RECV SSLv3 ALERT: fatal, handshake_failure / URGENT
Hi,
Iam using JSSE to connect an Apache webserver. Some times I get an error from the server saying handshake failed. Appreciate if anyone can help resolve the same. Attaching the JSSE debug log and also the code.
JSSE Version : 1.0.3_03
JDK : 1.3.1
********** Code **********
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
System.setProperty("java.protocol.handler.pkgs","com.sun.net.ssl.internal.www.protocol");
System.setProperty("https.proxyHost", host);
System.setProperty("https.proxyPort", port);
System.setProperty("javax.net.ssl.keyStore", keyDBPath);
System.setProperty("javax.net.ssl.keyStoreType", "PKCS12");
System.setProperty("javax.net.ssl.keyStorePassword", keyDBPass);
System.setProperty("javax.net.ssl.trustStore", trustDBPath);
System.setProperty("javax.net.ssl.trustStorePassword",trustDBPass);
url_in = new URL("https:\\....");
************************** JSSE debug Log ****************************
keyStore is : /ebp/eaifiles/sft/security/keydb/20050531000000000049.key
keyStore type is : PKCS12
init keystore
init keymanager of type SunX509
found key for : cn=db-ebillstest1,o=deutsche bank,c=sg,ou=db-ebills,[email protected],l=singapore
chain [0] = [
Version: V3
Subject: CN=db-eBillsTest1, O=Deutsche Bank, C=SG, OU=db-eBills, [email protected], L=Singapore
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.rsajca.JSA_RSAPublicKey@350e24
Validity: [From: Tue May 31 00:00:00 GMT 2005,
To: Wed May 31 00:00:00 GMT 2006]
Issuer: CN=dbeBills-RootV4.3.1
SerialNumber: [ 31343930 ]
Certificate Extensions: 1
[1]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Algorithm: [SHA1withRSA]
Signature:
0000: 2F 2E AE 75 36 97 53 7A B3 B9 AF 2A 2C DD 51 85 /..u6.Sz...*,.Q.
0010: BB C3 2C CB A6 86 DB 15 71 B4 FC D5 A8 F3 2D BA ..,.....q.....-.
0020: EB 0A 36 87 25 C3 34 FB 96 61 0F D4 96 C2 AF B4 ..6.%.4..a......
0030: 3F EA B7 FF 2A AE AB AF 78 FF 3F F3 D5 44 01 34 ?...*...x.?..D.4
0040: 5B F7 44 E4 03 3C 4C 3B FD 68 8F FC AA 3A 2F 01 [.D..<L;.h...:/.
0050: 3C F0 7B AA 4F 97 69 95 31 EC 21 7B B3 A6 BB 83 <...O.i.1.!.....
0060: 08 9C 2B 3C 1B F2 3D 05 0A 73 D8 3F 5E 26 51 9A ..+<..=..s.?^&Q.
0070: F6 01 95 23 D1 99 79 56 1E 1F 17 06 E4 AC 44 50 ...#..yV......DP
chain [1] = [
Version: V3
Subject: CN=dbeBills-RootV4.3.1
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.rsajca.JSA_RSAPublicKey@251bb9
Validity: [From: Fri Nov 05 00:00:00 GMT 2004,
To: Wed Nov 04 00:00:00 GMT 2009]
Issuer: CN=dbeBills-RootV4.3.1
SerialNumber: [ 31343734 ]
Certificate Extensions: 1
[1]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Algorithm: [SHA1withRSA]
Signature:
0000: B9 F3 DE F4 DB ED C0 E0 F8 C6 82 50 CC 5E 73 DB ...........P.^s.
0010: 75 61 04 3F 04 DB 52 7B 00 F3 06 DD C0 DD 92 5E ua.?..R........^
0020: E6 2E 4D 99 21 EA 94 56 11 91 B7 45 C7 85 30 B1 ..M.!..V...E..0.
0030: 8B 2F 19 9D AF DD A8 92 65 4C D7 37 69 D6 E2 A3 ./......eL.7i...
0040: 75 2E 54 97 8E F2 3E 10 C7 0A FE 78 36 CD DA EA u.T...>....x6...
0050: 2E D0 C1 4B 09 AB DE 3B 03 34 44 44 C7 A4 69 34 ...K...;.4DD..i4
0060: B1 96 78 D0 E7 BB 21 23 7B 5D D3 5C 43 F4 24 96 ..x...!#.].\C.$.
0070: 4F 09 76 8C C1 8C 98 CA 9F 84 50 BF AE 47 C3 B7 O.v.......P..G..
trustStore is: /ebp/eaifiles/sft/security/trustdb/sfttrustdb.db
trustStore type is : jks
init truststore
adding as trusted cert: [
Version: V3
Subject: CN=BIZBILL, [email protected]
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.rsajca.JSA_RSAPublicKey@2e2d61
Validity: [From: Tue Apr 20 16:00:00 GMT 2004,
To: Fri Dec 31 16:00:00 GMT 2004]
Issuer: CN=Root
SerialNumber: [ 31323732 ]
Certificate Extensions: 1
[1]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Algorithm: [SHA1withRSA]
Signature:
0000: AF 63 B6 B5 F7 0D 21 79 42 51 8C 5F 5A 16 44 9E .c....!yBQ._Z.D.
0010: 4F 8F 62 7C C3 55 5A F5 74 27 49 BF 87 B0 45 DA O.b..UZ.t'I...E.
0020: 4E 1D C1 D5 2E 0A 62 FC 87 12 55 AB B7 4E 62 9E N.....b...U..Nb.
0030: 27 55 A7 24 33 CE 34 47 B0 04 55 66 00 9E B2 74 'U.$3.4G..Uf...t
0040: 40 10 7C F3 86 4B 3E 4E 00 B6 5D 8E F9 F7 3D 18 @....K>N..]...=.
0050: 61 12 9F 18 F9 B1 58 61 CF 2C 12 74 D5 2E 9D 5C a.....Xa.,.t...\
0060: C3 91 C6 44 9D AB 73 EE 2B 70 88 CD A7 40 84 A8 ...D..s.+p...@..
0070: E6 2F FD 31 87 F3 0E 61 4A 07 25 B4 F8 71 AE 47 ./.1...aJ.%..q.G
adding as trusted cert: [
Version: V3
Subject: CN=ft.dbebills-sit-uat.db.com, OU=APHO, O=Deutsche Bank, L=Singapore, ST=Singapore, C=SG
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.rsajca.JSA_RSAPublicKey@66ee0e
Validity: [From: Wed Apr 21 09:38:05 GMT 2004,
To: Thu Apr 21 09:38:05 GMT 2005]
Issuer: CN=Certificate Manager-Ecommerce, OU=CIT GTO, O=Deutsche Bank, L=SG, ST=SG, C=SG
SerialNumber: [ 3c]
Certificate Extensions: 5
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: A7 00 B9 D1 4C 3A 35 C2 FB 82 29 75 C4 23 19 95 ....L:5...)u.#..
0010: D8 50 AE 80 .P..
[2]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL client
SSL CA
S/MIME CA
Object Signing CA]
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 82 84 16 07 FF 03 73 F6 34 BB 0F A7 35 A3 88 78 ......s.4...5..x
0010: F5 60 CE 73 .`.s
[4]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_CertSign
Crl_Sign
[5]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [MD5withRSA]
Signature:
0000: 61 EE 9E FE 32 9D 2A F4 A7 E8 ED 1B 35 25 21 5D a...2.*.....5%!]
0010: 17 65 A4 C8 F0 7D 26 45 C1 39 06 D9 DA 7C D0 9D .e....&E.9......
0020: DC E9 F3 D7 75 4B A7 85 87 C1 A6 01 53 CB 1C 2F ....uK......S../
0030: 09 61 12 55 16 4A A2 7B BD C4 DB F8 DB 21 42 2B .a.U.J.......!B+
0040: 9B CE EB 3C E0 73 4C 77 6F 79 0F 25 5C 43 67 DB ...<.sLwoy.%\Cg.
0050: D5 B2 89 8F 99 12 DA 85 59 0A 66 83 CE 6B AF 51 ........Y.f..k.Q
0060: 75 EB 27 49 B7 38 C8 64 22 8A 5F F0 38 E5 AA D3 u.'I.8.d"._.8...
0070: 12 7A 21 0E 6B 3E 0D B6 3D D9 53 48 4F E3 6C CD .z!.k>..=.SHO.l.
0080: EB 3B 25 63 8A 2F 06 60 19 5A D1 62 44 4E 38 A2 .;%c./.`.Z.bDN8.
0090: B4 ED CA 85 E2 DA B5 95 53 74 72 1D B4 26 CC 0D ........Str..&..
00A0: 03 15 E7 83 B6 18 77 23 E8 0F 1D 35 8A 0C 7B 1C ......w#...5....
00B0: 92 1D AE CD A1 87 04 6E 97 7B 17 9F 93 52 DB 3E .......n.....R.>
00C0: 94 B5 14 C0 FB CF 0B B0 CC 9A B5 10 75 70 2E 92 ............up..
00D0: 08 9C 9B 59 E8 ED 19 09 F7 EB CB E1 F7 08 37 6A ...Y..........7j
00E0: B6 5F 50 38 99 C5 FE 64 45 67 DA 41 E0 38 7D F1 ._P8...dEg.A.8..
00F0: D5 A8 12 21 11 4C E3 1D C2 3B 40 C4 D4 8A A7 3E ...!.L...;@....>
adding as trusted cert: [
Version: V3
Subject: [email protected], CN=tcdss.trustcenter.de, O=TC TrustCenter AG, L=Hamburg, ST=Hamburg, C=DE
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.rsajca.JSA_RSAPublicKey@16ef23
Validity: [From: Tue Mar 15 09:05:07 GMT 2005,
To: Mon May 01 09:05:07 GMT 2006]
Issuer: [email protected], OU=TC TrustCenter Class 2 CA, O=TC TrustCenter for Security in Data Networks GmbH, L=Hamburg, ST=Hamburg, C=DE
SerialNumber: [ 9f510000 000230e0 cfc2ad69 44a4]
Certificate Extensions: 5
[1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL server
[2]: ObjectId: 2.16.840.1.113730.1.8 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 31 16 2F 68 74 74 70 3A 2F 2F 77 77 77 2E 74 .1./http://www.t
0010: 72 75 73 74 63 65 6E 74 65 72 2E 64 65 2F 67 75 rustcenter.de/gu
0020: 69 64 65 6C 69 6E 65 73 2F 69 6E 64 65 78 2E 68 idelines/index.h
0030: 74 6D 6C tml
[3]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
[4]: ObjectId: 2.16.840.1.113730.1.3 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 43 16 41 68 74 74 70 73 3A 2F 2F 6E 72 75 2E .C.Ahttps://nru.
0010: 74 63 63 6C 61 73 73 32 2E 74 72 75 73 74 63 65 tcclass2.trustce
0020: 6E 74 65 72 2E 64 65 2F 39 46 35 31 30 30 30 30 nter.de/9F510000
0030: 30 30 30 32 33 30 45 30 43 46 43 32 41 44 36 39 000230E0CFC2AD69
0040: 34 34 41 34 3F 44A4?
[5]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [SHA1withRSA]
Signature:
0000: CB A6 03 8B BA F8 75 64 90 07 F3 29 8F E1 6C C2 ......ud...)..l.
0010: 1F 81 A4 28 16 6B EB 19 D6 82 AD 39 6E 92 F6 D2 ...(.k.....9n...
0020: 7E BD EA 55 37 F0 5A 03 A2 5E 31 3A 61 8B 70 C8 ...U7.Z..^1:a.p.
0030: 3B 91 BA 5A CE 27 51 C2 EA B0 1B 55 A4 18 4B DF ;..Z.'Q....U..K.
0040: FF 3D FE ED 91 73 8C C0 9F 92 93 C7 CD 66 30 F4 .=...s.......f0.
0050: E2 FB F5 06 05 9F BA 5B 81 24 2F 18 52 CE 53 A6 .......[.$/.R.S.
0060: 21 0B 63 D4 AE B3 FD E6 9C C2 EE 74 53 E6 E2 5E !.c........tS..^
0070: 8C 2A 0C 77 AB E9 F9 95 76 4C E8 B6 63 A3 CB 89 .*.w....vL..c...
adding as trusted cert: [
Version: V3
Subject: CN=Venkat, OU=EBPP, O=Deutsche Bank, L=SIngapore, ST=Singapore, C=SG
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.rsajca.JSA_RSAPublicKey@2df2c7
Validity: [From: Fri Mar 04 09:30:03 GMT 2005,
To: Sat Mar 04 09:30:03 GMT 2006]
Issuer: CN=Certificate Manager, OU=PCB, O=Deutsche Bank AG, L=Singapore, ST=Singapore, C=SG
SerialNumber: [ 08]
Certificate Extensions: 3
[1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL server
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 89 A4 2E 72 47 B7 E8 52 5A 4F 2D 56 5F A0 1E 87 ...rG..RZO-V_...
0010: 43 E2 AA 2E C...
[3]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
Data_Encipherment
Algorithm: [MD5withRSA]
Signature:
0000: DA F2 FA 04 B2 C6 E3 87 5C 32 B8 41 5A 74 CB 9E ........\2.AZt..
0010: B5 6F 85 01 55 A8 3F 0C EB 52 68 EC C0 4B 6D 0B .o..U.?..Rh..Km.
0020: 04 30 86 24 74 A2 CF DF 7F 20 06 3F 8E AD C3 6E .0.$t.... .?...n
0030: 76 01 97 F7 A3 A6 2D 51 4D D4 17 4D 74 78 13 C3 v.....-QM..Mtx..
adding as trusted cert: [
Version: V3
Subject: CN=www.ppg.com, OU=Terms of use at www.verisign.com/rpa (c)00, OU=PPG Industries, O=PPG Industries Inc., L=Pittsburgh, ST=Pennsylvania, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.rsajca.JSA_RSAPublicKey@1df480
Validity: [From: Wed Oct 01 00:00:00 GMT 2003,
To: Tue Oct 26 23:59:59 GMT 2004]
Issuer: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
SerialNumber: [ 7a070d62 d01d5e6f 878eb52e f981c2ea ]
Certificate Extensions: 7
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 28 30 26 30 24 06 08 2B 06 01 05 05 07 30 01 .(0&0$..+.....0.
0010: 86 18 68 74 74 70 3A 2F 2F 6F 63 73 70 2E 76 65 ..http://ocsp.ve
0020: 72 69 73 69 67 6E 2E 63 6F 6D risign.com
[2]: ObjectId: 1.3.6.1.5.5.7.1.12 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 5F 30 5D A1 5B A0 59 30 57 30 55 16 09 69 6D ._0].[.Y0W0U..im
0010: 61 67 65 2F 67 69 66 30 21 30 1F 30 07 06 05 2B age/gif0!0.0...+
0020: 0E 03 02 1A 04 14 AE 6C A8 E1 70 62 68 65 FB 55 .......l..pbhe.U
0030: 49 82 B5 82 32 5B 90 91 42 B7 30 25 16 23 68 74 I...2[..B.0%.#ht
0040: 74 70 3A 2F 2F 6C 6F 67 6F 2E 76 65 72 69 73 69 tp://logo.verisi
0050: 67 6E 2E 63 6F 6D 2F 76 73 6C 6F 67 6F 2E 67 69 gn.com/vslogo.gi
0060: 66 f
[3]: ObjectId: 2.5.29.32 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 3D 30 3B 30 39 06 0B 60 86 48 01 86 F8 45 01 .=0;09..`.H...E.
0010: 07 17 03 30 2A 30 28 06 08 2B 06 01 05 05 07 02 ...0*0(..+......
0020: 01 16 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 76 ...https://www.v
0030: 65 72 69 73 69 67 6E 2E 63 6F 6D 2F 72 70 61 erisign.com/rpa
[4]: ObjectId: 2.5.29.31 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 35 30 33 30 31 A0 2F A0 2D 86 2B 68 74 74 70 .50301./.-.+http
0010: 3A 2F 2F 63 72 6C 2E 76 65 72 69 73 69 67 6E 2E ://crl.verisign.
0020: 63 6F 6D 2F 52 53 41 53 65 63 75 72 65 53 65 72 com/RSASecureSer
0030: 76 65 72 2E 63 72 6C ver.crl
[5]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Key_Encipherment
[6]: ObjectId: 2.5.29.37 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 16 30 14 06 08 2B 06 01 05 05 07 03 01 06 08 ..0...+.........
0010: 2B 06 01 05 05 07 03 02 +.......
[7]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [SHA1withRSA]
Signature:
0000: 3F DC 1E E4 DE 9A EE 95 D9 07 CE AF FA AA 54 10 ?.............T.
0010: 6C 56 BA A3 49 98 E4 C8 30 8D 24 E8 19 22 16 92 lV..I...0.$.."..
0020: 9D E8 B8 FE BB 8E 24 6E 9D AD B4 97 B3 1B 04 50 ......$n.......P
0030: 96 63 45 A9 03 DE 41 B8 77 22 EC 73 B4 C7 0E 55 .cE...A.w".s...U
0040: 77 9A 81 2B 2B 57 A9 D9 CE 83 57 27 69 D9 62 6A w..++W....W'i.bj
0050: CF A4 82 75 A8 1E AC 0B DD 98 4A E5 4E 99 5F A4 ...u......J.N._.
0060: F2 E3 4F 62 48 FE 1B 1A 6A B2 54 77 CD D0 9B 20 ..ObH...j.Tw...
0070: A1 4E A5 F5 BE 38 78 1B 7C 7E 41 1F F1 .N...8x...A..
adding as trusted cert: [
Version: V3
Subject: CN=ft.dbebills-sit-uat.db.com, OU=Deutsche Bank, O=APHO, L=Singapore, ST=Singapore, C=SG
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.rsajca.JSA_RSAPublicKey@1f08ca
Validity: [From: Wed Apr 06 06:11:49 GMT 2005,
To: Thu Apr 06 06:11:49 GMT 2006]
Issuer: CN=Certificate Manager, OU=PCB, O=Deutsche Bank AG, L=Singapore, ST=Singapore, C=SG
SerialNumber: [ 14]
Certificate Extensions: 3
[1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL server
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 89 A4 2E 72 47 B7 E8 52 5A 4F 2D 56 5F A0 1E 87 ...rG..RZO-V_...
0010: 43 E2 AA 2E C...
[3]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
Data_Encipherment
Algorithm: [MD5withRSA]
Signature:
0000: 02 B6 98 37 77 89 D0 FE BD FC 73 35 5F 86 C3 47 ...7w.....s5_..G
0010: D2 60 F7 7F D8 26 BE 69 0E C6 C2 16 60 B8 25 C2 .`...&.i....`.%.
0020: 6A ED 49 09 30 52 5C A4 37 7E DE 9C 27 AE 32 F8 j.I.0R\.7...'.2.
0030: B6 6F 13 88 1C B7 4D 21 09 74 F4 50 01 16 67 83 .o....M!.t.P..g.
adding as trusted cert: [
Version: V1
Subject: [email protected], CN=194.45.147.44, OU=EBILLS, O=CSC PLOENZKE, L=WIESBADEN, ST=HESSEN, C=DE
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.rsajca.JSA_RSAPublicKey@2f4fde
Validity: [From: Mon May 23 14:19:25 GMT 2005,
To: Thu May 18 14:19:25 GMT 2006]
Issuer: [email protected], CN=194.45.147.44, OU=EBILLS, O=CSC PLOENZKE, L=WIESBADEN, ST=HESSEN, C=DE
SerialNumber: [ 0 ]
Algorithm: [MD5withRSA]
Signature:
0000: 83 20 EE 98 23 F0 0B BA 6F FF 99 66 EE 74 00 0A . ..#...o..f.t..
0010: CA 13 F5 66 80 2D 86 68 08 8F 8D 7D CE 7D 4A 50 ...f.-.h......JP
0020: 76 E7 54 68 23 31 07 9B EC D2 B6 B2 4C FF DA 9E v.Th#1......L...
0030: CD BB 6A F0 5A 6A 67 37 D9 D8 29 9E 9E B0 AF DE ..j.Zjg7..).....
0040: AC A4 22 3D 72 A0 DB 98 48 C9 A1 26 32 8B 1B C1 .."=r...H..&2...
0050: 34 BE 53 52 4D 5A 3C E9 6C 03 02 79 1B C7 F0 2E 4.SRMZ<.l..y....
0060: 9E 2D C8 15 1E 4E CB 46 60 70 6B 9A 12 80 5C 77 .-...N.F`pk...\w
0070: C7 DC DF FA D4 95 F9 48 52 DC 64 E4 35 50 22 F6 .......HR.d.5P".
adding as trusted cert: [
Version: V3
Subject: CN=BILL, [email protected]
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.rsajca.JSA_RSAPublicKey@249c54
Validity: [From: Mon Apr 26 16:00:00 GMT 2004,
To: Thu Mar 31 16:00:00 GMT 2005]
Issuer: CN=Root
SerialNumber: [ 31323936 ]
Certificate Extensions: 1
[1]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Algorithm: [SHA1withRSA]
Signature:
0000: 43 3F F3 73 DC F0 F9 CC 42 C1 84 D0 EF D9 DA E7 C?.s....B.......
0010: AC D8 ED 33 0F 1F B7 F9 33 44 DC FB E8 3D B4 DE ...3....3D...=..
0020: EA 0D 06 CC D4 05 D9 CB FF 38 FC 66 83 59 C0 A9 .........8.f.Y..
0030: 9F 86 5F 7E EB 84 89 97 13 9D E8 57 FD 79 97 9C .._........W.y..
0040: 77 81 8C 74 CD E8 3B 57 29 F1 40 FA 94 5D F8 A4 w..t..;W).@..]..
0050: E6 91 19 B7 6E 4D A0 11 BE 64 2E A7 EF 43 BE 8B ....nM...d...C..
0060: 0A DB 08 AE B2 00 4F 4B C7 56 BE 64 D6 B9 59 1C ......OK.V.d..Y.
0070: 76 CE B9 60 B6 8D 9C D7 26 A6 2D D5 FD 20 0E 0F v..`....&.-.. ..
init context
trigger seeding of SecureRandom
done seeding SecureRandom
%% No cached client session
*** ClientHello, v3.1
RandomCookie: GMT: 1103321439 bytes = { 177, 1, 40, 203, 34, 64, 115, 231, 49, 198, 131, 41, 39, 61, 235, 196, 246, 250, 218, 72, 237, 195, 238, 146, 75, 131, 215, 17 }
Session ID: {}
Cipher Suites: { 0, 5, 0, 4, 0, 9, 0, 10, 0, 18, 0, 19, 0, 3, 0, 17 }
Compression Methods: { 0 }
[write] MD5 and SHA1 hashes: len = 59
0000: 01 00 00 37 03 01 42 C3 59 5F B1 01 28 CB 22 40 ...7..B.Y_..(."@
0010: 73 E7 31 C6 83 29 27 3D EB C4 F6 FA DA 48 ED C3 s.1..)'=.....H..
0020: EE 92 4B 83 D7 11 00 00 10 00 05 00 04 00 09 00 ..K.............
0030: 0A 00 12 00 13 00 03 00 11 01 00 ...........
Flux Job /SUB/HERPPROC/0:206, WRITE: SSL v3.1 Handshake, length = 59
[write] MD5 and SHA1 hashes: len = 77
0000: 01 03 01 00 24 00 00 00 20 00 00 05 00 00 04 01 ....$... .......
0010: 00 80 00 00 09 06 00 40 00 00 0A 07 00 C0 00 00 .......@........
0020: 12 00 00 13 00 00 03 02 00 80 00 00 11 42 C3 59 .............B.Y
0030: 5F B1 01 28 CB 22 40 73 E7 31 C6 83 29 27 3D EB _..(."@s.1..)'=.
0040: C4 F6 FA DA 48 ED C3 EE 92 4B 83 D7 11 ....H....K...
