[
https://issues.apache.org/jira/browse/BROOKLYN-302?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15331451#comment-15331451
]
Duncan Grant commented on BROOKLYN-302:
---------------------------------------
java ssl debug:
{noformat}
trustStore is:
/Library/Java/JavaVirtualMachines/jdk1.8.0_92.jdk/Contents/Home/jre/lib/security/cacerts
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
Issuer: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
Algorithm: RSA; Serial number: 0xc3517
Valid from Mon Jun 21 05:00:00 BST 1999 until Mon Jun 22 05:00:00 BST 2020
adding as trusted cert:
Subject: CN=SecureTrust CA, O=SecureTrust Corporation, C=US
Issuer: CN=SecureTrust CA, O=SecureTrust Corporation, C=US
Algorithm: RSA; Serial number: 0xcf08e5c0816a5ad427ff0eb271859d0
Valid from Tue Nov 07 19:31:18 GMT 2006 until Mon Dec 31 19:40:55 GMT 2029
adding as trusted cert:
Subject: CN=Entrust Root Certification Authority - EC1, OU="(c) 2012 Entrust,
Inc. - for authorized use only", OU=See www.entrust.net/legal-terms,
O="Entrust, Inc.", C=US
Issuer: CN=Entrust Root Certification Authority - EC1, OU="(c) 2012 Entrust,
Inc. - for authorized use only", OU=See www.entrust.net/legal-terms,
O="Entrust, Inc.", C=US
Algorithm: EC; Serial number: 0xa68b79290000000050d091f9
Valid from Tue Dec 18 15:25:36 GMT 2012 until Fri Dec 18 15:55:36 GMT 2037
adding as trusted cert:
Subject: OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP
Issuer: OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP
Algorithm: RSA; Serial number: 0x0
Valid from Tue Sep 30 05:20:49 BST 2003 until Sat Sep 30 05:20:49 BST 2023
adding as trusted cert:
Subject: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Issuer: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Algorithm: RSA; Serial number: 0x83be056904246b1a1756ac95991c74a
Valid from Fri Nov 10 00:00:00 GMT 2006 until Mon Nov 10 00:00:00 GMT 2031
adding as trusted cert:
Subject: CN=QuoVadis Root CA 2 G3, O=QuoVadis Limited, C=BM
Issuer: CN=QuoVadis Root CA 2 G3, O=QuoVadis Limited, C=BM
Algorithm: RSA; Serial number: 0x445734245b81899b35f2ceb82b3b5ba726f07528
Valid from Thu Jan 12 18:59:32 GMT 2012 until Sun Jan 12 18:59:32 GMT 2042
adding as trusted cert:
Subject: CN=DigiCert Trusted Root G4, OU=www.digicert.com, O=DigiCert Inc,
C=US
Issuer: CN=DigiCert Trusted Root G4, OU=www.digicert.com, O=DigiCert Inc,
C=US
Algorithm: RSA; Serial number: 0x59b1b579e8e2132e23907bda777755c
Valid from Thu Aug 01 13:00:00 BST 2013 until Fri Jan 15 12:00:00 GMT 2038
adding as trusted cert:
Subject: CN=GeoTrust Primary Certification Authority, O=GeoTrust Inc., C=US
Issuer: CN=GeoTrust Primary Certification Authority, O=GeoTrust Inc., C=US
Algorithm: RSA; Serial number: 0x18acb56afd69b6153a636cafdafac4a1
Valid from Mon Nov 27 00:00:00 GMT 2006 until Thu Jul 17 00:59:59 BST 2036
adding as trusted cert:
Subject: OU=Security Communication RootCA2, O="SECOM Trust Systems CO.,LTD.",
C=JP
Issuer: OU=Security Communication RootCA2, O="SECOM Trust Systems CO.,LTD.",
C=JP
Algorithm: RSA; Serial number: 0x0
Valid from Fri May 29 06:00:39 BST 2009 until Tue May 29 06:00:39 BST 2029
adding as trusted cert:
Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For
authorized use only", OU=Class 3 Public Primary Certification Authority - G2,
O="VeriSign, Inc.", C=US
Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For
authorized use only", OU=Class 3 Public Primary Certification Authority - G2,
O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x7dd9fe07cfa81eb7107967fba78934c6
Valid from Mon May 18 01:00:00 BST 1998 until Wed Aug 02 00:59:59 BST 2028
adding as trusted cert:
Subject: OU=ePKI Root Certification Authority, O="Chunghwa Telecom Co.,
Ltd.", C=TW
Issuer: OU=ePKI Root Certification Authority, O="Chunghwa Telecom Co.,
Ltd.", C=TW
Algorithm: RSA; Serial number: 0x15c8bd65475cafb897005ee406d2bc9d
Valid from Mon Dec 20 02:31:27 GMT 2004 until Wed Dec 20 02:31:27 GMT 2034
adding as trusted cert:
Subject: CN=AffirmTrust Commercial, O=AffirmTrust, C=US
Issuer: CN=AffirmTrust Commercial, O=AffirmTrust, C=US
Algorithm: RSA; Serial number: 0x7777062726a9b17c
Valid from Fri Jan 29 14:06:06 GMT 2010 until Tue Dec 31 14:06:06 GMT 2030
adding as trusted cert:
Subject: CN=Certum Trusted Network CA, OU=Certum Certification Authority,
O=Unizeto Technologies S.A., C=PL
Issuer: CN=Certum Trusted Network CA, OU=Certum Certification Authority,
O=Unizeto Technologies S.A., C=PL
Algorithm: RSA; Serial number: 0x444c0
Valid from Wed Oct 22 13:07:37 BST 2008 until Mon Dec 31 12:07:37 GMT 2029
adding as trusted cert:
Subject: CN=XRamp Global Certification Authority, O=XRamp Security Services
Inc, OU=www.xrampsecurity.com, C=US
Issuer: CN=XRamp Global Certification Authority, O=XRamp Security Services
Inc, OU=www.xrampsecurity.com, C=US
Algorithm: RSA; Serial number: 0x50946cec18ead59c4dd597ef758fa0ad
Valid from Mon Nov 01 17:14:04 GMT 2004 until Mon Jan 01 05:37:19 GMT 2035
adding as trusted cert:
Subject: CN=Sonera Class2 CA, O=Sonera, C=FI
Issuer: CN=Sonera Class2 CA, O=Sonera, C=FI
Algorithm: RSA; Serial number: 0x1d
Valid from Fri Apr 06 08:29:40 BST 2001 until Tue Apr 06 08:29:40 BST 2021
adding as trusted cert:
Subject: CN=America Online Root Certification Authority 1, O=America Online
Inc., C=US
Issuer: CN=America Online Root Certification Authority 1, O=America Online
Inc., C=US
Algorithm: RSA; Serial number: 0x1
Valid from Tue May 28 07:00:00 BST 2002 until Thu Nov 19 20:43:00 GMT 2037
adding as trusted cert:
Subject: CN=GeoTrust Primary Certification Authority - G2, OU=(c) 2007
GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US
Issuer: CN=GeoTrust Primary Certification Authority - G2, OU=(c) 2007
GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US
Algorithm: EC; Serial number: 0x3cb2f4480a00e2feeb243b5e603ec36b
Valid from Mon Nov 05 00:00:00 GMT 2007 until Mon Jan 18 23:59:59 GMT 2038
adding as trusted cert:
Subject: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
Algorithm: RSA; Serial number: 0x35def4cf
Valid from Sat Aug 22 17:41:51 BST 1998 until Wed Aug 22 17:41:51 BST 2018
adding as trusted cert:
Subject: CN=COMODO ECC Certification Authority, O=COMODO CA Limited,
L=Salford, ST=Greater Manchester, C=GB
Issuer: CN=COMODO ECC Certification Authority, O=COMODO CA Limited,
L=Salford, ST=Greater Manchester, C=GB
Algorithm: EC; Serial number: 0x1f47afaa62007050544c019e9b63992a
Valid from Thu Mar 06 00:00:00 GMT 2008 until Mon Jan 18 23:59:59 GMT 2038
adding as trusted cert:
Subject: CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com,
O=DigiCert Inc, C=US
Issuer: CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com,
O=DigiCert Inc, C=US
Algorithm: RSA; Serial number: 0x2ac5c266a0b409b8f0b79f2ae462577
Valid from Fri Nov 10 00:00:00 GMT 2006 until Mon Nov 10 00:00:00 GMT 2031
adding as trusted cert:
Subject: CN=GeoTrust Universal CA, O=GeoTrust Inc., C=US
Issuer: CN=GeoTrust Universal CA, O=GeoTrust Inc., C=US
Algorithm: RSA; Serial number: 0x1
Valid from Thu Mar 04 05:00:00 GMT 2004 until Sun Mar 04 05:00:00 GMT 2029
adding as trusted cert:
Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
Algorithm: RSA; Serial number: 0x4000000000121585308a2
Valid from Wed Mar 18 10:00:00 GMT 2009 until Sun Mar 18 10:00:00 GMT 2029
adding as trusted cert:
Subject: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Issuer: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Algorithm: RSA; Serial number: 0x20000b9
Valid from Fri May 12 19:46:00 BST 2000 until Tue May 13 00:59:00 BST 2025
adding as trusted cert:
Subject: OU=Starfield Class 2 Certification Authority, O="Starfield
