IMAPS handshake failure

I am trying to configure e-mail on NSD 7.0.3 appliance. Our mail server is Lotus Domino 9.0.1 and it supports imaps protocol. A mailbox has been created for NSD and I can successfully connect to it using Thunderbird. I can also connect by using "openssl s_client" from the command line of NSD appliance. But when I configure relevant fields in NSD:
Incoming server: ourserver.ourdomain.com
Protocol: IMAPS
Port: <blank>
Username: ServiceDesk
Password: <correct_password>
...and press Test, I receive an error message:
Error connecting to host: Server chose SSLv3, but that protocol version is not enabled or not supported by the client.
(I ran tcpdump on the appliance while pressing Test, and the dump output shows NSD server connecting to IMAP server on port 993, IMAP server sending back the certificate and then NSD server responding with "Handshake failure".
IMAP server admin has enabled the use of SSLv2 on server side, but that doesn't seem to change the situation.
Is there anything that we can do on NSD side to get this working? Obviously we could try using plain IMAP (port 143) with all the security impliactions, but we prefer the traffic to be encrypted.

vatson,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Visit http://support.novell.com and search the knowledgebase and/or check all
the other self support options and support programs available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.novell.com)
Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.novell.com/faq.php
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://forums.novell.com/

Similar Messages

SSL handshake failure

Hi,
I have to establish the connection from SAP WebAS to an Apache server via HTTPS. The Apache authentication is based on client certificates. But I'm still unable to establish a connection. Everything runs fine via HTTPS if client certificate authentication is disabled on Apache (anonymous access). But as soon as client authentication is enabled, the icm log displays the following failure:
[Thr 1800] *** ERROR during SecudeSSL_Read() from SSL_read()==SSL_ERROR_SSL
[Thr 1800]    session uses PSE file "/usr/sap/E3T/DVEBMGS00/sec/SAPSSLC.pse";;
[Thr 1800] SecudeSSL_Read: SSL_read() failed --
secude_error 536872195 (0x20000503) = "handshake failure"
[Thr 1800] >> ---------- Begin of Secude-SSL Errorstack ---------- >>
[Thr 1800] ERROR in ssl3_read_bytes: (536872195/0x20000503) handshake failure
WARNING in ssl3_read_bytes: (536875072/0x20001040) received a fatal SSLv3 handshake failure alert message from the peer
[Thr 1800] << ---------- End of Secude-SSL Errorstack ----------
[Thr 1800] <<- ERROR: SapSSLRead(sssl_hdl=0x115f8a310)==SSSLERR_SSL_READ
[Thr 1800] ->> SapSSLErrorName(rc=-58)
[Thr 1800] <<- SapSSLErrorName()==SSSLERR_SSL_READ
[Thr 1800] *** ERROR => IcmReadFromConn(id=3/1967): SapSSLRead returned (-58): SSSLERR_SSL_READ [icxxthrio_mt 2539]
[Thr 1800] *** ERROR => IcmReadFromConn(id=3/1967): read failed (rc = -1) [icxxthrio_mt 2611]
[Thr 1800] *** ERROR => IcmHandleNetRead(id=3/1967): IcmReadFromConn failed (rc = -1) [icxxthrio_mt 1304]
In the Apache logs, it seems that SAP is not sending a client certificate. So Apache closes the connection. Do you have an idea how I can make SAP WebAS send the certificate ?
Thanks in advance
Christan

Hi,
>Because the third line in your log says that no PSE could be found?
I'm not sure of that.
Here is an extract of the log of an ICM starting without a client certificate in STRUST
[Thr 4392] = secudessl_Create_SSL_CTX(): PSE "D:\usr\sap\PPI\DVEBMGS74\sec\SAPSSLC.pse" not found,
[Thr 4392] =      using PSE "D:\usr\sap\PPI\DVEBMGS74\sec\SAPSSLS.pse" as fallback
[Thr 4392] ******** Warning ********
[Thr 4392] *** No SSL-client PSE "SAPSSLC.pse" available
[Thr 4392] ***    this will probably limit SSL-client side connectivity
[Thr 4392] ********
[Thr 4392] = Success    SapCryptoLib SSL ready!
Here is an extract of the log of an ICM starting with a client certificate in STRUST.
[Thr 9208] =================================================
[Thr 9208] = SSL Initialization on PC with Windows NT
[Thr 9208] =   (700_REL,Mar 19 2007,mt,ascii,SAP_UC/size_t/void* = 16/64/64)
[Thr 9208]   SapISSLComposeFilename(): profile param "ssl/ssl_lib" = "I:\usr\sap\DXI\DVEBMGS68\exe\sapcrypto.dll"
           resulting Filename = "I:\usr\sap\DXI\DVEBMGS68\exe\sapcrypto.dll"
[Thr 9208] =   found SAPCRYPTOLIB 5.5.5C pl17 (Aug 18 2005) MT-safe
[Thr 9208] =   current UserID: BT0D0000\SAPServiceDXI
[Thr 9208] =   found SECUDIR environment variable
[Thr 9208] =   using SECUDIR=I:\usr\sap\DXI\DVEBMGS68\sec
[Thr 9208] = Success    SapCryptoLib SSL ready!
Christian,
Could you restart the ICM and check the trace file to find out if you get the message about a missing SAPSSLC.pse ?
Regards,
Olivier
[Thr 9208] =================================================

AS2 using HTTPS - Handshake failure # null

Hello,
I have scenario IDoc - PI - AS2 using HTTPS.
when i am trying to send data it is giving me "Handshake Failure" error.
I have check certificate and configuration properly.
Parnter is saying "your client doesnu2019t sent the requested client certificate"
following are traces:
   20120102 061927 011 SECS I SES_INIT (83903899) Netprof : NP_AS2_CERT_Sender_TEST selected [src_addr="---Hostname/port"] [dest_addr="hostname/port"]
   20120102 061927 013 SECS I SES_INIT (83903899) Server TLS Security Profile : TLS_AS2_SRV_CERT_Port selected
   20120102 061927 103 NET   I CONN_RESP (17809) incoming connection response     [resp_add=""]
   20120102 061929 030 SECS I C_BUILD   (83903899) Server Certificate sent: Receiver_Partner
   20120102 061929 030 SECS I C_BUILD   (83903899) Server Certificate sent: VeriSign Class 3 International
   20120102 061929 030 SECS I C_BUILD   (83903899) Server Certificate sent: VeriSign Class 3 Public Primary
   20120102 061929 014 SECS I CA_BUILD (83903899) Server Sending Accepted DN: AS2 KRAFT Root Prod CA
   20120102 061929 014 SECS I CA_BUILD (83903899) Server Sending Accepted DN: AS2 KRAFT Root Test CA
   20120102 061929 014 SECS I CA_BUILD (83903899) Server Sending Accepted DN: AS2 KnorrPrandel (SIGN) New
   20120102 061929 014 SECS I CA_BUILD (83903899) Server Sending Accepted DN: AS2 KnorrPrandel (SSL) New
   20120102 061929 014 SECS I CA_BUILD (83903899) Server Sending Accepted DN: AS2 MarkantSyntradeRoot
   20120102 061929 014 SECS I CA_BUILD (83903899) Server Sending Accepted DN: AS2 ProcterGambleProd
   20120102 061929 014 SECS I CA_BUILD (83903899) Server Sending Accepted DN: D-TRUST Root Class 2 CA 2007
   20120102 061929 014 SECS I CA_BUILD (83903899) Server Sending Accepted DN: Entrust.net CA
   20120102 061929 014 SECS I CA_BUILD (83903899) Server Sending Accepted DN: EquifaxSecure(4Bacardi)
   20120102 061929 014 SECS I CA_BUILD (83903899) Server Sending Accepted DN: Sender RootCA (Sender)
20120102 061929 053 NET   W TLSALSND (17809) alert 40 sent (handshake failure)
               20120102 061929 105 NET   I DISC_REQ (17809) disconnection request            [reason="0"]
Please suggest.
//Manisha

Hello,
have u downloaded the certificate from the vendor url and uploaded in STRUST.
have u restarted ICM through SMICM. did connection test in SM 59 ? what is the response ???
Regards,
Phani

Erro SOAP Receiver: handshake failure

Pessoal, boa tarde.
Tenho um Canal de Comunicação SOAP Receiver, com autenticação por usuário e senha.
Ao enviar a requisição para o Channel, é gerado o seguinte erro:
<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
- <SAP:Error xmlns:SAP="http://sap.com/xi/XI/Message/30" xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/" SOAP:mustUnderstand="1">
<SAP:Category>XIAdapterFramework</SAP:Category>
<SAP:Code area="MESSAGE">GENERAL</SAP:Code>
<SAP:P1 />
<SAP:P2 />
<SAP:P3 />
<SAP:P4 />
<SAP:AdditionalText>com.sap.aii.af.ra.ms.api.RecoverableException: Peer sent alert: Alert Fatal: handshake failure: iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: handshake failure</SAP:AdditionalText>
<SAP:ApplicationFaultMessage namespace="" />
<SAP:Stack />
<SAP:Retry>M</SAP:Retry>
</SAP:Error>
mencionando problema de handshake.
No log Java, encontrei as seguintes mensagens:
p.aii.af.soapadapter#co
ssl_debug(6603): Sending v3 client_hello message, requesting version 3.1...
ssl_debug(6603): Received v3 server_hello handshake message.
ssl_debug(6603): Server selected SSL version 3.1.
ssl_debug(6603): Server created new session CA:23:B4:0E:C7:16:0A:8F...
ssl_debug(6603): CipherSuite selected by server: TLS_RSA_WITH_AES_256_CBC_SHA
ssl_debug(6603): CompressionMethod selected by server: NULL
ssl_debug(6603): Received certificate handshake message with server certificate.
ssl_debug(6603): Server sent a 1024 bit RSA certificate, chain has 1 elements.
ssl_debug(6603): ChainVerifier: No trusted certificate found, OK anyway.
ssl_debug(6603): Received server_hello_done handshake message.
ssl_debug(6603): Sending client_key_exchange handshake message (1024 bit)...
ssl_debug(6603): Sending change_cipher_spec message...
ssl_debug(6603): Sending finished message...
ssl_debug(6603): Received alert message: Alert Fatal: handshake failure
ssl_debug(6603): SSLException while handshaking: Peer sent alert: Alert Fatal: handshake failure
ssl_debug(6603): Shutting down SSL layer...
Alguém já viu este erro e teria alguma informação a respeito?
Desde já agradeço.
Pedro Baroni

Carlos,
Em nosso cenário não utilizamos Certificado, porém em contato com o Fornecedor dos WebServices, identificamos o problema na aplicação dele, pois haviam configurado para somente aceitar conexões com Certificado. Porém o problema já foi corrigido na aplicação dele e a Interface voltou a funcionar.
Obrigado.

