You are viewing a plain text version of this content. The canonical link for it is here.
Posted to httpclient-users@hc.apache.org by Murat Balkan <mr...@gmail.com> on 2016/02/21 04:51:16 UTC
HttpClient SSL Connection Issue
Hi,
I have a problem with HttpClient. (All versions, seems to have the same)
When I try to connect an Https site (specifically so.n11.com) I got a
connection reset error after the handshake is finalized. If I try to call
the same URL with HttpUrlConnection, I dont get any errors. The browsers do
not have any problems displaying this site.
I started thinking that this could be a bug, or I am doing something wrong.
I hope somebody can recognize this issue.
The code I am running is pretty straightforward: The same code works for
other HTTPS sites I tested.
SSLConnectionSocketFactory sslConnectionFactory = new
> SSLConnectionSocketFactory(sslContext,new String[]
> {"TLSv1","TLSv1.1","TLSv1.2"},null, NoopHostnameVerifier.INSTANCE);
> Registry<ConnectionSocketFactory> socketFactoryRegistry =
> RegistryBuilder.<ConnectionSocketFactory>create()
> .register("http", PlainConnectionSocketFactory.getSocketFactory())
> .register("https", sslConnectionFactory)
> .build();
> PoolingHttpClientConnectionManager cm = new
> PoolingHttpClientConnectionManager(socketFactoryRegistry);
> cm.setDefaultMaxPerRoute(1);
> CloseableHttpClient httpClient = HttpClientBuilder.create().build();
> HttpGet httpGet = new HttpGet("https://so.n11.com");
> httpClient.execute(httpGet);
> System.out.println("I can never reach this point");
The exception I am receiving is:
java.net.SocketException: Connection reset
> at java.net.SocketInputStream.read(Unknown Source)
> at java.net.SocketInputStream.read(Unknown Source)
> at sun.security.ssl.InputRecord.readFully(Unknown Source)
> at sun.security.ssl.InputRecord.read(Unknown Source)
> at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
> at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
> at sun.security.ssl.AppInputStream.read(Unknown Source)
> at
> org.apache.http.impl.io.SessionInputBufferImpl.streamRead(SessionInputBufferImpl.java:139)
> at
> org.apache.http.impl.io.SessionInputBufferImpl.fillBuffer(SessionInputBufferImpl.java:155)
> at
> org.apache.http.impl.io.SessionInputBufferImpl.readLine(SessionInputBufferImpl.java:284)
> at
> org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:140)
> at
> org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:57)
> at
> org.apache.http.impl.io.AbstractMessageParser.parse(AbstractMessageParser.java:261)
> at
> org.apache.http.impl.DefaultBHttpClientConnection.receiveResponseHeader(DefaultBHttpClientConnection.java:165)
> at
> org.apache.http.impl.conn.CPoolProxy.receiveResponseHeader(CPoolProxy.java:167)
> at
> org.apache.http.protocol.HttpRequestExecutor.doReceiveResponse(HttpRequestExecutor.java:272)
> at
> org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:124)
> at
> org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:271)
> at
> org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184)
> at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88)
> at
> org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
> at
> org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
> at
> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
> at
> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
> at HttpTest.main(HttpTest.java:102)
My ssl debugged console output, The last line shows where it is crashing.
keyStore is :
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
trustStore is: C:\Program Files\Java\jre7\lib\security\cacerts
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
Issuer: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
Algorithm: RSA; Serial number: 0x4eb200670c035d4f
Valid from Wed Oct 25 04:36:00 EDT 2006 until Sat Oct 25 04:36:00 EDT 2036
adding as trusted cert:
Subject: EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/,
OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.",
L=ValiCert Validation Network
Issuer: EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/,
OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.",
L=ValiCert Validation Network
Algorithm: RSA; Serial number: 0x1
Valid from Fri Jun 25 18:23:48 EDT 1999 until Tue Jun 25 18:23:48 EDT 2019
.............other certs are added here.....................
trigger seeding of SecureRandom
done seeding SecureRandom
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Allow unsafe renegotiation: true
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1439249216 bytes = { 181, 51, 240, 91, 213, 128, 253,
130, 175, 1, 120, 144, 175, 47, 84, 255, 110, 176, 90, 12, 1, 222, 26, 228,
217, 253, 204, 183 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA,
TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA,
SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2,
secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1,
secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1,
secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1,
sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension server_name, server_name: [host_name: so.n11.com]
***
main, WRITE: TLSv1 Handshake, length = 168
main, READ: TLSv1 Handshake, length = 81
*** ServerHello, TLSv1
RandomCookie: GMT: -248021780 bytes = { 64, 87, 126, 169, 131, 166, 131,
53, 47, 116, 132, 123, 96, 239, 214, 212, 205, 233, 60, 43, 47, 215, 42,
241, 70, 71, 193, 163 }
Session ID: {160, 223, 84, 38, 21, 14, 47, 17, 44, 4, 143, 239, 27, 88,
141, 50, 135, 210, 22, 55, 10, 225, 144, 80, 32, 160, 166, 196, 53, 97,
173, 162}
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
%% Initialized: [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]
** TLS_RSA_WITH_AES_128_CBC_SHA
main, READ: TLSv1 Handshake, length = 2811
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=www.n11.com, O=Dogus Planet Elektronik Ticaret ve Bilisim
Hizmetleri A.S., OU=Dogus Planet IT, STREET=Resitpasa Mah. ITU Teknokent
ARI-3 N:4/A-3 Ickapi No:8-9, L=Sariyer, ST=Istanbul, C=TR,
OID.1.3.6.1.4.1.311.60.2.1.3=TR, SERIALNUMBER=824112, OID.2.5.4.15=Private
Organization
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
modulus:
22836644521018276508843000972511360511817142465792577836128935435959156931305947010784223146380337369761698668175134462105224854055862419613719124355757789290179807554826760077516112777710883109860118043817151287493315641961466739474383875608008783365165145348645068516141971909173260212386832124402015304544064531092387299432880310533962291809691804377688097843426102003484673487144027667161121551683699081796612343937318530829213637924448835944079059665915427348484513297817037245931982590522360400125477769611363538194862955227499328393935619714246489467507020716345946541974642275640240250388710544525695289196549
public exponent: 65537
Validity: [From: Fri Oct 31 04:02:29 EDT 2014,
To: Thu Dec 29 06:26:06 EST 2016]
Issuer: CN=GlobalSign Extended Validation CA - SHA256 - G2, O=GlobalSign
nv-sa, C=BE
SerialNumber: [ 1121bf16 2244ec94 9440daf8 7379f94c b34f]
Certificate Extensions: 9
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: caIssuers
accessLocation: URIName:
http://secure.globalsign.com/cacert/gsextendvalsha2g2r2.crt
,
accessMethod: ocsp
accessLocation: URIName: http://ocsp2.globalsign.com/gsextendvalsha2g2
]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: DA 40 77 43 65 1C F8 FE A7 E3 F4 64 82 3E 4D 43 .@wCe......d.>MC
0010: 13 22 31 02 ."1.
]
]
[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
]
[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.globalsign.com/gs/gsextendvalsha2g2.crl]
]]
[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [1.3.6.1.4.1.4146.1.1]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 26 68 74 74 70 73 3A 2F 2F 77 77 77 2E 67 6C .&
https://www.gl
0010: 6F 62 61 6C 73 69 67 6E 2E 63 6F 6D 2F 72 65 70 obalsign.com/rep
0020: 6F 73 69 74 6F 72 79 2F ository/
]] ]
]
[6]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
]
[7]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
]
[9]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 19 9D 52 D4 5D 21 D9 9B 34 AE 69 A7 B4 AE 1D EA ..R.]!..4.i.....
0010: 01 16 93 67 ...g
]
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 28 2D 42 BA 57 3C AF 1A 4B E8 97 50 B0 B6 11 06 (-B.W<..K..P....
0010: 70 72 92 1A 25 83 F8 21 32 8E A2 7E 38 4F 1E 80 pr..%..!2...8O..
0020: 48 25 50 2D E4 C8 AE CB 3B 94 18 DC 00 FE CF CA H%P-....;.......
0030: 6B D5 5F 72 1A 4C FF D1 41 B0 ED E7 49 06 D2 FD k._r.L..A...I...
0040: 9B CA 89 6E 4E 33 2B EE 85 CE A3 AE 5E BA 3B 56 ...nN3+.....^.;V
0050: 65 84 5A 43 33 C1 D4 06 6D 4C 98 00 B7 E4 8A 69 e.ZC3...mL.....i
0060: B9 56 0B 3F FA A6 BD 19 C9 FB CC 30 AB 4F 1E 9C .V.?.......0.O..
0070: 0A 6C E8 4B DA B6 26 B2 20 81 1C 16 74 AD 34 A7 .l.K..&. ...t.4.
0080: 8C D6 E4 60 19 8F 41 9E 2C 1C 9A 21 0D F7 62 39 ...`..A.,..!..b9
0090: 10 A0 4F 2E 18 70 70 60 00 88 C1 F8 6C 3B 0C 68 ..O..pp`....l;.h
00A0: 62 5C FD 5E 35 51 A8 3D C7 D5 BF 78 03 A8 74 1A b\.^5Q.=...x..t.
00B0: FB 6B 50 A0 36 42 16 36 3C 5B CD 60 38 08 06 6A .kP.6B.6<[.`8..j
00C0: AA 67 B7 D4 E6 7A 8B 6B 77 6B 05 67 D1 88 68 0E .g...z.kwk.g..h.
00D0: 88 62 76 83 20 18 2F 72 DD 91 91 13 55 53 5A FC .bv. ./r....USZ.
00E0: 82 E9 1E FB DF F1 5F AE C6 04 DB 45 69 0B 04 38 ......_....Ei..8
00F0: 75 BD ED 0D 1F AE 6B 6D 1E EA 0E 1C 6F 42 4C 25 u.....km....oBL%
]
chain [1] = [
[
Version: V3
Subject: CN=GlobalSign Extended Validation CA - SHA256 - G2, O=GlobalSign
nv-sa, C=BE
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
modulus:
20692545121192705092405399875689416275597327546962973690741146883608321881781548932874259264607405405821919372397851572311930571962344287019261678681503760836519538358426465125953767433400572674072012145502030347174099865398052927036123107330917599170883590029311075000964745788613042980084055476636747733880637074492577425731573013081070696586930500469603621400721003820193820122061857579582118659259010126818383230058089163517313498544019626528673455603854715135869762703162961091666004266797443259485594287862070970208959708347187322803241694112144804033788054120679393348853865967461591910068386373642566288179927
public exponent: 65537
Validity: [From: Thu Feb 20 05:00:00 EST 2014,
To: Wed Dec 15 03:00:00 EST 2021]
Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
SerialNumber: [ 04000000 0001444e f04a55]
Certificate Extensions: 7
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: ocsp
accessLocation: URIName: http://ocsp.globalsign.com/rootr2
]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 9B E2 07 57 67 1C 1E C0 6A 06 DE 59 B4 9A 2D DF ...Wg...j..Y..-.
0010: DC 19 86 2E ....
]
]
[3]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:0
]
[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.globalsign.net/root-r2.crl]
]]
[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.5.29.32.0]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 26 68 74 74 70 73 3A 2F 2F 77 77 77 2E 67 6C .&
https://www.gl
0010: 6F 62 61 6C 73 69 67 6E 2E 63 6F 6D 2F 72 65 70 obalsign.com/rep
0020: 6F 73 69 74 6F 72 79 2F ository/
]] ]
]
[6]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]
[7]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: DA 40 77 43 65 1C F8 FE A7 E3 F4 64 82 3E 4D 43 .@wCe......d.>MC
0010: 13 22 31 02 ."1.
]
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 40 EF 12 90 83 74 96 8A F9 3A BA 9B 59 4A 33 D3 @....t...:..YJ3.
0010: EF 4C 13 2B B5 91 CB C9 96 ED 6E F5 6C 64 F1 C6 .L.+......n.ld..
0020: 84 B2 46 59 5A 58 82 52 F1 34 A0 54 41 64 20 AB ..FYZX.R.4.TAd .
0030: D8 57 3B D4 14 74 71 18 36 CC 13 C1 C7 70 C0 F5 .W;..tq.6....p..
0040: 45 66 0E 71 AE 87 AF 92 94 EB 71 40 09 F4 CC 77 Ef.q......q@...w
0050: F7 1B 93 85 8A 4A AE 33 85 E6 74 AE F5 10 A6 3E .....J.3..t....>
0060: C9 59 83 C3 F9 5C 96 F9 28 F7 34 7B E9 38 C6 91 .Y...\..(.4..8..
0070: 3C 4F 71 58 75 FE E1 56 75 76 CD 40 C4 15 40 39 <OqXu..Vuv.@..@9
0080: A9 41 FD 64 10 0F 97 85 07 E8 79 64 D0 5B 4D 4C .A.d......yd.[ML
0090: 9B 27 97 D3 73 5E 92 7E 1F 48 E2 CA B9 05 97 4E .'..s^...H.....N
00A0: EF 2C 1C 6B 4D 8A 5F 78 53 95 CD 02 39 C2 2F E6 .,.kM._xS...9./.
00B0: 69 4F F6 71 D1 99 B5 7F 6D 20 DE 43 8F DB 00 1B iO.q....m .C....
00C0: A3 3B 37 DE D1 3F 6D F3 B6 90 76 1D AC 9D 6F 84 .;7..?m...v...o.
00D0: 4F 24 94 09 76 E0 9D A8 4D F7 4D 37 8F A4 2F 5F O$..v...M.M7../_
00E0: 4B 41 E4 49 16 97 CC 7B 6C AF 11 CA 96 54 09 8B KA.I....l....T..
00F0: 24 51 AE 5D ED A2 F1 BB 53 10 4D 97 FA 1A 77 03 $Q.]....S.M...w.
]
***
Found trusted certificate:
[
[
Version: V3
Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus:
21057703584475184807565557524537816321491861642060041763647257260224980509300477196924243590718942686590709107534863816871998744486217397041943036790668349398596465655712023148303173173625617456109014852791089527884590320201838663822684972532489783525944263241117811947512306928924706019699374824809368116805968844700689553244922646662031817428598871924656385681991340984751484716908148967287908171187321560857250025694833777855463632395686856225456740364321799926634676042609958611723658984406384068047734580405304178873193147583468071249577706812402337331306461396767845742998827081874578148453783909473879293336463
public exponent: 65537
Validity: [From: Fri Dec 15 03:00:00 EST 2006,
To: Wed Dec 15 03:00:00 EST 2021]
Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
SerialNumber: [ 04000000 00010f86 26e60d]
Certificate Extensions: 5
[1]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 9B E2 07 57 67 1C 1E C0 6A 06 DE 59 B4 9A 2D DF ...Wg...j..Y..-.
0010: DC 19 86 2E ....
]
]
[2]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]
[3]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.globalsign.net/root-r2.crl]
]]
[4]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]
[5]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 9B E2 07 57 67 1C 1E C0 6A 06 DE 59 B4 9A 2D DF ...Wg...j..Y..-.
0010: DC 19 86 2E ....
]
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 99 81 53 87 1C 68 97 86 91 EC E0 4A B8 44 0B AB ..S..h.....J.D..
0010: 81 AC 27 4F D6 C1 B8 1C 43 78 B3 0C 9A FC EA 2C ..'O....Cx.....,
0020: 3C 6E 61 1B 4D 4B 29 F5 9F 05 1D 26 C1 B8 E9 83 <na.MK)....&....
0030: 00 62 45 B6 A9 08 93 B9 A9 33 4B 18 9A C2 F8 87 .bE......3K.....
0040: 88 4E DB DD 71 34 1A C1 54 DA 46 3F E0 D3 2A AB .N..q4..T.F?..*.
0050: 6D 54 22 F5 3A 62 CD 20 6F BA 29 89 D7 DD 91 EE mT".:b. o.).....
0060: D3 5C A2 3E A1 5B 41 F5 DF E5 64 43 2D E9 D5 39 .\.>.[A...dC-..9
0070: AB D2 A2 DF B7 8B D0 C0 80 19 1C 45 C0 2D 8C E8 ...........E.-..
0080: F8 2D A4 74 56 49 C5 05 B5 4F 15 DE 6E 44 78 39 .-.tVI...O..nDx9
0090: 87 A8 7E BB F3 79 18 91 BB F4 6F 9D C1 F0 8C 35 .....y....o....5
00A0: 8C 5D 01 FB C3 6D B9 EF 44 6D 79 46 31 7E 0A FE .]...m..DmyF1...
00B0: A9 82 C1 FF EF AB 6E 20 C4 50 C9 5F 9D 4D 9B 17 ......n .P._.M..
00C0: 8C 0C E5 01 C9 A0 41 6A 73 53 FA A5 50 B4 6E 25 ......AjsS..P.n%
00D0: 0F FB 4C 18 F4 FD 52 D9 8E 69 B1 E8 11 0F DE 88 ..L...R..i......
00E0: D8 FB 1D 49 F7 AA DE 95 CF 20 78 C2 60 12 DB 25 ...I..... x.`..%
00F0: 40 8C 6A FC 7E 42 38 40 64 12 F7 9E 81 E1 93 2E @.j..B8@d.......
]
main, READ: TLSv1 Handshake, length = 4
*** ServerHelloDone
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
main, WRITE: TLSv1 Handshake, length = 262
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 21 B5 D6 C8 83 20 13 CE 9D 81 F5 A8 8A 41 ..!.... .......A
0010: DF 7C 00 1F DC 55 1E 03 F5 B9 A6 AE FE F5 EF 8F .....U..........
