kL...)X.la..
0150: B8 29 6F 83 5D 44 7B 47 E5 BC 8E 2E D0 C1 E0 6F .)o.]D.G.......o
0160: 73 15 E2 03 A8 49 C9 42 39 87 0B 70 A0 80 0D 11 s....I.B9..p....
0170: 98 76 AE 2B B6 A3 5A BA 5D 3B BF C0 90 86 F6 E3 .v.+..Z.];......
0180: AB 9B A0 49 02 03 01 00 01 30 0D 06 09 2A 86 48 ...I.....0...*.H
0190: 86 F7 0D 01 01 04 05 00 03 81 81 00 54 CC 61 97 ............T.a.
01A0: 1A 69 6C 1F 4B 53 1B 7C 54 B3 65 A9 15 C6 1A C0 .il.KS..T.e.....
01B0: 1B BD FC E5 15 ED 57 F7 29 E7 5E 34 3F D3 9C 40 ......W.).^4?..@
01C0: 4E D8 0B AC 79 5B 01 64 4E DD D2 FE 57 6A 02 1E N...y[.dN...Wj..
01D0: 8F C7 00 11 77 0F C8 20 06 0E DB 78 E3 45 57 9B ....w.. ...x.EW.
01E0: 7D A4 95 0C 20 85 B8 A4 87 D8 AE 29 69 B5 CC DC .... ......)i...
01F0: A1 B4 32 8C 6F 77 F0 9A A8 12 27 C6 96 98 E9 EB ..2.ow....'.....
0200: AC 74 6E 39 2C D4 1B 1C A1 4B 81 C8 0B B9 CD 0A .tn9,....K......
0210: 18 DC 01 74 5D 99 4E 14 7A 2C 37 1E ...t].N.z,7.
*** CertificateRequest
Cert Types: RSA, DSS,
Cert Authorities:
<CN=ebms, OU=ebg, O=emirates, L=dubai, ST=emirates, C=AE>
<OU=For VeriSign authorized testing only. No assurances (C)VS1997, OU=www.verisign.com/repository/TestCPS Incorp. By Ref. Liab. LTD., O="VeriSign, Inc">
[read] MD5 and SHA1 hashes: len = 294
0000: 0D 00 01 22 02 01 02 01 1D 00 6D 30 6B 31 0B 30 ..."......m0k1.0
0010: 09 06 03 55 04 06 13 02 41 45 31 11 30 0F 06 03 ...U....AE1.0...
0020: 55 04 08 13 08 65 6D 69 72 61 74 65 73 31 0E 30 U....emirates1.0
0030: 0C 06 03 55 04 07 14 05 64 75 62 61 69 31 11 30 ...U....dubai1.0
0040: 0F 06 03 55 04 0A 14 08 65 6D 69 72 61 74 65 73 ...U....emirates
0050: 31 15 30 13 06 03 55 04 0B 14 0C 65 6D 69 72 61 1.0...U....emira
0060: 74 65 73 62 61 6E 6B 31 0F 30 0D 06 03 55 04 03 tesbank1.0...U..
0070: 14 06 69 74 6E 35 34 37 00 AC 30 81 A9 31 16 30 ..ebms..0..1.0
0080: 14 06 03 55 04 0A 13 0D 56 65 72 69 53 69 67 6E ...U....VeriSign
0090: 2C 20 49 6E 63 31 47 30 45 06 03 55 04 0B 13 3E , Inc1G0E..U...>
00A0: 77 77 77 2E 76 65 72 69 73 69 67 6E 2E 63 6F 6D www.verisign.com
00B0: 2F 72 65 70 6F 73 69 74 6F 72 79 2F 54 65 73 74 /repository/Test
00C0: 43 50 53 20 49 6E 63 6F 72 70 2E 20 42 79 20 52 CPS Incorp. By R
00D0: 65 66 2E 20 4C 69 61 62 2E 20 4C 54 44 2E 31 46 ef. Liab. LTD.1F
00E0: 30 44 06 03 55 04 0B 13 3D 46 6F 72 20 56 65 72 0D..U...=For Ver
00F0: 69 53 69 67 6E 20 61 75 74 68 6F 72 69 7A 65 64 iSign authorized
0100: 20 74 65 73 74 69 6E 67 20 6F 6E 6C 79 2E 20 4E testing only. N
0110: 6F 20 61 73 73 75 72 61 6E 63 65 73 20 28 43 29 o assurances (C)
0120: 56 53 31 39 39 37 VS1997
*** ServerHelloDone
[read] MD5 and SHA1 hashes: len = 4
0000: 0E 00 00 00 ....
