3
HTTPS経由でApache Camelを使用して.NETベースのWebサービスに接続しようとしています。この呼び出しはWindows上でうまく動作しますが、Linuxベースのマシンは、SSLハンドシェイクフェーズ中にリモートWebサービスによって接続リセットされます。 LinuxではcURLまたはPostmanからURLを呼び出すことは問題ではないので、問題はJVMに関連しているようです。LinuxでJava SSL接続がリセットされ、Windowsが正常に動作する
これは、SSLトレースログを有効にしてテストしました。両方のマシンが同じ暗号スイートなどを正確にネゴシエートしているように見えるので、接続がリセットされる理由はわかりません。リモートWebサービスのログ記録にアクセスできないため、この問題のデバッグを続行する方法が実際にわかりません。
両方のプラットフォームのSSLトレースログを切り捨てました。私たちがそこに見逃したことはありますか?それとも、リモートログがなければこの問題をデバッグすることができますか?
LinuxのSSLトレースログ:
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1
%% No cached client session
*** ClientHello, TLSv1.2
RandomCookie: GMT: 1509952410 bytes = ...truncated...
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA224withECDSA, SHA224withRSA, SHA224withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
Extension server_name, server_name: [type=host_name (0), value=...truncated...]
***
http-nio-8080-exec-7, WRITE: TLSv1.2 Handshake, length = 230
http-nio-8080-exec-7, READ: TLSv1.2 Handshake, length = 91
*** ServerHello, TLSv1.2
RandomCookie: GMT: 720603056 bytes = ...truncated...
Session ID: ...truncated...
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
Extension server_name, server_name:
Extension ec_point_formats, formats: [uncompressed]
***
%% Initialized: [Session-1, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
** TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
http-nio-8080-exec-7, READ: TLSv1.2 Handshake, length = 3959
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: ...truncated...
Signature Algorithm: SHA256withRSA, OID = ...truncated...
Key: Sun RSA public key, 2048 bits
modulus: ...truncated...
public exponent: ...truncated...
Validity: [...truncated...]
Issuer: CN=GlobalSign Extended Validation CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE
SerialNumber: [ ...truncated...]
Certificate Extensions: 10
[1]: ObjectId: ...truncated... Criticality=false
Extension unknown: DER encoded OCTET string =
...truncated...
[2]: ObjectId: ...truncated... Criticality=false
AuthorityInfoAccess [
[
accessMethod: caIssuers
accessLocation: URIName: http://secure.globalsign.com/cacert/gsextendvalsha2g3r3.crt
,
accessMethod: ocsp
accessLocation: URIName: http://ocsp2.globalsign.com/gsextendvalsha2g3r3
]
]
[3]: ObjectId: ...truncated... Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
...truncated...
]
]
[4]: ObjectId: ...truncated... Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
]
[5]: ObjectId: ...truncated... Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.globalsign.com/gs/gsextendvalsha2g3r3.crl]
]]
[6]: ObjectId: ...truncated... Criticality=false
CertificatePolicies [
[CertificatePolicyId: [...truncated...]
[PolicyQualifierInfo: [
qualifierID: ...truncated...
qualifier: ...truncated...
]] ]
[CertificatePolicyId: [...truncated...]
[] ]
]
[7]: ObjectId: ...truncated... Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
]
[8]: ObjectId: ...truncated... Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
]
[9]: ObjectId: ...truncated... Criticality=false
SubjectAlternativeName [
DNSName: ...truncated...
DNSName: ...truncated...
DNSName: ...truncated...
]
[10]: ObjectId: ...truncated... Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
...truncated...
]
]
]
Algorithm: [SHA256withRSA]
Signature:
...truncated...
]
chain [1] = [
[
Version: V3
Subject: CN=GlobalSign Extended Validation CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE
Signature Algorithm: SHA256withRSA, OID = ...truncated...
Key: Sun RSA public key, 2048 bits
modulus: ...truncated...
public exponent: ...truncated...
Validity: [...truncated...]
Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
SerialNumber: [ ...truncated...]