Flux Job /SUB/HERPPROC/0:206, WRITE: SSL v2, contentType = 22, translated length = 16310
Flux Job /SUB/HERPPROC/0:206, READ: SSL v3.1 Handshake, length = 74
*** ServerHello, v3.1
RandomCookie: GMT: 1103321645 bytes = { 64, 165, 150, 119, 79, 50, 213, 1, 63, 55, 101, 74, 132, 53, 176, 86, 103, 56, 226, 190, 45, 64, 217, 133, 36, 224, 165, 173 }
Session ID: {86, 92, 205, 118, 98, 208, 225, 182, 250, 233, 193, 34, 73, 46, 179, 174, 69, 225, 219, 44, 6, 87, 176, 78, 32, 130, 113, 140, 189, 107, 157, 122}
Cipher Suite: { 0, 5 }
Compression Method: 0
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_SHA]
** SSL_RSA_WITH_RC4_128_SHA
[read] MD5 and SHA1 hashes: len = 74
0000: 02 00 00 46 03 01 42 C3 5A 2D 40 A5 96 77 4F 32 [email protected]
0010: D5 01 3F 37 65 4A 84 35 B0 56 67 38 E2 BE 2D 40 ..?7eJ.5.Vg8..-@
0020: D9 85 24 E0 A5 AD 20 56 5C CD 76 62 D0 E1 B6 FA ..$... V\.vb....
0030: E9 C1 22 49 2E B3 AE 45 E1 DB 2C 06 57 B0 4E 20 .."I...E..,.W.N
0040: 82 71 8C BD 6B 9D 7A 00 05 00 .q..k.z...
Flux Job /SUB/HERPPROC/0:206, READ: SSL v3.1 Handshake, length = 1805
*** Certificate chain
chain [0] = [
Version: V3
Subject: [email protected], CN=tcdss.trustcenter.de, O=TC TrustCenter AG, L=Hamburg, ST=Hamburg, C=DE
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.rsajca.JSA_RSAPublicKey@12dab2
Validity: [From: Tue Mar 15 09:05:07 GMT 2005,
To: Mon May 01 09:05:07 GMT 2006]
Issuer: [email protected], OU=TC TrustCenter Class 2 CA, O=TC TrustCenter for Security in Data Networks GmbH, L=Hamburg, ST=Hamburg, C=DE
SerialNumber: [ 9f510000 000230e0 cfc2ad69 44a4]
Certificate Extensions: 5
[1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL server
[2]: ObjectId: 2.16.840.1.113730.1.8 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 31 16 2F 68 74 74 70 3A 2F 2F 77 77 77 2E 74 .1./http://www.t
0010: 72 75 73 74 63 65 6E 74 65 72 2E 64 65 2F 67 75 rustcenter.de/gu
0020: 69 64 65 6C 69 6E 65 73 2F 69 6E 64 65 78 2E 68 idelines/index.h
0030: 74 6D 6C tml
[3]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
[4]: ObjectId: 2.16.840.1.113730.1.3 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 43 16 41 68 74 74 70 73 3A 2F 2F 6E 72 75 2E .C.Ahttps://nru.
0010: 74 63 63 6C 61 73 73 32 2E 74 72 75 73 74 63 65 tcclass2.trustce
0020: 6E 74 65 72 2E 64 65 2F 39 46 35 31 30 30 30 30 nter.de/9F510000
0030: 30 30 30 32 33 30 45 30 43 46 43 32 41 44 36 39 000230E0CFC2AD69
0040: 34 34 41 34 3F 44A4?
[5]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [SHA1withRSA]
Signature:
0000: CB A6 03 8B BA F8 75 64 90 07 F3 29 8F E1 6C C2 ......ud...)..l.
0010: 1F 81 A4 28 16 6B EB 19 D6 82 AD 39 6E 92 F6 D2 ...(.k.....9n...
0020: 7E BD EA 55 37 F0 5A 03 A2 5E 31 3A 61 8B 70 C8 ...U7.Z..^1:a.p.
0030: 3B 91 BA 5A CE 27 51 C2 EA B0 1B 55 A4 18 4B DF ;..Z.'Q....U..K.
0040: FF 3D FE ED 91 73 8C C0 9F 92 93 C7 CD 66 30 F4 .=...s.......f0.
0050: E2 FB F5 06 05 9F BA 5B 81 24 2F 18 52 CE 53 A6 .......[.$/.R.S.
0060: 21 0B 63 D4 AE B3 FD E6 9C C2 EE 74 53 E6 E2 5E !.c........tS..^
0070: 8C 2A 0C 77 AB E9 F9 95 76 4C E8 B6 63 A3 CB 89 .*.w....vL..c...
chain [1] = [
Version: V3
Subject: [email protected], OU=TC TrustCenter Class 2 CA, O=TC TrustCenter for Security in Data Networks GmbH, L=Hamburg, ST=Hamburg, C=DE
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.rsajca.JSA_RSAPublicKey@53e355
Validity: [From: Mon Mar 09 11:59:59 GMT 1998,
To: Sat Jan 01 11:59:59 GMT 2011]
Issuer: [email protected], OU=TC TrustCenter Class 2 CA, O=TC TrustCenter for Security in Data Networks GmbH, L=Hamburg, ST=Hamburg, C=DE
SerialNumber: [ 03ea]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL CA
S/MIME CA
Object Signing CA]
[2]: ObjectId: 2.16.840.1.113730.1.8 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 26 16 24 68 74 74 70 3A 2F 2F 77 77 77 2E 74 .&.$http://www.t
0010: 72 75 73 74 63 65 6E 74 65 72 2E 64 65 2F 67 75 rustcenter.de/gu
0020: 69 64 65 6C 69 6E 65 73 idelines
[3]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
[4]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [MD5withRSA]
Signature:
0000: 84 52 FB 28 DF FF 1F 75 01 BC 01 BE 04 56 97 6A .R.(...u.....V.j
0010: 74 42 24 31 83 F9 46 B1 06 8A 89 CF 96 2C 33 BF tB$1..F......,3.
0020: 8C B5 5F 7A 72 A1 85 06 CE 86 F8 05 8E E8 F9 25 .._zr..........%
0030: CA DA 83 8C 06 AC EB 36 6D 85 91 34 04 36 F4 42 .......6m..4.6.B
0040: F0 F8 79 2E 0A 48 5C AB CC 51 4F 78 76 A0 D9 AC ..y..H\..QOxv...
0050: 19 BD 2A D1 69 04 28 91 CA 36 10 27 80 57 5B D2 ..*.i.(..6.'.W[.
0060: 5C F5 C2 5B AB 64 81 63 74 51 F4 97 BF CD 12 28 \..[.d.ctQ.....(
0070: F7 4D 66 7F A7 F0 1C 01 26 78 B2 66 47 70 51 64 .Mf.....&x.fGpQd
updated/found trusted cert: [
Version: V3
Subject: [email protected], CN=tcdss.trustcenter.de, O=TC TrustCenter AG, L=Hamburg, ST=Hamburg, C=DE
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: com.sun.rsajca.JSA_RSAPublicKey@12dab2
Validity: [From: Tue Mar 15 09:05:07 GMT 2005,
To: Mon May 01 09:05:07 GMT 2006]
Issuer: [email protected], OU=TC TrustCenter Class 2 CA, O=TC TrustCenter for Security in Data Networks GmbH, L=Hamburg, ST=Hamburg, C=DE
SerialNumber: [ 9f510000 000230e0 cfc2ad69 44a4]
Certificate Extensions: 5
[1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL server
[2]: ObjectId: 2.16.840.1.113730.1.8 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 31 16 2F 68 74 74 70 3A 2F 2F 77 77 77 2E 74 .1./http://www.t
0010: 72 75 73 74 63 65 6E 74 65 72 2E 64 65 2F 67 75 rustcenter.de/gu
0020: 69 64 65 6C 69 6E 65 73 2F 69 6E 64 65 78 2E 68 idelines/index.h
0030: 74 6D 6C tml
[3]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
[4]: ObjectId: 2.16.840.1.113730.1.3 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 43 16 41 68 74 74 70 73 3A 2F 2F 6E 72 75 2E .C.Ahttps://nru.
0010: 74 63 63 6C 61 73 73 32 2E 74 72 75 73 74 63 65 tcclass2.trustce
0020: 6E 74 65 72 2E 64 65 2F 39 46 35 31 30 30 30 30 nter.de/9F510000
0030: 30 30 30 32 33 30 45 30 43 46 43 32 41 44 36 39 000230E0CFC2AD69
0040: 34 34 41 34 3F 44A4?
[5]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [SHA1withRSA]
Signature:
0000: CB A6 03 8B BA F8 75 64 90 07 F3 29 8F E1 6C C2 ......ud...)..l.
0010: 1F 81 A4 28 16 6B EB 19 D6 82 AD 39 6E 92 F6 D2 ...(.k.....9n...
0020: 7E BD EA 55 37 F0 5A 03 A2 5E 31 3A 61 8B 70 C8 ...U7.Z..^1:a.p.
0030: 3B 91 BA 5A CE 27 51 C2 EA B0 1B 55 A4 18 4B DF ;..Z.'Q....U..K.
0040: FF 3D FE ED 91 73 8C C0 9F 92 93 C7 CD 66 30 F4 .=...s.......f0.
0050: E2 FB F5 06 05 9F BA 5B 81 24 2F 18 52 CE 53 A6 .......[.$/.R.S.
0060: 21 0B 63 D4 AE B3 FD E6 9C C2 EE 74 53 E6 E2 5E !.c........tS..^
0070: 8C 2A 0C 77 AB E9 F9 95 76 4C E8 B6 63 A3 CB 89 .*.w....vL..c...
[read] MD5 and SHA1 hashes: len = 1805
0000: 0B 00 07 09 00 07 06 00 03 A0 30 82 03 9C 30 82 ..........0...0.
0010: 03 05 A0 03 02 01 02 02 0F 00 9F 51 00 00 00 02 ...........Q....
0020: 30 E0 CF C2 AD 69 44 A4 30 0D 06 09 2A 86 48 86 0....iD.0...*.H.
0030: F7 0D 01 01 05 05 00 30 81 BC 31 0B 30 09 06 03 .......0..1.0...
0040: 55 04 06 13 02 44 45 31 10 30 0E 06 03 55 04 08 U....DE1.0...U..
0050: 13 07 48 61 6D 62 75 72 67 31 10 30 0E 06 03 55 ..Hamburg1.0...U
0060: 04 07 13 07 48 61 6D 62 75 72 67 31 3A 30 38 06 ....Hamburg1:08.
0070: 03 55 04 0A 13 31 54 43 20 54 72 75 73 74 43 65 .U...1TC TrustCe
0080: 6E 74 65 72 20 66 6F 72 20 53 65 63 75 72 69 74 nter for Securit
0090: 79 20 69 6E 20 44 61 74 61 20 4E 65 74 77 6F 72 y in Data Networ
00A0: 6B 73 20 47 6D 62 48 31 22 30 20 06 03 55 04 0B ks GmbH1"0 ..U..
00B0: 13 19 54 43 20 54 72 75 73 74 43 65 6E 74 65 72 ..TC TrustCenter
00C0: 20 43 6C 61 73 73 20 32 20 43 41 31 29 30 27 06 Class 2 CA1)0'.
00D0: 09 2A 86 48 86 F7 0D 01 09 01 16 1A 63 65 72 74 .*.H........cert
00E0: 69 66 69 63 61 74 65 40 74 72 75 73 74 63 65 6E ificate@trustcen
00F0: 74 65 72 2E 64 65 30 1E 17 0D 30 35 30 33 31 35 ter.de0...050315
0100: 30 39 30 35 30 37 5A 17 0D 30 36 30 35 30 31 30 090507Z..0605010
0110: 39 30 35 30 37 5A 30 81 93 31 0B 30 09 06 03 55 90507Z0..1.0...U
0120: 04 06 13 02 44 45 31 10 30 0E 06 03 55 04 08 13 ....DE1.0...U...
0130: 07 48 61 6D 62 75 72 67 31 10 30 0E 06 03 55 04 .Hamburg1.0...U.
0140: 07 13 07 48 61 6D 62 75 72 67 31 1A 30 18 06 03 ...Hamburg1.0...
0150: 55 04 0A 13 11 54 43 20 54 72 75 73 74 43 65 6E U....TC TrustCen
0160: 74 65 72 20 41 47 31 1D 30 1B 06 03 55 04 03 13 ter AG1.0...U...
0170: 14 74 63 64 73 73 2E 74 72 75 73 74 63 65 6E 74 .tcdss.trustcent
0180: 65 72 2E 64 65 31 25 30 23 06 09 2A 86 48 86 F7 er.de1%0#..*.H..
0190: 0D 01 09 01 16 16 74 63 61 64 6D 69 6E 40 74 72 ......tcadmin@tr
01A0: 75 73 74 63 65 6E 74 65 72 2E 64 65 30 81 9F 30 ustcenter.de0..0
01B0: 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 81 ...*.H..........
01C0: 8D 00 30 81 89 02 81 81 00 AF 9E 59 FD 3F 23 29 ..0........Y.?#)
01D0: 01 E0 B9 C8 88 E1 A5 5C 63 14 3D ED 21 20 04 27 .......\c.=.! .'
01E0: A5 EE 3B B2 F1 E8 4F 4B 3B 4C 74 BE 8C 29 7A 41 ..;...OK;Lt..)zA
01F0: 89 FD A3 98 48 BF 8C 7B 72 9A 5B 7B 20 06 37 56 ....H...r.[. .7V
0200: 08 04 E3 8D 57 6D 02 3A 94 78 84 71 11 A7 26 56 ....Wm.:.x.q..&V
0210: 55 71 9D 55 E4 1C 54 2A 5A 2A 22 7A 23 A4 B4 F1 Uq.U..T*Z*"z#...
0220: 04 EC 18 D1 B8 EA D8 CF 24 97 C4 91 81 75 68 38 ........$....uh8
0230: 7C 63 3B BF 74 64 17 8D 28 7F F5 14 B8 7B 65 5F .c;.td..(.....e_
0240: 8A 51 E8 72 ED 1C 77 39 27 02 03 01 00 01 A3 81 .Q.r..w9'.......
0250: C6 30 81 C3 30 0C 06 03 55 1D 13 01 01 FF 04 02 .0..0...U.......
0260: 30 00 30 0E 06 03 55 1D 0F 01 01 FF 04 04 03 02 0.0...U.........
0270: 05 E0 30 3E 06 09 60 86 48 01 86 F8 42 01 08 04 ..0>..`.H...B...
0280: 31 16 2F 68 74 74 70 3A 2F 2F 77 77 77 2E 74 72 1./http://www.tr
0290: 75 73 74 63 65 6E 74 65 72 2E 64 65 2F 67 75 69 ustcenter.de/gui
02A0: 64 65 6C 69 6E 65 73 2F 69 6E 64 65 78 2E 68 74 delines/index.ht
02B0: 6D 6C 30 11 06 09 60 86 48 01 86 F8 42 01 01 04 ml0...`.H...B...
02C0: 04 03 02 06 40 30 50 06 09 60 86 48
the debug output mess you posted, does not make much sense as we don't have the picture about the running env. Run your code with one server thread and post the relative log again.
before posint that in a proper way, check your settings for timeout and cachesize of the underlying SSLSessionContext and see if that will help you produce better mesaures matching your response times etc.
Similar Messages
-
RECV TLSv1 ALERT: fatal, handshake_failure in Java 1.7
I have two Java applications. Both were originally running Java 1.6. The applications communicate via an HTTPS call. The client is being converted to Java 1.7 while the server is being left at Java 1.6 for now.
When the client is run using Java 1.7 it gets an exception, javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure. The client works fine using Java 1.6. The client running on Java 1.7 can communicate with other applications such as https://www.google.com/ without any problem.
The debug log indicates that the client is accepting the server certificate without any problem. It is the server that is sending the handshake_failure response.
The only significant difference I can see between the two logs is that using Java 1.6 client, the server selects the SSL_RSA_WITH_RC4_128_MD5 cipher suite while with the Java 1.7 client the server selects the TLS_RSA_WITH_AES_256_CBC_SHA cipher suite.
I can re-create the problem using a simple program and running it twice, once with Java 1.6 and once with Java 1.7.
package testhttps;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.net.URLConnection;
public class Main {
private static final String JAVA_VERSION = "java.version";
private static final String JAVAX_NET_DEBUG = "javax.net.debug";
private static final String JAVAX_NET_SSL_TRUSTSTORE = "javax.net.ssl.trustStore";
private static final String DEBUG_OPTS = "ssl,handshake";
private static final String LOCAL_KS = "C:/Users/USER/Desktop/SERVERcert";
private static final String LOCAL_URL = "https://SERVER/invoke/tools.employees.apps:APPNAME";
private static final String GOOGLE_URL = "https://www.google.com/";
public static void main(String[] args) throws IOException {
System.out.println("Java Version: " + System.getProperty(JAVA_VERSION));
printSep();
System.setProperty(JAVAX_NET_DEBUG, DEBUG_OPTS);
System.setProperty(JAVAX_NET_SSL_TRUSTSTORE, LOCAL_KS);
runTest(LOCAL_URL);
printSep();
runTest(GOOGLE_URL);
private static void printSep() {
System.out.println("----------------------------------------");
System.out.println();
private static void runTest(String urlStr) {
System.out.println("URL: " + urlStr);
System.out.println();
try {
URL url = new URL(urlStr);
URLConnection connection = url.openConnection();
connection.connect();
InputStream stream = connection.getInputStream();
while (true) {
int n = stream.read();
if (n == -1)
break;
System.out.write(n);
stream.close();
System.out.println();
} catch (IOException e) {
System.out.println();
e.printStackTrace();
}Debug log for Java 1.7 client. Gets handshake_failure.
Java Version: 1.7.0_17
URL: https://SERVER/invoke/tools.employees.apps:APPNAME
keyStore is :
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
trustStore is: C:\Users\USER\Desktop\SERVERcert
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: CN=www.google.com, O=Google Inc, L=Mountain View, ST=California, C=US
Issuer: CN=Google Internet Authority, O=Google Inc, C=US
Algorithm: RSA; Serial number: 0x14850d9e000000007d40
Valid from Wed Feb 20 06:34:56 MST 2013 until Fri Jun 07 13:43:27 MDT 2013
adding as trusted cert:
Subject: [email protected], CN=SERVER, OU=Web Team, O=COMPANY NAME, L=CITY, ST=STATE, C=US
Issuer: CN=COMPANY NAME Internal Issuing CA, DC=PARENT, DC=local
Algorithm: RSA; Serial number: 0x4208795e000000000d7d
Valid from Fri Mar 15 07:44:35 MDT 2013 until Sun Mar 15 07:44:35 MDT 2015
trigger seeding of SecureRandom
done seeding SecureRandom
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
main, setSoTimeout(0) called
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1363720456 bytes = { 113, 24, 242, 51, 45, 18, 117, 236, 52, 147, 16, 22, 151, 59, 151, 33, 56, 187, 24, 145, 231, 25, 84, 44, 176, 112, 61, 79 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
main, WRITE: TLSv1 Handshake, length = 163
main, READ: TLSv1 Handshake, length = 3437
*** ServerHello, TLSv1
RandomCookie: GMT: 1363720456 bytes = { 115, 135, 78, 234, 92, 217, 33, 197, 14, 143, 108, 244, 200, 229, 61, 239, 136, 174, 40, 109, 70, 165, 24, 112, 160, 149, 80, 196 }
Session ID: {186, 54, 109, 12, 100, 9, 3, 187, 38, 58, 152, 239, 137, 244, 79, 87}
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
%% Initialized: [Session-1, TLS_RSA_WITH_AES_256_CBC_SHA]
** TLS_RSA_WITH_AES_256_CBC_SHA
*** Certificate chain
chain [0] = [
Version: V3
Subject: [email protected], CN=SERVER, OU=Web Team, O=COMPANY NAME, L=CITY, ST=STATE, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: 31516488916856175993354388556520068293794356693242681182245201286667548063641640358313574888462489933475402864236800262460826430243488030753558168637830135426373840447558297285290406873898984898413863294812616756309132288938801104047345625475355654376426138494767988080314969827787605621823083455352331480850948116669339339048031040543939696472504286395458369701032317090387365961443301475102633799830067724032223647096133387365632477706202020365811242759581209534410179060268963901969481769329740356404722306624236516162225426247695795946763666223293969793336832548340134282004822442343909786198074157323202609655959
public exponent: 65537
Validity: [From: Fri Mar 15 07:44:35 MDT 2013,
To: Sun Mar 15 07:44:35 MDT 2015]
Issuer: CN=COMPANY NAME Internal Issuing CA, DC=PARENT, DC=local
SerialNumber: [ 4208795e 00000000 0d7d]
Certificate Extensions: 8
[1]: ObjectId: 1.3.6.1.4.1.311.21.10 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 0E 30 0C 30 0A 06 08 2B 06 01 05 05 07 03 01 ..0.0...+.......
[2]: ObjectId: 1.3.6.1.4.1.311.21.7 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 30 30 2E 06 26 2B 06 01 04 01 82 37 15 08 86 .00..&+.....7...
0010: D5 D8 7B 86 FA 8D 54 86 85 9F 20 87 92 89 64 CB ......T... ...d.
0020: D5 69 81 57 84 D5 FB 1A 84 99 9C 1D 02 01 64 02 .i.W..........d.
0030: 01 09 ..
[3]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
accessMethod: caIssuers
accessLocation: URIName: ldap:///CN=COMPANY%20NAME%20Internal%20Issuing%20CA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=PARENT,DC=local?cACertificate?base?objectClass=certificationAuthority
accessMethod: caIssuers
accessLocation: URIName: http://grc/CertEnroll/CASERVER.PARENT.local_COMPANY%20NAME%20Internal%20Issuing%20CA.crt
[4]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 26 0F F4 17 D4 4A 12 51 1A 7F FC 77 A9 FB 4D 9F &....J.Q...w..M.
0010: 2B 75 DB 71 +u.q
[5]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: ldap:///CN=COMPANY%20NAME%20Internal%20Issuing%20CA,CN=CASERVER,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=PARENT,DC=local?certificateRevocationList?base?objectClass=cRLDistributionPoint, URIName: http://grc/CertEnroll/COMPANY%20NAME%20Internal%20Issuing%20CA.crl]
[6]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
[7]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Key_Encipherment
[8]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: B5 10 57 84 BB 7F A0 ED BA E5 0C D3 00 06 A3 67 ..W............g
0010: 97 93 B2 9E ....
Algorithm: [SHA1withRSA]
Signature:
0000: 0E 24 50 64 FF A6 50 29 B8 AF 61 0F 37 9D 63 2F .$Pd..P)..a.7.c/
0010: 2A BD 90 7E 50 C2 2A 0C B8 16 09 2E FB 0A 0E A6 *...P.*.........
0020: 15 82 0F 1E AD DA 64 DD 36 31 6E 3C C7 33 55 7E ......d.61n<.3U.
0030: 35 0A 4E 49 3B 96 EC C4 4A 01 3F 39 9F 6A E8 11 5.NI;...J.?9.j..
0040: C9 22 45 16 51 9A 15 D6 C3 B3 50 BA FB 56 D3 62 ."E.Q.....P..V.b
0050: 42 D4 CF 76 2B 0B 04 1A 80 87 99 0C B7 97 C1 CE B..v+...........
0060: D5 93 90 E0 1B 84 31 EB 9F 75 A3 2C 52 00 CA 62 ......1..u.,R..b
0070: FE C8 55 23 45 D5 FE 67 D4 A0 30 61 FC 26 08 0B ..U#E..g..0a.&..
0080: 77 D1 26 61 60 31 CD 9A 76 5E 8E 66 85 C6 35 9B w.&a`1..v^.f..5.
0090: 61 41 C5 05 C9 04 42 F2 8D 3D DA F8 80 22 AA AA aA....B..=..."..
00A0: 92 50 CF 17 31 B6 93 CA 5E 85 5D B0 5F D2 77 07 .P..1...^.]._.w.
