Hi all,
As requested I pushed a pure JDK reproducer to GitHub which you can
easily use to reproduce the problem. All the details how to run it
etc are in the README.md file. I also included a server to show that
all works if we use the JDK on the client side and server side.
Also as stated before you will see that the cert will be send even
if you use OpenSSL on the serverside if you replace “-Verify 1” with
“-verify 1” (which is kind of the same as setWantClientAuth(true)).
Please don't hesitate to ping me if you need any more details or
have any more questions.
https://github.com/normanmaurer/jdktls13bugreproducer
Here is the output with debugging enabled on the client side.
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.515
CEST|SSLContextImpl.java:427|System property
jdk.tls.client.cipherSuites is set to 'null'
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.529
CEST|SSLContextImpl.java:427|System property
jdk.tls.server.cipherSuites is set to 'null'
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.563
CEST|SSLCipher.java:437|jdk.tls.keyLimits: entry =
AES/GCM/NoPadding KeyUpdate 2^37. AES/GCM/NOPADDING:KEYUPDATE =
137438953472
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.577
CEST|SSLContextImpl.java:401|Ignore disabled cipher suite:
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.577
CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite:
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.578
CEST|SSLContextImpl.java:401|Ignore disabled cipher suite:
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.578
CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite:
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.578
CEST|SSLContextImpl.java:401|Ignore disabled cipher suite:
SSL_RSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.578
CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite:
SSL_RSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.578
CEST|SSLContextImpl.java:401|Ignore disabled cipher suite:
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.579
CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite:
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.579
CEST|SSLContextImpl.java:401|Ignore disabled cipher suite:
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.579
CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite:
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.579
CEST|SSLContextImpl.java:401|Ignore disabled cipher suite:
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.579
CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite:
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.580
CEST|SSLContextImpl.java:401|Ignore disabled cipher suite:
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.580
CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite:
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.581
CEST|SSLContextImpl.java:401|Ignore disabled cipher suite:
TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.581
CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite:
TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.581
CEST|SSLContextImpl.java:401|Ignore disabled cipher suite:
SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.581
CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite:
SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.581
CEST|SSLContextImpl.java:401|Ignore disabled cipher suite:
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.582
CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite:
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.582
CEST|SSLContextImpl.java:401|Ignore disabled cipher suite:
TLS_ECDHE_RSA_WITH_RC4_128_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.582
CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite:
TLS_ECDHE_RSA_WITH_RC4_128_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.582
CEST|SSLContextImpl.java:401|Ignore disabled cipher suite:
SSL_RSA_WITH_RC4_128_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.582
CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite:
SSL_RSA_WITH_RC4_128_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.582
CEST|SSLContextImpl.java:401|Ignore disabled cipher suite:
TLS_ECDH_ECDSA_WITH_RC4_128_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.583
CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite:
TLS_ECDH_ECDSA_WITH_RC4_128_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.583
CEST|SSLContextImpl.java:401|Ignore disabled cipher suite:
TLS_ECDH_RSA_WITH_RC4_128_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.583
CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite:
TLS_ECDH_RSA_WITH_RC4_128_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.583
CEST|SSLContextImpl.java:401|Ignore disabled cipher suite:
SSL_RSA_WITH_RC4_128_MD5
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.583
CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite:
SSL_RSA_WITH_RC4_128_MD5
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.583
CEST|SSLContextImpl.java:401|Ignore disabled cipher suite:
TLS_ECDH_anon_WITH_RC4_128_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.583
CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite:
TLS_ECDH_anon_WITH_RC4_128_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.584
CEST|SSLContextImpl.java:401|Ignore disabled cipher suite:
SSL_DH_anon_WITH_RC4_128_MD5
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.584
CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite:
SSL_DH_anon_WITH_RC4_128_MD5
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.584
CEST|SSLContextImpl.java:401|Ignore disabled cipher suite:
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.584
CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite:
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.585
CEST|SSLContextImpl.java:401|Ignore disabled cipher suite:
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.585
CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite:
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.585
CEST|SSLContextImpl.java:401|Ignore disabled cipher suite:
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.585
CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite:
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.585
CEST|SSLContextImpl.java:401|Ignore disabled cipher suite:
SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.585
CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite:
SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.586
CEST|SSLContextImpl.java:401|Ignore disabled cipher suite:
SSL_RSA_EXPORT_WITH_RC4_40_MD5
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.586
CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite:
SSL_RSA_EXPORT_WITH_RC4_40_MD5
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.586
CEST|SSLContextImpl.java:401|Ignore disabled cipher suite:
SSL_DH_anon_EXPORT_WITH_RC4_40_MD5
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.586
CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite:
SSL_DH_anon_EXPORT_WITH_RC4_40_MD5
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.589
CEST|SSLContextImpl.java:401|Ignore disabled cipher suite:
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.589
CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite:
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.589
CEST|SSLContextImpl.java:401|Ignore disabled cipher suite:
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.589
CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite:
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.589
CEST|SSLContextImpl.java:401|Ignore disabled cipher suite:
SSL_RSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.590
CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite:
SSL_RSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.590
CEST|SSLContextImpl.java:401|Ignore disabled cipher suite:
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.590
CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite:
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.590
CEST|SSLContextImpl.java:401|Ignore disabled cipher suite:
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.590
CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite:
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.590
CEST|SSLContextImpl.java:401|Ignore disabled cipher suite:
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.591
CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite:
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.591
CEST|SSLContextImpl.java:401|Ignore disabled cipher suite:
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.591
CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite:
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.593
CEST|SSLContextImpl.java:401|Ignore disabled cipher suite:
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.593
CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite:
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.594
CEST|SSLContextImpl.java:401|Ignore disabled cipher suite:
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.594
CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite:
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.594
CEST|SSLContextImpl.java:401|Ignore disabled cipher suite:
SSL_RSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.594
CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite:
SSL_RSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.594
CEST|SSLContextImpl.java:401|Ignore disabled cipher suite:
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.594
CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite:
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.595
CEST|SSLContextImpl.java:401|Ignore disabled cipher suite:
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.595
CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite:
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.595
CEST|SSLContextImpl.java:401|Ignore disabled cipher suite:
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.595
CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite:
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.595
CEST|SSLContextImpl.java:401|Ignore disabled cipher suite:
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.595
CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite:
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.597
CEST|SSLContextImpl.java:401|Ignore disabled cipher suite:
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.597
CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite:
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.597
CEST|SSLContextImpl.java:401|Ignore disabled cipher suite:
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.597
CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite:
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.598
CEST|SSLContextImpl.java:401|Ignore disabled cipher suite:
SSL_RSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.598
CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite:
SSL_RSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.598
CEST|SSLContextImpl.java:401|Ignore disabled cipher suite:
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.598
CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite:
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.598
CEST|SSLContextImpl.java:401|Ignore disabled cipher suite:
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.598
CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite:
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.598
CEST|SSLContextImpl.java:401|Ignore disabled cipher suite:
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.598
CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite:
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.599
CEST|SSLContextImpl.java:401|Ignore disabled cipher suite:
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.599
CEST|SSLContextImpl.java:410|Ignore unsupported cipher suite:
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.642
CEST|SunX509KeyManagerImpl.java:164|found key for : 1 (
"certificate" : {
"version" : "v3",
"serial number" : "20 C3 8D C4 49 66 D0 02",
"signature algorithm": "SHA256withRSA",
"issuer" :
"CN=e8ac02fa0d65a84219016045db8b05c485b4ecdf.netty.test",
"not before" : "2013-08-02 09:51:36.000 CEST",
"not after" : "10000-01-01 24:59:59.000 CET",
"subject" :
"CN=e8ac02fa0d65a84219016045db8b05c485b4ecdf.netty.test",
"subject public key" : "RSA"}
)
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.643
CEST|SSLContextImpl.java:115|trigger seeding of SecureRandom
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.643
CEST|SSLContextImpl.java:119|done seeding of SecureRandom
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.665
CEST|HandshakeContext.java:290|Ignore unsupported cipher suite:
TLS_AES_128_GCM_SHA256 for TLS12
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.666
CEST|HandshakeContext.java:290|Ignore unsupported cipher suite:
TLS_AES_256_GCM_SHA384 for TLS12
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.671
CEST|HandshakeContext.java:290|Ignore unsupported cipher suite:
TLS_AES_128_GCM_SHA256 for TLS11
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.671
CEST|HandshakeContext.java:290|Ignore unsupported cipher suite:
TLS_AES_256_GCM_SHA384 for TLS11
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.671
CEST|HandshakeContext.java:290|Ignore unsupported cipher suite:
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 for TLS11
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.671
CEST|HandshakeContext.java:290|Ignore unsupported cipher suite:
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 for TLS11
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.671
CEST|HandshakeContext.java:290|Ignore unsupported cipher suite:
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 for TLS11
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.672
CEST|HandshakeContext.java:290|Ignore unsupported cipher suite:
TLS_RSA_WITH_AES_256_GCM_SHA384 for TLS11
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.672
CEST|HandshakeContext.java:290|Ignore unsupported cipher suite:
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 for TLS11
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.672
CEST|HandshakeContext.java:290|Ignore unsupported cipher suite:
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 for TLS11
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.672
CEST|HandshakeContext.java:290|Ignore unsupported cipher suite:
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 for TLS11
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.672
CEST|HandshakeContext.java:290|Ignore unsupported cipher suite:
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 for TLS11
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.673
CEST|HandshakeContext.java:290|Ignore unsupported cipher suite:
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 for TLS11
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.673
CEST|HandshakeContext.java:290|Ignore unsupported cipher suite:
TLS_RSA_WITH_AES_128_GCM_SHA256 for TLS11
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.673
CEST|HandshakeContext.java:290|Ignore unsupported cipher suite:
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 for TLS11
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.673
CEST|HandshakeContext.java:290|Ignore unsupported cipher suite:
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 for TLS11
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.673
CEST|HandshakeContext.java:290|Ignore unsupported cipher suite:
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 for TLS11
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.673
CEST|HandshakeContext.java:290|Ignore unsupported cipher suite:
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 for TLS11
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.673
CEST|HandshakeContext.java:290|Ignore unsupported cipher suite:
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLS11
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.674
CEST|HandshakeContext.java:290|Ignore unsupported cipher suite:
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLS11
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.674
CEST|HandshakeContext.java:290|Ignore unsupported cipher suite:
TLS_RSA_WITH_AES_256_CBC_SHA256 for TLS11
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.674
CEST|HandshakeContext.java:290|Ignore unsupported cipher suite:
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLS11
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.674
CEST|HandshakeContext.java:290|Ignore unsupported cipher suite:
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLS11
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.674
CEST|HandshakeContext.java:290|Ignore unsupported cipher suite:
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLS11
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.674
CEST|HandshakeContext.java:290|Ignore unsupported cipher suite:
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLS11
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.674
CEST|HandshakeContext.java:290|Ignore unsupported cipher suite:
TLS_AES_128_GCM_SHA256 for TLS10
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.674
CEST|HandshakeContext.java:290|Ignore unsupported cipher suite:
TLS_AES_256_GCM_SHA384 for TLS10
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.675
CEST|HandshakeContext.java:290|Ignore unsupported cipher suite:
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 for TLS10
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.675
CEST|HandshakeContext.java:290|Ignore unsupported cipher suite:
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 for TLS10
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.675
CEST|HandshakeContext.java:290|Ignore unsupported cipher suite:
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 for TLS10
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.675
CEST|HandshakeContext.java:290|Ignore unsupported cipher suite:
TLS_RSA_WITH_AES_256_GCM_SHA384 for TLS10
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.675
CEST|HandshakeContext.java:290|Ignore unsupported cipher suite:
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 for TLS10
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.675
CEST|HandshakeContext.java:290|Ignore unsupported cipher suite:
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 for TLS10
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.675
CEST|HandshakeContext.java:290|Ignore unsupported cipher suite:
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 for TLS10
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.675
CEST|HandshakeContext.java:290|Ignore unsupported cipher suite:
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 for TLS10
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.675
CEST|HandshakeContext.java:290|Ignore unsupported cipher suite:
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 for TLS10
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.676
CEST|HandshakeContext.java:290|Ignore unsupported cipher suite:
TLS_RSA_WITH_AES_128_GCM_SHA256 for TLS10
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.676
CEST|HandshakeContext.java:290|Ignore unsupported cipher suite:
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 for TLS10
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.676
CEST|HandshakeContext.java:290|Ignore unsupported cipher suite:
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 for TLS10
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.676
CEST|HandshakeContext.java:290|Ignore unsupported cipher suite:
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 for TLS10
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.676
CEST|HandshakeContext.java:290|Ignore unsupported cipher suite:
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 for TLS10
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.676
CEST|HandshakeContext.java:290|Ignore unsupported cipher suite:
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLS10
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.677
CEST|HandshakeContext.java:290|Ignore unsupported cipher suite:
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLS10
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.677
CEST|HandshakeContext.java:290|Ignore unsupported cipher suite:
TLS_RSA_WITH_AES_256_CBC_SHA256 for TLS10
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.677
CEST|HandshakeContext.java:290|Ignore unsupported cipher suite:
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLS10
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.677
CEST|HandshakeContext.java:290|Ignore unsupported cipher suite:
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLS10
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.677
CEST|HandshakeContext.java:290|Ignore unsupported cipher suite:
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLS10
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.677
CEST|HandshakeContext.java:290|Ignore unsupported cipher suite:
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLS10
javax.net.ssl|WARNING|01|main|2018-09-17 11:51:54.690
CEST|ServerNameExtension.java:255|Unable to indicate server name
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.690
CEST|SSLExtensions.java:235|Ignore, context unavailable extension:
server_name
javax.net.ssl|WARNING|01|main|2018-09-17 11:51:54.701
CEST|SignatureScheme.java:282|Signature algorithm, ed25519, is not
supported by the underlying providers
javax.net.ssl|WARNING|01|main|2018-09-17 11:51:54.702
CEST|SignatureScheme.java:282|Signature algorithm, ed448, is not
supported by the underlying providers
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.706
CEST|SignatureScheme.java:358|Ignore disabled signature sheme: rsa_md5
javax.net.ssl|INFO|01|main|2018-09-17 11:51:54.706
CEST|AlpnExtension.java:161|No available application protocols
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.706
CEST|SSLExtensions.java:235|Ignore, context unavailable extension:
application_layer_protocol_negotiation
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.707
CEST|SSLExtensions.java:235|Ignore, context unavailable extension:
cookie
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.711
CEST|SSLExtensions.java:235|Ignore, context unavailable extension:
renegotiation_info
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.711
CEST|PreSharedKeyExtension.java:606|No session to resume.
