The problem is that all of the policies must be enforced. CXF is rejecting the Basic256 policy, as the signature derivation key lengths in the message do not match it.
As the TransportBinding policy is only being used here to require that TLS is used, I would just omit the AlgorithmSuite altogether from the TransportBinding policy and it should work. Colm. On Wed, Oct 26, 2016 at 5:39 PM, Martin Fernau <[email protected]> wrote: > Sure, but the WSDL is somewhat complex. > For that reason I truncated the WSDL to the related parts: > > --cut > <?xml version="1.0" encoding="utf-8"?> > <wsdl:definitions name="ServiceCustomer" targetNamespace="http://tempur > i.org/" > xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"; xmlns:xsd=" > http://www.w3.org/2001/XMLSchema"; > xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"; > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-2004 > 01-wss-wssecurity-utility-1.0.xsd" > xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"; > xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/"; xmlns:tns=" > http://tempuri.org/"; > xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"; > xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex"; > xmlns:wsap="http://schemas.xmlsoap.org/ws/2004/08/addressing/policy"; > xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl"; > xmlns:msc="http://schemas.microsoft.com/ws/2005/12/wsdl/contract"; > xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"; > xmlns:wsa10="http://www.w3.org/2005/08/addressing"; > xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata";> > <wsp:Policy wsu:Id="CustomBinding_IServiceCustomer_policy"> > <wsp:ExactlyOne> > <wsp:All> > <sp:SymmetricBinding xmlns:sp="http://schemas.xmlso > ap.org/ws/2005/07/securitypolicy"> > <wsp:Policy> > <sp:ProtectionToken> > <wsp:Policy> > <sp:X509Token > sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/ > securitypolicy/IncludeToken/Never"> > <wsp:Policy> > <sp:RequireDerivedKeys/> > <sp:RequireThumbprintReference/> > <sp:WssX509V3Token10/> > </wsp:Policy> > </sp:X509Token> > </wsp:Policy> > </sp:ProtectionToken> > <sp:AlgorithmSuite> > <wsp:Policy> > <sp:Basic128Rsa15/> > </wsp:Policy> > </sp:AlgorithmSuite> > <sp:Layout> > <wsp:Policy> > <sp:Strict/> > </wsp:Policy> > </sp:Layout> > <sp:IncludeTimestamp/> > <sp:OnlySignEntireHeadersAndBody/> > </wsp:Policy> > </sp:SymmetricBinding> > <sp:EndorsingSupportingTokens > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > <wsp:Policy> > <sp:X509Token > sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/ > securitypolicy/IncludeToken/AlwaysToRecipient"> > <wsp:Policy> > <sp:RequireThumbprintReference/> > <sp:WssX509V3Token10/> > </wsp:Policy> > </sp:X509Token> > </wsp:Policy> > </sp:EndorsingSupportingTokens> > <sp:Wss11 xmlns:sp="http://schemas.xmlso > ap.org/ws/2005/07/securitypolicy"> > <wsp:Policy> > <sp:MustSupportRefThumbprint/> > <sp:MustSupportRefEncryptedKey/> > <sp:RequireSignatureConfirmation/> > </wsp:Policy> > </sp:Wss11> > <sp:Trust10 xmlns:sp="http://schemas.xmlso > ap.org/ws/2005/07/securitypolicy"> > <wsp:Policy> > <sp:MustSupportIssuedTokens/> > <sp:RequireClientEntropy/> > <sp:RequireServerEntropy/> > </wsp:Policy> > </sp:Trust10> > <sp:TransportBinding