Handshake failure

Hello everyone
here iam struggling with a problem, of handshake failure. the synoptical story is
1. I am developing a java client to connect a payware merchant server at a port 3443 through SSL, with package JSSE from JDK1.4.1 on windows 2000 using socket API.
2. I got the two server certificates namely ca.pem and client.pem. I feel these are server's public key and CA key. Is it right? I have to keep these certificates in the client's keystore. Here itself, i feel the problem is. How to create a keystore for adding these certificates at client's machine using keytool.
a) If i create using "keytool -genkey" and there after, i try
to add above certificates, i am getting the exceptions,
and not adding these certificates.
3. here i don't want to have client side certificates, i.e one way handshaking, or in otherwards, it is server authentication only.
4. after this process i am using below code and trying to contact, iam getting the handshake failure exception, why I unable to resolve this.
the code i am using:
import java.net.*;
import java.io.*;
import javax.net.ssl.*;
import javax.net.ssl.*;
import java.security.cert.X509Certificate;
import java.security.cert.*;
import java.security.KeyStore;
* This example demostrates how to use a SSLSocket as client to
* send a request through SSL socket and get response from a server developed
* in C++. Communication through the SSL layers.
* It assumes that the client is not behind a firewall
public class TestSocketClient {
public static void main(String[] args) throws Exception {
     try {
// System.setProperty("java.protocol.handler.pkgs","com.sun.net.ssl.internal.www.protocol");
// java.security.Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
                    System.setProperty("javax.net.debug","SSL");
System.setProperty("javax.net.ssl.TrustStore","testkeys");
System.setProperty("javax.net.ssl.TrustStorePassword","passphrase");
                    KeyManagerFactory kmf = KeyManagerFactory.getInstance("SUNX509");
                    KeyStore ks = KeyStore.getInstance("JKS");
                    char[] pass = "passphrase".toCharArray();
                    ks.load(new FileInputStream("testkeys"),pass);
                    kmf.init(ks,pass);
                    TrustManagerFactory tmf = TrustManagerFactory.getInstance("SUNX509");
                    X509TrustManager xtm =new MyX509TrustManager();
                    TrustManager[] tm = {xtm};
                    tmf.init(ks);
                    SSLContext context = SSLContext.getInstance("SSL");
                    java.security.SecureRandom sr = new java.security.SecureRandom();
                    context.init(kmf.getKeyManagers(),tm,sr);
                    SSLSocketFactory sslfactory = context.getSocketFactory();
/*          SSLSocketFactory factory =
          (SSLSocketFactory)SSLSocketFactory.getDefault();
     SSLSocket socket =
(SSLSocket)sslfactory.createSocket("10.0.0.20",3443);
     //     socket.setNeedClientAuth(true);
String[] protocols = {"SSLv3","TLSv1"};
socket.setEnabledProtocols(protocols);
               //     socket.setEnabledCipherSuites(socket.getSupportedCipherSuites());
OutputStream os;
System.out.println("socket is created.");
     * send http request
     * Before any application data is sent or received, the
     * SSL socket will do SSL handshaking first to set up
     * the security attributes.
     * SSL handshaking can be initiated by either flushing data
     * down the pipe, or by starting the handshaking by hand.
     * Handshaking is started manually in this example because
     * PrintWriter catches all IOExceptions (including
     * SSLExceptions), sets an internal error flag, and then
     * returns without rethrowing the exception.
     * Unfortunately, this means any error messages are lost,
     * which caused lots of confusion for others using this
     * code. The only way to tell there was an error is to call
     * PrintWriter.checkError().
System.out.println(" just before handshake ");
// socket.setNeedClientAuth(false);
// socket.startHandshake();
// System.out.println(" Hand shake is completed ");
     PrintWriter out = new PrintWriter(
socket.getOutputStream());
System.out.println(" print writer object is created ");
String s="GET http://www.verisign.com/index.html HTTP/1.1";
byte[] b1=s.getBytes("ISO-8859-1");
// out.println("GET http://www.verisign.com/index.html HTTP/1.1");
// os.write(b1);
out.print(b1);
               System.out.println(" print is created ");
     out.flush();
          BufferedReader in = new BufferedReader(
                    new InputStreamReader(
                    socket.getInputStream()));
String inputLine=null;
System.out.println("The input line is: "+inputLine);
     while ((inputLine = in.readLine()) != null) {
          System.out.println("Received messages from here.");
          System.out.println(inputLine);
// out.close();
System.out.println(" output is trying to flushing the data ");
     * Make sure there were no surprises
     if (out.checkError())
          System.out.println(
          "SSLSocketClient: java.io.PrintWriter error");
     /* read response */
     in.close();
     out.close();
     socket.close();
     } catch (Exception e) {
System.out.println(" the exception is "+e);
e.printStackTrace();
                    System.exit(0);
debugging information:
---------- Run the application ----------
found key for : duke
chain [0] = [
Version: V1
Subject: CN=Duke, OU=Java Software, O="Sun Microsystems, Inc.", L=Cupertino, ST=CA, C=US
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@d520c4
Validity: [From: Wed May 23 02:46:46 GMT+03:00 2001,
               To: Mon May 23 02:46:46 GMT+03:00 2011]
Issuer: CN=Duke, OU=Java Software, O="Sun Microsystems, Inc.", L=Cupertino, ST=CA, C=US
SerialNumber: [    3b0afa66 ]
Algorithm: [MD5withRSA]
Signature:
0000: 5F B5 62 E9 A0 26 1D 8E A2 7E 7C 02 08 36 3A 3E _.b..&.......6:>
0010: C9 C2 45 03 DD F9 BC 06 FC 25 CF 30 92 91 B1 4E ..E......%.0...N
0020: 62 17 08 48 14 68 80 CF DD 89 11 EA 92 7F CE DD b..H.h..........
0030: B4 FD 12 A8 71 C7 9E D7 C3 D0 E3 BD BB DE 20 92 ....q......... .
0040: C2 3B C8 DE CB 25 23 C0 8B B6 92 B9 0B 64 80 63 .;...%#......d.c
0050: D9 09 25 2D 7A CF 0A 31 B6 E9 CA C1 37 93 BC 0D ..%-z..1....7...
0060: 4E 74 95 4F 58 31 DA AC DF D8 BD 89 BD AF EC C8 Nt.OX1..........
0070: 2D 18 A2 BC B2 15 4F B7 28 6F D3 00 E1 72 9B 6C -.....O.(o...r.l
adding as trusted cert: [
Version: V1
Subject: ST=Dublin, L=Leopardstown, OU=Banking Support, O=Trintech Technologies, CN=trintech.com, C=IE
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@749757
Validity: [From: Fri Aug 23 13:05:43 GMT+03:00 2002,
               To: Sun Sep 22 13:05:43 GMT+03:00 2002]