*** Certificate chain
JsseJCE: Using JSSE internal implementation for cipher RSA/ECB/PKCS1Padding
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
Random Secret: { 3, 1, 145, 198, 68, 101, 78, 79, 139, 241, 6, 243, 13, 208, 161, 242, 0, 185, 46, 87, 212, 79, 239, 132, 145, 14, 13, 134, 115, 250, 44, 44, 112, 33, 173, 105, 52, 186, 160, 119, 55, 202, 205, 212, 136, 92, 7, 120 }
[write] MD5 and SHA1 hashes: len = 141
0000: 0B 00 00 03 00 00 00 10 00 00 82 00 80 3A 83 FA .............:..
0010: 1E B3 43 52 3B B5 B9 A5 9D 2D 30 5E 71 34 DF 45 ..CR;....-0^q4.E
0020: 99 99 2D 9A 4A 42 54 3D 47 D8 94 22 BC F3 92 0D ..-.JBT=G.."....
0030: 23 AA 95 B5 75 EA B2 2B 8B DD DA 91 AA 94 24 4B #...u..+......$K
0040: 56 34 C8 3C 1D 2D 15 63 CF 03 FF 65 6C DF B9 00 V4.<.-.c...el...
0050: C3 5E BF 72 F4 70 64 45 D8 5B 58 E2 DF D6 12 1B .^.r.pdE.[X.....
0060: BE A3 71 E9 1C 49 BB 7E C0 4A 1F CA 1F F5 63 23 ..q..I...J....c#
0070: 0D 40 0D C6 3B FE 03 E9 DE 2E E5 09 1F 72 D7 6B .@..;........r.k
0080: D6 ED 5E 99 B0 A8 A0 D3 D2 73 F0 A0 8E ..^......s...
main, WRITE: TLSv1 Handshake, length = 141
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 91 C6 44 65 4E 4F 8B F1 06 F3 0D D0 A1 F2 ....DeNO........
0010: 00 B9 2E 57 D4 4F EF 84 91 0E 0D 86 73 FA 2C 2C ...W.O......s.,,
0020: 70 21 AD 69 34 BA A0 77 37 CA CD D4 88 5C 07 78 p!.i4..w7....\.x
CONNECTION KEYGEN:
Client Nonce:
0000: 45 29 F4 B8 D5 0B F1 F5 52 D2 E4 FF 50 FA 04 49 E)......R...P..I
0010: E7 50 46 AA 2D A7 29 47 67 95 15 48 97 75 97 2C .PF.-.)Gg..H.u.,
Server Nonce:
0000: 45 29 F4 B8 E3 1F D7 72 74 DB 3B 9F 9C E8 EA 4E E).....rt.;....N
0010: D1 0F 86 66 2E CF 66 21 CA 92 A4 4A 63 1B 4C E5 ...f..f!...Jc.L.
Master Secret:
0000: 3A 36 9A CA 6F 82 0B 32 17 28 04 CD 33 B4 5D BF :6..o..2.(..3.].
0010: 5F 87 23 71 6B 49 2D 0E 59 DE 2C EA 8E B3 43 C8 _.#qkI-.Y.,...C.
