hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Murat Balkan <mrbal...@gmail.com>
Subject Re: HttpClient SSL Connection Issue
Date Sun, 21 Feb 2016 18:08:17 GMT
How should i force it to use the correct chipher. I dont know why
HttpUrlConnection is working fine but the apache fails.
On Feb 21, 2016 12:12 PM, "Oleg Kalnichevski" <olegk@apache.org> wrote:

> On Sat, 2016-02-20 at 22:51 -0500, Murat Balkan wrote:
> > Hi,
> >
> > I have a problem with HttpClient. (All versions, seems to have the same)
> >
> > When I try to connect an Https site (specifically so.n11.com) I got  a
> > connection reset error after the handshake is finalized. If I try to call
> > the same URL with HttpUrlConnection, I dont get any errors. The browsers
> do
> > not have any problems displaying this site.
> >
> > I started thinking that this could be a bug, or I am doing something
> wrong.
> > I hope somebody can recognize this issue.
> >
> >
> > The code I am running is pretty straightforward: The same code works for
> > other HTTPS sites I tested.
> >
> > SSLConnectionSocketFactory sslConnectionFactory = new
> > > SSLConnectionSocketFactory(sslContext,new String[]
> > > {"TLSv1","TLSv1.1","TLSv1.2"},null, NoopHostnameVerifier.INSTANCE);
> > > Registry<ConnectionSocketFactory> socketFactoryRegistry =
> > > RegistryBuilder.<ConnectionSocketFactory>create()
> > > .register("http", PlainConnectionSocketFactory.getSocketFactory())
> > > .register("https", sslConnectionFactory)
> > > .build();
> > > PoolingHttpClientConnectionManager cm = new
> > > PoolingHttpClientConnectionManager(socketFactoryRegistry);
> > > cm.setDefaultMaxPerRoute(1);
> > > CloseableHttpClient httpClient = HttpClientBuilder.create().build();
> > > HttpGet httpGet = new HttpGet("https://so.n11.com");
> > > httpClient.execute(httpGet);
> > > System.out.println("I can never reach this point");
> >
> >
> >
> > The exception I am receiving is:
> >
> > java.net.SocketException: Connection reset
> > > at java.net.SocketInputStream.read(Unknown Source)
> > > at java.net.SocketInputStream.read(Unknown Source)
> > > at sun.security.ssl.InputRecord.readFully(Unknown Source)
> > > at sun.security.ssl.InputRecord.read(Unknown Source)
> > > at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
> > > at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
> > > at sun.security.ssl.AppInputStream.read(Unknown Source)
> > > at
> > >
> org.apache.http.impl.io.SessionInputBufferImpl.streamRead(SessionInputBufferImpl.java:139)
> > > at
> > >
> org.apache.http.impl.io.SessionInputBufferImpl.fillBuffer(SessionInputBufferImpl.java:155)
> > > at
> > >
> org.apache.http.impl.io.SessionInputBufferImpl.readLine(SessionInputBufferImpl.java:284)
> > > at
> > >
> org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:140)
> > > at
> > >
> org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:57)
> > > at
> > >
> org.apache.http.impl.io.AbstractMessageParser.parse(AbstractMessageParser.java:261)
> > > at
> > >
> org.apache.http.impl.DefaultBHttpClientConnection.receiveResponseHeader(DefaultBHttpClientConnection.java:165)
> > > at
> > >
> org.apache.http.impl.conn.CPoolProxy.receiveResponseHeader(CPoolProxy.java:167)
> > > at
> > >
> org.apache.http.protocol.HttpRequestExecutor.doReceiveResponse(HttpRequestExecutor.java:272)
> > > at
> > >
> org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:124)
> > > at
> > >
> org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:271)
> > > at
> > >
> org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184)
> > > at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88)
> > > at
> > >
> org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
> > > at
> > >
> org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
> > > at
> > >
> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
> > > at
> > >
> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
> > > at HttpTest.main(HttpTest.java:102)
> >
> >
> >
> > My ssl debugged console output, The last line shows where it is crashing.