Certificate Extensions: 7
[1]: ObjectId: ...truncated... Criticality=false
AuthorityInfoAccess [
[
accessMethod: ocsp
accessLocation: URIName: http://ocsp2.globalsign.com/rootr3
]
]
[2]: ObjectId: ...truncated... Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
...truncated...
]
]
[3]: ObjectId: ...truncated... Criticality=true
BasicConstraints:[
CA:true
PathLen:0
]
[4]: ObjectId: ...truncated... Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.globalsign.com/root-r3.crl]
]]
[5]: ObjectId: ...truncated... Criticality=false
CertificatePolicies [
[CertificatePolicyId: [...truncated...]
[PolicyQualifierInfo: [
qualifierID: ...truncated...
qualifier: ...truncated...
]] ]
]
[6]: ObjectId: ...truncated... Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]
[7]: ObjectId: ...truncated... Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
...truncated...
]
]
]
Algorithm: [SHA256withRSA]
Signature:
...truncated...
]
chain [2] = [
[
Version: V3
Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
Signature Algorithm: SHA256withRSA, OID = ...truncated...
Key: Sun RSA public key, 2048 bits
modulus: ...truncated...
public exponent: ...truncated...
Validity: [...truncated...]
Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
SerialNumber: [ ...truncated...]
Certificate Extensions: 3
[1]: ObjectId: ...truncated... Criticality=true
BasicConstraints:[
...truncated...
]
[2]: ObjectId: ...truncated... Criticality=true
KeyUsage [
...truncated...
]
[3]: ObjectId: ...truncated... Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
...truncated...
]
]
]
Algorithm: [SHA256withRSA]
Signature: ...truncated...
]
***
Found trusted certificate:
[
[
Version: V3
Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
Signature Algorithm: SHA256withRSA, OID = ...truncated
Key: Sun RSA public key, 2048 bits
modulus: ...truncated...
public exponent: ...truncated...
Validity: [...truncated...]
Issuer: ...truncated...
SerialNumber: [ ...truncated...]
Certificate Extensions: 3
[1]: ObjectId: ...truncated... Criticality=true
BasicConstraints:[
CA:true
PathLen:...truncated...
]
[2]: ObjectId: ...truncated... Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]
[3]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
...truncated...
]
]
]
Algorithm: [SHA256withRSA]
Signature:
...truncated...
]
http-nio-8080-exec-7, READ: TLSv1.2 Handshake, length = 333
*** ECDH ServerKeyExchange
Signature Algorithm SHA256withRSA
Server key: Sun EC public key, 256 bits
public x coord: ...truncated...
public y coord: ...truncated...
parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7)
http-nio-8080-exec-7, READ: TLSv1.2 Handshake, length = 4
*** ServerHelloDone
*** ECDHClientKeyExchange
ECDH Public value: ...truncated...
http-nio-8080-exec-7, WRITE: TLSv1.2 Handshake, length = 70
SESSION KEYGEN:
PreMaster Secret:
...truncated...
CONNECTION KEYGEN:
Client Nonce:
...truncated...
Server Nonce:
...truncated...
Master Secret:
...truncated...
... no MAC keys used for this cipher
Client write key:
...truncated...
Server write key:
...truncated
Client write IV:
...truncated...
Server write IV:
...truncated....
http-nio-8080-exec-7, WRITE: TLSv1.2 Change Cipher Spec, length = 1
*** Finished
...truncated...
***
http-nio-8080-exec-7, WRITE: TLSv1.2 Handshake, length = 40
http-nio-8080-exec-7, READ: TLSv1.2 Change Cipher Spec, length = 1
http-nio-8080-exec-7, READ: TLSv1.2 Handshake, length = 40
*** Finished
...truncated...