Technologies, Inc.", C=US
Issuer: OU=Starfield Class 2 Certification Authority, O="Starfield
Technologies, Inc.", C=US
Algorithm: RSA; Serial number: 0x0
Valid from Tue Jun 29 18:39:16 BST 2004 until Thu Jun 29 18:39:16 BST 2034
adding as trusted cert:
Subject: CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte,
L=Durbanville, ST=Western Cape, C=ZA
Issuer: CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte,
L=Durbanville, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x67c8e1e8e3be1cbdfc913b8ea6238749
Valid from Wed Jan 01 00:00:00 GMT 1997 until Fri Jan 01 23:59:59 GMT 2021
adding as trusted cert:
Subject: CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford,
ST=Greater Manchester, C=GB
Issuer: CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford,
ST=Greater Manchester, C=GB
Algorithm: RSA; Serial number: 0x1
Valid from Thu Jan 01 00:00:00 GMT 2004 until Sun Dec 31 23:59:59 GMT 2028
adding as trusted cert:
Subject: CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The
USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Issuer: CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The
USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Algorithm: RSA; Serial number: 0x44be0c8b500024b411d3362afe650afd
Valid from Fri Jul 09 19:10:42 BST 1999 until Tue Jul 09 19:19:22 BST 2019
adding as trusted cert:
Subject: CN=Chambers of Commerce Root, OU=http://www.chambersign.org, O=AC
Camerfirma SA CIF A82743287, C=EU
Issuer: CN=Chambers of Commerce Root, OU=http://www.chambersign.org, O=AC
Camerfirma SA CIF A82743287, C=EU
Algorithm: RSA; Serial number: 0x0
Valid from Tue Sep 30 17:13:43 BST 2003 until Wed Sep 30 17:13:44 BST 2037
adding as trusted cert:
Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G3,
OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust
Network, O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3,
OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust
Network, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x9b7e0649a33e62b9d5ee90487129ef57
Valid from Fri Oct 01 01:00:00 BST 1999 until Thu Jul 17 00:59:59 BST 2036
adding as trusted cert:
Subject: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
Issuer: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
Algorithm: RSA; Serial number: 0x40000000001154b5ac394
Valid from Tue Sep 01 13:00:00 BST 1998 until Fri Jan 28 12:00:00 GMT 2028
adding as trusted cert:
Subject: CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The
USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Issuer: CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The
USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Algorithm: RSA; Serial number: 0x44be0c8b500024b411d3362de0b35f1b
Valid from Fri Jul 09 19:31:20 BST 1999 until Tue Jul 09 19:40:36 BST 2019
adding as trusted cert:
Subject: CN=AffirmTrust Networking, O=AffirmTrust, C=US
Issuer: CN=AffirmTrust Networking, O=AffirmTrust, C=US
Algorithm: RSA; Serial number: 0x7c4f04391cd4992d
Valid from Fri Jan 29 14:08:24 GMT 2010 until Tue Dec 31 14:08:24 GMT 2030
adding as trusted cert:
Subject: CN=AffirmTrust Premium, O=AffirmTrust, C=US
Issuer: CN=AffirmTrust Premium, O=AffirmTrust, C=US
Algorithm: RSA; Serial number: 0x6d8c1446b1a60aee
Valid from Fri Jan 29 14:10:36 GMT 2010 until Mon Dec 31 14:10:36 GMT 2040
adding as trusted cert:
Subject: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust,
O=Baltimore, C=IE
Issuer: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust,
O=Baltimore, C=IE
Algorithm: RSA; Serial number: 0x20000bf
Valid from Wed May 17 15:01:00 BST 2000 until Sun May 18 00:59:00 BST 2025
adding as trusted cert:
Subject: CN=America Online Root Certification Authority 2, O=America Online
Inc., C=US
Issuer: CN=America Online Root Certification Authority 2, O=America Online
Inc., C=US
Algorithm: RSA; Serial number: 0x1
Valid from Tue May 28 07:00:00 BST 2002 until Tue Sep 29 15:08:00 BST 2037
adding as trusted cert:
Subject: CN=LuxTrust Global Root, O=LuxTrust s.a., C=LU
Issuer: CN=LuxTrust Global Root, O=LuxTrust s.a., C=LU
Algorithm: RSA; Serial number: 0xbb8
Valid from Thu Mar 17 09:51:37 GMT 2011 until Wed Mar 17 09:51:37 GMT 2021
adding as trusted cert:
Subject: CN=GeoTrust Primary Certification Authority - G3, OU=(c) 2008
GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US
Issuer: CN=GeoTrust Primary Certification Authority - G3, OU=(c) 2008
GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US
Algorithm: RSA; Serial number: 0x15ac6e9419b2794b41f627a9c3180f1f
Valid from Wed Apr 02 01:00:00 BST 2008 until Tue Dec 01 23:59:59 GMT 2037
adding as trusted cert:
Subject: CN=Chambers of Commerce Root - 2008, O=AC Camerfirma S.A.,
SERIALNUMBER=A82743287, L=Madrid (see current address at
www.camerfirma.com/address), C=EU
Issuer: CN=Chambers of Commerce Root - 2008, O=AC Camerfirma S.A.,
SERIALNUMBER=A82743287, L=Madrid (see current address at
www.camerfirma.com/address), C=EU
Algorithm: RSA; Serial number: 0xa3da427ea4b1aeda
Valid from Fri Aug 01 13:29:50 BST 2008 until Sat Jul 31 13:29:50 BST 2038
adding as trusted cert:
Subject: CN=SwissSign Silver CA - G2, O=SwissSign AG, C=CH
Issuer: CN=SwissSign Silver CA - G2, O=SwissSign AG, C=CH
Algorithm: RSA; Serial number: 0x4f1bd42f54bb2f4b
Valid from Wed Oct 25 09:32:46 BST 2006 until Sat Oct 25 09:32:46 BST 2036
adding as trusted cert:
Subject: CN=Entrust Root Certification Authority - G2, OU="(c) 2009 Entrust,
Inc. - for authorized use only", OU=See www.entrust.net/legal-terms,
O="Entrust, Inc.", C=US
Issuer: CN=Entrust Root Certification Authority - G2, OU="(c) 2009 Entrust,
Inc. - for authorized use only", OU=See www.entrust.net/legal-terms,
O="Entrust, Inc.", C=US
Algorithm: RSA; Serial number: 0x4a538c28
Valid from Tue Jul 07 18:25:54 BST 2009 until Sat Dec 07 17:55:54 GMT 2030
adding as trusted cert:
Subject: CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc,
C=US
Issuer: CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc,
C=US
Algorithm: RSA; Serial number: 0xce7e0e517d846fe8fe560fc1bf03039
Valid from Fri Nov 10 00:00:00 GMT 2006 until Mon Nov 10 00:00:00 GMT 2031
adding as trusted cert:
Subject: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group,
Inc.", C=US
Issuer: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group,
Inc.", C=US
Algorithm: RSA; Serial number: 0x0
Valid from Tue Jun 29 18:06:20 BST 2004 until Thu Jun 29 18:06:20 BST 2034
adding as trusted cert:
Subject: CN=AddTrust External CA Root, OU=AddTrust External TTP Network,
O=AddTrust AB, C=SE
Issuer: CN=AddTrust External CA Root, OU=AddTrust External TTP Network,
O=AddTrust AB, C=SE
Algorithm: RSA; Serial number: 0x1
Valid from Tue May 30 11:48:38 BST 2000 until Sat May 30 11:48:38 BST 2020
adding as trusted cert:
Subject: CN=T-TeleSec GlobalRoot Class 3, OU=T-Systems Trust Center,
O=T-Systems Enterprise Services GmbH, C=DE
Issuer: CN=T-TeleSec GlobalRoot Class 3, OU=T-Systems Trust Center,
O=T-Systems Enterprise Services GmbH, C=DE
Algorithm: RSA; Serial number: 0x1
Valid from Wed Oct 01 11:29:56 BST 2008 until Sun Oct 02 00:59:59 BST 2033
adding as trusted cert:
Subject: CN=DigiCert Global Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US
Issuer: CN=DigiCert Global Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US
Algorithm: EC; Serial number: 0x55556bcf25ea43535c3a40fd5ab4572
Valid from Thu Aug 01 13:00:00 BST 2013 until Fri Jan 15 12:00:00 GMT 2038
adding as trusted cert:
Subject: CN=UTN-USERFirst-Client Authentication and Email,
OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT,
C=US