> >
> >
> > keyStore is :
> > keyStore type is : jks
> > keyStore provider is :
> > init keystore
> > init keymanager of type SunX509
> > trustStore is: C:\Program Files\Java\jre7\lib\security\cacerts
> > trustStore type is : jks
> > trustStore provider is :
> > init truststore
> > adding as trusted cert:
> >   Subject: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
> >   Issuer:  CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
> >   Algorithm: RSA; Serial number: 0x4eb200670c035d4f
> >   Valid from Wed Oct 25 04:36:00 EDT 2006 until Sat Oct 25 04:36:00 EDT
> 2036
> >
> > adding as trusted cert:
> >   Subject: EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/,
> > OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.",
> > L=ValiCert Validation Network
> >   Issuer:  EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/,
> > OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.",
> > L=ValiCert Validation Network
> >   Algorithm: RSA; Serial number: 0x1
> >   Valid from Fri Jun 25 18:23:48 EDT 1999 until Tue Jun 25 18:23:48 EDT
> 2019
> >
> > .............other certs are added here.....................
> > trigger seeding of SecureRandom
> > done seeding SecureRandom
> > Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
> > Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
> > Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
> > Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
> > Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
> > Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
> > Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
> > Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
> > Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
> > Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
> > Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
> > Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
> > Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
> > Ignoring unsupported cipher suite:
> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
> > Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
> > Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
> > Ignoring unsupported cipher suite:
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
> > Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
> > Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
> > Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
> > Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
> > Allow unsafe renegotiation: true
> > Allow legacy hello messages: true
> > Is initial handshake: true
> > Is secure renegotiation: false
> > %% No cached client session
> > *** ClientHello, TLSv1
> > RandomCookie:  GMT: 1439249216 bytes = { 181, 51, 240, 91, 213, 128, 253,
> > 130, 175, 1, 120, 144, 175, 47, 84, 255, 110, 176, 90, 12, 1, 222, 26,
> 228,
> > 217, 253, 204, 183 }
> > Session ID:  {}
> > Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
> > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA,
> > TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
> > TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
> > TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
> TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
> > SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
> > TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
> > SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
> > TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA,
> > TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA,
> > SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
> > Compression Methods:  { 0 }
> > Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2,
> > secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1,
> > secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1,
> > secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1,
> > sect193r2, secp224k1, sect239k1, secp256k1}
> > Extension ec_point_formats, formats: [uncompressed]
> > Extension server_name, server_name: [host_name: so.n11.com]
> > ***
> > main, WRITE: TLSv1 Handshake, length = 168
> > main, READ: TLSv1 Handshake, length = 81
> > *** ServerHello, TLSv1
> > RandomCookie:  GMT: -248021780 bytes = { 64, 87, 126, 169, 131, 166, 131,
