hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Murat Balkan <mrbal...@gmail.com>
Subject Re: HttpClient SSL Connection Issue
Date Mon, 22 Feb 2016 15:21:03 GMT
>
> Hi,
>
> I have a problem with HttpClient 4.5.1 GA (But all previous versions seems
> to have the same)
>
> When I try to connect to a specific HTTPS site (specifically http://
> so.n11.com) I got  a connection reset error after the handshake is
> finalized. If I try to call the same URL with HttpUrlConnection, I don't
> get any errors. The browsers do not have any problems displaying this site.
>
> I started thinking that this could be a bug but before this I tried my
> chance with the user group without success.
>
> The code I am running is pretty straightforward: The same code works for
> other HTTPS sites(>50)  I tested. The problem can be easily reproduced with
> any version of HttpClient with the provided url.
>
> Thanks a lot for the help,
>
> Code:
>
> SSLConnectionSocketFactory sslConnectionFactory = new
>> SSLConnectionSocketFactory(sslContext,new String[]
>> {"TLSv1","TLSv1.1","TLSv1.2"},null, NoopHostnameVerifier.INSTANCE);
>> Registry<ConnectionSocketFactory> socketFactoryRegistry =
>> RegistryBuilder.<ConnectionSocketFactory>create()
>> .register("http", PlainConnectionSocketFactory.getSocketFactory())
>> .register("https", sslConnectionFactory)
>> .build();
>> PoolingHttpClientConnectionManager cm = new
>> PoolingHttpClientConnectionManager(socketFactoryRegistry);
>> cm.setDefaultMaxPerRoute(1);
>> CloseableHttpClient httpClient = HttpClientBuilder.create().build();
>> HttpGet httpGet = new HttpGet("https://so.n11.com");
>> httpClient.execute(httpGet);
>> System.out.println("I can never reach this point");
>
>
> The exception I am receiving is:
>
> java.net.SocketException: Connection reset
>> at java.net.SocketInputStream.read(Unknown Source)
>> at java.net.SocketInputStream.read(Unknown Source)
>> at sun.security.ssl.InputRecord.readFully(Unknown Source)
>> at sun.security.ssl.InputRecord.read(Unknown Source)
>> at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
>> at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
>> at sun.security.ssl.AppInputStream.read(Unknown Source)
>> at
>> org.apache.http.impl.io.SessionInputBufferImpl.streamRead(SessionInputBufferImpl.java:139)
>> at
>> org.apache.http.impl.io.SessionInputBufferImpl.fillBuffer(SessionInputBufferImpl.java:155)
>> at
>> org.apache.http.impl.io.SessionInputBufferImpl.readLine(SessionInputBufferImpl.java:284)
>> at
>> org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:140)
>> at
>> org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:57)
>> at
>> org.apache.http.impl.io.AbstractMessageParser.parse(AbstractMessageParser.java:261)
>> at
>> org.apache.http.impl.DefaultBHttpClientConnection.receiveResponseHeader(DefaultBHttpClientConnection.java:165)
>> at
>> org.apache.http.impl.conn.CPoolProxy.receiveResponseHeader(CPoolProxy.java:167)
>> at
>> org.apache.http.protocol.HttpRequestExecutor.doReceiveResponse(HttpRequestExecutor.java:272)
>> at
>> org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:124)
>> at
>> org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:271)
>> at
>> org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184)
>> at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88)
>> at
>> org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
>> at
>> org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
>> at
>> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
>> at
>> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
>> at HttpTest.main(HttpTest.java:102)
>
>
>
> My ssl debugged console output, The last line shows where it is crashing.