Issuer: CN=UTN-USERFirst-Client Authentication and Email,
OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT,
C=US
Algorithm: RSA; Serial number: 0x44be0c8b500024b411d336252567c989
Valid from Fri Jul 09 18:28:50 BST 1999 until Tue Jul 09 18:36:58 BST 2019
adding as trusted cert:
Subject: CN=Class 2 Primary CA, O=Certplus, C=FR
Issuer: CN=Class 2 Primary CA, O=Certplus, C=FR
Algorithm: RSA; Serial number: 0x85bd4bf3d8dae369f694d75fc3a54423
Valid from Wed Jul 07 18:05:00 BST 1999 until Sun Jul 07 00:59:59 BST 2019
adding as trusted cert:
Subject: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
Issuer: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
Algorithm: RSA; Serial number: 0x23456
Valid from Tue May 21 05:00:00 BST 2002 until Sat May 21 05:00:00 BST 2022
adding as trusted cert:
Subject: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
Issuer: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
Algorithm: RSA; Serial number: 0x4eb200670c035d4f
Valid from Wed Oct 25 09:36:00 BST 2006 until Sat Oct 25 09:36:00 BST 2036
adding as trusted cert:
Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R5
Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R5
Algorithm: EC; Serial number: 0x605949e0262ebb55f90a778a71f94ad86c
Valid from Tue Nov 13 00:00:00 GMT 2012 until Tue Jan 19 03:14:07 GMT 2038
adding as trusted cert:
Subject: CN=Starfield Root Certificate Authority - G2, O="Starfield
Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
Issuer: CN=Starfield Root Certificate Authority - G2, O="Starfield
Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
Algorithm: RSA; Serial number: 0x0
Valid from Tue Sep 01 01:00:00 BST 2009 until Thu Dec 31 23:59:59 GMT 2037
adding as trusted cert:
Subject: CN=VeriSign Class 2 Public Primary Certification Authority - G3,
OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust
Network, O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Class 2 Public Primary Certification Authority - G3,
OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust
Network, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x6170cb498c5f984529e7b0a6d9505b7a
Valid from Fri Oct 01 01:00:00 BST 1999 until Thu Jul 17 00:59:59 BST 2036
adding as trusted cert:
Subject: CN=Entrust.net Certification Authority (2048), OU=(c) 1999
Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits
liab.), O=Entrust.net
Issuer: CN=Entrust.net Certification Authority (2048), OU=(c) 1999
Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits
liab.), O=Entrust.net
Algorithm: RSA; Serial number: 0x3863def8
Valid from Fri Dec 24 17:50:51 GMT 1999 until Tue Jul 24 15:15:12 BST 2029
adding as trusted cert:
Subject: CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For
authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
Issuer: CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For
authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
Algorithm: RSA; Serial number: 0x344ed55720d5edec49f42fce37db2b6d
Valid from Fri Nov 17 00:00:00 GMT 2006 until Thu Jul 17 00:59:59 BST 2036
adding as trusted cert:
Subject: CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.",
L=Scottsdale, ST=Arizona, C=US
Issuer: CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.",
L=Scottsdale, ST=Arizona, C=US
Algorithm: RSA; Serial number: 0x0
Valid from Tue Sep 01 01:00:00 BST 2009 until Thu Dec 31 23:59:59 GMT 2037
adding as trusted cert:
Subject: CN=VeriSign Class 1 Public Primary Certification Authority - G3,
OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust
Network, O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Class 1 Public Primary Certification Authority - G3,
OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust
Network, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x8b5b75568454850b00cfaf3848ceb1a4
Valid from Fri Oct 01 01:00:00 BST 1999 until Thu Jul 17 00:59:59 BST 2036
adding as trusted cert:
Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G4,
OU="(c) 2007 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust
Network, O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G4,
OU="(c) 2007 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust
Network, O="VeriSign, Inc.", C=US
Algorithm: EC; Serial number: 0x2f80fe238c0e220f486712289187acb3
Valid from Mon Nov 05 00:00:00 GMT 2007 until Mon Jan 18 23:59:59 GMT 2038
adding as trusted cert:
Subject: CN=Entrust Root Certification Authority, OU="(c) 2006 Entrust,
Inc.", OU=www.entrust.net/CPS is incorporated by reference, O="Entrust, Inc.",
C=US
Issuer: CN=Entrust Root Certification Authority, OU="(c) 2006 Entrust,
Inc.", OU=www.entrust.net/CPS is incorporated by reference, O="Entrust, Inc.",
C=US
Algorithm: RSA; Serial number: 0x456b5054
Valid from Mon Nov 27 20:23:42 GMT 2006 until Fri Nov 27 20:53:42 GMT 2026
adding as trusted cert:
Subject: CN=DigiCert Assured ID Root G2, OU=www.digicert.com, O=DigiCert Inc,
C=US
Issuer: CN=DigiCert Assured ID Root G2, OU=www.digicert.com, O=DigiCert Inc,
C=US
Algorithm: RSA; Serial number: 0xb931c3ad63967ea6723bfc3af9af44b
Valid from Thu Aug 01 13:00:00 BST 2013 until Fri Jan 15 12:00:00 GMT 2038
adding as trusted cert:
Subject: CN=Certum CA, O=Unizeto Sp. z o.o., C=PL
Issuer: CN=Certum CA, O=Unizeto Sp. z o.o., C=PL
Algorithm: RSA; Serial number: 0x10020
Valid from Tue Jun 11 11:46:39 BST 2002 until Fri Jun 11 11:46:39 BST 2027
adding as trusted cert:
Subject: CN=AddTrust Qualified CA Root, OU=AddTrust TTP Network, O=AddTrust
AB, C=SE
Issuer: CN=AddTrust Qualified CA Root, OU=AddTrust TTP Network, O=AddTrust
AB, C=SE
Algorithm: RSA; Serial number: 0x1
Valid from Tue May 30 11:44:50 BST 2000 until Sat May 30 11:44:50 BST 2020
adding as trusted cert:
Subject: CN=Buypass Class 2 Root CA, O=Buypass AS-983163327, C=NO
Issuer: CN=Buypass Class 2 Root CA, O=Buypass AS-983163327, C=NO
Algorithm: RSA; Serial number: 0x2
Valid from Tue Oct 26 09:38:03 BST 2010 until Fri Oct 26 09:38:03 BST 2040
adding as trusted cert:
Subject: CN=DigiCert Assured ID Root G3, OU=www.digicert.com, O=DigiCert Inc,
C=US
Issuer: CN=DigiCert Assured ID Root G3, OU=www.digicert.com, O=DigiCert Inc,
C=US
Algorithm: EC; Serial number: 0xba15afa1ddfa0b54944afcd24a06cec
Valid from Thu Aug 01 13:00:00 BST 2013 until Fri Jan 15 12:00:00 GMT 2038
adding as trusted cert:
Subject: CN=SwissSign Gold CA - G2, O=SwissSign AG, C=CH
Issuer: CN=SwissSign Gold CA - G2, O=SwissSign AG, C=CH
Algorithm: RSA; Serial number: 0xbb401c43f55e4fb0
Valid from Wed Oct 25 09:30:35 BST 2006 until Sat Oct 25 09:30:35 BST 2036
adding as trusted cert:
Subject: CN=USERTrust ECC Certification Authority, O=The USERTRUST Network,
L=Jersey City, ST=New Jersey, C=US
Issuer: CN=USERTrust ECC Certification Authority, O=The USERTRUST Network,
L=Jersey City, ST=New Jersey, C=US
Algorithm: EC; Serial number: 0x5c8b99c55a94c5d27156decd8980cc26
Valid from Mon Feb 01 00:00:00 GMT 2010 until Mon Jan 18 23:59:59 GMT 2038
adding as trusted cert:
Subject: CN=UTN - DATACorp SGC, OU=http://www.usertrust.com, O=The USERTRUST
Network, L=Salt Lake City, ST=UT, C=US
Issuer: CN=UTN - DATACorp SGC, OU=http://www.usertrust.com, O=The USERTRUST
Network, L=Salt Lake City, ST=UT, C=US
Algorithm: RSA; Serial number: 0x44be0c8b500021b411d32a6806a9ad69
Valid from Thu Jun 24 19:57:21 BST 1999 until Mon Jun 24 20:06:30 BST 2019
adding as trusted cert:
Subject: CN=QuoVadis Root CA 2, O=QuoVadis Limited, C=BM
Issuer: CN=QuoVadis Root CA 2, O=QuoVadis Limited, C=BM
Algorithm: RSA; Serial number: 0x509
Valid from Fri Nov 24 18:27:00 GMT 2006 until Mon Nov 24 18:23:33 GMT 2031
adding as trusted cert:
Subject: CN=Deutsche Telekom Root CA 2, OU=T-TeleSec Trust Center, O=Deutsche