xmlns:sp="http://schemas.xmlso > ap.org/ws/2005/07/securitypolicy"> > <wsp:Policy> > <sp:TransportToken> > <wsp:Policy> > <sp:HttpsToken > RequireClientCertificate="false"/> > </wsp:Policy> > </sp:TransportToken> > <sp:AlgorithmSuite> > <wsp:Policy> > <sp:Basic256/> > </wsp:Policy> > </sp:AlgorithmSuite> > <sp:Layout> > <wsp:Policy> > <sp:Strict/> > </wsp:Policy> > </sp:Layout> > <sp:IncludeTimestamp/> > </wsp:Policy> > </sp:TransportBinding> > <wsaw:UsingAddressing/> > </wsp:All> > </wsp:ExactlyOne> > </wsp:Policy> > <wsp:Policy wsu:Id="CustomBinding_IService > Customer_GetContractsByCustomerID_Input_policy"> > <wsp:ExactlyOne> > <wsp:All> > <sp:SignedParts xmlns:sp="http://schemas.xmlso > ap.org/ws/2005/07/securitypolicy"> > <sp:Body/> > <sp:Header Name="To" Namespace="http://www.w3.org/2 > 005/08/addressing"/> > <sp:Header Name="From" Namespace="http://www.w3.org/2 > 005/08/addressing"/> > <sp:Header Name="FaultTo" Namespace=" > http://www.w3.org/2005/08/addressing"/> > <sp:Header Name="ReplyTo" Namespace=" > http://www.w3.org/2005/08/addressing"/> > <sp:Header Name="MessageID" Namespace=" > http://www.w3.org/2005/08/addressing"/> > <sp:Header Name="RelatesTo" Namespace=" > http://www.w3.org/2005/08/addressing"/> > <sp:Header Name="Action" Namespace=" > http://www.w3.org/2005/08/addressing"/> > </sp:SignedParts> > <sp:EncryptedParts xmlns:sp="http://schemas.xmlso > ap.org/ws/2005/07/securitypolicy"> > <sp:Body/> > </sp:EncryptedParts> > </wsp:All> > </wsp:ExactlyOne> > </wsp:Policy> > [... several Policy-Types more ...] > <wsdl:types> > [...] > </wsdl:types> > <wsdl:message name="IServiceCustomer_GetCont > ractsByCustomerID_InputMessage"> > <wsdl:part name="parameters" element="tns:GetContractsByCus > tomerID"/> > </wsdl:message> > <wsdl:message name="IServiceCustomer_GetCont > ractsByCustomerID_OutputMessage"> > <wsdl:part name="parameters" element="tns:GetContractsByCus > tomerIDResponse"/> > </wsdl:message> > [... several Message-Types more ...] > <wsdl:portType name="IServiceCustomer"> > <wsdl:operation name="GetContractsByCustomerID"> > <wsdl:input wsaw:Action="http://tempuri.or > g/IServiceCustomer/GetContractsByCustomerID" > message="tns:IServiceCustomer_GetContractsByCustomerID_InputMessage"/> > <wsdl:output > wsaw:Action="http://tempuri.org/IServiceCustomer/GetContract > sByCustomerIDResponse" > message="tns:IServiceCustomer_GetContractsByCustomerID_OutputMessage"/> > </wsdl:operation> > [...] > </wsdl:portType> > <wsdl:binding name="CustomBinding_IServiceCustomer" > type="tns:IServiceCustomer"> > <wsp:PolicyReference URI="#CustomBinding_IServiceCu > stomer_policy"/> > <soap:binding transport="http://schemas.xmlsoap.org/soap/http"/> > <wsdl:operation name="GetContractsByCustomerID"> > <soap:operation > soapAction="http://tempuri.org/IServiceCustomer/GetContractsByCustomerID"; > style="document"/> > <wsdl:input> > <wsp:PolicyReference > URI="#CustomBinding_IServiceCustomer_GetContractsByCustomerI > D_Input_policy"/> > <soap:body use="literal"/> > </wsdl:input> > <wsdl:output> > <wsp:PolicyReference > URI="#CustomBinding_IServiceCustomer_GetContractsByCustomerI > D_output_policy"/> > <soap:body use="literal"/> > </wsdl:output> > </wsdl:operation> > [...] > </wsdl:binding> > <wsdl:service name="ServiceCustomer"> > <wsdl:port name="CustomBinding_IServiceCustomer" > binding="tns:CustomBinding_IServiceCustomer"> > <soap:address > location="[...]"