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.711
CEST|SSLExtensions.java:235|Ignore, context unavailable extension:
pre_shared_key
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.714
CEST|ClientHello.java:633|Produced ClientHello handshake message (
"ClientHello": {
"client version" : "TLSv1.2",
"random" : "66 2E BE D3 8A 77 39 06 3B 5A 34 03 7D EE
74 BB 08 D2 19 FD 50 17 2D 84 29 AA FB E0 EE ED 50 69",
"session id" : "0B 03 C8 E2 D2 A5 CD 3A 22 C5 85 17 06 64
A9 30 14 62 C0 AF AB 67 CE 63 50 41 50 7F 6B FD 4C 9F",
"cipher suites" : "[TLS_AES_128_GCM_SHA256(0x1301),
TLS_AES_256_GCM_SHA384(0x1302),
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(0xC02C),
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(0xC02B),
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xC030),
TLS_RSA_WITH_AES_256_GCM_SHA384(0x009D),
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384(0xC02E),
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384(0xC032),
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384(0x009F),
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384(0x00A3),
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xC02F),
TLS_RSA_WITH_AES_128_GCM_SHA256(0x009C),
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256(0xC02D),
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256(0xC031),
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256(0x009E),
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256(0x00A2),
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384(0xC024),
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(0xC028),
TLS_RSA_WITH_AES_256_CBC_SHA256(0x003D),
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384(0xC026),
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384(0xC02A),
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256(0x006B),
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256(0x006A),
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA(0xC00A),
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(0xC014),
TLS_RSA_WITH_AES_256_CBC_SHA(0x0035),
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA(0xC005),
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA(0xC00F),
TLS_DHE_RSA_WITH_AES_256_CBC_SHA(0x0039),
TLS_DHE_DSS_WITH_AES_256_CBC_SHA(0x0038),
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(0xC023),
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(0xC027),
TLS_RSA_WITH_AES_128_CBC_SHA256(0x003C),
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256(0xC025),
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256(0xC029),
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256(0x0067),
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256(0x0040),
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(0xC009),
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(0xC013),
TLS_RSA_WITH_AES_128_CBC_SHA(0x002F),
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA(0xC004),
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA(0xC00E),
TLS_DHE_RSA_WITH_AES_128_CBC_SHA(0x0033),
TLS_DHE_DSS_WITH_AES_128_CBC_SHA(0x0032),
TLS_EMPTY_RENEGOTIATION_INFO_SCSV(0x00FF)]",
"compression methods" : "00",
"extensions" : [
"status_request (5)": {
"certificate status type": ocsp
"OCSP status request": {
"responder_id": <empty>
"request extensions": {
<empty>
}
}
},
"supported_groups (10)": {
"versions": [secp256r1, secp384r1, secp521r1, sect283k1, sect283r1,
sect409k1, sect409r1, sect571k1, sect571r1, secp256k1, ffdhe2048,
ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192]
},
"ec_point_formats (11)": {
"formats": [uncompressed]
},
"signature_algorithms (13)": {
"signature schemes": [ecdsa_secp256r1_sha256,
ecdsa_secp384r1_sha384, ecdsa_secp512r1_sha512, rsa_pss_rsae_sha256,
rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256,
rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256,
rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha224,
rsa_sha224, dsa_sha224, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
},
"signature_algorithms_cert (50)": {
"signature schemes": [ecdsa_secp256r1_sha256,
ecdsa_secp384r1_sha384, ecdsa_secp512r1_sha512, rsa_pss_rsae_sha256,
rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256,
rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256,
rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha224,
rsa_sha224, dsa_sha224, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
},
"status_request_v2 (17)": {
"cert status request": {
"certificate status type": ocsp_multi
"OCSP status request": {
"responder_id": <empty>
"request extensions": {
<empty>
}
}
}
},
"extended_master_secret (23)": {
<empty>
},
"supported_versions (43)": {
"versions": [TLSv1.3, TLSv1.2, TLSv1.1, TLSv1]
},
"psk_key_exchange_modes (45)": {
"ke_modes": [psk_dhe_ke]
},
"key_share (51)": {
"client_shares": [
{
"named group": secp256r1
"key_exchange": {
0000: 04 A3 9F B9 05 27 00 38 C4 D7 61 6C 66 1F 4A 8D
.....'.8..alf.J.
0010: B1 02 6F 0B F6 E1 BD 50 93 52 86 2C D2 3C 8D 1A
..o....P.R.,.<..
0020: 10 A9 CD F0 40 F4 CD 04 25 A1 11 E2 58 23 A3 24
....@...%...X#.$
0030: CA E8 8F 28 F7 2B 65 96 B2 E3 A1 AE 99 24 94 28
...(.+e......$.(
0040: 83
}
},
]
}
]
}
)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.714
CEST|SSLSocketOutputRecord.java:241|WRITE: TLS13 handshake, length = 417
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.719
CEST|SSLSocketOutputRecord.java:255|Raw write (
0000: 16 03 03 01 A1 01 00 01 9D 03 03 66 2E BE D3 8A
...........f....
0010: 77 39 06 3B 5A 34 03 7D EE 74 BB 08 D2 19 FD 50
w9.;Z4...t.....P
0020: 17 2D 84 29 AA FB E0 EE ED 50 69 20 0B 03 C8 E2 .-.).....Pi
....
0030: D2 A5 CD 3A 22 C5 85 17 06 64 A9 30 14 62 C0 AF
...:"....d.0.b..
0040: AB 67 CE 63 50 41 50 7F 6B FD 4C 9F 00 5A 13 01
.g.cPAP.k.L..Z..
0050: 13 02 C0 2C C0 2B C0 30 00 9D C0 2E C0 32 00 9F
...,.+.0.....2..
0060: 00 A3 C0 2F 00 9C C0 2D C0 31 00 9E 00 A2 C0 24
.../...-.1.....$
0070: C0 28 00 3D C0 26 C0 2A 00 6B 00 6A C0 0A C0 14
.(.=.&.*.k.j....
0080: 00 35 C0 05 C0 0F 00 39 00 38 C0 23 C0 27 00 3C
.5.....9.8.#.'.<
0090: C0 25 C0 29 00 67 00 40 C0 09 C0 13 00 2F C0 04
.%.).g.@...../..
00A0: C0 0E 00 33 00 32 00 FF 01 00 00 FA 00 05 00 05
...3.2..........
00B0: 01 00 00 00 00 00 0A 00 20 00 1E 00 17 00 18 00 ........
.......
00C0: 19 00 09 00 0A 00 0B 00 0C 00 0D 00 0E 00 16 01
................
00D0: 00 01 01 01 02 01 03 01 04 00 0B 00 02 01 00 00
................
00E0: 0D 00 28 00 26 04 03 05 03 06 03 08 04 08 05 08
..(.&...........
00F0: 06 08 09 08 0A 08 0B 04 01 05 01 06 01 04 02 03
................
0100: 03 03 01 03 02 02 03 02 01 02 02 00 32 00 28 00
............2.(.
0110: 26 04 03 05 03 06 03 08 04 08 05 08 06 08 09 08
&...............
0120: 0A 08 0B 04 01 05 01 06 01 04 02 03 03 03 01 03
................
0130: 02 02 03 02 01 02 02 00 11 00 09 00 07 02 00 04
................
0140: 00 00 00 00 00 17 00 00 00 2B 00 09 08 03 04 03
.........+......
0150: 03 03 02 03 01 00 2D 00 02 01 01 00 33 00 47 00
......-.....3.G.
0160: 45 00 17 00 41 04 A3 9F B9 05 27 00 38 C4 D7 61
E...A.....'.8..a
0170: 6C 66 1F 4A 8D B1 02 6F 0B F6 E1 BD 50 93 52 86
lf.J...o....P.R.
0180: 2C D2 3C 8D 1A 10 A9 CD F0 40 F4 CD 04 25 A1 11
,.<......@...%..
0190: E2 58 23 A3 24 CA E8 8F 28 F7 2B 65 96 B2 E3 A1
.X#.$...(.+e....
01A0: AE 99 24 94 28 83 ..$.(.
)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.720
CEST|SSLSocketInputRecord.java:458|Raw read (
0000: 16 03 03 00 9B .....
)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.720
CEST|SSLSocketInputRecord.java:213|READ: TLSv1.2 handshake, length = 155
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.721
CEST|SSLSocketInputRecord.java:458|Raw read (
0000: 02 00 00 97 03 03 AB 76 F1 BA F3 B1 F0 DD 53 AC
.......v......S.
0010: 5B 54 E9 E4 2E F8 44 D2 5E B2 59 85 0D 16 79 EE
[T....D.^.Y...y.
0020: A7 66 8A 84 69 2A 20 0B 03 C8 E2 D2 A5 CD 3A 22 .f..i*
.......:"
0030: C5 85 17 06 64 A9 30 14 62 C0 AF AB 67 CE 63 50
....d.0.b...g.cP
0040: 41 50 7F 6B FD 4C 9F 13 01 00 00 4F 00 2B 00 02
AP.k.L.....O.+..
0050: 03 04 00 33 00 45 00 17 00 41 04 18 4A 46 BB 73
...3.E...A..JF.s
0060: F4 6F 5D F0 3C 98 AD 70 7E 13 D6 C0 E5 C0 28 5A
.o].<..p......(Z
0070: D7 42 78 95 68 E0 85 B7 06 CD DB 3C 35 DA AF E8
.Bx.h......<5...
0080: 95 D6 A2 3C 77 CF 7E 8E C8 94 50 BA CD 18 3F DA
...<w.....P...?.
0090: E3 A3 25 E9 F3 C9 A9 7F 4E B6 A9 ..%.....N..
)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.721
CEST|SSLSocketInputRecord.java:249|READ: TLSv1.2 handshake, length = 155
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.722
CEST|ServerHello.java:866|Consuming ServerHello handshake message (
"ServerHello": {
"server version" : "TLSv1.2",
"random" : "AB 76 F1 BA F3 B1 F0 DD 53 AC 5B 54 E9 E4
2E F8 44 D2 5E B2 59 85 0D 16 79 EE A7 66 8A 84 69 2A",
"session id" : "0B 03 C8 E2 D2 A5 CD 3A 22 C5 85 17 06 64
A9 30 14 62 C0 AF AB 67 CE 63 50 41 50 7F 6B FD 4C 9F",
"cipher suite" : "TLS_AES_128_GCM_SHA256(0x1301)",
"compression methods" : "00",
"extensions" : [
"supported_versions (43)": {
"selected version": [TLSv1.3]
},
"key_share (51)": {
"server_share": {
"named group": secp256r1
"key_exchange": {
0000: 04 18 4A 46 BB 73 F4 6F 5D F0 3C 98 AD 70 7E 13
..JF.s.o].<..p..
0010: D6 C0 E5 C0 28 5A D7 42 78 95 68 E0 85 B7 06 CD
....(Z.Bx.h.....
0020: DB 3C 35 DA AF E8 95 D6 A2 3C 77 CF 7E 8E C8 94
.<5......<w.....
0030: 50 BA CD 18 3F DA E3 A3 25 E9 F3 C9 A9 7F 4E B6
P...?...%.....N.