Telekom AG, C=DE
Issuer: CN=Deutsche Telekom Root CA 2, OU=T-TeleSec Trust Center, O=Deutsche
Telekom AG, C=DE
Algorithm: RSA; Serial number: 0x26
Valid from Fri Jul 09 13:11:00 BST 1999 until Wed Jul 10 00:59:00 BST 2019
adding as trusted cert:
Subject: CN=QuoVadis Root CA 1 G3, O=QuoVadis Limited, C=BM
Issuer: CN=QuoVadis Root CA 1 G3, O=QuoVadis Limited, C=BM
Algorithm: RSA; Serial number: 0x78585f2ead2c194be3370735341328b596d46593
Valid from Thu Jan 12 17:27:44 GMT 2012 until Sun Jan 12 17:27:44 GMT 2042
adding as trusted cert:
Subject: OU=Class 1 Public Primary Certification Authority, O="VeriSign,
Inc.", C=US
Issuer: OU=Class 1 Public Primary Certification Authority, O="VeriSign,
Inc.", C=US
Algorithm: RSA; Serial number: 0x3f691e819cf09a4af373ffb948a2e4dd
Valid from Mon Jan 29 00:00:00 GMT 1996 until Thu Aug 03 00:59:59 BST 2028
adding as trusted cert:
Subject: CN=USERTrust RSA Certification Authority, O=The USERTRUST Network,
L=Jersey City, ST=New Jersey, C=US
Issuer: CN=USERTrust RSA Certification Authority, O=The USERTRUST Network,
L=Jersey City, ST=New Jersey, C=US
Algorithm: RSA; Serial number: 0x1fd6d30fca3ca51a81bbc640e35032d
Valid from Mon Feb 01 00:00:00 GMT 2010 until Mon Jan 18 23:59:59 GMT 2038
adding as trusted cert:
Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For
authorized use only", OU=Class 2 Public Primary Certification Authority - G2,
O="VeriSign, Inc.", C=US
Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For
authorized use only", OU=Class 2 Public Primary Certification Authority - G2,
O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0xb92f60cc889fa17a4609b85b706c8aaf
Valid from Mon May 18 01:00:00 BST 1998 until Wed Aug 02 00:59:59 BST 2028
adding as trusted cert:
Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G5,
OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust
Network, O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5,
OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust
Network, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x18dad19e267de8bb4a2158cdcc6b3b4a
Valid from Wed Nov 08 00:00:00 GMT 2006 until Thu Jul 17 00:59:59 BST 2036
adding as trusted cert:
Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Algorithm: RSA; Serial number: 0x400000000010f8626e60d
Valid from Fri Dec 15 08:00:00 GMT 2006 until Wed Dec 15 08:00:00 GMT 2021
adding as trusted cert:
Subject: CN=QuoVadis Root CA 3, O=QuoVadis Limited, C=BM
Issuer: CN=QuoVadis Root CA 3, O=QuoVadis Limited, C=BM
Algorithm: RSA; Serial number: 0x5c6
Valid from Fri Nov 24 19:11:23 GMT 2006 until Mon Nov 24 19:06:44 GMT 2031
adding as trusted cert:
Subject: CN=Starfield Services Root Certificate Authority - G2, O="Starfield
Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
Issuer: CN=Starfield Services Root Certificate Authority - G2, O="Starfield
Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
Algorithm: RSA; Serial number: 0x0
Valid from Tue Sep 01 01:00:00 BST 2009 until Thu Dec 31 23:59:59 GMT 2037
adding as trusted cert:
Subject: CN=Swisscom Root CA 2, OU=Digital Certificate Services, O=Swisscom,
C=ch
Issuer: CN=Swisscom Root CA 2, OU=Digital Certificate Services, O=Swisscom,
C=ch
Algorithm: RSA; Serial number: 0x1e9e28e848f2e5efc37c4a1e5a1867b6
Valid from Fri Jun 24 09:38:14 BST 2011 until Wed Jun 25 08:38:14 BST 2031
adding as trusted cert:
Subject: CN=QuoVadis Root CA 3 G3, O=QuoVadis Limited, C=BM
Issuer: CN=QuoVadis Root CA 3 G3, O=QuoVadis Limited, C=BM
Algorithm: RSA; Serial number: 0x2ef59b0228a7db7affd5a3a9eebd03a0cf126a1d
Valid from Thu Jan 12 20:26:32 GMT 2012 until Sun Jan 12 20:26:32 GMT 2042
adding as trusted cert:
Subject: CN=Actalis Authentication Root CA, O=Actalis S.p.A./03358520967,
L=Milan, C=IT
Issuer: CN=Actalis Authentication Root CA, O=Actalis S.p.A./03358520967,
L=Milan, C=IT
Algorithm: RSA; Serial number: 0x570a119742c4e3cc
Valid from Thu Sep 22 12:22:02 BST 2011 until Sun Sep 22 12:22:02 BST 2030
adding as trusted cert:
Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign,
Inc.", C=US
Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign,
Inc.", C=US
Algorithm: RSA; Serial number: 0x3c9131cb1ff6d01b0e9ab8d044bf12be
Valid from Mon Jan 29 00:00:00 GMT 1996 until Thu Aug 03 00:59:59 BST 2028
adding as trusted cert:
Subject: CN=QuoVadis Root Certification Authority, OU=Root Certification
Authority, O=QuoVadis Limited, C=BM
Issuer: CN=QuoVadis Root Certification Authority, OU=Root Certification
Authority, O=QuoVadis Limited, C=BM
Algorithm: RSA; Serial number: 0x3ab6508b
Valid from Mon Mar 19 18:33:33 GMT 2001 until Wed Mar 17 18:33:33 GMT 2021
adding as trusted cert:
Subject: CN=Class 3P Primary CA, O=Certplus, C=FR
Issuer: CN=Class 3P Primary CA, O=Certplus, C=FR
Algorithm: RSA; Serial number: 0xbf5cdbb6f21c6ec04deb7a023b36e879
Valid from Wed Jul 07 18:10:00 BST 1999 until Sun Jul 07 00:59:59 BST 2019
adding as trusted cert:
Subject: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US
Issuer: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US
Algorithm: RSA; Serial number: 0x59e3
Valid from Mon Jun 21 05:00:00 BST 1999 until Mon Jun 22 05:00:00 BST 2020
adding as trusted cert:
Subject: CN=Buypass Class 3 Root CA, O=Buypass AS-983163327, C=NO
Issuer: CN=Buypass Class 3 Root CA, O=Buypass AS-983163327, C=NO
Algorithm: RSA; Serial number: 0x2
Valid from Tue Oct 26 09:28:58 BST 2010 until Fri Oct 26 09:28:58 BST 2040
adding as trusted cert:
Subject: OU=Security Communication EV RootCA1, O="SECOM Trust Systems
CO.,LTD.", C=JP
Issuer: OU=Security Communication EV RootCA1, O="SECOM Trust Systems
CO.,LTD.", C=JP
Algorithm: RSA; Serial number: 0x0
Valid from Wed Jun 06 03:12:32 BST 2007 until Sat Jun 06 03:12:32 BST 2037
adding as trusted cert:
Subject: CN=thawte Primary Root CA - G2, OU="(c) 2007 thawte, Inc. - For
authorized use only", O="thawte, Inc.", C=US
Issuer: CN=thawte Primary Root CA - G2, OU="(c) 2007 thawte, Inc. - For
authorized use only", O="thawte, Inc.", C=US
Algorithm: EC; Serial number: 0x35fc265cd9844fc93d263d579baed756
Valid from Mon Nov 05 00:00:00 GMT 2007 until Mon Jan 18 23:59:59 GMT 2038
adding as trusted cert:
Subject: CN=Swisscom Root EV CA 2, OU=Digital Certificate Services,
O=Swisscom, C=ch
Issuer: CN=Swisscom Root EV CA 2, OU=Digital Certificate Services,
O=Swisscom, C=ch
Algorithm: RSA; Serial number: 0xf2fa64e27463d38dfd101d041f76ca58
Valid from Fri Jun 24 10:45:08 BST 2011 until Wed Jun 25 09:45:08 BST 2031
adding as trusted cert:
Subject: CN=VeriSign Universal Root Certification Authority, OU="(c) 2008
VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network,
O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Universal Root Certification Authority, OU="(c) 2008
VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network,
O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x401ac46421b31321030ebbe4121ac51d
Valid from Wed Apr 02 01:00:00 BST 2008 until Tue Dec 01 23:59:59 GMT 2037
adding as trusted cert:
Subject: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB,
C=SE
Issuer: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB,
C=SE
Algorithm: RSA; Serial number: 0x1
Valid from Tue May 30 11:38:31 BST 2000 until Sat May 30 11:38:31 BST 2020
adding as trusted cert:
Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R4
Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R4
Algorithm: EC; Serial number: 0x2a38a41c960a04de42b228a50be8349802
Valid from Tue Nov 13 00:00:00 GMT 2012 until Tue Jan 19 03:14:07 GMT 2038
adding as trusted cert:
Subject: CN=Global Chambersign Root - 2008, O=AC Camerfirma S.A.,