00B0: 32 D7 69 5A 14 DD 12 62 91 BA 4F 75 19 80 F8 C2 2.iZ...b..Ou....
00C0: 17 19 67 63 4A FF F3 A6 96 35 47 FC 22 2F 76 BA ..gcJ....5G."/v.
00D0: 37 ED EE B2 90 AC 30 C7 7A F9 E6 2E 59 10 8F 2A 7.....0.z...Y..*
00E0: 9E 03 54 18 A5 EB AD 48 3A 78 56 4F 22 BF 8D F7 ..T....H:xVO"...
00F0: 8E C8 21 D4 92 30 A8 FC BE 76 98 15 FB D1 1D C1 ..!..0...v......
chain [1] = [
Version: V3
Subject: CN=XXXX Issuing CA 1, DC=PARENT, DC=local
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 4096 bits
modulus: 710747583573312574266490133477718883175487276449197913367026878246770193366457918874117476848478441807997531601094195095347346667689692353006504772944438996992450206899974172461254170122772439064429800711214524654866811730387219923130077806688460698464420214016926635867290603880408310617196928261244715828938301877231716326135074613866166266159259934139101921704779393181418255236792357734373593843718044094652636084163613474834609513843820562318123712380380149595812702759706362225520298197347612448307537891820678903130283982229075610354246846288916706947063755002331306861708051010714413368970384817146977404909469979632866552303188492277584433342593521141366135313838512466732534501590138191730280137881018224930733224059655122933806684532601188457885427610523069862515778641416852689946070635946964424320750853912644963820761441121054160612741706028476665999908623924083348202525432243752651038591517730169571766303195624990856696540820396758325375089424534352671820926638511083232512074733251774179961972469706146941508467638490252757323558523275340769098076309821000325759423874166279533532418396039620418656504638481199111216522253786699411470101677803106926554982288403832319169109858989451431608015520012872771792487551381
public exponent: 65537
Validity: [From: Thu Mar 13 14:05:43 MDT 2008,
To: Tue Mar 13 14:15:43 MDT 2018]
Issuer: CN=XXXX Root CA, DC="PARENT.DC=local"
SerialNumber: [ 19e8d467 00000000 0008]
Certificate Extensions: 7
[1]: ObjectId: 1.3.6.1.4.1.311.20.2 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 0C 1E 0A 00 53 00 75 00 62 00 43 00 41 .....S.u.b.C.A
[2]: ObjectId: 1.3.6.1.4.1.311.21.1 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 05 02 03 01 00 01 .......
[3]: ObjectId: 1.3.6.1.4.1.311.21.2 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 16 04 14 D5 C8 60 1F D4 BC C8 F4 29 18 65 55 ......`.....).eU
0010: 71 89 08 08 6E C4 1C B1 q...n...
[4]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 37 65 99 AA A5 52 A4 DD F4 97 50 DA B5 6A 46 B1 7e...R....P..jF.
0010: EC F3 21 30 ..!0
[5]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
[6]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
[7]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 73 7B 89 88 B8 20 C4 74 0E E9 15 70 F2 AA B5 93 s.... .t...p....
0010: 95 4B EF 10 .K..
Unparseable certificate extensions: 2
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
Unparseable AuthorityInfoAccess extension due to
java.io.IOException: invalid URI name:file://\\tyson\CertEnroll\tyson_XXXX Root CA.crt
0000: 30 82 01 24 30 81 A3 06 08 2B 06 01 05 05 07 30 0..$0....+.....0
0010: 02 86 81 96 6C 64 61 70 3A 2F 2F 2F 43 4E 3D XX ....ldap:///CN=X
0020: XX XX XX 25 32 30 52 6F 6F 74 25 32 30 43 41 2C XXX%20Root%20CA,
0030: 43 4E 3D 41 49 41 2C 43 4E 3D 50 75 62 6C 69 63 CN=AIA,CN=Public
0040: 25 32 30 4B 65 79 25 32 30 53 65 72 76 69 63 65 %20Key%20Service
0050: 73 2C 43 4E 3D 53 65 72 76 69 63 65 73 2C 44 43 s,CN=Services,DC
0060: 3D 55 6E 61 76 61 69 6C 61 62 6C 65 43 6F 6E 66 =UnavailableConf
0070: 69 67 44 4E 3F 63 41 43 65 72 74 69 66 69 63 61 igDN?cACertifica
0080: 74 65 3F 62 61 73 65 3F 6F 62 6A 65 63 74 43 6C te?base?objectCl
0090: 61 73 73 3D 63 65 72 74 69 66 69 63 61 74 69 6F ass=certificatio
00A0: 6E 41 75 74 68 6F 72 69 74 79 30 3E 06 08 2B 06 nAuthority0>..+.
00B0: 01 05 05 07 30 02 86 32 68 74 74 70 3A 2F 2F 74 ....0..2http://t
00C0: 79 73 6F 6E 2F 43 65 72 74 45 6E 72 6F 6C 6C 2F yson/CertEnroll/
00D0: 74 79 73 6F 6E 5F XX XX XX XX 25 32 30 52 6F 6F tyson_XXXX%20Roo
00E0: 74 25 32 30 43 41 2E 63 72 74 30 3C 06 08 2B 06 t%20CA.crt0<..+.
00F0: 01 05 05 07 30 02 86 30 66 69 6C 65 3A 2F 2F 5C ....0..0file://\
0100: 5C 74 79 73 6F 6E 5C 43 65 72 74 45 6E 72 6F 6C \tyson\CertEnrol
0110: 6C 5C 74 79 73 6F 6E 5F XX XX XX XX 20 52 6F 6F l\tyson_XXXX Roo
0120: 74 20 43 41 2E 63 72 74 t CA.crt
[2]: ObjectId: 2.5.29.31 Criticality=false
Unparseable CRLDistributionPoints extension due to
java.io.IOException: invalid URI name:file://\\tyson\CertEnroll\XXXX Root CA.crl
0000: 30 60 30 5E A0 5C A0 5A 86 2A 66 69 6C 65 3A 2F 0`0^.\.Z.*file:/
0010: 2F 5C 5C 74 79 73 6F 6E 5C 43 65 72 74 45 6E 72 /\\tyson\CertEnr
0020: 6F 6C 6C 5C XX XX XX XX 20 52 6F 6F 74 20 43 41 oll\XXXX Root CA
0030: 2E 63 72 6C 86 2C 68 74 74 70 3A 2F 2F 74 79 73 .crl.,http://tys
0040: 6F 6E 2F 43 65 72 74 45 6E 72 6F 6C 6C 2F XX XX on/CertEnroll/XX
0050: XX XX 25 32 30 52 6F 6F 74 25 32 30 43 41 2E 63 XX%20Root%20CA.c
0060: 72 6C rl
Algorithm: [SHA1withRSA]
Signature:
0000: 3A 61 58 BB DE D8 ED 30 97 EF C0 CB 2C 2D 87 E4 :aX....0....,-..
0010: DE 74 0E F1 74 DC 97 EF BD E4 F7 40 D0 31 F6 D6 [email protected]..
0020: 9B B6 D5 6A AF E3 E7 14 F7 24 69 48 C4 71 50 63 ...j.....$iH.qPc
0030: 96 51 62 D6 BD BE AB 36 DB 9C 5E C2 7B 6F ED 0D .Qb....6..^..o..
0040: 63 FF 26 DE 0A EE 86 5B 43 B0 E4 E1 EE 4D 50 0A c.&....[C....MP.
0050: FE 58 27 4C 2A 06 94 22 5B 17 A4 99 FE F3 39 FE .X'L*.."[.....9.
0060: 66 52 E3 00 94 18 F0 CA A0 8D 30 F9 69 34 A2 BB fR........0.i4..
0070: 7F FC 50 BF 24 25 23 17 68 A1 8E B2 72 A3 C7 B1 ..P.$%#.h...r...
0080: C0 F7 CE 79 E2 A3 99 AE 4C 2B C4 C3 4B D5 DE 15 ...y....L+..K...
0090: B8 02 29 C6 8D 7D E6 FD 83 ED 56 E8 37 6A A7 96 ..).......V.7j..
00A0: 6F D0 B1 9D 39 CC E1 0E BB 59 79 22 01 CF 5C 2E o...9....Yy"..\.
00B0: D9 A7 11 FD CE 6E 47 0E 68 FE 3F AE CE 02 E4 45 .....nG.h.?....E
00C0: 64 2F 39 29 DB 30 82 B7 98 B0 D8 7B 81 0A A5 EB d/9).0..........
00D0: 87 95 12 BC A3 D1 27 3E E7 05 83 A3 BD 42 FC 7B ......'>.....B..
00E0: BD 9F 69 1A 2B 59 77 1C 90 04 E8 E1 F2 C5 9A 55 ..i.+Yw........U
00F0: CF B4 11 D0 D9 28 F3 C7 EB 58 7F 6B DE DE 33 5A .....(...X.k..3Z
Found trusted certificate:
Version: V3
Subject: [email protected], CN=SERVER, OU=Web Team, O=COMPANY NAME, L=CITY, ST=STATE, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: 31516488916856175993354388556520068293794356693242681182245201286667548063641640358313574888462489933475402864236800262460826430243488030753558168637830135426373840447558297285290406873898984898413863294812616756309132288938801104047345625475355654376426138494767988080314969827787605621823083455352331480850948116669339339048031040543939696472504286395458369701032317090387365961443301475102633799830067724032223647096133387365632477706202020365811242759581209534410179060268963901969481769329740356404722306624236516162225426247695795946763666223293969793336832548340134282004822442343909786198074157323202609655959
public exponent: 65537
Validity: [From: Fri Mar 15 07:44:35 MDT 2013,
To: Sun Mar 15 07:44:35 MDT 2015]
Issuer: CN=COMPANY NAME Internal Issuing CA, DC=PARENT, DC=local
SerialNumber: [ 4208795e 00000000 0d7d]
Certificate Extensions: 8
[1]: ObjectId: 1.3.6.1.4.1.311.21.10 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 0E 30 0C 30 0A 06 08 2B 06 01 05 05 07 03 01 ..0.0...+.......
[2]: ObjectId: 1.3.6.1.4.1.311.21.7 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 30 30 2E 06 26 2B 06 01 04 01 82 37 15 08 86 .00..&+.....7...
0010: D5 D8 7B 86 FA 8D 54 86 85 9F 20 87 92 89 64 CB ......T... ...d.
0020: D5 69 81 57 84 D5 FB 1A 84 99 9C 1D 02 01 64 02 .i.W..........d.
0030: 01 09 ..
[3]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
accessMethod: caIssuers
accessLocation: URIName: ldap:///CN=COMPANY%20NAME%20Internal%20Issuing%20CA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=PARENT,DC=local?cACertificate?base?objectClass=certificationAuthority
accessMethod: caIssuers
accessLocation: URIName: http://grc/CertEnroll/CASERVER.PARENT.local_COMPANY%20NAME%20Internal%20Issuing%20CA.crt
[4]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 26 0F F4 17 D4 4A 12 51 1A 7F FC 77 A9 FB 4D 9F &....J.Q...w..M.
0010: 2B 75 DB 71 +u.q
[5]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: ldap:///CN=COMPANY%20NAME%20Internal%20Issuing%20CA,CN=CASERVER,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=PARENT,DC=local?certificateRevocationList?base?objectClass=cRLDistributionPoint, URIName: http://grc/CertEnroll/COMPANY%20NAME%20Internal%20Issuing%20CA.crl]
[6]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
[7]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Key_Encipherment
[8]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: B5 10 57 84 BB 7F A0 ED BA E5 0C D3 00 06 A3 67 ..W............g
0010: 97 93 B2 9E ....
Algorithm: [SHA1withRSA]
Signature:
0000: 0E 24 50 64 FF A6 50 29 B8 AF 61 0F 37 9D 63 2F .$Pd..P)..a.7.c/
0010: 2A BD 90 7E 50 C2 2A 0C B8 16 09 2E FB 0A 0E A6 *...P.*.........
0020: 15 82 0F 1E AD DA 64 DD 36 31 6E 3C C7 33 55 7E ......d.61n<.3U.
0030: 35 0A 4E 49 3B 96 EC C4 4A 01 3F 39 9F 6A E8 11 5.NI;...J.?9.j..
0040: C9 22 45 16 51 9A 15 D6 C3 B3 50 BA FB 56 D3 62 ."E.Q.....P..V.b
0050: 42 D4 CF 76 2B 0B 04 1A 80 87 99 0C B7 97 C1 CE B..v+...........
0060: D5 93 90 E0 1B 84 31 EB 9F 75 A3 2C 52 00 CA 62 ......1..u.,R..b
0070: FE C8 55 23 45 D5 FE 67 D4 A0 30 61 FC 26 08 0B ..U#E..g..0a.&..
0080: 77 D1 26 61 60 31 CD 9A 76 5E 8E 66 85 C6 35 9B w.&a`1..v^.f..5.
0090: 61 41 C5 05 C9 04 42 F2 8D 3D DA F8 80 22 AA AA aA....B..=..."..
00A0: 92 50 CF 17 31 B6 93 CA 5E 85 5D B0 5F D2 77 07 .P..1...^.]._.w.
00B0: 32 D7 69 5A 14 DD 12 62 91 BA 4F 75 19 80 F8 C2 2.iZ...b..Ou....
00C0: 17 19 67 63 4A FF F3 A6 96 35 47 FC 22 2F 76 BA ..gcJ....5G."/v.
00D0: 37 ED EE B2 90 AC 30 C7 7A F9 E6 2E 59 10 8F 2A 7.....0.z...Y..*
00E0: 9E 03 54 18 A5 EB AD 48 3A 78 56 4F 22 BF 8D F7 ..T....H:xVO"...
00F0: 8E C8 21 D4 92 30 A8 FC BE 76 98 15 FB D1 1D C1 ..!..0...v......
*** ServerHelloDone
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
main, WRITE: TLSv1 Handshake, length = 262
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 E0 87 7E 29 17 FC A3 FC F6 69 75 A2 52 36 .....).....iu.R6
0010: 3F DB C3 32 C5 86 6F DA 8A 5A BC 65 2F 4E 7B 2D ?..2..o..Z.e/N.-
0020: E8 BF 3B E2 1E 3D B0 F0 A1 4E F4 A4 5F CD 83 AF ..;..=...N.._...
CONNECTION KEYGEN:
Client Nonce:
0000: 51 49 B9 08 71 18 F2 33 2D 12 75 EC 34 93 10 16 QI..q..3-.u.4...
0010: 97 3B 97 21 38 BB 18 91 E7 19 54 2C B0 70 3D 4F .;.!8.....T,.p=O
Server Nonce:
0000: 51 49 B9 08 73 87 4E EA 5C D9 21 C5 0E 8F 6C F4 QI..s.N.\.!...l.
0010: C8 E5 3D EF 88 AE 28 6D 46 A5 18 70 A0 95 50 C4 ..=...(mF..p..P.
Master Secret:
0000: 21 F1 45 A0 E1 2A 86 A9 44 5A 3F 7E 3D E4 FA 13 !.E..*..DZ?.=...
0010: 58 BE D3 DE F9 DD 1E E6 2D DF 72 B1 29 11 32 B3 X.......-.r.).2.
0020: 68 3C 26 B8 1C 7D 04 FC 93 E8 3B 98 FC 1A 2A 24 h<&.......;...*$
Client MAC write Secret:
0000: 30 01 3F 51 6A 18 05 A7 DC C4 79 01 FD 70 FE 34 0.?Qj.....y..p.4
0010: CA F3 2F 8A ../.
Server MAC write Secret:
0000: 9F 17 95 16 F6 29 D4 04 C2 13 A2 98 74 E6 95 9A .....)......t...
0010: E3 AF 3D 97 ..=.
Client write key:
0000: 03 59 5D D7 BE D9 B7 25 27 AA 86 79 62 57 15 76 .Y]....%'..ybW.v
0010: AA D6 71 73 29 2F 95 1A 75 33 E8 D2 62 55 E0 85 ..qs)/..u3..bU..
Server write key:
0000: 0E 31 B3 07 D7 F7 B8 02 5B F4 24 BE AD 71 4D 3F .1......[.$..qM?
0010: 5F F3 A7 55 05 93 06 BA 41 5E E9 A0 E7 A8 49 7C _..U....A^....I.
Client write IV:
0000: 71 92 6D AE AB 1B 0D EC 51 D5 2E C4 56 33 18 F3 q.m.....Q...V3..
Server write IV:
0000: 5E AA 39 43 C6 8C 6F B0 58 B9 DF 82 77 E2 B1 8A ^.9C..o.X...w...
main, WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
verify_data: { 114, 227, 19, 222, 162, 73, 80, 229, 15, 199, 23, 154 }
main, WRITE: TLSv1 Handshake, length = 48
main, READ: TLSv1 Alert, length = 2
main, RECV TLSv1 ALERT: fatal, handshake_failure
%% Invalidated: [Session-1, TLS_RSA_WITH_AES_256_CBC_SHA]
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1961)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1077)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:515)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)
at testhttps.Main.runTest(Main.java:39)
at testhttps.Main.main(Main.java:23) -
Peer sent alert: Alert Fatal: bad certificate
Dear Experts,
When we try to load an application on our MSS, we get this alert iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: bad certificate. Here the full exception that we get:
com.sap.tc.webdynpro.clientserver.adobe.pdfdocument.base.core.PDFDocumentRuntimeException: Failed to UPDATEDATAINPDF
at com.sap.tc.webdynpro.clientserver.uielib.adobe.impl.InteractiveForm.afterHandleActionEvent(InteractiveForm.java:419)
at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.afterApplicationModification(ClientApplication.java:1132)
at com.sap.tc.webdynpro.clientserver.cal.ClientComponent.afterApplicationModification(ClientComponent.java:895)
at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.doRespond(WindowPhaseModel.java:573)
at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequest(WindowPhaseModel.java:152)
at com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.processRequest(WebDynproWindow.java:335)
at com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:143)
at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:321)
at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingStandalone(ClientSession.java:713)
at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:666)
at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:250)
at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:149)
at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doContent(DispatcherServlet.java:62)
at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doPost(DispatcherServlet.java:53)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
Caused by: com.sap.tc.webdynpro.clientserver.adobe.pdfdocument.base.core.PDFDocumentRuntimeException: PDFDocument Processor failed to process Render Request.
at com.sap.tc.webdynpro.clientserver.adobe.pdfdocument.base.core.PDFDocumentProcessor.process(PDFDocumentProcessor.java:55)
at com.sap.tc.webdynpro.clientserver.adobe.pdfdocument.base.core.PDFDocumentInteractiveFormHandlingContext.execute(PDFDocumentInteractiveFormHandlingContext.java:100)
at com.sap.tc.webdynpro.clientserver.adobe.pdfdocument.base.core.PDFDocumentInteractiveFormHandlingContext.execute(PDFDocumentInteractiveFormHandlingContext.java:123)
at com.sap.tc.webdynpro.clientserver.uielib.adobe.impl.InteractiveForm.afterHandleActionEvent(InteractiveForm.java:340)
... 29 more
Caused by: com.sap.tc.webdynpro.pdfobject.core.PDFObjectRuntimeException: Service call exception; nested exception is:
iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: bad certificate
at com.sap.tc.webdynpro.pdfobject.core.PDFObject.doSoapCall(PDFObject.java:408)
at com.sap.tc.webdynpro.pdfobject.core.PDFObject.render(PDFObject.java:3944)
at com.sap.tc.webdynpro.clientserver.adobe.pdfdocument.base.core.PDFDocumentRenderHandler.handle(PDFDocumentRenderHandler.java:148)
at com.sap.tc.webdynpro.clientserver.adobe.pdfdocument.base.core.PDFDocumentProcessor.process(PDFDocumentProcessor.java:52)
... 32 more
Caused by: java.rmi.RemoteException: Service call exception; nested exception is:
iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: bad certificate
at com.sap.tc.webdynpro.adsproxy.SecConfigBindingStub.rpData(SecConfigBindingStub.java:85)
at com.sap.tc.webdynpro.adsproxy.SecConfigBindingStub.rpData(SecConfigBindingStub.java:95)
at com.sap.tc.webdynpro.pdfobject.core.PDFObject.doSoapCall(PDFObject.java:385)
... 35 more
Caused by: iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: bad certificate
at iaik.security.ssl.r.f(Unknown Source)
at iaik.security.ssl.x.b(Unknown Source)
at iaik.security.ssl.x.a(Unknown Source)
at iaik.security.ssl.r.d(Unknown Source)
at iaik.security.ssl.SSLTransport.startHandshake(Unknown Source)
at iaik.security.ssl.SSLTransport.getOutputStream(Unknown Source)
at iaik.security.ssl.SSLSocket.getOutputStream(Unknown Source)
at com.sap.engine.services.webservices.jaxm.soap.HTTPSocket.initStreamsFromSocket(HTTPSocket.java:669)
at com.sap.engine.services.webservices.jaxm.soap.HTTPSocket.initializeStreams(HTTPSocket.java:470)
at com.sap.engine.services.webservices.jaxm.soap.HTTPSocket.getOutputStream(HTTPSocket.java:427)
at com.sap.engine.services.webservices.jaxrpc.wsdl2java.soapbinding.HTTPTransport.getRequestStream(HTTPTransport.java:355)
at com.sap.engine.services.webservices.jaxrpc.wsdl2java.soapbinding.MimeHttpBinding.outputMessage(MimeHttpBinding.java:550)
at com.sap.engine.services.webservices.jaxrpc.wsdl2java.soapbinding.MimeHttpBinding.call(MimeHttpBinding.java:1433)
at com.sap.tc.webdynpro.adsproxy.SecConfigBindingStub.rpData(SecConfigBindingStub.java:78)
... 37 more
Can anyone suggest a corrective measurement for this issue?