0020: D8 30 2C 83 3C 66 40 9E D2 EF 06 88 16 AB 4F 87 .0,.<f@.......O.
CONNECTION KEYGEN:
Client Nonce:
0000: 56 C9 33 40 B5 33 F0 5B D5 80 FD 82 AF 01 78 90 V.3@.3.[......x.
0010: AF 2F 54 FF 6E B0 5A 0C 01 DE 1A E4 D9 FD CC B7 ./T.n.Z.........
Server Nonce:
0000: F1 37 7D EC 40 57 7E A9 83 A6 83 35 2F 74 84 7B .7..@W.....5/t..
0010: 60 EF D6 D4 CD E9 3C 2B 2F D7 2A F1 46 47 C1 A3 `.....<+/.*.FG..
Master Secret:
0000: 6D 69 DA AA B3 B5 32 CB 23 3A 65 0E B9 82 0D A0 mi....2.#:e.....
0010: F1 BA CC 1D 5C 40 AE 40 5F A2 C5 93 4D 1A A0 4E ....\@.@_...M..N
0020: A0 87 22 6E FF D9 64 05 8F 92 EF 8D AE 07 49 54 .."n..d.......IT
Client MAC write Secret:
0000: C8 43 0C 40 43 8B B0 CE 7A 2F 0E 1F 03 D3 54 B8 .C.@C...z/....T.
0010: DE 34 8F 90 .4..
Server MAC write Secret:
0000: 6E 93 C2 22 EA EF 6B 2D 28 E1 65 8E 34 48 32 1E n.."..k-(.e.4H2.
0010: 95 21 57 ED .!W.
Client write key:
0000: AE 53 70 D1 87 6C 8B 09 E0 17 84 19 F1 6E 48 47 .Sp..l.......nHG
Server write key:
0000: 27 4C EC 7F 63 08 FA EA 47 FB 1C F3 05 90 D3 9E 'L..c...G.......
Client write IV:
0000: CD FC 9B 82 6C 44 5E 83 FF 64 B1 B8 E1 76 87 97 ....lD^..d...v..
Server write IV:
0000: 4F 4B 7D D1 22 0F 57 1A 87 8D 67 51 F1 95 87 EA OK..".W...gQ....
main, WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
verify_data: { 102, 197, 238, 191, 74, 233, 79, 51, 129, 63, 254, 62 }
***
main, WRITE: TLSv1 Handshake, length = 48
main, READ: TLSv1 Change Cipher Spec, length = 1
main, READ: TLSv1 Handshake, length = 48
*** Finished
verify_data: { 126, 240, 234, 164, 31, 72, 200, 61, 37, 219, 129, 50 }
***
%% Cached client session: [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]
main, WRITE: TLSv1 Application Data, length = 176
main, handling exception: java.net.SocketException: Connection reset
%% Invalidated: [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]
main, SEND TLSv1 ALERT: fatal, description = unexpected_message
main, WRITE: TLSv1 Alert, length = 32
main, Exception sending alert: java.net.SocketException: Connection reset
by peer: socket write error
main, called closeSocket()
main, called close()
main, called closeInternal(true)
Re: HttpClient SSL Connection Issue
Posted by Murat Balkan <mr...@gmail.com>.
How should i force it to use the correct chipher. I dont know why
HttpUrlConnection is working fine but the apache fails.
On Feb 21, 2016 12:12 PM, "Oleg Kalnichevski" <ol...@apache.org> wrote:
> On Sat, 2016-02-20 at 22:51 -0500, Murat Balkan wrote:
> > Hi,
> >
> > I have a problem with HttpClient. (All versions, seems to have the same)
> >
> > When I try to connect an Https site (specifically so.n11.com) I got a
> > connection reset error after the handshake is finalized. If I try to call
> > the same URL with HttpUrlConnection, I dont get any errors. The browsers
> do
> > not have any problems displaying this site.
> >
> > I started thinking that this could be a bug, or I am doing something
> wrong.
> > I hope somebody can recognize this issue.
> >
> >
> > The code I am running is pretty straightforward: The same code works for
> > other HTTPS sites I tested.
> >
> > SSLConnectionSocketFactory sslConnectionFactory = new
> > > SSLConnectionSocketFactory(sslContext,new String[]
> > > {"TLSv1","TLSv1.1","TLSv1.2"},null, NoopHostnameVerifier.INSTANCE);
> > > Registry<ConnectionSocketFactory> socketFactoryRegistry =
> > > RegistryBuilder.<ConnectionSocketFactory>create()
> > > .register("http", PlainConnectionSocketFactory.getSocketFactory())
> > > .register("https", sslConnectionFactory)
> > > .build();
> > > PoolingHttpClientConnectionManager cm = new
> > > PoolingHttpClientConnectionManager(socketFactoryRegistry);
> > > cm.setDefaultMaxPerRoute(1);
> > > CloseableHttpClient httpClient = HttpClientBuilder.create().build();
> > > HttpGet httpGet = new HttpGet("https://so.n11.com");
> > > httpClient.execute(httpGet);
> > > System.out.println("I can never reach this point");
> >
> >
> >
> > The exception I am receiving is:
> >
> > java.net.SocketException: Connection reset
> > > at java.net.SocketInputStream.read(Unknown Source)
> > > at java.net.SocketInputStream.read(Unknown Source)
> > > at sun.security.ssl.InputRecord.readFully(Unknown Source)
> > > at sun.security.ssl.InputRecord.read(Unknown Source)
> > > at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
> > > at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
> > > at sun.security.ssl.AppInputStream.read(Unknown Source)
> > > at
> > >
> org.apache.http.impl.io.SessionInputBufferImpl.streamRead(SessionInputBufferImpl.java:139)
> > > at
> > >
> org.apache.http.impl.io.SessionInputBufferImpl.fillBuffer(SessionInputBufferImpl.java:155)
> > > at
> > >
> org.apache.http.impl.io.SessionInputBufferImpl.readLine(SessionInputBufferImpl.java:284)
> > > at
> > >
> org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:140)
> > > at
> > >
> org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:57)
> > > at
> > >
> org.apache.http.impl.io.AbstractMessageParser.parse(AbstractMessageParser.java:261)
> > > at
> > >
> org.apache.http.impl.DefaultBHttpClientConnection.receiveResponseHeader(DefaultBHttpClientConnection.java:165)
> > > at
> > >
> org.apache.http.impl.conn.CPoolProxy.receiveResponseHeader(CPoolProxy.java:167)
> > > at
> > >
> org.apache.http.protocol.HttpRequestExecutor.doReceiveResponse(HttpRequestExecutor.java:272)
> > > at
> > >
> org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:124)
> > > at
> > >
> org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:271)
> > > at
> > >
> org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184)
> > > at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88)
> > > at
> > >
> org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
> > > at
> > >
> org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
> > > at
> > >
> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
> > > at
> > >
> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
> > > at HttpTest.main(HttpTest.java:102)
> >
> >
> >
> > My ssl debugged console output, The last line shows where it is crashing.
> >
> >
> > keyStore is :
> > keyStore type is : jks
> > keyStore provider is :
> > init keystore
> > init keymanager of type SunX509
> > trustStore is: C:\Program Files\Java\jre7\lib\security\cacerts
> > trustStore type is : jks
> > trustStore provider is :
> > init truststore
> > adding as trusted cert:
> > Subject: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
> > Issuer: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
> > Algorithm: RSA; Serial number: 0x4eb200670c035d4f
> > Valid from Wed Oct 25 04:36:00 EDT 2006 until Sat Oct 25 04:36:00 EDT
> 2036
> >
> > adding as trusted cert:
> > Subject: EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/,
> > OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.",
> > L=ValiCert Validation Network
> > Issuer: EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/,
> > OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.",
> > L=ValiCert Validation Network
> > Algorithm: RSA; Serial number: 0x1
> > Valid from Fri Jun 25 18:23:48 EDT 1999 until Tue Jun 25 18:23:48 EDT
> 2019
> >
> > .............other certs are added here.....................
> > trigger seeding of SecureRandom
> > done seeding SecureRandom
> > Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
> > Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
> > Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
> > Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
> > Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
> > Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
> > Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
> > Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
> > Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
> > Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
> > Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
> > Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
> > Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
> > Ignoring unsupported cipher suite:
> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
> > Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
> > Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
> > Ignoring unsupported cipher suite:
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
> > Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
> > Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
> > Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
> > Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
> > Allow unsafe renegotiation: true
> > Allow legacy hello messages: true
> > Is initial handshake: true
> > Is secure renegotiation: false
> > %% No cached client session
> > *** ClientHello, TLSv1
> > RandomCookie: GMT: 1439249216 bytes = { 181, 51, 240, 91, 213, 128, 253,
> > 130, 175, 1, 120, 144, 175, 47, 84, 255, 110, 176, 90, 12, 1, 222, 26,
> 228,
> > 217, 253, 204, 183 }
> > Session ID: {}
> > Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
> > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA,
> > TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
> > TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
> > TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
> TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
> > SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
> > TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
> > SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
> > TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA,
> > TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA,
> > SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
> > Compression Methods: { 0 }
> > Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2,
> > secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1,
> > secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1,
> > secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1,
> > sect193r2, secp224k1, sect239k1, secp256k1}
> > Extension ec_point_formats, formats: [uncompressed]
> > Extension server_name, server_name: [host_name: so.n11.com]
> > ***
> > main, WRITE: TLSv1 Handshake, length = 168
> > main, READ: TLSv1 Handshake, length = 81
> > *** ServerHello, TLSv1
> > RandomCookie: GMT: -248021780 bytes = { 64, 87, 126, 169, 131, 166, 131,
> > 53, 47, 116, 132, 123, 96, 239, 214, 212, 205, 233, 60, 43, 47, 215, 42,
> > 241, 70, 71, 193, 163 }
> > Session ID: {160, 223, 84, 38, 21, 14, 47, 17, 44, 4, 143, 239, 27, 88,
> > 141, 50, 135, 210, 22, 55, 10, 225, 144, 80, 32, 160, 166, 196, 53, 97,
> > 173, 162}
> > Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA
> > Compression Method: 0
> > Extension renegotiation_info, renegotiated_connection: <empty>
> > ***
> > %% Initialized: [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]
> > ** TLS_RSA_WITH_AES_128_CBC_SHA
> > main, READ: TLSv1 Handshake, length = 2811
> > *** Certificate chain
> > chain [0] = [
> > [
> > Version: V3
> > Subject: CN=www.n11.com, O=Dogus Planet Elektronik Ticaret ve Bilisim
> > Hizmetleri A.S., OU=Dogus Planet IT, STREET=Resitpasa Mah. ITU Teknokent
> > ARI-3 N:4/A-3 Ickapi No:8-9, L=Sariyer, ST=Istanbul, C=TR,
> > OID.1.3.6.1.4.1.311.60.2.1.3=TR, SERIALNUMBER=824112,
> OID.2.5.4.15=Private
> > Organization
> > Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
> >
> > Key: Sun RSA public key, 2048 bits
> > modulus:
> >
> 22836644521018276508843000972511360511817142465792577836128935435959156931305947010784223146380337369761698668175134462105224854055862419613719124355757789290179807554826760077516112777710883109860118043817151287493315641961466739474383875608008783365165145348645068516141971909173260212386832124402015304544064531092387299432880310533962291809691804377688097843426102003484673487144027667161121551683699081796612343937318530829213637924448835944079059665915427348484513297817037245931982590522360400125477769611363538194862955227499328393935619714246489467507020716345946541974642275640240250388710544525695289196549
> > public exponent: 65537
> > Validity: [From: Fri Oct 31 04:02:29 EDT 2014,
> > To: Thu Dec 29 06:26:06 EST 2016]
> > Issuer: CN=GlobalSign Extended Validation CA - SHA256 - G2,
> O=GlobalSign
> > nv-sa, C=BE
> > SerialNumber: [ 1121bf16 2244ec94 9440daf8 7379f94c b34f]
> >
> > Certificate Extensions: 9
> > [1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
> > AuthorityInfoAccess [
> > [
> > accessMethod: caIssuers
> > accessLocation: URIName:
> > http://secure.globalsign.com/cacert/gsextendvalsha2g2r2.crt
> > ,
> > accessMethod: ocsp
> > accessLocation: URIName:
> http://ocsp2.globalsign.com/gsextendvalsha2g2
> > ]
> > ]
> >
> > [2]: ObjectId: 2.5.29.35 Criticality=false
> > AuthorityKeyIdentifier [
> > KeyIdentifier [
> > 0000: DA 40 77 43 65 1C F8 FE A7 E3 F4 64 82 3E 4D 43 .@wCe......d.>MC
> > 0010: 13 22 31 02 ."1.
> > ]
> > ]
> >
> > [3]: ObjectId: 2.5.29.19 Criticality=false
> > BasicConstraints:[
> > CA:false
> > PathLen: undefined
> > ]
> >
> > [4]: ObjectId: 2.5.29.31 Criticality=false
> > CRLDistributionPoints [
> > [DistributionPoint:
> > [URIName: http://crl.globalsign.com/gs/gsextendvalsha2g2.crl]
> > ]]
> >
> > [5]: ObjectId: 2.5.29.32 Criticality=false
> > CertificatePolicies [
> > [CertificatePolicyId: [1.3.6.1.4.1.4146.1.1]
> > [PolicyQualifierInfo: [
> > qualifierID: 1.3.6.1.5.5.7.2.1
> > qualifier: 0000: 16 26 68 74 74 70 73 3A 2F 2F 77 77 77 2E 67 6C .&
> > https://www.gl
> > 0010: 6F 62 61 6C 73 69 67 6E 2E 63 6F 6D 2F 72 65 70
> obalsign.com/rep
> > 0020: 6F 73 69 74 6F 72 79 2F ository/
> >
> > ]] ]
> > ]
> >
> > [6]: ObjectId: 2.5.29.37 Criticality=false
> > ExtendedKeyUsages [
> > serverAuth
> > clientAuth
> > ]
> >
> > [7]: ObjectId: 2.5.29.15 Criticality=true
> > KeyUsage [
> > DigitalSignature
> > Key_Encipherment
> > ]
> >
> >
> > [9]: ObjectId: 2.5.29.14 Criticality=false
> > SubjectKeyIdentifier [
> > KeyIdentifier [
> > 0000: 19 9D 52 D4 5D 21 D9 9B 34 AE 69 A7 B4 AE 1D EA ..R.]!..4.i.....
> > 0010: 01 16 93 67 ...g
> > ]
> > ]
> >
> > ]
> > Algorithm: [SHA256withRSA]
> > Signature:
> > 0000: 28 2D 42 BA 57 3C AF 1A 4B E8 97 50 B0 B6 11 06 (-B.W<..K..P....
> > 0010: 70 72 92 1A 25 83 F8 21 32 8E A2 7E 38 4F 1E 80 pr..%..!2...8O..
> > 0020: 48 25 50 2D E4 C8 AE CB 3B 94 18 DC 00 FE CF CA H%P-....;.......
> > 0030: 6B D5 5F 72 1A 4C FF D1 41 B0 ED E7 49 06 D2 FD k._r.L..A...I...
> > 0040: 9B CA 89 6E 4E 33 2B EE 85 CE A3 AE 5E BA 3B 56 ...nN3+.....^.;V
> > 0050: 65 84 5A 43 33 C1 D4 06 6D 4C 98 00 B7 E4 8A 69 e.ZC3...mL.....i
> > 0060: B9 56 0B 3F FA A6 BD 19 C9 FB CC 30 AB 4F 1E 9C .V.?.......0.O..
> > 0070: 0A 6C E8 4B DA B6 26 B2 20 81 1C 16 74 AD 34 A7 .l.K..&. ...t.4.
> > 0080: 8C D6 E4 60 19 8F 41 9E 2C 1C 9A 21 0D F7 62 39 ...`..A.,..!..b9
> > 0090: 10 A0 4F 2E 18 70 70 60 00 88 C1 F8 6C 3B 0C 68 ..O..pp`....l;.h
> > 00A0: 62 5C FD 5E 35 51 A8 3D C7 D5 BF 78 03 A8 74 1A b\.^5Q.=...x..t.
> > 00B0: FB 6B 50 A0 36 42 16 36 3C 5B CD 60 38 08 06 6A .kP.6B.6<[.`8..j
> > 00C0: AA 67 B7 D4 E6 7A 8B 6B 77 6B 05 67 D1 88 68 0E .g...z.kwk.g..h.
> > 00D0: 88 62 76 83 20 18 2F 72 DD 91 91 13 55 53 5A FC .bv. ./r....USZ.
> > 00E0: 82 E9 1E FB DF F1 5F AE C6 04 DB 45 69 0B 04 38 ......_....Ei..8
> > 00F0: 75 BD ED 0D 1F AE 6B 6D 1E EA 0E 1C 6F 42 4C 25 u.....km....oBL%
> >
> > ]
> > chain [1] = [
> > [
> > Version: V3
> > Subject: CN=GlobalSign Extended Validation CA - SHA256 - G2,
> O=GlobalSign
> > nv-sa, C=BE
> > Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
> >
> > Key: Sun RSA public key, 2048 bits
> > modulus:
> >
> 20692545121192705092405399875689416275597327546962973690741146883608321881781548932874259264607405405821919372397851572311930571962344287019261678681503760836519538358426465125953767433400572674072012145502030347174099865398052927036123107330917599170883590029311075000964745788613042980084055476636747733880637074492577425731573013081070696586930500469603621400721003820193820122061857579582118659259010126818383230058089163517313498544019626528673455603854715135869762703162961091666004266797443259485594287862070970208959708347187322803241694112144804033788054120679393348853865967461591910068386373642566288179927
> > public exponent: 65537
> > Validity: [From: Thu Feb 20 05:00:00 EST 2014,
> > To: Wed Dec 15 03:00:00 EST 2021]
> > Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
> > SerialNumber: [ 04000000 0001444e f04a55]
> >
> > Certificate Extensions: 7
> > [1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
> > AuthorityInfoAccess [
> > [
> > accessMethod: ocsp
> > accessLocation: URIName: http://ocsp.globalsign.com/rootr2
> > ]
> > ]
> >
> > [2]: ObjectId: 2.5.29.35 Criticality=false
> > AuthorityKeyIdentifier [
> > KeyIdentifier [
> > 0000: 9B E2 07 57 67 1C 1E C0 6A 06 DE 59 B4 9A 2D DF ...Wg...j..Y..-.