/> > <wsa10:EndpointReference> > <wsa10:Address>[...]</wsa10:Address> > <Identity xmlns="http://schemas.xmlsoap. > org/ws/2006/02/addressingidentity"> > <Dns>localhost</Dns> > </Identity> > </wsa10:EndpointReference> > </wsdl:port> > </wsdl:service> > </wsdl:definitions> > --cut > > > Am 26.10.2016 um 17:48 schrieb Colm O hEigeartaigh: > >> For Basic256, the signature derived key length must be 192 bits (and 256 >> for encryption). However in the sample message it is just using 128 bits >> for both. Let's see the full security policy configuration, where is it >> getting the information from to secure the message? Above it's just the >> TransportBinding configuration. >> >> Colm. >> >> On Wed, Oct 26, 2016 at 4:34 PM, Martin Fernau < >> [email protected]> >> wrote: >> >> Yes it does. >>> >>> For simplicity I paste the whole response after these lines. >>> >>> --cut >>> <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"; >>> xmlns:a=" >>> http://www.w3.org/2005/08/addressing"; xmlns:u="http://docs.oasis-ope >>> n.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> >>> <s:Header> >>> <a:Action s:mustUnderstand="1" u:Id="_6">http://tempuri.org/I >>> ServiceCustomer/GetContractsByCustomerIDResponse</a:Action> >>> <a:RelatesTo u:Id="_7">urn:uuid:9f796ce4-41 >>> 51-4720-9911-6f533112b4fa</a:RelatesTo> >>> <o:Security xmlns:o="http://docs.oasis-ope >>> n.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" >>> s:mustUnderstand="1"> >>> <u:Timestamp u:Id="uuid-eb38523b-3459-439a- >>> 8576-47af2ed4b522-470"> >>> <u:Created>2016-10-26T15:32:20.723Z</u:Created> >>> <u:Expires>2016-10-26T15:37:20.723Z</u:Expires> >>> </u:Timestamp> >>> <c:DerivedKeyToken xmlns:c="http://schemas.xmlsoa >>> p.org/ws/2005/02/sc" >>> u:Id="_0"> >>> <o:SecurityTokenReference xmlns:k="http://docs.oasis-ope >>> n.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" k:TokenType=" >>> http://docs.oasis-open.org/wss/oasis-wss-soap- >>> message-security-1.1#EncryptedKey"> >>> <o:KeyIdentifier ValueType="http://docs.oasis-o >>> pen.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1" >>> EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis- >>> 200401-wss-soap-message-security-1.0#Base64Binary">/vaenfbIz >>> pR6zUN7nL+LjSc6jeY=</o:KeyIdentifier> >>> </o:SecurityTokenReference> >>> <c:Offset>0</c:Offset> >>> <c:Length>16</c:Length> >>> <c:Nonce>nwdUEQxC0ErM+Ksf07uXjg==</c:Nonce> >>> </c:DerivedKeyToken> >>> <c:DerivedKeyToken xmlns:c="http://schemas.xmlsoa >>> p.org/ws/2005/02/sc" >>> u:Id="_3"> >>> <o:SecurityTokenReference xmlns:k="http://docs.oasis-ope >>> n.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" k:TokenType=" >>> http://docs.oasis-open.org/wss/oasis-wss-soap- >>> message-security-1.1#EncryptedKey"> >>> <o:KeyIdentifier ValueType="http://docs.oasis-o >>> pen.