>
>
> keyStore is :
> keyStore type is : jks
> keyStore provider is :
> init keystore
> init keymanager of type SunX509
> trustStore is: C:\Program Files\Java\jre7\lib\security\cacerts
> trustStore type is : jks
> trustStore provider is :
> init truststore
> adding as trusted cert:
>   Subject: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
>   Issuer:  CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
>   Algorithm: RSA; Serial number: 0x4eb200670c035d4f
>   Valid from Wed Oct 25 04:36:00 EDT 2006 until Sat Oct 25 04:36:00 EDT
> 2036
>
> adding as trusted cert:
>   Subject: EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/,
> OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.",
> L=ValiCert Validation Network
>   Issuer:  EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/,
> OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.",
> L=ValiCert Validation Network
>   Algorithm: RSA; Serial number: 0x1
>   Valid from Fri Jun 25 18:23:48 EDT 1999 until Tue Jun 25 18:23:48 EDT
> 2019
>
> .............other certs are added here.....................
> trigger seeding of SecureRandom
> done seeding SecureRandom
> Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
> Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
> Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
> Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
> Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
> Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
> Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
> Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
> Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
> Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
> Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
> Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
> Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
> Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
> Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
> Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
> Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
> Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
> Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
> Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
> Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
> Allow unsafe renegotiation: true
> Allow legacy hello messages: true
> Is initial handshake: true
> Is secure renegotiation: false
> %% No cached client session
> *** ClientHello, TLSv1
> RandomCookie:  GMT: 1439249216 bytes = { 181, 51, 240, 91, 213, 128, 253,
> 130, 175, 1, 120, 144, 175, 47, 84, 255, 110, 176, 90, 12, 1, 222, 26, 228,
> 217, 253, 204, 183 }
> Session ID:  {}
> Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA,
> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
> TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
> SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
> TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
> SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
> TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA,
> TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA,
> SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
> Compression Methods:  { 0 }
> Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2,
> secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1,
> secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1,
> secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1,
> sect193r2, secp224k1, sect239k1, secp256k1}
> Extension ec_point_formats, formats: [uncompressed]
> Extension server_name, server_name: [host_name: so.n11.com]
> ***
> main, WRITE: TLSv1 Handshake, length = 168
> main, READ: TLSv1 Handshake, length = 81
> *** ServerHello, TLSv1
> RandomCookie:  GMT: -248021780 bytes = { 64, 87, 126, 169, 131, 166, 131,
> 53, 47, 116, 132, 123, 96, 239, 214, 212, 205, 233, 60, 43, 47, 215, 42,
> 241, 70, 71, 193, 163 }
> Session ID:  {160, 223, 84, 38, 21, 14, 47, 17, 44, 4, 143, 239, 27, 88,
> 141, 50, 135, 210, 22, 55, 10, 225, 144, 80, 32, 160, 166, 196, 53, 97,