0040: A9
}
},
}
]
}
)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.723
CEST|SSLExtensions.java:167|Consumed extension: supported_versions
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.723
CEST|ServerHello.java:962|Negotiated protocol version: TLSv1.3
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.723
CEST|SSLExtensions.java:138|Ignore unsupported extension: server_name
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.723
CEST|SSLExtensions.java:138|Ignore unsupported extension:
max_fragment_length
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.723
CEST|SSLExtensions.java:138|Ignore unsupported extension: status_request
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.724
CEST|SSLExtensions.java:138|Ignore unsupported extension:
ec_point_formats
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.724
CEST|SSLExtensions.java:138|Ignore unsupported extension:
application_layer_protocol_negotiation
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.724
CEST|SSLExtensions.java:138|Ignore unsupported extension:
status_request_v2
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.724
CEST|SSLExtensions.java:138|Ignore unsupported extension:
extended_master_secret
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.724
CEST|SSLExtensions.java:167|Consumed extension: supported_versions
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.725
CEST|SSLExtensions.java:167|Consumed extension: key_share
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.725
CEST|SSLExtensions.java:138|Ignore unsupported extension:
renegotiation_info
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.725
CEST|PreSharedKeyExtension.java:832|Handling pre_shared_key absence.
javax.net.ssl|ALL|01|main|2018-09-17 11:51:54.725
CEST|SSLSessionImpl.java:203|Session initialized:
Session(1537177914725|TLS_AES_128_GCM_SHA256)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.725
CEST|SSLExtensions.java:182|Ignore unavailable extension: server_name
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.726
CEST|SSLExtensions.java:182|Ignore unavailable extension:
max_fragment_length
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.726
CEST|SSLExtensions.java:182|Ignore unavailable extension: status_request
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.726
CEST|SSLExtensions.java:182|Ignore unavailable extension:
ec_point_formats
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.726
CEST|SSLExtensions.java:182|Ignore unavailable extension:
application_layer_protocol_negotiation
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.726
CEST|SSLExtensions.java:182|Ignore unavailable extension:
status_request_v2
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.726
CEST|SSLExtensions.java:182|Ignore unavailable extension:
extended_master_secret
javax.net.ssl|WARNING|01|main|2018-09-17 11:51:54.726
CEST|SSLExtensions.java:190|Ignore impact of unsupported extension:
supported_versions
javax.net.ssl|WARNING|01|main|2018-09-17 11:51:54.726
CEST|SSLExtensions.java:190|Ignore impact of unsupported extension:
key_share
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.726
CEST|SSLExtensions.java:182|Ignore unavailable extension:
renegotiation_info
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.726
CEST|SSLExtensions.java:182|Ignore unavailable extension: pre_shared_key
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.732
CEST|SSLCipher.java:1824|KeyLimit read side: algorithm =
AES/GCM/NOPADDING:KEYUPDATE
countdown value = 137438953472
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.735
CEST|SSLCipher.java:1978|KeyLimit write side: algorithm =
AES/GCM/NOPADDING:KEYUPDATE
countdown value = 137438953472
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.736
CEST|SSLSocketOutputRecord.java:225|Raw write (
0000: 14 03 03 00 01 01 ......
)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.736
CEST|SSLSocketInputRecord.java:458|Raw read (
0000: 14 03 03 00 01 .....
)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.737
CEST|SSLSocketInputRecord.java:213|READ: TLSv1.2 change_cipher_spec,
length = 1
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.737
CEST|SSLSocketInputRecord.java:458|Raw read (
0000: 01 .
)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.737
CEST|SSLSocketInputRecord.java:249|READ: TLSv1.2 change_cipher_spec,
length = 1
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.737
CEST|ChangeCipherSpec.java:232|Consuming ChangeCipherSpec message
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.737
CEST|SSLSocketInputRecord.java:458|Raw read (
0000: 17 03 03 00 27 ....'
)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.738
CEST|SSLSocketInputRecord.java:213|READ: TLSv1.2 application_data,
length = 39
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.738
CEST|SSLSocketInputRecord.java:458|Raw read (
0000: D5 B7 25 6F AF E9 D6 6F 7C 61 98 90 3F FE BA 9A
..%o...o.a..?...
0010: A8 5B 94 5E 3A 47 38 62 36 90 9A 1D BE BF 87 18
.[.^:G8b6.......
0020: 56 8C E3 AA CE AD AA V......
)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.738
CEST|SSLSocketInputRecord.java:249|READ: TLSv1.2 application_data,
length = 39
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.746
CEST|SSLCipher.java:1915|Plaintext after DECRYPTION (
0000: 08 00 00 12 00 10 00 0A 00 0C 00 0A 00 1D 00 17
................
0010: 00 1E 00 19 00 18 ......
)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.747
CEST|EncryptedExtensions.java:171|Consuming EncryptedExtensions
handshake message (
"EncryptedExtensions": [
"supported_groups (10)": {
"versions": [x25519, secp256r1, x448, secp521r1, secp384r1]
}
]
)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.747
CEST|SSLExtensions.java:148|Ignore unavailable extension: server_name
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.747
CEST|SSLExtensions.java:148|Ignore unavailable extension:
max_fragment_length
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.748
CEST|SSLExtensions.java:167|Consumed extension: supported_groups
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.748
CEST|SSLExtensions.java:182|Ignore unavailable extension: server_name
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.748
CEST|SSLExtensions.java:182|Ignore unavailable extension:
max_fragment_length
javax.net.ssl|WARNING|01|main|2018-09-17 11:51:54.748
CEST|SSLExtensions.java:190|Ignore impact of unsupported extension:
supported_groups
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.748
CEST|SSLExtensions.java:182|Ignore unavailable extension:
application_layer_protocol_negotiation
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.749
CEST|SSLSocketInputRecord.java:458|Raw read (
0000: 17 03 03 00 42 ....B
)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.749
CEST|SSLSocketInputRecord.java:213|READ: TLSv1.2 application_data,
length = 66
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.749
CEST|SSLSocketInputRecord.java:458|Raw read (
0000: 63 F7 54 24 11 6A 91 1F 1F C5 70 9A 26 AD CE 98
c.T$.j....p.&...
0010: D0 A9 7A 84 AF 39 7C A0 AD F6 6B B2 10 88 27 8B
..z..9....k...'.
0020: 79 E0 F4 5A 9F 68 AA F0 56 D3 45 72 7C 7F 22 03
y..Z.h..V.Er..".
0030: 0A 53 F6 24 68 CB 0B E1 3B DD D4 78 B5 AC 1E D7
.S.$h...;..x....
0040: 03 FB ..
)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.749
CEST|SSLSocketInputRecord.java:249|READ: TLSv1.2 application_data,
length = 66
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.750
CEST|SSLCipher.java:1915|Plaintext after DECRYPTION (
0000: 0D 00 00 2D 00 00 2A 00 0D 00 26 00 24 04 03 05
...-..*...&.$...
0010: 03 06 03 08 07 08 08 08 09 08 0A 08 0B 08 04 08
................
0020: 05 08 06 04 01 05 01 06 01 03 03 02 03 03 01 02
................
0030: 01 .
)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.750
CEST|CertificateRequest.java:864|Consuming CertificateRequest
handshake message (
"CertificateRequest": {
"certificate_request_context": "",
"extensions": [
"signature_algorithms (13)": {
"signature schemes": [ecdsa_secp256r1_sha256,
ecdsa_secp384r1_sha384, ecdsa_secp512r1_sha512, ed25519, ed448,
rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512,
rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512,
rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, ecdsa_sha224,
ecdsa_sha1, rsa_sha224, rsa_pkcs1_sha1]
}
]
}
)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.750
CEST|SSLExtensions.java:167|Consumed extension: signature_algorithms
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.750
CEST|SSLExtensions.java:148|Ignore unavailable extension:
signature_algorithms_cert
javax.net.ssl|WARNING|01|main|2018-09-17 11:51:54.751
CEST|SignatureScheme.java:390|Unsupported signature scheme: ed25519
javax.net.ssl|WARNING|01|main|2018-09-17 11:51:54.751
CEST|SignatureScheme.java:390|Unsupported signature scheme: ed448
javax.net.ssl|WARNING|01|main|2018-09-17 11:51:54.751
CEST|SignatureScheme.java:390|Unsupported signature scheme: ecdsa_sha224
javax.net.ssl|WARNING|01|main|2018-09-17 11:51:54.751
CEST|SignatureScheme.java:390|Unsupported signature scheme: rsa_sha224
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.752
CEST|SSLExtensions.java:199|Populated with extension:
signature_algorithms
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.752
CEST|SSLExtensions.java:182|Ignore unavailable extension:
signature_algorithms_cert
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.752
CEST|SSLSocketInputRecord.java:458|Raw read (
0000: 17 03 03 03 20 ....
)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.752
CEST|SSLSocketInputRecord.java:213|READ: TLSv1.2 application_data,
length = 800
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.753
CEST|SSLSocketInputRecord.java:458|Raw read (
0000: FE BB B2 07 BA CE A6 32 AA 58 66 2F 6D 87 16 75
.......2.Xf/m..u
0010: CF 71 13 53 FB 45 AE DC 84 F4 AA 33 08 08 DF B5
.q.S.E.....3....
0020: 97 C5 79 40 4A 28 F4 9D 0F 5A 86 4E C4 5F C7 2E
..y@J(...Z.N._..
0030: AA AA 42 F7 8A FF 6B C1 28 75 9B A3 25 F0 23 81
..B...k.(u..%.#.
0040: 74 BB 9A EA A8 8D 89 BE E9 80 AE 31 C3 3A FC 35
t..........1.:.5
0050: E6 CA C5 77 BF C7 0E ED 64 26 DB 4E C3 3D F5 AD
...w....d&.N.=..
0060: 5E EB A8 37 AA 81 EF 39 24 84 C9 C4 C7 A2 D7 DB
^..7...9$.......
0070: 7F 82 01 7A 02 E7 23 A3 6E C9 68 B8 E5 C3 9F 53
...z..#.n.h....S
0080: 16 6E EF B0 54 D2 67 4C FF 22 E6 78 B1 A0 DB BE
.n..T.gL.".x....
0090: 97 23 FC C8 D8 92 86 3D C6 6B E4 C1 AC EF B8 46
.#.....=.k.....F
00A0: 75 3C 00 08 8B 34 5F 59 05 49 25 97 BE A8 61 8E
u<...4_Y.I%...a.
00B0: B0 5F 25 91 7A FE 79 53 7A C1 A7 E7 70 7B A5 53
._%.z.ySz...p..S
00C0: 5A 63 8B 8E B9 92 2D B3 80 DC AA 75 BE 0F 47 F3
Zc....-....u..G.
00D0: E8 D9 0D 7D D9 C3 B6 00 AD 2A 43 CC 66 87 88 AF
.........*C.f...
00E0: 35 87 74 2F 87 2F 3C A6 FB 12 1A 9C 46 62 1C DC
5.t/./<.....Fb..
00F0: 4E 4E DC 16 70 7E 08 74 FB F7 E6 5F 4D D9 20 F9
NN..p..t..._M. .
0100: CA F3 91 45 D6 1A B3 BA FA 4E BD A4 74 9E 4C 78
...E.....N..t.Lx
0110: 03 18 2C 70 35 42 68 F3 9A 1D 24 3F A7 27 DF 29
..,p5Bh...$?.'.)
0120: D5 58 7C CB 19 2F D1 DF 8A 6D B2 85 52 B5 78 19
.X.../...m..R.x.
0130: EA 5C E2 7A 23 42 9E D7 A3 DC D0 DE D8 33 47 2B
.\.z#B.......3G+
0140: 0C D8 6E 77 25 DB E6 12 B0 7A AD A5 C9 96 AC A9
..nw%....z......
0150: 1D CD 73 39 AC 6A 9F E2 0A F7 17 F1 F0 FF 75 9C
..s9.j........u.
0160: B2 05 9E 7A F4 18 4F FC 9D 42 69 4C E0 3E A1 21
...z..O..BiL.>.!
0170: DA 1F 71 07 59 C6 A2 F9 0B 4F C0 CD A4 85 A8 DB
..q.Y....O......
0180: 77 F6 87 5E 09 16 49 5C 2C B8 C0 7B 39 81 65 FD
w..^..I\,...9.e.
0190: 29 52 E2 C7 F5 C7 AD BC F6 A9 F9 6D D2 E9 A4 14
)R.........m....
01A0: C9 D3 79 2E D2 BA 10 4C BD 44 65 2B A8 7E F1 3A
..y....L.De+...:
01B0: F3 F6 11 53 38 17 10 12 B4 CD C5 AD 72 3B 84 A2
...S8.......r;..
01C0: 1B F9 D7 BF 34 00 5A FE F4 CE 09 0C EA F2 27 9A
....4.Z.......'.
01D0: BD DD 93 37 E2 DF 60 CC 8A F7 C6 4B 08 30 0D 78
...7..`....K.0.x
01E0: 5C EB 49 34 DB 8B EB 55 33 0C 82 03 07 FD 3D FC
\.I4...U3.....=.
01F0: 49 11 88 1C F6 67 7F 0B 48 AA EC 1B AF 04 46 CF
I....g..H.....F.
0200: 09 C5 8E B3 F8 92 C4 56 3D 8F 0E 1D 9F D3 0C FE
.......V=.......
0210: 94 23 15 53 8E 1F 5E C4 FA 44 03 3B 1B B0 0A 2D
.#.S..^..D.;...-
0220: 71 D4 B5 AC 1F 52 D7 25 9F A0 C8 4B 9B 32 B8 22
q....R.%...K.2."
0230: 3F AF B3 19 16 8C 2A 5C B4 89 BF 82 DC 4D AF 22
?.....*\.....M."
0240: 2A 33 73 90 F3 C8 FF 2E C1 B3 83 D2 7A 29 4E 15
*3s.........z)N.
0250: 5D 87 86 F6 94 EA B0 B4 A4 41 B9 C5 BA 89 B8 E9
]........A......
0260: 26 E7 96 BC 4D 8A FD 86 C7 C9 2A 96 75 C3 07 EF
&...M.....*.u...
0270: 5C 5A 4E 91 71 7D 1B A2 12 88 C5 D0 D2 5E 79 E1
\ZN.q........^y.
0280: 6C 65 35 5E 6C CC 56 47 FD F3 96 78 7A A0 08 7E
le5^l.VG...xz...
0290: DB 3C CC 10 76 15 37 46 48 6B 2D 23 7B A3 44 5A
.<..v.7FHk-#..DZ
02A0: A4 46 B3 CE E2 15 BA 4C D2 93 16 57 1F BA 75 72
.F.....L...W..ur
02B0: BF 8C 66 50 F2 A4 F6 05 84 E5 47 12 30 BE 34 70
..fP......G.0.4p
02C0: 4D 0F BD FE 54 E8 B1 CE B5 7F 6E 97 38 09 29 1F
M...T.....n.8.).
02D0: 41 2D 2E 9E 75 D8 77 0C 08 DB 5C B4 EE 3F FE E2
A-..u.w...\..?..