> > 0010: DC 19 86 2E ....
> > ]
> > ]
> >
> > [3]: ObjectId: 2.5.29.19 Criticality=true
> > BasicConstraints:[
> > CA:true
> > PathLen:0
> > ]
> >
> > [4]: ObjectId: 2.5.29.31 Criticality=false
> > CRLDistributionPoints [
> > [DistributionPoint:
> > [URIName: http://crl.globalsign.net/root-r2.crl]
> > ]]
> >
> > [5]: ObjectId: 2.5.29.32 Criticality=false
> > CertificatePolicies [
> > [CertificatePolicyId: [2.5.29.32.0]
> > [PolicyQualifierInfo: [
> > qualifierID: 1.3.6.1.5.5.7.2.1
> > qualifier: 0000: 16 26 68 74 74 70 73 3A 2F 2F 77 77 77 2E 67 6C .&
> > https://www.gl
> > 0010: 6F 62 61 6C 73 69 67 6E 2E 63 6F 6D 2F 72 65 70
> obalsign.com/rep
> > 0020: 6F 73 69 74 6F 72 79 2F ository/
> >
> > ]] ]
> > ]
> >
> > [6]: ObjectId: 2.5.29.15 Criticality=true
> > KeyUsage [
> > Key_CertSign
> > Crl_Sign
> > ]
> >
> > [7]: ObjectId: 2.5.29.14 Criticality=false
> > SubjectKeyIdentifier [
> > KeyIdentifier [
> > 0000: DA 40 77 43 65 1C F8 FE A7 E3 F4 64 82 3E 4D 43 .@wCe......d.>MC
> > 0010: 13 22 31 02 ."1.
> > ]
> > ]
> >
> > ]
> > Algorithm: [SHA256withRSA]
> > Signature:
> > 0000: 40 EF 12 90 83 74 96 8A F9 3A BA 9B 59 4A 33 D3 @....t...:..YJ3.
> > 0010: EF 4C 13 2B B5 91 CB C9 96 ED 6E F5 6C 64 F1 C6 .L.+......n.ld..
> > 0020: 84 B2 46 59 5A 58 82 52 F1 34 A0 54 41 64 20 AB ..FYZX.R.4.TAd .
> > 0030: D8 57 3B D4 14 74 71 18 36 CC 13 C1 C7 70 C0 F5 .W;..tq.6....p..
> > 0040: 45 66 0E 71 AE 87 AF 92 94 EB 71 40 09 F4 CC 77 Ef.q......q@
> ...w
> > 0050: F7 1B 93 85 8A 4A AE 33 85 E6 74 AE F5 10 A6 3E .....J.3..t....>
> > 0060: C9 59 83 C3 F9 5C 96 F9 28 F7 34 7B E9 38 C6 91 .Y...\..(.4..8..
> > 0070: 3C 4F 71 58 75 FE E1 56 75 76 CD 40 C4 15 40 39 <OqXu..Vuv.@
> ..@9
> > 0080: A9 41 FD 64 10 0F 97 85 07 E8 79 64 D0 5B 4D 4C .A.d......yd.[ML
> > 0090: 9B 27 97 D3 73 5E 92 7E 1F 48 E2 CA B9 05 97 4E .'..s^...H.....N
> > 00A0: EF 2C 1C 6B 4D 8A 5F 78 53 95 CD 02 39 C2 2F E6 .,.kM._xS...9./.
> > 00B0: 69 4F F6 71 D1 99 B5 7F 6D 20 DE 43 8F DB 00 1B iO.q....m .C....
> > 00C0: A3 3B 37 DE D1 3F 6D F3 B6 90 76 1D AC 9D 6F 84 .;7..?m...v...o.
> > 00D0: 4F 24 94 09 76 E0 9D A8 4D F7 4D 37 8F A4 2F 5F O$..v...M.M7../_
> > 00E0: 4B 41 E4 49 16 97 CC 7B 6C AF 11 CA 96 54 09 8B KA.I....l....T..
> > 00F0: 24 51 AE 5D ED A2 F1 BB 53 10 4D 97 FA 1A 77 03 $Q.]....S.M...w.
> >
> > ]
> > ***
> > Found trusted certificate:
> > [
> > [
> > Version: V3
> > Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
> > Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
> >
> > Key: Sun RSA public key, 2048 bits
> > modulus:
> >
> 21057703584475184807565557524537816321491861642060041763647257260224980509300477196924243590718942686590709107534863816871998744486217397041943036790668349398596465655712023148303173173625617456109014852791089527884590320201838663822684972532489783525944263241117811947512306928924706019699374824809368116805968844700689553244922646662031817428598871924656385681991340984751484716908148967287908171187321560857250025694833777855463632395686856225456740364321799926634676042609958611723658984406384068047734580405304178873193147583468071249577706812402337331306461396767845742998827081874578148453783909473879293336463
> > public exponent: 65537
> > Validity: [From: Fri Dec 15 03:00:00 EST 2006,
> > To: Wed Dec 15 03:00:00 EST 2021]
> > Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
> > SerialNumber: [ 04000000 00010f86 26e60d]
> >
> > Certificate Extensions: 5
> > [1]: ObjectId: 2.5.29.35 Criticality=false
> > AuthorityKeyIdentifier [
> > KeyIdentifier [
> > 0000: 9B E2 07 57 67 1C 1E C0 6A 06 DE 59 B4 9A 2D DF ...Wg...j..Y..-.
> > 0010: DC 19 86 2E ....
> > ]
> > ]
> >
> > [2]: ObjectId: 2.5.29.19 Criticality=true
> > BasicConstraints:[
> > CA:true
> > PathLen:2147483647
> > ]
> >
> > [3]: ObjectId: 2.5.29.31 Criticality=false
> > CRLDistributionPoints [
> > [DistributionPoint:
> > [URIName: http://crl.globalsign.net/root-r2.crl]
> > ]]
> >
> > [4]: ObjectId: 2.5.29.15 Criticality=true
> > KeyUsage [
> > Key_CertSign
> > Crl_Sign
> > ]
> >
> > [5]: ObjectId: 2.5.29.14 Criticality=false
> > SubjectKeyIdentifier [
> > KeyIdentifier [
> > 0000: 9B E2 07 57 67 1C 1E C0 6A 06 DE 59 B4 9A 2D DF ...Wg...j..Y..-.
> > 0010: DC 19 86 2E ....
> > ]
> > ]
> >
> > ]
> > Algorithm: [SHA1withRSA]
> > Signature:
> > 0000: 99 81 53 87 1C 68 97 86 91 EC E0 4A B8 44 0B AB ..S..h.....J.D..
> > 0010: 81 AC 27 4F D6 C1 B8 1C 43 78 B3 0C 9A FC EA 2C ..'O....Cx.....,
> > 0020: 3C 6E 61 1B 4D 4B 29 F5 9F 05 1D 26 C1 B8 E9 83 <na.MK)....&....
> > 0030: 00 62 45 B6 A9 08 93 B9 A9 33 4B 18 9A C2 F8 87 .bE......3K.....
> > 0040: 88 4E DB DD 71 34 1A C1 54 DA 46 3F E0 D3 2A AB .N..q4..T.F?..*.
> > 0050: 6D 54 22 F5 3A 62 CD 20 6F BA 29 89 D7 DD 91 EE mT".:b. o.).....
> > 0060: D3 5C A2 3E A1 5B 41 F5 DF E5 64 43 2D E9 D5 39 .\.>.[A...dC-..9
> > 0070: AB D2 A2 DF B7 8B D0 C0 80 19 1C 45 C0 2D 8C E8 ...........E.-..
> > 0080: F8 2D A4 74 56 49 C5 05 B5 4F 15 DE 6E 44 78 39 .-.tVI...O..nDx9
> > 0090: 87 A8 7E BB F3 79 18 91 BB F4 6F 9D C1 F0 8C 35 .....y....o....5
> > 00A0: 8C 5D 01 FB C3 6D B9 EF 44 6D 79 46 31 7E 0A FE .]...m..DmyF1...
> > 00B0: A9 82 C1 FF EF AB 6E 20 C4 50 C9 5F 9D 4D 9B 17 ......n .P._.M..
> > 00C0: 8C 0C E5 01 C9 A0 41 6A 73 53 FA A5 50 B4 6E 25 ......AjsS..P.n%
> > 00D0: 0F FB 4C 18 F4 FD 52 D9 8E 69 B1 E8 11 0F DE 88 ..L...R..i......
> > 00E0: D8 FB 1D 49 F7 AA DE 95 CF 20 78 C2 60 12 DB 25 ...I..... x.`..%
> > 00F0: 40 8C 6A FC 7E 42 38 40 64 12 F7 9E 81 E1 93 2E @.j..B8@d.
> ......
> >
> > ]
> > main, READ: TLSv1 Handshake, length = 4
> > *** ServerHelloDone
> > *** ClientKeyExchange, RSA PreMasterSecret, TLSv1
> > main, WRITE: TLSv1 Handshake, length = 262
> > SESSION KEYGEN:
> > PreMaster Secret:
> > 0000: 03 01 21 B5 D6 C8 83 20 13 CE 9D 81 F5 A8 8A 41 ..!.... .......A
> > 0010: DF 7C 00 1F DC 55 1E 03 F5 B9 A6 AE FE F5 EF 8F .....U..........
> > 0020: D8 30 2C 83 3C 66 40 9E D2 EF 06 88 16 AB 4F 87 .0,.<f@
> .......O.
> > CONNECTION KEYGEN:
> > Client Nonce:
> > 0000: 56 C9 33 40 B5 33 F0 5B D5 80 FD 82 AF 01 78 90 V.3@
> .3.[......x.
> > 0010: AF 2F 54 FF 6E B0 5A 0C 01 DE 1A E4 D9 FD CC B7 ./T.n.Z.........
> > Server Nonce:
> > 0000: F1 37 7D EC 40 57 7E A9 83 A6 83 35 2F 74 84 7B .7..@W.
> ....5/t..
> > 0010: 60 EF D6 D4 CD E9 3C 2B 2F D7 2A F1 46 47 C1 A3 `.....<+/.*.FG..
> > Master Secret:
> > 0000: 6D 69 DA AA B3 B5 32 CB 23 3A 65 0E B9 82 0D A0 mi....2.#:e.....
> > 0010: F1 BA CC 1D 5C 40 AE 40 5F A2 C5 93 4D 1A A0 4E ....\@.@_...M..N
> > 0020: A0 87 22 6E FF D9 64 05 8F 92 EF 8D AE 07 49 54 .."n..d.......IT
> > Client MAC write Secret:
> > 0000: C8 43 0C 40 43 8B B0 CE 7A 2F 0E 1F 03 D3 54 B8 .C.@C.
> ..z/....T.
> > 0010: DE 34 8F 90 .4..
> > Server MAC write Secret:
> > 0000: 6E 93 C2 22 EA EF 6B 2D 28 E1 65 8E 34 48 32 1E n.."..k-(.e.4H2.
> > 0010: 95 21 57 ED .!W.
> > Client write key:
> > 0000: AE 53 70 D1 87 6C 8B 09 E0 17 84 19 F1 6E 48 47 .Sp..l.......nHG
> > Server write key:
> > 0000: 27 4C EC 7F 63 08 FA EA 47 FB 1C F3 05 90 D3 9E 'L..c...G.......
> > Client write IV:
> > 0000: CD FC 9B 82 6C 44 5E 83 FF 64 B1 B8 E1 76 87 97 ....lD^..d...v..
> > Server write IV:
> > 0000: 4F 4B 7D D1 22 0F 57 1A 87 8D 67 51 F1 95 87 EA OK..".W...gQ....
> > main, WRITE: TLSv1 Change Cipher Spec, length = 1
> > *** Finished
> > verify_data: { 102, 197, 238, 191, 74, 233, 79, 51, 129, 63, 254, 62 }
> > ***
> > main, WRITE: TLSv1 Handshake, length = 48
> > main, READ: TLSv1 Change Cipher Spec, length = 1
> > main, READ: TLSv1 Handshake, length = 48
> > *** Finished
> > verify_data: { 126, 240, 234, 164, 31, 72, 200, 61, 37, 219, 129, 50 }
> > ***
> > %% Cached client session: [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]
> > main, WRITE: TLSv1 Application Data, length = 176
> > main, handling exception: java.net.SocketException: Connection reset
> > %% Invalidated: [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]
> > main, SEND TLSv1 ALERT: fatal, description = unexpected_message
> > main, WRITE: TLSv1 Alert, length = 32
> > main, Exception sending alert: java.net.SocketException: Connection reset
> > by peer: socket write error
> > main, called closeSocket()
> > main, called close()
> > main, called closeInternal(true)
>
>
> It looks like the server may not like the TLS_RSA_WITH_AES_128_CBC_SHA
> cipher chosen by the client.
>
> Oleg
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
>
Re: HttpClient SSL Connection Issue
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Sat, 2016-02-20 at 22:51 -0500, Murat Balkan wrote:
> Hi,
>
> I have a problem with HttpClient. (All versions, seems to have the same)
>
> When I try to connect an Https site (specifically so.n11.com) I got a
> connection reset error after the handshake is finalized. If I try to call
> the same URL with HttpUrlConnection, I dont get any errors. The browsers do
> not have any problems displaying this site.
>
> I started thinking that this could be a bug, or I am doing something wrong.
> I hope somebody can recognize this issue.
>
>
> The code I am running is pretty straightforward: The same code works for
> other HTTPS sites I tested.
>
> SSLConnectionSocketFactory sslConnectionFactory = new
> > SSLConnectionSocketFactory(sslContext,new String[]
> > {"TLSv1","TLSv1.1","TLSv1.2"},null, NoopHostnameVerifier.INSTANCE);
> > Registry<ConnectionSocketFactory> socketFactoryRegistry =
> > RegistryBuilder.<ConnectionSocketFactory>create()
> > .register("http", PlainConnectionSocketFactory.getSocketFactory())
> > .register("https", sslConnectionFactory)
> > .build();
> > PoolingHttpClientConnectionManager cm = new
> > PoolingHttpClientConnectionManager(socketFactoryRegistry);
> > cm.setDefaultMaxPerRoute(1);
> > CloseableHttpClient httpClient = HttpClientBuilder.create().build();
> > HttpGet httpGet = new HttpGet("https://so.n11.com");
> > httpClient.execute(httpGet);
> > System.out.println("I can never reach this point");
>
>
>
> The exception I am receiving is:
>
> java.net.SocketException: Connection reset
> > at java.net.SocketInputStream.read(Unknown Source)
> > at java.net.SocketInputStream.read(Unknown Source)
> > at sun.security.ssl.InputRecord.readFully(Unknown Source)
> > at sun.security.ssl.InputRecord.read(Unknown Source)
> > at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
> > at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
> > at sun.security.ssl.AppInputStream.read(Unknown Source)
> > at
> > org.apache.http.impl.io.SessionInputBufferImpl.streamRead(SessionInputBufferImpl.java:139)
> > at
> > org.apache.http.impl.io.SessionInputBufferImpl.fillBuffer(SessionInputBufferImpl.java:155)
> > at
> > org.apache.http.impl.io.SessionInputBufferImpl.readLine(SessionInputBufferImpl.java:284)
> > at
> > org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:140)
> > at
> > org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:57)
> > at
> > org.apache.http.impl.io.AbstractMessageParser.parse(AbstractMessageParser.java:261)
> > at
> > org.apache.http.impl.DefaultBHttpClientConnection.receiveResponseHeader(DefaultBHttpClientConnection.java:165)
> > at
> > org.apache.http.impl.conn.CPoolProxy.receiveResponseHeader(CPoolProxy.java:167)
> > at
> > org.apache.http.protocol.HttpRequestExecutor.doReceiveResponse(HttpRequestExecutor.java:272)
> > at
> > org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:124)
> > at
> > org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:271)
> > at
> > org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184)
> > at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88)
> > at
> > org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
> > at
> > org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
> > at
> > org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
> > at
> > org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
> > at HttpTest.main(HttpTest.java:102)
>
>
>
> My ssl debugged console output, The last line shows where it is crashing.
>
>
> keyStore is :
> keyStore type is : jks
> keyStore provider is :
> init keystore
> init keymanager of type SunX509
> trustStore is: C:\Program Files\Java\jre7\lib\security\cacerts
> trustStore type is : jks
> trustStore provider is :
> init truststore
> adding as trusted cert:
> Subject: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
> Issuer: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
> Algorithm: RSA; Serial number: 0x4eb200670c035d4f
> Valid from Wed Oct 25 04:36:00 EDT 2006 until Sat Oct 25 04:36:00 EDT 2036
>
> adding as trusted cert:
> Subject: EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/,
> OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.",
> L=ValiCert Validation Network
> Issuer: EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/,
> OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.",
> L=ValiCert Validation Network
> Algorithm: RSA; Serial number: 0x1
> Valid from Fri Jun 25 18:23:48 EDT 1999 until Tue Jun 25 18:23:48 EDT 2019
>
> .............other certs are added here.....................