SERIALNUMBER=A82743287, L=Madrid (see current address at
www.camerfirma.com/address), C=EU
Issuer: CN=Global Chambersign Root - 2008, O=AC Camerfirma S.A.,
SERIALNUMBER=A82743287, L=Madrid (see current address at
www.camerfirma.com/address), C=EU
Algorithm: RSA; Serial number: 0xc9cdd3e9d57d23ce
Valid from Fri Aug 01 13:31:40 BST 2008 until Sat Jul 31 13:31:40 BST 2038
adding as trusted cert:
Subject: CN=COMODO RSA Certification Authority, O=COMODO CA Limited,
L=Salford, ST=Greater Manchester, C=GB
Issuer: CN=COMODO RSA Certification Authority, O=COMODO CA Limited,
L=Salford, ST=Greater Manchester, C=GB
Algorithm: RSA; Serial number: 0x4caaf9cadb636fe01ff74ed85b03869d
Valid from Tue Jan 19 00:00:00 GMT 2010 until Mon Jan 18 23:59:59 GMT 2038
adding as trusted cert:
Subject: CN=thawte Primary Root CA - G3, OU="(c) 2008 thawte, Inc. - For
authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
Issuer: CN=thawte Primary Root CA - G3, OU="(c) 2008 thawte, Inc. - For
authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
Algorithm: RSA; Serial number: 0x600197b746a7eab4b49ad64b2ff790fb
Valid from Wed Apr 02 01:00:00 BST 2008 until Tue Dec 01 23:59:59 GMT 2037
adding as trusted cert:
Subject: [email protected], CN=Thawte Premium Server CA,
OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town,
ST=Western Cape, C=ZA
Issuer: [email protected], CN=Thawte Premium Server CA,
OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town,
ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x36122296c5e338a520a1d25f4cd70954
Valid from Thu Aug 01 01:00:00 BST 1996 until Fri Jan 01 23:59:59 GMT 2021
adding as trusted cert:
Subject: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.",
O=GTE Corporation, C=US
Issuer: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.",
O=GTE Corporation, C=US
Algorithm: RSA; Serial number: 0x1a5
Valid from Thu Aug 13 01:29:00 BST 1998 until Tue Aug 14 00:59:00 BST 2018
adding as trusted cert:
Subject: CN=AffirmTrust Premium ECC, O=AffirmTrust, C=US
Issuer: CN=AffirmTrust Premium ECC, O=AffirmTrust, C=US
Algorithm: EC; Serial number: 0x7497258ac73f7a54
Valid from Fri Jan 29 14:20:24 GMT 2010 until Mon Dec 31 14:20:24 GMT 2040
adding as trusted cert:
Subject: CN=T-TeleSec GlobalRoot Class 2, OU=T-Systems Trust Center,
O=T-Systems Enterprise Services GmbH, C=DE
Issuer: CN=T-TeleSec GlobalRoot Class 2, OU=T-Systems Trust Center,
O=T-Systems Enterprise Services GmbH, C=DE
Algorithm: RSA; Serial number: 0x1
Valid from Wed Oct 01 11:40:14 BST 2008 until Sun Oct 02 00:59:59 BST 2033
adding as trusted cert:
Subject: CN=Sonera Class1 CA, O=Sonera, C=FI
Issuer: CN=Sonera Class1 CA, O=Sonera, C=FI
Algorithm: RSA; Serial number: 0x24
Valid from Fri Apr 06 11:49:13 BST 2001 until Tue Apr 06 11:49:13 BST 2021
adding as trusted cert:
Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For
authorized use only", OU=Class 1 Public Primary Certification Authority - G2,
O="VeriSign, Inc.", C=US
Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For
authorized use only", OU=Class 1 Public Primary Certification Authority - G2,
O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x4cc7eaaa983e71d39310f83d3a899192
Valid from Mon May 18 01:00:00 BST 1998 until Wed Aug 02 00:59:59 BST 2028
adding as trusted cert:
Subject: CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR
Issuer: CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR
Algorithm: RSA; Serial number: 0x1121bc276c5547af584eefd4ced629b2a285
Valid from Tue May 26 01:00:00 BST 2009 until Tue May 26 01:00:00 BST 2020
adding as trusted cert:
Subject: CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US
Issuer: CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US
Algorithm: RSA; Serial number: 0x33af1e6a711a9a0bb2864b11d09fae5
Valid from Thu Aug 01 13:00:00 BST 2013 until Fri Jan 15 12:00:00 GMT 2038
trigger seeding of SecureRandom
done seeding SecureRandom
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
brooklyn-jetty-server-8081-qtp1066575950-33, setSoTimeout(0) called
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for
TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for
TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for
TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for
TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for
TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for
TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for
TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for
TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for
TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for
TLSv1.1
%% No cached client session
*** ClientHello, TLSv1.2
RandomCookie: GMT: 1465931420 bytes = { 69, 154, 73, 202, 238, 73, 139, 149,
89, 82, 146, 212, 222, 231, 52, 202, 145, 195, 28, 94, 229, 186, 144, 255, 199,
121, 154, 87 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2,
secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1,
sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1,
secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1,
secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA,
SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA,
SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
***
brooklyn-jetty-server-8081-qtp1066575950-33, WRITE: TLSv1.2 Handshake, length =
193
brooklyn-jetty-server-8081-qtp1066575950-33, READ: TLSv1.2 Handshake, length =
89
*** ServerHello, TLSv1.2
RandomCookie: GMT: 1465931613 bytes = { 164, 22, 118, 125, 186, 142, 168, 214,
114, 235, 109, 69, 32, 218, 35, 94, 74, 61, 251, 247, 101, 170, 138, 208, 40,
140, 27, 220 }
Session ID: {76, 175, 104, 124, 111, 232, 169, 188, 220, 101, 18, 80, 82, 46,
84, 105, 20, 94, 210, 238, 8, 127, 224, 106, 247, 139, 156, 122, 210, 246, 212,
84}
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
Extension ec_point_formats, formats: [uncompressed, ansiX962_compressed_prime,
ansiX962_compressed_char2]
***
%% Initialized: [Session-1, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
** TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
brooklyn-jetty-server-8081-qtp1066575950-33, READ: TLSv1.2 Handshake, length =
3140
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=github.com, O="GitHub, Inc.", L=San Francisco, ST=California,
C=US, OID.2.5.4.17=94107, STREET="88 Colin P Kelly, Jr Street",
SERIALNUMBER=5157550, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware,
OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.2.5.4.15=Private Organization
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
modulus:
29228291586411801150687864404306523745724345591150737242344515708146044687830610903627244230322116148964889136299393918008394475528311571236330807623767090801980834497294003637903833024542751179662460286084954686588725445460176943071052806364513428544395575781278625745046025775201457436111331828935561284481601243295143663462508127502940915239703118960877407439795745785220992979468193047851390838515757868570106907722884098879968325331952898133536543210786954931489971401565838024976242713308924778654433162674897360289047109438675900333865528657603857469265730000499898107082856244070155461487647470817986534157283
public exponent: 65537
Validity: [From: Thu Mar 10 00:00:00 GMT 2016,
To: Thu May 17 13:00:00 BST 2018]
Issuer: CN=DigiCert SHA2 Extended Validation Server CA, OU=www.digicert.com,
O=DigiCert Inc, C=US
SerialNumber: [ 0bfdb409 0ad7b5e6 40c30b16 c9529a27]
Certificate Extensions: 10
[1]: ObjectId: 1.3.6.1.4.1.11129.2.4.2 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 82 01 6F 04 82 01 6B 01 69 00 76 00 A4 B9 09 ...o...k.i.v....