02E0: DC CF D0 ED C8 02 50 C4 EE B3 1D 8A 9E 9B EE 5E
......P........^
02F0: 14 BA C2 5A B0 83 8E 5C E5 7B 69 2B 69 8C F1 AA
...Z...\..i+i...
0300: 2D D5 D1 3D 9D 42 1B B2 50 5D BE 7E E4 11 D2 90
-..=.B..P]......
0310: 0B 54 71 7F D6 13 88 E2 FE 37 9F 70 B5 0B 57 79
.Tq......7.p..Wy
)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.753
CEST|SSLSocketInputRecord.java:249|READ: TLSv1.2 application_data,
length = 800
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.755
CEST|SSLCipher.java:1915|Plaintext after DECRYPTION (
0000: 0B 00 03 0B 00 00 03 07 00 03 02 30 82 02 FE 30
...........0...0
0010: 82 01 E6 A0 03 02 01 02 02 08 20 C3 8D C4 49 66 ..........
...If
0020: D0 02 30 0D 06 09 2A 86 48 86 F7 0D 01 01 0B 05
..0...*.H.......
0030: 00 30 3E 31 3C 30 3A 06 03 55 04 03 0C 33 65 38
.0>1<0:..U...3e8
0040: 61 63 30 32 66 61 30 64 36 35 61 38 34 32 31 39
ac02fa0d65a84219
0050: 30 31 36 30 34 35 64 62 38 62 30 35 63 34 38 35
016045db8b05c485
0060: 62 34 65 63 64 66 2E 6E 65 74 74 79 2E 74 65 73
b4ecdf.netty.tes
0070: 74 30 20 17 0D 31 33 30 38 30 32 30 37 35 31 33 t0
..13080207513
0080: 36 5A 18 0F 39 39 39 39 31 32 33 31 32 33 35 39
6Z..999912312359
0090: 35 39 5A 30 3E 31 3C 30 3A 06 03 55 04 03 0C 33
59Z0>1<0:..U...3
00A0: 65 38 61 63 30 32 66 61 30 64 36 35 61 38 34 32
e8ac02fa0d65a842
00B0: 31 39 30 31 36 30 34 35 64 62 38 62 30 35 63 34
19016045db8b05c4
00C0: 38 35 62 34 65 63 64 66 2E 6E 65 74 74 79 2E 74
85b4ecdf.netty.t
00D0: 65 73 74 30 82 01 22 30 0D 06 09 2A 86 48 86 F7
est0.."0...*.H..
00E0: 0D 01 01 01 05 00 03 82 01 0F 00 30 82 01 0A 02
...........0....
00F0: 82 01 01 00 DB F8 70 4E DC 2D 14 44 12 AF 0D 48
......pN.-.D...H
0100: 09 1D B8 48 94 1C 9E F1 7F DC 6C D1 F7 94 3A B7
...H......l...:.
0110: 5C E3 85 07 3E CB E1 76 4A 2C 32 17 4B E1 5E 42
\...>..vJ,2.K.^B
0120: A4 80 50 CA 36 A2 D9 94 F9 59 23 D0 AA 2B B2 13
..P.6....Y#..+..
0130: 23 6D 45 DF 13 52 A4 4E 28 D3 30 99 5A 81 AD 8C
#mE..R.N(.0.Z...
0140: DB 15 55 B7 6D 5F 44 89 09 35 66 C8 2F 47 56 14
..U.m_D..5f./GV.
0150: B5 B2 46 AE CE 5D DC A0 C8 59 08 89 6F 5B DB F2
..F..]...Y..o[..
0160: D8 69 E3 C1 80 44 F6 DA 46 ED 1D 20 80 12 3F 81 .i...D..F..
..?.
0170: 95 27 F6 EB 9F B5 AC DC 72 01 70 46 18 67 1C 08
.'......r.pF.g..
0180: AC C4 6D CA 80 48 12 87 3A 05 69 EA 92 EA 95 00
..m..H..:.i.....
0190: 1F B9 2C BA 83 F3 B3 1B 37 1E B3 7C D7 46 B1 AE
..,.....7....F..
01A0: D4 DD E9 04 8C C0 23 00 96 E3 6F 67 E7 66 65 61
......#...og.fea
01B0: F6 11 D2 7A FE 44 42 83 9D 1A CF 20 80 EC 58 04 ...z.DB....
..X.
01C0: A6 10 78 41 7B 34 C3 FA FD 2A 08 94 72 2F 3D AE
..xA.4...*..r/=.
01D0: B0 58 16 63 EE DA 81 42 44 DB 21 C7 23 69 93 BB
.X.c...BD.!.#i..
01E0: 64 40 16 78 01 8A 52 57 94 C0 AD 57 04 F4 C4 6B
d...@.x..rw...W...k
01F0: 90 C6 46 C7 02 03 01 00 01 30 0D 06 09 2A 86 48
..F......0...*.H
0200: 86 F7 0D 01 01 0B 05 00 03 82 01 01 00 4B FC 37
.............K.7
0210: B5 E6 F2 A6 98 D8 58 2B 39 CE 8F 6B 51 93 80 0F
......X+9..kQ...
0220: 80 39 BD DA 53 7D D3 1B 00 11 F3 A7 FE 9C B7 FA
.9..S...........
0230: 05 23 DA A2 17 10 7C E7 89 89 DE C5 90 5B 98 22
.#...........[."
0240: 7B 97 97 EA 2A B3 E4 6A 33 F8 FC 47 41 39 06 E1
....*..j3..GA9..
0250: 98 63 6C 0E 2A 92 FF 3D B1 62 D7 27 FF 2B 2B DF
.cl.*..=.b.'.++.
0260: B7 B2 95 87 C7 B5 21 45 1E 73 F8 B5 0D D6 13 0C
......!E.s......
0270: 1D 25 35 6B D7 5F 18 DF 30 A1 8B 72 DD C6 31 B1
.%5k._..0..r..1.
0280: 07 2A F2 DF 1F 1E 36 23 0C FF F9 FB DA E8 B5 2B
.*....6#.......+
0290: 3B 8B B6 4C 37 EF D3 27 07 B9 1E D4 64 4B 82 D4
;..L7..'....dK..
02A0: 32 78 C6 D1 61 6E 9A BF 41 10 23 0B 27 CD C7 77
2x..an..A.#.'..w
02B0: 03 73 B2 F6 12 D2 56 9C 29 A2 BD 31 40 F6 5F 0C
.s....V.)..1@._.
02C0: 17 56 4F 30 34 95 77 87 9C 43 B0 74 C5 92 05 43
.VO04.w..C.t...C
02D0: 97 12 48 5B 7B 58 66 89 0A C1 8C CD 89 14 E0 5A
..H[.Xf........Z
02E0: 78 23 29 10 71 6C 5D 94 D5 FB C0 96 51 C1 0D 93
x#).ql].....Q...
02F0: 64 91 45 82 5A 53 88 56 5D 7A AE 88 E8 07 7D 02
d.E.ZS.V]z......
0300: 7D 44 9D CA 73 E5 6F 14 27 8B 6F 86 6C 00 00 .D..s.o.'.o.l..
)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.756
CEST|CertificateMessage.java:1148|Consuming server Certificate
handshake message (
"Certificate": {
"certificate_request_context": "",
"certificate_list": [
{
"certificate" : {
"version" : "v3",
"serial number" : "20 C3 8D C4 49 66 D0 02",
"signature algorithm": "SHA256withRSA",
"issuer" :
"CN=e8ac02fa0d65a84219016045db8b05c485b4ecdf.netty.test",
"not before" : "2013-08-02 09:51:36.000 CEST",
"not after" : "10000-01-01 24:59:59.000 CET",
"subject" :
"CN=e8ac02fa0d65a84219016045db8b05c485b4ecdf.netty.test",
"subject public key" : "RSA"}
"extensions": {
<no extension>
}
},
]
}
)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.756
CEST|SSLExtensions.java:148|Ignore unavailable extension: status_request
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.757
CEST|SSLSocketInputRecord.java:458|Raw read (
0000: 17 03 03 01 19 .....
)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.757
CEST|SSLSocketInputRecord.java:213|READ: TLSv1.2 application_data,
length = 281
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.757
CEST|SSLSocketInputRecord.java:458|Raw read (
0000: DE 53 C0 74 78 C3 82 0D E8 46 C0 0A F4 56 6E 6B
.S.tx....F...Vnk
0010: B5 39 77 41 20 21 BA 07 99 2B BF 8D 0A 41 C9 B8 .9wA
!...+...A..
0020: BC 0F C1 8E C5 76 36 F0 7A B6 9A F8 38 4D 4D 4D
.....v6.z...8MMM
0030: 70 33 BE 8F 8C ED BE BC 60 49 B8 41 65 E9 04 D9
p3......`I.Ae...
0040: 45 43 AA 41 6D F7 67 7B 03 6D FF E0 4D 76 53 CE
EC.Am.g..m..MvS.
0050: C1 73 3E 1C CD 87 40 B7 25 56 54 0C 3E CA D7 1D
.s>...@.%VT.>...
0060: 45 80 41 E8 36 B7 FC 57 38 BB 21 EB E7 EA 19 A1
E.A.6..W8.!.....
0070: 39 25 B0 44 8B FD 30 87 86 7A 47 03 C1 02 AC FD
9%.D..0..zG.....
0080: 67 89 4B 27 34 04 20 AE 91 65 7C 8C 4A 58 C5 77 g.K'4.
..e..JX.w
0090: 46 2E DD A8 23 CA 5C 28 49 25 23 3D 8A 93 B9 10
F...#.\(I%#=....
00A0: 24 0D DE DC 98 AC AA B0 CB 51 80 D7 F8 E7 20 23
$........Q.... #
00B0: 41 64 A6 44 93 A7 E1 A7 91 62 4F 3A 73 F6 24 04
Ad.D.....bO:s.$.
00C0: C3 E8 25 65 37 D9 1B 7A 65 AE DE C6 29 67 2E C1
..%e7..ze...)g..
00D0: F7 4C 5C 18 D7 14 98 90 ED 9D AD F5 98 A7 FD 93
.L\.............
00E0: 53 F4 B5 90 C9 CB FD 54 8E 5F 53 23 E3 73 94 BD
S......T._S#.s..
00F0: A4 07 B7 E3 C7 83 7B 17 CF 51 4A 9E 9C 05 3C 51
.........QJ...<Q
0100: 4D C7 A1 7A D6 4D A6 58 E5 3A D4 12 B9 B9 46 9C
M..z.M.X.:....F.
0110: AB 1D C5 6B F9 6A 85 CB E2 ...k.j...
)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.758
CEST|SSLSocketInputRecord.java:249|READ: TLSv1.2 application_data,
length = 281
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.758
CEST|SSLCipher.java:1915|Plaintext after DECRYPTION (
0000: 0F 00 01 04 08 04 01 00 30 11 28 CE 64 4E 08 BA
........0.(.dN..
0010: A1 BE 46 D9 3D 14 29 1A EB 5A B0 1A 09 B7 11 A5
..F.=.)..Z......
0020: 9A F4 22 17 87 5F 87 D5 63 04 8E 27 EC 3A F8 52
..".._..c..'.:.R
0030: 36 F4 2F CF 47 D2 5C CE 0A F0 29 EF 63 03 B1 64
6./.G.\...).c..d
0040: B8 45 6E 39 71 E3 BD 25 95 31 25 85 4C FB C6 AD
.En9q..%.1%.L...
0050: C8 43 96 4E FA AD B9 98 17 43 61 FB 9B 87 CE 94
.C.N.....Ca.....
0060: CF 74 6F 3B AA 6A C8 80 8F C7 C8 05 E4 EF 42 6C
.to;.j........Bl
0070: D4 01 9E 25 5E 34 E8 2D 93 BD BB 05 49 2F 9D B6
...%^4.-....I/..
0080: F6 91 2F D1 E5 CB 1B 9E F6 DB 18 32 1D F5 66 A0
../........2..f.
0090: 63 5D 25 01 B6 F6 1B 41 07 3E 90 61 37 49 38 17
c]%....A.>.a7I8.
00A0: B0 15 C9 AD 0C 7A 05 8D B4 48 BB 03 2D DE 5E 49
.....z...H..-.^I
00B0: 99 8B 74 53 5F 73 9B 18 FD 95 2A C3 F9 A3 8B 59
..tS_s....*....Y
00C0: 1A ED 2C 55 C2 22 10 1E 7A FC 38 0A 99 FC 30 89
..,U."..z.8...0.
00D0: 03 89 1C CD A7 DE E5 35 FD E9 E0 05 96 09 AF DD
.......5........
00E0: 51 A3 7F C7 16 C5 96 8D CA CC 53 50 DC C5 C6 BA
Q.........SP....
00F0: D6 05 28 18 BA 99 F8 0F 7F 24 9F D5 6B 93 DE BC
..(......$..k...
0100: EB 23 85 D9 D3 41 56 44 .#...AVD
)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.762
CEST|CertificateVerify.java:1128|Consuming CertificateVerify
handshake message (
"CertificateVerify": {
"signature algorithm": rsa_pss_rsae_sha256
"signature": {
0000: 30 11 28 CE 64 4E 08 BA A1 BE 46 D9 3D 14 29 1A
0.(.dN....F.=.).
0010: EB 5A B0 1A 09 B7 11 A5 9A F4 22 17 87 5F 87 D5
.Z........".._..
0020: 63 04 8E 27 EC 3A F8 52 36 F4 2F CF 47 D2 5C CE
c..'.:.R6./.G.\.
0030: 0A F0 29 EF 63 03 B1 64 B8 45 6E 39 71 E3 BD 25
..).c..d.En9q..%
0040: 95 31 25 85 4C FB C6 AD C8 43 96 4E FA AD B9 98
.1%.L....C.N....