> > 53, 47, 116, 132, 123, 96, 239, 214, 212, 205, 233, 60, 43, 47, 215, 42,
> > 241, 70, 71, 193, 163 }
> > Session ID:  {160, 223, 84, 38, 21, 14, 47, 17, 44, 4, 143, 239, 27, 88,
> > 141, 50, 135, 210, 22, 55, 10, 225, 144, 80, 32, 160, 166, 196, 53, 97,
> > 173, 162}
> > Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA
> > Compression Method: 0
> > Extension renegotiation_info, renegotiated_connection: <empty>
> > ***
> > %% Initialized:  [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]
> > ** TLS_RSA_WITH_AES_128_CBC_SHA
> > main, READ: TLSv1 Handshake, length = 2811
> > *** Certificate chain
> > chain [0] = [
> > [
> >   Version: V3
> >   Subject: CN=www.n11.com, O=Dogus Planet Elektronik Ticaret ve Bilisim
> > Hizmetleri A.S., OU=Dogus Planet IT, STREET=Resitpasa Mah. ITU Teknokent
> > ARI-3 N:4/A-3 Ickapi No:8-9, L=Sariyer, ST=Istanbul, C=TR,
> > OID.1.3.6.1.4.1.311.60.2.1.3=TR, SERIALNUMBER=824112,
> OID.2.5.4.15=Private
> > Organization
> >   Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
> >
> >   Key:  Sun RSA public key, 2048 bits
> >   modulus:
> >
> 22836644521018276508843000972511360511817142465792577836128935435959156931305947010784223146380337369761698668175134462105224854055862419613719124355757789290179807554826760077516112777710883109860118043817151287493315641961466739474383875608008783365165145348645068516141971909173260212386832124402015304544064531092387299432880310533962291809691804377688097843426102003484673487144027667161121551683699081796612343937318530829213637924448835944079059665915427348484513297817037245931982590522360400125477769611363538194862955227499328393935619714246489467507020716345946541974642275640240250388710544525695289196549
> >   public exponent: 65537
> >   Validity: [From: Fri Oct 31 04:02:29 EDT 2014,
> >                To: Thu Dec 29 06:26:06 EST 2016]
> >   Issuer: CN=GlobalSign Extended Validation CA - SHA256 - G2,
> O=GlobalSign
> > nv-sa, C=BE
> >   SerialNumber: [    1121bf16 2244ec94 9440daf8 7379f94c b34f]
> >
> > Certificate Extensions: 9
> > [1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
> > AuthorityInfoAccess [
> >   [
> >    accessMethod: caIssuers
> >    accessLocation: URIName:
> > http://secure.globalsign.com/cacert/gsextendvalsha2g2r2.crt
> > ,
> >    accessMethod: ocsp
> >    accessLocation: URIName:
> http://ocsp2.globalsign.com/gsextendvalsha2g2
> > ]
> > ]
> >
> > [2]: ObjectId: 2.5.29.35 Criticality=false
> > AuthorityKeyIdentifier [
> > KeyIdentifier [
> > 0000: DA 40 77 43 65 1C F8 FE   A7 E3 F4 64 82 3E 4D 43  .@wCe......d.>MC
> > 0010: 13 22 31 02                                        ."1.
> > ]
> > ]
> >
> > [3]: ObjectId: 2.5.29.19 Criticality=false
> > BasicConstraints:[
> >   CA:false
> >   PathLen: undefined
> > ]
> >
> > [4]: ObjectId: 2.5.29.31 Criticality=false
> > CRLDistributionPoints [
> >   [DistributionPoint:
> >      [URIName: http://crl.globalsign.com/gs/gsextendvalsha2g2.crl]
> > ]]
> >
> > [5]: ObjectId: 2.5.29.32 Criticality=false
> > CertificatePolicies [
> >   [CertificatePolicyId: [1.3.6.1.4.1.4146.1.1]
> > [PolicyQualifierInfo: [
> >   qualifierID: 1.3.6.1.5.5.7.2.1
> >   qualifier: 0000: 16 26 68 74 74 70 73 3A   2F 2F 77 77 77 2E 67 6C  .&
> > https://www.gl
> > 0010: 6F 62 61 6C 73 69 67 6E   2E 63 6F 6D 2F 72 65 70
> obalsign.com/rep
> > 0020: 6F 73 69 74 6F 72 79 2F                            ository/
> >
> > ]]  ]
> > ]
> >
> > [6]: ObjectId: 2.5.29.37 Criticality=false
> > ExtendedKeyUsages [
> >   serverAuth
> >   clientAuth
> > ]
> >
> > [7]: ObjectId: 2.5.29.15 Criticality=true
> > KeyUsage [
> >   DigitalSignature
> >   Key_Encipherment
> > ]
> >
> >
> > [9]: ObjectId: 2.5.29.14 Criticality=false
> > SubjectKeyIdentifier [
> > KeyIdentifier [
> > 0000: 19 9D 52 D4 5D 21 D9 9B   34 AE 69 A7 B4 AE 1D EA  ..R.]!..4.i.....
> > 0010: 01 16 93 67                                        ...g
> > ]
> > ]
> >
> > ]
> >   Algorithm: [SHA256withRSA]
> >   Signature:
> > 0000: 28 2D 42 BA 57 3C AF 1A   4B E8 97 50 B0 B6 11 06  (-B.W<..K..P....
> > 0010: 70 72 92 1A 25 83 F8 21   32 8E A2 7E 38 4F 1E 80  pr..%..!2...8O..
> > 0020: 48 25 50 2D E4 C8 AE CB   3B 94 18 DC 00 FE CF CA  H%P-....;.......
> > 0030: 6B D5 5F 72 1A 4C FF D1   41 B0 ED E7 49 06 D2 FD  k._r.L..A...I...