> trigger seeding of SecureRandom
> done seeding SecureRandom
> Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
> Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
> Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
> Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
> Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
> Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
> Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
> Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
> Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
> Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
> Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
> Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
> Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
> Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
> Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
> Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
> Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
> Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
> Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
> Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
> Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
> Allow unsafe renegotiation: true
> Allow legacy hello messages: true
> Is initial handshake: true
> Is secure renegotiation: false
> %% No cached client session
> *** ClientHello, TLSv1
> RandomCookie: GMT: 1439249216 bytes = { 181, 51, 240, 91, 213, 128, 253,
> 130, 175, 1, 120, 144, 175, 47, 84, 255, 110, 176, 90, 12, 1, 222, 26, 228,
> 217, 253, 204, 183 }
> Session ID: {}
> Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA,
> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
> TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
> SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
> TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
> SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
> TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA,
> TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA,
> SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
> Compression Methods: { 0 }
> Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2,
> secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1,
> secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1,
> secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1,
> sect193r2, secp224k1, sect239k1, secp256k1}
> Extension ec_point_formats, formats: [uncompressed]
> Extension server_name, server_name: [host_name: so.n11.com]
> ***
> main, WRITE: TLSv1 Handshake, length = 168
> main, READ: TLSv1 Handshake, length = 81
> *** ServerHello, TLSv1
> RandomCookie: GMT: -248021780 bytes = { 64, 87, 126, 169, 131, 166, 131,
> 53, 47, 116, 132, 123, 96, 239, 214, 212, 205, 233, 60, 43, 47, 215, 42,
> 241, 70, 71, 193, 163 }
> Session ID: {160, 223, 84, 38, 21, 14, 47, 17, 44, 4, 143, 239, 27, 88,
> 141, 50, 135, 210, 22, 55, 10, 225, 144, 80, 32, 160, 166, 196, 53, 97,
> 173, 162}
> Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA
> Compression Method: 0
> Extension renegotiation_info, renegotiated_connection: <empty>
> ***
> %% Initialized: [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]
> ** TLS_RSA_WITH_AES_128_CBC_SHA
> main, READ: TLSv1 Handshake, length = 2811
> *** Certificate chain
> chain [0] = [
> [
> Version: V3
> Subject: CN=www.n11.com, O=Dogus Planet Elektronik Ticaret ve Bilisim
> Hizmetleri A.S., OU=Dogus Planet IT, STREET=Resitpasa Mah. ITU Teknokent
> ARI-3 N:4/A-3 Ickapi No:8-9, L=Sariyer, ST=Istanbul, C=TR,
> OID.1.3.6.1.4.1.311.60.2.1.3=TR, SERIALNUMBER=824112, OID.2.5.4.15=Private
> Organization
> Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
>
> Key: Sun RSA public key, 2048 bits
> modulus:
> 22836644521018276508843000972511360511817142465792577836128935435959156931305947010784223146380337369761698668175134462105224854055862419613719124355757789290179807554826760077516112777710883109860118043817151287493315641961466739474383875608008783365165145348645068516141971909173260212386832124402015304544064531092387299432880310533962291809691804377688097843426102003484673487144027667161121551683699081796612343937318530829213637924448835944079059665915427348484513297817037245931982590522360400125477769611363538194862955227499328393935619714246489467507020716345946541974642275640240250388710544525695289196549
> public exponent: 65537
> Validity: [From: Fri Oct 31 04:02:29 EDT 2014,
> To: Thu Dec 29 06:26:06 EST 2016]
> Issuer: CN=GlobalSign Extended Validation CA - SHA256 - G2, O=GlobalSign
> nv-sa, C=BE
> SerialNumber: [ 1121bf16 2244ec94 9440daf8 7379f94c b34f]
>
> Certificate Extensions: 9
> [1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
> AuthorityInfoAccess [
> [
> accessMethod: caIssuers
> accessLocation: URIName:
> http://secure.globalsign.com/cacert/gsextendvalsha2g2r2.crt
> ,
> accessMethod: ocsp
> accessLocation: URIName: http://ocsp2.globalsign.com/gsextendvalsha2g2
> ]
> ]
>
> [2]: ObjectId: 2.5.29.35 Criticality=false
> AuthorityKeyIdentifier [
> KeyIdentifier [
> 0000: DA 40 77 43 65 1C F8 FE A7 E3 F4 64 82 3E 4D 43 .@wCe......d.>MC
> 0010: 13 22 31 02 ."1.
> ]
> ]
>
> [3]: ObjectId: 2.5.29.19 Criticality=false
> BasicConstraints:[
> CA:false
> PathLen: undefined
> ]
>
> [4]: ObjectId: 2.5.29.31 Criticality=false
> CRLDistributionPoints [
> [DistributionPoint:
> [URIName: http://crl.globalsign.com/gs/gsextendvalsha2g2.crl]
> ]]
>
> [5]: ObjectId: 2.5.29.32 Criticality=false
> CertificatePolicies [
> [CertificatePolicyId: [1.3.6.1.4.1.4146.1.1]
> [PolicyQualifierInfo: [
> qualifierID: 1.3.6.1.5.5.7.2.1
> qualifier: 0000: 16 26 68 74 74 70 73 3A 2F 2F 77 77 77 2E 67 6C .&
> https://www.gl
> 0010: 6F 62 61 6C 73 69 67 6E 2E 63 6F 6D 2F 72 65 70 obalsign.com/rep
> 0020: 6F 73 69 74 6F 72 79 2F ository/
>
> ]] ]
> ]
>
> [6]: ObjectId: 2.5.29.37 Criticality=false
> ExtendedKeyUsages [
> serverAuth
> clientAuth
> ]
>
> [7]: ObjectId: 2.5.29.15 Criticality=true
> KeyUsage [
> DigitalSignature
> Key_Encipherment
> ]
>
>
> [9]: ObjectId: 2.5.29.14 Criticality=false
> SubjectKeyIdentifier [
> KeyIdentifier [
> 0000: 19 9D 52 D4 5D 21 D9 9B 34 AE 69 A7 B4 AE 1D EA ..R.]!..4.i.....
> 0010: 01 16 93 67 ...g
> ]
> ]
>
> ]
> Algorithm: [SHA256withRSA]
> Signature:
> 0000: 28 2D 42 BA 57 3C AF 1A 4B E8 97 50 B0 B6 11 06 (-B.W<..K..P....
> 0010: 70 72 92 1A 25 83 F8 21 32 8E A2 7E 38 4F 1E 80 pr..%..!2...8O..
> 0020: 48 25 50 2D E4 C8 AE CB 3B 94 18 DC 00 FE CF CA H%P-....;.......
> 0030: 6B D5 5F 72 1A 4C FF D1 41 B0 ED E7 49 06 D2 FD k._r.L..A...I...
> 0040: 9B CA 89 6E 4E 33 2B EE 85 CE A3 AE 5E BA 3B 56 ...nN3+.....^.;V
> 0050: 65 84 5A 43 33 C1 D4 06 6D 4C 98 00 B7 E4 8A 69 e.ZC3...mL.....i
> 0060: B9 56 0B 3F FA A6 BD 19 C9 FB CC 30 AB 4F 1E 9C .V.?.......0.O..
> 0070: 0A 6C E8 4B DA B6 26 B2 20 81 1C 16 74 AD 34 A7 .l.K..&. ...t.4.
> 0080: 8C D6 E4 60 19 8F 41 9E 2C 1C 9A 21 0D F7 62 39 ...`..A.,..!..b9
> 0090: 10 A0 4F 2E 18 70 70 60 00 88 C1 F8 6C 3B 0C 68 ..O..pp`....l;.h
> 00A0: 62 5C FD 5E 35 51 A8 3D C7 D5 BF 78 03 A8 74 1A b\.^5Q.=...x..t.
> 00B0: FB 6B 50 A0 36 42 16 36 3C 5B CD 60 38 08 06 6A .kP.6B.6<[.`8..j
> 00C0: AA 67 B7 D4 E6 7A 8B 6B 77 6B 05 67 D1 88 68 0E .g...z.kwk.g..h.
> 00D0: 88 62 76 83 20 18 2F 72 DD 91 91 13 55 53 5A FC .bv. ./r....USZ.
> 00E0: 82 E9 1E FB DF F1 5F AE C6 04 DB 45 69 0B 04 38 ......_....Ei..8
> 00F0: 75 BD ED 0D 1F AE 6B 6D 1E EA 0E 1C 6F 42 4C 25 u.....km....oBL%
>
> ]
> chain [1] = [
> [
> Version: V3
> Subject: CN=GlobalSign Extended Validation CA - SHA256 - G2, O=GlobalSign
> nv-sa, C=BE
> Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
>
> Key: Sun RSA public key, 2048 bits
> modulus:
> 20692545121192705092405399875689416275597327546962973690741146883608321881781548932874259264607405405821919372397851572311930571962344287019261678681503760836519538358426465125953767433400572674072012145502030347174099865398052927036123107330917599170883590029311075000964745788613042980084055476636747733880637074492577425731573013081070696586930500469603621400721003820193820122061857579582118659259010126818383230058089163517313498544019626528673455603854715135869762703162961091666004266797443259485594287862070970208959708347187322803241694112144804033788054120679393348853865967461591910068386373642566288179927
> public exponent: 65537
> Validity: [From: Thu Feb 20 05:00:00 EST 2014,
> To: Wed Dec 15 03:00:00 EST 2021]
> Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
> SerialNumber: [ 04000000 0001444e f04a55]
>
> Certificate Extensions: 7
> [1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
> AuthorityInfoAccess [
> [
> accessMethod: ocsp
> accessLocation: URIName: http://ocsp.globalsign.com/rootr2
> ]
> ]
>
> [2]: ObjectId: 2.5.29.35 Criticality=false
> AuthorityKeyIdentifier [
> KeyIdentifier [
> 0000: 9B E2 07 57 67 1C 1E C0 6A 06 DE 59 B4 9A 2D DF ...Wg...j..Y..-.
> 0010: DC 19 86 2E ....
> ]
> ]
>
> [3]: ObjectId: 2.5.29.19 Criticality=true
> BasicConstraints:[
> CA:true
> PathLen:0
> ]
>
> [4]: ObjectId: 2.5.29.31 Criticality=false
> CRLDistributionPoints [
> [DistributionPoint:
> [URIName: http://crl.globalsign.net/root-r2.crl]
> ]]
>
> [5]: ObjectId: 2.5.29.32 Criticality=false
> CertificatePolicies [
> [CertificatePolicyId: [2.5.29.32.0]
> [PolicyQualifierInfo: [
> qualifierID: 1.3.6.1.5.5.7.2.1
> qualifier: 0000: 16 26 68 74 74 70 73 3A 2F 2F 77 77 77 2E 67 6C .&
> https://www.gl
> 0010: 6F 62 61 6C 73 69 67 6E 2E 63 6F 6D 2F 72 65 70 obalsign.com/rep
> 0020: 6F 73 69 74 6F 72 79 2F ository/
>
> ]] ]
> ]
>
> [6]: ObjectId: 2.5.29.15 Criticality=true
> KeyUsage [
> Key_CertSign
> Crl_Sign
> ]
>
> [7]: ObjectId: 2.5.29.14 Criticality=false
> SubjectKeyIdentifier [
> KeyIdentifier [
> 0000: DA 40 77 43 65 1C F8 FE A7 E3 F4 64 82 3E 4D 43 .@wCe......d.>MC
> 0010: 13 22 31 02 ."1.
> ]
> ]
>
> ]
> Algorithm: [SHA256withRSA]
> Signature:
> 0000: 40 EF 12 90 83 74 96 8A F9 3A BA 9B 59 4A 33 D3 @....t...:..YJ3.
> 0010: EF 4C 13 2B B5 91 CB C9 96 ED 6E F5 6C 64 F1 C6 .L.+......n.ld..
> 0020: 84 B2 46 59 5A 58 82 52 F1 34 A0 54 41 64 20 AB ..FYZX.R.4.TAd .
> 0030: D8 57 3B D4 14 74 71 18 36 CC 13 C1 C7 70 C0 F5 .W;..tq.6....p..
> 0040: 45 66 0E 71 AE 87 AF 92 94 EB 71 40 09 F4 CC 77 Ef.q......q@...w
> 0050: F7 1B 93 85 8A 4A AE 33 85 E6 74 AE F5 10 A6 3E .....J.3..t....>
> 0060: C9 59 83 C3 F9 5C 96 F9 28 F7 34 7B E9 38 C6 91 .Y...\..(.4..8..
> 0070: 3C 4F 71 58 75 FE E1 56 75 76 CD 40 C4 15 40 39 <OqXu..Vuv.@..@9
> 0080: A9 41 FD 64 10 0F 97 85 07 E8 79 64 D0 5B 4D 4C .A.d......yd.[ML
> 0090: 9B 27 97 D3 73 5E 92 7E 1F 48 E2 CA B9 05 97 4E .'..s^...H.....N
> 00A0: EF 2C 1C 6B 4D 8A 5F 78 53 95 CD 02 39 C2 2F E6 .,.kM._xS...9./.
> 00B0: 69 4F F6 71 D1 99 B5 7F 6D 20 DE 43 8F DB 00 1B iO.q....m .C....
> 00C0: A3 3B 37 DE D1 3F 6D F3 B6 90 76 1D AC 9D 6F 84 .;7..?m...v...o.
> 00D0: 4F 24 94 09 76 E0 9D A8 4D F7 4D 37 8F A4 2F 5F O$..v...M.M7../_
> 00E0: 4B 41 E4 49 16 97 CC 7B 6C AF 11 CA 96 54 09 8B KA.I....l....T..
> 00F0: 24 51 AE 5D ED A2 F1 BB 53 10 4D 97 FA 1A 77 03 $Q.]....S.M...w.
>
> ]
> ***
> Found trusted certificate:
> [
> [
> Version: V3
> Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
> Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
>
> Key: Sun RSA public key, 2048 bits
> modulus:
> 21057703584475184807565557524537816321491861642060041763647257260224980509300477196924243590718942686590709107534863816871998744486217397041943036790668349398596465655712023148303173173625617456109014852791089527884590320201838663822684972532489783525944263241117811947512306928924706019699374824809368116805968844700689553244922646662031817428598871924656385681991340984751484716908148967287908171187321560857250025694833777855463632395686856225456740364321799926634676042609958611723658984406384068047734580405304178873193147583468071249577706812402337331306461396767845742998827081874578148453783909473879293336463
> public exponent: 65537
> Validity: [From: Fri Dec 15 03:00:00 EST 2006,
> To: Wed Dec 15 03:00:00 EST 2021]
> Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
> SerialNumber: [ 04000000 00010f86 26e60d]
>
> Certificate Extensions: 5
> [1]: ObjectId: 2.5.29.35 Criticality=false
> AuthorityKeyIdentifier [
> KeyIdentifier [
> 0000: 9B E2 07 57 67 1C 1E C0 6A 06 DE 59 B4 9A 2D DF ...Wg...j..Y..-.
> 0010: DC 19 86 2E ....
> ]
> ]
>
> [2]: ObjectId: 2.5.29.19 Criticality=true
> BasicConstraints:[
> CA:true
> PathLen:2147483647
> ]
>
> [3]: ObjectId: 2.5.29.31 Criticality=false
> CRLDistributionPoints [
> [DistributionPoint:
> [URIName: http://crl.globalsign.net/root-r2.crl]
> ]]
>
> [4]: ObjectId: 2.5.29.15 Criticality=true
> KeyUsage [
> Key_CertSign
> Crl_Sign
> ]
>
> [5]: ObjectId: 2.5.29.14 Criticality=false
> SubjectKeyIdentifier [
> KeyIdentifier [
> 0000: 9B E2 07 57 67 1C 1E C0 6A 06 DE 59 B4 9A 2D DF ...Wg...j..Y..-.
> 0010: DC 19 86 2E ....
> ]
> ]
>
> ]
> Algorithm: [SHA1withRSA]
> Signature:
> 0000: 99 81 53 87 1C 68 97 86 91 EC E0 4A B8 44 0B AB ..S..h.....J.D..
> 0010: 81 AC 27 4F D6 C1 B8 1C 43 78 B3 0C 9A FC EA 2C ..'O....Cx.....,
> 0020: 3C 6E 61 1B 4D 4B 29 F5 9F 05 1D 26 C1 B8 E9 83 <na.MK)....&....
> 0030: 00 62 45 B6 A9 08 93 B9 A9 33 4B 18 9A C2 F8 87 .bE......3K.....
> 0040: 88 4E DB DD 71 34 1A C1 54 DA 46 3F E0 D3 2A AB .N..q4..T.F?..*.
> 0050: 6D 54 22 F5 3A 62 CD 20 6F BA 29 89 D7 DD 91 EE mT".:b. o.).....
> 0060: D3 5C A2 3E A1 5B 41 F5 DF E5 64 43 2D E9 D5 39 .\.>.[A...dC-..9
> 0070: AB D2 A2 DF B7 8B D0 C0 80 19 1C 45 C0 2D 8C E8 ...........E.-..
> 0080: F8 2D A4 74 56 49 C5 05 B5 4F 15 DE 6E 44 78 39 .-.tVI...O..nDx9
> 0090: 87 A8 7E BB F3 79 18 91 BB F4 6F 9D C1 F0 8C 35 .....y....o....5
> 00A0: 8C 5D 01 FB C3 6D B9 EF 44 6D 79 46 31 7E 0A FE .]...m..DmyF1...