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1" >>> EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis- >>> 200401-wss-soap-message-security-1.0#Base64Binary">/vaenfbIz >>> pR6zUN7nL+LjSc6jeY=</o:KeyIdentifier> >>> </o:SecurityTokenReference> >>> <c:Offset>0</c:Offset> >>> <c:Length>16</c:Length> >>> <c:Nonce>Xu4KRD3co7K0Y9JpAXdBFA==</c:Nonce> >>> </c:DerivedKeyToken> >>> <e:ReferenceList xmlns:e="http://www.w3.org/2001/04/xmlenc#";> >>> <e:DataReference URI="#_5"/> >>> </e:ReferenceList> >>> <k:SignatureConfirmation xmlns:k="http://docs.oasis-ope >>> n.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" u:Id="_1" >>> Value="nFxAQYQAA1DzkfjPLsnLlqJjYmE="/> >>> <k:SignatureConfirmation xmlns:k="http://docs.oasis-ope >>> n.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" u:Id="_2" >>> Value="xT8BJzHchJQ7oDTyeOtKhG9GCmiMB+MbUrXgc2fAJvrHZ9pDSf/ >>> dvT/SYZfd11N5HWIdDwrcKA42Qt5QF/XpFrL2Y1GOd1bJdfflNX+AjFVqDvt >>> l1rlbaPIR4ucxj1nmqn+YkcFQoupw0Za7VEk169Foo4HQd+49f5HiK7xS44X >>> p1nj8sNNkYPXfmq/4FyG9ihat7Auho6OfQPVD+lKV0O/ZAQhiou80afmxTXZ >>> GwD0cNSyhuzNV8i53AIJx6+E8pvx0fxqYAzalbDJ4xVXhsOa0n86OSGqB9gL >>> r4TzdQl4DTV+HgCu/OHfXPm6GzNHfAtU+w040h9cL9QO59flMsA=="/> >>> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#";> >>> <SignedInfo> >>> <CanonicalizationMethod Algorithm="http://www.w3.org/2 >>> 001/10/xml-exc-c14n#"/> >>> <SignatureMethod Algorithm="http://www.w3.org/2 >>> 000/09/xmldsig#hmac-sha1"/> >>> <Reference URI="#_4"> >>> <Transforms> >>> <Transform Algorithm="http://www.w3.org/2 >>> 001/10/xml-exc-c14n#"/> >>> </Transforms> >>> <DigestMethod Algorithm="http://www.w3.org/2 >>> 000/09/xmldsig#sha1"/> >>> <DigestValue>a4dYMJM7glapET2aPCKJJ4NGnR8=</DigestValue> >>> </Reference> >>> <Reference URI="#_6"> >>> <Transforms> >>> <Transform Algorithm="http://www.w3.org/2 >>> 001/10/xml-exc-c14n#"/> >>> </Transforms> >>> <DigestMethod Algorithm="http://www.w3.org/2 >>> 000/09/xmldsig#sha1"/> >>> <DigestValue>rAxMEQpS8qPAFIurOtChX3ass68=</DigestValue> >>> </Reference> >>> <Reference URI="#_7"> >>> <Transforms> >>> <Transform Algorithm="http://www.w3.org/2 >>> 001/10/xml-exc-c14n#"/> >>> </Transforms> >>> <DigestMethod Algorithm="http://www.w3.org/2 >>> 000/09/xmldsig#sha1"/> >>> <DigestValue>IzophB2+Qc8xSA2CKkPGKPR3M2I=</DigestValue> >>> </Reference> >>> <Reference URI="#uuid-eb38523b-3459-439a- >>> 8576-47af2ed4b522-470"> >>> <Transforms> >>> <Transform Algorithm="http://www.w3.org/2 >>> 001/10/xml-exc-c14n#"/> >>> </Transforms> >>> <DigestMethod Algorithm="http://www.w3.org/2 >>> 000/09/xmldsig#sha1"/> >>> <DigestValue>sgl2yTvuUtX7/iciMd4dDL/VBfI=</DigestValue> >>> </Reference> >>> <Reference URI="#_1"> >>> <Transforms> >>> <Transform Algorithm="http://www.w3.org/2 >>> 001/10/xml-exc-c14n#"/> >>> </Transforms> >>> <DigestMethod Algorithm="http://www.w3.org/2 >>> 000/09/xmldsig#sha1"/> >>> <DigestValue>XxnP8jkVV7mtOJFBv99oltRAMB4=</DigestValue> >>> </Reference> >>> <Reference URI="#_2"> >>> <Transforms> >>> <Transform Algorithm="http://www.w3.org/2 >>> 001/10/xml-exc-c14n#"/> >>> </Transforms> >>> <DigestMethod Algorithm="http://www.w3.org/2 >>> 000/09/xmldsig#sha1"/> >>> <DigestValue>F6TMlU1+cOlyQtdwiw+fIgAJ3PE=</DigestValue> >>> </Reference> >>> </SignedInfo> >>> <SignatureValue>neRfuTWOFEYVTmK+fkHHyy1KzS4=</SignatureValue> >>> <KeyInfo> >>> <o:SecurityTokenReference> >>> <o:Reference