0050: 17 43 61 FB 9B 87 CE 94 CF 74 6F 3B AA 6A C8 80
.Ca......to;.j..
0060: 8F C7 C8 05 E4 EF 42 6C D4 01 9E 25 5E 34 E8 2D
......Bl...%^4.-
0070: 93 BD BB 05 49 2F 9D B6 F6 91 2F D1 E5 CB 1B 9E
....I/..../.....
0080: F6 DB 18 32 1D F5 66 A0 63 5D 25 01 B6 F6 1B 41
...2..f.c]%....A
0090: 07 3E 90 61 37 49 38 17 B0 15 C9 AD 0C 7A 05 8D
.>.a7I8......z..
00A0: B4 48 BB 03 2D DE 5E 49 99 8B 74 53 5F 73 9B 18
.H..-.^I..tS_s..
00B0: FD 95 2A C3 F9 A3 8B 59 1A ED 2C 55 C2 22 10 1E
..*....Y..,U."..
00C0: 7A FC 38 0A 99 FC 30 89 03 89 1C CD A7 DE E5 35
z.8...0........5
00D0: FD E9 E0 05 96 09 AF DD 51 A3 7F C7 16 C5 96 8D
........Q.......
00E0: CA CC 53 50 DC C5 C6 BA D6 05 28 18 BA 99 F8 0F
..SP......(.....
00F0: 7F 24 9F D5 6B 93 DE BC EB 23 85 D9 D3 41 56 44
.$..k....#...AVD
}
}
)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.762
CEST|SSLSocketInputRecord.java:458|Raw read (
0000: 17 03 03 00 35 ....5
)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.762
CEST|SSLSocketInputRecord.java:213|READ: TLSv1.2 application_data,
length = 53
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.763
CEST|SSLSocketInputRecord.java:458|Raw read (
0000: F6 A7 CD EA 89 34 B2 DB C4 28 91 18 C9 03 98 B6
.....4...(......
0010: DF 49 4E F5 2E 23 32 90 F8 13 C7 AE 18 E3 E5 64
.IN..#2........d
0020: D9 E4 A5 B0 5C F0 4A 3E AF EC 28 8D 09 78 AB EE
....\.J>..(..x..
0030: 38 1B 9E 45 04 8..E.
)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.763
CEST|SSLSocketInputRecord.java:249|READ: TLSv1.2 application_data,
length = 53
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.763
CEST|SSLCipher.java:1915|Plaintext after DECRYPTION (
0000: 14 00 00 20 F2 93 6B 71 2B FA F3 1B BF 68 98 D1 ...
..kq+....h..
0010: AA 5E B0 AF 5D 3B A6 B5 8F 79 BA 64 E8 A1 34 5F
.^..];...y.d..4_
0020: D4 2B ED 8C .+..
)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.764
CEST|Finished.java:860|Consuming server Finished handshake message (
"Finished": {
"verify data": {
0000: F2 93 6B 71 2B FA F3 1B BF 68 98 D1 AA 5E B0 AF
..kq+....h...^..
0010: 5D 3B A6 B5 8F 79 BA 64 E8 A1 34 5F D4 2B ED 8C
];...y.d..4_.+..
}'}
)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.765
CEST|SSLCipher.java:1824|KeyLimit read side: algorithm =
AES/GCM/NOPADDING:KEYUPDATE
countdown value = 137438953472
javax.net.ssl|WARNING|01|main|2018-09-17 11:51:54.765
CEST|CertificateMessage.java:1015|No signature_algorithms(_cert) in
ClientHello
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.766
CEST|CertificateMessage.java:1081|No available client authentication
scheme
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.766
CEST|CertificateMessage.java:1116|Produced client Certificate message (
"Certificate": {
"certificate_request_context": "",
"certificate_list": [
]
}
)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.766
CEST|SSLSocketOutputRecord.java:241|WRITE: TLS13 handshake, length = 8
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.766
CEST|SSLCipher.java:2020|Plaintext before ENCRYPTION (
0000: 0B 00 00 04 00 00 00 00 16 00 00 00 00 00 00 00
................
0010: 00 00 00 00 00 00 00 00 00 .........
)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.767
CEST|SSLSocketOutputRecord.java:255|Raw write (
0000: 17 03 03 00 29 E5 32 E4 5B 13 E7 D4 A1 78 FE 38
....).2.[....x.8
0010: 26 22 CB C1 04 88 3A 3A 2D D4 A1 31 5A 78 65 50
&"....::-..1ZxeP
0020: 51 45 67 FA 9F 55 35 E1 49 C5 3B 3B 91 B1 QEg..U5.I.;;..
)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.767
CEST|CertificateVerify.java:1059|No X.509 credentials negotiated for
CertificateVerify
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.768
CEST|Finished.java:658|Produced client Finished handshake message (
"Finished": {
"verify data": {
0000: D8 47 0B A0 DF BB BF 49 E4 55 B9 D3 FB 3D B0 DD
.G.....I.U...=..
0010: 57 1E 08 28 20 7E E1 0B E3 EB 12 10 09 76 D1 8F W..(
........v..
}'}
)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.768
CEST|SSLSocketOutputRecord.java:241|WRITE: TLS13 handshake, length = 36
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.769
CEST|SSLCipher.java:2020|Plaintext before ENCRYPTION (
0000: 14 00 00 20 D8 47 0B A0 DF BB BF 49 E4 55 B9 D3 ...
.G.....I.U..
0010: FB 3D B0 DD 57 1E 08 28 20 7E E1 0B E3 EB 12 10 .=..W..(
.......
0020: 09 76 D1 8F 16 00 00 00 00 00 00 00 00 00 00 00
.v..............
0030: 00 00 00 00 00 .....
)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.769
CEST|SSLSocketOutputRecord.java:255|Raw write (
0000: 17 03 03 00 45 0F 4D 84 52 28 59 96 92 52 D1 AB
....E.M.R(Y..R..
0010: DB 86 64 25 31 FF 9D 8E D7 84 63 B5 03 E2 9E 06
..d%1.....c.....
0020: 3C 8C C2 22 F3 7A EE 55 AD 8C F5 5C F6 04 9A E2
<..".z.U...\....
0030: 6D BA E4 C4 9F 97 C3 DA BC D3 CB 8C 2C 9E BF FD
m...........,...
0040: A3 9F C1 A2 79 51 75 B7 AE B6 ....yQu...
)
javax.net.ssl|DEBUG|01|main|2018-09-17 11:51:54.770
CEST|SSLCipher.java:1978|KeyLimit write side: algorithm =
AES/GCM/NOPADDING:KEYUPDATE
countdown value = 137438953472
javax.net.ssl|DEBUG|0C|Thread-0|2018-09-17 11:51:54.772
CEST|SSLSocketInputRecord.java:458|Raw read (
0000: 17 03 03 00 13 .....
)
javax.net.ssl|DEBUG|0C|Thread-0|2018-09-17 11:51:54.772
CEST|SSLSocketInputRecord.java:213|READ: TLSv1.2 application_data,
length = 19
javax.net.ssl|DEBUG|0C|Thread-0|2018-09-17 11:51:54.772
CEST|SSLSocketInputRecord.java:458|Raw read (
0000: 4F 0D C7 65 8B 24 B4 92 A2 26 31 8C 81 AF 8F F7
O..e.$...&1.....
0010: AC C3 B3 ...
)
javax.net.ssl|DEBUG|0C|Thread-0|2018-09-17 11:51:54.772
CEST|SSLSocketInputRecord.java:249|READ: TLSv1.2 application_data,
length = 19
javax.net.ssl|DEBUG|0C|Thread-0|2018-09-17 11:51:54.773
CEST|SSLCipher.java:1915|Plaintext after DECRYPTION (
0000: 02 74 .t
)
javax.net.ssl|DEBUG|0C|Thread-0|2018-09-17 11:51:54.774
CEST|Alert.java:232|Received alert message (
"Alert": {
"level" : "fatal",
"description": "certificate_required"
}
)
javax.net.ssl|ERROR|0C|Thread-0|2018-09-17 11:51:54.774
CEST|TransportContext.java:313|Fatal (CERTIFICATE_REQUIRED):
Received fatal alert: certificate_required (
"throwable" : {
javax.net.ssl.SSLHandshakeException: Received fatal alert:
certificate_required
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:128)
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
at
java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:308)
at
java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:279)
at
java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:181)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)
at
java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1155)
at
java.base/sun.security.ssl.SSLSocketImpl.readApplicationRecord(SSLSocketImpl.java:1125)
at
java.base/sun.security.ssl.SSLSocketImpl$AppInputStream.read(SSLSocketImpl.java:823)
at
java.base/sun.security.ssl.SSLSocketImpl$AppInputStream.read(SSLSocketImpl.java:758)
at ReproducerClient$1.run(ReproducerClient.java:33)
at java.base/java.lang.Thread.run(Thread.java:834)}
)
javax.net.ssl|ALL|0C|Thread-0|2018-09-17 11:51:54.775
CEST|SSLSessionImpl.java:753|Invalidated session:
Session(1537177914725|TLS_AES_128_GCM_SHA256)
javax.net.ssl|DEBUG|0C|Thread-0|2018-09-17 11:51:54.776
CEST|SSLSocketImpl.java:1361|close the underlying socket
javax.net.ssl|DEBUG|0C|Thread-0|2018-09-17 11:51:54.776
CEST|SSLSocketImpl.java:1380|close the SSL connection (initiative)
javax.net.ssl|WARNING|0C|Thread-0|2018-09-17 11:51:54.777
CEST|SSLSocketImpl.java:1289|handling exception (
"throwable" : {
javax.net.ssl.SSLHandshakeException: Received fatal alert:
certificate_required
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:128)
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
at
java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:308)
at
java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:279)
at
java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:181)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)
at
java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1155)
at
java.base/sun.security.ssl.SSLSocketImpl.readApplicationRecord(SSLSocketImpl.java:1125)
at
java.base/sun.security.ssl.SSLSocketImpl$AppInputStream.read(SSLSocketImpl.java:823)
at
java.base/sun.security.ssl.SSLSocketImpl$AppInputStream.read(SSLSocketImpl.java:758)
at ReproducerClient$1.run(ReproducerClient.java:33)
at java.base/java.lang.Thread.run(Thread.java:834)}
)
Bye
Norman
On 16. Sep 2018, at 15:54, Norman Maurer
<norman.mau...@googlemail.com
<mailto:norman.mau...@googlemail.com><mailto:norman.mau...@googlemail.com>>
wrote:
Will do, but not before tomorrow (I will also share the client
side code). That said there is nothing special about the keymanager.
Like I said before it sends the cert when using „want client with“,
it just seems it may be too late.
Bye
Norman
Am 15.09.2018 um 08:26 schrieb Bradford Wetmore
<bradford.wetm...@oracle.com
<mailto:bradford.wetm...@oracle.com><mailto:bradford.wetm...@oracle.com>>:
It would greatly help if you can provide the client side debug
output so we can see what's going on locally:
-Djavax.net.debug=all or System.setProperty(....)
Please also let us know if you are using a custom client
keymanager. It's possible that it isn't properly selecting an
entity to use, in which case an empty message will be sent.
Brad
On 9/14/2018 11:18 PM, Norman Maurer wrote:
Ok will try to find time today.
Am 15.09.2018 um 08:08 schrieb Xuelei Fan <xuelei....@oracle.com
<mailto:xuelei....@oracle.com><mailto:xuelei....@oracle.com>>:
Hi Norman,
I have not had a chance to look into the details. But sure, it
helps a lot if you can provide a java client to reproduce the issue.
Thanks,
Xuelei
On 9/14/2018 10:29 PM, Norman Maurer wrote:
Is there any more details you need ?
Just wondering. If you say so I can also provide a pure jdk
client (without the Netty wrapper) that shows the problem when
used with OpenSSL on the server in the next days.
Bye
Norman
Am 13.09.2018 um 21:07 schrieb Norman Maurer
<norman.mau...@googlemail.com
<mailto:norman.mau...@googlemail.com><mailto:norman.mau...@googlemail.com>>:
Hi all,
I am currently in the process of adding TLS 1.3 support into
netty-tcnative[1] which uses JNI to make use of OpenSSL for
it. During this work I noticed that I received test-failures
when mutual auth is used and the JDK implementation is used on
the client side. When using the JDK implementation on the
server and client side all works as expected. Also if I use
another protocol (like TLSv1.2) all works as expected.
The problem I am observing is that the client seems to sent
the certificate “too late” and so the server (which uses
openssl) will report and error that the client did not provide
an certificate (even when it was required).
To reproduce this you can use openssl s_server like this and
just create your usual SSLSocket with a KeyManagerFactory
configured.
./bin/openssl s_server -tls1_3 -cert
~/Documents/workspace/netty/handler/src/test/resources/io/netty/handler/ssl/test.crt
-key
~/Documents/workspace/netty/handler/src/test/resources/io/netty/handler/ssl/test_unencrypted.pem
-4 -accept localhost:8443 -state -debug -Verify 1
When now try to connect to it via the JDK TLS1.3
implementation I see the following output:
SSL_accept:before SSL initialization
read from 0x7fe400f050c0 [0x7fe40300f603] (5 bytes => 5 (0x5))
0000 - 16 03 03 01 60 ....`
read from 0x7fe400f050c0 [0x7fe40300f608] (352 bytes => 352
(0x160))
0000 - 01 00 01 5c 03 03 22 da-02 d7 86 40 6e 7d c5 a7
...\.."....@n}..
0010 - ea 34 47 a4 fa d0 bb 92-f5 62 ec f6 21 e5 ec da
.4G......b..!...