Thank You in advance
Regards
RameshHi Ramesh,
we are facing the similar issue while consuming external webservices
Here is the error:
Caused by: iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: bad record mac at iaik.security.ssl.r.f(Unknown Source) at iaik.security.ssl.x.b(Unknown Source) at iaik.security.ssl.x.a(Unknown Source) at iaik.security.ssl.r.d(Unknown Source) at iaik.security.ssl.SSLTransport.startHandshake(Unknown Source) at iaik.security.ssl.SSLTransport.getOutputStream(Unknown Source) at iaik.security.ssl.SSLSocket.getOutputStream(Unknown Source)
com.sap.tc.webdynpro.model.webservice.api.WDWSModelExecuteException: Exception on execution of web service with WSDL URL 'http://lxxxxxxx:50000/webdynpro/resources/demo.sap.com/mywebservice/Components/com.sap.demo.mywebservice.webservice.comp.WebserviceComp/VECTOR.wsdl' with operation 'VECTOR' in interface 'VECTORPortType' at com.sap.tc.webdynpro.model.webservice.model.WSGenericModelClassExecutable.execute(WSGenericModelClassExecutable.java:84) at com.sap.tc.webdynpro.model.webservice.gci.WSTypedModelClassExecutable.execute(WSTypedModelClassExecutable.java:49) at com.sap.demo.mywebservice.webservice.comp.WebserviceComp.executeVECTOR(WebserviceComp.java:313) at com.sap.demo.mywebservice.webservice.comp.wdp.InternalWebserviceComp.executeVECTOR(InternalWebserviceComp.java:303) at com.sap.demo.mywebservice.webservice.comp.WebserviceCompView.onActionGetDetails(WebserviceCompView.java:195) at com.sap.demo.mywebservice.webservice.comp.wdp.InternalWebserviceCompView.wdInvokeEventHandler(InternalWebserviceCompView.java:289) at com.sap.tc.webdynpro.progmodel.generation.DelegatingView.invokeEventHandler(DelegatingView.java:131) at com.sap.tc.webdynpro.progmodel.controller.Action.fire(Action.java:72) at com.sap.tc.webdynpro.clientserver.phases.ProcessingEventPhase.doHandleActionEvent(ProcessingEventPhase.java:156) at com.sap.tc.webdynpro.clientserver.phases.ProcessingEventPhase.execute(ProcessingEventPhase.java:91) at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequestPartly(WindowPhaseModel.java:162) at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.doProcessRequest(WindowPhaseModel.java:110) at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequest(WindowPhaseModel.java:97) at com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.processRequest(WebDynproWindow.java:514) at com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:52) at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.doExecute(ClientApplication.java:1547) at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.doProcessing(ClientApplication.java:1361) at com.sap.tc.webdynpro.serverimpl.core.sessionctx.AbstractExecutionContextDispatcher.delegateToApplicationDoProcessing(AbstractExecutionContextDispatcher.java:154) at com.sap.tc.webdynpro.serverimpl.wdc.sessionctx.DispatchHandlerForAppProcessing.doService(DispatchHandlerForAppProcessing.java:35) at com.sap.tc.webdynpro.serverimpl.wdc.sessionctx.AbstractDispatchHandler.service(AbstractDispatchHandler.java:127) at com.sap.engine.services.servlets_jsp.server.deploy.impl.module.IRequestDispatcherImpl.dispatch(IRequestDispatcherImpl.java:95) at com.sap.tc.webdynpro.serverimpl.wdc.sessionctx.ExecutionContextDispatcher.dispatchToApplicationDoProcessing(ExecutionContextDispatcher.java:114) at com.sap.tc.webdynpro.serverimpl.core.sessionctx.AbstractExecutionContextDispatcher.dispatch(AbstractExecutionContextDispatcher.java:80) at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.dispatch(ApplicationSession.java:571) at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.dispatch(ApplicationSession.java:602) at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doApplicationProcessingStandalone(ApplicationSession.java:523) at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:270) at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:729) at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:256) at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:258) at com.sap.tc.webdynpro.serverimpl.core.sessionctx.AbstractExecutionContextDispatcher.delegateToRequestManager(AbstractExecutionContextDispatcher.java:202) at com.sap.tc.webdynpro.serverimpl.wdc.sessionctx.DispatchHandlerForRequestManager.doService(DispatchHandlerForRequestManager.java:38) at com.sap.tc.webdynpro.serverimpl.wdc.sessionctx.AbstractDispatchHandler.service(AbstractDispatchHandler.java:127) at com.sap.engine.services.servlets_jsp.server.deploy.impl.module.IRequestDispatcherImpl.dispatch(IRequestDispatcherImpl.java:95) at com.sap.tc.webdynpro.serverimpl.wdc.sessionctx.ExecutionContextDispatcher.dispatchToRequestManager(ExecutionContextDispatcher.java:140) at com.sap.tc.webdynpro.serverimpl.core.sessionctx.AbstractExecutionContextDispatcher.dispatch(AbstractExecutionContextDispatcher.java:92) at com.sap.tc.webdynpro.serverimpl.core.sessionctx.AbstractExecutionContextDispatcher.dispatch(AbstractExecutionContextDispatcher.java:104) at com.sap.tc.webdynpro.serverimpl.core.AbstractDispatcherServlet.doContent(AbstractDispatcherServlet.java:87) at com.sap.tc.webdynpro.serverimpl.core.AbstractDispatcherServlet.doPost(AbstractDispatcherServlet.java:61) at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) at javax.servlet.http.HttpServlet.service(HttpServlet.java:820) at com.sap.engine.services.servlets_jsp.server.Invokable.invoke(Invokable.java:140) at com.sap.engine.services.servlets_jsp.server.Invokable.invoke(Invokable.java:37) at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:466) at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:291) at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:396) at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:385) at com.sap.engine.services.servlets_jsp.filters.DSRWebContainerFilter.process(DSRWebContainerFilter.java:48) at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78) at com.sap.engine.services.servlets_jsp.filters.ServletSelector.process(ServletSelector.java:76) at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78) at com.sap.engine.services.servlets_jsp.filters.ApplicationSelector.process(ApplicationSelector.java:240) at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78) at com.sap.engine.services.httpserver.filters.WebContainerInvoker.process(WebContainerInvoker.java:78) at com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9) at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78) at com.sap.engine.services.httpserver.filters.ResponseLogWriter.process(ResponseLogWriter.java:60) at com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9) at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78) at com.sap.engine.services.httpserver.filters.DefineHostFilter.process(DefineHostFilter.java:27) at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12) at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78) at com.sap.engine.services.httpserver.filters.MonitoringFilter.process(MonitoringFilter.java:29) at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12) at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78) at com.sap.engine.services.httpserver.filters.MemoryStatisticFilter.process(MemoryStatisticFilter.java:43) at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12) at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78) at com.sap.engine.services.httpserver.filters.DSRHttpFilter.process(DSRHttpFilter.java:42) at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12) at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78) at com.sap.engine.services.httpserver.server.Processor.chainedRequest(Processor.java:425) at com.sap.engine.services.httpserver.server.Processor$FCAProcessorThread.process(Processor.java:250) at com.sap.engine.services.httpserver.server.rcm.RequestProcessorThread.run(RequestProcessorThread.java:45) at com.sap.engine.core.thread.execution.Executable.run(Executable.java:109) at com.sap.engine.core.thread.execution.CentralExecutor$SingleThread.run(CentralExecutor.java:314) Caused by: com.sap.engine.services.webservices.espbase.client.bindings.exceptions.TransportBindingException: Connection IO Exception. Check nested exception for details. (Peer sent alert: Alert Fatal: bad record mac) at com.sap.engine.services.webservices.espbase.client.bindings.impl.SOAPTransportBinding.outputSOAPMessage(SOAPTransportBinding.java:399) at com.sap.engine.services.webservices.espbase.client.bindings.impl.SOAPTransportBinding.call_SOAP(SOAPTransportBinding.java:1083) at com.sap.engine.services.webservices.espbase.client.bindings.impl.SOAPTransportBinding.callWOLogging(SOAPTransportBinding.java:779) at com.sap.engine.services.webservices.espbase.client.bindings.impl.SOAPTransportBinding.call(SOAPTransportBinding.java:746) at com.sap.engine.services.webservices.espbase.client.dynamic.impl.DInterfaceInvokerImpl.invokeOperation(DInterfaceInvokerImpl.java:76) at com.sap.tc.webdynpro.model.webservice.model.WSGenericModelClassExecutable.execute(WSGenericModelClassExecutable.java:73) ... 75 more Caused by: iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: bad record mac at iaik.security.ssl.r.f(Unknown Source) at iaik.security.ssl.x.b(Unknown Source) at iaik.security.ssl.x.a(Unknown Source) at iaik.security.ssl.r.d(Unknown Source) at iaik.security.ssl.SSLTransport.startHandshake(Unknown Source) at iaik.security.ssl.SSLTransport.getOutputStream(Unknown Source) at iaik.security.ssl.SSLSocket.getOutputStream(Unknown Source) at com.sap.engine.services.webservices.jaxm.soap.HTTPSocket.initStreamsFromSocket(HTTPSocket.java:636) at com.sap.engine.services.webservices.jaxm.soap.HTTPSocket.initializeStreams(HTTPSocket.java:499) at com.sap.engine.services.webservices.jaxm.soap.HTTPSocket.getOutputStream(HTTPSocket.java:450) at com.sap.engine.services.webservices.espbase.client.bindings.ClientHTTPTransport.getRequestStream(ClientHTTPTransport.java:489) at com.sap.engine.services.webservices.espbase.client.bindings.impl.SOAPTransportBinding.outputSOAPMessage(SOAPTransportBinding.java:357) ... 80 more
Please let me know how do you solved this problem....
I will be very thankful to you
please do me the needful
Thanks & regards
Swetha
Edited by: Swetha Nellore on Mar 12, 2009 9:18 AM
Edited by: Swetha Nellore on Mar 12, 2009 9:18 AM -
SOAP receiver via HTTPS leads to Alert Fatal: bad certificate
Hello everybody,
I working on a scenario where i have to send a message out via https to a partner.
The server requires a client certificate which is installed and configured.
When I now send out some data I get the following error:
com.sap.aii.af.ra.ms.api.RecoverableException: Peer sent alert: Alert Fatal: bad certificate: iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: bad certificate
The partner told me that I also have to install the server certificate. Is this correct? I thought it is not neccessary to install the certificate from Server, is it?
Regards,
ThomasHi,
You would need to load the SSL certificate of your customer if it is a self signed certificate in the TrsutedCA's view in your Visual Admin.
The request is being rejected by XI as the https connection is bot being established as the certificate is not present in the Trusted CA's.
Regards,
Bhavesh -
SSLException while handshaking: Peer sent alert: Alert Fatal: decrypt error
Hello everybody,
I am tryining to establish a connection from SAP PI 7.0 to an external web service that requires SSL with client authentication. I am using the SOAP adapter for that. The private key of us and the public key of the web service were installed in the VA in the TrustedCAs view. In the corresponding receiver channel configuration I have ticked "Configure Certificate Authetication" and selected appropriate entries in "Keystore Entry" and "Keystore View".
Whenever I send a message through the channel I am getting though an error during the SSL handshake: Decrypt error.
Below is the SSL debug log
ssl_debug(15): Sending v3 client_hello message to services.bloomberg.com:443, requesting version 3.1...
ssl_debug(15): Received v3 server_hello handshake message.
ssl_debug(15): Server selected SSL version 3.1.
ssl_debug(15): Server created new session 81:ED:F8:61:3B:51:8E:70...
ssl_debug(15): CipherSuite selected by server: TLS_RSA_WITH_AES_256_CBC_SHA
ssl_debug(15): CompressionMethod selected by server: NULL
ssl_debug(15): Server does not supports secure renegotiation.
ssl_debug(15): Received certificate handshake message with server certificate.
ssl_debug(15): Server sent a 2048 bit RSA certificate, chain has 3 elements.
ssl_debug(15): ChainVerifier: No trusted certificate found, OK anyway.
ssl_debug(15): Received certificate_request handshake message.
ssl_debug(15): Accepted certificate types: RSA, DSA
ssl_debug(15): Accepted certificate authorities:
ssl_debug(15): CN=XXXXXXXXXXXXXXXXXXXXXXXX
ssl_debug(15): CN=VeriSign Class 3 International Server CA - G3,OU=Terms of use at https://www.verisign.com/rpa (c)10,OU=VeriSign Trust Network,O=VeriSign, Inc.,C=US
ssl_debug(15): CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=(c) 2006 VeriSign, Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriSign, Inc.,C=US
ssl_debug(15): Received server_hello_done handshake message.
ssl_debug(15): Sending certificate handshake message with RSA client certificate...
ssl_debug(15): Sending client_key_exchange handshake...
ssl_debug(15): Sending certificate_verify handshake message...
ssl_debug(15): Sending change_cipher_spec message...
ssl_debug(15): Sending finished message...
ssl_debug(15): Received alert message: Alert Fatal: decrypt error
ssl_debug(15): SSLException while handshaking: Peer sent alert: Alert Fatal: decrypt error
ssl_debug(15): Shutting down SSL layer...
My first assumption was that it might be caused by missing public key of other side's server in the TrustedCAs view. Now I have assured that we have this key installed (although I am currious why there is still the "ChainVerifier: No trusted certificate found" message in the log).
Does somebody have an idea what could cause this SSL handshake failure?
Best regards,
MaximThe XPI inspector gave more understanding of the situation. It shows which certificates the remote server is sending, which client certificate is used for authentication and many other topics. Interesting enough the XPI inspector shows that PI trusts the server key whereas the NWA log at the very same time tells that it doesn't. I have posted an OSS message asking to explain why there is this discrepancy.
-
I always get FATAL ALERT: Fatal Exception everytime i try to hot sync
i am trying to sync my tungsten E2 which i just bought refurbished. i installed my own software since my last tungsten E2 went kaput ( so i previously owned a tungsten E2 ). i always get FATAL ALERT: Fatal Exception everytime i try to hot sync. what is wrong? thank you.
Post relates to: Tungsten E2As with most problems that occur on a Palm PDA, it is either software or hardware related and we have to determine which one.
If your device is not locked up, the best method is to first make a complete backup of your unit to your SD card using the free "NVBackup" (available from http://www.freewarepalm.com) After the backup is complete, Hard Reset the unit, then test to see if full functionality returns.
To perform a Hard Reset:
While pressing and holding the Power button down, tap and release the Reset button in back and continue to hold the Power button down. When the grey Palm logo appears, you can release the Power button.
You should now see the warning page in about 5 languages. Press the UP direction on the 5-way pad to complete the task. Your Palm will reset itself several times as it re-installs the original programs and erases all your previous data.
DO NOT HOTSYNC YET! Test the unit before reinstalling any software. If the unit works correctly, your problem is being caused by a "drug interaction" of software - maybe one rogue program, or a combination of several. You'll have to reinstall the third-party programs one or a few at a time to find the problem one. To avoid re-installing a software issue, rename your /Backup directory in your Palm folder (on a PC it's found here: C/Program Files/Palm(One)/"your HotSync ID name truncated"/Backup) to something like "/BackupOLD". Now perform the HotSync, choose your HotSync name you've been using, and all your PIM data will return, but not the third-party programs. Test for functionality again. If all is good, start installing the old programs from your /BackupOLD directory one (or a few if brave) at a time.
If the unit does not work after a Hard Reset is performed correctly, then it may be Hardware-related. (If it's a connection problem via either BlueTooth or Wifi, be sure nothing has changed on the unit you're trying to connect to!)
Hope this has helped,
Wyrenut
I am a Volunteer here, not employed by HP.
You too can become an HP Expert! Details HERE!
If my post has helped you, click the Kudos Thumbs up!
If it solved your issue, Click the "Accept as Solution" button so others can benefit from the question you asked! -
Dear Folks,
I am new to Netweaver version..right now I am working in Netweaver 2004s, Here users requires alerts based on variants created in BEx anlyzer. I am only aware of Reporting agent.here it is obsolete version..
I have created BEx queries with Exception.
Now what are settings required to tigger alerts for the particular query.
I tried to call Bex Braodcaster from Query Designer aswell as Query Anaylzer..Its not showing any popup window or output for futher..
Is ther any option to call Bex broadcaster for alerts..
I have a PDF file rleated Exception..in that file he called broadcaster from Designer..in my case its not working..
<u>Workaround</u>
I called Query using URL, its showing as query template, there i found Information Broadcaster tab..
But here in distribution type its showing only by EMAIL..its not showing any ALERTS option..
I dont know what are settings required here..
Please correct me if I done in wrong way..and please let me know how can I trigger alerts from querys to endusers..
If any documentation is there its really appreciated..if possible please send it to [email protected]
RegardsHi Mr. Krishna,
For indexing (B-tree) to work you should have high cridinality columns (Large number of different values in the colums). If it is not so indexing will not work at all.
You can check this by running select count(distinc colums) from table_name. Compare this value with the total number of rows in the table. if there is a very small difference you can assume indexing will work.
Or else you can check the cardinality from the distinct keys column in user_indexes table after anaylyzing the index.
Oracle provides bitmap indexes for low cardinality columns. Try using bitmap index.
Regards
Darshan Singh -
Handshake_failure (no cipher suites in common) error
Requirement
1. Login to a HTTPS site with the given site username and password through a proxy server (Proxy server doesn't require authentication)
2. Then upload a document in the site
Jars used
jsse.jar
Jcert.jar
Jnet.jar
Environment
Unix \ Weblogic
Code
import java.io.*;
import java.net.*;
import java.util.*;
import java.security.*;
import javax.net.ssl.*;
String loginURL = config.getProperty("LoginURL");
String putURL = config.getProperty("PutURL");
// This is where we have stored the certificate from the server using keytool
//keytool -import -alias ca -file xxx.cer -trustcacerts -v -keystore "cacerts"
//Stored the certificate by viewing the site throw the browser and save it locally
String certFile = config.getProperty("GetCertpath");
// Set proxy
System.setProperty("https.proxyHost", config.getProperty("Proxy"));
System.setProperty("https.proxyPort", config.getProperty("ProxyPort"));
Security.addProvider( new com.sun.net.ssl.internal.ssl.Provider() );
System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
// We are overriding the system default trust store
System.setProperty( "javax.net.ssl.trustStore", certFile);
URL dataURL = new URL(null, loginURL, new com.sun.net.ssl.internal.www.protocol.https.Handler());
com.sun.net.ssl.HttpsURLConnection connection = (com.sun.net.ssl.HttpsURLConnection) dataURL.openConnection();
connection.setHostnameVerifier(new HostnameVerifierImpl());
connection.setInstanceFollowRedirects(true); // Follow redirects by host
// Create login header
String hostlogin = config.getProperty("userID") + ":" + config.getProperty("password");
String encodedHostLogin = Base64Converter.encode(hostlogin.getBytes());
connection.setRequestProperty("Authorization", "Basic " + encodedHostLogin);
// Get the cookie. We'll need it to maintain the session
cookie = connection.getHeaderField("Set-Cookie");
// Read the host's reply, and dump
BufferedReader in = new BufferedReader(new InputStreamReader(connection.getInputStream())); //ERROR at this point
//System.out.print("## INFO: Host Replied...");
String line = null;
while((line = in.readLine()) != null)
//System.out.println(line);
in.close();
Error Dump
Exception occured Received fatal alert: handshake_failure (no cipher suites in common)
javax.net.ssl.SSLException: Received fatal alert: handshake_failure (no cipher suites in common)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b([DashoPro-V1.2-120198])
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a([DashoPro-V1.2-120198])
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a([DashoPro-V1.2-120198])
at com.sun.net.ssl.internal.ssl.AppOutputStream.write([DashoPro-V1.2-120198])
at java.io.OutputStream.write(OutputStream.java:56)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake([DashoPro-V1.2-120198])
at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.doConnect([DashoPro-V1.2-120198])
at com.sun.net.ssl.internal.www.protocol.https.NetworkClient.openServer([DashoPro-V1.2-120198])
at com.sun.net.ssl.internal.www.protocol.https.HttpClient.l([DashoPro-V1.2-120198])
at com.sun.net.ssl.internal.www.protocol.https.HttpClient.<init>([DashoPro-V1.2-120198])
at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.<init>([DashoPro-V1.2-120198])
at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a([DashoPro-V1.2-120198])
at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a([DashoPro-V1.2-120198])
at com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnection.connect([DashoPro-V1.2-120198])
at com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnection.getInputStream([DashoPro-V1.2-120198])
Questions
1. The client (we\our application) does not have any certificates. We just have to login to the site with the id and password and upload a file. What extra we should do to avoid this error?This is the full debug info
*** ClientHello, v3.1
RandomCookie: GMT: 1061973650 bytes = { 66, 125, 28, 182, 32, 174, 11, 166, 105, 30, 208, 142, 122, 250, 76, 48, 46, 41, 230, 73, 229, 20, 7, 5, 25, 218, 181, 43 }
Session ID: {}
Cipher Suites: { 0, 3, 0, 17 }
Compression Methods: { 0 }
[write] MD5 and SHA1 hashes: len = 47
0000: 01 00 00 2B 03 01 3F 4C 6F 92 42 7D 1C B6 20 AE ...+..?Lo.B... .
0010: 0B A6 69 1E D0 8E 7A FA 4C 30 2E 29 E6 49 E5 14 ..i...z.L0.).I..
0020: 07 05 19 DA B5 2B 00 00 04 00 03 00 11 01 00 .....+.........
main, WRITE: SSL v3.1 Handshake, length = 47
[write] MD5 and SHA1 hashes: len = 50
0000: 01 03 01 00 09 00 00 00 20 00 00 03 02 00 80 00 ........ .......
0010: 00 11 3F 4C 6F 92 42 7D 1C B6 20 AE 0B A6 69 1E ..?Lo.B... ...i.
0020: D0 8E 7A FA 4C 30 2E 29 E6 49 E5 14 07 05 19 DA ..z.L0.).I......
0030: B5 2B .+
main, WRITE: SSL v2, contentType = 22, translated length = 16337
main, READ: SSL v3.1 Alert, length = 2
main, RECV SSLv3 ALERT: fatal, handshake_failure
%% No cached client session
*** ClientHello, v3.1
RandomCookie: GMT: 1061973650 bytes = { 2, 6, 51, 93, 63, 135, 69, 177, 206, 97, 223, 48, 244, 40, 179, 108, 54, 67, 148, 76, 251, 197, 152, 112, 73, 142, 206, 13 }
Session ID: {}
Cipher Suites: { 0, 3, 0, 17 }
Compression Methods: { 0 }
[write] MD5 and SHA1 hashes: len = 47
0000: 01 00 00 2B 03 01 3F 4C 6F 92 02 06 33 5D 3F 87 ...+..?Lo...3]?.
0010: 45 B1 CE 61 DF 30 F4 28 B3 6C 36 43 94 4C FB C5 E..a.0.(.l6C.L..
0020: 98 70 49 8E CE 0D 00 00 04 00 03 00 11 01 00 .pI............
main, WRITE: SSL v3.1 Handshake, length = 47
[write] MD5 and SHA1 hashes: len = 50
0000: 01 03 01 00 09 00 00 00 20 00 00 03 02 00 80 00 ........ .......
0010: 00 11 3F 4C 6F 92 02 06 33 5D 3F 87 45 B1 CE 61 ..?Lo...3]?.E..a
0020: DF 30 F4 28 B3 6C 36 43 94 4C FB C5 98 70 49 8E .0.(.l6C.L...pI.
0030: CE 0D ..
main, WRITE: SSL v2, contentType = 22, translated length = 16337
main, READ: SSL v3.1 Alert, length = 2
main, RECV SSLv3 ALERT: fatal, handshake_failure
Exception in thread "main" javax.net.ssl.SSLException: Received fatal alert: handshake_failure (no cipher suites in common)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b([DashoPro-V1.2-120198])
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a([DashoPro-V1.2-120198])
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a([DashoPro-V1.2-120198])
at com.sun.net.ssl.internal.ssl.AppOutputStream.write([DashoPro-V1.2-120198])
at java.io.OutputStream.write(OutputStream.java:56)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake([DashoPro-V1.2-120198])
at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.doConnect([DashoPro-V1.2-120198])
at com.sun.net.ssl.internal.www.protocol.https.NetworkClient.openServer([DashoPro-V1.2-120198])
at com.sun.net.ssl.internal.www.protocol.https.HttpClient.l([DashoPro-V1.2-120198])
at com.sun.net.ssl.internal.www.protocol.https.HttpClient.<init>([DashoPro-V1.2-120198])
at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.<init>([DashoPro-V1.2-120198])
at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a([DashoPro-V1.2-120198])
at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a([DashoPro-V1.2-120198])
at com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnection.connect([DashoPro-V1.2-120198])
at com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnection.getInputStream([DashoPro-V1.2-120198])
Apart from this,
1. When we run the same code in the Windows 2000 environment it works.
2. We want the code to run in the unix box.
3. We have also placed jsse.jar, jcert.jar and jnet.jar in the jre/lib/ext folder
4.Took the following existing file "cacerts" from jre/lib/security folder
5. Saved the certificate from the site through the browser as xxx.cer
6. Put both the files cacerts and xxx.cer in a directory
7. Added the xxx.cer to the cacerts using the following command
keytool -import -alias ca -file xxx.cer -trustcacerts -v -keystore "cacerts"
8. In the java code set the following property,
System.setProperty( "javax.net.ssl.trustStore", path to the cacerts file); -
Hello everyone
here iam struggling with a problem, of handshake failure. the synoptical story is
1. I am developing a java client to connect a payware merchant server at a port 3443 through SSL, with package JSSE from JDK1.4.1 on windows 2000 using socket API.
2. I got the two server certificates namely ca.pem and client.pem. I feel these are server's public key and CA key. Is it right? I have to keep these certificates in the client's keystore. Here itself, i feel the problem is. How to create a keystore for adding these certificates at client's machine using keytool.
a) If i create using "keytool -genkey" and there after, i try
to add above certificates, i am getting the exceptions,
and not adding these certificates.
3. here i don't want to have client side certificates, i.e one way handshaking, or in otherwards, it is server authentication only.