> > 0040: 9B CA 89 6E 4E 33 2B EE   85 CE A3 AE 5E BA 3B 56  ...nN3+.....^.;V
> > 0050: 65 84 5A 43 33 C1 D4 06   6D 4C 98 00 B7 E4 8A 69  e.ZC3...mL.....i
> > 0060: B9 56 0B 3F FA A6 BD 19   C9 FB CC 30 AB 4F 1E 9C  .V.?.......0.O..
> > 0070: 0A 6C E8 4B DA B6 26 B2   20 81 1C 16 74 AD 34 A7  .l.K..&. ...t.4.
> > 0080: 8C D6 E4 60 19 8F 41 9E   2C 1C 9A 21 0D F7 62 39  ...`..A.,..!..b9
> > 0090: 10 A0 4F 2E 18 70 70 60   00 88 C1 F8 6C 3B 0C 68  ..O..pp`....l;.h
> > 00A0: 62 5C FD 5E 35 51 A8 3D   C7 D5 BF 78 03 A8 74 1A  b\.^5Q.=...x..t.
> > 00B0: FB 6B 50 A0 36 42 16 36   3C 5B CD 60 38 08 06 6A  .kP.6B.6<[.`8..j
> > 00C0: AA 67 B7 D4 E6 7A 8B 6B   77 6B 05 67 D1 88 68 0E  .g...z.kwk.g..h.
> > 00D0: 88 62 76 83 20 18 2F 72   DD 91 91 13 55 53 5A FC  .bv. ./r....USZ.
> > 00E0: 82 E9 1E FB DF F1 5F AE   C6 04 DB 45 69 0B 04 38  ......_....Ei..8
> > 00F0: 75 BD ED 0D 1F AE 6B 6D   1E EA 0E 1C 6F 42 4C 25  u.....km....oBL%
> >
> > ]
> > chain [1] = [
> > [
> >   Version: V3
> >   Subject: CN=GlobalSign Extended Validation CA - SHA256 - G2,
> O=GlobalSign
> > nv-sa, C=BE
> >   Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
> >
> >   Key:  Sun RSA public key, 2048 bits
> >   modulus:
> >
> 20692545121192705092405399875689416275597327546962973690741146883608321881781548932874259264607405405821919372397851572311930571962344287019261678681503760836519538358426465125953767433400572674072012145502030347174099865398052927036123107330917599170883590029311075000964745788613042980084055476636747733880637074492577425731573013081070696586930500469603621400721003820193820122061857579582118659259010126818383230058089163517313498544019626528673455603854715135869762703162961091666004266797443259485594287862070970208959708347187322803241694112144804033788054120679393348853865967461591910068386373642566288179927
> >   public exponent: 65537
> >   Validity: [From: Thu Feb 20 05:00:00 EST 2014,
> >                To: Wed Dec 15 03:00:00 EST 2021]
> >   Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
> >   SerialNumber: [    04000000 0001444e f04a55]
> >
> > Certificate Extensions: 7
> > [1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
> > AuthorityInfoAccess [
> >   [
> >    accessMethod: ocsp
> >    accessLocation: URIName: http://ocsp.globalsign.com/rootr2
> > ]
> > ]
> >
> > [2]: ObjectId: 2.5.29.35 Criticality=false
> > AuthorityKeyIdentifier [
> > KeyIdentifier [
> > 0000: 9B E2 07 57 67 1C 1E C0   6A 06 DE 59 B4 9A 2D DF  ...Wg...j..Y..-.
> > 0010: DC 19 86 2E                                        ....