0020 - d6 6b 75 aa b9 34 20 b7-57 a6 83 7b c8 bc a2 0f
.ku..4 .W..{....
0030 - 52 82 11 6f a3 1a 84 c5-4b fd e0 80 58 3c 2a bf
R..o....K...X<*.
0040 - af 54 32 4c 7d 4f fe 00-14 c0 2c c0 2b c0 2f c0
.T2L}O....,.+./.
0050 - 13 c0 14 00 9c 00 2f 00-35 13 01 13 02 01 00 00
....../.5.......
0060 - ff 00 05 00 05 01 00 00-00 00 00 0a 00 20 00 1e
............. ..
0070 - 00 17 00 18 00 19 00 09-00 0a 00 0b 00 0c 00 0d
................
0080 - 00 0e 00 16 01 00 01 01-01 02 01 03 01 04 00 0b
................
0090 - 00 02 01 00 00 0d 00 28-00 26 04 03 05 03 06 03
.......(.&......
00a0 - 08 04 08 05 08 06 08 09-08 0a 08 0b 04 01 05 01
................
00b0 - 06 01 04 02 03 03 03 01-03 02 02 03 02 01 02 02
................
00c0 - 00 32 00 28 00 26 04 03-05 03 06 03 08 04 08 05
.2.(.&..........
00d0 - 08 06 08 09 08 0a 08 0b-04 01 05 01 06 01 04 02
................
00e0 - 03 03 03 01 03 02 02 03-02 01 02 02 00 11 00 09
................
00f0 - 00 07 02 00 04 00 00 00-00 00 17 00 00 00 2b 00
..............+.
0100 - 09 08 03 04 03 03 03 02-03 01 00 2d 00 02 01 01
...........-....
0110 - 00 33 00 47 00 45 00 17-00 41 04 4e da b3 f2 63
.3.G.E...A.N...c
0120 - ee 6e bf e3 af 73 be c9-92 c5 ec 70 ff c7 64 b8
.n...s.....p..d.
0130 - 8a 9a cc fd f9 d6 36 ef-ce e0 dc 81 01 2f 87 57
......6....../.W
0140 - 56 f0 e4 2d 8b c8 73 14-eb 5f 21 0a 5e 94 46 ba
V..-..s.._!.^.F.
0150 - de d1 33 57 4c b5 b3 66-c9 26 fb ff 01 00 01 00
..3WL..f.&......
SSL_accept:before SSL initialization
SSL_accept:SSLv3/TLS read client hello
SSL_accept:SSLv3/TLS write server hello
SSL_accept:SSLv3/TLS write change cipher spec
SSL_accept:TLSv1.3 write encrypted extensions
SSL_accept:SSLv3/TLS write certificate request
SSL_accept:SSLv3/TLS write certificate
SSL_accept:TLSv1.3 write server certificate verify
write to 0x7fe400f050c0 [0x7fe403018a00] (1430 bytes => 1430
(0x596))
0000 - 16 03 03 00 9b 02 00 00-97 03 03 bc 7f 3b 07 ad
.............;..
0010 - fb 21 9c 6f 7c 4a 9d 84-9a 82 6e 9c 1a b4 e3 5d
.!.o|J....n....]
0020 - a8 d3 9d 52 a7 e1 93 c3-cc 8c 82 20 b7 57 a6 83
...R....... .W..
0030 - 7b c8 bc a2 0f 52 82 11-6f a3 1a 84 c5 4b fd e0
{....R..o....K..
0040 - 80 58 3c 2a bf af 54 32-4c 7d 4f fe 13 01 00 00
.X<*..T2L}O.....
0050 - 4f 00 2b 00 02 03 04 00-33 00 45 00 17 00 41 04
O.+.....3.E...A.
0060 - 7d 81 11 ab ff a6 60 e7-5f 23 82 ed 22 35 76 24
}.....`._#.."5v$
0070 - b0 47 09 25 0c 79 b9 07-5b 3e 28 b7 3c d8 d3 ce
.G.%.y..[>(.<...
0080 - 6b 89 c6 01 21 28 c9 97-ae 50 a5 e7 43 35 ae c7
k...!(...P..C5..
0090 - 73 10 60 62 57 25 9b c9-f1 93 28 70 03 44 e1 a0
s.`bW%....(p.D..
00a0 - 14 03 03 00 01 01 17 03-03 00 27 0f 8b fb 2d 33
..........'...-3
00b0 - 72 c6 a8 28 0b 7d e1 c3-b7 d0 f3 d9 18 5b ca e0
r..(.}.......[..
00c0 - 56 09 74 48 ba 28 16 1c-15 11 d9 fa 6e b3 bc b9
V.tH.(......n...
00d0 - 4d 54 17 03 03 00 42 35-53 5b 9a 8e 09 df 86 c4
MT....B5S[......
00e0 - 00 28 05 6d a8 c9 bb 38-e2 77 72 73 25 26 e3 65
.(.m...8.wrs%&.e
00f0 - 58 d8 fd 15 8a ce ea 97-8a 50 1e e3 f9 c5 dc 96
X........P......
0100 - f0 3b 3c 0a 12 41 58 9d-ab f8 3a 28 0a 1f 61 e9
.;<..AX...:(..a.
0110 - df 68 a9 1f 84 66 f7 5b-d7 17 03 03 03 20 8f b5
.h...f.[..... ..
0120 - b4 52 44 80 d0 b9 63 3d-80 9c 8b 02 fc f3 d5 bb
.RD...c=........
0130 - a9 2a 4f 5b 4a cc 77 78-96 75 95 20 b8 12 c4 a6
.*O[J.wx.u. ....
0140 - e6 82 ea 56 56 e2 5f 97-65 99 7e 6e 3d b1 66 ee
...VV._.e.~n=.f.
0150 - 10 4c f7 6d 9b 73 86 14-7a 81 f8 b1 27 af 08 ee
.L.m.s..z...'...
0160 - ce 26 90 34 73 3d b7 45-8d 85 29 a8 65 19 e7 02
.&.4s=.E..).e...
0170 - e5 55 4a 27 f1 b1 6a a4-11 cc 6c af 78 6d 22 5c
.UJ'..j...l.xm"\
0180 - 33 73 e3 ad 7f 8d 1b d3-75 95 66 64 2d 0e f1 3e
3s......u.fd-..>
0190 - c2 30 df a1 7e ce a3 50-c3 4e 68 f6 36 b3 4e 45
.0..~..P.Nh.6.NE
01a0 - 9c ac e9 f2 0d 7c e3 73-6a 40 ab 6e 6e f9 d8 20
.....|.sj@.nn..
01b0 - 9c f3 04 32 cd 1d df 18-e5 4d e3 e8 b1 38 59 f8
...2.....M...8Y.
01c0 - 28 67 2e ca af a2 8b 88-ce ca 48 a6 07 2b a6 9a
(g........H..+..
01d0 - 0e 88 5b d7 0b d9 31 77-97 8d 6c 2b f5 60 24 61
..[...1w..l+.`$a
01e0 - a8 5c 47 5d 7c 66 f0 9b-1f e4 76 93 38 f6 78 3e
.\G]|f....v.8.x>
01f0 - 69 29 72 f9 d9 4b cb 05-03 e4 f2 d6 24 e1 91 ee
i)r..K......$...
0200 - 85 37 d7 7b c3 5c 35 90-08 cd b1 cc 76 11 fc 00
.7.{.\5.....v...
0210 - 12 7e 89 7b 70 e6 ca fe-0b 26 b6 bb ac fe 4b 9f
.~.{p....&....K.
0220 - ec cf 41 69 42 3a 3e 41-f9 b0 c0 93 5b 70 1f c7
..AiB:>A....[p..
0230 - 11 00 3d ec 66 5a 1a ca-31 89 22 27 02 dd a0 cb
..=.fZ..1."'....
0240 - 39 14 25 ee 30 44 e8 62-97 bf 8e 16 63 40 c4 11
9.%.0D.b....c@..
0250 - a6 d9 32 b1 3c 86 35 bb-9f f1 4d 71 9f a5 4f 78
..2.<.5...Mq..Ox
0260 - 0a e8 96 dd 4d 10 c3 48-f2 db 67 57 2d cd dc 23
....M..H..gW-..#
0270 - 3a 8d 6a 61 47 20 ff c8-33 cd e9 f7 47 4c 68 4f :.jaG
..3...GLhO
0280 - 19 2f 8b e3 b1 90 ac 66-a7 cf 5c e6 d2 05 21 25
./.....f..\...!%
0290 - d2 d8 f0 43 8c 55 01 ef-d6 8f c0 27 87 0d 21 d5
...C.U.....'..!.
02a0 - 2b 2b 6f db e8 85 ea cd-6e 9c 5d 56 d5 31 c1 f2
++o.....n.]V.1..
02b0 - 97 2f 5a 83 7a 2b 71 03-65 e0 b6 4a 56 37 de e1
./Z.z+q.e..JV7..
02c0 - 80 3a c4 cc 5a ac 3b 9a-7a bf f7 6b fe a8 69 e9
.:..Z.;.z..k..i.
02d0 - 58 09 59 bd 46 bd d2 a3-bc ad 1c 10 53 c8 29 7b
X.Y.F.......S.){
02e0 - be 63 00 d6 e5 a8 d6 ab-b2 bc 8b e1 2c 0e 24 2a
.c..........,.$*
02f0 - c2 31 2d d8 6e 1f 19 93-d7 54 e1 1e 28 ce 72 83
.1-.n....T..(.r.
0300 - ff 05 18 f2 fc e9 0c b3-0c 1b d5 96 c2 d8 fc 76
...............v
0310 - 37 a9 5a ef 8e e9 b6 71-21 f3 bd c1 85 23 85 22
7.Z....q!....#."
0320 - 3d c4 1c c9 31 8b 7e 00-8f 8e b4 9f 05 d4 80 6b
=...1.~........k
0330 - 98 4c a8 82 68 ff 1a a5-28 e2 9b 03 a1 a7 b1 00
.L..h...(.......
0340 - 02 2b 2d e2 e1 87 8c e8-0a fb 0b 79 54 ca 3d d5
.+-........yT.=.
0350 - 6a dd b7 b7 87 42 2b 47-49 da e9 0a 82 0a c9 8f
j....B+GI.......
0360 - 57 f7 1e 03 ca 8d 16 bc-21 3a 6a ee b9 b8 fa f0
W.......!:j.....
0370 - d9 18 35 9f 35 ac d8 6e-9a 8a 0d 56 10 1e 1f 5a
..5.5..n...V...Z
0380 - ba ec e4 fe 1a 92 b4 31-35 43 1d 99 b9 12 fa ff
.......15C......
0390 - 99 2b 88 e0 58 ec 9c dc-8f 67 ef 2a c2 e2 64 5d
.+..X....g.*..d]
03a0 - 66 76 1c d0 aa 00 30 59-b1 f5 b1 55 9f ad 60 e9
fv....0Y...U..`.
03b0 - 3d 03 1e d0 8b 4d bf 74-ac bc bb 1c 83 14 c5 e0
=....M.t........
03c0 - f4 fc 70 9e f4 22 a0 78-04 fe c8 b1 17 65 f6 94
..p..".x.....e..
03d0 - 47 82 50 4a b6 32 74 ae-5b 38 5a 2e d9 b0 6a 45
G.PJ.2t.[8Z...jE
03e0 - 74 e8 f0 22 fe d3 b0 11-c3 fd 72 4f da 77 7a ba
t.."......rO.wz.
03f0 - 26 3e 61 0c 63 21 17 a6-b2 13 6e 71 5c f2 0d ad
&>a.c!....nq\...
0400 - f2 d1 19 71 51 9e a4 1b-b0 30 24 e0 71 7d 87 80
...qQ....0$.q}..
0410 - a9 5a e9 bc db e4 4f 50-4d a1 bc bc 2c 4b 66 98
.Z....OPM...,Kf.
0420 - d4 e4 b0 76 0f d2 db a5-a5 39 9e f2 5b ea 34 c1
...v.....9..[.4.
0430 - 62 ab 47 51 3b 37 17 45-54 31 18 f3 f1 ca 17 03
b.GQ;7.ET1......
0440 - 03 01 19 dd 50 50 f5 0c-f2 c9 3c b4 8f 63 cc 4a
....PP....<..c.J
0450 - a7 50 c9 91 9b 79 9a 2a-5c 47 d3 77 f6 56 69 90
.P...y.*\G.w.Vi.
0460 - 98 cd ff bd c1 2a 49 fc-0d d4 7e cc 7e 44 af c4
.....*I...~.~D..
0470 - 61 47 e0 c1 76 b1 8c 2e-df 7e d0 82 e1 89 1f 04
aG..v....~......
0480 - ae 64 bd 71 4d ae 1c 3c-e3 d3 39 5d 61 2a ea 70
.d.qM..<..9]a*.p
0490 - 8c 31 6d a0 b1 72 a8 7a-5c 9c 11 08 b8 4d a5 c4
.1m..r.z\....M..
04a0 - ad 1b 38 4a 6a 02 28 d4-d1 0f c8 9f 0b b3 02 18
..8Jj.(.........
04b0 - 82 2b bd 46 82 04 64 f0-41 b2 da f5 cd 9c f7 f3
.+.F..d.A.......
04c0 - 73 30 58 ca 12 ec ea 90-85 1c 75 09 0a 70 b8 80
s0X.......u..p..
04d0 - 3d 02 17 3e 9b 83 04 b5-dd 9e e6 18 17 65 83 a5
=..>.........e..
04e0 - 59 7d 4b 98 da bd 8b aa-d6 aa c5 1c 7d 87 56 e3
Y}K.........}.V.