4. after this process i am using below code and trying to contact, iam getting the handshake failure exception, why I unable to resolve this.
the code i am using:
import java.net.*;
import java.io.*;
import javax.net.ssl.*;
import javax.net.ssl.*;
import java.security.cert.X509Certificate;
import java.security.cert.*;
import java.security.KeyStore;
* This example demostrates how to use a SSLSocket as client to
* send a request through SSL socket and get response from a server developed
* in C++. Communication through the SSL layers.
* It assumes that the client is not behind a firewall
public class TestSocketClient {
public static void main(String[] args) throws Exception {
try {
// System.setProperty("java.protocol.handler.pkgs","com.sun.net.ssl.internal.www.protocol");
// java.security.Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
System.setProperty("javax.net.debug","SSL");
System.setProperty("javax.net.ssl.TrustStore","testkeys");
System.setProperty("javax.net.ssl.TrustStorePassword","passphrase");
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SUNX509");
KeyStore ks = KeyStore.getInstance("JKS");
char[] pass = "passphrase".toCharArray();
ks.load(new FileInputStream("testkeys"),pass);
kmf.init(ks,pass);
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SUNX509");
X509TrustManager xtm =new MyX509TrustManager();
TrustManager[] tm = {xtm};
tmf.init(ks);
SSLContext context = SSLContext.getInstance("SSL");
java.security.SecureRandom sr = new java.security.SecureRandom();
context.init(kmf.getKeyManagers(),tm,sr);
SSLSocketFactory sslfactory = context.getSocketFactory();
/* SSLSocketFactory factory =
(SSLSocketFactory)SSLSocketFactory.getDefault();
SSLSocket socket =
(SSLSocket)sslfactory.createSocket("10.0.0.20",3443);
// socket.setNeedClientAuth(true);
String[] protocols = {"SSLv3","TLSv1"};
socket.setEnabledProtocols(protocols);
// socket.setEnabledCipherSuites(socket.getSupportedCipherSuites());
OutputStream os;
System.out.println("socket is created.");
* send http request
* Before any application data is sent or received, the
* SSL socket will do SSL handshaking first to set up
* the security attributes.
* SSL handshaking can be initiated by either flushing data
* down the pipe, or by starting the handshaking by hand.
* Handshaking is started manually in this example because
* PrintWriter catches all IOExceptions (including
* SSLExceptions), sets an internal error flag, and then
* returns without rethrowing the exception.
* Unfortunately, this means any error messages are lost,
* which caused lots of confusion for others using this
* code. The only way to tell there was an error is to call
* PrintWriter.checkError().
System.out.println(" just before handshake ");
// socket.setNeedClientAuth(false);
// socket.startHandshake();
// System.out.println(" Hand shake is completed ");
PrintWriter out = new PrintWriter(
socket.getOutputStream());
System.out.println(" print writer object is created ");
String s="GET http://www.verisign.com/index.html HTTP/1.1";
byte[] b1=s.getBytes("ISO-8859-1");
// out.println("GET http://www.verisign.com/index.html HTTP/1.1");
// os.write(b1);
out.print(b1);
System.out.println(" print is created ");
out.flush();
BufferedReader in = new BufferedReader(
new InputStreamReader(
socket.getInputStream()));
String inputLine=null;
System.out.println("The input line is: "+inputLine);
while ((inputLine = in.readLine()) != null) {
System.out.println("Received messages from here.");
System.out.println(inputLine);
// out.close();
System.out.println(" output is trying to flushing the data ");
* Make sure there were no surprises
if (out.checkError())
System.out.println(
"SSLSocketClient: java.io.PrintWriter error");
/* read response */
in.close();
out.close();
socket.close();
} catch (Exception e) {
System.out.println(" the exception is "+e);
e.printStackTrace();
System.exit(0);
debugging information:
---------- Run the application ----------
found key for : duke
chain [0] = [
Version: V1
Subject: CN=Duke, OU=Java Software, O="Sun Microsystems, Inc.", L=Cupertino, ST=CA, C=US
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@d520c4
Validity: [From: Wed May 23 02:46:46 GMT+03:00 2001,
To: Mon May 23 02:46:46 GMT+03:00 2011]
Issuer: CN=Duke, OU=Java Software, O="Sun Microsystems, Inc.", L=Cupertino, ST=CA, C=US
SerialNumber: [ 3b0afa66 ]
Algorithm: [MD5withRSA]
Signature:
0000: 5F B5 62 E9 A0 26 1D 8E A2 7E 7C 02 08 36 3A 3E _.b..&.......6:>
0010: C9 C2 45 03 DD F9 BC 06 FC 25 CF 30 92 91 B1 4E ..E......%.0...N
0020: 62 17 08 48 14 68 80 CF DD 89 11 EA 92 7F CE DD b..H.h..........
0030: B4 FD 12 A8 71 C7 9E D7 C3 D0 E3 BD BB DE 20 92 ....q......... .
0040: C2 3B C8 DE CB 25 23 C0 8B B6 92 B9 0B 64 80 63 .;...%#......d.c
0050: D9 09 25 2D 7A CF 0A 31 B6 E9 CA C1 37 93 BC 0D ..%-z..1....7...
0060: 4E 74 95 4F 58 31 DA AC DF D8 BD 89 BD AF EC C8 Nt.OX1..........
0070: 2D 18 A2 BC B2 15 4F B7 28 6F D3 00 E1 72 9B 6C -.....O.(o...r.l
adding as trusted cert: [
Version: V1
Subject: ST=Dublin, L=Leopardstown, OU=Banking Support, O=Trintech Technologies, CN=trintech.com, C=IE
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@749757
Validity: [From: Fri Aug 23 13:05:43 GMT+03:00 2002,
To: Sun Sep 22 13:05:43 GMT+03:00 2002]
Issuer: CN=TEST RSA CERTIFICATION AUTHORITY - FOR INTERNAL TESTING PURPOSES ONLY - NO LIABILITY, OU=Banking Division, O=Trintech Technologies Ltd, L=Dublin, ST=County Dublin, C=IE
SerialNumber: [ f0]
Algorithm: [MD5withRSA]
Signature:
0000: 7F 7A 9C F6 9D 6D AF AF 2D D4 4F 92 39 4E 95 9B .z...m..-.O.9N..
0010: 2C 50 76 59 BB E1 27 02 86 DC DB 72 99 7C 97 11 ,PvY..'....r....
0020: 11 36 97 F3 53 E0 68 DB A9 98 B7 94 EF 17 6D 91 .6..S.h.......m.
0030: 81 14 FE B6 33 7C 60 CA 13 12 13 EB 75 E7 23 0C ....3.`.....u.#.
0040: A5 AB 6D F5 0B A2 DA B6 12 DD 48 43 4C AC 80 79 ..m.......HCL..y
0050: 7F EF 98 E7 5A 67 D5 20 C8 91 C2 32 10 F4 F8 02 ....Zg. ...2....
0060: B8 44 45 AC 45 24 57 12 60 12 03 6F 9C 50 CB D4 .DE.E$W.`..o.P..
0070: 8F C5 E5 FB AE 44 0B BC D1 F3 A8 EE 78 64 C0 CF .....D......xd..
adding private entry as trusted cert: [
Version: V1
Subject: CN=Duke, OU=Java Software, O="Sun Microsystems, Inc.", L=Cupertino, ST=CA, C=US
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@d520c4
Validity: [From: Wed May 23 02:46:46 GMT+03:00 2001,
To: Mon May 23 02:46:46 GMT+03:00 2011]
Issuer: CN=Duke, OU=Java Software, O="Sun Microsystems, Inc.", L=Cupertino, ST=CA, C=US
SerialNumber: [ 3b0afa66 ]
Algorithm: [MD5withRSA]
Signature:
0000: 5F B5 62 E9 A0 26 1D 8E A2 7E 7C 02 08 36 3A 3E _.b..&.......6:>
0010: C9 C2 45 03 DD F9 BC 06 FC 25 CF 30 92 91 B1 4E ..E......%.0...N
0020: 62 17 08 48 14 68 80 CF DD 89 11 EA 92 7F CE DD b..H.h..........
0030: B4 FD 12 A8 71 C7 9E D7 C3 D0 E3 BD BB DE 20 92 ....q......... .
0040: C2 3B C8 DE CB 25 23 C0 8B B6 92 B9 0B 64 80 63 .;...%#......d.c
0050: D9 09 25 2D 7A CF 0A 31 B6 E9 CA C1 37 93 BC 0D ..%-z..1....7...
0060: 4E 74 95 4F 58 31 DA AC DF D8 BD 89 BD AF EC C8 Nt.OX1..........
0070: 2D 18 A2 BC B2 15 4F B7 28 6F D3 00 E1 72 9B 6C -.....O.(o...r.l
adding as trusted cert: [
Version: V3
Subject: [email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@dfafd1
Validity: [From: Thu Aug 01 03:00:00 GMT+03:00 1996,
To: Fri Jan 01 02:59:59 GMT+03:00 2021]
Issuer: [email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
SerialNumber: [ 01]
Certificate Extensions: 1
[1]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [MD5withRSA]
Signature:
0000: 07 FA 4C 69 5C FB 95 CC 46 EE 85 83 4D 21 30 8E ..Li\...F...M!0.
0010: CA D9 A8 6F 49 1A E6 DA 51 E3 60 70 6C 84 61 11 ...oI...Q.`pl.a.
0020: A1 1A C8 48 3E 59 43 7D 4F 95 3D A1 8B B7 0B 62 ...H>YC.O.=....b
0030: 98 7A 75 8A DD 88 4E 4E 9E 40 DB A8 CC 32 74 B9 [email protected].
0040: 6F 0D C6 E3 B3 44 0B D9 8A 6F 9A 29 9B 99 18 28 o....D...o.)...(
0050: 3B D1 E3 40 28 9A 5A 3C D5 B5 E7 20 1B 8B CA A4 ;..@(.Z<... ....
0060: AB 8D E9 51 D9 E2 4C 2C 59 A9 DA B9 B2 75 1B F6 ...Q..L,Y....u..
0070: 42 F2 EF C7 F2 18 F9 89 BC A3 FF 8A 23 2E 70 47 B...........#.pG
adding as trusted cert: [
Version: V3
Subject: ST=Safat, L=Kuwait, OU=ISP, O=Qualitynet General Trading and Contracting Co., CN=Qualitynet.net, C=KW
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@a8c488
Validity: [From: Tue Jan 08 17:48:01 GMT+03:00 2002,
To: Wed Jan 08 17:48:01 GMT+03:00 2003]
Issuer: [email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
SerialNumber: [ 08b1fa]
Certificate Extensions: 2
[1]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
[1.3.6.1.5.5.7.3.1]]
[2]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [MD5withRSA]
Signature:
0000: 01 26 CD A6 B4 88 69 68 31 99 44 6C CD 24 5E EE .&....ih1.Dl.$^.
0010: 0D AD 1A 27 94 BC 17 9F 50 CE 22 99 84 29 8E 30 ...'....P."..).0
0020: 74 38 DF 8E 24 35 83 10 7D CD 50 AC C3 5E C8 89 t8..$5....P..^..
0030: 63 B5 02 B4 5B 9F D8 79 28 2B 8B 53 4A 5D 81 30 c...[..y(+.SJ].0
0040: F0 72 53 5D 3D A9 31 75 1C 6F FC 92 9E 41 B9 A7 .rS]=.1u.o...A..
0050: DC 2C 64 FA 17 65 79 83 A2 4D 04 73 C1 61 3E C5 .,d..ey..M.s.a>.
0060: E6 4E 20 2A B1 68 FB D9 15 77 52 10 C1 C6 4E 95 .N *.h...wR...N.
0070: 56 8E E3 7D C1 5F DE 20 14 BB D3 1F A3 8E 85 8D V...._. ........
trigger seeding of SecureRandom
done seeding SecureRandom
socket is created.
just before handshake
print writer object is created
print is created
%% No cached client session
*** ClientHello, v3.1
RandomCookie: GMT: 987413342 bytes = { 254, 80, 236, 112, 44, 177, 113, 24, 240, 17, 19, 124, 170, 193, 156, 242, 6, 94, 107, 49, 236, 18, 211, 50, 196, 36, 58, 91 }
Session ID: {}
Cipher Suites: { 0, 5, 0, 4, 0, 9, 0, 10, 0, 18, 0, 19, 0, 3, 0, 17 }
Compression Methods: { 0 }
[write] MD5 and SHA1 hashes: len = 59
0000: 01 00 00 37 03 01 3B DB BB 5E FE 50 EC 70 2C B1 ...7..;..^.P.p,.
0010: 71 18 F0 11 13 7C AA C1 9C F2 06 5E 6B 31 EC 12 q..........^k1..
0020: D3 32 C4 24 3A 5B 00 00 10 00 05 00 04 00 09 00 .2.$:[..........
0030: 0A 00 12 00 13 00 03 00 11 01 00 ...........
main, WRITE: SSL v3.1 Handshake, length = 59
main, READ: SSL v3.0 Handshake, length = 74
*** ServerHello, v3.0
RandomCookie: GMT: 1019049914 bytes = { 146, 60, 74, 221, 254, 223, 224, 218, 86, 64, 214, 127, 32, 0, 235, 238, 181, 210, 212, 218, 141, 38, 198, 142, 110, 175, 146, 113 }
Session ID: {1, 241, 227, 143, 175, 90, 192, 25, 155, 216, 173, 103, 159, 41, 90, 222, 86, 8, 76, 153, 122, 138, 88, 120, 112, 104, 65, 202, 147, 134, 163, 143}
Cipher Suite: { 0, 10 }
Compression Method: 0
%% Created: [Session-1, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
** SSL_RSA_WITH_3DES_EDE_CBC_SHA
[read] MD5 and SHA1 hashes: len = 74
0000: 02 00 00 46 03 00 3D BD 78 BA 92 3C 4A DD FE DF ...F..=.x..<J...
0010: E0 DA 56 40 D6 7F 20 00 EB EE B5 D2 D4 DA 8D 26 ..V@.. ........&
0020: C6 8E 6E AF 92 71 20 01 F1 E3 8F AF 5A C0 19 9B ..n..q .....Z...
0030: D8 AD 67 9F 29 5A DE 56 08 4C 99 7A 8A 58 78 70 ..g.)Z.V.L.z.Xxp
0040: 68 41 CA 93 86 A3 8F 00 0A 00 hA........
main, READ: SSL v3.0 Handshake, length = 1561
*** Certificate chain
chain [0] = [
Version: V3
Subject: ST=Safat, L=Kuwait, OU=ISP, O=Qualitynet General Trading and Contracting Co., CN=Qualitynet.net, C=KW
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@d251a3
Validity: [From: Tue Jan 08 17:48:01 GMT+03:00 2002,
To: Wed Jan 08 17:48:01 GMT+03:00 2003]
Issuer: [email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
SerialNumber: [ 08b1fa]
Certificate Extensions: 2
[1]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
[1.3.6.1.5.5.7.3.1]]
[2]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [MD5withRSA]
Signature:
0000: 01 26 CD A6 B4 88 69 68 31 99 44 6C CD 24 5E EE .&....ih1.Dl.$^.
0010: 0D AD 1A 27 94 BC 17 9F 50 CE 22 99 84 29 8E 30 ...'....P."..).0
0020: 74 38 DF 8E 24 35 83 10 7D CD 50 AC C3 5E C8 89 t8..$5....P..^..
0030: 63 B5 02 B4 5B 9F D8 79 28 2B 8B 53 4A 5D 81 30 c...[..y(+.SJ].0
0040: F0 72 53 5D 3D A9 31 75 1C 6F FC 92 9E 41 B9 A7 .rS]=.1u.o...A..
0050: DC 2C 64 FA 17 65 79 83 A2 4D 04 73 C1 61 3E C5 .,d..ey..M.s.a>.
0060: E6 4E 20 2A B1 68 FB D9 15 77 52 10 C1 C6 4E 95 .N *.h...wR...N.
0070: 56 8E E3 7D C1 5F DE 20 14 BB D3 1F A3 8E 85 8D V...._. ........
chain [1] = [
Version: V3
Subject: [email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@edc073
Validity: [From: Thu Aug 01 03:00:00 GMT+03:00 1996,
To: Fri Jan 01 02:59:59 GMT+03:00 2021]
Issuer: [email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
SerialNumber: [ 01]
Certificate Extensions: 1
[1]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [MD5withRSA]
Signature:
0000: 07 FA 4C 69 5C FB 95 CC 46 EE 85 83 4D 21 30 8E ..Li\...F...M!0.
0010: CA D9 A8 6F 49 1A E6 DA 51 E3 60 70 6C 84 61 11 ...oI...Q.`pl.a.
0020: A1 1A C8 48 3E 59 43 7D 4F 95 3D A1 8B B7 0B 62 ...H>YC.O.=....b
0030: 98 7A 75 8A DD 88 4E 4E 9E 40 DB A8 CC 32 74 B9 [email protected].
0040: 6F 0D C6 E3 B3 44 0B D9 8A 6F 9A 29 9B 99 18 28 o....D...o.)...(
0050: 3B D1 E3 40 28 9A 5A 3C D5 B5 E7 20 1B 8B CA A4 ;..@(.Z<... ....
0060: AB 8D E9 51 D9 E2 4C 2C 59 A9 DA B9 B2 75 1B F6 ...Q..L,Y....u..
0070: 42 F2 EF C7 F2 18 F9 89 BC A3 FF 8A 23 2E 70 47 B...........#.pG
[read] MD5 and SHA1 hashes: len = 1561
0000: 0B 00 06 15 00 06 12 00 02 F5 30 82 02 F1 30 82 ..........0...0.
0010: 02 5A A0 03 02 01 02 02 03 08 B1 FA 30 0D 06 09 .Z..........0...
0020: 2A 86 48 86 F7 0D 01 01 04 05 00 30 81 C4 31 0B *.H........0..1.
0030: 30 09 06 03 55 04 06 13 02 5A 41 31 15 30 13 06 0...U....ZA1.0..
0040: 03 55 04 08 13 0C 57 65 73 74 65 72 6E 20 43 61 .U....Western Ca
0050: 70 65 31 12 30 10 06 03 55 04 07 13 09 43 61 70 pe1.0...U....Cap
0060: 65 20 54 6F 77 6E 31 1D 30 1B 06 03 55 04 0A 13 e Town1.0...U...
0070: 14 54 68 61 77 74 65 20 43 6F 6E 73 75 6C 74 69 .Thawte Consulti
0080: 6E 67 20 63 63 31 28 30 26 06 03 55 04 0B 13 1F ng cc1(0&..U....
0090: 43 65 72 74 69 66 69 63 61 74 69 6F 6E 20 53 65 Certification Se
00A0: 72 76 69 63 65 73 20 44 69 76 69 73 69 6F 6E 31 rvices Division1
00B0: 19 30 17 06 03 55 04 03 13 10 54 68 61 77 74 65 .0...U....Thawte
00C0: 20 53 65 72 76 65 72 20 43 41 31 26 30 24 06 09 Server CA1&0$..
00D0: 2A 86 48 86 F7 0D 01 09 01 16 17 73 65 72 76 65 *.H........serve
00E0: 72 2D 63 65 72 74 73 40 74 68 61 77 74 65 2E 63 [email protected]
00F0: 6F 6D 30 1E 17 0D 30 32 30 31 30 38 31 34 34 38 om0...0201081448
0100: 30 31 5A 17 0D 30 33 30 31 30 38 31 34 34 38 30 01Z..03010814480
0110: 31 5A 30 81 8E 31 0B 30 09 06 03 55 04 06 13 02 1Z0..1.0...U....
0120: 4B 57 31 17 30 15 06 03 55 04 03 13 0E 51 75 61 KW1.0...U....Qua
0130: 6C 69 74 79 6E 65 74 2E 6E 65 74 31 37 30 35 06 litynet.net1705.
0140: 03 55 04 0A 13 2E 51 75 61 6C 69 74 79 6E 65 74 .U....Qualitynet
0150: 20 47 65 6E 65 72 61 6C 20 54 72 61 64 69 6E 67 General Trading
0160: 20 61 6E 64 20 43 6F 6E 74 72 61 63 74 69 6E 67 and Contracting
0170: 20 43 6F 2E 31 0C 30 0A 06 03 55 04 0B 13 03 49 Co.1.0...U....I
0180: 53 50 31 0F 30 0D 06 03 55 04 07 13 06 4B 75 77 SP1.0...U....Kuw
0190: 61 69 74 31 0E 30 0C 06 03 55 04 08 13 05 53 61 ait1.0...U....Sa
01A0: 66 61 74 30 81 9F 30 0D 06 09 2A 86 48 86 F7 0D fat0..0...*.H...
01B0: 01 01 01 05 00 03 81 8D 00 30 81 89 02 81 81 00 .........0......
01C0: B3 22 23 70 88 16 D8 60 DA A4 CF FF 87 57 54 69 ."#p...`.....WTi
01D0: 53 66 7F 92 A5 38 80 EB E4 AB 12 68 72 AF 91 28 Sf...8.....hr..(
01E0: 26 34 D6 E3 D4 F5 6C C2 69 A3 FF E6 DC 5F C9 A1 &4....l.i...._..
01F0: D9 57 22 45 DB 7F 48 6B 6A 10 8C 85 0D 73 C4 0D .W"E..Hkj....s..
0200: B8 18 5D 89 09 D6 D1 83 B6 1A CF 90 12 80 8B F0 ..].............
0210: 0D 9D CD CC C0 7A 92 86 22 AD A6 EC 4A 57 D5 A2 .....z.."...JW..
0220: 0C 27 C6 3D BC AC 34 6A 3F E6 EC 06 8C 59 8D 1A .'.=..4j?....Y..
0230: 5E 55 9C 28 9B D9 EA 33 B0 D2 82 3B C8 83 02 B5 ^U.(...3...;....
0240: 02 03 01 00 01 A3 25 30 23 30 13 06 03 55 1D 25 ......%0#0...U.%
0250: 04 0C 30 0A 06 08 2B 06 01 05 05 07 03 01 30 0C ..0...+.......0.
0260: 06 03 55 1D 13 01 01 FF 04 02 30 00 30 0D 06 09 ..U.......0.0...
0270: 2A 86 48 86 F7 0D 01 01 04 05 00 03 81 81 00 01 *.H.............
0280: 26 CD A6 B4 88 69 68 31 99 44 6C CD 24 5E EE 0D &....ih1.Dl.$^..
0290: AD 1A 27 94 BC 17 9F 50 CE 22 99 84 29 8E 30 74 ..'....P."..).0t
02A0: 38 DF 8E 24 35 83 10 7D CD 50 AC C3 5E C8 89 63 8..$5....P..^..c
02B0: B5 02 B4 5B 9F D8 79 28 2B 8B 53 4A 5D 81 30 F0 ...[..y(+.SJ].0.
02C0: 72 53 5D 3D A9 31 75 1C 6F FC 92 9E 41 B9 A7 DC rS]=.1u.o...A...
02D0: 2C 64 FA 17 65 79 83 A2 4D 04 73 C1 61 3E C5 E6 ,d..ey..M.s.a>..
02E0: 4E 20 2A B1 68 FB D9 15 77 52 10 C1 C6 4E 95 56 N *.h...wR...N.V
02F0: 8E E3 7D C1 5F DE 20 14 BB D3 1F A3 8E 85 8D 00 ...._. .........
0300: 03 17 30 82 03 13 30 82 02 7C A0 03 02 01 02 02 ..0...0.........
0310: 01 01 30 0D 06 09 2A 86 48 86 F7 0D 01 01 04 05 ..0...*.H.......
0320: 00 30 81 C4 31 0B 30 09 06 03 55 04 06 13 02 5A .0..1.0...U....Z
0330: 41 31 15 30 13 06 03 55 04 08 13 0C 57 65 73 74 A1.0...U....West
0340: 65 72 6E 20 43 61 70 65 31 12 30 10 06 03 55 04 ern Cape1.0...U.
0350: 07 13 09 43 61 70 65 20 54 6F 77 6E 31 1D 30 1B ...Cape Town1.0.