Issuer: CN=TEST RSA CERTIFICATION AUTHORITY - FOR INTERNAL TESTING PURPOSES ONLY - NO LIABILITY, OU=Banking Division, O=Trintech Technologies Ltd, L=Dublin, ST=County Dublin, C=IE
SerialNumber: [    f0]
Algorithm: [MD5withRSA]
Signature:
0000: 7F 7A 9C F6 9D 6D AF AF 2D D4 4F 92 39 4E 95 9B .z...m..-.O.9N..
0010: 2C 50 76 59 BB E1 27 02 86 DC DB 72 99 7C 97 11 ,PvY..'....r....
0020: 11 36 97 F3 53 E0 68 DB A9 98 B7 94 EF 17 6D 91 .6..S.h.......m.
0030: 81 14 FE B6 33 7C 60 CA 13 12 13 EB 75 E7 23 0C ....3.`.....u.#.
0040: A5 AB 6D F5 0B A2 DA B6 12 DD 48 43 4C AC 80 79 ..m.......HCL..y
0050: 7F EF 98 E7 5A 67 D5 20 C8 91 C2 32 10 F4 F8 02 ....Zg. ...2....
0060: B8 44 45 AC 45 24 57 12 60 12 03 6F 9C 50 CB D4 .DE.E$W.`..o.P..
0070: 8F C5 E5 FB AE 44 0B BC D1 F3 A8 EE 78 64 C0 CF .....D......xd..
adding private entry as trusted cert: [
Version: V1
Subject: CN=Duke, OU=Java Software, O="Sun Microsystems, Inc.", L=Cupertino, ST=CA, C=US
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@d520c4
Validity: [From: Wed May 23 02:46:46 GMT+03:00 2001,
               To: Mon May 23 02:46:46 GMT+03:00 2011]
Issuer: CN=Duke, OU=Java Software, O="Sun Microsystems, Inc.", L=Cupertino, ST=CA, C=US
SerialNumber: [    3b0afa66 ]
Algorithm: [MD5withRSA]
Signature:
0000: 5F B5 62 E9 A0 26 1D 8E A2 7E 7C 02 08 36 3A 3E _.b..&.......6:>
0010: C9 C2 45 03 DD F9 BC 06 FC 25 CF 30 92 91 B1 4E ..E......%.0...N
0020: 62 17 08 48 14 68 80 CF DD 89 11 EA 92 7F CE DD b..H.h..........
0030: B4 FD 12 A8 71 C7 9E D7 C3 D0 E3 BD BB DE 20 92 ....q......... .
0040: C2 3B C8 DE CB 25 23 C0 8B B6 92 B9 0B 64 80 63 .;...%#......d.c
0050: D9 09 25 2D 7A CF 0A 31 B6 E9 CA C1 37 93 BC 0D ..%-z..1....7...
0060: 4E 74 95 4F 58 31 DA AC DF D8 BD 89 BD AF EC C8 Nt.OX1..........
0070: 2D 18 A2 BC B2 15 4F B7 28 6F D3 00 E1 72 9B 6C -.....O.(o...r.l
adding as trusted cert: [
Version: V3
Subject: [email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@dfafd1
Validity: [From: Thu Aug 01 03:00:00 GMT+03:00 1996,
               To: Fri Jan 01 02:59:59 GMT+03:00 2021]
Issuer: [email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
SerialNumber: [    01]
Certificate Extensions: 1
[1]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [MD5withRSA]
Signature:
0000: 07 FA 4C 69 5C FB 95 CC 46 EE 85 83 4D 21 30 8E ..Li\...F...M!0.
0010: CA D9 A8 6F 49 1A E6 DA 51 E3 60 70 6C 84 61 11 ...oI...Q.`pl.a.
0020: A1 1A C8 48 3E 59 43 7D 4F 95 3D A1 8B B7 0B 62 ...H>YC.O.=....b
0030: 98 7A 75 8A DD 88 4E 4E 9E 40 DB A8 CC 32 74 B9 [email protected].
0040: 6F 0D C6 E3 B3 44 0B D9 8A 6F 9A 29 9B 99 18 28 o....D...o.)...(
0050: 3B D1 E3 40 28 9A 5A 3C D5 B5 E7 20 1B 8B CA A4 ;..@(.Z<... ....
0060: AB 8D E9 51 D9 E2 4C 2C 59 A9 DA B9 B2 75 1B F6 ...Q..L,Y....u..
0070: 42 F2 EF C7 F2 18 F9 89 BC A3 FF 8A 23 2E 70 47 B...........#.pG
adding as trusted cert: [
Version: V3
Subject: ST=Safat, L=Kuwait, OU=ISP, O=Qualitynet General Trading and Contracting Co., CN=Qualitynet.net, C=KW
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@a8c488
Validity: [From: Tue Jan 08 17:48:01 GMT+03:00 2002,
               To: Wed Jan 08 17:48:01 GMT+03:00 2003]
Issuer: [email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
SerialNumber: [    08b1fa]
Certificate Extensions: 2
[1]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
[1.3.6.1.5.5.7.3.1]]
[2]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [MD5withRSA]
Signature:
0000: 01 26 CD A6 B4 88 69 68 31 99 44 6C CD 24 5E EE .&....ih1.Dl.$^.
0010: 0D AD 1A 27 94 BC 17 9F 50 CE 22 99 84 29 8E 30 ...'....P."..).0
0020: 74 38 DF 8E 24 35 83 10 7D CD 50 AC C3 5E C8 89 t8..$5....P..^..
0030: 63 B5 02 B4 5B 9F D8 79 28 2B 8B 53 4A 5D 81 30 c...[..y(+.SJ].0
0040: F0 72 53 5D 3D A9 31 75 1C 6F FC 92 9E 41 B9 A7 .rS]=.1u.o...A..
0050: DC 2C 64 FA 17 65 79 83 A2 4D 04 73 C1 61 3E C5 .,d..ey..M.s.a>.
0060: E6 4E 20 2A B1 68 FB D9 15 77 52 10 C1 C6 4E 95 .N *.h...wR...N.
0070: 56 8E E3 7D C1 5F DE 20 14 BB D3 1F A3 8E 85 8D V...._. ........
trigger seeding of SecureRandom
done seeding SecureRandom
socket is created.
just before handshake
print writer object is created
print is created
%% No cached client session
*** ClientHello, v3.1
RandomCookie: GMT: 987413342 bytes = { 254, 80, 236, 112, 44, 177, 113, 24, 240, 17, 19, 124, 170, 193, 156, 242, 6, 94, 107, 49, 236, 18, 211, 50, 196, 36, 58, 91 }
Session ID: {}
Cipher Suites: { 0, 5, 0, 4, 0, 9, 0, 10, 0, 18, 0, 19, 0, 3, 0, 17 }
Compression Methods: { 0 }
[write] MD5 and SHA1 hashes: len = 59
0000: 01 00 00 37 03 01 3B DB BB 5E FE 50 EC 70 2C B1 ...7..;..^.P.p,.
0010: 71 18 F0 11 13 7C AA C1 9C F2 06 5E 6B 31 EC 12 q..........^k1..
0020: D3 32 C4 24 3A 5B 00 00 10 00 05 00 04 00 09 00 .2.$:[..........
0030: 0A 00 12 00 13 00 03 00 11 01 00 ...........
main, WRITE: SSL v3.1 Handshake, length = 59
main, READ: SSL v3.0 Handshake, length = 74
*** ServerHello, v3.0
RandomCookie: GMT: 1019049914 bytes = { 146, 60, 74, 221, 254, 223, 224, 218, 86, 64, 214, 127, 32, 0, 235, 238, 181, 210, 212, 218, 141, 38, 198, 142, 110, 175, 146, 113 }
Session ID: {1, 241, 227, 143, 175, 90, 192, 25, 155, 216, 173, 103, 159, 41, 90, 222, 86, 8, 76, 153, 122, 138, 88, 120, 112, 104, 65, 202, 147, 134, 163, 143}
Cipher Suite: { 0, 10 }
Compression Method: 0
%% Created: [Session-1, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
** SSL_RSA_WITH_3DES_EDE_CBC_SHA
[read] MD5 and SHA1 hashes: len = 74
0000: 02 00 00 46 03 00 3D BD 78 BA 92 3C 4A DD FE DF ...F..=.x..<J...
0010: E0 DA 56 40 D6 7F 20 00 EB EE B5 D2 D4 DA 8D 26 ..V@.. ........&
0020: C6 8E 6E AF 92 71 20 01 F1 E3 8F AF 5A C0 19 9B ..n..q .....Z...
0030: D8 AD 67 9F 29 5A DE 56 08 4C 99 7A 8A 58 78 70 ..g.)Z.V.L.z.Xxp
0040: 68 41 CA 93 86 A3 8F 00 0A 00 hA........
main, READ: SSL v3.0 Handshake, length = 1561
*** Certificate chain
chain [0] = [
Version: V3
Subject: ST=Safat, L=Kuwait, OU=ISP, O=Qualitynet General Trading and Contracting Co., CN=Qualitynet.net, C=KW
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@d251a3
Validity: [From: Tue Jan 08 17:48:01 GMT+03:00 2002,
               To: Wed Jan 08 17:48:01 GMT+03:00 2003]
Issuer: [email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
SerialNumber: [    08b1fa]
Certificate Extensions: 2
[1]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
[1.3.6.1.5.5.7.3.1]]
[2]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [MD5withRSA]
Signature:
0000: 01 26 CD A6 B4 88 69 68 31 99 44 6C CD 24 5E EE .&....ih1.Dl.$^.
0010: 0D AD 1A 27 94 BC 17 9F 50 CE 22 99 84 29 8E 30 ...'....P."..).0
0020: 74 38 DF 8E 24 35 83 10 7D CD 50 AC C3 5E C8 89 t8..$5....P..^..
0030: 63 B5 02 B4 5B 9F D8 79 28 2B 8B 53 4A 5D 81 30 c...[..y(+.SJ].0