0020: 5D 3B 3B 4C B7 B9 AB 4E EA A3 E6 CE 54 40 FB 2D ];;[email protected]
Client MAC write Secret:
0000: C3 72 45 7B 93 DE 55 FF 0A 8C 9E 91 43 48 6E E4 .rE...U.....CHn.
Server MAC write Secret:
0000: E2 05 07 CB 3F 2D 95 41 EF 69 3F 09 6D CB 81 EE ....?-.A.i?.m...
Client write key:
0000: EE 7E EE 7D D8 5F 46 CD 88 15 9E F6 C7 EC 05 5F ....._F........_
Server write key:
0000: 43 DE B1 D2 FA 54 F0 E6 CA EC E8 1E 6C AD 77 EC C....T......l.w.
... no IV for cipher
main, WRITE: TLSv1 Change Cipher Spec, length = 1
JsseJCE: Using JSSE internal implementation for cipher RC4
*** Finished
verify_data: { 196, 3, 24, 202, 107, 99, 158, 203, 62, 203, 204, 35 }
[write] MD5 and SHA1 hashes: len = 16
0000: 14 00 00 0C C4 03 18 CA 6B 63 9E CB 3E CB CC 23 ........kc..>..#
Plaintext before ENCRYPTION: len = 32
0000: 14 00 00 0C C4 03 18 CA 6B 63 9E CB 3E CB CC 23 ........kc..>..#
0010: 22 2A 55 36 5F 75 DB D4 CF 19 6F 40 93 AF B8 3B "*U6_u....o@...;
main, WRITE: TLSv1 Handshake, length = 32
waiting for close_notify or alert: state 1
Exception while waiting for close java.net.SocketException: Software caused connection abort: recv failed
main, handling exception: java.net.SocketException: Software caused connection abort: recv failed
main, SEND TLSv1 ALERT: fatal, description = unexpected_message
Plaintext before ENCRYPTION: len = 18
0000: 02 0A 3E CA 24 9F 8F 40 B8 65 A6 44 5D 7E 0B B5 ..>[email protected]]...
0010: A9 C7 ..
main, WRITE: TLSv1 Alert, length = 18
Exception sending alert: java.net.SocketException: Software caused connection abort: socket write error
main, called closeSocket()
---000--------Here are the steps I am perfoming to create the certificates. Can anyone please validate the steps...
//Create private key
keytool -genkey -keystore clientpk1 -keyalg rsa -alias client -storepass password -keypass password
//Create CSR
keytool -certreq -alias client -file client.csr -keypass password -keystore clientpk1 -storepass password
//Received client-ca.cer and root certificate from verisign
//Import signed certificate to client keystore
keytool -import -keystore clientpk1 -keyalg RSA -import -trustcacerts -file client-ca.cer
//Import signed certificate and the root certificate to keystore(server thruststore)
keytool -import -keystore jsseclient1 -alias client -file getcacert.cer
keytool -import -keystore jsseclient1 -alias client -file client-ca.cer
Thanks in advance,
Babu
Maybe you are looking for
-
Meta5.1 installation on Win2k adv server
I have same problem with the original message. Meta is 5.1 and DS is 5.1 also. There seemed no problems during installation, but after rebooting followed by the installation, the fatal error message, httpd undifined error, occurred, consequently, the
-
Accessing multiple portals at the same time?
Is it possible to access multiple portals at the same time? For example, what I want to achieve is different properties (layout, portlets, look & feel) for different groups of users accessing the same portal. The Associated Groups part on the Portal
-
Iphone 6 screen scratches very easily, just by normal use. Anyone else? What is Apple doing about it! It shouldn't be like that, it is way more fragile than Iphone 5 and 5S screeens!
-
I just updated to OS 10.4 and now i connot burn photo CDs with iPhoto 2.0. The burn fails repeatedly. Do I need to upgrade to iPhoto 5.0 or iLife? I'm using a dual processor G4 with a combo drive that's never had this problem before.
-
Trend Micro Interscan 6.2.1599
Is there are way to allow a single user access to certain sites? Cheers