0360: 06 03 55 04 0A 13 14 54 68 61 77 74 65 20 43 6F ..U....Thawte Co
0370: 6E 73 75 6C 74 69 6E 67 20 63 63 31 28 30 26 06 nsulting cc1(0&.
0380: 03 55 04 0B 13 1F 43 65 72 74 69 66 69 63 61 74 .U....Certificat
0390: 69 6F 6E 20 53 65 72 76 69 63 65 73 20 44 69 76 ion Services Div
03A0: 69 73 69 6F 6E 31 19 30 17 06 03 55 04 03 13 10 ision1.0...U....
03B0: 54 68 61 77 74 65 20 53 65 72 76 65 72 20 43 41 Thawte Server CA
03C0: 31 26 30 24 06 09 2A 86 48 86 F7 0D 01 09 01 16 1&0$..*.H.......
03D0: 17 73 65 72 76 65 72 2D 63 65 72 74 73 40 74 68 .server-certs@th
03E0: 61 77 74 65 2E 63 6F 6D 30 1E 17 0D 39 36 30 38 awte.com0...9608
03F0: 30 31 30 30 30 30 30 30 5A 17 0D 32 30 31 32 33 01000000Z..20123
0400: 31 32 33 35 39 35 39 5A 30 81 C4 31 0B 30 09 06 1235959Z0..1.0..
0410: 03 55 04 06 13 02 5A 41 31 15 30 13 06 03 55 04 .U....ZA1.0...U.
0420: 08 13 0C 57 65 73 74 65 72 6E 20 43 61 70 65 31 ...Western Cape1
0430: 12 30 10 06 03 55 04 07 13 09 43 61 70 65 20 54 .0...U....Cape T
0440: 6F 77 6E 31 1D 30 1B 06 03 55 04 0A 13 14 54 68 own1.0...U....Th
0450: 61 77 74 65 20 43 6F 6E 73 75 6C 74 69 6E 67 20 awte Consulting
0460: 63 63 31 28 30 26 06 03 55 04 0B 13 1F 43 65 72 cc1(0&..U....Cer
0470: 74 69 66 69 63 61 74 69 6F 6E 20 53 65 72 76 69 tification Servi
0480: 63 65 73 20 44 69 76 69 73 69 6F 6E 31 19 30 17 ces Division1.0.
0490: 06 03 55 04 03 13 10 54 68 61 77 74 65 20 53 65 ..U....Thawte Se
04A0: 72 76 65 72 20 43 41 31 26 30 24 06 09 2A 86 48 rver CA1&0$..*.H
04B0: 86 F7 0D 01 09 01 16 17 73 65 72 76 65 72 2D 63 ........server-c
04C0: 65 72 74 73 40 74 68 61 77 74 65 2E 63 6F 6D 30 [email protected]
04D0: 81 9F 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 ..0...*.H.......
04E0: 00 03 81 8D 00 30 81 89 02 81 81 00 D3 A4 50 6E .....0........Pn
04F0: C8 FF 56 6B E6 CF 5D B6 EA 0C 68 75 47 A2 AA C2 ..Vk..]...huG...
0500: DA 84 25 FC A8 F4 47 51 DA 85 B5 20 74 94 86 1E ..%...GQ... t...
0510: 0F 75 C9 E9 08 61 F5 06 6D 30 6E 15 19 02 E9 52 .u...a..m0n....R
0520: C0 62 DB 4D 99 9E E2 6A 0C 44 38 CD FE BE E3 64 .b.M...j.D8....d
0530: 09 70 C5 FE B1 6B 29 B6 2F 49 C8 3B D4 27 04 25 .p...k)./I.;.'.%
0540: 10 97 2F E7 90 6D C0 28 42 99 D7 4C 43 DE C3 F5 ../..m.(B..LC...
0550: 21 6D 54 9F 5D C3 58 E1 C0 E4 D9 5B B0 B8 DC B4 !mT.].X....[....
0560: 7B DF 36 3A C2 B5 66 22 12 D6 87 0D 02 03 01 00 ..6:..f"........
0570: 01 A3 13 30 11 30 0F 06 03 55 1D 13 01 01 FF 04 ...0.0...U......
0580: 05 30 03 01 01 FF 30 0D 06 09 2A 86 48 86 F7 0D .0....0...*.H...
0590: 01 01 04 05 00 03 81 81 00 07 FA 4C 69 5C FB 95 ...........Li\..
05A0: CC 46 EE 85 83 4D 21 30 8E CA D9 A8 6F 49 1A E6 .F...M!0....oI..
05B0: DA 51 E3 60 70 6C 84 61 11 A1 1A C8 48 3E 59 43 .Q.`pl.a....H>YC
05C0: 7D 4F 95 3D A1 8B B7 0B 62 98 7A 75 8A DD 88 4E .O.=....b.zu...N
05D0: 4E 9E 40 DB A8 CC 32 74 B9 6F 0D C6 E3 B3 44 0B [email protected].
05E0: D9 8A 6F 9A 29 9B 99 18 28 3B D1 E3 40 28 9A 5A ..o.)...(;..@(.Z
05F0: 3C D5 B5 E7 20 1B 8B CA A4 AB 8D E9 51 D9 E2 4C <... .......Q..L
0600: 2C 59 A9 DA B9 B2 75 1B F6 42 F2 EF C7 F2 18 F9 ,Y....u..B......
0610: 89 BC A3 FF 8A 23 2E 70 47 .....#.pG
main, READ: SSL v3.0 Handshake, length = 210
*** CertificateRequest
Cert Types: RSA, DSS,
Cert Authorities:
<[email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA>
[read] MD5 and SHA1 hashes: len = 210
0000: 0D 00 00 CE 02 01 02 00 C9 00 C7 30 81 C4 31 0B ...........0..1.
0010: 30 09 06 03 55 04 06 13 02 5A 41 31 15 30 13 06 0...U....ZA1.0..
0020: 03 55 04 08 13 0C 57 65 73 74 65 72 6E 20 43 61 .U....Western Ca
0030: 70 65 31 12 30 10 06 03 55 04 07 13 09 43 61 70 pe1.0...U....Cap
0040: 65 20 54 6F 77 6E 31 1D 30 1B 06 03 55 04 0A 13 e Town1.0...U...
0050: 14 54 68 61 77 74 65 20 43 6F 6E 73 75 6C 74 69 .Thawte Consulti
0060: 6E 67 20 63 63 31 28 30 26 06 03 55 04 0B 13 1F ng cc1(0&..U....
0070: 43 65 72 74 69 66 69 63 61 74 69 6F 6E 20 53 65 Certification Se
0080: 72 76 69 63 65 73 20 44 69 76 69 73 69 6F 6E 31 rvices Division1
0090: 19 30 17 06 03 55 04 03 13 10 54 68 61 77 74 65 .0...U....Thawte
00A0: 20 53 65 72 76 65 72 20 43 41 31 26 30 24 06 09 Server CA1&0$..
00B0: 2A 86 48 86 F7 0D 01 09 01 16 17 73 65 72 76 65 *.H........serve
00C0: 72 2D 63 65 72 74 73 40 74 68 61 77 74 65 2E 63 [email protected]
00D0: 6F 6D om
main, READ: SSL v3.0 Handshake, length = 4
*** ServerHelloDone
[read] MD5 and SHA1 hashes: len = 4
0000: 0E 00 00 00 ....
main, SEND SSL v3.0 ALERT: warning, description = no_certificate
main, WRITE: SSL v3.0 Alert, length = 2
JsseJCE: Using JSSE internal implementation for cipher RSA/ECB/PKCS1Padding
*** ClientKeyExchange, RSA PreMasterSecret, v3.0
Random Secret: { 3, 0, 57, 228, 245, 13, 91, 181, 92, 129, 234, 123, 199, 2, 84, 156, 170, 175, 48, 221, 204, 142, 18, 177, 69, 95, 165, 11, 196, 105, 168, 66, 230, 117, 243, 61, 22, 60, 41, 203, 229, 232, 240, 78, 200, 114, 53, 56 }
[write] MD5 and SHA1 hashes: len = 132
0000: 10 00 00 80 78 F9 25 03 98 3E C5 F7 8D 63 17 F2 ....x.%..>...c..
0010: 5A 0F 3D 7C D1 DB 3C 88 69 A1 1F 0F A0 E0 54 AC Z.=...<.i.....T.
0020: 99 8D 4F EC C7 74 F2 BA 8E AD C3 A0 B4 91 E9 1C ..O..t..........
0030: 74 75 2F 89 26 7C 82 6A 70 1F 72 50 F0 07 41 38 tu/.&..jp.rP..A8
0040: 4B 5A 8A F2 DE 61 1A 9D 34 2A 1D 0C C1 9D EC CA KZ...a..4*......
0050: 27 D7 93 3E B1 17 4A 48 62 5E 47 DA 70 6B 10 A2 '..>..JHb^G.pk..
0060: 29 99 3D 17 93 0D B2 FB DF EB 5C 13 91 72 FB 6C ).=.......\..r.l
0070: AD 6D 4D 46 F7 B3 AB 02 76 61 F8 0E 03 7D 32 AF .mMF....va....2.
0080: 3A 53 64 B0 :Sd.
main, WRITE: SSL v3.0 Handshake, length = 132
SESSION KEYGEN:
PreMaster Secret:
0000: 03 00 39 E4 F5 0D 5B B5 5C 81 EA 7B C7 02 54 9C ..9...[.\.....T.
0010: AA AF 30 DD CC 8E 12 B1 45 5F A5 0B C4 69 A8 42 ..0.....E_...i.B
0020: E6 75 F3 3D 16 3C 29 CB E5 E8 F0 4E C8 72 35 38 .u.=.<)....N.r58
CONNECTION KEYGEN:
Client Nonce:
0000: 3B DB BB 5E FE 50 EC 70 2C B1 71 18 F0 11 13 7C ;..^.P.p,.q.....
0010: AA C1 9C F2 06 5E 6B 31 EC 12 D3 32 C4 24 3A 5B .....^k1...2.$:[
Server Nonce:
0000: 3D BD 78 BA 92 3C 4A DD FE DF E0 DA 56 40 D6 7F =.x..<J.....V@..
0010: 20 00 EB EE B5 D2 D4 DA 8D 26 C6 8E 6E AF 92 71 ........&..n..q
Master Secret:
0000: 85 D3 60 38 ED 28 6E 78 A3 1E 6D 6D AB 16 28 00 ..`8.(nx..mm..(.
0010: 43 13 02 A9 27 41 29 52 31 2E E8 4F AD C9 18 2B C...'A)R1..O...+
0020: 32 CE 4F 54 C5 82 24 4D E5 F2 6F 4D 28 E3 F6 BB 2.OT..$M..oM(...
Client MAC write Secret:
0000: CD A6 10 71 07 C6 D4 DE 67 17 3B E1 FD ED D3 1A ...q....g.;.....
0010: 1F C2 0A F0 ....
Server MAC write Secret:
0000: 4D 72 94 AD 25 0C 13 8A 8C 38 99 D7 A7 5C 9C EA Mr..%....8...\..
0010: BC 6D 05 D3 .m..
Client write key:
0000: AF 2E A1 B1 F5 65 C0 DC 06 A9 0B 2F 6D 50 9D AD .....e...../mP..
0010: 9C 54 81 C0 C2 CA 00 1F .T......
Server write key:
0000: C8 D1 05 53 51 AC 90 ED A4 E2 4B ED 9E 51 21 DC ...SQ.....K..Q!.
0010: B6 5C EC 2A AA F9 8F 78 .\.*...x
Client write IV:
0000: 2F 8F 34 8F 63 A6 35 28 /.4.c.5(
Server write IV:
0000: 8F FF D3 C1 AC 32 3D 96 .....2=.
main, WRITE: SSL v3.0 Change Cipher Spec, length = 1
JsseJCE: Using JSSE internal implementation for cipher DESede/CBC/NoPadding
*** Finished, v3.0
MD5 Hash: { 210, 197, 57, 55, 38, 216, 173, 32, 214, 81, 225, 100, 54, 5, 93, 247 }
SHA1 Hash: { 183, 114, 192, 183, 141, 75, 236, 153, 35, 197, 117, 135, 145, 199, 218, 137, 187, 186, 216, 148 }
[write] MD5 and SHA1 hashes: len = 40
0000: 14 00 00 24 D2 C5 39 37 26 D8 AD 20 D6 51 E1 64 ...$..97&.. .Q.d
0010: 36 05 5D F7 B7 72 C0 B7 8D 4B EC 99 23 C5 75 87 6.]..r...K..#.u.
0020: 91 C7 DA 89 BB BA D8 94 ........
Padded plaintext before ENCRYPTION: len = 64
0000: 14 00 00 24 D2 C5 39 37 26 D8 AD 20 D6 51 E1 64 ...$..97&.. .Q.d
0010: 36 05 5D F7 B7 72 C0 B7 8D 4B EC 99 23 C5 75 87 6.]..r...K..#.u.
0020: 91 C7 DA 89 BB BA D8 94 D9 CB BD E2 60 63 C1 09 ............`c..
0030: 3D CD A5 EF 06 89 80 FA 47 D8 4A 9A 03 03 03 03 =.......G.J.....
main, WRITE: SSL v3.0 Handshake, length = 64
main, READ: SSL v3.0 Alert, length = 2
main, RECV SSLv3 ALERT: fatal, handshake_failure
the exception is java.net.SocketException: Socket is closed
java.net.SocketException: Socket is closed
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.getInputStream(DashoA6275)
at TestSocketClient.main(TestSocketClient.java:108)
Normal Termination
Output completed (9 sec consumed).
Hope somebody came across this situation....... waiting for your appreciate response.
thanksHi,
This might not solve all your problems, but it should allow you to load the certificates into a keystore programmatically in Java.
2. I got the two server certificates namely ca.pem and
client.pem. I feel these are server's public key and
CA key. Is it right?You should proabably find out what they are, and make sure they
are certificates.
How to create a keystore for adding these
certificates at client's machine using keytool. Here is how you can create a keystore (in memory) and load the
certificates (if that's what they are) into the keystore:
// assuming you are using X.509 certificates
CertificateFactory cf = CertificateFactory.getInstance("X.509");
FileInputStream certFile = new FileInputStream("pathToCert");
Certificate cert = cf.generateCertificate( certFile );
KeyStore trustedks = KeyStore.getInstance("JKS");
// this essentially initializes a keystor in memeory
trustedks.load(null,null);
// substitute "alias" with "server" and "ca" respectively for your case
// though I find it doesn't matter what their alias is.
trustedks.setCertificateEntry( "alias", certificate );
// continue as you did in your example and use this new trusted keystore
Cheers,
Jason -
Handshake failure with client authentication
Hi,
I am using the JDK1.4 beta 3 to accomplish the following: I want to request an HTML page on an Apache webserver configured with SSL and client-authentication. It works with Netscape and Internet Explorer (and also with the openssl s_client test program)...
But now I want to try it using Java... So, I wrote a very simple program based on some examples found on this forum... But i keep getting the following error (excerpt from the javax.net.debug=all command)
As you can see the server request a client certificate that's issued by the certificate authority mentioned...
*** CertificateRequest
Cert Types: RSA, DSS,
Cert Authorities:
<[email protected], CN=Andy Zaidman, OU=stage, O=Kava's Certif
icate Authority, L=Antwerp, ST=Antwerp, C=BE>
[read] MD5 and SHA1 hashes: len = 180
0000: 0D 00 00 B0 02 01 02 00 AB 00 A9 30 81 A6 31 0B ...........0..1.
0010: 30 09 06 03 55 04 06 13 02 42 45 31 10 30 0E 06 0...U....BE1.0..
0020: 03 55 04 08 13 07 41 6E 74 77 65 72 70 31 10 30 .U....Antwerp1.0
0030: 0E 06 03 55 04 07 13 07 41 6E 74 77 65 72 70 31 ...U....Antwerp1
0040: 25 30 23 06 03 55 04 0A 13 1C 4B 61 76 61 27 73 %0#..U....Kava's
0050: 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 Certificate Aut
0060: 68 6F 72 69 74 79 31 0E 30 0C 06 03 55 04 0B 13 hority1.0...U...
0070: 05 73 74 61 67 65 31 15 30 13 06 03 55 04 03 13 .stage1.0...U...
0080: 0C 41 6E 64 79 20 5A 61 69 64 6D 61 6E 31 25 30 .Andy Zaidman1%0
0090: 23 06 09 2A 86 48 86 F7 0D 01 09 01 16 16 41 6E #..*.H........An
00A0: 64 79 2E 5A 61 69 64 6D 61 6E 40 75 69 61 2E 61 [email protected]
00B0: 63 2E 62 65 c.be
*** ServerHelloDone
[read] MD5 and SHA1 hashes: len = 4
0000: 0E 00 00 00 ....
*** Certificate chain
JsseJCE: Using JSSE internal implementation for cipher RSA/ECB/PKCS1Padding
*** ClientKeyExchange, RSA PreMasterSecret, v3.1
Random Secret: { 3, 1, 38, 54, 219, 158, 32, 158, 155, 15, 55, 137, 216, 164, 4
5, 65, 153, 142, 200, 98, 57, 251, 55, 6, 46, 124, 181, 161, 164, 234, 218, 75,
195, 72, 218, 187, 182, 197, 4, 11, 249, 45, 3, 136, 207, 114, 236, 172 }
[write] MD5 and SHA1 hashes: len = 141
0000: 0B 00 00 03 00 00 00 10 00 00 82 00 80 64 92 2E .............d..
0010: 42 2C A5 79 1D 2B A9 A5 D0 46 2A 1F 67 F3 49 28 B,.y.+...F*.g.I(
0020: E0 ED 1D 85 E3 06 22 49 8A 79 02 48 E2 DD E6 75 ......"I.y.H...u
0030: F3 C0 D3 A8 31 C0 18 94 7C 81 24 75 6A A1 0C 4F ....1.....$uj..O
0040: 99 03 66 B8 37 4F 05 0D 5D CD F2 A0 10 F5 D5 F5 ..f.7O..].......
0050: 50 66 49 91 CA C0 18 F1 07 E9 70 D0 CB EA 70 D3 PfI.......p...p.
0060: 8E 13 55 E7 43 BD 94 1C D3 96 1F E9 67 93 57 62 ..U.C.......g.Wb
0070: 91 5C E6 ED B1 75 9C A8 55 B7 50 DE CE 9B 1C EE .\...u..U.P.....
0080: 57 62 20 9C F3 11 36 68 7A 38 62 79 D1 Wb ...6hz8by.
main, WRITE: SSL v3.1 Handshake, length = 141
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 26 36 DB 9E 20 9E 9B 0F 37 89 D8 A4 2D 41 ..&6.. ...7...-A
0010: 99 8E C8 62 39 FB 37 06 2E 7C B5 A1 A4 EA DA 4B ...b9.7........K
0020: C3 48 DA BB B6 C5 04 0B F9 2D 03 88 CF 72 EC AC .H.......-...r..
CONNECTION KEYGEN:
Client Nonce:
0000: 3B E9 51 EF F3 13 65 11 4E D6 B7 B1 9F E8 F6 CB ;.Q...e.N.......
0010: B5 2B 34 8F 87 53 66 61 33 BF 5A AD 7D 22 57 7D .+4..Sfa3.Z.."W.
Server Nonce:
0000: 3B E9 53 4E 03 37 E9 CD E8 DB 7C 54 9A 9E 53 B9 ;.SN.7.....T..S.
0010: 78 E0 36 DF 06 17 07 90 2C D1 83 5E 20 05 DC E9 x.6.....,..^ ...
Master Secret:
0000: B5 A0 37 0A 2C 29 AD AC 99 B6 2F E0 4D 80 38 68 ..7.,)..../.M.8h
0010: F7 4F 24 C4 AA 8C ED 25 A9 D6 90 33 4B 5A 0B 1D .O$....%...3KZ..
0020: 11 A5 C9 E8 DB DE EF 9B 8D EB 7C 84 D6 AC 94 4F ...............O
Client MAC write Secret:
0000: F5 AF 61 5B B4 C2 A8 12 DA 7A FE A6 82 79 7F FC ..a[.....z...y..
0010: B9 86 B2 C0 ....
Server MAC write Secret:
0000: 62 22 C6 39 91 E4 45 50 2A 49 E0 26 CF 16 3E 6A b".9..EP*I.&..>j
0010: 46 19 00 D9 F...
Client write key:
0000: D9 D2 99 89 5C CA 2E 7D F3 B8 52 24 9E 01 9B 3B ....\.....R$...;
Server write key:
0000: 37 C3 37 78 8B 85 B0 FE 01 83 E2 6C F7 C6 73 33 7.7x.......l..s3
... no IV for cipher
main, WRITE: SSL v3.1 Change Cipher Spec, length = 1
JsseJCE: Using JSSE internal implementation for cipher RC4
*** Finished, v3.1
verify_data: { 51, 236, 194, 3, 230, 37, 147, 76, 251, 233, 132, 207 }
[write] MD5 and SHA1 hashes: len = 16
0000: 14 00 00 0C 33 EC C2 03 E6 25 93 4C FB E9 84 CF ....3....%.L....
Plaintext before ENCRYPTION: len = 36
0000: 14 00 00 0C 33 EC C2 03 E6 25 93 4C FB E9 84 CF ....3....%.L....
0010: 64 30 E3 0B 31 CF 7D C7 D6 17 D8 FB 31 23 F9 34 d0..1.......1#.4
0020: 5D B9 47 F9 ].G.
main, WRITE: SSL v3.1 Handshake, length = 36
main, READ: SSL v3.1 Alert, length = 2
main, RECV SSLv3 ALERT: fatal, handshake_failure
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
at java.io.OutputStream.write(OutputStream.java:61)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275)
at HttpClient.main(HttpClient.java:105)
Now, I am sure the certificate is in the keystore, because one of the first things I do in the program is print the certificates available in the keystore...
Does anyone know what I'm doing wrong? If you need the code to make a proper judgement, I will post it...
Tnx in advance!
Greetz,
Andy Zaidman
[email protected]import java.net.*;
import java.io.*;
import java.security.*;
import java.security.cert.*;
import javax.net.ssl.*;
import java.util.*;
public class HttpClient
public HttpClient(){}
public static void main (String args[])
try
//This is my server certificate - public key
String serverCertificateFile = "MyCA.cer";
//This is my client personal certificate
String clientCertificateFile = "MyPersonal.pfx";
CertificateFactory cf = CertificateFactory.getInstance("X.509");
KeyStore ks = KeyStore.getInstance("JKS");
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SUNX509");
ks.load(null, null);
java.security.cert.X509Certificate the_cert = (java.security.cert.X509Certificate) cf.generateCertificate(new FileInputStream(serverCertificateFile));
ks.setCertificateEntry("server", the_cert);
tmf.init(ks);
for (Enumeration e = ks.aliases() ; e.hasMoreElements() ;)
System.out.println(ks.getCertificate(e.nextElement().toString()).toString());
KeyStore ks2 = KeyStore.getInstance("PKCS12", "SunJSSE");
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SUNX509");
ks2.load(null, null);
FileInputStream fin = new FileInputStream(clientCertificateFile);
ks2.load(fin, "xxx".toCharArray());
kmf.init(ks2, "xxx".toCharArray());
fin.close();
for (Enumeration e = ks2.aliases() ; e.hasMoreElements() ;)
System.out.println(ks2.getCertificate(e.nextElement().toString()).toString());
SSLContext ctx = SSLContext.getInstance("SSLv3");
KeyManager[] km = kmf.getKeyManagers();
for(int i = 0; i < km.length; ++i)
System.out.println(km);
TrustManager[] tm = tmf.getTrustManagers();
ctx.init(km, tm, null);
// connection part
SSLSocketFactory factory = ctx.getSocketFactory();
SSLSocket socket = (SSLSocket)factory.createSocket("localhost", 443);
for(int i = 0; i < socket.getEnabledCipherSuites().length; ++i)
System.out.println(socket.getEnabledCipherSuites()[i]);
socket.startHandshake();
PrintWriter out = new PrintWriter(
new BufferedWriter(
new OutputStreamWriter(
socket.getOutputStream())));
out.println("GET " + "/" + " HTTP/1.1");
out.println();
out.flush();
catch(Exception e)
e.printStackTrace(); -
Hi all, I'm getting the following from javax.net.debug=all. Any ideas as to why it cuts off prior to "ServerHello" section?