> > ]
> > ]
> >
> > [3]: ObjectId: 2.5.29.19 Criticality=true
> > BasicConstraints:[
> >   CA:true
> >   PathLen:0
> > ]
> >
> > [4]: ObjectId: 2.5.29.31 Criticality=false
> > CRLDistributionPoints [
> >   [DistributionPoint:
> >      [URIName: http://crl.globalsign.net/root-r2.crl]
> > ]]
> >
> > [5]: ObjectId: 2.5.29.32 Criticality=false
> > CertificatePolicies [
> >   [CertificatePolicyId: [2.5.29.32.0]
> > [PolicyQualifierInfo: [
> >   qualifierID: 1.3.6.1.5.5.7.2.1
> >   qualifier: 0000: 16 26 68 74 74 70 73 3A   2F 2F 77 77 77 2E 67 6C  .&
> > https://www.gl
> > 0010: 6F 62 61 6C 73 69 67 6E   2E 63 6F 6D 2F 72 65 70
> obalsign.com/rep
> > 0020: 6F 73 69 74 6F 72 79 2F                            ository/
> >
> > ]]  ]
> > ]
> >
> > [6]: ObjectId: 2.5.29.15 Criticality=true
> > KeyUsage [
> >   Key_CertSign
> >   Crl_Sign
> > ]
> >
> > [7]: ObjectId: 2.5.29.14 Criticality=false
> > SubjectKeyIdentifier [
> > KeyIdentifier [
> > 0000: DA 40 77 43 65 1C F8 FE   A7 E3 F4 64 82 3E 4D 43  .@wCe......d.>MC
> > 0010: 13 22 31 02                                        ."1.
> > ]
> > ]
> >
> > ]
> >   Algorithm: [SHA256withRSA]
> >   Signature:
> > 0000: 40 EF 12 90 83 74 96 8A   F9 3A BA 9B 59 4A 33 D3  @....t...:..YJ3.
> > 0010: EF 4C 13 2B B5 91 CB C9   96 ED 6E F5 6C 64 F1 C6  .L.+......n.ld..
> > 0020: 84 B2 46 59 5A 58 82 52   F1 34 A0 54 41 64 20 AB  ..FYZX.R.4.TAd .
> > 0030: D8 57 3B D4 14 74 71 18   36 CC 13 C1 C7 70 C0 F5  .W;..tq.6....p..
> > 0040: 45 66 0E 71 AE 87 AF 92   94 EB 71 40 09 F4 CC 77  Ef.q......q@
> ...w
> > 0050: F7 1B 93 85 8A 4A AE 33   85 E6 74 AE F5 10 A6 3E  .....J.3..t....>
> > 0060: C9 59 83 C3 F9 5C 96 F9   28 F7 34 7B E9 38 C6 91  .Y...\..(.4..8..
> > 0070: 3C 4F 71 58 75 FE E1 56   75 76 CD 40 C4 15 40 39  <OqXu..Vuv.@
> ..@9
> > 0080: A9 41 FD 64 10 0F 97 85   07 E8 79 64 D0 5B 4D 4C  .A.d......yd.[ML
> > 0090: 9B 27 97 D3 73 5E 92 7E   1F 48 E2 CA B9 05 97 4E  .'..s^...H.....N
> > 00A0: EF 2C 1C 6B 4D 8A 5F 78   53 95 CD 02 39 C2 2F E6  .,.kM._xS...9./.
> > 00B0: 69 4F F6 71 D1 99 B5 7F   6D 20 DE 43 8F DB 00 1B  iO.q....m .C....
> > 00C0: A3 3B 37 DE D1 3F 6D F3   B6 90 76 1D AC 9D 6F 84  .;7..?m...v...o.
> > 00D0: 4F 24 94 09 76 E0 9D A8   4D F7 4D 37 8F A4 2F 5F  O$..v...M.M7../_
> > 00E0: 4B 41 E4 49 16 97 CC 7B   6C AF 11 CA 96 54 09 8B  KA.I....l....T..
> > 00F0: 24 51 AE 5D ED A2 F1 BB   53 10 4D 97 FA 1A 77 03  $Q.]....S.M...w.
> >
> > ]
> > ***
> > Found trusted certificate:
> > [
> > [
> >   Version: V3
> >   Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
> >   Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
> >
> >   Key:  Sun RSA public key, 2048 bits
> >   modulus:
> >
> 21057703584475184807565557524537816321491861642060041763647257260224980509300477196924243590718942686590709107534863816871998744486217397041943036790668349398596465655712023148303173173625617456109014852791089527884590320201838663822684972532489783525944263241117811947512306928924706019699374824809368116805968844700689553244922646662031817428598871924656385681991340984751484716908148967287908171187321560857250025694833777855463632395686856225456740364321799926634676042609958611723658984406384068047734580405304178873193147583468071249577706812402337331306461396767845742998827081874578148453783909473879293336463
> >   public exponent: 65537
> >   Validity: [From: Fri Dec 15 03:00:00 EST 2006,
> >                To: Wed Dec 15 03:00:00 EST 2021]
> >   Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
> >   SerialNumber: [    04000000 00010f86 26e60d]
> >
> > Certificate Extensions: 5
> > [1]: ObjectId: 2.5.29.35 Criticality=false
> > AuthorityKeyIdentifier [
> > KeyIdentifier [
> > 0000: 9B E2 07 57 67 1C 1E C0   6A 06 DE 59 B4 9A 2D DF  ...Wg...j..Y..-.