0040: F0 72 53 5D 3D A9 31 75 1C 6F FC 92 9E 41 B9 A7 .rS]=.1u.o...A..
0050: DC 2C 64 FA 17 65 79 83 A2 4D 04 73 C1 61 3E C5 .,d..ey..M.s.a>.
0060: E6 4E 20 2A B1 68 FB D9 15 77 52 10 C1 C6 4E 95 .N *.h...wR...N.
0070: 56 8E E3 7D C1 5F DE 20 14 BB D3 1F A3 8E 85 8D V...._. ........
chain [1] = [
Version: V3
Subject: [email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@edc073
Validity: [From: Thu Aug 01 03:00:00 GMT+03:00 1996,
               To: Fri Jan 01 02:59:59 GMT+03:00 2021]
Issuer: [email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
SerialNumber: [    01]
Certificate Extensions: 1
[1]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [MD5withRSA]
Signature:
0000: 07 FA 4C 69 5C FB 95 CC 46 EE 85 83 4D 21 30 8E ..Li\...F...M!0.
0010: CA D9 A8 6F 49 1A E6 DA 51 E3 60 70 6C 84 61 11 ...oI...Q.`pl.a.
0020: A1 1A C8 48 3E 59 43 7D 4F 95 3D A1 8B B7 0B 62 ...H>YC.O.=....b
0030: 98 7A 75 8A DD 88 4E 4E 9E 40 DB A8 CC 32 74 B9 [email protected].
0040: 6F 0D C6 E3 B3 44 0B D9 8A 6F 9A 29 9B 99 18 28 o....D...o.)...(
0050: 3B D1 E3 40 28 9A 5A 3C D5 B5 E7 20 1B 8B CA A4 ;..@(.Z<... ....
0060: AB 8D E9 51 D9 E2 4C 2C 59 A9 DA B9 B2 75 1B F6 ...Q..L,Y....u..
0070: 42 F2 EF C7 F2 18 F9 89 BC A3 FF 8A 23 2E 70 47 B...........#.pG
[read] MD5 and SHA1 hashes: len = 1561
0000: 0B 00 06 15 00 06 12 00 02 F5 30 82 02 F1 30 82 ..........0...0.
0010: 02 5A A0 03 02 01 02 02 03 08 B1 FA 30 0D 06 09 .Z..........0...
0020: 2A 86 48 86 F7 0D 01 01 04 05 00 30 81 C4 31 0B *.H........0..1.
0030: 30 09 06 03 55 04 06 13 02 5A 41 31 15 30 13 06 0...U....ZA1.0..
0040: 03 55 04 08 13 0C 57 65 73 74 65 72 6E 20 43 61 .U....Western Ca
0050: 70 65 31 12 30 10 06 03 55 04 07 13 09 43 61 70 pe1.0...U....Cap
0060: 65 20 54 6F 77 6E 31 1D 30 1B 06 03 55 04 0A 13 e Town1.0...U...
0070: 14 54 68 61 77 74 65 20 43 6F 6E 73 75 6C 74 69 .Thawte Consulti
0080: 6E 67 20 63 63 31 28 30 26 06 03 55 04 0B 13 1F ng cc1(0&..U....
0090: 43 65 72 74 69 66 69 63 61 74 69 6F 6E 20 53 65 Certification Se
00A0: 72 76 69 63 65 73 20 44 69 76 69 73 69 6F 6E 31 rvices Division1
00B0: 19 30 17 06 03 55 04 03 13 10 54 68 61 77 74 65 .0...U....Thawte
00C0: 20 53 65 72 76 65 72 20 43 41 31 26 30 24 06 09 Server CA1&0$..
00D0: 2A 86 48 86 F7 0D 01 09 01 16 17 73 65 72 76 65 *.H........serve
00E0: 72 2D 63 65 72 74 73 40 74 68 61 77 74 65 2E 63 [email protected]
00F0: 6F 6D 30 1E 17 0D 30 32 30 31 30 38 31 34 34 38 om0...0201081448
0100: 30 31 5A 17 0D 30 33 30 31 30 38 31 34 34 38 30 01Z..03010814480
0110: 31 5A 30 81 8E 31 0B 30 09 06 03 55 04 06 13 02 1Z0..1.0...U....
0120: 4B 57 31 17 30 15 06 03 55 04 03 13 0E 51 75 61 KW1.0...U....Qua
0130: 6C 69 74 79 6E 65 74 2E 6E 65 74 31 37 30 35 06 litynet.net1705.
0140: 03 55 04 0A 13 2E 51 75 61 6C 69 74 79 6E 65 74 .U....Qualitynet
0150: 20 47 65 6E 65 72 61 6C 20 54 72 61 64 69 6E 67 General Trading
0160: 20 61 6E 64 20 43 6F 6E 74 72 61 63 74 69 6E 67 and Contracting
0170: 20 43 6F 2E 31 0C 30 0A 06 03 55 04 0B 13 03 49 Co.1.0...U....I
0180: 53 50 31 0F 30 0D 06 03 55 04 07 13 06 4B 75 77 SP1.0...U....Kuw
0190: 61 69 74 31 0E 30 0C 06 03 55 04 08 13 05 53 61 ait1.0...U....Sa
01A0: 66 61 74 30 81 9F 30 0D 06 09 2A 86 48 86 F7 0D fat0..0...*.H...
01B0: 01 01 01 05 00 03 81 8D 00 30 81 89 02 81 81 00 .........0......
01C0: B3 22 23 70 88 16 D8 60 DA A4 CF FF 87 57 54 69 ."#p...`.....WTi
01D0: 53 66 7F 92 A5 38 80 EB E4 AB 12 68 72 AF 91 28 Sf...8.....hr..(
01E0: 26 34 D6 E3 D4 F5 6C C2 69 A3 FF E6 DC 5F C9 A1 &4....l.i...._..
01F0: D9 57 22 45 DB 7F 48 6B 6A 10 8C 85 0D 73 C4 0D .W"E..Hkj....s..
0200: B8 18 5D 89 09 D6 D1 83 B6 1A CF 90 12 80 8B F0 ..].............
0210: 0D 9D CD CC C0 7A 92 86 22 AD A6 EC 4A 57 D5 A2 .....z.."...JW..
0220: 0C 27 C6 3D BC AC 34 6A 3F E6 EC 06 8C 59 8D 1A .'.=..4j?....Y..
0230: 5E 55 9C 28 9B D9 EA 33 B0 D2 82 3B C8 83 02 B5 ^U.(...3...;....
0240: 02 03 01 00 01 A3 25 30 23 30 13 06 03 55 1D 25 ......%0#0...U.%
0250: 04 0C 30 0A 06 08 2B 06 01 05 05 07 03 01 30 0C ..0...+.......0.
0260: 06 03 55 1D 13 01 01 FF 04 02 30 00 30 0D 06 09 ..U.......0.0...
0270: 2A 86 48 86 F7 0D 01 01 04 05 00 03 81 81 00 01 *.H.............
0280: 26 CD A6 B4 88 69 68 31 99 44 6C CD 24 5E EE 0D &....ih1.Dl.$^..
0290: AD 1A 27 94 BC 17 9F 50 CE 22 99 84 29 8E 30 74 ..'....P."..).0t
02A0: 38 DF 8E 24 35 83 10 7D CD 50 AC C3 5E C8 89 63 8..$5....P..^..c
02B0: B5 02 B4 5B 9F D8 79 28 2B 8B 53 4A 5D 81 30 F0 ...[..y(+.SJ].0.
02C0: 72 53 5D 3D A9 31 75 1C 6F FC 92 9E 41 B9 A7 DC rS]=.1u.o...A...
02D0: 2C 64 FA 17 65 79 83 A2 4D 04 73 C1 61 3E C5 E6 ,d..ey..M.s.a>..
02E0: 4E 20 2A B1 68 FB D9 15 77 52 10 C1 C6 4E 95 56 N *.h...wR...N.V
02F0: 8E E3 7D C1 5F DE 20 14 BB D3 1F A3 8E 85 8D 00 ...._. .........
0300: 03 17 30 82 03 13 30 82 02 7C A0 03 02 01 02 02 ..0...0.........
0310: 01 01 30 0D 06 09 2A 86 48 86 F7 0D 01 01 04 05 ..0...*.H.......
0320: 00 30 81 C4 31 0B 30 09 06 03 55 04 06 13 02 5A .0..1.0...U....Z
0330: 41 31 15 30 13 06 03 55 04 08 13 0C 57 65 73 74 A1.0...U....West
0340: 65 72 6E 20 43 61 70 65 31 12 30 10 06 03 55 04 ern Cape1.0...U.
0350: 07 13 09 43 61 70 65 20 54 6F 77 6E 31 1D 30 1B ...Cape Town1.0.
0360: 06 03 55 04 0A 13 14 54 68 61 77 74 65 20 43 6F ..U....Thawte Co
0370: 6E 73 75 6C 74 69 6E 67 20 63 63 31 28 30 26 06 nsulting cc1(0&.
0380: 03 55 04 0B 13 1F 43 65 72 74 69 66 69 63 61 74 .U....Certificat
0390: 69 6F 6E 20 53 65 72 76 69 63 65 73 20 44 69 76 ion Services Div
03A0: 69 73 69 6F 6E 31 19 30 17 06 03 55 04 03 13 10 ision1.0...U....
03B0: 54 68 61 77 74 65 20 53 65 72 76 65 72 20 43 41 Thawte Server CA
03C0: 31 26 30 24 06 09 2A 86 48 86 F7 0D 01 09 01 16 1&0$..*.H.......
03D0: 17 73 65 72 76 65 72 2D 63 65 72 74 73 40 74 68 .server-certs@th
03E0: 61 77 74 65 2E 63 6F 6D 30 1E 17 0D 39 36 30 38 awte.com0...9608
03F0: 30 31 30 30 30 30 30 30 5A 17 0D 32 30 31 32 33 01000000Z..20123
0400: 31 32 33 35 39 35 39 5A 30 81 C4 31 0B 30 09 06 1235959Z0..1.0..
0410: 03 55 04 06 13 02 5A 41 31 15 30 13 06 03 55 04 .U....ZA1.0...U.
0420: 08 13 0C 57 65 73 74 65 72 6E 20 43 61 70 65 31 ...Western Cape1
0430: 12 30 10 06 03 55 04 07 13 09 43 61 70 65 20 54 .0...U....Cape T
0440: 6F 77 6E 31 1D 30 1B 06 03 55 04 0A 13 14 54 68 own1.0...U....Th
0450: 61 77 74 65 20 43 6F 6E 73 75 6C 74 69 6E 67 20 awte Consulting
0460: 63 63 31 28 30 26 06 03 55 04 0B 13 1F 43 65 72 cc1(0&..U....Cer
0470: 74 69 66 69 63 61 74 69 6F 6E 20 53 65 72 76 69 tification Servi
0480: 63 65 73 20 44 69 76 69 73 69 6F 6E 31 19 30 17 ces Division1.0.
0490: 06 03 55 04 03 13 10 54 68 61 77 74 65 20 53 65 ..U....Thawte Se
04A0: 72 76 65 72 20 43 41 31 26 30 24 06 09 2A 86 48 rver CA1&0$..*.H
04B0: 86 F7 0D 01 09 01 16 17 73 65 72 76 65 72 2D 63 ........server-c
04C0: 65 72 74 73 40 74 68 61 77 74 65 2E 63 6F 6D 30 [email protected]
