Re: [Dev] Continous SSL handshake requests triggering from ESB 5.0.0-Pre-Beta2 after latest component updates

2016-07-13 Thread Isuru Udana 
Hi Chanaka,

It looks like this is not related to request processing.
Have you accessed the management console after starting the server ?

"http-nio-9443-exec-16" gives the idea that this is happening from servlet
transport.



On Wed, Jul 13, 2016 at 2:35 PM, Chanaka Fernando  wrote:

> Hi Devs,
>
> We are seeing following[1]  SSL handshake logs continuously after starting
> the ESB. This can be seen when the server is started with the following
> command.
>
> sh wso2server.sh -Djavax.net.debug=ssl:handshake
>
> These logs are printed in the carbon log continuously even though we are
> not sending any request to ESB. This was not there in ESB 5.0.0 Beta pack.
> Did anyone encountered a similar issue?
>
> [1] *** ClientHello, TLSv1.2
> RandomCookie:  GMT: 1451623051 bytes = { 98, 83, 62, 146, 217, 212, 181,
> 158, 111, 193, 193, 158, 75, 176, 45, 95, 157, 76, 60, 41, 180, 242, 30,
> 165, 127, 209, 136, 165 }
> Session ID:  {87, 133, 253, 130, 65, 120, 180, 150, 106, 104, 99, 252,
> 181, 108, 210, 214, 34, 59, 117, 37, 88, 33, 223, 44, 110, 103, 27, 250,
> 226, 46, 168, 40}
> Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256,
> TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
> TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
> TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA,
> TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256,
> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
> TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA,
> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
> TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
> TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384,
> TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
> TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
> TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
> TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
> TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
> TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
> TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
> TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
> SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
> TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
> Compression Methods:  { 0 }
> Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2,
> secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1,
> secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1,
> secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1,
> sect193r2, secp224k1, sect239k1, secp256k1}
> Extension ec_point_formats, formats: [uncompressed]
> Extension signature_algorithms, signature_algorithms: SHA512withECDSA,
> SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA,
> SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA,
> SHA1withDSA
> ***
> %% Resuming [Session-1, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256]
> *** ServerHello, TLSv1.2
> RandomCookie:  GMT: 1451623051 bytes = { 114, 182, 182, 220, 47, 131, 165,
> 58, 169, 65, 123, 167, 113, 251, 13, 217, 230, 92, 46, 235, 0, 146, 61,
> 209, 1, 11, 52, 243 }
> Session ID:  {87, 133, 253, 130, 65, 120, 180, 150, 106, 104, 99, 252,
> 181, 108, 210, 214, 34, 59, 117, 37, 88, 33, 223, 44, 110, 103, 27, 250,
> 226, 46, 168, 40}
> Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
> Compression Method: 0
> Extension renegotiation_info, renegotiated_connection: 
> ***
> Cipher suite:  TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
> CONNECTION KEYGEN:
> Client Nonce:
> : 57 86 03 8B 62 53 3E 92   D9 D4 B5 9E 6F C1 C1 9E  W...bS>.o...
> 0010: 4B B0 2D 5F 9D 4C 3C 29   B4 F2 1E A5 7F D1 88 A5  K.-_.L<)
> Server Nonce:
> : 57 86 03 8B 72 B6 B6 DC   2F 83 A5 3A A9 41 7B A7  W...r.../..:.A..
> 0010: 71 FB 0D D9 E6 5C 2E EB   00 92 3D D1 01 0B 34 F3  q\=...4.
> Master Secret:
> : 07 62 4F D6 DD 5F B9 02   FF 13 5A 67 B5 AF F4 54  .bO.._Zg...T
> 0010: AF A3 8F DB 4B EE 7D A6   F0 21 9B 40 B4 64 59 C7  K!.@.dY.
> 0020: 1A 46 6B 06 B2 59 F9 3D   5B 41 A4 38 F6 C0 3B B2  .Fk..Y.=[A.8..;.
> Client MAC write Secret:
> : B9 23 FE 7E AA 03 36 0B   C1 AB 8C 3C F2 C4 43 03