> > 0010: DC 19 86 2E                                        ....
> > ]
> > ]
> >
> > [2]: ObjectId: 2.5.29.19 Criticality=true
> > BasicConstraints:[
> >   CA:true
> >   PathLen:2147483647
> > ]
> >
> > [3]: ObjectId: 2.5.29.31 Criticality=false
> > CRLDistributionPoints [
> >   [DistributionPoint:
> >      [URIName: http://crl.globalsign.net/root-r2.crl]
> > ]]
> >
> > [4]: ObjectId: 2.5.29.15 Criticality=true
> > KeyUsage [
> >   Key_CertSign
> >   Crl_Sign
> > ]
> >
> > [5]: ObjectId: 2.5.29.14 Criticality=false
> > SubjectKeyIdentifier [
> > KeyIdentifier [
> > 0000: 9B E2 07 57 67 1C 1E C0   6A 06 DE 59 B4 9A 2D DF  ...Wg...j..Y..-.
> > 0010: DC 19 86 2E                                        ....
> > ]
> > ]
> >
> > ]
> >   Algorithm: [SHA1withRSA]
> >   Signature:
> > 0000: 99 81 53 87 1C 68 97 86   91 EC E0 4A B8 44 0B AB  ..S..h.....J.D..
> > 0010: 81 AC 27 4F D6 C1 B8 1C   43 78 B3 0C 9A FC EA 2C  ..'O....Cx.....,
> > 0020: 3C 6E 61 1B 4D 4B 29 F5   9F 05 1D 26 C1 B8 E9 83  <na.MK)....&....
> > 0030: 00 62 45 B6 A9 08 93 B9   A9 33 4B 18 9A C2 F8 87  .bE......3K.....
> > 0040: 88 4E DB DD 71 34 1A C1   54 DA 46 3F E0 D3 2A AB  .N..q4..T.F?..*.
> > 0050: 6D 54 22 F5 3A 62 CD 20   6F BA 29 89 D7 DD 91 EE  mT".:b. o.).....
> > 0060: D3 5C A2 3E A1 5B 41 F5   DF E5 64 43 2D E9 D5 39  .\.>.[A...dC-..9
> > 0070: AB D2 A2 DF B7 8B D0 C0   80 19 1C 45 C0 2D 8C E8  ...........E.-..
> > 0080: F8 2D A4 74 56 49 C5 05   B5 4F 15 DE 6E 44 78 39  .-.tVI...O..nDx9
> > 0090: 87 A8 7E BB F3 79 18 91   BB F4 6F 9D C1 F0 8C 35  .....y....o....5
> > 00A0: 8C 5D 01 FB C3 6D B9 EF   44 6D 79 46 31 7E 0A FE  .]...m..DmyF1...
> > 00B0: A9 82 C1 FF EF AB 6E 20   C4 50 C9 5F 9D 4D 9B 17  ......n .P._.M..
> > 00C0: 8C 0C E5 01 C9 A0 41 6A   73 53 FA A5 50 B4 6E 25  ......AjsS..P.n%
> > 00D0: 0F FB 4C 18 F4 FD 52 D9   8E 69 B1 E8 11 0F DE 88  ..L...R..i......
> > 00E0: D8 FB 1D 49 F7 AA DE 95   CF 20 78 C2 60 12 DB 25  ...I..... x.`..%
> > 00F0: 40 8C 6A FC 7E 42 38 40   64 12 F7 9E 81 E1 93 2E  @.j..B8@d.
> ......