> 173, 162}
> Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA
> Compression Method: 0
> Extension renegotiation_info, renegotiated_connection: <empty>
> ***
> %% Initialized:  [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]
> ** TLS_RSA_WITH_AES_128_CBC_SHA
> main, READ: TLSv1 Handshake, length = 2811
> *** Certificate chain
> chain [0] = [
> [
>   Version: V3
>   Subject: CN=www.n11.com, O=Dogus Planet Elektronik Ticaret ve Bilisim
> Hizmetleri A.S., OU=Dogus Planet IT, STREET=Resitpasa Mah. ITU Teknokent
> ARI-3 N:4/A-3 Ickapi No:8-9, L=Sariyer, ST=Istanbul, C=TR,
> OID.1.3.6.1.4.1.311.60.2.1.3=TR, SERIALNUMBER=824112, OID.2.5.4.15=Private
> Organization
>   Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
>
>   Key:  Sun RSA public key, 2048 bits
>   modulus:
> 22836644521018276508843000972511360511817142465792577836128935435959156931305947010784223146380337369761698668175134462105224854055862419613719124355757789290179807554826760077516112777710883109860118043817151287493315641961466739474383875608008783365165145348645068516141971909173260212386832124402015304544064531092387299432880310533962291809691804377688097843426102003484673487144027667161121551683699081796612343937318530829213637924448835944079059665915427348484513297817037245931982590522360400125477769611363538194862955227499328393935619714246489467507020716345946541974642275640240250388710544525695289196549
>   public exponent: 65537
>   Validity: [From: Fri Oct 31 04:02:29 EDT 2014,
>                To: Thu Dec 29 06:26:06 EST 2016]
>   Issuer: CN=GlobalSign Extended Validation CA - SHA256 - G2, O=GlobalSign
> nv-sa, C=BE
>   SerialNumber: [    1121bf16 2244ec94 9440daf8 7379f94c b34f]
>
> Certificate Extensions: 9
> [1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
> AuthorityInfoAccess [
>   [
>    accessMethod: caIssuers
>    accessLocation: URIName:
> http://secure.globalsign.com/cacert/gsextendvalsha2g2r2.crt
> ,
>    accessMethod: ocsp
>    accessLocation: URIName: http://ocsp2.globalsign.com/gsextendvalsha2g2
> ]
> ]
>
> [2]: ObjectId: 2.5.29.35 Criticality=false
> AuthorityKeyIdentifier [
> KeyIdentifier [
> 0000: DA 40 77 43 65 1C F8 FE   A7 E3 F4 64 82 3E 4D 43  .@wCe......d.>MC
> 0010: 13 22 31 02                                        ."1.
> ]
> ]
>
> [3]: ObjectId: 2.5.29.19 Criticality=false
> BasicConstraints:[
>   CA:false
>   PathLen: undefined
> ]
>
> [4]: ObjectId: 2.5.29.31 Criticality=false
> CRLDistributionPoints [
>   [DistributionPoint:
>      [URIName: http://crl.globalsign.com/gs/gsextendvalsha2g2.crl]
> ]]
>
> [5]: ObjectId: 2.5.29.32 Criticality=false
> CertificatePolicies [
>   [CertificatePolicyId: [1.3.6.1.4.1.4146.1.1]
> [PolicyQualifierInfo: [
>   qualifierID: 1.3.6.1.5.5.7.2.1
>   qualifier: 0000: 16 26 68 74 74 70 73 3A   2F 2F 77 77 77 2E 67 6C  .&
> https://www.gl
> 0010: 6F 62 61 6C 73 69 67 6E   2E 63 6F 6D 2F 72 65 70  obalsign.com/rep
> 0020: 6F 73 69 74 6F 72 79 2F                            ository/
>
> ]]  ]
> ]
>
> [6]: ObjectId: 2.5.29.37 Criticality=false
> ExtendedKeyUsages [
>   serverAuth
>   clientAuth
> ]
>
> [7]: ObjectId: 2.5.29.15 Criticality=true
> KeyUsage [
>   DigitalSignature
>   Key_Encipherment
> ]
>
>
> [9]: ObjectId: 2.5.29.14 Criticality=false
> SubjectKeyIdentifier [
> KeyIdentifier [
> 0000: 19 9D 52 D4 5D 21 D9 9B   34 AE 69 A7 B4 AE 1D EA  ..R.]!..4.i.....
> 0010: 01 16 93 67                                        ...g
> ]
> ]
>
> ]
>   Algorithm: [SHA256withRSA]
>   Signature:
> 0000: 28 2D 42 BA 57 3C AF 1A   4B E8 97 50 B0 B6 11 06  (-B.W<..K..P....
> 0010: 70 72 92 1A 25 83 F8 21   32 8E A2 7E 38 4F 1E 80  pr..%..!2...8O..
> 0020: 48 25 50 2D E4 C8 AE CB   3B 94 18 DC 00 FE CF CA  H%P-....;.......
> 0030: 6B D5 5F 72 1A 4C FF D1   41 B0 ED E7 49 06 D2 FD  k._r.L..A...I...
> 0040: 9B CA 89 6E 4E 33 2B EE   85 CE A3 AE 5E BA 3B 56  ...nN3+.....^.;V
> 0050: 65 84 5A 43 33 C1 D4 06   6D 4C 98 00 B7 E4 8A 69  e.ZC3...mL.....i
> 0060: B9 56 0B 3F FA A6 BD 19   C9 FB CC 30 AB 4F 1E 9C  .V.?.......0.O..