04D0: 81 9F 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 ..0...*.H.......
04E0: 00 03 81 8D 00 30 81 89 02 81 81 00 D3 A4 50 6E .....0........Pn
04F0: C8 FF 56 6B E6 CF 5D B6 EA 0C 68 75 47 A2 AA C2 ..Vk..]...huG...
0500: DA 84 25 FC A8 F4 47 51 DA 85 B5 20 74 94 86 1E ..%...GQ... t...
0510: 0F 75 C9 E9 08 61 F5 06 6D 30 6E 15 19 02 E9 52 .u...a..m0n....R
0520: C0 62 DB 4D 99 9E E2 6A 0C 44 38 CD FE BE E3 64 .b.M...j.D8....d
0530: 09 70 C5 FE B1 6B 29 B6 2F 49 C8 3B D4 27 04 25 .p...k)./I.;.'.%
0540: 10 97 2F E7 90 6D C0 28 42 99 D7 4C 43 DE C3 F5 ../..m.(B..LC...
0550: 21 6D 54 9F 5D C3 58 E1 C0 E4 D9 5B B0 B8 DC B4 !mT.].X....[....
0560: 7B DF 36 3A C2 B5 66 22 12 D6 87 0D 02 03 01 00 ..6:..f"........
0570: 01 A3 13 30 11 30 0F 06 03 55 1D 13 01 01 FF 04 ...0.0...U......
0580: 05 30 03 01 01 FF 30 0D 06 09 2A 86 48 86 F7 0D .0....0...*.H...
0590: 01 01 04 05 00 03 81 81 00 07 FA 4C 69 5C FB 95 ...........Li\..
05A0: CC 46 EE 85 83 4D 21 30 8E CA D9 A8 6F 49 1A E6 .F...M!0....oI..
05B0: DA 51 E3 60 70 6C 84 61 11 A1 1A C8 48 3E 59 43 .Q.`pl.a....H>YC
05C0: 7D 4F 95 3D A1 8B B7 0B 62 98 7A 75 8A DD 88 4E .O.=....b.zu...N
05D0: 4E 9E 40 DB A8 CC 32 74 B9 6F 0D C6 E3 B3 44 0B [email protected].
05E0: D9 8A 6F 9A 29 9B 99 18 28 3B D1 E3 40 28 9A 5A ..o.)...(;..@(.Z
05F0: 3C D5 B5 E7 20 1B 8B CA A4 AB 8D E9 51 D9 E2 4C <... .......Q..L
0600: 2C 59 A9 DA B9 B2 75 1B F6 42 F2 EF C7 F2 18 F9 ,Y....u..B......
0610: 89 BC A3 FF 8A 23 2E 70 47 .....#.pG
main, READ: SSL v3.0 Handshake, length = 210
*** CertificateRequest
Cert Types: RSA, DSS,
Cert Authorities:
<[email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA>
[read] MD5 and SHA1 hashes: len = 210
0000: 0D 00 00 CE 02 01 02 00 C9 00 C7 30 81 C4 31 0B ...........0..1.
0010: 30 09 06 03 55 04 06 13 02 5A 41 31 15 30 13 06 0...U....ZA1.0..
0020: 03 55 04 08 13 0C 57 65 73 74 65 72 6E 20 43 61 .U....Western Ca
0030: 70 65 31 12 30 10 06 03 55 04 07 13 09 43 61 70 pe1.0...U....Cap
0040: 65 20 54 6F 77 6E 31 1D 30 1B 06 03 55 04 0A 13 e Town1.0...U...
0050: 14 54 68 61 77 74 65 20 43 6F 6E 73 75 6C 74 69 .Thawte Consulti
0060: 6E 67 20 63 63 31 28 30 26 06 03 55 04 0B 13 1F ng cc1(0&..U....
0070: 43 65 72 74 69 66 69 63 61 74 69 6F 6E 20 53 65 Certification Se
0080: 72 76 69 63 65 73 20 44 69 76 69 73 69 6F 6E 31 rvices Division1
0090: 19 30 17 06 03 55 04 03 13 10 54 68 61 77 74 65 .0...U....Thawte
00A0: 20 53 65 72 76 65 72 20 43 41 31 26 30 24 06 09 Server CA1&0$..
00B0: 2A 86 48 86 F7 0D 01 09 01 16 17 73 65 72 76 65 *.H........serve
00C0: 72 2D 63 65 72 74 73 40 74 68 61 77 74 65 2E 63 [email protected]
00D0: 6F 6D om
main, READ: SSL v3.0 Handshake, length = 4
*** ServerHelloDone
[read] MD5 and SHA1 hashes: len = 4
0000: 0E 00 00 00 ....
main, SEND SSL v3.0 ALERT: warning, description = no_certificate
main, WRITE: SSL v3.0 Alert, length = 2
JsseJCE: Using JSSE internal implementation for cipher RSA/ECB/PKCS1Padding
*** ClientKeyExchange, RSA PreMasterSecret, v3.0
Random Secret: { 3, 0, 57, 228, 245, 13, 91, 181, 92, 129, 234, 123, 199, 2, 84, 156, 170, 175, 48, 221, 204, 142, 18, 177, 69, 95, 165, 11, 196, 105, 168, 66, 230, 117, 243, 61, 22, 60, 41, 203, 229, 232, 240, 78, 200, 114, 53, 56 }
[write] MD5 and SHA1 hashes: len = 132
0000: 10 00 00 80 78 F9 25 03 98 3E C5 F7 8D 63 17 F2 ....x.%..>...c..
0010: 5A 0F 3D 7C D1 DB 3C 88 69 A1 1F 0F A0 E0 54 AC Z.=...<.i.....T.
0020: 99 8D 4F EC C7 74 F2 BA 8E AD C3 A0 B4 91 E9 1C ..O..t..........
0030: 74 75 2F 89 26 7C 82 6A 70 1F 72 50 F0 07 41 38 tu/.&..jp.rP..A8
0040: 4B 5A 8A F2 DE 61 1A 9D 34 2A 1D 0C C1 9D EC CA KZ...a..4*......
0050: 27 D7 93 3E B1 17 4A 48 62 5E 47 DA 70 6B 10 A2 '..>..JHb^G.pk..
0060: 29 99 3D 17 93 0D B2 FB DF EB 5C 13 91 72 FB 6C ).=.......\..r.l
0070: AD 6D 4D 46 F7 B3 AB 02 76 61 F8 0E 03 7D 32 AF .mMF....va....2.
0080: 3A 53 64 B0 :Sd.
main, WRITE: SSL v3.0 Handshake, length = 132
SESSION KEYGEN:
PreMaster Secret:
0000: 03 00 39 E4 F5 0D 5B B5 5C 81 EA 7B C7 02 54 9C ..9...[.\.....T.
0010: AA AF 30 DD CC 8E 12 B1 45 5F A5 0B C4 69 A8 42 ..0.....E_...i.B
0020: E6 75 F3 3D 16 3C 29 CB E5 E8 F0 4E C8 72 35 38 .u.=.<)....N.r58
CONNECTION KEYGEN:
Client Nonce:
0000: 3B DB BB 5E FE 50 EC 70 2C B1 71 18 F0 11 13 7C ;..^.P.p,.q.....
0010: AA C1 9C F2 06 5E 6B 31 EC 12 D3 32 C4 24 3A 5B .....^k1...2.$:[
Server Nonce:
0000: 3D BD 78 BA 92 3C 4A DD FE DF E0 DA 56 40 D6 7F =.x..<J.....V@..
0010: 20 00 EB EE B5 D2 D4 DA 8D 26 C6 8E 6E AF 92 71 ........&..n..q
Master Secret:
0000: 85 D3 60 38 ED 28 6E 78 A3 1E 6D 6D AB 16 28 00 ..`8.(nx..mm..(.
0010: 43 13 02 A9 27 41 29 52 31 2E E8 4F AD C9 18 2B C...'A)R1..O...+
0020: 32 CE 4F 54 C5 82 24 4D E5 F2 6F 4D 28 E3 F6 BB 2.OT..$M..oM(...
Client MAC write Secret:
0000: CD A6 10 71 07 C6 D4 DE 67 17 3B E1 FD ED D3 1A ...q....g.;.....
0010: 1F C2 0A F0 ....
Server MAC write Secret:
0000: 4D 72 94 AD 25 0C 13 8A 8C 38 99 D7 A7 5C 9C EA Mr..%....8...\..
0010: BC 6D 05 D3 .m..
Client write key:
0000: AF 2E A1 B1 F5 65 C0 DC 06 A9 0B 2F 6D 50 9D AD .....e...../mP..
0010: 9C 54 81 C0 C2 CA 00 1F .T......
Server write key:
0000: C8 D1 05 53 51 AC 90 ED A4 E2 4B ED 9E 51 21 DC ...SQ.....K..Q!.
0010: B6 5C EC 2A AA F9 8F 78 .\.*...x
Client write IV:
0000: 2F 8F 34 8F 63 A6 35 28 /.4.c.5(
Server write IV:
0000: 8F FF D3 C1 AC 32 3D 96 .....2=.
main, WRITE: SSL v3.0 Change Cipher Spec, length = 1
JsseJCE: Using JSSE internal implementation for cipher DESede/CBC/NoPadding
*** Finished, v3.0
MD5 Hash: { 210, 197, 57, 55, 38, 216, 173, 32, 214, 81, 225, 100, 54, 5, 93, 247 }
SHA1 Hash: { 183, 114, 192, 183, 141, 75, 236, 153, 35, 197, 117, 135, 145, 199, 218, 137, 187, 186, 216, 148 }
[write] MD5 and SHA1 hashes: len = 40
0000: 14 00 00 24 D2 C5 39 37 26 D8 AD 20 D6 51 E1 64 ...$..97&.. .Q.d
0010: 36 05 5D F7 B7 72 C0 B7 8D 4B EC 99 23 C5 75 87 6.]..r...K..#.u.
0020: 91 C7 DA 89 BB BA D8 94 ........
Padded plaintext before ENCRYPTION: len = 64
0000: 14 00 00 24 D2 C5 39 37 26 D8 AD 20 D6 51 E1 64 ...$..97&.. .Q.d
0010: 36 05 5D F7 B7 72 C0 B7 8D 4B EC 99 23 C5 75 87 6.]..r...K..#.u.
0020: 91 C7 DA 89 BB BA D8 94 D9 CB BD E2 60 63 C1 09 ............`c..
0030: 3D CD A5 EF 06 89 80 FA 47 D8 4A 9A 03 03 03 03 =.......G.J.....
main, WRITE: SSL v3.0 Handshake, length = 64
main, READ: SSL v3.0 Alert, length = 2
main, RECV SSLv3 ALERT: fatal, handshake_failure
the exception is java.net.SocketException: Socket is closed
java.net.SocketException: Socket is closed
     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.getInputStream(DashoA6275)
     at TestSocketClient.main(TestSocketClient.java:108)
Normal Termination
Output completed (9 sec consumed).
Hope somebody came across this situation....... waiting for your appreciate response.
thanks