> >
> > ]
> > main, READ: TLSv1 Handshake, length = 4
> > *** ServerHelloDone
> > *** ClientKeyExchange, RSA PreMasterSecret, TLSv1
> > main, WRITE: TLSv1 Handshake, length = 262
> > SESSION KEYGEN:
> > PreMaster Secret:
> > 0000: 03 01 21 B5 D6 C8 83 20   13 CE 9D 81 F5 A8 8A 41  ..!.... .......A
> > 0010: DF 7C 00 1F DC 55 1E 03   F5 B9 A6 AE FE F5 EF 8F  .....U..........
> > 0020: D8 30 2C 83 3C 66 40 9E   D2 EF 06 88 16 AB 4F 87  .0,.<f@
> .......O.
> > CONNECTION KEYGEN:
> > Client Nonce:
> > 0000: 56 C9 33 40 B5 33 F0 5B   D5 80 FD 82 AF 01 78 90  V.3@
> .3.[......x.
> > 0010: AF 2F 54 FF 6E B0 5A 0C   01 DE 1A E4 D9 FD CC B7  ./T.n.Z.........
> > Server Nonce:
> > 0000: F1 37 7D EC 40 57 7E A9   83 A6 83 35 2F 74 84 7B  .7..@W.
> ....5/t..
> > 0010: 60 EF D6 D4 CD E9 3C 2B   2F D7 2A F1 46 47 C1 A3  `.....<+/.*.FG..
> > Master Secret:
> > 0000: 6D 69 DA AA B3 B5 32 CB   23 3A 65 0E B9 82 0D A0  mi....2.#:e.....
> > 0010: F1 BA CC 1D 5C 40 AE 40   5F A2 C5 93 4D 1A A0 4E  ....\@.@_...M..N
> > 0020: A0 87 22 6E FF D9 64 05   8F 92 EF 8D AE 07 49 54  .."n..d.......IT
> > Client MAC write Secret:
> > 0000: C8 43 0C 40 43 8B B0 CE   7A 2F 0E 1F 03 D3 54 B8  .C.@C.
> ..z/....T.
> > 0010: DE 34 8F 90                                        .4..
> > Server MAC write Secret:
> > 0000: 6E 93 C2 22 EA EF 6B 2D   28 E1 65 8E 34 48 32 1E  n.."..k-(.e.4H2.
> > 0010: 95 21 57 ED                                        .!W.
> > Client write key:
> > 0000: AE 53 70 D1 87 6C 8B 09   E0 17 84 19 F1 6E 48 47  .Sp..l.......nHG
> > Server write key:
> > 0000: 27 4C EC 7F 63 08 FA EA   47 FB 1C F3 05 90 D3 9E  'L..c...G.......
> > Client write IV:
> > 0000: CD FC 9B 82 6C 44 5E 83   FF 64 B1 B8 E1 76 87 97  ....lD^..d...v..
> > Server write IV:
> > 0000: 4F 4B 7D D1 22 0F 57 1A   87 8D 67 51 F1 95 87 EA  OK..".W...gQ....
> > main, WRITE: TLSv1 Change Cipher Spec, length = 1
> > *** Finished
> > verify_data:  { 102, 197, 238, 191, 74, 233, 79, 51, 129, 63, 254, 62 }
> > ***
> > main, WRITE: TLSv1 Handshake, length = 48
> > main, READ: TLSv1 Change Cipher Spec, length = 1
> > main, READ: TLSv1 Handshake, length = 48
> > *** Finished
> > verify_data:  { 126, 240, 234, 164, 31, 72, 200, 61, 37, 219, 129, 50 }
> > ***
> > %% Cached client session: [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]
> > main, WRITE: TLSv1 Application Data, length = 176
> > main, handling exception: java.net.SocketException: Connection reset
> > %% Invalidated:  [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]
> > main, SEND TLSv1 ALERT:  fatal, description = unexpected_message
> > main, WRITE: TLSv1 Alert, length = 32
> > main, Exception sending alert: java.net.SocketException: Connection reset
> > by peer: socket write error
> > main, called closeSocket()
> > main, called close()
> > main, called closeInternal(true)
>
>
> It looks like the server may not like the TLS_RSA_WITH_AES_128_CBC_SHA
> cipher chosen by the client.
>
> Oleg
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message