[Dev] Continous SSL handshake requests triggering from ESB 5.0.0-Pre-Beta2 after latest component updates

2016-07-13 Thread Chanaka Fernando 
Hi Devs,

We are seeing following[1]  SSL handshake logs continuously after starting
the ESB. This can be seen when the server is started with the following
command.

sh wso2server.sh -Djavax.net.debug=ssl:handshake

These logs are printed in the carbon log continuously even though we are
not sending any request to ESB. This was not there in ESB 5.0.0 Beta pack.
Did anyone encountered a similar issue?

[1] *** ClientHello, TLSv1.2
RandomCookie:  GMT: 1451623051 bytes = { 98, 83, 62, 146, 217, 212, 181,
158, 111, 193, 193, 158, 75, 176, 45, 95, 157, 76, 60, 41, 180, 242, 30,
165, 127, 209, 136, 165 }
Session ID:  {87, 133, 253, 130, 65, 120, 180, 150, 106, 104, 99, 252, 181,
108, 210, 214, 34, 59, 117, 37, 88, 33, 223, 44, 110, 103, 27, 250, 226,
46, 168, 40}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256,
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA,
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384,
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods:  { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2,
secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1,
secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1,
secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1,
sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA,
SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA,
SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA,
SHA1withDSA
***
%% Resuming [Session-1, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256]
*** ServerHello, TLSv1.2
RandomCookie:  GMT: 1451623051 bytes = { 114, 182, 182, 220, 47, 131, 165,
58, 169, 65, 123, 167, 113, 251, 13, 217, 230, 92, 46, 235, 0, 146, 61,
209, 1, 11, 52, 243 }
Session ID:  {87, 133, 253, 130, 65, 120, 180, 150, 106, 104, 99, 252, 181,
108, 210, 214, 34, 59, 117, 37, 88, 33, 223, 44, 110, 103, 27, 250, 226,
46, 168, 40}
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: 
***
Cipher suite:  TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
CONNECTION KEYGEN:
Client Nonce:
: 57 86 03 8B 62 53 3E 92   D9 D4 B5 9E 6F C1 C1 9E  W...bS>.o...
0010: 4B B0 2D 5F 9D 4C 3C 29   B4 F2 1E A5 7F D1 88 A5  K.-_.L<)
Server Nonce:
: 57 86 03 8B 72 B6 B6 DC   2F 83 A5 3A A9 41 7B A7  W...r.../..:.A..
0010: 71 FB 0D D9 E6 5C 2E EB   00 92 3D D1 01 0B 34 F3  q\=...4.
Master Secret:
: 07 62 4F D6 DD 5F B9 02   FF 13 5A 67 B5 AF F4 54  .bO.._Zg...T
0010: AF A3 8F DB 4B EE 7D A6   F0 21 9B 40 B4 64 59 C7  K!.@.dY.
0020: 1A 46 6B 06 B2 59 F9 3D   5B 41 A4 38 F6 C0 3B B2  .Fk..Y.=[A.8..;.
Client MAC write Secret:
: B9 23 FE 7E AA 03 36 0B   C1 AB 8C 3C F2 C4 43 03  .#6<..C.
0010: A8 28 DF DB 07 3C FA 48   F4 60 D6 8D B6 09 E0 49  .(...<.H.`.I
Server MAC write Secret:
: 79 7A AF 05 68 CA E7 40   C2 AF 2E 05 02 1C ED 4E  yz..h..@...N
0010: 74 03 4F E6 26 BD 47 60   40 B7 47 90 D0 95 74 04  t.O.&.G`@.G...t.
Client write key:
: 9B C5 33 41 CB 46 E4 27   80 00 D8 26 22 51 62 66  ..3A.F.'...&"Qbf
Server write key:
: 99 F8 08 74 95 B8 4F CA   10 56 41 25 0C 6D 7D 6E  ...t..O..VA%.m.n
... no IV derived for this protocol