Hi,
This might not solve all your problems, but it should allow you to load the certificates into a keystore programmatically in Java.
2. I got the two server certificates namely ca.pem and
client.pem. I feel these are server's public key and
CA key. Is it right?You should proabably find out what they are, and make sure they
are certificates.
How to create a keystore for adding these
certificates at client's machine using keytool. Here is how you can create a keystore (in memory) and load the
certificates (if that's what they are) into the keystore:
// assuming you are using X.509 certificates
CertificateFactory cf = CertificateFactory.getInstance("X.509");
FileInputStream certFile = new FileInputStream("pathToCert");
Certificate cert = cf.generateCertificate( certFile );
KeyStore trustedks = KeyStore.getInstance("JKS");
// this essentially initializes a keystor in memeory
trustedks.load(null,null);
// substitute "alias" with "server" and "ca" respectively for your case
// though I find it doesn't matter what their alias is.
trustedks.setCertificateEntry( "alias", certificate );
// continue as you did in your example and use this new trusted keystore
Cheers,
Jason

IMAP Connection Failure causes all Emails to vanish

I have experienced IMAP Connection failures since several days. While Mail corresponds with an error message it also removes all Emails ever received in my folders. How to fix this?

IMAP is - unlike POP3 - a protocol where all your folder information and mails are stored on the mailserver. That's the reason why it can happen, that a malfunctioning mailserver delivers incorrect information to your client (in that case obviously the information "no folders with no mail") and so your client displays, what this information says: nothing.
As soon as the IMAP-mailserver is functioning properly again all your folders and mails should reappear in your mailclient.

URGENT: handshake failure

I'm trying to connect to a site (https://secure.web.telia.com) using URLConnection in J2SDK1.4rc1. No problem loading the page in IE6, but with JSSE, I get:
��javax.net.ssl.SSLException: error while writing to socket
End of handshake:
��init context
��trigger seeding of SecureRandom
��done seeding SecureRandom
��%% No cached client session
��*** ClientHello, v3.1
��RandomCookie: GMT: 1012760556 bytes = { 102, 53, 25, 80, 221, 29, 6, 175, 85, 97, 24, 116, 33, 6, 88, 150, 96, 57, 222, 232, 51, 91, 136, 253, 219, 227, 46, 105 }
��Session ID: {}
��Cipher Suites: { 0, 5, 0, 4, 0, 9, 0, 10, 0, 18, 0, 19, 0, 3, 0, 17 }
��Compression Methods: { 0 }
��***
��[write] MD5 and SHA1 hashes: len = 59
��0000: 01 00 00 37 03 01 3C 5E 80 EC 66 35 19 50 DD 1D ...7..<^..f5.P..
��0010: 06 AF 55 61 18 74 21 06 58 96 60 39 DE E8 33 5B ..Ua.t!.X.`9..3[
��0020: 88 FD DB E3 2E 69 00 00 10 00 05 00 04 00 09 00 .....i..........
��0030: 0A 00 12 00 13 00 03 00 11 01 00 ...........
��main, WRITE: SSL v3.1 Handshake, length = 59
��[write] MD5 and SHA1 hashes: len = 77
��0000: 01 03 01 00 24 00 00 00 20 00 00 05 00 00 04 01 ....$... .......
��0010: 00 80 00 00 09 06 00 40 00 00 0A 07 00 C0 00 00 .......@........
��0020: 12 00 00 13 00 00 03 02 00 80 00 00 11 3C 5E 80 .............<^.
��0030: EC 66 35 19 50 DD 1D 06 AF 55 61 18 74 21 06 58 .f5.P....Ua.t!.X
��0040: 96 60 39 DE E8 33 5B 88 FD DB E3 2E 69 .`9..3[.....i
��main, WRITE: SSL v2, contentType = 22, translated length = 16310
��main, SEND SSL v3.1 ALERT: fatal, description = close_notify
��main, WRITE: SSL v3.1 Alert, length = 2
Please help me if you can! I can't find any workaround for this!
Bye,
��Dag

Certainly,
Here's the code:
  URL url = new URL("https://secure.web.telia.com");
  URLConnection uCon = url.openConnection();
  BufferedReader br = new BufferedReader(new InputStreamReader(uCon.getInputStream()));
  StringBuffer page = new StringBuffer(4096);
  String line;
  while ((line = br.readLine()) != null) {
    page.append( line ).append("\n");
  System.out.println(page);
  br.close();
and here's the trace:
  javax.net.ssl.SSLException: error while writing to socket
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
    at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
    at java.io.OutputStream.write(OutputStream.java:58)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275)
    at sun.net.www.protocol.https.HttpsClient.afterConnect(DashoA6275)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(DashoA6275)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:556)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(DashoA6275)
    at TestGET.main(TestGET.java:67) (the third bodeline above)

Handshake failure with client authentication

Hi,
I am using the JDK1.4 beta 3 to accomplish the following: I want to request an HTML page on an Apache webserver configured with SSL and client-authentication. It works with Netscape and Internet Explorer (and also with the openssl s_client test program)...
But now I want to try it using Java... So, I wrote a very simple program based on some examples found on this forum... But i keep getting the following error (excerpt from the javax.net.debug=all command)
As you can see the server request a client certificate that's issued by the certificate authority mentioned...
*** CertificateRequest
Cert Types: RSA, DSS,
Cert Authorities:
<[email protected], CN=Andy Zaidman, OU=stage, O=Kava's Certif
icate Authority, L=Antwerp, ST=Antwerp, C=BE>
[read] MD5 and SHA1 hashes: len = 180
0000: 0D 00 00 B0 02 01 02 00 AB 00 A9 30 81 A6 31 0B ...........0..1.
0010: 30 09 06 03 55 04 06 13 02 42 45 31 10 30 0E 06 0...U....BE1.0..
0020: 03 55 04 08 13 07 41 6E 74 77 65 72 70 31 10 30 .U....Antwerp1.0
0030: 0E 06 03 55 04 07 13 07 41 6E 74 77 65 72 70 31 ...U....Antwerp1
0040: 25 30 23 06 03 55 04 0A 13 1C 4B 61 76 61 27 73 %0#..U....Kava's
0050: 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 Certificate Aut
0060: 68 6F 72 69 74 79 31 0E 30 0C 06 03 55 04 0B 13 hority1.0...U...
0070: 05 73 74 61 67 65 31 15 30 13 06 03 55 04 03 13 .stage1.0...U...
0080: 0C 41 6E 64 79 20 5A 61 69 64 6D 61 6E 31 25 30 .Andy Zaidman1%0
0090: 23 06 09 2A 86 48 86 F7 0D 01 09 01 16 16 41 6E #..*.H........An
00A0: 64 79 2E 5A 61 69 64 6D 61 6E 40 75 69 61 2E 61 [email protected]
00B0: 63 2E 62 65 c.be
*** ServerHelloDone
[read] MD5 and SHA1 hashes: len = 4
0000: 0E 00 00 00 ....
*** Certificate chain
JsseJCE: Using JSSE internal implementation for cipher RSA/ECB/PKCS1Padding
*** ClientKeyExchange, RSA PreMasterSecret, v3.1
Random Secret: { 3, 1, 38, 54, 219, 158, 32, 158, 155, 15, 55, 137, 216, 164, 4
5, 65, 153, 142, 200, 98, 57, 251, 55, 6, 46, 124, 181, 161, 164, 234, 218, 75,
195, 72, 218, 187, 182, 197, 4, 11, 249, 45, 3, 136, 207, 114, 236, 172 }
[write] MD5 and SHA1 hashes: len = 141
0000: 0B 00 00 03 00 00 00 10 00 00 82 00 80 64 92 2E .............d..
0010: 42 2C A5 79 1D 2B A9 A5 D0 46 2A 1F 67 F3 49 28 B,.y.+...F*.g.I(
0020: E0 ED 1D 85 E3 06 22 49 8A 79 02 48 E2 DD E6 75 ......"I.y.H...u
0030: F3 C0 D3 A8 31 C0 18 94 7C 81 24 75 6A A1 0C 4F ....1.....$uj..O
0040: 99 03 66 B8 37 4F 05 0D 5D CD F2 A0 10 F5 D5 F5 ..f.7O..].......
0050: 50 66 49 91 CA C0 18 F1 07 E9 70 D0 CB EA 70 D3 PfI.......p...p.
0060: 8E 13 55 E7 43 BD 94 1C D3 96 1F E9 67 93 57 62 ..U.C.......g.Wb
0070: 91 5C E6 ED B1 75 9C A8 55 B7 50 DE CE 9B 1C EE .\...u..U.P.....
0080: 57 62 20 9C F3 11 36 68 7A 38 62 79 D1 Wb ...6hz8by.
main, WRITE: SSL v3.1 Handshake, length = 141
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 26 36 DB 9E 20 9E 9B 0F 37 89 D8 A4 2D 41 ..&6.. ...7...-A
0010: 99 8E C8 62 39 FB 37 06 2E 7C B5 A1 A4 EA DA 4B ...b9.7........K
0020: C3 48 DA BB B6 C5 04 0B F9 2D 03 88 CF 72 EC AC .H.......-...r..
CONNECTION KEYGEN:
Client Nonce:
0000: 3B E9 51 EF F3 13 65 11 4E D6 B7 B1 9F E8 F6 CB ;.Q...e.N.......
0010: B5 2B 34 8F 87 53 66 61 33 BF 5A AD 7D 22 57 7D .+4..Sfa3.Z.."W.
Server Nonce:
0000: 3B E9 53 4E 03 37 E9 CD E8 DB 7C 54 9A 9E 53 B9 ;.SN.7.....T..S.
0010: 78 E0 36 DF 06 17 07 90 2C D1 83 5E 20 05 DC E9 x.6.....,..^ ...
Master Secret:
0000: B5 A0 37 0A 2C 29 AD AC 99 B6 2F E0 4D 80 38 68 ..7.,)..../.M.8h
0010: F7 4F 24 C4 AA 8C ED 25 A9 D6 90 33 4B 5A 0B 1D .O$....%...3KZ..
0020: 11 A5 C9 E8 DB DE EF 9B 8D EB 7C 84 D6 AC 94 4F ...............O
Client MAC write Secret:
0000: F5 AF 61 5B B4 C2 A8 12 DA 7A FE A6 82 79 7F FC ..a[.....z...y..
0010: B9 86 B2 C0 ....
Server MAC write Secret:
0000: 62 22 C6 39 91 E4 45 50 2A 49 E0 26 CF 16 3E 6A b".9..EP*I.&..>j
0010: 46 19 00 D9 F...
Client write key:
0000: D9 D2 99 89 5C CA 2E 7D F3 B8 52 24 9E 01 9B 3B ....\.....R$...;
Server write key:
0000: 37 C3 37 78 8B 85 B0 FE 01 83 E2 6C F7 C6 73 33 7.7x.......l..s3
... no IV for cipher
main, WRITE: SSL v3.1 Change Cipher Spec, length = 1
JsseJCE: Using JSSE internal implementation for cipher RC4
*** Finished, v3.1
verify_data: { 51, 236, 194, 3, 230, 37, 147, 76, 251, 233, 132, 207 }
[write] MD5 and SHA1 hashes: len = 16
0000: 14 00 00 0C 33 EC C2 03 E6 25 93 4C FB E9 84 CF ....3....%.L....
Plaintext before ENCRYPTION: len = 36
0000: 14 00 00 0C 33 EC C2 03 E6 25 93 4C FB E9 84 CF ....3....%.L....
0010: 64 30 E3 0B 31 CF 7D C7 D6 17 D8 FB 31 23 F9 34 d0..1.......1#.4
0020: 5D B9 47 F9 ].G.
main, WRITE: SSL v3.1 Handshake, length = 36
main, READ: SSL v3.1 Alert, length = 2
main, RECV SSLv3 ALERT: fatal, handshake_failure
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
at java.io.OutputStream.write(OutputStream.java:61)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275)
at HttpClient.main(HttpClient.java:105)
Now, I am sure the certificate is in the keystore, because one of the first things I do in the program is print the certificates available in the keystore...
Does anyone know what I'm doing wrong? If you need the code to make a proper judgement, I will post it...
Tnx in advance!
Greetz,
Andy Zaidman
[email protected]