0010: 90 B4 18 58 14 87 BB 13 A2 CC 67 70 0A 3C 35 98 ...X......gp.<5.
0020: 04 F9 1B DF B8 E3 77 CD 0E C8 0D DC 10 00 00 01 ......w.........
0030: 53 61 89 EA 1E 00 00 04 03 00 47 30 45 02 21 00 Sa........G0E.!.
0040: 87 1D 21 18 FD 13 8A DB FB 0E 96 36 CA 68 D1 1C ..!........6.h..
0050: 29 6C FA 07 11 C9 34 F3 AD 8D 2C AE 56 74 A7 E1 )l....4...,.Vt..
0060: 02 20 27 A4 6A BD 86 D2 5F 5B CA 2D E5 FB BE 99 . '.j..._[.-....
0070: CE 7C 20 1F 4B 66 3C 94 1E 51 34 CC 24 EA EB 36 .. .Kf<..Q4.$..6
0080: 42 20 00 76 00 68 F6 98 F8 1F 64 82 BE 3A 8C EE B .v.h....d..:..
0090: B9 28 1D 4C FC 71 51 5D 67 93 D4 44 D1 0A 67 AC .(.L.qQ]g..D..g.
00A0: BB 4F 4F FB C4 00 00 01 53 61 89 E9 E7 00 00 04 .OO.....Sa......
00B0: 03 00 47 30 45 02 21 00 D9 A5 DE 52 FB 7B 68 F2 ..G0E.!....R..h.
00C0: 4E E5 70 37 96 06 18 89 01 28 98 4E 4D AB 34 04 N.p7.....(.NM.4.
00D0: F6 EA 55 5A 33 7C 61 5B 02 20 35 4A AB 90 83 83 ..UZ3.a[. 5J....
00E0: 66 94 60 FA 48 61 A7 C6 A0 EB 90 7C 9A ED 29 E0 f.`.Ha........).
00F0: 95 00 9A 44 43 6E 26 27 46 F6 00 77 00 56 14 06 ...DCn&'F..w.V..
0100: 9A 2F D7 C2 EC D3 F5 E1 BD 44 B2 3E C7 46 76 B9 ./.......D.>.Fv.
0110: BC 99 11 5C C0 EF 94 98 55 D6 89 D0 DD 00 00 01 ...\....U.......
0120: 53 61 89 EA 99 00 00 04 03 00 48 30 46 02 21 00 Sa........H0F.!.
0130: E7 9B 75 92 B6 5B C4 F7 D1 82 8B 34 B1 F9 41 AD ..u..[.....4..A.
0140: 1A 64 24 D9 64 E8 92 83 E0 A3 58 5F 8A FF 33 20 .d$.d.....X_..3
0150: 02 21 00 FA D8 79 7A C1 82 C7 80 F6 35 16 5A 80 .!...yz.....5.Z.
0160: 78 22 F9 9C 66 DB 21 8D 7B 28 9D 3F 0C 20 6D 6E x"..f.!..(.?. mn
0170: D7 31 7C .1.
[2]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: ocsp
accessLocation: URIName: http://ocsp.digicert.com
,
accessMethod: caIssuers
accessLocation: URIName:
http://cacerts.digicert.com/DigiCertSHA2ExtendedValidationServerCA.crt
]
]
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 3D D3 50 A5 D6 A0 AD EE F3 4A 60 0A 65 D3 21 D4 =.P......J`.e.!.
0010: F8 F8 D6 0F ....
]
]
[4]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
]
[5]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl3.digicert.com/sha2-ev-server-g1.crl]
, DistributionPoint:
[URIName: http://crl4.digicert.com/sha2-ev-server-g1.crl]
]]
[6]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.840.1.114412.2.1]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 64 69
..https://www.di
0010: 67 69 63 65 72 74 2E 63 6F 6D 2F 43 50 53 gicert.com/CPS
]] ]
[CertificatePolicyId: [2.23.140.1.1]
[] ]
]
[7]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
]
[8]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
]
[9]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: github.com
DNSName: www.github.com
]
[10]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 88 5C 48 67 19 CC A0 76 59 2D 11 79 C3 BE A2 AC .\Hg...vY-.y....
0010: 87 22 27 5B ."'[
]
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 8B 6C DB 64 C6 EB 29 AB 27 2A F2 1D 44 A5 B9 80 .l.d..).'*..D...
0010: 5F 4C 0C E4 3A 16 EE 13 3F 15 57 73 E0 B2 77 2A _L..:...?.Ws..w*
0020: 67 ED CA 4D 72 77 C8 FF 3D 2C 51 AC 04 0D D8 CA g..Mrw..=,Q.....
0030: FF 7E B2 9E 2B C3 44 D5 C3 23 8B 7D A6 25 B0 6A ....+.D..#...%.j
0040: A5 6B 4A FF EC 02 F9 AB CF A6 50 54 6C DA 73 3F .kJ.......PTl.s?
0050: 9D DC B9 33 05 FD 0B 2C C4 8B 4F 18 D3 F9 FC E4 ...3...,..O.....
0060: FD 02 3D 41 C4 0F CD A1 F5 99 2A 1E 2E 7D 5E DC ..=A......*...^.
0070: CF 7A 58 44 34 B8 04 5F 84 10 54 38 97 91 98 FB .zXD4.._..T8....
0080: 2A 78 58 90 3F C5 2B D8 B1 31 D6 79 6C 51 0F 5F *xX.?.+..1.ylQ._
0090: E7 97 AD BF 45 DF 45 37 63 64 69 C4 55 A3 30 B1 ....E.E7cdi.U.0.
00A0: 45 59 5E 16 B0 47 4C 5C 6A 20 FE A4 0E 7C 62 2C EY^..GL\j ....b,
00B0: 49 41 AD 99 E0 B5 8D 3B 89 EB 5A 61 95 4B 40 DF IA.....;..Za.K@.
00C0: C4 4F 2A 8B 41 FB 6C 7F C4 DE 73 04 E4 95 B8 EF .O*.A.l...s.....