ValueType="http://schemas.xmls >>> oap.org/ws/2005/02/sc/dk" URI="#_0"/> >>> </o:SecurityTokenReference> >>> </KeyInfo> >>> </Signature> >>> </o:Security> >>> </s:Header> >>> <s:Body u:Id="_4"> >>> <e:EncryptedData xmlns:e="http://www.w3.org/2001/04/xmlenc#"; >>> Id="_5" >>> Type="http://www.w3.org/2001/04/xmlenc#Content";> >>> <e:EncryptionMethod Algorithm="http://www.w3.org/2 >>> 001/04/xmlenc#aes128-cbc"/> >>> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";> >>> <o:SecurityTokenReference xmlns:o="http://docs.oasis-ope >>> n.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> >>> <o:Reference ValueType="http://schemas.xmls >>> oap.org/ws/2005/02/sc/dk" URI="#_3"/> >>> </o:SecurityTokenReference> >>> </KeyInfo> >>> <e:CipherData> >>> <e:CipherValue>Q5Ll1pdTDB6OnZTKyFfmcQsAZSpyTL19skP8lz3DfNRbC >>> iuHjV6e5ZnN8L5hnHfksrQL94xnhSUIk9FFVwM+u3MJct8iFRadB9d87o/7y >>> sTlQDolAtUUnKNmeq4eiJ4IbDnHZg7hKwO0PMgrCRa2an2qd70vljFS0sYUM >>> V/GKQ+fvF7tNaoheFvvmr0hGeXVnR9qLk1u/B7agv5P4m0S9vXTSUvBVvayI >>> p4BwHRUmIl/aoAhhj+i3bzVaAp5RvIMcGwAqNMMIoi/99jqRTNw+4GLEB8Ol >>> xGJz4wzKhLPXh5tQkYpwWpGK4lW4nlA3FQhQCOibeTe3PSy2473Z0fzWrf9o >>> dBSZjjgCgUdKF3X5mCleb+oiNnHetbkTwWbzdKmWep1buhRZhEwkB1F9Icrq >>> B4/BaLgxTbO3tNmdgwKqH2rZfMo69G1rBZYoGjTLj1DIz2BdQDYTwLkS9kVk >>> s/IkJwdJ50GDdhrg4yrFbmiiEZTHqoVxYUIy4qPc7S2Pyz/2eFG3L/6wuiSn >>> yF7jajAqR1Renr2ouWMwMHc8CX+eLEisT+z0Ba2FuagG7fPEranVAjeQK >>> 72MiqGPxugUn1EQyygSXn5Edso4B/TUxeSBV8RPFU7zTBaUVdFDamqehu0oo >>> SCdd79xMig+9loiEulj6L4PSjMvZe3oueMKZmhEv17ZZwLB1W85rjI0R7y1G >>> qAqrtx5fzoPN/kmk9W2AVVPIB+lCqLBeX2QAnuardVDaCQ9lDoMPLig+f9fB >>> HFo69tSdUE5OZwPqmKwSuQsF52L35STWoS47AHmuE59dVNbXESU+0OT3bARM >>> YpYdXvfUNMPRoh6uzgQ/JmlUyO1vuJOJRmVwkM9h4/or7n29z5hhg=</e:CipherValue> >>> </e:CipherData> >>> </e:EncryptedData> >>> </s:Body> >>> </s:Envelope> >>> --cut >>> >>> >>> Am 26.10.2016 um 17:30 schrieb Colm O hEigeartaigh: >>> >>> The error message seems to be referring to derivation key length. Does >>>> the >>>> message contain a security header containing a Signature and derived >>>> keys? >>>> >>>> Colm. >>>> >>>> On Wed, Oct 26, 2016 at 4:22 PM, Martin Fernau < >>>> [email protected]> >>>> wrote: >>>> >>>> Hi, >>>> >>>>> I've a wsdl with the following partial content: >>>>> >>>>> --cut >>>>> <sp:TransportBinding xmlns:sp="http://schemas.xmlso >>>>> ap.org/ws/2005/07/securitypolicy"> >>>>> <wsp:Policy> >>>>> <sp:TransportToken> >>>>> <wsp:Policy> >>>>> <sp:HttpsToken RequireClientCertificate="false"/> >>>>> </wsp:Policy> >>>>> </sp:TransportToken> >>>>> <sp:AlgorithmSuite> >>>>> <wsp:Policy> >>>>> <sp:Basic256/> >>>>> </wsp:Policy> >>>>> </sp:AlgorithmSuite> >>>>> <sp:Layout> >>>>> <wsp:Policy> >>>>> <sp:Strict/> >>>>> </wsp:Policy> >>>>> </sp:Layout> >>>>> <sp:IncludeTimestamp/> >>>>> </wsp:Policy> >>>>> </sp:TransportBinding> >>>>> --cut >>>>> >>>>> If I call this service the response from the server gets rejected by >>>>> CXF: >>>>> >>>>> --cut >>>>> Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: These >>>>> policy alternatives can not be satisfied: >>>>> {http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}AlgorithmSuite: >>>>> The >>>>> signature derived key length does not match the requirement >>>>> {http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}Basic256 >>>>> at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProx >>>>> y.java:161) >>>>> at com.sun.proxy.