> 00B0: A9 82 C1 FF EF AB 6E 20 C4 50 C9 5F 9D 4D 9B 17 ......n .P._.M..
> 00C0: 8C 0C E5 01 C9 A0 41 6A 73 53 FA A5 50 B4 6E 25 ......AjsS..P.n%
> 00D0: 0F FB 4C 18 F4 FD 52 D9 8E 69 B1 E8 11 0F DE 88 ..L...R..i......
> 00E0: D8 FB 1D 49 F7 AA DE 95 CF 20 78 C2 60 12 DB 25 ...I..... x.`..%
> 00F0: 40 8C 6A FC 7E 42 38 40 64 12 F7 9E 81 E1 93 2E @.j..B8@d.......
>
> ]
> main, READ: TLSv1 Handshake, length = 4
> *** ServerHelloDone
> *** ClientKeyExchange, RSA PreMasterSecret, TLSv1
> main, WRITE: TLSv1 Handshake, length = 262
> SESSION KEYGEN:
> PreMaster Secret:
> 0000: 03 01 21 B5 D6 C8 83 20 13 CE 9D 81 F5 A8 8A 41 ..!.... .......A
> 0010: DF 7C 00 1F DC 55 1E 03 F5 B9 A6 AE FE F5 EF 8F .....U..........
> 0020: D8 30 2C 83 3C 66 40 9E D2 EF 06 88 16 AB 4F 87 .0,.<f@.......O.
> CONNECTION KEYGEN:
> Client Nonce:
> 0000: 56 C9 33 40 B5 33 F0 5B D5 80 FD 82 AF 01 78 90 V.3@.3.[......x.
> 0010: AF 2F 54 FF 6E B0 5A 0C 01 DE 1A E4 D9 FD CC B7 ./T.n.Z.........
> Server Nonce:
> 0000: F1 37 7D EC 40 57 7E A9 83 A6 83 35 2F 74 84 7B .7..@W.....5/t..
> 0010: 60 EF D6 D4 CD E9 3C 2B 2F D7 2A F1 46 47 C1 A3 `.....<+/.*.FG..
> Master Secret:
> 0000: 6D 69 DA AA B3 B5 32 CB 23 3A 65 0E B9 82 0D A0 mi....2.#:e.....
> 0010: F1 BA CC 1D 5C 40 AE 40 5F A2 C5 93 4D 1A A0 4E ....\@.@_...M..N
> 0020: A0 87 22 6E FF D9 64 05 8F 92 EF 8D AE 07 49 54 .."n..d.......IT
> Client MAC write Secret:
> 0000: C8 43 0C 40 43 8B B0 CE 7A 2F 0E 1F 03 D3 54 B8 .C.@C...z/....T.
> 0010: DE 34 8F 90 .4..
> Server MAC write Secret:
> 0000: 6E 93 C2 22 EA EF 6B 2D 28 E1 65 8E 34 48 32 1E n.."..k-(.e.4H2.
> 0010: 95 21 57 ED .!W.
> Client write key:
> 0000: AE 53 70 D1 87 6C 8B 09 E0 17 84 19 F1 6E 48 47 .Sp..l.......nHG
> Server write key:
> 0000: 27 4C EC 7F 63 08 FA EA 47 FB 1C F3 05 90 D3 9E 'L..c...G.......
> Client write IV:
> 0000: CD FC 9B 82 6C 44 5E 83 FF 64 B1 B8 E1 76 87 97 ....lD^..d...v..
> Server write IV:
> 0000: 4F 4B 7D D1 22 0F 57 1A 87 8D 67 51 F1 95 87 EA OK..".W...gQ....
> main, WRITE: TLSv1 Change Cipher Spec, length = 1
> *** Finished
> verify_data: { 102, 197, 238, 191, 74, 233, 79, 51, 129, 63, 254, 62 }
> ***
> main, WRITE: TLSv1 Handshake, length = 48
> main, READ: TLSv1 Change Cipher Spec, length = 1
> main, READ: TLSv1 Handshake, length = 48
> *** Finished
> verify_data: { 126, 240, 234, 164, 31, 72, 200, 61, 37, 219, 129, 50 }
> ***
> %% Cached client session: [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]
> main, WRITE: TLSv1 Application Data, length = 176
> main, handling exception: java.net.SocketException: Connection reset
> %% Invalidated: [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]
> main, SEND TLSv1 ALERT: fatal, description = unexpected_message
> main, WRITE: TLSv1 Alert, length = 32
> main, Exception sending alert: java.net.SocketException: Connection reset
> by peer: socket write error
> main, called closeSocket()
> main, called close()
> main, called closeInternal(true)
It looks like the server may not like the TLS_RSA_WITH_AES_128_CBC_SHA
cipher chosen by the client.
Oleg
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
Re: HttpClient SSL Connection Issue
Posted by Philippe Mouawad <ph...@gmail.com>.
Good catch @Tim !
Indeed Java:
Padded plaintext before ENCRYPTION: len = 176
0000: 47 45 54 20 2F 20 48 54 54 50 2F 31 2E 31 0D 0A GET / HTTP/1.1..
0010: 43 6F 6E 6E 65 63 74 69 6F 6E 3A 20 6B 65 65 70 Connection: keep
0020: 2D 61 6C 69 76 65 0D 0A 55 73 65 72 2D 41 67 65 -alive..User-Age
0030: 6E 74 3A 20 4A 61 76 61 2F 31 2E 38 2E 30 5F 34 nt: Java/1.8.0_4
0040: 35 0D 0A 48 6F 73 74 3A 20 73 6F 2E 6E 31 31 2E 5..Host: so.n11.
0050: 63 6F 6D 0D 0A 41 63 63 65 70 74 3A 20 74 65 78 com..Accept: tex
0060: 74 2F 68 74 6D 6C 2C 20 69 6D 61 67 65 2F 67 69 t/html, image/gi
0070: 66 2C 20 69 6D 61 67 65 2F 6A 70 65 67 2C 20 2A f, image/jpeg, *
0080: 3B 20 71 3D 2E 32 2C 20 2A 2F 2A 3B 20 71 3D 2E ; q=.2, */*; q=.
0090: 32 0D 0A 0D 0A 32 8B 87 7A BA 17 82 81 CD BB C5 2....2..z.......
00A0: F8 E3 E0 C4 B1 53 A6 09 63 06 06 06 06 06 06 06 .....S..c.......
Thread Group 1-1, WRITE: TLSv1 Application Data, length = 176
HttpClient:
Padded plaintext before ENCRYPTION: len = 144
0000: 47 45 54 20 2F 20 48 54 54 50 2F 31 2E 31 0D 0A GET / HTTP/1.1..
0010: 43 6F 6E 6E 65 63 74 69 6F 6E 3A 20 6B 65 65 70 Connection: keep
0020: 2D 61 6C 69 76 65 0D 0A 48 6F 73 74 3A 20 73 6F -alive..Host: so
0030: 2E 6E 31 31 2E 63 6F 6D 0D 0A 55 73 65 72 2D 41 .n11.com..User-A
0040: 67 65 6E 74 3A 20 41 70 61 63 68 65 2D 48 74 74 gent: Apache-Htt
0050: 70 43 6C 69 65 6E 74 2F 34 2E 35 2E 32 2D 53 4E pClient/4.5.2-SN
0060: 41 50 53 48 4F 54 20 28 4A 61 76 61 2F 31 2E 38 APSHOT (Java/1.8
0070: 2E 30 5F 34 35 29 0D 0A 0D 0A 68 D5 4F F4 33 6B .0_45)....h.O.3k
0080: 1B 37 6F 3B CC 01 D2 D8 7F 95 02 FB 58 3A 01 01 .7o;........X:..
Thread Group 1-1, WRITE: TLSv1 Application Data, length = 144
Learnt something today , thanks !
On Mon, Feb 22, 2016 at 9:03 PM, Tim Jacomb [DATACOM] <ti...@datacom.co.nz>
wrote:
> Try adding an Accept Header, the server you are contacting appears to
> reject all requests without one
>
> httpGet.addHeader("Accept",
> "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8");
>
> Tim
> ________________________________________
> From: Murat Balkan <mr...@gmail.com>
> Sent: Tuesday, 23 February 2016 8:38 a.m.
> To: HttpClient User Discussion
> Subject: Re: HttpClient SSL Connection Issue
>
> Hi, Please find it below: The version does not matter. Whatever version I
> tried failed. I even installed Java 8 to test. My current versions in the
> built path are: httpclient4.5.1,httpcore4.4.3,httpmime 4.5.1, jna 4.1.0,
> jna-platform4.1.0,httpclient-cache4.5.1
>
> SSLContext sslContext = SSLContexts.createDefault();
> SSLConnectionSocketFactory sslConnectionFactory = new
> SSLConnectionSocketFactory(sslContext,NoopHostnameVerifier.INSTANCE);
> Registry<ConnectionSocketFactory> socketFactoryRegistry =
> RegistryBuilder.<ConnectionSocketFactory>create()
> .register("http", PlainConnectionSocketFactory.getSocketFactory())
> .register("https", sslConnectionFactory)
> .build();
> PoolingHttpClientConnectionManager cm = new
> PoolingHttpClientConnectionManager(socketFactoryRegistry);
> cm.setDefaultMaxPerRoute(1);
> CloseableHttpClient httpClient = HttpClientBuilder.create()
> .disableContentCompression()
> .disableAutomaticRetries()
> .setUserAgent("User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:44.0)
> Gecko/20100101 Firefox/44.0")
> .build();
> HttpGet httpGet = new HttpGet("https://so.n11.com");
> httpClient.execute(httpGet);
> System.out.println("I can never reach this point");
>
> On Mon, Feb 22, 2016 at 2:33 PM, Philippe Mouawad <
> philippe.mouawad@gmail.com> wrote:
>
> > hi,
> > Can you show your httpclient code and mention which versions you used for
> > httpcore and httpclient and java exact version
> >
> > thx
> >
> > On Monday, February 22, 2016, Murat Balkan <mr...@gmail.com> wrote:
> >
> > > I tried the following with URL class this time:
> > >
> > > URL my_url = new URL("https://so.n11.com");
> > > BufferedReader br = new BufferedReader(new
> > > InputStreamReader(my_url.openStream()));
> > > String strTemp = "";
> > > while(null != (strTemp = br.readLine())){
> > > System.out.println(strTemp);
> > > }
> > >
> > > Even this works. So far URL, HttpURLConnection and Browsers are able to
> > > fetch the page. Apache HttpClient cannot.
> > > I also tried Fluent from the same package. It fails too.
> > >
> > >
> > >
> > >
> > >
> > > On Mon, Feb 22, 2016 at 12:40 PM, Oleg Kalnichevski <olegk@apache.org
> > > <javascript:;>>
> > > wrote:
> > >
> > > > On Mon, 2016-02-22 at 11:27 -0500, Murat Balkan wrote:
> > > > > Can you please suggest me how HttpClient can get the page like
> > > > > HttpUrlConnection? or Google Chrome?
> > > >
> > > > Capture a session between a browser or HttpUrlConnection using
> > Wireshark
> > > > or browser plugin of your choosing. Configure HttpClient to generate
> > > > identical messages. See what happens.
> > > >
> > > > > If I go to the site admin, wouldnt he say the site is totally
> > > reachable?
> > > > >
> > > >
> > > > The admin can say that Earth is flat for all I care, but their server
> > > > drops connections without sending back a status code like all well
> > > > behaved, spec complaint HTTP servers are supposed to do.
> > > >
> > > > Oleg
> > > >
> > > >
> > > >
> > > > > On Mon, Feb 22, 2016 at 11:22 AM, Oleg Kalnichevski <
> > olegk@apache.org
> > > <javascript:;>>
> > > > > wrote:
> > > > >
> > > > > > On Mon, 2016-02-22 at 11:18 -0500, Murat Balkan wrote:
> > > > > > > Hi Oleg,
> > > > > > > I do not aggree, other Http libraries does not have this
> problem.
> > > As
> > > > I
> > > > > > said
> > > > > > > HttpUrlConnection gets the page, all types of browsers can get
> > the
> > > > page.
> > > > > > It
> > > > > > > is clear that this is an error that is related with the Apache
> > > > Client.
> > > > > > > Thnaks
> > > > > > > Murat
> > > > > >
> > > > > > You are very welcome to disagree.
> > > > > >
> > > > > > Your own log clearly show that the problem has nothing to do with
> > SSL
> > > > > > and is caused by peer connection reset.
> > > > > >
> > > > > > Oleg
> > > > > >
> > > > > >
> > > > > > >
> > > > > > > On Mon, Feb 22, 2016 at 11:14 AM, Oleg Kalnichevski <
> > > > olegk@apache.org <javascript:;>>
> > > > > > > wrote:
> > > > > > >
> > > > > > > > On Mon, 2016-02-22 at 10:57 -0500, Murat Balkan wrote:
> > > > > > > > > I enabled the debug log and it seems the connection is
> > > > established .
> > > > > > Any
> > > > > > > > > ideas? Attaching below:
> > > > > > > > >
> > > > > > > > > 2016/02/22 10:49:45:146 EST [DEBUG]
> > > > > > DefaultHttpClientConnectionOperator -
> > > > > > > > > Connection established 142.133.240.86:34018<->
> > > 176.41.133.12:443
> > > > > > > > > 2016/02/22 10:49:45:146 EST [DEBUG] MainClientExec -
> > Executing
> > > > > > request
> > > > > > > > GET
> > > > > > > > > / HTTP/1.1
> > > > > > > > > 2016/02/22 10:49:45:146 EST [DEBUG] MainClientExec - Target
> > > auth
> > > > > > state:
> > > > > > > > > UNCHALLENGED
> > > > > > > > > 2016/02/22 10:49:45:146 EST [DEBUG] MainClientExec - Proxy
> > auth
> > > > > > state:
> > > > > > > > > UNCHALLENGED
> > > > > > > > > 2016/02/22 10:49:45:147 EST [DEBUG] headers -
> http-outgoing-3
> > > >>
> > > > GET
> > > > > > /
> > > > > > > > > HTTP/1.1
> > > > > > > > > 2016/02/22 10:49:45:147 EST [DEBUG] headers -
> http-outgoing-3
> > > >>
> > > > > > Host:
> > > > > > > > > so.n11.com
> > > > > > > > > 2016/02/22 10:49:45:147 EST [DEBUG] headers -
> http-outgoing-3
> > > >>
> > > > > > > > > Connection: Keep-Alive
> > > > > > > > > 2016/02/22 10:49:45:147 EST [DEBUG] headers -
> http-outgoing-3
> > > >>
> > > > > > > > > User-Agent: Apache-HttpClient/4.5.1 (Java/1.7.0_79)
> > > > > > > > > 2016/02/22 10:49:45:148 EST [DEBUG] headers -
> http-outgoing-3
> > > >>
> > > > > > > > > Accept-Encoding: gzip,deflate
> > > > > > > > > 2016/02/22 10:49:45:419 EST [DEBUG]
> > > > > > DefaultManagedHttpClientConnection -
> > > > > > > > > http-outgoing-3: Close connection
> > > > > > > > > 2016/02/22 10:49:45:419 EST [DEBUG]
> > > > > > DefaultManagedHttpClientConnection -
> > > > > > > > > http-outgoing-3: Shutdown connection
> > > > > > > > > 2016/02/22 10:49:45:419 EST [DEBUG] MainClientExec -
> > Connection
> > > > > > discarded
> > > > > > > > >
> > > > > > > >
> > > > > > > > The connection is dropped by the server due to an internal
> > error
> > > of
> > > > > > some
> > > > > > > > sort. You need to take it up with the server admin.
> > > > > > > >
> > > > > > > > Oleg
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > ---------------------------------------------------------------------
> > > > > > > > To unsubscribe, e-mail:
> > > httpclient-users-unsubscribe@hc.apache.org <javascript:;>
> > > > > > > > For additional commands, e-mail:
> > > > httpclient-users-help@hc.apache.org <javascript:;>
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > ---------------------------------------------------------------------
> > > > > > To unsubscribe, e-mail:
> httpclient-users-unsubscribe@hc.apache.org
> > > <javascript:;>
> > > > > > For additional commands, e-mail:
> > httpclient-users-help@hc.apache.org
> > > <javascript:;>
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > > >
> > > > ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> > > <javascript:;>
> > > > For additional commands, e-mail: httpclient-users-help@hc.apache.org
> > > <javascript:;>
> > > >
> > > >
> > >
> > >
> > > --
> > > Murat Balkan
> > >
> >
> >
> > --
> > Cordialement.
> > Philippe Mouawad.
> >
>
>
>
> --
> Murat Balkan
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
>
--
Cordialement.
Philippe Mouawad.
Re: HttpClient SSL Connection Issue
Posted by Philippe Mouawad <ph...@gmail.com>.
Hi Oleg,
I was wrong as per my N-1 mail .
On Mon, Feb 22, 2016 at 9:13 PM, Oleg Kalnichevski <ol...@apache.org> wrote:
> On Mon, 2016-02-22 at 21:08 +0100, Philippe Mouawad wrote:
> > Hi Oleg,
> > I tried the URL using JMeter and HttpClient 4.5.2 it fails.