00D0: 9B C3 53 26 A6 DA 21 58 9F 63 0A B0 34 DF B8 95 ..S&..!X.c..4...
00E0: 1C 52 DC 5E 65 36 50 3F 8A 5D 76 20 E8 1B 46 2A .R.^e6P?.]v ..F*
00F0: 0B 23 AD A8 F0 6D 03 68 45 10 80 73 5F F2 F4 86 .#...m.hE..s_...
]
chain [1] = [
[
Version: V3
Subject: CN=DigiCert SHA2 Extended Validation Server CA, OU=www.digicert.com,
O=DigiCert Inc, C=US
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
modulus:
27182480329609083645624358951312470735111101465904409517579603324443610948627123317276574372284092612395466705913697296538729051610615914979630979130353728187634968718301037795642657343511174042315836449309023250377748929072088632079297292400799455978070288868084050898983836205888774855547544255622648360396227755156561340192722735895290847161205245369772696734401944671246358701321167149070896780343739667326363444343051093227411009129654263748425661222582889902796954800796685968517689977802189122916931470605744698837719347057766694419404975072163417802333656859496792447815284011528855507761771697613578237909299
public exponent: 65537
Validity: [From: Tue Oct 22 13:00:00 BST 2013,
To: Sun Oct 22 13:00:00 BST 2028]
Issuer: CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com,
O=DigiCert Inc, C=US
SerialNumber: [ 0c79a944 b08c1195 2092615f e26b1d83]
Certificate Extensions: 8
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: ocsp
accessLocation: URIName: http://ocsp.digicert.com
]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: B1 3E C3 69 03 F8 BF 47 01 D4 98 26 1A 08 02 EF .>.i...G...&....
0010: 63 64 2B C3 cd+.
]
]
[3]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:0
]
[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl]
]]
[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.5.29.32.0]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 64 69
..https://www.di
0010: 67 69 63 65 72 74 2E 63 6F 6D 2F 43 50 53 gicert.com/CPS
]] ]
]
[6]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
]
[7]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
]
[8]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 3D D3 50 A5 D6 A0 AD EE F3 4A 60 0A 65 D3 21 D4 =.P......J`.e.!.
0010: F8 F8 D6 0F ....
]
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 9D B6 D0 90 86 E1 86 02 ED C5 A0 F0 34 1C 74 C1 ............4.t.
0010: 8D 76 CC 86 0A A8 F0 4A 8A 42 D6 3F C8 A9 4D AD .v.....J.B.?..M.
0020: 7C 08 AD E6 B6 50 B8 A2 1A 4D 88 07 B1 29 21 DC .....P...M...)!.
0030: E7 DA C6 3C 21 E0 E3 11 49 70 AC 7A 1D 01 A4 CA ...<!...Ip.z....
0040: 11 3A 57 AB 7D 57 2A 40 74 FD D3 1D 85 18 50 DF .:W..W*@t.....P.
0050: 57 47 75 A1 7D 55 20 2E 47 37 50 72 8C 7F 82 1B WGu..U .G7Pr....
0060: D2 62 8F 2D 03 5A DA C3 C8 A1 CE 2C 52 A2 00 63 .b.-.Z.....,R..c
0070: EB 73 BA 71 C8 49 27 23 97 64 85 9E 38 0E AD 63 .s.q.I'#.d..8..c
0080: 68 3C BA 52 81 58 79 A3 2C 0C DF DE 6D EB 31 F2 h<.R.Xy.,...m.1.
0090: BA A0 7C 6C F1 2C D4 E1 BD 77 84 37 03 CE 32 B5 ...l.,...w.7..2.
00A0: C8 9A 81 1A 4A 92 4E 3B 46 9A 85 FE 83 A2 F9 9E ....J.N;F.......
00B0: 8C A3 CC 0D 5E B3 3D CF 04 78 8F 14 14 7B 32 9C ....^.=..x....2.
00C0: C7 00 A6 5C C4 B5 A1 55 8D 5A 56 68 A4 22 70 AA ...\...U.ZVh."p.
00D0: 3C 81 71 D9 9D A8 45 3B F4 E5 F6 A2 51 DD C7 7B <.q...E;....Q...
00E0: 62 E8 6F 0C 74 EB B8 DA F8 BF 87 0D 79 50 91 90 b.o.t.......yP..
00F0: 9B 18 3B 91 59 27 F1 35 28 13 AB 26 7E D5 F7 7A ..;.Y'.5(..&...z
]
***
Found trusted certificate:
[
[
Version: V3
Subject: CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com,
O=DigiCert Inc, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus:
25096222514443076901272460785174517607620538894364887395200690111394566020592736673662921945840817328364413674741800760450235583027021531642816683159576973866853280121844679977899567994751333258123861457007523791425003154230648819528564116339145266255263939030158519839380078368713888028673211448476392899923583233481355650312351351674302573096563616905459255557919180852201759360299861601875234807995701275332739967359933679872406573487332354516530701356470999683428220594248446682388824996574482294270079277019729636834333736001968484903342759579838975239653144282134955700899224002867238843313167887950361608604619
public exponent: 65537
Validity: [From: Fri Nov 10 00:00:00 GMT 2006,
To: Mon Nov 10 00:00:00 GMT 2031]
Issuer: CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com,
O=DigiCert Inc, C=US
SerialNumber: [ 02ac5c26 6a0b409b 8f0b79f2 ae462577]
Certificate Extensions: 4
[1]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: B1 3E C3 69 03 F8 BF 47 01 D4 98 26 1A 08 02 EF .>.i...G...&....
0010: 63 64 2B C3 cd+.
]
]
[2]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]
[3]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
]
[4]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: B1 3E C3 69 03 F8 BF 47 01 D4 98 26 1A 08 02 EF .>.i...G...&....
0010: 63 64 2B C3 cd+.
]
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 1C 1A 06 97 DC D7 9C 9F 3C 88 66 06 08 57 21 DB ........<.f..W!.
0010: 21 47 F8 2A 67 AA BF 18 32 76 40 10 57 C1 8A F3 !G.*[email protected]...
0020: 7A D9 11 65 8E 35 FA 9E FC 45 B5 9E D9 4C 31 4B z..e.5...E...L1K
0030: B8 91 E8 43 2C 8E B3 78 CE DB E3 53 79 71 D6 E5 ...C,..x...Syq..
0040: 21 94 01 DA 55 87 9A 24 64 F6 8A 66 CC DE 9C 37 !...U..$d..f...7
0050: CD A8 34 B1 69 9B 23 C8 9E 78 22 2B 70 43 E3 55 ..4.i.#..x"+pC.U
0060: 47 31 61 19 EF 58 C5 85 2F 4E 30 F6 A0 31 16 23 G1a..X../N0..1.#
0070: C8 E7 E2 65 16 33 CB BF 1A 1B A0 3D F8 CA 5E 8B ...e.3.....=..^.
0080: 31 8B 60 08 89 2D 0C 06 5C 52 B7 C4 F9 0A 98 D1 1.`..-..\R......
0090: 15 5F 9F 12 BE 7C 36 63 38 BD 44 A4 7F E4 26 2B ._....6c8.D...&+
00A0: 0A C4 97 69 0D E9 8C E2 C0 10 57 B8 C8 76 12 91 ...i......W..v..
00B0: 55 F2 48 69 D8 BC 2A 02 5B 0F 44 D4 20 31 DB F4 U.Hi..*.[.D. 1..
00C0: BA 70 26 5D 90 60 9E BC 4B 17 09 2F B4 CB 1E 43 .p&].`..K../...C
00D0: 68 C9 07 27 C1 D2 5C F7 EA 21 B9 68 12 9C 3C 9C h..'..\..!.h..<.