%% No cached client session
*** ClientHello, v3.1
RandomCookie: GMT: 1092003438 bytes = { 178, 125, 9, 31, 9, 123, 116, 85, 77, 135, 187, 124, 21, 48, 28, 239, 255, 32, 3, 72, 241, 3, 228, 109, 198, 149, 50, 53 }
Session ID: {}
Cipher Suites: { 0, 3, 0, 17 }
Compression Methods: { 0 }
[write] MD5 and SHA1 hashes: len = 47
0000: 01 00 00 2B 03 01 41 17 A6 6E B2 7D 09 1F 09 7B ...+..A..n......
0010: 74 55 4D 87 BB 7C 15 30 1C EF FF 20 03 48 F1 03 tUM....0... .H..
0020: E4 6D C6 95 32 35 00 00 04 00 03 00 11 01 00 .m..25.........
ExecuteThread: '7' for queue: 'default', WRITE: SSL v3.1 Handshake, length = 47
[write] MD5 and SHA1 hashes: len = 50
0000: 01 03 01 00 09 00 00 00 20 00 00 03 02 00 80 00 ........ .......
0010: 00 11 41 17 A6 6E B2 7D 09 1F 09 7B 74 55 4D 87 ..A..n......tUM.
0020: BB 7C 15 30 1C EF FF 20 03 48 F1 03 E4 6D C6 95 ...0... .H...m..
0030: 32 35 25
ExecuteThread: '7' for queue: 'default', WRITE: SSL v2, contentType = 22, translated length = 16337
ExecuteThread: '7' for queue: 'default', READ: SSL v3.1 Alert, length = 2
ExecuteThread: '7' for queue: 'default', RECV SSLv3 ALERT: fatal, handshake_failure
Exception: javax.net.ssl.SSLException: Received fatal alert: handshake_failure (no cipher suites in common)Okay...so the reason there is no ServerHello is because the Cipher Suites were not supported by the server?? Next question...I have the same JSSE jar files installed on 2 different machines and have verified the classpath for 2 installations of WebLogic 7. On one machine I get the following list of supported ciphers:
***ClientHello, v3.1...
Cipher Suites: { 0, 5, 0, 4, 0, 9, 0, 10, 0, 18, 0, 19, 0, 3, 0, 17 }
and on the other I get these:
***ClientHello, v3.1...
Cipher Suites: { 0, 3, 0, 17 }
How does this happen when the same JSSE package is in use on both servers? -
Bad CertificateRequest DN length
Hi All,
I have set up SOAP(2.3.1) SSL in tomcat 4.1.27 with JDK1.3.1. The client authentication (2 way) works fine when the [java_home]\jre\lib\security\cacerts has 10 trusted certs. However, when import upto 200 trusted certs in the cacerts keystore, following excepts occurs:
server side:
Thread-10, WRITE: SSL v3.1 Handshake, length = 2849
Thread-10, READ: SSL v3.1 Alert, length = 2
Thread-10, RECV SSLv3 ALERT: fatal, handshake_failure
cliend side:
main, READ: SSL v3.1 Handshake, length = 16384
main, READ: SSL v3.1 Handshake, length = 2849
main, SEND SSL v3.1 ALERT: fatal, description = handshake_failure
main, WRITE: SSL v3.1 Alert, length = 2
Caught SOAPException (SOAP-ENV:Client): Error opening socket: javax.net.ssl.SSLP
rotocolException: Bad CertificateRequest DN length
[SOAPException: faultCode=SOAP-ENV:Client; msg=Error opening socket: javax.net.s
sl.SSLProtocolException: Bad CertificateRequest DN length; targetException=java.
lang.IllegalArgumentException: Error opening socket: javax.net.ssl.SSLProtocolEx
ception: Bad CertificateRequest DN length]
at org.apache.soap.transport.http.SOAPHTTPConnection.send(SOAPHTTPConnec
tion.java:354)
at org.apache.soap.rpc.Call.invoke(Call.java:248)
at TestSoap.start(TestSoap.java:76)
at TestSoap.main(TestSoap.java:114)
I have tried to use JDK1.4.1 and the problem solve. But, our application already work with JDK1.3.1 in production stage so that upgrading is not possible.
It seems the cacerts has limitation about the number of trusted cert. Anyone know how to solve this with JDK1.3.1?
Thanks a lot.
brgds Peterone idea is to write your own TrustManager in which you
dont have to load up all 200 certs at once. But rather,when
the client cert chain is presented to you, you some how
would match the chain with your list of trusted CAs (however you
choose to manage it). One way to manage it is to index
the PEMs using their distinguished name and look up based on that.
It's probably about 50-70 lines of codes altogether.
But not sure how you would tell Tomcat to use your trustmanager
though. I think you have to also implement a TrustManagerFactory
and then override JSSE with system property sun.SSL.trustmanager.type -
Handshake_failure using Oracle Wallet as keystore
I am trying to use an Oracle Wallet as a keystore for my connection to a webservice over SSL. The proper certificates have been added to the truststore but when I call handshake() on the SSLSocket I get this error in my debug log:
main, WRITE: TLSv1 Handshake, length = 32
main, READ: TLSv1 Alert, length = 2
main, RECV TLSv1 ALERT: fatal, handshake_failure
Internet Explorer has successfully imported the certificate (ewallet.p12) and I can connect to the webservice through IE, FireFox is picky and generates an unknown error.
I suspect something is going on with the wallet so I am now in the process of generating a new certificate using openSSL, but I'd still like to know if any of this sounds familiar to any of you....Update:
After creating a certificate with openSSL I was successful in opening the connection to the webservice (with a testclass, using SSLSocket and calling cerateSocket() ). Unfortunately, my application would still not communicate with it. After a lot of testing and debugging I found out that in my standalone java class one single connection is created and maintained and used for the communication. In the embedded OC4J that comes with JDev 10.1.3.2 also one single (cached) connection is used, so that also works.
In iAS 10.1.3.0 the created session (the one with the certificate) is not used when trying to communicate with the webservice. The log simply said (no cached session) and a new one was created, with system parameters that did not point to any certificate, and so the handshake_failure occurred again.
After setting the system parameters of the OC4J to point to the keyStore to be used, i was able to communicate with the webserver.
Could anyone tell me if this is a known bug and if so, has it been fixed in 10.1.3.1?
FYI: the code I used was:
1) HTTPConnection.setDefaultSSLFactory() to initialize the session with trustStore and keyStore
2) SOAPConnectionFactory fc = SOAPConnectionFactory .newINstance();
SOAPConnection conn = fc.createConnection();
conn apparently does not use the HTTPConnection created in step 1. A new connection is made without certificates. This caused the error. -
Help with getting Web Start working with two-way SSL
I have successfully transferred data (myclient.jnlp) utilizing web browsers (IE and Mozilla) from my web server (which is set up for two-way SSL "CLIENT-CERT" required) after using the browser's utility to "import" my client-side cert (in .p12 format).
After the browser connects and downloads the "myclient.jnlp" contents and places it in a temporary file, it then kicks off the javaws process with the temporary file as a parameter. The first thing javaws does is utilize the codebase and href values (found in the temporary file) to make a "GET" call to the server for the "myclient.jnlp" file (again).
However, this fails (with a SSL handshake error) since javaws uses a different keystore than IE - the server does not receive the client-side cert. I have imported the root CA and the client cert (in .pem format) into the $JAVA_HOME/jre/lib/security/cacerts file using the keytool command but alas my server still indicates a lack of a client-side cert.
Has anyone else tried this and got it working?Hi Richard,
Indeed it appears that the 1.5 version will have more built-in capability for client certs. It has the look of the IE browser import capability. Unfortunately, I am stuck with having to utilize 1.4.2 for the time being. Since I have posted my original message I have found more information but have yet to get it all working. The truststore in javaws 1.4.2 does have a default (the 1.4.2 jre's cacert file - stragely enough not the same one that gets updated when you import the root CA! - but this has been noted in many other threads). The javaws keystore does not have a default and I have tried, to no avail yet, to utilize some command line parameters, see http://java.sun.com/j2se/1.4.2/docs/guide/security/jsse/JSSERefGuide.html#Customization - to get my client cert "available" and recognized by javaws.
With the help of some debug flags here is the output on my javaws "output" log - all seems to go well up to the point of the client's Certificate chain (which appears to be empty), after the ServerHelloDone :
trustStore is: C:\j2sdk1.4.2_04\jre\lib\security\cacerts
trustStore type is : jks
init truststore
adding as trusted cert:
snipped all the regular trusted certs, left my root CA as proof it is recognized...
adding as trusted cert:
Subject: CN=Root CA, O=Zork.org, L=Fairfax, ST=Virginia, C=US
Issuer: CN=Root CA, O=Zork.org, L=Fairfax, ST=Virginia, C=US
Algorithm: RSA; Serial number: 0x0
Valid from Wed May 26 16:38:59 EDT 2004 until Fri Jun 25 16:38:59 EDT 2004
trigger seeding of SecureRandom
done seeding SecureRandom
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1070211537 bytes = { 205, 211, 129, 234, 88, 129, 152, 176, 223, 180, 161, 138, 246, 183, 181, 89, 61, 252, 63, 35, 21, 34, 253, 32, 254, 124, 38, 198 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
[write] MD5 and SHA1 hashes: len = 73
0000: 01 00 00 45 03 01 40 CA 22 D1 CD D3 81 EA 58 81 ...E..@.".....X.
0010: 98 B0 DF B4 A1 8A F6 B7 B5 59 3D FC 3F 23 15 22 .........Y=.?#."
0020: FD 20 FE 7C 26 C6 00 00 1E 00 04 00 05 00 2F 00 . ..&........./.
0030: 33 00 32 00 0A 00 16 00 13 00 09 00 15 00 12 00 3.2.............
0040: 03 00 08 00 14 00 11 01 00 .........
Thread-3, WRITE: TLSv1 Handshake, length = 73
[write] MD5 and SHA1 hashes: len = 98
0000: 01 03 01 00 39 00 00 00 20 00 00 04 01 00 80 00 ....9... .......
0010: 00 05 00 00 2F 00 00 33 00 00 32 00 00 0A 07 00 ..../..3..2.....
0020: C0 00 00 16 00 00 13 00 00 09 06 00 40 00 00 15 ............@...
0030: 00 00 12 00 00 03 02 00 80 00 00 08 00 00 14 00 ................
0040: 00 11 40 CA 22 D1 CD D3 81 EA 58 81 98 B0 DF B4 ..@.".....X.....
0050: A1 8A F6 B7 B5 59 3D FC 3F 23 15 22 FD 20 FE 7C .....Y=.?#.". ..
0060: 26 C6 &.
Thread-3, WRITE: SSLv2 client hello message, length = 98
Thread-3, READ: TLSv1 Handshake, length = 58
*** ServerHello, TLSv1
RandomCookie: GMT: 1070211539 bytes = { 81, 106, 82, 45, 233, 226, 89, 6, 38, 240, 71, 122, 90, 226, 255, 207, 9, 102, 205, 127, 223, 211, 4, 84, 79, 16, 101, 89 }
Session ID: {34, 167, 132, 174, 141, 4, 57, 197, 190, 207, 105, 117, 241, 9, 97, 81}
Cipher Suite: SSL_RSA_WITH_DES_CBC_SHA
Compression Method: 0
%% Created: [Session-1, SSL_RSA_WITH_DES_CBC_SHA]
** SSL_RSA_WITH_DES_CBC_SHA
[read] MD5 and SHA1 hashes: len = 58
0000: 02 00 00 36 03 01 40 CA 22 D3 51 6A 52 2D E9 E2 ...6..@.".QjR-..
0010: 59 06 26 F0 47 7A 5A E2 FF CF 09 66 CD 7F DF D3 Y.&.GzZ....f....
0020: 04 54 4F 10 65 59 10 22 A7 84 AE 8D 04 39 C5 BE .TO.eY.".....9..
0030: CF 69 75 F1 09 61 51 00 09 00 .iu..aQ...
Thread-3, READ: TLSv1 Handshake, length = 607
*** Certificate chain
chain [0] = [
Version: V3
Subject: CN=Root CA, O=Zork.org, L=Fairfax, ST=Virginia, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: SunJSSE RSA public key:
public exponent:
010001
modulus:
e2bd8de9 598e0735 2bed2057 3800c83d 348550e2 93a017c7 9845f35f cd7b4ada
6ef0c70f 7a033e69 a97ccd15 46f0d1c8 7a0ae909 ddb76f5b cd8029e6 3a6a4965
Validity: [From: Wed May 26 16:38:59 EDT 2004,
To: Fri Jun 25 16:38:59 EDT 2004]
Issuer: CN=Root CA, O=Zork.org, L=Fairfax, ST=Virginia, C=US
SerialNumber: [ 00]
Certificate Extensions: 3
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 3F A7 DF 1F FA 90 1F 98 4F BA 42 9F 21 7D B4 C4 ?.......O.B.!...
0010: 88 76 14 DA .v..
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 3F A7 DF 1F FA 90 1F 98 4F BA 42 9F 21 7D B4 C4 ?.......O.B.!...
0010: 88 76 14 DA .v..
[CN=Root CA, O=Zork.org, L=Fairfax, ST=Virginia, C=US]
SerialNumber: [ 00]
[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [SHA1withRSA]
Signature:
0000: 29 CB D0 48 E2 89 2F 8D 4A A6 73 11 71 EB 58 9D )..H../.J.s.q.X.
0010: 9E 0C 44 1F 87 C2 A3 3C C0 E7 9A E3 C4 BC A7 DD ..D....<........
0020: C4 FC 52 F1 A9 72 65 14 99 C1 A7 62 61 35 91 D8 ..R..re....ba5..
0030: AE FF FB FF 82 D8 1C EE 03 02 77 03 19 6A B0 06 ..........w..j..
Found trusted certificate:
Version: V3
Subject: CN=Root CA, O=Zork.org, L=Fairfax, ST=Virginia, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: SunJSSE RSA public key:
public exponent:
010001
modulus:
e2bd8de9 598e0735 2bed2057 3800c83d 348550e2 93a017c7 9845f35f cd7b4ada
6ef0c70f 7a033e69 a97ccd15 46f0d1c8 7a0ae909 ddb76f5b cd8029e6 3a6a4965
Validity: [From: Wed May 26 16:38:59 EDT 2004,
To: Fri Jun 25 16:38:59 EDT 2004]
Issuer: CN=Root CA, O=Zork.org, L=Fairfax, ST=Virginia, C=US
SerialNumber: [ 00]
Certificate Extensions: 3
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 3F A7 DF 1F FA 90 1F 98 4F BA 42 9F 21 7D B4 C4 ?.......O.B.!...
0010: 88 76 14 DA .v..
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 3F A7 DF 1F FA 90 1F 98 4F BA 42 9F 21 7D B4 C4 ?.......O.B.!...
0010: 88 76 14 DA .v..
[CN=Root CA, O=Zork.org, L=Fairfax, ST=Virginia, C=US]
SerialNumber: [ 00]
[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [SHA1withRSA]
Signature:
0000: 29 CB D0 48 E2 89 2F 8D 4A A6 73 11 71 EB 58 9D )..H../.J.s.q.X.
0010: 9E 0C 44 1F 87 C2 A3 3C C0 E7 9A E3 C4 BC A7 DD ..D....<........
0020: C4 FC 52 F1 A9 72 65 14 99 C1 A7 62 61 35 91 D8 ..R..re....ba5..
0030: AE FF FB FF 82 D8 1C EE 03 02 77 03 19 6A B0 06 ..........w..j..
[read] MD5 and SHA1 hashes: len = 607
0000: 0B 00 02 5B 00 02 58 00 02 55 30 82 02 51 30 82 ...[..X..U0..Q0.
0010: 01 FB A0 03 02 01 02 02 01 00 30 0D 06 09 2A 86 ..........0...*.
0020: 48 86 F7 0D 01 01 05 05 00 30 57 31 0B 30 09 06 H........0W1.0..
0030: 03 55 04 06 13 02 55 53 31 11 30 0F 06 03 55 04 .U....US1.0...U.
0040: 08 13 08 56 69 72 67 69 6E 69 61 31 10 30 0E 06 ...Virginia1.0..
0050: 03 55 04 07 13 07 46 61 69 72 66 61 78 31 11 30 .U....Fairfax1.0
0060: 0F 06 03 55 04 0A 13 08 5A 6F 72 6B 2E 6F 72 67 ...U....Zork.org
0070: 31 10 30 0E 06 03 55 04 03 13 07 52 6F 6F 74 20 1.0...U....Root
0080: 43 41 30 1E 17 0D 30 34 30 35 32 36 32 30 33 38 CA0...0405262038
0090: 35 39 5A 17 0D 30 34 30 36 32 35 32 30 33 38 35 59Z..04062520385
00A0: 39 5A 30 57 31 0B 30 09 06 03 55 04 06 13 02 55 9Z0W1.0...U....U
00B0: 53 31 11 30 0F 06 03 55 04 08 13 08 56 69 72 67 S1.0...U....Virg
00C0: 69 6E 69 61 31 10 30 0E 06 03 55 04 07 13 07 46 inia1.0...U....F
00D0: 61 69 72 66 61 78 31 11 30 0F 06 03 55 04 0A 13 airfax1.0...U...
00E0: 08 5A 6F 72 6B 2E 6F 72 67 31 10 30 0E 06 03 55 .Zork.org1.0...U
00F0: 04 03 13 07 52 6F 6F 74 20 43 41 30 5C 30 0D 06 ....Root CA0\0..
0100: 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 4B 00 30 .*.H.........K.0
0110: 48 02 41 00 E2 BD 8D E9 59 8E 07 35 2B ED 20 57 H.A.....Y..5+. W
0120: 38 00 C8 3D 34 85 50 E2 93 A0 17 C7 98 45 F3 5F 8..=4.P......E._
0130: CD 7B 4A DA 6E F0 C7 0F 7A 03 3E 69 A9 7C CD 15 ..J.n...z.>i....
0140: 46 F0 D1 C8 7A 0A E9 09 DD B7 6F 5B CD 80 29 E6 F...z.....o[..).
0150: 3A 6A 49 65 02 03 01 00 01 A3 81 B1 30 81 AE 30 :jIe........0..0
0160: 0C 06 03 55 1D 13 04 05 30 03 01 01 FF 30 1D 06 ...U....0....0..
0170: 03 55 1D 0E 04 16 04 14 3F A7 DF 1F FA 90 1F 98 .U......?.......
0180: 4F BA 42 9F 21 7D B4 C4 88 76 14 DA 30 7F 06 03 O.B.!....v..0...
0190: 55 1D 23 04 78 30 76 80 14 3F A7 DF 1F FA 90 1F U.#.x0v..?......
01A0: 98 4F BA 42 9F 21 7D B4 C4 88 76 14 DA A1 5B A4 .O.B.!....v...[.
01B0: 59 30 57 31 0B 30 09 06 03 55 04 06 13 02 55 53 Y0W1.0...U....US
01C0: 31 11 30 0F 06 03 55 04 08 13 08 56 69 72 67 69 1.0...U....Virgi
01D0: 6E 69 61 31 10 30 0E 06 03 55 04 07 13 07 46 61 nia1.0...U....Fa
01E0: 69 72 66 61 78 31 11 30 0F 06 03 55 04 0A 13 08 irfax1.0...U....
01F0: 5A 6F 72 6B 2E 6F 72 67 31 10 30 0E 06 03 55 04 Zork.org1.0...U.
0200: 03 13 07 52 6F 6F 74 20 43 41 82 01 00 30 0D 06 ...Root CA...0..
0210: 09 2A 86 48 86 F7 0D 01 01 05 05 00 03 41 00 29 .*.H.........A.)
0220: CB D0 48 E2 89 2F 8D 4A A6 73 11 71 EB 58 9D 9E ..H../.J.s.q.X..
0230: 0C 44 1F 87 C2 A3 3C C0 E7 9A E3 C4 BC A7 DD C4 .D....<.........
0240: FC 52 F1 A9 72 65 14 99 C1 A7 62 61 35 91 D8 AE .R..re....ba5...
0250: FF FB FF 82 D8 1C EE 03 02 77 03 19 6A B0 06 .........w..j..
Thread-3, READ: TLSv1 Handshake, length = 220
*** CertificateRequest
Cert Types: RSA, DSS, Ephemeral DH (RSA sig),
Cert Authorities:
<CN=Root CA, O=Zork.org, L=Fairfax, ST=Virginia, C=US>
<CN=Server CA, OU=Server Division, O=Zork.org, L=Fairfax, ST=Virginia, C=US>
[read] MD5 and SHA1 hashes: len = 220
0000: 0D 00 00 D8 03 01 02 05 00 D2 00 59 30 57 31 0B ...........Y0W1.
0010: 30 09 06 03 55 04 06 13 02 55 53 31 11 30 0F 06 0...U....US1.0..
0020: 03 55 04 08 13 08 56 69 72 67 69 6E 69 61 31 10 .U....Virginia1.
0030: 30 0E 06 03 55 04 07 13 07 46 61 69 72 66 61 78 0...U....Fairfax
0040: 31 11 30 0F 06 03 55 04 0A 13 08 5A 6F 72 6B 2E 1.0...U....Zork.
0050: 6F 72 67 31 10 30 0E 06 03 55 04 03 13 07 52 6F org1.0...U....Ro
0060: 6F 74 20 43 41 00 75 30 73 31 0B 30 09 06 03 55 ot CA.u0s1.0...U
0070: 04 06 13 02 55 53 31 11 30 0F 06 03 55 04 08 13 ....US1.0...U...
0080: 08 56 69 72 67 69 6E 69 61 31 10 30 0E 06 03 55 .Virginia1.0...U
0090: 04 07 13 07 46 61 69 72 66 61 78 31 11 30 0F 06 ....Fairfax1.0..
00A0: 03 55 04 0A 13 08 5A 6F 72 6B 2E 6F 72 67 31 18 .U....Zork.org1.
00B0: 30 16 06 03 55 04 0B 13 0F 53 65 72 76 65 72 20 0...U....Server
00C0: 44 69 76 69 73 69 6F 6E 31 12 30 10 06 03 55 04 Division1.0...U.
00D0: 03 13 09 53 65 72 76 65 72 20 43 41 ...Server CA
Thread-3, READ: TLSv1 Handshake, length = 4
*** ServerHelloDone
[read] MD5 and SHA1 hashes: len = 4
0000: 0E 00 00 00 ....
*** Certificate chain
JsseJCE: Using JSSE internal implementation for cipher RSA/ECB/PKCS1Padding
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
Random Secret: { 3, 1, 175, 38, 47, 77, 131, 125, 209, 147, 174, 228, 183, 99, 34, 2, 100, 186, 77, 47, 65, 233, 82, 133, 183, 113, 8, 193, 51, 241, 167, 105, 4, 187, 57, 130, 161, 11, 178, 11, 134, 84, 96, 106, 203, 11, 195, 51 }
[write] MD5 and SHA1 hashes: len = 77
0000: 0B 00 00 03 00 00 00 10 00 00 42 00 40 39 9F EC ..........B.@9..
0010: 5F 92 FA 3D 5E 3D 0C 19 10 72 DA BE B6 14 76 62 _..=^=...r....vb
0020: AE 39 75 0B 74 10 C7 B1 42 D7 A1 22 C0 0E B8 A2 .9u.t...B.."....
0030: 22 80 73 20 36 A2 FD BB F9 3E F4 F0 91 CE 95 F8 ".s 6....>......
0040: 05 D7 22 FC 2C CF 1B AB 19 82 03 D2 F5 ..".,........