***
%% Cached client session: [Session-1, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
http-nio-8080-exec-7, WRITE: TLSv1.2 Application Data, length = 2370
http-nio-8080-exec-7, handling exception: java.net.SocketException: Connection reset
%% Invalidated: [Session-1, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
http-nio-8080-exec-7, SEND TLSv1.2 ALERT: fatal, description = unexpected_message
http-nio-8080-exec-7, WRITE: TLSv1.2 Alert, length = 26
http-nio-8080-exec-7, Exception sending alert: java.net.SocketException: Broken pipe (Write failed)
http-nio-8080-exec-7, called closeSocket()
http-nio-8080-exec-7, called close()
http-nio-8080-exec-7, called closeInternal(true)
WindowsのSSLトレースログ:
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1
%% No cached client session
*** ClientHello, TLSv1.2
RandomCookie: GMT: 1509957147 bytes = ...truncated...
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA
Extension server_name, server_name: [type=host_name (0), value=...truncated...]
***
http-nio-8080-exec-10, WRITE: TLSv1.2 Handshake, length = 258
http-nio-8080-exec-10, READ: TLSv1.2 Handshake, length = 91
*** ServerHello, TLSv1.2
RandomCookie: GMT: -607016418 bytes = ...truncated...
Session ID: ...truncated...
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
Extension server_name, server_name:
Extension ec_point_formats, formats: [uncompressed]
***
%% Initialized: [Session-1, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
** TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
http-nio-8080-exec-10, READ: TLSv1.2 Handshake, length = 3959
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: ...truncated...
Signature Algorithm: SHA256withRSA, OID = ...truncated...
Key: Sun RSA public key, 2048 bits
modulus: ...truncated...
public exponent: ...truncated...
Validity: [...truncated...]
Issuer: CN=GlobalSign Extended Validation CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE
SerialNumber: [ ...truncated...]
Certificate Extensions: 10
[1]: ObjectId: ...truncated... Criticality=false
Extension unknown: DER encoded OCTET string =
...truncated...
[2]: ObjectId: ...truncated... Criticality=false
AuthorityInfoAccess [
[
accessMethod: caIssuers
accessLocation: URIName: http://secure.globalsign.com/cacert/gsextendvalsha2g3r3.crt
,
accessMethod: ocsp
accessLocation: URIName: http://ocsp2.globalsign.com/gsextendvalsha2g3r3
]
]
[3]: ObjectId: ...truncated... Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
...truncated...
]
]
[4]: ObjectId: ...truncated... Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
]
[5]: ObjectId: ...truncated... Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.globalsign.com/gs/gsextendvalsha2g3r3.crl]
]]
[6]: ObjectId: ...truncated... Criticality=false
CertificatePolicies [
[CertificatePolicyId: [...truncated...]
[PolicyQualifierInfo: [
qualifierID: ...truncated...
qualifier: ...truncated...
]] ]
[CertificatePolicyId: [...truncated...]
[] ]
]
[7]: ObjectId: ...truncated... Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
]
[8]: ObjectId: ...truncated... Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
]
[9]: ObjectId: ...truncated... Criticality=false
SubjectAlternativeName [
DNSName: ...truncated...
DNSName: ...truncated...
DNSName: ...truncated...
]
[10]: ObjectId: ...truncated... Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
...truncated...
]
]
]
Algorithm: [SHA256withRSA]
Signature:
...truncated...
]
chain [1] = [
[
Version: V3
Subject: CN=GlobalSign Extended Validation CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE
Signature Algorithm: SHA256withRSA, OID = ...truncated...
Key: Sun RSA public key, 2048 bits
modulus: ...truncated...
public exponent: ...truncated...
Validity: [...truncated...]
Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
SerialNumber: [ ...truncated...]
Certificate Extensions: 7
[1]: ObjectId: ...truncated... Criticality=false
AuthorityInfoAccess [
[
accessMethod: ocsp
accessLocation: URIName: http://ocsp2.globalsign.com/rootr3
]
]
[2]: ObjectId: ...truncated... Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
...truncated...
]
]
[3]: ObjectId: ...truncated... Criticality=true
BasicConstraints:[
CA:true
PathLen:0
]
[4]: ObjectId: ...truncated... Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.globalsign.com/root-r3.crl]
]]
[5]: ObjectId: ...truncated... Criticality=false
CertificatePolicies [
[CertificatePolicyId: [...truncated...]