> >
> > I don't see big differences when comparing ssl logs:
> > Thread Group 1-1, handling exception: java.net.SocketException:
> Connection
> > reset
> > %% Invalidated: [Session-4, TLS_RSA_WITH_AES_128_CBC_SHA]
> > Thread Group 1-1, SEND TLSv1 ALERT: fatal, description =
> unexpected_message
> > Padded plaintext before ENCRYPTION: len = 32
> > 0000: 02 0A 75 43 41 2D 66 FE B7 2F 45 02 3C 21 E7 67 ..uCA-f../E.<!.g
> > 0010: 6B 9C 21 52 18 37 09 09 09 09 09 09 09 09 09 09 k.!R.7..........
> > Thread Group 1-1, WRITE: TLSv1 Alert, length = 32
> > Thread Group 1-1, Exception sending alert: java.net.SocketException:
> Broken
> > pipe
> > Thread Group 1-1, called closeSocket()
> > Thread Group 1-1, called close()
> > Thread Group 1-1, called closeInternal(true)
> >
> >
> > It seems like a bug in HttpClient no ?
> >
>
> How exactly can this be a bug in HttpClient?
>
> Oleg
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
>
--
Cordialement.
Philippe Mouawad.
Re: HttpClient SSL Connection Issue
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Mon, 2016-02-22 at 21:08 +0100, Philippe Mouawad wrote:
> Hi Oleg,
> I tried the URL using JMeter and HttpClient 4.5.2 it fails.
>
> I don't see big differences when comparing ssl logs:
> Thread Group 1-1, handling exception: java.net.SocketException: Connection
> reset
> %% Invalidated: [Session-4, TLS_RSA_WITH_AES_128_CBC_SHA]
> Thread Group 1-1, SEND TLSv1 ALERT: fatal, description = unexpected_message
> Padded plaintext before ENCRYPTION: len = 32
> 0000: 02 0A 75 43 41 2D 66 FE B7 2F 45 02 3C 21 E7 67 ..uCA-f../E.<!.g
> 0010: 6B 9C 21 52 18 37 09 09 09 09 09 09 09 09 09 09 k.!R.7..........
> Thread Group 1-1, WRITE: TLSv1 Alert, length = 32
> Thread Group 1-1, Exception sending alert: java.net.SocketException: Broken
> pipe
> Thread Group 1-1, called closeSocket()
> Thread Group 1-1, called close()
> Thread Group 1-1, called closeInternal(true)
>
>
> It seems like a bug in HttpClient no ?
>
How exactly can this be a bug in HttpClient?
Oleg
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
Re: HttpClient SSL Connection Issue
Posted by Philippe Mouawad <ph...@gmail.com>.
Hi Oleg,
I tried the URL using JMeter and HttpClient 4.5.2 it fails.
I don't see big differences when comparing ssl logs:
Thread Group 1-1, handling exception: java.net.SocketException: Connection
reset
%% Invalidated: [Session-4, TLS_RSA_WITH_AES_128_CBC_SHA]
Thread Group 1-1, SEND TLSv1 ALERT: fatal, description = unexpected_message
Padded plaintext before ENCRYPTION: len = 32
0000: 02 0A 75 43 41 2D 66 FE B7 2F 45 02 3C 21 E7 67 ..uCA-f../E.<!.g
0010: 6B 9C 21 52 18 37 09 09 09 09 09 09 09 09 09 09 k.!R.7..........
Thread Group 1-1, WRITE: TLSv1 Alert, length = 32
Thread Group 1-1, Exception sending alert: java.net.SocketException: Broken
pipe
Thread Group 1-1, called closeSocket()
Thread Group 1-1, called close()
Thread Group 1-1, called closeInternal(true)
It seems like a bug in HttpClient no ?
On Mon, Feb 22, 2016 at 8:38 PM, Murat Balkan <mr...@gmail.com> wrote:
> Hi, Please find it below: The version does not matter. Whatever version I
> tried failed. I even installed Java 8 to test. My current versions in the
> built path are: httpclient4.5.1,httpcore4.4.3,httpmime 4.5.1, jna 4.1.0,
> jna-platform4.1.0,httpclient-cache4.5.1
>
> SSLContext sslContext = SSLContexts.createDefault();
> SSLConnectionSocketFactory sslConnectionFactory = new
> SSLConnectionSocketFactory(sslContext,NoopHostnameVerifier.INSTANCE);
> Registry<ConnectionSocketFactory> socketFactoryRegistry =
> RegistryBuilder.<ConnectionSocketFactory>create()
> .register("http", PlainConnectionSocketFactory.getSocketFactory())
> .register("https", sslConnectionFactory)
> .build();
> PoolingHttpClientConnectionManager cm = new
> PoolingHttpClientConnectionManager(socketFactoryRegistry);
> cm.setDefaultMaxPerRoute(1);
> CloseableHttpClient httpClient = HttpClientBuilder.create()
> .disableContentCompression()
> .disableAutomaticRetries()
> .setUserAgent("User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:44.0)
> Gecko/20100101 Firefox/44.0")
> .build();
> HttpGet httpGet = new HttpGet("https://so.n11.com");
> httpClient.execute(httpGet);
> System.out.println("I can never reach this point");
>
> On Mon, Feb 22, 2016 at 2:33 PM, Philippe Mouawad <
> philippe.mouawad@gmail.com> wrote:
>
> > hi,
> > Can you show your httpclient code and mention which versions you used for
> > httpcore and httpclient and java exact version
> >
> > thx
> >
> > On Monday, February 22, 2016, Murat Balkan <mr...@gmail.com> wrote:
> >
> > > I tried the following with URL class this time:
> > >
> > > URL my_url = new URL("https://so.n11.com");
> > > BufferedReader br = new BufferedReader(new
> > > InputStreamReader(my_url.openStream()));
> > > String strTemp = "";
> > > while(null != (strTemp = br.readLine())){
> > > System.out.println(strTemp);
> > > }
> > >
> > > Even this works. So far URL, HttpURLConnection and Browsers are able to
> > > fetch the page. Apache HttpClient cannot.
> > > I also tried Fluent from the same package. It fails too.
> > >
> > >
> > >
> > >
> > >
> > > On Mon, Feb 22, 2016 at 12:40 PM, Oleg Kalnichevski <olegk@apache.org
> > > <javascript:;>>
> > > wrote:
> > >
> > > > On Mon, 2016-02-22 at 11:27 -0500, Murat Balkan wrote:
> > > > > Can you please suggest me how HttpClient can get the page like
> > > > > HttpUrlConnection? or Google Chrome?
> > > >
> > > > Capture a session between a browser or HttpUrlConnection using
> > Wireshark
> > > > or browser plugin of your choosing. Configure HttpClient to generate
> > > > identical messages. See what happens.
> > > >
> > > > > If I go to the site admin, wouldnt he say the site is totally
> > > reachable?
> > > > >
> > > >
> > > > The admin can say that Earth is flat for all I care, but their server
> > > > drops connections without sending back a status code like all well
> > > > behaved, spec complaint HTTP servers are supposed to do.
> > > >
> > > > Oleg
> > > >
> > > >
> > > >
> > > > > On Mon, Feb 22, 2016 at 11:22 AM, Oleg Kalnichevski <
> > olegk@apache.org
> > > <javascript:;>>
> > > > > wrote:
> > > > >
> > > > > > On Mon, 2016-02-22 at 11:18 -0500, Murat Balkan wrote:
> > > > > > > Hi Oleg,
> > > > > > > I do not aggree, other Http libraries does not have this
> problem.
> > > As
> > > > I
> > > > > > said
> > > > > > > HttpUrlConnection gets the page, all types of browsers can get
> > the
> > > > page.
> > > > > > It
> > > > > > > is clear that this is an error that is related with the Apache
> > > > Client.
> > > > > > > Thnaks
> > > > > > > Murat
> > > > > >
> > > > > > You are very welcome to disagree.
> > > > > >
> > > > > > Your own log clearly show that the problem has nothing to do with
> > SSL
> > > > > > and is caused by peer connection reset.
> > > > > >
> > > > > > Oleg
> > > > > >
> > > > > >
> > > > > > >
> > > > > > > On Mon, Feb 22, 2016 at 11:14 AM, Oleg Kalnichevski <
> > > > olegk@apache.org <javascript:;>>
> > > > > > > wrote:
> > > > > > >
> > > > > > > > On Mon, 2016-02-22 at 10:57 -0500, Murat Balkan wrote:
> > > > > > > > > I enabled the debug log and it seems the connection is
> > > > established .
> > > > > > Any
> > > > > > > > > ideas? Attaching below:
> > > > > > > > >
> > > > > > > > > 2016/02/22 10:49:45:146 EST [DEBUG]
> > > > > > DefaultHttpClientConnectionOperator -
> > > > > > > > > Connection established 142.133.240.86:34018<->
> > > 176.41.133.12:443
> > > > > > > > > 2016/02/22 10:49:45:146 EST [DEBUG] MainClientExec -
> > Executing
> > > > > > request
> > > > > > > > GET
> > > > > > > > > / HTTP/1.1
> > > > > > > > > 2016/02/22 10:49:45:146 EST [DEBUG] MainClientExec - Target
> > > auth
> > > > > > state:
> > > > > > > > > UNCHALLENGED
> > > > > > > > > 2016/02/22 10:49:45:146 EST [DEBUG] MainClientExec - Proxy
> > auth
> > > > > > state:
> > > > > > > > > UNCHALLENGED
> > > > > > > > > 2016/02/22 10:49:45:147 EST [DEBUG] headers -
> http-outgoing-3
> > > >>
> > > > GET
> > > > > > /
> > > > > > > > > HTTP/1.1
> > > > > > > > > 2016/02/22 10:49:45:147 EST [DEBUG] headers -
> http-outgoing-3
> > > >>
> > > > > > Host:
> > > > > > > > > so.n11.com
> > > > > > > > > 2016/02/22 10:49:45:147 EST [DEBUG] headers -
> http-outgoing-3
> > > >>
> > > > > > > > > Connection: Keep-Alive
> > > > > > > > > 2016/02/22 10:49:45:147 EST [DEBUG] headers -
> http-outgoing-3
> > > >>
> > > > > > > > > User-Agent: Apache-HttpClient/4.5.1 (Java/1.7.0_79)
> > > > > > > > > 2016/02/22 10:49:45:148 EST [DEBUG] headers -
> http-outgoing-3
> > > >>
> > > > > > > > > Accept-Encoding: gzip,deflate
> > > > > > > > > 2016/02/22 10:49:45:419 EST [DEBUG]
> > > > > > DefaultManagedHttpClientConnection -
> > > > > > > > > http-outgoing-3: Close connection
> > > > > > > > > 2016/02/22 10:49:45:419 EST [DEBUG]
> > > > > > DefaultManagedHttpClientConnection -
> > > > > > > > > http-outgoing-3: Shutdown connection
> > > > > > > > > 2016/02/22 10:49:45:419 EST [DEBUG] MainClientExec -
> > Connection
> > > > > > discarded
> > > > > > > > >
> > > > > > > >
> > > > > > > > The connection is dropped by the server due to an internal
> > error
> > > of
> > > > > > some
> > > > > > > > sort. You need to take it up with the server admin.
> > > > > > > >
> > > > > > > > Oleg
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > ---------------------------------------------------------------------
> > > > > > > > To unsubscribe, e-mail:
> > > httpclient-users-unsubscribe@hc.apache.org <javascript:;>
> > > > > > > > For additional commands, e-mail:
> > > > httpclient-users-help@hc.apache.org <javascript:;>
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > ---------------------------------------------------------------------
> > > > > > To unsubscribe, e-mail:
> httpclient-users-unsubscribe@hc.apache.org
> > > <javascript:;>
> > > > > > For additional commands, e-mail:
> > httpclient-users-help@hc.apache.org
> > > <javascript:;>
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > > >
> > > > ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> > > <javascript:;>
> > > > For additional commands, e-mail: httpclient-users-help@hc.apache.org
> > > <javascript:;>
> > > >
> > > >
> > >
> > >
> > > --
> > > Murat Balkan
> > >
> >
> >
> > --
> > Cordialement.
> > Philippe Mouawad.
> >
>
>
>
> --
> Murat Balkan
>
--
Cordialement.
Philippe Mouawad.
Re: HttpClient SSL Connection Issue
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Mon, 2016-02-22 at 15:08 -0500, Murat Balkan wrote:
> Tom,
> It worked like a charm! Thank you very much! It seems HTTPURLConnection
> and URL classes add a default "accept" header which is not implemented by
> Apache HttpClient.
'Accept' header as well as other content negotiation headers are
optional. HTTP agents do not have to implement content negotiation.
https://tools.ietf.org/html/rfc7231#section-5.3
Oleg
> Thanks again,
> Murat
>
> On Mon, Feb 22, 2016 at 3:03 PM, Tim Jacomb [DATACOM] <ti...@datacom.co.nz>
> wrote:
>
> > Try adding an Accept Header, the server you are contacting appears to
> > reject all requests without one
> >
> > httpGet.addHeader("Accept",
> > "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8");
> >
> > Tim
> > ________________________________________
> > From: Murat Balkan <mr...@gmail.com>
> > Sent: Tuesday, 23 February 2016 8:38 a.m.
> > To: HttpClient User Discussion
> > Subject: Re: HttpClient SSL Connection Issue
> >
> > Hi, Please find it below: The version does not matter. Whatever version I
> > tried failed. I even installed Java 8 to test. My current versions in the
> > built path are: httpclient4.5.1,httpcore4.4.3,httpmime 4.5.1, jna 4.1.0,
> > jna-platform4.1.0,httpclient-cache4.5.1
> >
> > SSLContext sslContext = SSLContexts.createDefault();
> > SSLConnectionSocketFactory sslConnectionFactory = new
> > SSLConnectionSocketFactory(sslContext,NoopHostnameVerifier.INSTANCE);
> > Registry<ConnectionSocketFactory> socketFactoryRegistry =
> > RegistryBuilder.<ConnectionSocketFactory>create()
> > .register("http", PlainConnectionSocketFactory.getSocketFactory())
> > .register("https", sslConnectionFactory)
> > .build();
> > PoolingHttpClientConnectionManager cm = new
> > PoolingHttpClientConnectionManager(socketFactoryRegistry);
> > cm.setDefaultMaxPerRoute(1);
> > CloseableHttpClient httpClient = HttpClientBuilder.create()
> > .disableContentCompression()
> > .disableAutomaticRetries()
> > .setUserAgent("User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:44.0)
> > Gecko/20100101 Firefox/44.0")
> > .build();
> > HttpGet httpGet = new HttpGet("https://so.n11.com");
> > httpClient.execute(httpGet);
> > System.out.println("I can never reach this point");
> >
> > On Mon, Feb 22, 2016 at 2:33 PM, Philippe Mouawad <
> > philippe.mouawad@gmail.com> wrote:
> >
> > > hi,
> > > Can you show your httpclient code and mention which versions you used for
> > > httpcore and httpclient and java exact version
> > >
> > > thx
> > >
> > > On Monday, February 22, 2016, Murat Balkan <mr...@gmail.com> wrote:
> > >
> > > > I tried the following with URL class this time:
> > > >
> > > > URL my_url = new URL("https://so.n11.com");
> > > > BufferedReader br = new BufferedReader(new
> > > > InputStreamReader(my_url.openStream()));
> > > > String strTemp = "";
> > > > while(null != (strTemp = br.readLine())){
> > > > System.out.println(strTemp);
> > > > }
> > > >
> > > > Even this works. So far URL, HttpURLConnection and Browsers are able to
> > > > fetch the page. Apache HttpClient cannot.
> > > > I also tried Fluent from the same package. It fails too.
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > On Mon, Feb 22, 2016 at 12:40 PM, Oleg Kalnichevski <olegk@apache.org
> > > > <javascript:;>>
> > > > wrote:
> > > >
> > > > > On Mon, 2016-02-22 at 11:27 -0500, Murat Balkan wrote:
> > > > > > Can you please suggest me how HttpClient can get the page like
> > > > > > HttpUrlConnection? or Google Chrome?
> > > > >
> > > > > Capture a session between a browser or HttpUrlConnection using
> > > Wireshark
> > > > > or browser plugin of your choosing. Configure HttpClient to generate
> > > > > identical messages. See what happens.
> > > > >
> > > > > > If I go to the site admin, wouldnt he say the site is totally
> > > > reachable?
> > > > > >
> > > > >
> > > > > The admin can say that Earth is flat for all I care, but their server
> > > > > drops connections without sending back a status code like all well
> > > > > behaved, spec complaint HTTP servers are supposed to do.
> > > > >
> > > > > Oleg
> > > > >
> > > > >
> > > > >
> > > > > > On Mon, Feb 22, 2016 at 11:22 AM, Oleg Kalnichevski <
> > > olegk@apache.org
> > > > <javascript:;>>
> > > > > > wrote:
> > > > > >
> > > > > > > On Mon, 2016-02-22 at 11:18 -0500, Murat Balkan wrote:
> > > > > > > > Hi Oleg,
> > > > > > > > I do not aggree, other Http libraries does not have this
> > problem.
> > > > As
> > > > > I
> > > > > > > said
> > > > > > > > HttpUrlConnection gets the page, all types of browsers can get
> > > the
> > > > > page.
> > > > > > > It
> > > > > > > > is clear that this is an error that is related with the Apache
> > > > > Client.
> > > > > > > > Thnaks
> > > > > > > > Murat
> > > > > > >
> > > > > > > You are very welcome to disagree.
> > > > > > >
> > > > > > > Your own log clearly show that the problem has nothing to do with
> > > SSL
> > > > > > > and is caused by peer connection reset.