04f0 - 74 d8 e9 7b eb b3 3d f7-7c 3c 0a e9 a8 2e 04 0d
t..{..=.|<......
0500 - 6a e7 83 e0 ec 99 43 6a-8b 1c 73 59 7a c8 cd 6e
j.....Cj..sYz..n
0510 - 4a 14 73 ff 9a fb 71 94-d5 50 a9 d9 e0 dd 02 4c
J.s...q..P.....L
0520 - 2b 67 9e da 9e fa 2d 67-49 df 13 10 ed 35 3e 73
+g....-gI....5>s
0530 - 07 20 17 fb 0b ef f6 d0-b7 68 1c 65 21 a6 e3 3b .
.......h.e!..;
0540 - bf 7b 84 cd 9e f5 76 2a-0d 4f b8 c3 c8 15 08 e9
.{....v*.O......
0550 - 0f 3c 50 49 12 97 a8 d7-f1 a3 16 da 17 03 03 00
.<PI............
0560 - 35 22 dd a2 9d 25 98 2c-35 b8 00 29 fa a1 dd ba
5"...%.,5..)....
0570 - 72 b9 fe e5 85 85 f0 f1-3b 4e f5 7c 58 c8 2a da
r.......;N.|X.*.
0580 - d2 75 94 3b c1 7a 7c 7e-db 5b fe 8a 2d 3f 8c 9a
.u.;.z|~.[..-?..
0590 - 6e 79 ab 2b ff 1a ny.+..
SSL_accept:SSLv3/TLS write finished
SSL_accept:TLSv1.3 early data
read from 0x7fe400f050c0 [0x7fe40300f603] (5 bytes => 5 (0x5))
0000 - 14 03 03 00 01 .....
read from 0x7fe400f050c0 [0x7fe40300f608] (1 bytes => 1 (0x1))
0000 - 01 .
read from 0x7fe400f050c0 [0x7fe40300f603] (5 bytes => 5 (0x5))
0000 - 17 03 03 00 3d ....=
read from 0x7fe400f050c0 [0x7fe40300f608] (61 bytes => 61 (0x3D))
0000 - 38 e7 bb 2c 5b af b6 5f-37 d8 3e 7e bb f4 04 f5
8..,[.._7.>~....
0010 - e1 28 b5 e5 07 5a ec ce-da 2f f3 b6 45 61 cf ef
.(...Z.../..Ea..
0020 - 90 fb 57 b8 f3 20 45 27-60 d4 26 51 38 77 e4 bc ..W..
E'`.&Q8w..
0030 - b7 64 d4 8b 73 25 41 9e-fe d3 9d 5f 53
.d..s%A...._S
SSL_accept:TLSv1.3 early data
write to 0x7fe400f050c0 [0x7fe403018a00] (24 bytes => 24 (0x18))
0000 - 17 03 03 00 13 25 85 60-eb 7d c1 a8 15 49 d5 63
.....%.`.}...I.c
0010 - 18 7f c6 ac ed 7f df 77- .......w
SSL3 alert write:fatal:unknown
SSL_accept:error in error
ERROR
140736092021632:error:1417C0C7:SSL
routines:tls_process_client_certificate:peer did not return a
certificate:ssl/statem/statem_srvr.c:3654:
shutting down SSL
CONNECTION CLOSED
When using openssl s_client all works as expected tho (thats
also true if I use my native implementation on the client and
server side that uses openssl):
./bin/openssl s_client -cert
~/Documents/workspace/netty/handler/src/test/resources/io/netty/handler/ssl/test.crt
-key
~/Documents/workspace/netty/handler/src/test/resources/io/netty/handler/ssl/test_unencrypted.pem
-state -tls1_3 -connect localhost:8443
The interesting thing is if I use “-verify 1” and not “-Verify
1” with openssl which tells it I want to request a certificate
but will also process if none is provided I receive the
certificate at some point as seen here:
SSL_accept:before SSL initialization
read from 0x7fdc58809fb0 [0x7fdc5901da03] (5 bytes => 5 (0x5))
0000 - 16 03 03 01 60 ....`
read from 0x7fdc58809fb0 [0x7fdc5901da08] (352 bytes => 352
(0x160))
0000 - 01 00 01 5c 03 03 61 c0-b3 ed 88 65 e6 cf 11 3f
...\..a....e...?
0010 - c0 e0 f8 df a6 63 32 c2-ab 3d 61 6f 41 ed b1 4b
.....c2..=aoA..K
0020 - 53 0e 83 e5 a1 b8 20 c7-1b 8c b8 e6 b5 da 4e 4e
S..... .......NN
0030 - 3f 3c 61 7a ad 58 23 94-a7 32 79 2f db 9f 21 c0
?<az.X#..2y/..!.
0040 - 8e 0c c5 ce b1 c2 a4 00-14 c0 2c c0 2b c0 2f c0
..........,.+./.
0050 - 13 c0 14 00 9c 00 2f 00-35 13 01 13 02 01 00 00
....../.5.......
0060 - ff 00 05 00 05 01 00 00-00 00 00 0a 00 20 00 1e
............. ..
0070 - 00 17 00 18 00 19 00 09-00 0a 00 0b 00 0c 00 0d
................
0080 - 00 0e 00 16 01 00 01 01-01 02 01 03 01 04 00 0b
................
0090 - 00 02 01 00 00 0d 00 28-00 26 04 03 05 03 06 03
.......(.&......
00a0 - 08 04 08 05 08 06 08 09-08 0a 08 0b 04 01 05 01
................
00b0 - 06 01 04 02 03 03 03 01-03 02 02 03 02 01 02 02
................
00c0 - 00 32 00 28 00 26 04 03-05 03 06 03 08 04 08 05
.2.(.&..........
00d0 - 08 06 08 09 08 0a 08 0b-04 01 05 01 06 01 04 02
................
00e0 - 03 03 03 01 03 02 02 03-02 01 02 02 00 11 00 09
................
00f0 - 00 07 02 00 04 00 00 00-00 00 17 00 00 00 2b 00
..............+.
0100 - 09 08 03 04 03 03 03 02-03 01 00 2d 00 02 01 01
...........-....
0110 - 00 33 00 47 00 45 00 17-00 41 04 52 dc d6 47 6e
.3.G.E...A.R..Gn
0120 - a1 de 9c 71 c2 54 0e 5c-9b 57 fb c8 aa 3f 19 f7
...q.T.\.W...?..
0130 - d3 a4 25 12 fa 3f 6c 6d-95 30 66 ca 63 b7 a1 dd
..%..?lm.0f.c...
0140 - ae 9f 99 d6 a8 6b 20 4f-29 7a 74 58 ad 58 de 12
.....k O)ztX.X..
0150 - d7 a5 9b 69 dc 27 ac ec-9e d4 04 ff 01 00 01 00
...i.'..........
SSL_accept:before SSL initialization
SSL_accept:SSLv3/TLS read client hello
SSL_accept:SSLv3/TLS write server hello
SSL_accept:SSLv3/TLS write change cipher spec
SSL_accept:TLSv1.3 write encrypted extensions
SSL_accept:SSLv3/TLS write certificate request
SSL_accept:SSLv3/TLS write certificate
SSL_accept:TLSv1.3 write server certificate verify
write to 0x7fdc58809fb0 [0x7fdc59025e00] (1430 bytes => 1430
(0x596))
0000 - 16 03 03 00 9b 02 00 00-97 03 03 8b c8 62 48 6c
.............bHl
0010 - f5 7c 73 d9 17 f8 63 a2-11 27 40 93 09 26 53 06
.|s...c..'@..&S.
0020 - b3 62 df 46 26 b6 dc 59-29 b5 58 20 c7 1b 8c b8
.b.F&..Y).X ....
0030 - e6 b5 da 4e 4e 3f 3c 61-7a ad 58 23 94 a7 32 79
...NN?<az.X#..2y
0040 - 2f db 9f 21 c0 8e 0c c5-ce b1 c2 a4 13 01 00 00
/..!............
0050 - 4f 00 2b 00 02 03 04 00-33 00 45 00 17 00 41 04
O.+.....3.E...A.
0060 - 07 63 1c 19 53 89 68 a8-0f ea 9e 4c 18 6f 2a ad
.c..S.h....L.o*.
0070 - 2a df eb 17 a2 08 94 c6-e3 c5 97 ae 0f c1 1a d7
*...............
0080 - 0d d7 2e 6d 77 3d 30 a0-07 db 70 35 bb 37 dd 1e
...mw=0...p5.7..
0090 - b6 f3 4d cb 13 97 7c 11-63 98 e8 64 2d a7 e6 cc
..M...|.c..d-...
00a0 - 14 03 03 00 01 01 17 03-03 00 27 a3 73 d2 ee 2c
..........'.s..,
00b0 - 2f 9c 8f 95 7f ca a3 89-bc b4 b3 b2 3c 8b 23 ef
/...........<.#.
00c0 - 36 66 23 c9 09 02 33 0d-dc 5d 36 61 44 89 8b ef
6f#...3..]6aD...
00d0 - fd 13 17 03 03 00 42 f2-5b 3c 0c 27 5e 7f 97 4f
......B.[<.'^..O
00e0 - 0f de 8c b9 0a a1 41 c7-c2 1e 92 99 6a d5 bd 12
......A.....j...
00f0 - 38 b6 b7 93 33 e9 8e 0f-44 93 f0 69 58 b6 41 22
8...3...D..iX.A"
0100 - 46 e2 4a d5 d6 32 2b b8-a7 ae 3a c2 c5 2f e6 35
F.J..2+...:../.5
0110 - 11 0c f1 9a 35 2a 87 ed-9e 17 03 03 03 20 a7 e2
....5*....... ..
0120 - fe ba c7 10 5b 9c cd 94-67 19 37 2d 46 59 ab 56
....[...g.7-FY.V
0130 - 6b dd a4 10 61 cc ed f1-71 a7 2d 6a 41 2e 2b da
k...a...q.-jA.+.
0140 - d1 35 fc 01 df 49 e5 90-1d 9b b2 03 0a 81 58 18
.5...I........X.
0150 - 96 a1 db 31 19 98 35 5c-87 8f 6e 32 0a e6 c0 aa
...1..5\..n2....
0160 - 9e 8e 72 e2 34 b3 b7 a3-d6 d1 66 c7 ce 93 fe 78
..r.4.....f....x
0170 - 17 c4 71 7c 42 15 c8 af-dc 4f 50 42 51 80 fc bf
..q|B....OPBQ...
0180 - fc 54 d5 d8 59 20 9a 90-c4 78 97 9c 2d 4a d5 58 .T..Y
...x..-J.X
0190 - be 81 79 23 59 22 9d 27-f8 bd a0 b2 98 b3 47 82
..y#Y".'......G.
01a0 - d3 52 b5 b5 91 ab 5c 76-52 c5 a5 95 2d 03 1c b7
.R....\vR...-...
01b0 - 64 4d 0b 88 7f 15 0b c8-a8 90 50 9a b6 b1 9f b7
dM........P.....
01c0 - 40 09 f2 5f 39 f8 9a 06-21 4d 67 10 0a 67 08 b6
@.._9...!Mg..g..
01d0 - b5 9a 25 8c d5 ca 31 6a-8a 6b 01 93 7d 6f 1e 52
..%...1j.k..}o.R
01e0 - 98 96 9d fb e8 c1 07 ab-57 98 2d 1e 75 77 ef c2
........W.-.uw..
01f0 - 49 78 e0 b9 2b 32 23 7e-95 4d 3e 27 00 61 86 0c
Ix..+2#~.M>'.a..
0200 - 47 c7 79 e4 ee 9d ba c0-ea 62 f1 0d 8e 4a 91 30
G.y......b...J.0
0210 - bc 4f 5a 98 26 30 66 ec-c4 63 8f 28 d5 1c 61 23
.OZ.&0f..c.(..a#
0220 - ea e9 90 4e 36 d9 fa 31-7b 14 27 22 0a ae 9f 64
...N6..1{.'"...d
0230 - 40 3d e5 a0 5c 9d 3c 04-71 09 b0 7a 6b 51 a0 9c
@=..\.<.q..zkQ..
0240 - c0 61 32 ce 15 62 8e 29-b1 59 91 c0 17 2c b3 c5
.a2..b.).Y...,..
0250 - f9 ed 07 65 3d 11 de 98-de 62 36 50 74 37 af 2d
...e=....b6Pt7.-
0260 - 7d 86 55 c4 3e a2 83 ab-47 8d f2 b2 8d 1d 75 83
}.U.>...G.....u.
0270 - b5 e4 41 87 a7 a3 85 b0-5e 4e 2e 9c 8c b0 1b 83
..A.....^N......
0280 - 7b 54 79 c9 60 ea 7d ed-06 fa dd 24 40 f1 53 9e
{Ty.`.}....$@.S.
0290 - 43 79 25 53 9c c7 6e 95-ab 9f 96 59 cd b9 7b a8
Cy%S..n....Y..{.
02a0 - a0 23 13 69 db a9 c9 e7-1a 8e e1 9b 54 94 1c 44
.#.i........T..D
02b0 - 50 08 8b dd eb 4e 2b bb-d7 c9 c2 33 8c a1 b3 65
P....N+....3...e
02c0 - 06 e6 9d ac 11 16 21 58-40 8d 59 e6 67 e5 31 02
......!X@.Y.g.1.
02d0 - 15 8d 29 80 20 66 ba c3-56 93 95 5c 65 4b 41 00 ..).
f..V..\eKA.
02e0 - c5 71 12 12 f5 20 4f 59-be 77 06 10 6e 48 85 5c .q...
OY.w..nH.\
02f0 - ff a2 c4 ae fb 4d 95 f5-cc f6 61 20 33 b7 92 1d
.....M....a 3...