> 0070: 0A 6C E8 4B DA B6 26 B2   20 81 1C 16 74 AD 34 A7  .l.K..&. ...t.4.
> 0080: 8C D6 E4 60 19 8F 41 9E   2C 1C 9A 21 0D F7 62 39  ...`..A.,..!..b9
> 0090: 10 A0 4F 2E 18 70 70 60   00 88 C1 F8 6C 3B 0C 68  ..O..pp`....l;.h
> 00A0: 62 5C FD 5E 35 51 A8 3D   C7 D5 BF 78 03 A8 74 1A  b\.^5Q.=...x..t.
> 00B0: FB 6B 50 A0 36 42 16 36   3C 5B CD 60 38 08 06 6A  .kP.6B.6<[.`8..j
> 00C0: AA 67 B7 D4 E6 7A 8B 6B   77 6B 05 67 D1 88 68 0E  .g...z.kwk.g..h.
> 00D0: 88 62 76 83 20 18 2F 72   DD 91 91 13 55 53 5A FC  .bv. ./r....USZ.
> 00E0: 82 E9 1E FB DF F1 5F AE   C6 04 DB 45 69 0B 04 38  ......_....Ei..8
> 00F0: 75 BD ED 0D 1F AE 6B 6D   1E EA 0E 1C 6F 42 4C 25  u.....km....oBL%
>
> ]
> chain [1] = [
> [
>   Version: V3
>   Subject: CN=GlobalSign Extended Validation CA - SHA256 - G2,
> O=GlobalSign nv-sa, C=BE
>   Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
>
>   Key:  Sun RSA public key, 2048 bits
>   modulus:
> 20692545121192705092405399875689416275597327546962973690741146883608321881781548932874259264607405405821919372397851572311930571962344287019261678681503760836519538358426465125953767433400572674072012145502030347174099865398052927036123107330917599170883590029311075000964745788613042980084055476636747733880637074492577425731573013081070696586930500469603621400721003820193820122061857579582118659259010126818383230058089163517313498544019626528673455603854715135869762703162961091666004266797443259485594287862070970208959708347187322803241694112144804033788054120679393348853865967461591910068386373642566288179927
>   public exponent: 65537
>   Validity: [From: Thu Feb 20 05:00:00 EST 2014,
>                To: Wed Dec 15 03:00:00 EST 2021]
>   Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
>   SerialNumber: [    04000000 0001444e f04a55]
>
> Certificate Extensions: 7
> [1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
> AuthorityInfoAccess [
>   [
>    accessMethod: ocsp
>    accessLocation: URIName: http://ocsp.globalsign.com/rootr2
> ]
> ]
>
> [2]: ObjectId: 2.5.29.35 Criticality=false
> AuthorityKeyIdentifier [
> KeyIdentifier [
> 0000: 9B E2 07 57 67 1C 1E C0   6A 06 DE 59 B4 9A 2D DF  ...Wg...j..Y..-.
> 0010: DC 19 86 2E                                        ....
> ]
> ]
>
> [3]: ObjectId: 2.5.29.19 Criticality=true
> BasicConstraints:[
>   CA:true
>   PathLen:0
> ]
>
> [4]: ObjectId: 2.5.29.31 Criticality=false
> CRLDistributionPoints [
>   [DistributionPoint:
>      [URIName: http://crl.globalsign.net/root-r2.crl]
> ]]
>
> [5]: ObjectId: 2.5.29.32 Criticality=false
> CertificatePolicies [
>   [CertificatePolicyId: [2.5.29.32.0]
> [PolicyQualifierInfo: [
>   qualifierID: 1.3.6.1.5.5.7.2.1
>   qualifier: 0000: 16 26 68 74 74 70 73 3A   2F 2F 77 77 77 2E 67 6C  .&
> https://www.gl
> 0010: 6F 62 61 6C 73 69 67 6E   2E 63 6F 6D 2F 72 65 70  obalsign.com/rep
> 0020: 6F 73 69 74 6F 72 79 2F                            ository/
>
> ]]  ]
> ]
>
> [6]: ObjectId: 2.5.29.15 Criticality=true
> KeyUsage [
>   Key_CertSign
>   Crl_Sign
> ]
>
> [7]: ObjectId: 2.5.29.14 Criticality=false
> SubjectKeyIdentifier [
> KeyIdentifier [
> 0000: DA 40 77 43 65 1C F8 FE   A7 E3 F4 64 82 3E 4D 43  .@wCe......d.>MC
> 0010: 13 22 31 02                                        ."1.