import java.net.*;
import java.io.*;
import java.security.*;
import java.security.cert.*;
import javax.net.ssl.*;
import java.util.*;
public class HttpClient
     public HttpClient(){}
     public static void main (String args[])
     try
          //This is my server certificate - public key
          String serverCertificateFile = "MyCA.cer";
          //This is my client personal certificate
          String clientCertificateFile = "MyPersonal.pfx";
          CertificateFactory cf = CertificateFactory.getInstance("X.509");
          KeyStore ks = KeyStore.getInstance("JKS");
          TrustManagerFactory tmf = TrustManagerFactory.getInstance("SUNX509");
          ks.load(null, null);
          java.security.cert.X509Certificate the_cert = (java.security.cert.X509Certificate) cf.generateCertificate(new FileInputStream(serverCertificateFile));
          ks.setCertificateEntry("server", the_cert);
          tmf.init(ks);
          for (Enumeration e = ks.aliases() ; e.hasMoreElements() ;)
     System.out.println(ks.getCertificate(e.nextElement().toString()).toString());
          KeyStore ks2 = KeyStore.getInstance("PKCS12", "SunJSSE");
          KeyManagerFactory kmf = KeyManagerFactory.getInstance("SUNX509");
          ks2.load(null, null);
          FileInputStream fin = new FileInputStream(clientCertificateFile);
          ks2.load(fin, "xxx".toCharArray());
          kmf.init(ks2, "xxx".toCharArray());
          fin.close();
          for (Enumeration e = ks2.aliases() ; e.hasMoreElements() ;)
     System.out.println(ks2.getCertificate(e.nextElement().toString()).toString());
          SSLContext ctx = SSLContext.getInstance("SSLv3");
          KeyManager[] km = kmf.getKeyManagers();
          for(int i = 0; i < km.length; ++i)
               System.out.println(km);
          TrustManager[] tm = tmf.getTrustManagers();
          ctx.init(km, tm, null);
          // connection part
          SSLSocketFactory factory = ctx.getSocketFactory();
          SSLSocket socket = (SSLSocket)factory.createSocket("localhost", 443);
          for(int i = 0; i < socket.getEnabledCipherSuites().length; ++i)
               System.out.println(socket.getEnabledCipherSuites()[i]);
          socket.startHandshake();
          PrintWriter out = new PrintWriter(
                    new BufferedWriter(
                    new OutputStreamWriter(
                    socket.getOutputStream())));
          out.println("GET " + "/" + " HTTP/1.1");
          out.println();
          out.flush();
     catch(Exception e)
          e.printStackTrace();

IMAP login failures with known good settings

I cannot set an IMAP account for a particular mail server. The settings are known good (work in other clients) The server is absolutly an IMAP server. the login fails no matter what i try. If I recreate the account but make it pop 3 it works fine, but IMAP will not.
The settings used are at this link, under IMAP:
https://www.rit.edu/its/services/email/setup/setup_exchange_quick_reference.html
Any thoughts would be appreciated.
Thanks,
Alan

So your not a student or alumni?
It is that Kerberos for SMTP that gets me. That requires a token server to be .
Try the It people with how to you connect your computer to the issuing trust tokens
So I think the answer is ask the IT people how you connect your computer to the Kerberos/GSSAPI realm so the SMTP can authenticate. I have a feeling there is a [https://www.rit.edu/its/services/vpn VPN ]in your future, but we will see.

Handshake Failure: EOFException

I've moved this question from a reply to an earlier question to here because it covers a different problem to the initial one...
I'm trying to establish a TCP connetion between a Java cclient application and a C++ server. At the client end (where I'm working), SSLSockets are used to careted the connection.
Having loaded all my certs & keys into JS Keystores and then into KeyStore objects, my attempted connection is failing with what could be no response from the server.
There is a chance that I set up my JKS files incorrectly but I would have thought that I would see different errors if this were the case. as it is, the client seems to get no repsonse from the server (despite the fact that C++ clients on the same machine are able to connect successfully)
Q: What can I tell from the following debug info? Is it that the server is simply not responding? Or could there be a chance that the JKS files I generated are wrong:
NB: the server details are as follows:
Encryption method used - TLSv1
Using self-signed certificates
Using both server and clients certificates
Private keys of server and clients certificates are encrypted with a pass phrase for extra security
Output
========================
*** ClientHello, TLSv1
RandomCookie: GMT: 1186518602 bytes = { 142, 68, 187, 5, 96, 173, 37, 16, 173, 228, 209, 83, 43, 124, 226, 61, 146, 147, 228, 218, 4, 96, 75, 161, 75, 79, 32, 254 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
[write] MD5 and SHA1 hashes: len = 73
main, WRITE: TLSv1 Handshake, length = 73
[write] MD5 and SHA1 hashes: len = 98
main, WRITE: SSLv2 client hello message, length = 98
[Raw write]: length = 100
main, received EOFException: error
main, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
main, SEND TLSv1 ALERT: fatal, description = handshake_failure
main, WRITE: TLSv1 Alert, length = 2
main, Exception sending alert: java.net.SocketException: Software caused connection abort: socket write error
main, called closeSocket()
IO exception, ioe=javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake

Thanks - that worked a treat!
I specified "TLSv1" as the only enabled protocol (made it configurable)and there were no handshake errors after that.

RMI handshake failure. Different case.

Hi to all. In my case, the client starts a thread to get the remote object server. this will continue until it suceed. First i started the server, finally the client.
But when i started first the client, it fails to get the remote object server even rmi finishes to register the object server in the registry. the client thread always get a null value when trying to get the object server. Anyone experiences the same scenario?

All are working fine and tested. This situation only occurs when a client thread is started first by getting the remote object server before registering the object server to the remote registry.
Client thread fails to retrieve the object server even if it is registered..
But when i started first the server, there are no problems.

2-way handshake fails / "hanskake failure"

I'am trying to set up a 2-way hanshake with a server (Nortel Alteon SSL Accelerator).
I have the client certificate on my keystore as well as the CA Root certificate in the signers.
My java client works just fine if no client authentication is required by the server.
Also, if I test the 2-way handshake with my browser (IE), I have no problem to establish the connection after it prompted me for the appropriate (client) certificate (which I've imported into IE).
So I wonder if there is particular thing to define at the application level to explicitely return the client certificate at runtime (just like I do by clicking on the button in the IE popup) ?
Here is the main properties from JSSE, I'm using :
try {
// Use Sun's reference implementation of a URL handler
// for the HTTPS URL protocol
System.setProperty("java.protocol.handler.pkgs",
"com.sun.net.ssl.internal.www.protocol");
// Registers dynamically Sun's ssl provider.
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
// Specify the location of the truststore file
// truststore file contains key material for the TrustManager
// This file takes precedence over jssecacerts and cacerts
System.setProperty("javax.net.ssl.trustStore", _trustStorePath);
System.setProperty("javax.net.ssl.trustStorePassword",
_trustStorePassword);
endpoint = new java.net.URL(rpcrouter_address);
Here is the exception I get :
stackTrace: javax.net.ssl.SSLHandshakeException: handshake failure
     at com.ibm.jsse.bd.a(Unknown Source)
     at com.ibm.jsse.bd.startHandshake(Unknown Source)
Tks for the help.
--MAS

Tanks for the attention ...
At first, I used the same file :
Ref : System.setProperty("javax.net.ssl.trustStore", _trustStorePath);
Then, I realized that it might be better to use a different one for the keys, so I've imported the client certificate into a new file and add in my code :
System.setProperty("javax.net.ssl.keyStore",_keyStorePath);
But I always get the same exception :
javax.net.ssl.SSLHandshakeException "handshake failure"
On the server's side, I have that client certificate defined. I still wonder if every thing is fine with the Alteon config (these Nortel's things are tricky ...) but again when I simulate the client authentication within IE, it works just fine.
--MAS