00E0: BF 9E FC 80 5C 9B 63 CD EC 47 AA 25 27 67 A0 37 ....\.c..G.%'g.7
00F0: F3 00 82 7D 54 D7 A9 F8 E9 2E 13 A3 77 E8 1F 4A ....T.......w..J
]
brooklyn-jetty-server-8081-qtp1066575950-33, READ: TLSv1.2 Handshake, length =
333
*** ECDH ServerKeyExchange
Signature Algorithm SHA512withRSA
Server key: Sun EC public key, 256 bits
public x coord:
12117955157101880253225755011702628170084603828573672856910486733372662371338
public y coord:
78144805389052191447186636696375358433821140616614269426299329185046280176240
parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7)
brooklyn-jetty-server-8081-qtp1066575950-33, READ: TLSv1.2 Handshake, length = 4
*** ServerHelloDone
*** ECDHClientKeyExchange
ECDH Public value: { 4, 88, 123, 153, 81, 180, 195, 76, 248, 110, 219, 60, 95,
174, 206, 189, 98, 2, 99, 205, 75, 123, 138, 118, 191, 116, 227, 26, 214, 5,
22, 229, 38, 136, 39, 225, 188, 240, 15, 179, 92, 119, 60, 40, 177, 131, 28,
53, 15, 111, 137, 206, 164, 44, 2, 0, 52, 24, 241, 157, 86, 85, 121, 218, 233 }
brooklyn-jetty-server-8081-qtp1066575950-33, WRITE: TLSv1.2 Handshake, length =
70
SESSION KEYGEN:
PreMaster Secret:
0000: 47 81 C1 67 B8 09 58 38 DF B1 9B C3 6D 34 FF 7B G..g..X8....m4..
0010: 6C 67 56 87 86 75 10 05 16 DC EC 65 94 C6 C8 BC lgV..u.....e....
CONNECTION KEYGEN:
Client Nonce:
0000: 57 60 57 9C 45 9A 49 CA EE 49 8B 95 59 52 92 D4 W`W.E.I..I..YR..
0010: DE E7 34 CA 91 C3 1C 5E E5 BA 90 FF C7 79 9A 57 ..4....^.....y.W
Server Nonce:
0000: 57 60 57 5D A4 16 76 7D BA 8E A8 D6 72 EB 6D 45 W`W]..v.....r.mE
0010: 20 DA 23 5E 4A 3D FB F7 65 AA 8A D0 28 8C 1B DC .#^J=..e...(...
Master Secret:
0000: B6 2F 40 A4 56 7B AE 64 66 3F A3 48 E2 A1 1B 9A ./@.V..df?.H....
0010: 9F 3A 53 6A DE 6B 15 42 FE 7A E4 B9 7D 0D 67 9A .:Sj.k.B.z....g.
0020: 98 C0 02 56 AD E5 4E 2F 80 B3 AC 2A 3A F2 C4 84 ...V..N/...*:...
... no MAC keys used for this cipher
Client write key:
0000: 09 29 7E 72 FD D8 40 2F 0D A8 9C FF 0A D8 69 EC .).r..@/......i.
Server write key:
0000: 85 BF 75 80 41 FD CA 07 63 81 6E 81 F4 EB 24 C7 ..u.A...c.n...$.
Client write IV:
0000: 48 0D 1F 2B H..+
Server write IV:
0000: EB C3 4E 55 ..NU
brooklyn-jetty-server-8081-qtp1066575950-33, WRITE: TLSv1.2 Change Cipher Spec,
length = 1
*** Finished
verify_data: { 232, 134, 50, 30, 231, 234, 156, 252, 235, 190, 222, 92 }
***
brooklyn-jetty-server-8081-qtp1066575950-33, WRITE: TLSv1.2 Handshake, length =
40
brooklyn-jetty-server-8081-qtp1066575950-33, READ: TLSv1.2 Change Cipher Spec,
length = 1
brooklyn-jetty-server-8081-qtp1066575950-33, READ: TLSv1.2 Handshake, length =
40
*** Finished
verify_data: { 198, 212, 164, 248, 112, 72, 113, 189, 67, 43, 24, 71 }
***
%% Cached client session: [Session-1, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
brooklyn-jetty-server-8081-qtp1066575950-33, setSoTimeout(0) called
brooklyn-jetty-server-8081-qtp1066575950-33, WRITE: TLSv1.2 Application Data,
length = 247
brooklyn-jetty-server-8081-qtp1066575950-33, READ: TLSv1.2 Application Data,
length = 1394
brooklyn-jetty-server-8081-qtp1066575950-33, READ: TLSv1.2 Application Data,
length = 899
brooklyn-jetty-server-8081-qtp1066575950-33, called close()
brooklyn-jetty-server-8081-qtp1066575950-33, called closeInternal(true)
brooklyn-jetty-server-8081-qtp1066575950-33, SEND TLSv1.2 ALERT: warning,
description = close_notify
brooklyn-jetty-server-8081-qtp1066575950-33, WRITE: TLSv1.2 Alert, length = 26
brooklyn-jetty-server-8081-qtp1066575950-33, called closeSocket(true)
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
brooklyn-jetty-server-8081-qtp1066575950-33, setSoTimeout(0) called
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for
TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for
TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for
TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for
TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for
TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for
TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for
TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for
TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for
TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for
TLSv1.1
%% No cached client session
*** ClientHello, TLSv1.2
RandomCookie: GMT: 1465931421 bytes = { 29, 36, 122, 182, 242, 201, 100, 157,
19, 158, 47, 8, 244, 123, 186, 98, 131, 128, 39, 208, 105, 66, 194, 172, 213,
96, 231, 163 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2,
secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1,
sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1,
secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1,
secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA,
SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA,
SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
***
brooklyn-jetty-server-8081-qtp1066575950-33, WRITE: TLSv1.2 Handshake, length =
193
brooklyn-jetty-server-8081-qtp1066575950-33, READ: TLSv1.2 Alert, length = 2
brooklyn-jetty-server-8081-qtp1066575950-33, RECV TLSv1.2 ALERT: fatal,
close_notify
brooklyn-jetty-server-8081-qtp1066575950-33, called closeSocket()
brooklyn-jetty-server-8081-qtp1066575950-33, handling exception:
javax.net.ssl.SSLException: Received fatal alert: close_notify
brooklyn-jetty-server-8081-qtp1066575950-33, called close()
brooklyn-jetty-server-8081-qtp1066575950-33, called closeInternal(true)
2016-06-14 20:14:37,774 WARN Problem in user-supplied script:
org.apache.brooklyn.util.exceptions.PropagatedRuntimeException: SSLException:
Received fatal alert: close_notify
org.apache.brooklyn.util.exceptions.PropagatedRuntimeException:
at
org.apache.brooklyn.util.exceptions.Exceptions.propagate(Exceptions.java:128)
~[brooklyn-utils-common-0.10.0-20160613.090333-51.jar:0.10.0-SNAPSHOT]
Caused by: javax.net.ssl.SSLException: Received fatal alert: close_notify
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
~[na:1.8.0_92]
{noformat}
> SSLException: close_notify in ResourceUtils getResourceAsString against https
> url
> ---------------------------------------------------------------------------------
>
> Key: BROOKLYN-302
> URL: https://issues.apache.org/jira/browse/BROOKLYN-302
> Project: Brooklyn
> Issue Type: Bug
> Affects Versions: 0.10.0
> Reporter: Duncan Grant
> Priority: Minor
>
> This can be reproduced by running the following in the groovy console of
> brooklyn but I'm not sure when it will fail.
> {code}
> org.apache.brooklyn.util.core.ResourceUtils utils =
> org.apache.brooklyn.util.core.ResourceUtils.create();
> String result =
> utils.getResourceAsString("https://github.com/apache/brooklyn-library/raw/master/examples/simple-web-cluster/src/main/resources/visitors-creation-script.sql";);
> System.out.println(result);
> {code}
> I have seen this consistently fail for the last few days and have tried with
> java versions 1.7.0_71, 1.8.0_45, and 1.8.0_92.
> Error on failure is:
> {noformat}
> 2016-06-14 16:43:13,301 WARN Problem in user-supplied script:
> org.apache.brooklyn.util.exceptions.PropagatedRuntimeException: SSLException:
> Received fatal alert: close_notify
> org.apache.brooklyn.util.exceptions.PropagatedRuntimeException:
> at
> org.apache.brooklyn.util.exceptions.Exceptions.propagate(Exceptions.java:128)
> ~[brooklyn-utils-common-0.10.0-20160613.090333-51.jar:0.10.0-SNAPSHOT]
> Caused by: javax.net.ssl.SSLException: Received fatal alert: close_notify
> at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
> ~[na:1.8.0_92]
> {noformat}
> However this is working for me today. This may be because I am running this
> from the office rather than from home so I will try again at home this
> evening.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