> > > > > > >
> > > > > > > Oleg
> > > > > > >
> > > > > > >
> > > > > > > >
> > > > > > > > On Mon, Feb 22, 2016 at 11:14 AM, Oleg Kalnichevski <
> > > > > olegk@apache.org <javascript:;>>
> > > > > > > > wrote:
> > > > > > > >
> > > > > > > > > On Mon, 2016-02-22 at 10:57 -0500, Murat Balkan wrote:
> > > > > > > > > > I enabled the debug log and it seems the connection is
> > > > > established .
> > > > > > > Any
> > > > > > > > > > ideas? Attaching below:
> > > > > > > > > >
> > > > > > > > > > 2016/02/22 10:49:45:146 EST [DEBUG]
> > > > > > > DefaultHttpClientConnectionOperator -
> > > > > > > > > > Connection established 142.133.240.86:34018<->
> > > > 176.41.133.12:443
> > > > > > > > > > 2016/02/22 10:49:45:146 EST [DEBUG] MainClientExec -
> > > Executing
> > > > > > > request
> > > > > > > > > GET
> > > > > > > > > > / HTTP/1.1
> > > > > > > > > > 2016/02/22 10:49:45:146 EST [DEBUG] MainClientExec - Target
> > > > auth
> > > > > > > state:
> > > > > > > > > > UNCHALLENGED
> > > > > > > > > > 2016/02/22 10:49:45:146 EST [DEBUG] MainClientExec - Proxy
> > > auth
> > > > > > > state:
> > > > > > > > > > UNCHALLENGED
> > > > > > > > > > 2016/02/22 10:49:45:147 EST [DEBUG] headers -
> > http-outgoing-3
> > > > >>
> > > > > GET
> > > > > > > /
> > > > > > > > > > HTTP/1.1
> > > > > > > > > > 2016/02/22 10:49:45:147 EST [DEBUG] headers -
> > http-outgoing-3
> > > > >>
> > > > > > > Host:
> > > > > > > > > > so.n11.com
> > > > > > > > > > 2016/02/22 10:49:45:147 EST [DEBUG] headers -
> > http-outgoing-3
> > > > >>
> > > > > > > > > > Connection: Keep-Alive
> > > > > > > > > > 2016/02/22 10:49:45:147 EST [DEBUG] headers -
> > http-outgoing-3
> > > > >>
> > > > > > > > > > User-Agent: Apache-HttpClient/4.5.1 (Java/1.7.0_79)
> > > > > > > > > > 2016/02/22 10:49:45:148 EST [DEBUG] headers -
> > http-outgoing-3
> > > > >>
> > > > > > > > > > Accept-Encoding: gzip,deflate
> > > > > > > > > > 2016/02/22 10:49:45:419 EST [DEBUG]
> > > > > > > DefaultManagedHttpClientConnection -
> > > > > > > > > > http-outgoing-3: Close connection
> > > > > > > > > > 2016/02/22 10:49:45:419 EST [DEBUG]
> > > > > > > DefaultManagedHttpClientConnection -
> > > > > > > > > > http-outgoing-3: Shutdown connection
> > > > > > > > > > 2016/02/22 10:49:45:419 EST [DEBUG] MainClientExec -
> > > Connection
> > > > > > > discarded
> > > > > > > > > >
> > > > > > > > >
> > > > > > > > > The connection is dropped by the server due to an internal
> > > error
> > > > of
> > > > > > > some
> > > > > > > > > sort. You need to take it up with the server admin.
> > > > > > > > >
> > > > > > > > > Oleg
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > ---------------------------------------------------------------------
> > > > > > > > > To unsubscribe, e-mail:
> > > > httpclient-users-unsubscribe@hc.apache.org <javascript:;>
> > > > > > > > > For additional commands, e-mail:
> > > > > httpclient-users-help@hc.apache.org <javascript:;>
> > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > ---------------------------------------------------------------------
> > > > > > > To unsubscribe, e-mail:
> > httpclient-users-unsubscribe@hc.apache.org
> > > > <javascript:;>
> > > > > > > For additional commands, e-mail:
> > > httpclient-users-help@hc.apache.org
> > > > <javascript:;>
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > > >
> > > > > ---------------------------------------------------------------------
> > > > > To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> > > > <javascript:;>
> > > > > For additional commands, e-mail: httpclient-users-help@hc.apache.org
> > > > <javascript:;>
> > > > >
> > > > >
> > > >
> > > >
> > > > --
> > > > Murat Balkan
> > > >
> > >
> > >
> > > --
> > > Cordialement.
> > > Philippe Mouawad.
> > >
> >
> >
> >
> > --
> > Murat Balkan
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> > For additional commands, e-mail: httpclient-users-help@hc.apache.org
> >
> >
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
Re: HttpClient SSL Connection Issue
Posted by Murat Balkan <mr...@gmail.com>.
Tom,
It worked like a charm! Thank you very much! It seems HTTPURLConnection
and URL classes add a default "accept" header which is not implemented by
Apache HttpClient.
Thanks again,
Murat
On Mon, Feb 22, 2016 at 3:03 PM, Tim Jacomb [DATACOM] <ti...@datacom.co.nz>
wrote:
> Try adding an Accept Header, the server you are contacting appears to
> reject all requests without one
>
> httpGet.addHeader("Accept",
> "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8");
>
> Tim
> ________________________________________
> From: Murat Balkan <mr...@gmail.com>
> Sent: Tuesday, 23 February 2016 8:38 a.m.
> To: HttpClient User Discussion
> Subject: Re: HttpClient SSL Connection Issue
>
> Hi, Please find it below: The version does not matter. Whatever version I
> tried failed. I even installed Java 8 to test. My current versions in the
> built path are: httpclient4.5.1,httpcore4.4.3,httpmime 4.5.1, jna 4.1.0,
> jna-platform4.1.0,httpclient-cache4.5.1
>
> SSLContext sslContext = SSLContexts.createDefault();
> SSLConnectionSocketFactory sslConnectionFactory = new
> SSLConnectionSocketFactory(sslContext,NoopHostnameVerifier.INSTANCE);
> Registry<ConnectionSocketFactory> socketFactoryRegistry =
> RegistryBuilder.<ConnectionSocketFactory>create()
> .register("http", PlainConnectionSocketFactory.getSocketFactory())
> .register("https", sslConnectionFactory)
> .build();
> PoolingHttpClientConnectionManager cm = new
> PoolingHttpClientConnectionManager(socketFactoryRegistry);
> cm.setDefaultMaxPerRoute(1);
> CloseableHttpClient httpClient = HttpClientBuilder.create()
> .disableContentCompression()
> .disableAutomaticRetries()
> .setUserAgent("User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:44.0)
> Gecko/20100101 Firefox/44.0")
> .build();
> HttpGet httpGet = new HttpGet("https://so.n11.com");
> httpClient.execute(httpGet);
> System.out.println("I can never reach this point");
>
> On Mon, Feb 22, 2016 at 2:33 PM, Philippe Mouawad <
> philippe.mouawad@gmail.com> wrote:
>
> > hi,
> > Can you show your httpclient code and mention which versions you used for
> > httpcore and httpclient and java exact version
> >
> > thx
> >
> > On Monday, February 22, 2016, Murat Balkan <mr...@gmail.com> wrote:
> >
> > > I tried the following with URL class this time:
> > >
> > > URL my_url = new URL("https://so.n11.com");
> > > BufferedReader br = new BufferedReader(new
> > > InputStreamReader(my_url.openStream()));
> > > String strTemp = "";
> > > while(null != (strTemp = br.readLine())){
> > > System.out.println(strTemp);
> > > }
> > >
> > > Even this works. So far URL, HttpURLConnection and Browsers are able to
> > > fetch the page. Apache HttpClient cannot.
> > > I also tried Fluent from the same package. It fails too.
> > >
> > >
> > >
> > >
> > >
> > > On Mon, Feb 22, 2016 at 12:40 PM, Oleg Kalnichevski <olegk@apache.org
> > > <javascript:;>>
> > > wrote:
> > >
> > > > On Mon, 2016-02-22 at 11:27 -0500, Murat Balkan wrote:
> > > > > Can you please suggest me how HttpClient can get the page like
> > > > > HttpUrlConnection? or Google Chrome?
> > > >
> > > > Capture a session between a browser or HttpUrlConnection using
> > Wireshark
> > > > or browser plugin of your choosing. Configure HttpClient to generate
> > > > identical messages. See what happens.
> > > >
> > > > > If I go to the site admin, wouldnt he say the site is totally
> > > reachable?
> > > > >
> > > >
> > > > The admin can say that Earth is flat for all I care, but their server
> > > > drops connections without sending back a status code like all well
> > > > behaved, spec complaint HTTP servers are supposed to do.
> > > >
> > > > Oleg
> > > >
> > > >
> > > >
> > > > > On Mon, Feb 22, 2016 at 11:22 AM, Oleg Kalnichevski <
> > olegk@apache.org
> > > <javascript:;>>
> > > > > wrote:
> > > > >
> > > > > > On Mon, 2016-02-22 at 11:18 -0500, Murat Balkan wrote:
> > > > > > > Hi Oleg,
> > > > > > > I do not aggree, other Http libraries does not have this
> problem.
> > > As
> > > > I
> > > > > > said
> > > > > > > HttpUrlConnection gets the page, all types of browsers can get
> > the
> > > > page.
> > > > > > It
> > > > > > > is clear that this is an error that is related with the Apache
> > > > Client.
> > > > > > > Thnaks
> > > > > > > Murat
> > > > > >
> > > > > > You are very welcome to disagree.
> > > > > >
> > > > > > Your own log clearly show that the problem has nothing to do with
> > SSL
> > > > > > and is caused by peer connection reset.
> > > > > >
> > > > > > Oleg
> > > > > >
> > > > > >
> > > > > > >
> > > > > > > On Mon, Feb 22, 2016 at 11:14 AM, Oleg Kalnichevski <
> > > > olegk@apache.org <javascript:;>>
> > > > > > > wrote:
> > > > > > >
> > > > > > > > On Mon, 2016-02-22 at 10:57 -0500, Murat Balkan wrote:
> > > > > > > > > I enabled the debug log and it seems the connection is
> > > > established .
> > > > > > Any
> > > > > > > > > ideas? Attaching below:
> > > > > > > > >
> > > > > > > > > 2016/02/22 10:49:45:146 EST [DEBUG]
> > > > > > DefaultHttpClientConnectionOperator -
> > > > > > > > > Connection established 142.133.240.86:34018<->
> > > 176.41.133.12:443
> > > > > > > > > 2016/02/22 10:49:45:146 EST [DEBUG] MainClientExec -
> > Executing
> > > > > > request
> > > > > > > > GET
> > > > > > > > > / HTTP/1.1
> > > > > > > > > 2016/02/22 10:49:45:146 EST [DEBUG] MainClientExec - Target
> > > auth
> > > > > > state:
> > > > > > > > > UNCHALLENGED
> > > > > > > > > 2016/02/22 10:49:45:146 EST [DEBUG] MainClientExec - Proxy
> > auth
> > > > > > state:
> > > > > > > > > UNCHALLENGED
> > > > > > > > > 2016/02/22 10:49:45:147 EST [DEBUG] headers -
> http-outgoing-3
> > > >>
> > > > GET
> > > > > > /
> > > > > > > > > HTTP/1.1
> > > > > > > > > 2016/02/22 10:49:45:147 EST [DEBUG] headers -
> http-outgoing-3
> > > >>
> > > > > > Host:
> > > > > > > > > so.n11.com
> > > > > > > > > 2016/02/22 10:49:45:147 EST [DEBUG] headers -
> http-outgoing-3
> > > >>
> > > > > > > > > Connection: Keep-Alive
> > > > > > > > > 2016/02/22 10:49:45:147 EST [DEBUG] headers -
> http-outgoing-3
> > > >>
> > > > > > > > > User-Agent: Apache-HttpClient/4.5.1 (Java/1.7.0_79)
> > > > > > > > > 2016/02/22 10:49:45:148 EST [DEBUG] headers -
> http-outgoing-3
> > > >>
> > > > > > > > > Accept-Encoding: gzip,deflate
> > > > > > > > > 2016/02/22 10:49:45:419 EST [DEBUG]
> > > > > > DefaultManagedHttpClientConnection -
> > > > > > > > > http-outgoing-3: Close connection
> > > > > > > > > 2016/02/22 10:49:45:419 EST [DEBUG]
> > > > > > DefaultManagedHttpClientConnection -
> > > > > > > > > http-outgoing-3: Shutdown connection
> > > > > > > > > 2016/02/22 10:49:45:419 EST [DEBUG] MainClientExec -
> > Connection
> > > > > > discarded
> > > > > > > > >
> > > > > > > >
> > > > > > > > The connection is dropped by the server due to an internal
> > error
> > > of
> > > > > > some
> > > > > > > > sort. You need to take it up with the server admin.
> > > > > > > >
> > > > > > > > Oleg
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > ---------------------------------------------------------------------
> > > > > > > > To unsubscribe, e-mail:
> > > httpclient-users-unsubscribe@hc.apache.org <javascript:;>
> > > > > > > > For additional commands, e-mail:
> > > > httpclient-users-help@hc.apache.org <javascript:;>
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > ---------------------------------------------------------------------
> > > > > > To unsubscribe, e-mail:
> httpclient-users-unsubscribe@hc.apache.org
> > > <javascript:;>
> > > > > > For additional commands, e-mail:
> > httpclient-users-help@hc.apache.org
> > > <javascript:;>
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > > >
> > > > ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> > > <javascript:;>
> > > > For additional commands, e-mail: httpclient-users-help@hc.apache.org
> > > <javascript:;>
> > > >
> > > >
> > >
> > >
> > > --
> > > Murat Balkan
> > >
> >
> >
> > --
> > Cordialement.
> > Philippe Mouawad.
> >
>
>
>
> --
> Murat Balkan
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
>
--
Murat Balkan
Re: HttpClient SSL Connection Issue
Posted by "Tim Jacomb [DATACOM]" <ti...@datacom.co.nz>.
Try adding an Accept Header, the server you are contacting appears to reject all requests without one
httpGet.addHeader("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8");
Tim
________________________________________
From: Murat Balkan <mr...@gmail.com>
Sent: Tuesday, 23 February 2016 8:38 a.m.
To: HttpClient User Discussion
Subject: Re: HttpClient SSL Connection Issue
Hi, Please find it below: The version does not matter. Whatever version I
tried failed. I even installed Java 8 to test. My current versions in the
built path are: httpclient4.5.1,httpcore4.4.3,httpmime 4.5.1, jna 4.1.0,
jna-platform4.1.0,httpclient-cache4.5.1
SSLContext sslContext = SSLContexts.createDefault();
SSLConnectionSocketFactory sslConnectionFactory = new
SSLConnectionSocketFactory(sslContext,NoopHostnameVerifier.INSTANCE);
Registry<ConnectionSocketFactory> socketFactoryRegistry =
RegistryBuilder.<ConnectionSocketFactory>create()
.register("http", PlainConnectionSocketFactory.getSocketFactory())
.register("https", sslConnectionFactory)
.build();
PoolingHttpClientConnectionManager cm = new
PoolingHttpClientConnectionManager(socketFactoryRegistry);
cm.setDefaultMaxPerRoute(1);
CloseableHttpClient httpClient = HttpClientBuilder.create()
.disableContentCompression()
.disableAutomaticRetries()
.setUserAgent("User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:44.0)
Gecko/20100101 Firefox/44.0")
.build();
HttpGet httpGet = new HttpGet("https://so.n11.com");
httpClient.execute(httpGet);
System.out.println("I can never reach this point");
On Mon, Feb 22, 2016 at 2:33 PM, Philippe Mouawad <
philippe.mouawad@gmail.com> wrote:
> hi,
> Can you show your httpclient code and mention which versions you used for
> httpcore and httpclient and java exact version
>
> thx
>
> On Monday, February 22, 2016, Murat Balkan <mr...@gmail.com> wrote:
>
> > I tried the following with URL class this time:
> >
> > URL my_url = new URL("https://so.n11.com");
> > BufferedReader br = new BufferedReader(new
> > InputStreamReader(my_url.openStream()));
> > String strTemp = "";
> > while(null != (strTemp = br.readLine())){
> > System.out.println(strTemp);
> > }
> >
> > Even this works. So far URL, HttpURLConnection and Browsers are able to
> > fetch the page. Apache HttpClient cannot.
> > I also tried Fluent from the same package. It fails too.
> >
> >
> >
> >
> >
> > On Mon, Feb 22, 2016 at 12:40 PM, Oleg Kalnichevski <olegk@apache.org
> > <javascript:;>>
> > wrote:
> >
> > > On Mon, 2016-02-22 at 11:27 -0500, Murat Balkan wrote:
> > > > Can you please suggest me how HttpClient can get the page like
> > > > HttpUrlConnection? or Google Chrome?
> > >
> > > Capture a session between a browser or HttpUrlConnection using
> Wireshark
> > > or browser plugin of your choosing. Configure HttpClient to generate
> > > identical messages. See what happens.
> > >
> > > > If I go to the site admin, wouldnt he say the site is totally
> > reachable?
> > > >
> > >
> > > The admin can say that Earth is flat for all I care, but their server
> > > drops connections without sending back a status code like all well
> > > behaved, spec complaint HTTP servers are supposed to do.
> > >
> > > Oleg
> > >
> > >
> > >
> > > > On Mon, Feb 22, 2016 at 11:22 AM, Oleg Kalnichevski <
> olegk@apache.org
> > <javascript:;>>
> > > > wrote:
> > > >
> > > > > On Mon, 2016-02-22 at 11:18 -0500, Murat Balkan wrote:
> > > > > > Hi Oleg,
> > > > > > I do not aggree, other Http libraries does not have this problem.