SSLException while handshaking: Peer sent alert: Alert Fatal: decrypt error

Hello everybody,
I am tryining to establish a connection from SAP PI 7.0 to an external web service that requires SSL with client authentication. I am using the SOAP adapter for that. The private key of us and the public key of the web service were installed in the VA in the TrustedCAs view. In the corresponding receiver channel configuration I have ticked "Configure Certificate Authetication" and selected appropriate entries in "Keystore Entry" and "Keystore View".
Whenever I send a message through the channel I am getting though an error during the SSL handshake: Decrypt error.
Below is the SSL debug log
ssl_debug(15): Sending v3 client_hello message to services.bloomberg.com:443, requesting version 3.1...
ssl_debug(15): Received v3 server_hello handshake message.
ssl_debug(15): Server selected SSL version 3.1.
ssl_debug(15): Server created new session 81:ED:F8:61:3B:51:8E:70...
ssl_debug(15): CipherSuite selected by server: TLS_RSA_WITH_AES_256_CBC_SHA
ssl_debug(15): CompressionMethod selected by server: NULL
ssl_debug(15): Server does not supports secure renegotiation.
ssl_debug(15): Received certificate handshake message with server certificate.
ssl_debug(15): Server sent a 2048 bit RSA certificate, chain has 3 elements.
ssl_debug(15): ChainVerifier: No trusted certificate found, OK anyway.
ssl_debug(15): Received certificate_request handshake message.
ssl_debug(15): Accepted certificate types: RSA, DSA
ssl_debug(15): Accepted certificate authorities:
ssl_debug(15):   CN=XXXXXXXXXXXXXXXXXXXXXXXX
ssl_debug(15):   CN=VeriSign Class 3 International Server CA - G3,OU=Terms of use at https://www.verisign.com/rpa (c)10,OU=VeriSign Trust Network,O=VeriSign, Inc.,C=US
ssl_debug(15):   CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=(c) 2006 VeriSign, Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriSign, Inc.,C=US
ssl_debug(15): Received server_hello_done handshake message.
ssl_debug(15): Sending certificate handshake message with RSA client certificate...
ssl_debug(15): Sending client_key_exchange handshake...
ssl_debug(15): Sending certificate_verify handshake message...
ssl_debug(15): Sending change_cipher_spec message...
ssl_debug(15): Sending finished message...
ssl_debug(15): Received alert message: Alert Fatal: decrypt error
ssl_debug(15): SSLException while handshaking: Peer sent alert: Alert Fatal: decrypt error
ssl_debug(15): Shutting down SSL layer...
My first assumption was that it might be caused by missing public key of other side's server in the TrustedCAs view. Now I have assured that we have this key installed (although I am currious why there is still the "ChainVerifier: No trusted certificate found" message in the log).
Does somebody have an idea what could cause this SSL handshake failure?
Best regards,
Maxim

The XPI inspector gave more understanding of the situation. It shows which certificates the remote server is sending, which client certificate is used for authentication and many other topics. Interesting enough the XPI inspector shows that PI trusts the server key whereas the NWA log at the very same time tells that it doesn't. I have posted an OSS message asking to explain why there is this discrepancy.

SSL Handshake Error in Android (ADF Mobile)

Hi Guys,
Now I am tried to using "https" Web service with my application, but seems show SSL handshake error specially in Android only, iOS is totally working.
Log from Android is
09-27 18:09:03.252: I/System.out(30444): [SEVERE - oracle.adfmf.framework - adf.mf.internal - logError] Request: {classname: oracle.adfmf.framework.api.Model; method: processBatchRequests; params: [0: false][1: [0: {classname: oracle.adfmf.framework.api.Model; method: evaluateMethodExpression; params: [0: #{bindings.AgentAuthenCDKey.execute}][1: [0: {.type: oracle.adfmf.amx.event.ActionEvent; }]][2: void][3: [0: oracle.adfmf.amx.event.ActionEvent]]; }]]; } exception: {message: SSL handshake failure; errorCode: 409; .type: oracle.adfmf.framework.exception.AdfInvocationRuntimeException; .exception: true; severity: ERROR; errorCategory: WEBSERVICE; }
How to solved this one ?
** If my android didn't connect to internet, it still show "SSL handshake error" too, that so weird !

Hi,
Sorry to bump this, but I have the exact same problem. "SSL Handshake Error" when calling SSL enabled web services - works fine on iOS, but not on Android, which implies to me a problem with the framework rather than my certificate?
: D/CVM(985): [SEVERE - oracle.adfmf.framework - Utility - invoke] InvocationTargetException Error: ERROR [oracle.adfmf.framework.exception.AdfInvocationRuntimeException] - SSL handshake failure
I'm on JDeveloper 11.1.2.4, ADF Mobile Framework 11.1.2.4.39.64.51.
Are there any known issues with ADF Mobile/SSL on Android?
Any help is much appreciated.
Rich.

Handshake Exception with Firefox and Jetty Servlet Container

We do have a strange problem with Firefox 2 and Jetty 6.1 (a Servlet Container) using HTTPS to communicate: At some stage Firefox (FF) sends a ClientHelloV2, to which Jetty responds with a ServerHelloV3. This leads to a handshake failure for this handshake and for any subsequent attempt.
To avoid the handshake failures there are 2 options:
1.) restart FF
2.) change the servername or port, by using ssltap [2] as a proxy.
[FF] --> [ssltap] --> [Jetty]
That way it is possible to change the port without restarting
FF and Jetty, and to debug the SSL traffic.
Both options make FF to start a SSL session, by sending a ClientHelloV3. Then everything works until we get to the same stage described above.
h2. Logs:
From what I can see in the logs of ssltap, Firefox is sending some data, which might be something like a partial handshake (?).
--> [
alloclen = 63 bytes
(63 bytes of 63)
[Wed Jan 09 12:18:41 2008] [ssl2] ClientHelloV2 {
version = {0x03, 0x00}
cipher-specs-length = 36 (0x24)
sid-length = 0 (0x00)
challenge-length = 16 (0x10)
cipher-suites = {
(0x000039) TLS/DHE-RSA/AES256-CBC/SHA
(0x000038) TLS/DHE-DSS/AES256-CBC/SHA
(0x000035) TLS/RSA/AES256-CBC/SHA
(0x000033) TLS/DHE-RSA/AES128-CBC/SHA
(0x000032) TLS/DHE-DSS/AES128-CBC/SHA
(0x000004) SSL3/RSA/RC4-128/MD5
(0x000005) SSL3/RSA/RC4-128/SHA
(0x00002f) TLS/RSA/AES128-CBC/SHA
(0x000016) SSL3/DHE-RSA/3DES192EDE-CBC/SHA
(0x000013) SSL3/DHE-DSS/DES192EDE3CBC/SHA
(0x00feff) SSL3/RSA-FIPS/3DESEDE-CBC/SHA
(0x00000a) SSL3/RSA/3DES192EDE-CBC/SHA
session-id = { }
challenge = { 0xa954 0x2122 0x3e82 0xb993 0xd72f 0xea54 0x779f 0x958c }
The server responds with:
<-- [
(1161 bytes of 1156)
SSLRecord { [Wed Jan 09 12:18:41 2008]
0: 16 03 00 04 84 |....�
type = 22 (handshake)
version = { 3,0 }
length = 1156 (0x484)
handshake {
0: 02 00 00 46 |...F
type = 2 (server_hello)
length = 70 (0x000046)
ServerHello {
server_version = {3, 0}
random = {...}
0: 47 84 ad 91 a1 f6 cb e5 f8 e2 f0 46 60 4b dd 48 | G��.╦.�.�F`K.H
10: 13 a8 93 96 d2 4f 2b d8 2d fe 49 2f 22 e5 29 5e | .��O+�-.I/".)^
session ID = {
length = 32
contents = {..}
0: 47 84 ad 91 84 b7 ef 62 92 fb 03 d7 8a 41 ae 82 | G��b��.�.A�.
10: d5 57 a3 e0 24 cc b5 2e b2 c7 29 3d 3a 37 a6 11 | ıW��$╠�.▓�)=:7�.
cipher_suite = (0x0032) TLS/DHE-DSS/AES128-CBC/SHA
0: 0b 00 02 f6 |....
type = 11 (certificate)
length = 758 (0x0002f6)
CertificateChain {
chainlength = 755 (0x02f3)
Certificate {
size = 752 (0x02f0)
data = { saved in file 'cert.001' }
0: 0c 00 01 38 |...8
type = 12 (server_key_exchange)
length = 312 (0x000138)
0: 0e 00 00 00 |....
type = 14 (server_hello_done)
length = 0 (0x000000)
+Then FF responds with a handshake failure:+
--> [
(7 bytes of 2)
SSLRecord { [Wed Jan 09 12:18:41 2008]
0: 15 03 00 00 02 |.....
type = 21 (alert)
version = { 3,0 }
length = 2 (0x2)
fatal: handshake failure
0: 02 28 |.(
I am pretty stuck. Do you have any idea? Or can you give me any advice, how to further investigate this problem?
Thanks,
-Stefan
[2] http://www.mozilla.org/projects/security/pki/nss/tools/ssltap.html

I did some more analysis:
When I replace the keystore by another keystore provided by the Jetty
distribution, Firefox will not complain about the handshake
exception. Nevertheless there are handshake exceptions, and the SSL
level switches from TLS to SSLv3.
Now I guess the question is: What is the difference between the two
keystores?
Answer: As far as I can see, the Keystore provided in the Jetty distro
has expired in 2001, while my keystore is still valid (although also
self-generated).
Could it be, that Firefox some is less strict regarding handshake
failures, after you have told it to accept an expired certificate?
I am not sure whether this is problem of JSSE, or not? What do you think?

IMAPS handshake failure

Similar Messages

Maybe you are looking for