> ]
> ]
>
> ]
>   Algorithm: [SHA256withRSA]
>   Signature:
> 0000: 40 EF 12 90 83 74 96 8A   F9 3A BA 9B 59 4A 33 D3  @....t...:..YJ3.
> 0010: EF 4C 13 2B B5 91 CB C9   96 ED 6E F5 6C 64 F1 C6  .L.+......n.ld..
> 0020: 84 B2 46 59 5A 58 82 52   F1 34 A0 54 41 64 20 AB  ..FYZX.R.4.TAd .
> 0030: D8 57 3B D4 14 74 71 18   36 CC 13 C1 C7 70 C0 F5  .W;..tq.6....p..
> 0040: 45 66 0E 71 AE 87 AF 92   94 EB 71 40 09 F4 CC 77  Ef.q......q@...w
> 0050: F7 1B 93 85 8A 4A AE 33   85 E6 74 AE F5 10 A6 3E  .....J.3..t....>
> 0060: C9 59 83 C3 F9 5C 96 F9   28 F7 34 7B E9 38 C6 91  .Y...\..(.4..8..
> 0070: 3C 4F 71 58 75 FE E1 56   75 76 CD 40 C4 15 40 39  <OqXu..Vuv.@..@9
> 0080: A9 41 FD 64 10 0F 97 85   07 E8 79 64 D0 5B 4D 4C  .A.d......yd.[ML
> 0090: 9B 27 97 D3 73 5E 92 7E   1F 48 E2 CA B9 05 97 4E  .'..s^...H.....N
> 00A0: EF 2C 1C 6B 4D 8A 5F 78   53 95 CD 02 39 C2 2F E6  .,.kM._xS...9./.
> 00B0: 69 4F F6 71 D1 99 B5 7F   6D 20 DE 43 8F DB 00 1B  iO.q....m .C....
> 00C0: A3 3B 37 DE D1 3F 6D F3   B6 90 76 1D AC 9D 6F 84  .;7..?m...v...o.
> 00D0: 4F 24 94 09 76 E0 9D A8   4D F7 4D 37 8F A4 2F 5F  O$..v...M.M7../_
> 00E0: 4B 41 E4 49 16 97 CC 7B   6C AF 11 CA 96 54 09 8B  KA.I....l....T..
> 00F0: 24 51 AE 5D ED A2 F1 BB   53 10 4D 97 FA 1A 77 03  $Q.]....S.M...w.
>
> ]
> ***
> Found trusted certificate:
> [
> [
>   Version: V3
>   Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
>   Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
>
>   Key:  Sun RSA public key, 2048 bits
>   modulus:
> 21057703584475184807565557524537816321491861642060041763647257260224980509300477196924243590718942686590709107534863816871998744486217397041943036790668349398596465655712023148303173173625617456109014852791089527884590320201838663822684972532489783525944263241117811947512306928924706019699374824809368116805968844700689553244922646662031817428598871924656385681991340984751484716908148967287908171187321560857250025694833777855463632395686856225456740364321799926634676042609958611723658984406384068047734580405304178873193147583468071249577706812402337331306461396767845742998827081874578148453783909473879293336463
>   public exponent: 65537
>   Validity: [From: Fri Dec 15 03:00:00 EST 2006,
>                To: Wed Dec 15 03:00:00 EST 2021]
>   Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
>   SerialNumber: [    04000000 00010f86 26e60d]
>
> Certificate Extensions: 5
> [1]: ObjectId: 2.5.29.35 Criticality=false
> AuthorityKeyIdentifier [
> KeyIdentifier [
> 0000: 9B E2 07 57 67 1C 1E C0   6A 06 DE 59 B4 9A 2D DF  ...Wg...j..Y..-.