Thread-3, WRITE: TLSv1 Handshake, length = 77
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 AF 26 2F 4D 83 7D D1 93 AE E4 B7 63 22 02 ...&/M.......c".
0010: 64 BA 4D 2F 41 E9 52 85 B7 71 08 C1 33 F1 A7 69 d.M/A.R..q..3..i
0020: 04 BB 39 82 A1 0B B2 0B 86 54 60 6A CB 0B C3 33 ..9......T`j...3
CONNECTION KEYGEN:
Client Nonce:
0000: 40 CA 22 D1 CD D3 81 EA 58 81 98 B0 DF B4 A1 8A @.".....X.......
0010: F6 B7 B5 59 3D FC 3F 23 15 22 FD 20 FE 7C 26 C6 ...Y=.?#.". ..&.
Server Nonce:
0000: 40 CA 22 D3 51 6A 52 2D E9 E2 59 06 26 F0 47 7A @.".QjR-..Y.&.Gz
0010: 5A E2 FF CF 09 66 CD 7F DF D3 04 54 4F 10 65 59 Z....f.....TO.eY
Master Secret:
0000: 67 B9 58 74 69 18 0B 2E 00 EB AC 9B 77 15 B4 65 g.Xti.......w..e
0010: 61 A1 AC D0 F1 D5 4C CA 0E 51 FC 58 A0 11 B7 87 a.....L..Q.X....
0020: EC 72 26 D0 83 18 27 49 8F B6 32 FF E3 89 1D E4 .r&...'I..2.....
Client MAC write Secret:
0000: D5 96 AB F7 1E 46 5F 46 8A E9 3E DF A0 5E 32 5E .....F_F..>..^2^
0010: 00 FB B8 D8 ....
Server MAC write Secret:
0000: E6 7D 8E F5 6A 4C 94 4C D6 2A 3A 4D FC C1 94 A3 ....jL.L.*:M....
0010: C5 6C 5F B6 .l_.
Client write key:
0000: 18 1D 51 8C 74 6D 18 57 ..Q.tm.W
Server write key:
0000: 0D 4E 7A F1 5A D6 5F 5B .Nz.Z._[
Client write IV:
0000: 4C BB 4D FA 4F EB CB 4E L.M.O..N
Server write IV:
0000: B7 6A CA E9 66 7D 25 88 .j..f.%.
Thread-3, WRITE: TLSv1 Change Cipher Spec, length = 1
JsseJCE: Using JSSE internal implementation for cipher DES/CBC/NoPadding
*** Finished
verify_data: { 20, 20, 38, 13, 43, 235, 102, 72, 75, 212, 21, 21 }
[write] MD5 and SHA1 hashes: len = 16
0000: 14 00 00 0C 14 14 26 0D 2B EB 66 48 4B D4 15 15 ......&.+.fHK...
Padded plaintext before ENCRYPTION: len = 40
0000: 14 00 00 0C 14 14 26 0D 2B EB 66 48 4B D4 15 15 ......&.+.fHK...
0010: 90 9C E9 09 F4 48 96 A6 8F AA 04 DF E9 36 72 F0 .....H.......6r.
0020: 42 F0 60 78 03 03 03 03 B.`x....
Thread-3, WRITE: TLSv1 Handshake, length = 40
Thread-3, READ: TLSv1 Alert, length = 2
Thread-3, RECV TLSv1 ALERT: fatal, handshake_failure
Thread-3, called closeSocket()
Thread-3, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
Finalizer, called close()
Finalizer, called closeInternal(true)
So I'll toil away trying to get *right* combination of settings - please let me know if you have any ideas! FYI here are the command line settings I am using for the keystore:
-Djavax.net.ssl.keyStore=c:\myClientIdKeyStore -Djavax.net.ssl.keyStoreType=jks -Djavax.net.ssl.keyStorePassword=myClientIdKeyStorePass
Thanks,
Paul -
Connecting Java client to SSL server with existing certificates
I am currently trying to connect my Java client to an existing server application
written in C++. I have been provided the needed certificates (root.pem, server.pem,
and client.pem). My code simply creates a SSLSocket and then attempts to read
from it. Something goes wrong during the handshake process and I get a SSLHandshakeException. The certificates have been added to the keystore
I am using, and I do not know any other action to take.
Here is the debug output:
setting up default SSLSocketFactory
use default SunJSSE impl class: com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl
class com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl is loaded
keyStore is :
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
trustStore is: keystore.jks
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: [email protected], CN=Employee, OU=test, O=company-USA, L=City, ST=AL, C=US
Issuer: [email protected], CN=company Employee, OU=test, O="company, Inc.", L=City, ST=AL, C=US
Algorithm: RSA; Serial number: 0xb40b909f74d167aa
Valid from Tue Sep 12 09:42:01 CDT 2006 until Thu Oct 12 09:42:01 CDT 2006
adding as trusted cert:
Subject: [email protected], CN=Employee, OU=test, O="company, Inc.", L=City, ST=AL, C=US
Issuer: [email protected], CN=ISAC Employee, OU=test, O="company, Inc.", L=City, ST=AL, C=US
Algorithm: RSA; Serial number: 0xb40b909f74d167ab
Valid from Tue Sep 12 09:49:12 CDT 2006 until Thu Oct 12 09:49:12 CDT 2006
adding as trusted cert:
Subject: [email protected], CN=company Employee, OU=test, O="company, Inc.", L=City, ST=AL, C=US
Issuer: [email protected], CN=company, OU=test, O="company, Inc.", L=City, ST=AL, C=US
Algorithm: RSA; Serial number: 0xf6e3ada87dc4004f
Valid from Tue Sep 12 09:40:32 CDT 2006 until Thu Oct 12 09:40:32 CDT 2006
init context
trigger seeding of SecureRandom
done seeding SecureRandom
instantiated an instance of class com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl
SSL socket created
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1158089181 bytes = { 138, 112, 170, 91, 246, 86, 216, 146, 160, 188, 243, 154, 238, 132, 33, 219, 251, 3, 93, 25, 191, 247, 41, 14, 99, 135, 130, 23 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
[write] MD5 and SHA1 hashes: len = 79
0000: 01 00 00 4B 03 01 45 07 0A DD 8A 70 AA 5B F6 56 ...K..E....p.[.V
0010: D8 92 A0 BC F3 9A EE 84 21 DB FB 03 5D 19 BF F7 ........!...]...
0020: 29 0E 63 87 82 17 00 00 24 00 04 00 05 00 2F 00 ).c.....$...../.
0030: 35 00 33 00 39 00 32 00 38 00 0A 00 16 00 13 00 5.3.9.2.8.......
0040: 09 00 15 00 12 00 03 00 08 00 14 00 11 01 00 ...............
Client Thread, WRITE: TLSv1 Handshake, length = 79
[write] MD5 and SHA1 hashes: len = 107
0000: 01 03 01 00 42 00 00 00 20 00 00 04 01 00 80 00 ....B... .......
0010: 00 05 00 00 2F 00 00 35 00 00 33 00 00 39 00 00 ..../..5..3..9..
0020: 32 00 00 38 00 00 0A 07 00 C0 00 00 16 00 00 13 2..8............
0030: 00 00 09 06 00 40 00 00 15 00 00 12 00 00 03 02 .....@..........
0040: 00 80 00 00 08 00 00 14 00 00 11 45 07 0A DD 8A ...........E....
0050: 70 AA 5B F6 56 D8 92 A0 BC F3 9A EE 84 21 DB FB p.[.V........!..
0060: 03 5D 19 BF F7 29 0E 63 87 82 17 .]...).c...
Client Thread, WRITE: SSLv2 client hello message, length = 107
[Raw write]: length = 109
0000: 80 6B 01 03 01 00 42 00 00 00 20 00 00 04 01 00 .k....B... .....
0010: 80 00 00 05 00 00 2F 00 00 35 00 00 33 00 00 39 ....../..5..3..9
0020: 00 00 32 00 00 38 00 00 0A 07 00 C0 00 00 16 00 ..2..8..........
0030: 00 13 00 00 09 06 00 40 00 00 15 00 00 12 00 00 .......@........
0040: 03 02 00 80 00 00 08 00 00 14 00 00 11 45 07 0A .............E..
0050: DD 8A 70 AA 5B F6 56 D8 92 A0 BC F3 9A EE 84 21 ..p.[.V........!
0060: DB FB 03 5D 19 BF F7 29 0E 63 87 82 17 ...]...).c...
Client Thread, received EOFException: error
Client Thread, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
Client Thread, SEND TLSv1 ALERT: fatal, description = handshake_failure
Client Thread, WRITE: TLSv1 Alert, length = 2
[Raw write]: length = 7
0000: 15 03 01 00 02 02 28 ......(
Client Thread, called closeSocket()
Error: Remote host closed connection during handshake
Thread-4, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake(I am the original poster of this message, I had to create a new username though).
The original problem had to do with incompatibilities with the protocol and/or cipher suites
used. Now, the client and server perform most of the handshake process, but something
goes wrong as the server requests the client certificate. In other words, the server requires
mutual authentication, but for some reason it seems like my JSSE client won't send over
it's client certificate. I don't get any type of bad certificate exceptions, so I'm not sure
where the source of the error lies.
Updated output:
setting up default SSLSocketFactory
use default SunJSSE impl class: com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl
class com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl is loaded
keyStore is : keystore
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
trustStore is: truststore
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: [email protected], CN=Employee, OU=default, O="default Inc.", L=default, ST=AL, C=US
Issuer: [email protected], CN=default Employee, OU=default, O="default, Inc.", L=default, ST=AL, C=US
Algorithm: RSA; Serial number: 0xb40b909f74d167ab
Valid from Tue Sep 12 09:49:12 CDT 2006 until Thu Oct 12 09:49:12 CDT 2006
adding as trusted cert:
Subject: [email protected], CN=default-Server, OU=HawkEye, O=default, L=default, ST=AL, C=US
Issuer: [email protected], CN=default Employee, OU=default, O="default, Inc.", L=default, ST=AL, C=US
Algorithm: RSA; Serial number: 0xb40b909f74d167ac
Valid from Tue Sep 12 14:42:28 CDT 2006 until Thu Oct 12 14:42:28 CDT 2006
adding as trusted cert:
Subject: [email protected], CN=default Employee, OU=default, O="default, Inc.", L=default, ST=AL, C=US
Issuer: [email protected], CN=default Employee, OU=default, O="default, Inc.", L=default, ST=AL, C=US
Algorithm: RSA; Serial number: 0xf6e3ada87dc4004f
Valid from Tue Sep 12 09:40:32 CDT 2006 until Thu Oct 12 09:40:32 CDT 2006
init context
trigger seeding of SecureRandom
done seeding SecureRandom
instantiated an instance of class com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1158242806 bytes = { 71, 195, 185, 44, 86, 96, 14, 11, 171, 76, 105, 135, 136, 114, 53, 54, 137, 75, 202, 254, 112, 208, 240, 91, 199, 246, 175, 207 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
Client Thread, WRITE: TLSv1 Handshake, length = 79
Client Thread, READ: TLSv1 Handshake, length = 74
*** ServerHello, TLSv1
RandomCookie: GMT: 1158242807 bytes = { 63, 93, 48, 73, 98, 251, 160, 215, 61, 110, 246, 12, 5, 209, 95, 194, 152, 193, 0, 181, 135, 26, 150, 174, 52, 92, 56, 250 }
Session ID: {83, 31, 134, 30, 76, 200, 183, 120, 7, 94, 26, 65, 186, 91, 197, 25, 10, 193, 94, 220, 198, 250, 162, 153, 6, 89, 12, 250, 66, 105, 249, 211}
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA
Compression Method: 0
%% Created: [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]
** TLS_RSA_WITH_AES_128_CBC_SHA
Client Thread, READ: TLSv1 Handshake, length = 1903
*** Certificate chain
chain [0] = [
Version: V3
Subject: [email protected], CN=Employee, OU=default, O="default, Inc.", L=default, ST=AL, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 164546130673614659100546464587508805401937082626997447139358150641653094778762702643605529386963945060462618417820295217144739538713137107756847225226998964727905246706969036839701385553183842454061172884072035749790213037240682893878786969498404371282074360019097248835858617183835587887295684928062301303789
public exponent: 65537
Validity: [From: Tue Sep 12 09:49:12 CDT 2006,
To: Thu Oct 12 09:49:12 CDT 2006]
Issuer: [email protected], CN=default Employee, OU=default, O="default, Inc.", L=default, ST=AL, C=US
SerialNumber: [ b40b909f 74d167ab]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 ....OpenSSL Gene
0010: 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 rated Certificat
0020: 65 e
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: C8 EA 02 93 42 9E 44 D1 55 7D 2D 32 4B 9B 1C 6D ....B.D.U.-2K..m
0010: 63 6B 73 82 cks.
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 2C BC 66 DC 06 BA 62 79 3B 1A 20 92 E0 81 71 A0 ,.f...by;. ...q.
0010: 0D 05 3C 95 ..<.
[[email protected], CN=default Employee, OU=default, O="default, Inc.", L=default, ST=AL, C=US]
SerialNumber: [ f6e3ada8 7dc4004f]
[4]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [SHA1withRSA]
Signature:
0000: BF 60 5A 67 3E E6 F0 92 4F E4 81 6D 71 0A 2E E8 .`Zg>...O..mq...
0010: F3 59 A1 87 7B D1 3A 7A CB FF D6 39 63 79 B6 82 .Y....:z...9cy..
0020: 2A 22 D0 46 51 30 6B 2A 61 6B A0 4C F0 3B CE 5B *".FQ0k*ak.L.;.[
0030: 9C 1D 46 CB D7 C2 B2 23 E2 A5 06 CD 12 F8 A9 CB ..F....#........
0040: B5 A2 43 B1 06 4C 42 B5 67 F2 DF 50 6B BC 8A 5E ..C..LB.g..Pk..^
0050: 95 0D F3 2A 73 A8 5A C8 55 77 D7 36 74 16 9E 05 ...*s.Z.Uw.6t...
0060: 85 C6 DC 3C 44 D3 06 5E 47 0C 1F 80 40 30 C7 D8 ...<D..^G...@0..
0070: 8C 27 FF B9 0C 71 EB D4 31 5C 1F 15 A1 23 6F A2 .'...q..1\...#o.
chain [1] = [
Version: V3
Subject: [email protected], CN=default Employee, OU=default, O="default, Inc.", L=default, ST=AL, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 140862286957037297158683104484469503810921697537964422595574798580128510755934413463045842414762254029728885690233847950678735782281077619629628663140568366247472189890316085560712610474766899389736269383565795688749374256479726939861138704211990111677657317335172626254520371267441364353295155431963634875809
public exponent: 65537
Validity: [From: Tue Sep 12 09:40:32 CDT 2006,
To: Thu Oct 12 09:40:32 CDT 2006]
Issuer: [email protected], CN=default Employee, OU=default, O="default, Inc.", L=default, ST=AL, C=US
SerialNumber: [ f6e3ada8 7dc4004f]
Certificate Extensions: 3
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 2C BC 66 DC 06 BA 62 79 3B 1A 20 92 E0 81 71 A0 ,.f...by;. ...q.
0010: 0D 05 3C 95 ..<.
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 2C BC 66 DC 06 BA 62 79 3B 1A 20 92 E0 81 71 A0 ,.f...by;. ...q.
0010: 0D 05 3C 95 ..<.
[[email protected], CN=default Employee, OU=default, O="default, Inc.", L=default, ST=AL, C=US]
SerialNumber: [ f6e3ada8 7dc4004f]
[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [SHA1withRSA]
Signature:
0000: AB 84 38 1F 7B 71 D8 87 FF 24 DB C2 7E DC D0 0B ..8..q...$......
0010: 60 60 14 A8 F8 D5 46 AD 6B FC 33 90 6F 43 08 17 ``....F.k.3.oC..
0020: AE 2B EE 6C 2B 29 85 E2 A6 67 EE 5D A4 61 F3 9E .+.l+)...g.].a..
0030: E7 CA B1 27 F9 11 36 ED 93 05 7B E1 20 90 57 B5 ...'..6..... .W.
0040: C6 F9 8A 9D 50 CD B3 4A 54 DC 1B 52 EC EA 7A 0B ....P..JT..R..z.
0050: B6 E6 95 FD DD 80 BE 66 F0 77 F4 E7 9A 8A A3 EF .......f.w......
0060: 9B 68 57 0C 9C 4B 4C C0 24 C5 34 16 D3 8E 45 27 .hW..KL.$.4...E'
0070: CA 23 F1 E0 C5 5E FB FB AA 1C 21 6E CB 5B 57 D9 .#...^....!n.[W.
Found trusted certificate:
Version: V3
Subject: [email protected], CN=Employee, OU=default, O="default, Inc.", L=default, ST=AL, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 164546130673614659100546464587508805401937082626997447139358150641653094778762702643605529386963945060462618417820295217144739538713137107756847225226998964727905246706969036839701385553183842454061172884072035749790213037240682893878786969498404371282074360019097248835858617183835587887295684928062301303789
public exponent: 65537
Validity: [From: Tue Sep 12 09:49:12 CDT 2006,
To: Thu Oct 12 09:49:12 CDT 2006]
Issuer: [email protected], CN=default Employee, OU=default, O="default, Inc.", L=default, ST=AL, C=US
SerialNumber: [ b40b909f 74d167ab]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 ....OpenSSL Gene
0010: 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 rated Certificat
0020: 65 e
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: C8 EA 02 93 42 9E 44 D1 55 7D 2D 32 4B 9B 1C 6D ....B.D.U.-2K..m
0010: 63 6B 73 82 cks.
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 2C BC 66 DC 06 BA 62 79 3B 1A 20 92 E0 81 71 A0 ,.f...by;. ...q.
0010: 0D 05 3C 95 ..<.
[[email protected], CN=default Employee, OU=default, O="default, Inc.", L=default, ST=AL, C=US]
SerialNumber: [ f6e3ada8 7dc4004f]
[4]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
Algorithm: [SHA1withRSA]
Signature:
0000: BF 60 5A 67 3E E6 F0 92 4F E4 81 6D 71 0A 2E E8 .`Zg>...O..mq...
0010: F3 59 A1 87 7B D1 3A 7A CB FF D6 39 63 79 B6 82 .Y....:z...9cy..
0020: 2A 22 D0 46 51 30 6B 2A 61 6B A0 4C F0 3B CE 5B *".FQ0k*ak.L.;.[
0030: 9C 1D 46 CB D7 C2 B2 23 E2 A5 06 CD 12 F8 A9 CB ..F....#........
0040: B5 A2 43 B1 06 4C 42 B5 67 F2 DF 50 6B BC 8A 5E ..C..LB.g..Pk..^
0050: 95 0D F3 2A 73 A8 5A C8 55 77 D7 36 74 16 9E 05 ...*s.Z.Uw.6t...
0060: 85 C6 DC 3C 44 D3 06 5E 47 0C 1F 80 40 30 C7 D8 ...<D..^G...@0..
0070: 8C 27 FF B9 0C 71 EB D4 31 5C 1F 15 A1 23 6F A2 .'...q..1\...#o.
Client Thread, READ: TLSv1 Handshake, length = 13
*** CertificateRequest
Cert Types: RSA, DSS,
Cert Authorities:
*** ServerHelloDone
*** Certificate chain
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
Random Secret: { 3, 1, 27, 159, 38, 131, 132, 24, 47, 148, 161, 90, 7, 39, 189, 28, 178, 156, 20, 151, 220, 192, 239, 182, 115, 234, 99, 225, 68, 250, 199, 173, 96, 181, 78, 180, 238, 37, 243, 72, 19, 91, 249, 11, 49, 83, 1, 150 }
Client Thread, WRITE: TLSv1 Handshake, length = 141
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 1B 9F 26 83 84 18 2F 94 A1 5A 07 27 BD 1C ....&.../..Z.'..
0010: B2 9C 14 97 DC C0 EF B6 73 EA 63 E1 44 FA C7 AD ........s.c.D...
0020: 60 B5 4E B4 EE 25 F3 48 13 5B F9 0B 31 53 01 96 `.N..%.H.[..1S..
CONNECTION KEYGEN:
Client Nonce:
0000: 45 09 62 F6 47 C3 B9 2C 56 60 0E 0B AB 4C 69 87 E.b.G..,V`...Li.
0010: 88 72 35 36 89 4B CA FE 70 D0 F0 5B C7 F6 AF CF .r56.K..p..[....
Server Nonce:
0000: 45 09 62 F7 3F 5D 30 49 62 FB A0 D7 3D 6E F6 0C E.b.?]0Ib...=n..
0010: 05 D1 5F C2 98 C1 00 B5 87 1A 96 AE 34 5C 38 FA .._.........4\8.
Master Secret:
0000: 0E 63 38 16 86 A1 84 72 33 2C D7 07 D7 C3 AC E0 .c8....r3,......
0010: AD 5B CD 3B 2E 2A 02 91 1E FE 17 97 4E 3B 56 C3 .[.;.*......N;V.
0020: 5D 0F 7A 99 90 0D 3D 4E 5F 39 C5 EB 6E AD DA 71 ].z...=N_9..n..q
Client MAC write Secret:
0000: 99 32 FA 60 0B 88 36 CD 88 02 D5 4A CA D2 A6 49 .2.`..6....J...I
0010: 69 60 42 B6 i`B.
Server MAC write Secret:
0000: 43 3F 85 72 FB 6D 28 1C BA 1E 8A 26 56 DE 18 FB C?.r.m(....&V...
0010: 01 83 20 7F .. .
Client write key:
0000: 6F 58 29 AB B3 8C F5 75 3C 70 04 DF 9D 01 43 F5 oX)....u<p....C.
Server write key:
0000: 4A D7 E9 63 53 32 78 DF E0 99 89 60 A4 1A 3C E7 J..cS2x....`..<.
Client write IV:
0000: 24 FB 0E 12 AB D2 70 6D 80 B1 B2 BC 78 1A 55 88 $.....pm....x.U.
Server write IV:
0000: E4 75 62 25 46 95 0F 7A 44 16 E2 39 38 AD 29 CD .ub%F..zD..98.).
HawkEye Client Thread, WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
verify_data: { 98, 254, 245, 75, 252, 23, 91, 164, 67, 197, 69, 44 }
Client Thread, WRITE: TLSv1 Handshake, length = 48
Client Thread, READ: TLSv1 Alert, length = 2
Client Thread, RECV TLSv1 ALERT: fatal, handshake_failure
Client Thread, called closeSocket()
Client Thread, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
Error: Received fatal alert: handshake_failure
Thread-4, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
Maybe you are looking for
-
G4 Digital Audio has no sound, screen, or chime on start-up!
It was working just fine then out of the blue it smelled hot and shut down completely in a fraction of a second. I rebooted it and it started up normally until the blue loading line was about 1/2 inch and then it just shut down completely again. So I
-
EPMA Server 11.1.2.2 not starting
Hi All!! I've installed a EPM 11.1.2.2 environment in Windows 2008 Server with Oracle Database 11.2.0.1. The install and configuration was smoothly, but when I start the services the EPMA Server services does no start and I've seen this outut in the
-
Percentage based on the Date and Dimension - WEBI
Hello, I have to calculate percentage based on the Dates and a Dimension. I have BEX Query as source and reporting is done on BOXI - WEBI Here is the table structure in the report. List# , Process01, Process02. List# is unique and Process01-Has 4 ope
-
Macbook Pro not seeing my surround sound interface
I use a PreSonus Firebox interface to output surround sound from Logic 8. It worked fine on my previous computer, a standard MacBook. I recently upgraded to a MacBook Pro and it won't show up in Logic or the computer's own System Preferences. I never
-
Error installing tuxedo12.1.1 32-bit on AIX7.1
I'm getting this error installing Tuxedo12.1.1 on AIX I'm logged in via XTerm to AIX machine. (Used same method/login as when i installed Oracle12c DB client) Is "oui/instImages/images.properties" Not part of my Oracle database install? can I copy f