0300 - ac a8 f1 b2 b0 88 c6 7b-8b 00 53 30 6d 4a d1 42
.......{..S0mJ.B
0310 - b3 3e 85 f5 84 e1 c6 ab-10 9d 61 03 46 ff 2d 81
.>........a.F.-.
0320 - 15 4f 84 d1 4c ee f4 a6-a0 ec 50 60 a0 d1 ff df
.O..L.....P`....
0330 - 8a 97 f6 7d fb 8f fb 60-18 d4 f1 1f 92 4d d8 69
...}...`.....M.i
0340 - b1 92 97 44 0f 3c 8a aa-47 07 48 d4 07 2d 3e f2
...D.<..G.H..->.
0350 - c4 a7 16 35 a7 17 71 ef-98 84 24 67 12 58 30 3b
...5..q...$g.X0;
0360 - 1d 41 8d e5 12 52 95 64-e5 88 35 99 d7 c3 58 40
.A...R.d..5...X@
0370 - f9 55 9b 9f e5 33 15 70-41 d7 45 ba a4 fc 75 ea
.U...3.pA.E...u.
0380 - a4 ae f0 68 ea 64 d8 f5-06 68 a9 75 22 4d 43 cc
...h.d...h.u"MC.
0390 - ff 50 cc ac 6e fd 43 dd-eb e4 c8 dd 4b 6c 12 bb
.P..n.C.....Kl..
03a0 - f1 d4 5e 11 4a 86 90 0b-f8 3a 2e 23 db 61 5a 1f
..^.J....:.#.aZ.
03b0 - 7e 11 00 92 21 68 1f b5-ab f2 f8 38 5e 62 ea f8
~...!h.....8^b..
03c0 - da ef c2 6e a0 b8 20 e4-69 49 b3 1f 15 84 0b 9b
...n.. .iI......
03d0 - ce b0 6f 36 32 7f 7e bf-e8 d7 18 7a 58 60 f4 04
..o62.~....zX`..
03e0 - cc 36 bf 06 cd ec e5 9b-19 03 96 09 fb af 8f c3
.6..............
03f0 - 98 b4 02 aa e8 55 81 aa-c4 fe 06 81 30 a0 c7 b2
.....U......0...
0400 - f8 e2 30 00 d7 a0 54 7f-5f d7 ef a6 f8 41 58 34
..0...T._....AX4
0410 - f5 f0 18 69 8d e6 7a 23-78 90 8f b1 05 c5 b5 7f
...i..z#x.......
0420 - e0 f2 c7 fa c8 36 5b 53-7e cf e6 75 d3 54 b4 69
.....6[S~..u.T.i
0430 - 68 43 0d 6a d2 83 cc 13-6d ca bf 83 3c 90 17 03
hC.j....m...<...
0440 - 03 01 19 96 dc 49 26 ce-1d 8e 86 3d bd cb 00 5e
.....I&....=...^
0450 - ee f6 e7 1d 16 7a ca ef-fa 6d 16 40 b6 99 d0 c1
.....z...m.@....
0460 - df 0b 5f 51 60 a8 24 e0-61 82 13 40 da 88 38 3a
.._Q`.$.a..@..8:
0470 - 26 1d 80 51 c4 b1 95 35-95 3c 91 35 28 17 49 d8
&..Q...5.<.5(.I.
0480 - c3 45 be 32 98 3e 02 07-3b 01 20 2b 51 e1 1a 94
.E.2.>..;. +Q...
0490 - b9 be 96 aa 7a 13 09 ff-d5 a9 63 d4 6f 49 cb b5
....z.....c.oI..
04a0 - 23 ab 7f 8c e2 63 f0 5c-5c 27 1e 04 a8 71 0c c0
#....c.\\'...q..
04b0 - 89 cd ed 18 8d 5b 75 ac-af f3 68 6d cc ba 20 38
.....[u...hm.. 8
04c0 - b5 7c 09 47 29 28 e2 26-57 57 1f f0 f3 18 fd 6f
.|.G)(.&WW.....o
04d0 - 27 42 a4 e3 de bb e5 d6-09 7d 25 b1 98 97 ad 33
'B.......}%....3
04e0 - 68 35 92 07 80 23 f1 66-20 5d 74 f3 02 c5 51 ff
h5...#.f ]t...Q.
04f0 - 07 a9 e9 0e 3e 74 da 2e-8f 3b 16 be e6 94 1b 66
....>t...;.....f
0500 - bb b2 a2 1e 7c 7b ff 5e-a4 36 2a ba 0b cd 7f e9
....|{.^.6*.....
0510 - 86 bb 5e 30 f5 57 92 52-82 b6 2e da 71 b7 22 c2
..^0.W.R....q.".
0520 - 90 c4 69 46 07 df 6c 3f-05 8b 19 3e ce b9 75 0d
..iF..l?...>..u.
0530 - 4b 97 37 ae 94 e2 d6 3c-91 e6 82 c7 a1 78 79 2c
K.7....<.....xy,
0540 - 9a a3 d5 45 94 ad e2 c8-ab fd 81 ec 62 87 f7 75
...E........b..u
0550 - e3 70 79 8e 82 3b c5 45-0d d0 33 5f 17 03 03 00
.py..;.E..3_....
0560 - 35 da e0 74 2a 06 41 5a-64 1e 54 94 29 73 43 3f
5..t*.AZd.T.)sC?
0570 - e5 24 a8 ba b2 7e 6b 26-82 fc d9 f6 dd 19 05 4a
.$...~k&.......J
0580 - 2c 1a f3 bb 16 1d 38 95-a6 d3 a8 58 f6 a3 41 c7
,.....8....X..A.
0590 - 92 44 35 24 25 0e .D5$%.
SSL_accept:SSLv3/TLS write finished
SSL_accept:TLSv1.3 early data
read from 0x7fdc58809fb0 [0x7fdc5901da03] (5 bytes => 5 (0x5))
0000 - 14 03 03 00 01 .....
read from 0x7fdc58809fb0 [0x7fdc5901da08] (1 bytes => 1 (0x1))
0000 - 01 .
read from 0x7fdc58809fb0 [0x7fdc5901da03] (5 bytes => 5 (0x5))
0000 - 17 03 03 00 3d ....=
read from 0x7fdc58809fb0 [0x7fdc5901da08] (61 bytes => 61 (0x3D))
0000 - ad dd 3e d9 ee ab 56 65-50 1c 72 2a d8 62 7f 90
..>...VeP.r*.b..
0010 - 13 71 7d 37 39 40 fb 89-8f 05 4b 39 44 9d 4d 67
.q}7...@....k9d.mg
0020 - e3 41 29 b6 3e e8 fe 04-1b 8e eb 7a 4c e2 14 a0
.A).>......zL...
0030 - b1 c2 47 3f 94 35 ed ab-8a d1 75 3b ba
..G?.5....u;.
SSL_accept:TLSv1.3 early data
SSL_accept:SSLv3/TLS read client certificate
SSL_accept:SSLv3/TLS read finished
write to 0x7fdc58809fb0 [0x7fdc59025e00] (223 bytes => 223 (0xDF))
0000 - 17 03 03 00 da 52 1f 48-00 f4 31 13 90 7f 9c c2
.....R.H..1.....
0010 - fc 70 1a fc f7 4a 48 e7-31 ad 37 ab b5 2b 4e 5c
.p...JH.1.7..+N\
0020 - e8 d8 6d e9 af 6c 4f c1-9e 7b ea ff ef b3 eb 74
..m..lO..{.....t
0030 - 27 67 10 21 66 5b 32 13-31 bc 99 d5 1c 6c 79 55
'g.!f[2.1....lyU
0040 - f3 3e f6 4b 07 4d a9 78-3d 12 8a f5 38 ef d9 f4
.>.K.M.x=...8...
0050 - 48 e0 2c 35 94 06 4f eb-09 e6 70 fb 59 95 7a c8
H.,5..O...p.Y.z.
0060 - 24 dd 24 e2 f9 63 b9 3c-f2 66 86 c4 73 44 53 fd
$.$..c.<.f..sDS.
0070 - ca 67 8f 01 d6 db 70 f9-60 bc 50 11 51 72 dc 63
.g....p.`.P.Qr.c
0080 - 12 ca 4f 23 e2 c5 d1 1d-e5 b0 d4 ec 89 ca 28 be
..O#..........(.
0090 - 9c 30 83 40 02 a4 62 a8-5c b3 20 1a ab 39 b7 7b
.0.@..b.\. ..9.{
00a0 - 89 13 39 87 73 be a8 f8-60 13 31 0a 48 5c 79 b9
..9.s...`.1.H\y.
00b0 - cc 4a 51 e3 0d d2 b4 93-c0 1f 3a 22 b3 fa 24 a0
.JQ.......:"..$.
00c0 - 7c f6 76 79 d0 2d 5b 1a-ff a6 e9 e1 40 d3 b1 8c
|.vy.-[.....@...
00d0 - 0a fa fa de f3 8e d6 ad-9a 22 6b 67 0b 88 18
........."kg...
SSL_accept:SSLv3/TLS write session ticket
write to 0x7fdc58809fb0 [0x7fdc59025e00] (223 bytes => 223 (0xDF))
0000 - 17 03 03 00 da 46 aa ea-6a 37 b1 35 e8 41 c8 b3
.....F..j7.5.A..
0010 - 84 25 af 1c 36 a3 6d 78-a4 44 4a 83 52 ef 13 7c
.%..6.mx.DJ.R..|
0020 - 8f 18 d3 4c f8 22 c8 b3-ad d0 d0 5b 47 a0 43 da
...L.".....[G.C.
0030 - d2 6e 04 8f dc c9 56 90-58 87 62 63 4c cc 31 ec
.n....V.X.bcL.1.
0040 - b8 c9 18 be 41 32 e1 3c-00 41 2a f1 4d 5c 2d 44
....A2.<.A*.M\-D
0050 - 8c aa e1 f0 ed 38 ee 44-64 e5 fd ea 58 3b 84 5d
.....8.Dd...X;.]
0060 - 83 39 21 2e fe 79 4d 76-10 65 87 0f 3c ac df 28
.9!..yMv.e..<..(
0070 - 49 f8 60 eb be 49 e4 0a-0b 6a 03 2b 9d cf 9b a5
I.`..I...j.+....
0080 - 03 56 58 32 c2 b2 59 f9-0a 0d f0 ae af ff 20 19
.VX2..Y....... .
0090 - e5 6e e4 86 2f 5e 3f 7d-47 d5 73 ae 89 48 a7 66
.n../^?}G.s..H.f
00a0 - fb 2d 83 60 e8 8b ab 27-12 db 24 78 54 eb 14 2d
.-.`...'..$xT..-
00b0 - b7 c6 17 2d 3c 91 57 ac-6e 35 b8 c3 fa c2 42 48
...-<.W.n5....BH
00c0 - 2a cb aa 98 32 89 8a ce-0c f7 cd 5e fb bf 6d 33
*...2......^..m3
00d0 - 08 50 cf 1e 06 bb a1 98-be a4 a9 51 9a b0 34
.P.........Q..4
SSL_accept:SSLv3/TLS write session ticket
write to 0x7fdc58809fb0 [0x7fdc59021c03] (23 bytes => 23 (0x17))
0000 - 17 03 03 00 12 c5 9b 73-cc 91 7e 48 cb 25 31 a0
.......s..~H.%1.
0010 - 67 41 db bb 0f 62 d8 gA...b.
write to 0x7fdc58809fb0 [0x7fdc59021c03] (23 bytes => 23 (0x17))
0000 - 17 03 03 00 12 0f dd 3f-c1 7c e6 b0 cc ea f0 13
.......?.|......
0010 - 00 d8 01 de ef 7c bb .....|.
read from 0x7fdc58809fb0 [0x7fdc5901da03] (5 bytes => 5 (0x5))
0000 - 17 03 03 00 1e .....
read from 0x7fdc58809fb0 [0x7fdc5901da08] (30 bytes => 30 (0x1E))
0000 - d6 88 44 82 cb 23 16 ba-c9 a4 fb 55 51 08 90 c1
..D..#.....UQ...
0010 - bf bd a1 7f 0e 37 b0 b4-b5 df f1 07 6c 07
.....7......l.
I am a clientwrite to 0x7fdc58809fb0 [0x7fdc59021c03] (23
bytes => 23 (0x17))
0000 - 17 03 03 00 12 c0 70 5d-14 e7 69 57 0a d8 64 16
......p]..iW..d.
0010 - 0c 90 06 0f c3 4d 1d .....M.
read from 0x7fdc58809fb0 [0x7fdc5901da03] (5 bytes => 5 (0x5))
0000 - 17 03 03 00 13 .....
read from 0x7fdc58809fb0 [0x7fdc5901da08] (19 bytes => 19 (0x13))
0000 - 60 28 5b ff bb 0d 9f 96-9a 2d cb fd 60 eb 96 62
`([......-..`..b
0010 - 53 e6 25 S.%
SSL3 alert read:warning:close notify
DONE
shutting down SSL
CONNECTION CLOSED
I am using the following JDK version on MacOS:
ssl git:(cert_cb_openssl_1_1_1) ✗
/Library/Java/JavaVirtualMachines/jdk-11.jdk/Contents/Home/bin/java
-version
java version "11" 2018-09-25
Java(TM) SE Runtime Environment 18.9 (build 11+28)
Java HotSpot(TM) 64-Bit Server VM 18.9 (build 11+28, mixed mode)
For this to work you will need to have openssl 1.1.1 installed.
Any help would be welcome,
Norman
[1] https://github.com/netty/netty-tcnative