> 0010: DC 19 86 2E                                        ....
> ]
> ]
>
> [2]: ObjectId: 2.5.29.19 Criticality=true
> BasicConstraints:[
>   CA:true
>   PathLen:2147483647
> ]
>
> [3]: ObjectId: 2.5.29.31 Criticality=false
> CRLDistributionPoints [
>   [DistributionPoint:
>      [URIName: http://crl.globalsign.net/root-r2.crl]
> ]]
>
> [4]: ObjectId: 2.5.29.15 Criticality=true
> KeyUsage [
>   Key_CertSign
>   Crl_Sign
> ]
>
> [5]: ObjectId: 2.5.29.14 Criticality=false
> SubjectKeyIdentifier [
> KeyIdentifier [
> 0000: 9B E2 07 57 67 1C 1E C0   6A 06 DE 59 B4 9A 2D DF  ...Wg...j..Y..-.
> 0010: DC 19 86 2E                                        ....
> ]
> ]
>
> ]
>   Algorithm: [SHA1withRSA]
>   Signature:
> 0000: 99 81 53 87 1C 68 97 86   91 EC E0 4A B8 44 0B AB  ..S..h.....J.D..
> 0010: 81 AC 27 4F D6 C1 B8 1C   43 78 B3 0C 9A FC EA 2C  ..'O....Cx.....,
> 0020: 3C 6E 61 1B 4D 4B 29 F5   9F 05 1D 26 C1 B8 E9 83  <na.MK)....&....
> 0030: 00 62 45 B6 A9 08 93 B9   A9 33 4B 18 9A C2 F8 87  .bE......3K.....
> 0040: 88 4E DB DD 71 34 1A C1   54 DA 46 3F E0 D3 2A AB  .N..q4..T.F?..*.
> 0050: 6D 54 22 F5 3A 62 CD 20   6F BA 29 89 D7 DD 91 EE  mT".:b. o.).....
> 0060: D3 5C A2 3E A1 5B 41 F5   DF E5 64 43 2D E9 D5 39  .\.>.[A...dC-..9
> 0070: AB D2 A2 DF B7 8B D0 C0   80 19 1C 45 C0 2D 8C E8  ...........E.-..
> 0080: F8 2D A4 74 56 49 C5 05   B5 4F 15 DE 6E 44 78 39  .-.tVI...O..nDx9
> 0090: 87 A8 7E BB F3 79 18 91   BB F4 6F 9D C1 F0 8C 35  .....y....o....5
> 00A0: 8C 5D 01 FB C3 6D B9 EF   44 6D 79 46 31 7E 0A FE  .]...m..DmyF1...
> 00B0: A9 82 C1 FF EF AB 6E 20   C4 50 C9 5F 9D 4D 9B 17  ......n .P._.M..
> 00C0: 8C 0C E5 01 C9 A0 41 6A   73 53 FA A5 50 B4 6E 25  ......AjsS..P.n%
> 00D0: 0F FB 4C 18 F4 FD 52 D9   8E 69 B1 E8 11 0F DE 88  ..L...R..i......
> 00E0: D8 FB 1D 49 F7 AA DE 95   CF 20 78 C2 60 12 DB 25  ...I..... x.`..%
> 00F0: 40 8C 6A FC 7E 42 38 40   64 12 F7 9E 81 E1 93 2E  @.j..B8@d.......