$Proxy51.getContractsByCustomerID(Unknown >>>>> Source) >>>>> at de.dmsserver.plugin.ford.test.fhdsales.TestComm.testGetContr >>>>> actsByCustomerID(TestComm.java:135) >>>>> at de.dmsserver.plugin.ford.test.fhdsales.TestComm.main(TestCom >>>>> m.java:128) >>>>> --cut >>>>> >>>>> If I change above "<sp:Basic256/>" to "<sp:Basic128/>" the message is >>>>> accepted. >>>>> Is this a problem with the remote service or with CXF? >>>>> >>>>> AFAIK TransportBinding applies to the connection which is SSL >>>>> encrypted. >>>>> If I check the SSL Certificate with "openssl s_client -showcerts >>>>> -connect >>>>> [server]:443" I get: >>>>> >>>>> --cut >>>>> CONNECTED(00000003) >>>>> depth=2 C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign >>>>> Root >>>>> CA >>>>> verify return:1 >>>>> depth=1 C = BE, O = GlobalSign nv-sa, CN = GlobalSign Organization >>>>> Validation CA - SHA256 - G2 >>>>> verify return:1 >>>>> depth=0 C = XX, ST = XX, L = XX, O = XX, CN = XX >>>>> verify return:1 >>>>> --- >>>>> Certificate chain >>>>> 0 s:/C=XX/ST=XX/L=XX/O=XX/CN=XX >>>>> i:/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Organization Validation >>>>> CA - >>>>> SHA256 - G2 >>>>> -----BEGIN CERTIFICATE----- >>>>> [...] >>>>> -----END CERTIFICATE----- >>>>> 1 s:/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Organization Validation >>>>> CA - >>>>> SHA256 - G2 >>>>> i:/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA >>>>> -----BEGIN CERTIFICATE----- >>>>> [...] >>>>> -----END CERTIFICATE----- >>>>> --- >>>>> Server certificate >>>>> subject=/C=XX/ST=XX/L=XX/O=XX/CN=XX >>>>> issuer=/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Organization Validation >>>>> CA >>>>> - >>>>> SHA256 - G2 >>>>> --- >>>>> No client certificate CA names sent >>>>> --- >>>>> SSL handshake has read 3072 bytes and written 471 bytes >>>>> --- >>>>> New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA384 >>>>> Server public key is 2048 bit >>>>> Secure Renegotiation IS supported >>>>> Compression: NONE >>>>> Expansion: NONE >>>>> SSL-Session: >>>>> Protocol : TLSv1.2 >>>>> Cipher : ECDHE-RSA-AES256-SHA384 >>>>> Session-ID: CD4B00002CD328917F89C4AF9010C5 >>>>> 145C745FD134466567345539C6AA1BE676 >>>>> Session-ID-ctx: >>>>> Master-Key: 11B433DDEF0B003A6F261390EA6D50 >>>>> F1D881A9ADA2A40ABD3EC99F732C1132CD70CB17E19C4E6645B94CA25ACE798591 >>>>> Key-Arg : None >>>>> PSK identity: None >>>>> PSK identity hint: None >>>>> SRP username: None >>>>> Start Time: 1477495032 >>>>> Timeout : 300 (sec) >>>>> Verify return code: 0 (ok) >>>>> --cut >>>>> >>>>> Thanks >>>>> Martin >>>>> >>>>> >>>>> >>>> -- >>> FERNAUSOFT GmbH >>> Gartenstraße 42 - 37269 Eschwege >>> >>> Telefon (0 56 51) 95 99-0 >>> Telefax (0 56 51) 95 99-90 >>> >>> eMail [email protected] >>> Internet http://www.fernausoft.de >>> >>> Handelsregister Eschwege, HRB 1585 >>> Geschäftsführer: Axel Fernau, Ulrich Fernau, Martin Fernau >>> Steuernummer 025 233 00041 >>> USt-ID-Nr. DE 178 554 622 >>> >>> >>> >>> -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