[PolicyQualifierInfo: [
qualifierID: ...truncated...
qualifier: ...truncated...
]] ]
]
[6]: ObjectId: ...truncated... Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]
[7]: ObjectId: ...truncated... Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
...truncated...
]
]
]
Algorithm: [SHA256withRSA]
Signature:
...truncated...
]
chain [2] = [
[
Version: V3
Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
Signature Algorithm: SHA256withRSA, OID = ...truncated...
Key: Sun RSA public key, 2048 bits
modulus: ...truncated...
public exponent: ...truncated...
Validity: [...truncated...]
Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
SerialNumber: [ ...truncated...]
Certificate Extensions: 3
[1]: ObjectId: ...truncated... Criticality=true
BasicConstraints:[
...truncated...
]
[2]: ObjectId: ...truncated... Criticality=true
KeyUsage [
...truncated...
]
[3]: ObjectId: ...truncated... Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
...truncated...
]
]
]
Algorithm: [SHA256withRSA]
Signature: ...truncated...
]
***
Found trusted certificate:
[
[
Version: V3
Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
Signature Algorithm: SHA256withRSA, OID = ...truncated
Key: Sun RSA public key, 2048 bits
modulus: ...truncated...
public exponent: ...truncated...
Validity: [...truncated...]
Issuer: ...truncated...
SerialNumber: [ ...truncated...]
Certificate Extensions: 3
[1]: ObjectId: ...truncated... Criticality=true
BasicConstraints:[
CA:true
PathLen:...truncated...
]
[2]: ObjectId: ...truncated... Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]
[3]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
...truncated...
]
]
]
Algorithm: [SHA256withRSA]
Signature:
...truncated...
]
http-nio-8080-exec-10, READ: TLSv1.2 Handshake, length = 333
*** ECDH ServerKeyExchange
Signature Algorithm SHA256withRSA
Server key: Sun EC public key, 256 bits
public x coord: ...truncated...
public y coord: ...truncated...
parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7)
http-nio-8080-exec-10, READ: TLSv1.2 Handshake, length = 4
*** ServerHelloDone
*** ECDHClientKeyExchange
ECDH Public value: { 4, 144, 81, 42, 27, 249, 12, 198, 167, 196, 189, 75, 11, 160, 39, 39, 10, 147, 244, 224, 161, 27, 200, 75, 153, 157, 161, 124, 97, 202, 134, 160, 96, 188, 86, 81, 42, 150, 115, 66, 254, 51, 50, 149, 2, 63, 191, 181, 70, 178, 233, 233, 207, 214, 235, 200, 52, 51, 47, 139, 211, 246, 147, 2, 250 }
http-nio-8080-exec-10, WRITE: TLSv1.2 Handshake, length = 70
SESSION KEYGEN:
PreMaster Secret:
...truncated...
CONNECTION KEYGEN:
Client Nonce:
...truncated...
Server Nonce:
...truncated...
Master Secret:
...truncated...
0020: 5B 12 25 BC 53 8B 7C B8 D3 35 60 56 EE D8 8C E4 [.%.S....5`V....
... no MAC keys used for this cipher
Client write key:
...truncated...
Server write key:
...truncated...
Client write IV:
...truncated...
Server write IV:
...truncated...
http-nio-8080-exec-10, WRITE: TLSv1.2 Change Cipher Spec, length = 1
*** Finished
verify_data: ...truncated...
***
http-nio-8080-exec-10, WRITE: TLSv1.2 Handshake, length = 40
http-nio-8080-exec-10, READ: TLSv1.2 Change Cipher Spec, length = 1
http-nio-8080-exec-10, READ: TLSv1.2 Handshake, length = 40
*** Finished
verify_data: ...truncated...
***
%% Cached client session: [Session-1, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
http-nio-8080-exec-10, WRITE: TLSv1.2 Application Data, length = 2348
http-nio-8080-exec-10, READ: TLSv1.2 Application Data, length = 1123