>
> ]
> main, READ: TLSv1 Handshake, length = 4
> *** ServerHelloDone
> *** ClientKeyExchange, RSA PreMasterSecret, TLSv1
> main, WRITE: TLSv1 Handshake, length = 262
> SESSION KEYGEN:
> PreMaster Secret:
> 0000: 03 01 21 B5 D6 C8 83 20   13 CE 9D 81 F5 A8 8A 41  ..!.... .......A
> 0010: DF 7C 00 1F DC 55 1E 03   F5 B9 A6 AE FE F5 EF 8F  .....U..........
> 0020: D8 30 2C 83 3C 66 40 9E   D2 EF 06 88 16 AB 4F 87  .0,.<f@.......O.
> CONNECTION KEYGEN:
> Client Nonce:
> 0000: 56 C9 33 40 B5 33 F0 5B   D5 80 FD 82 AF 01 78 90  V.3@.3.[......x.
> 0010: AF 2F 54 FF 6E B0 5A 0C   01 DE 1A E4 D9 FD CC B7  ./T.n.Z.........
> Server Nonce:
> 0000: F1 37 7D EC 40 57 7E A9   83 A6 83 35 2F 74 84 7B  .7..@W.....5/t..
> 0010: 60 EF D6 D4 CD E9 3C 2B   2F D7 2A F1 46 47 C1 A3  `.....<+/.*.FG..
> Master Secret:
> 0000: 6D 69 DA AA B3 B5 32 CB   23 3A 65 0E B9 82 0D A0  mi....2.#:e.....
> 0010: F1 BA CC 1D 5C 40 AE 40   5F A2 C5 93 4D 1A A0 4E  ....\@.@_...M..N
> 0020: A0 87 22 6E FF D9 64 05   8F 92 EF 8D AE 07 49 54  .."n..d.......IT
> Client MAC write Secret:
> 0000: C8 43 0C 40 43 8B B0 CE   7A 2F 0E 1F 03 D3 54 B8  .C.@C...z/....T.
> 0010: DE 34 8F 90                                        .4..
> Server MAC write Secret:
> 0000: 6E 93 C2 22 EA EF 6B 2D   28 E1 65 8E 34 48 32 1E  n.."..k-(.e.4H2.
> 0010: 95 21 57 ED                                        .!W.
> Client write key:
> 0000: AE 53 70 D1 87 6C 8B 09   E0 17 84 19 F1 6E 48 47  .Sp..l.......nHG
> Server write key:
> 0000: 27 4C EC 7F 63 08 FA EA   47 FB 1C F3 05 90 D3 9E  'L..c...G.......
> Client write IV:
> 0000: CD FC 9B 82 6C 44 5E 83   FF 64 B1 B8 E1 76 87 97  ....lD^..d...v..
> Server write IV:
> 0000: 4F 4B 7D D1 22 0F 57 1A   87 8D 67 51 F1 95 87 EA  OK..".W...gQ....
> main, WRITE: TLSv1 Change Cipher Spec, length = 1
> *** Finished
> verify_data:  { 102, 197, 238, 191, 74, 233, 79, 51, 129, 63, 254, 62 }
> ***
> main, WRITE: TLSv1 Handshake, length = 48
> main, READ: TLSv1 Change Cipher Spec, length = 1
> main, READ: TLSv1 Handshake, length = 48
> *** Finished
> verify_data:  { 126, 240, 234, 164, 31, 72, 200, 61, 37, 219, 129, 50 }
> ***
> %% Cached client session: [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]
> main, WRITE: TLSv1 Application Data, length = 176
> main, handling exception: java.net.SocketException: Connection reset
> %% Invalidated:  [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]
> main, SEND TLSv1 ALERT:  fatal, description = unexpected_message
> main, WRITE: TLSv1 Alert, length = 32
> main, Exception sending alert: java.net.SocketException: Connection reset
> by peer: socket write error
> main, called closeSocket()
> main, called close()
> main, called closeInternal(true)
>
>
>


-- 
Murat Balkan

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message