> > As
> > > I
> > > > > said
> > > > > > HttpUrlConnection gets the page, all types of browsers can get
> the
> > > page.
> > > > > It
> > > > > > is clear that this is an error that is related with the Apache
> > > Client.
> > > > > > Thnaks
> > > > > > Murat
> > > > >
> > > > > You are very welcome to disagree.
> > > > >
> > > > > Your own log clearly show that the problem has nothing to do with
> SSL
> > > > > and is caused by peer connection reset.
> > > > >
> > > > > Oleg
> > > > >
> > > > >
> > > > > >
> > > > > > On Mon, Feb 22, 2016 at 11:14 AM, Oleg Kalnichevski <
> > > olegk@apache.org <javascript:;>>
> > > > > > wrote:
> > > > > >
> > > > > > > On Mon, 2016-02-22 at 10:57 -0500, Murat Balkan wrote:
> > > > > > > > I enabled the debug log and it seems the connection is
> > > established .
> > > > > Any
> > > > > > > > ideas? Attaching below:
> > > > > > > >
> > > > > > > > 2016/02/22 10:49:45:146 EST [DEBUG]
> > > > > DefaultHttpClientConnectionOperator -
> > > > > > > > Connection established 142.133.240.86:34018<->
> > 176.41.133.12:443
> > > > > > > > 2016/02/22 10:49:45:146 EST [DEBUG] MainClientExec -
> Executing
> > > > > request
> > > > > > > GET
> > > > > > > > / HTTP/1.1
> > > > > > > > 2016/02/22 10:49:45:146 EST [DEBUG] MainClientExec - Target
> > auth
> > > > > state:
> > > > > > > > UNCHALLENGED
> > > > > > > > 2016/02/22 10:49:45:146 EST [DEBUG] MainClientExec - Proxy
> auth
> > > > > state:
> > > > > > > > UNCHALLENGED
> > > > > > > > 2016/02/22 10:49:45:147 EST [DEBUG] headers - http-outgoing-3
> > >>
> > > GET
> > > > > /
> > > > > > > > HTTP/1.1
> > > > > > > > 2016/02/22 10:49:45:147 EST [DEBUG] headers - http-outgoing-3
> > >>
> > > > > Host:
> > > > > > > > so.n11.com
> > > > > > > > 2016/02/22 10:49:45:147 EST [DEBUG] headers - http-outgoing-3
> > >>
> > > > > > > > Connection: Keep-Alive
> > > > > > > > 2016/02/22 10:49:45:147 EST [DEBUG] headers - http-outgoing-3
> > >>
> > > > > > > > User-Agent: Apache-HttpClient/4.5.1 (Java/1.7.0_79)
> > > > > > > > 2016/02/22 10:49:45:148 EST [DEBUG] headers - http-outgoing-3
> > >>
> > > > > > > > Accept-Encoding: gzip,deflate
> > > > > > > > 2016/02/22 10:49:45:419 EST [DEBUG]
> > > > > DefaultManagedHttpClientConnection -
> > > > > > > > http-outgoing-3: Close connection
> > > > > > > > 2016/02/22 10:49:45:419 EST [DEBUG]
> > > > > DefaultManagedHttpClientConnection -
> > > > > > > > http-outgoing-3: Shutdown connection
> > > > > > > > 2016/02/22 10:49:45:419 EST [DEBUG] MainClientExec -
> Connection
> > > > > discarded
> > > > > > > >
> > > > > > >
> > > > > > > The connection is dropped by the server due to an internal
> error
> > of
> > > > > some
> > > > > > > sort. You need to take it up with the server admin.
> > > > > > >
> > > > > > > Oleg
> > > > > > >
> > > > > > >
> > > > > > >
> > > ---------------------------------------------------------------------
> > > > > > > To unsubscribe, e-mail:
> > httpclient-users-unsubscribe@hc.apache.org <javascript:;>
> > > > > > > For additional commands, e-mail:
> > > httpclient-users-help@hc.apache.org <javascript:;>
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> ---------------------------------------------------------------------
> > > > > To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> > <javascript:;>
> > > > > For additional commands, e-mail:
> httpclient-users-help@hc.apache.org
> > <javascript:;>
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> > <javascript:;>
> > > For additional commands, e-mail: httpclient-users-help@hc.apache.org
> > <javascript:;>
> > >
> > >
> >
> >
> > --
> > Murat Balkan
> >
>
>
> --
> Cordialement.
> Philippe Mouawad.
>
--
Murat Balkan
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
Re: HttpClient SSL Connection Issue
Posted by Murat Balkan <mr...@gmail.com>.
Hi, Please find it below: The version does not matter. Whatever version I
tried failed. I even installed Java 8 to test. My current versions in the
built path are: httpclient4.5.1,httpcore4.4.3,httpmime 4.5.1, jna 4.1.0,
jna-platform4.1.0,httpclient-cache4.5.1
SSLContext sslContext = SSLContexts.createDefault();
SSLConnectionSocketFactory sslConnectionFactory = new
SSLConnectionSocketFactory(sslContext,NoopHostnameVerifier.INSTANCE);
Registry<ConnectionSocketFactory> socketFactoryRegistry =
RegistryBuilder.<ConnectionSocketFactory>create()
.register("http", PlainConnectionSocketFactory.getSocketFactory())
.register("https", sslConnectionFactory)
.build();
PoolingHttpClientConnectionManager cm = new
PoolingHttpClientConnectionManager(socketFactoryRegistry);
cm.setDefaultMaxPerRoute(1);
CloseableHttpClient httpClient = HttpClientBuilder.create()
.disableContentCompression()
.disableAutomaticRetries()
.setUserAgent("User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:44.0)
Gecko/20100101 Firefox/44.0")
.build();
HttpGet httpGet = new HttpGet("https://so.n11.com");
httpClient.execute(httpGet);
System.out.println("I can never reach this point");
On Mon, Feb 22, 2016 at 2:33 PM, Philippe Mouawad <
philippe.mouawad@gmail.com> wrote:
> hi,
> Can you show your httpclient code and mention which versions you used for
> httpcore and httpclient and java exact version
>
> thx
>
> On Monday, February 22, 2016, Murat Balkan <mr...@gmail.com> wrote:
>
> > I tried the following with URL class this time:
> >
> > URL my_url = new URL("https://so.n11.com");
> > BufferedReader br = new BufferedReader(new
> > InputStreamReader(my_url.openStream()));
> > String strTemp = "";
> > while(null != (strTemp = br.readLine())){
> > System.out.println(strTemp);
> > }
> >
> > Even this works. So far URL, HttpURLConnection and Browsers are able to
> > fetch the page. Apache HttpClient cannot.
> > I also tried Fluent from the same package. It fails too.
> >
> >
> >
> >
> >
> > On Mon, Feb 22, 2016 at 12:40 PM, Oleg Kalnichevski <olegk@apache.org
> > <javascript:;>>
> > wrote:
> >
> > > On Mon, 2016-02-22 at 11:27 -0500, Murat Balkan wrote:
> > > > Can you please suggest me how HttpClient can get the page like
> > > > HttpUrlConnection? or Google Chrome?
> > >
> > > Capture a session between a browser or HttpUrlConnection using
> Wireshark
> > > or browser plugin of your choosing. Configure HttpClient to generate
> > > identical messages. See what happens.
> > >
> > > > If I go to the site admin, wouldnt he say the site is totally
> > reachable?
> > > >
> > >
> > > The admin can say that Earth is flat for all I care, but their server
> > > drops connections without sending back a status code like all well
> > > behaved, spec complaint HTTP servers are supposed to do.
> > >
> > > Oleg
> > >
> > >
> > >
> > > > On Mon, Feb 22, 2016 at 11:22 AM, Oleg Kalnichevski <
> olegk@apache.org
> > <javascript:;>>
> > > > wrote:
> > > >
> > > > > On Mon, 2016-02-22 at 11:18 -0500, Murat Balkan wrote:
> > > > > > Hi Oleg,
> > > > > > I do not aggree, other Http libraries does not have this problem.
> > As
> > > I
> > > > > said
> > > > > > HttpUrlConnection gets the page, all types of browsers can get
> the
> > > page.
> > > > > It
> > > > > > is clear that this is an error that is related with the Apache
> > > Client.
> > > > > > Thnaks
> > > > > > Murat
> > > > >
> > > > > You are very welcome to disagree.
> > > > >
> > > > > Your own log clearly show that the problem has nothing to do with
> SSL
> > > > > and is caused by peer connection reset.
> > > > >
> > > > > Oleg
> > > > >
> > > > >
> > > > > >
> > > > > > On Mon, Feb 22, 2016 at 11:14 AM, Oleg Kalnichevski <
> > > olegk@apache.org <javascript:;>>
> > > > > > wrote:
> > > > > >
> > > > > > > On Mon, 2016-02-22 at 10:57 -0500, Murat Balkan wrote:
> > > > > > > > I enabled the debug log and it seems the connection is
> > > established .
> > > > > Any
> > > > > > > > ideas? Attaching below:
> > > > > > > >
> > > > > > > > 2016/02/22 10:49:45:146 EST [DEBUG]
> > > > > DefaultHttpClientConnectionOperator -
> > > > > > > > Connection established 142.133.240.86:34018<->
> > 176.41.133.12:443
> > > > > > > > 2016/02/22 10:49:45:146 EST [DEBUG] MainClientExec -
> Executing
> > > > > request
> > > > > > > GET
> > > > > > > > / HTTP/1.1
> > > > > > > > 2016/02/22 10:49:45:146 EST [DEBUG] MainClientExec - Target
> > auth
> > > > > state:
> > > > > > > > UNCHALLENGED
> > > > > > > > 2016/02/22 10:49:45:146 EST [DEBUG] MainClientExec - Proxy
> auth
> > > > > state:
> > > > > > > > UNCHALLENGED
> > > > > > > > 2016/02/22 10:49:45:147 EST [DEBUG] headers - http-outgoing-3
> > >>
> > > GET
> > > > > /
> > > > > > > > HTTP/1.1
> > > > > > > > 2016/02/22 10:49:45:147 EST [DEBUG] headers - http-outgoing-3
> > >>
> > > > > Host:
> > > > > > > > so.n11.com
> > > > > > > > 2016/02/22 10:49:45:147 EST [DEBUG] headers - http-outgoing-3
> > >>
> > > > > > > > Connection: Keep-Alive
> > > > > > > > 2016/02/22 10:49:45:147 EST [DEBUG] headers - http-outgoing-3
> > >>
> > > > > > > > User-Agent: Apache-HttpClient/4.5.1 (Java/1.7.0_79)
> > > > > > > > 2016/02/22 10:49:45:148 EST [DEBUG] headers - http-outgoing-3
> > >>
> > > > > > > > Accept-Encoding: gzip,deflate
> > > > > > > > 2016/02/22 10:49:45:419 EST [DEBUG]
> > > > > DefaultManagedHttpClientConnection -
> > > > > > > > http-outgoing-3: Close connection
> > > > > > > > 2016/02/22 10:49:45:419 EST [DEBUG]
> > > > > DefaultManagedHttpClientConnection -
> > > > > > > > http-outgoing-3: Shutdown connection
> > > > > > > > 2016/02/22 10:49:45:419 EST [DEBUG] MainClientExec -
> Connection
> > > > > discarded
> > > > > > > >
> > > > > > >
> > > > > > > The connection is dropped by the server due to an internal
> error
> > of
> > > > > some
> > > > > > > sort. You need to take it up with the server admin.
> > > > > > >
> > > > > > > Oleg
> > > > > > >
> > > > > > >
> > > > > > >
> > > ---------------------------------------------------------------------
> > > > > > > To unsubscribe, e-mail:
> > httpclient-users-unsubscribe@hc.apache.org <javascript:;>
> > > > > > > For additional commands, e-mail:
> > > httpclient-users-help@hc.apache.org <javascript:;>
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> ---------------------------------------------------------------------
> > > > > To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> > <javascript:;>
> > > > > For additional commands, e-mail:
> httpclient-users-help@hc.apache.org
> > <javascript:;>
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> > <javascript:;>
> > > For additional commands, e-mail: httpclient-users-help@hc.apache.org
> > <javascript:;>
> > >
> > >
> >
> >
> > --
> > Murat Balkan
> >
>
>
> --
> Cordialement.
> Philippe Mouawad.
>
--
Murat Balkan
Re: HttpClient SSL Connection Issue
Posted by Philippe Mouawad <ph...@gmail.com>.
hi,
Can you show your httpclient code and mention which versions you used for
httpcore and httpclient and java exact version
thx
On Monday, February 22, 2016, Murat Balkan <mr...@gmail.com> wrote:
> I tried the following with URL class this time:
>
> URL my_url = new URL("https://so.n11.com");
> BufferedReader br = new BufferedReader(new
> InputStreamReader(my_url.openStream()));
> String strTemp = "";
> while(null != (strTemp = br.readLine())){
> System.out.println(strTemp);
> }
>
> Even this works. So far URL, HttpURLConnection and Browsers are able to
> fetch the page. Apache HttpClient cannot.
> I also tried Fluent from the same package. It fails too.
>
>
>
>
>
> On Mon, Feb 22, 2016 at 12:40 PM, Oleg Kalnichevski <olegk@apache.org
> <javascript:;>>
> wrote:
>
> > On Mon, 2016-02-22 at 11:27 -0500, Murat Balkan wrote:
> > > Can you please suggest me how HttpClient can get the page like
> > > HttpUrlConnection? or Google Chrome?
> >
> > Capture a session between a browser or HttpUrlConnection using Wireshark
> > or browser plugin of your choosing. Configure HttpClient to generate
> > identical messages. See what happens.
> >
> > > If I go to the site admin, wouldnt he say the site is totally
> reachable?
> > >
> >
> > The admin can say that Earth is flat for all I care, but their server
> > drops connections without sending back a status code like all well
> > behaved, spec complaint HTTP servers are supposed to do.
> >
> > Oleg
> >
> >
> >
> > > On Mon, Feb 22, 2016 at 11:22 AM, Oleg Kalnichevski <olegk@apache.org
> <javascript:;>>
> > > wrote:
> > >
> > > > On Mon, 2016-02-22 at 11:18 -0500, Murat Balkan wrote:
> > > > > Hi Oleg,
> > > > > I do not aggree, other Http libraries does not have this problem.
> As
> > I
> > > > said
> > > > > HttpUrlConnection gets the page, all types of browsers can get the
> > page.
> > > > It
> > > > > is clear that this is an error that is related with the Apache
> > Client.
> > > > > Thnaks
> > > > > Murat
> > > >
> > > > You are very welcome to disagree.
> > > >
> > > > Your own log clearly show that the problem has nothing to do with SSL
> > > > and is caused by peer connection reset.
> > > >
> > > > Oleg
> > > >
> > > >
> > > > >
> > > > > On Mon, Feb 22, 2016 at 11:14 AM, Oleg Kalnichevski <
> > olegk@apache.org <javascript:;>>
> > > > > wrote:
> > > > >
> > > > > > On Mon, 2016-02-22 at 10:57 -0500, Murat Balkan wrote:
> > > > > > > I enabled the debug log and it seems the connection is
> > established .
> > > > Any
> > > > > > > ideas? Attaching below:
> > > > > > >
> > > > > > > 2016/02/22 10:49:45:146 EST [DEBUG]
> > > > DefaultHttpClientConnectionOperator -
> > > > > > > Connection established 142.133.240.86:34018<->
> 176.41.133.12:443
> > > > > > > 2016/02/22 10:49:45:146 EST [DEBUG] MainClientExec - Executing
> > > > request
> > > > > > GET
> > > > > > > / HTTP/1.1
> > > > > > > 2016/02/22 10:49:45:146 EST [DEBUG] MainClientExec - Target
> auth
> > > > state:
> > > > > > > UNCHALLENGED
> > > > > > > 2016/02/22 10:49:45:146 EST [DEBUG] MainClientExec - Proxy auth
> > > > state:
> > > > > > > UNCHALLENGED
> > > > > > > 2016/02/22 10:49:45:147 EST [DEBUG] headers - http-outgoing-3
> >>
> > GET
> > > > /
> > > > > > > HTTP/1.1
> > > > > > > 2016/02/22 10:49:45:147 EST [DEBUG] headers - http-outgoing-3
> >>
> > > > Host:
> > > > > > > so.n11.com
> > > > > > > 2016/02/22 10:49:45:147 EST [DEBUG] headers - http-outgoing-3
> >>
> > > > > > > Connection: Keep-Alive
> > > > > > > 2016/02/22 10:49:45:147 EST [DEBUG] headers - http-outgoing-3
> >>
> > > > > > > User-Agent: Apache-HttpClient/4.5.1 (Java/1.7.0_79)
> > > > > > > 2016/02/22 10:49:45:148 EST [DEBUG] headers - http-outgoing-3
> >>
> > > > > > > Accept-Encoding: gzip,deflate
> > > > > > > 2016/02/22 10:49:45:419 EST [DEBUG]
> > > > DefaultManagedHttpClientConnection -
> > > > > > > http-outgoing-3: Close connection
> > > > > > > 2016/02/22 10:49:45:419 EST [DEBUG]
> > > > DefaultManagedHttpClientConnection -
> > > > > > > http-outgoing-3: Shutdown connection
> > > > > > > 2016/02/22 10:49:45:419 EST [DEBUG] MainClientExec - Connection
> > > > discarded
> > > > > > >
> > > > > >
> > > > > > The connection is dropped by the server due to an internal error
> of
> > > > some
> > > > > > sort. You need to take it up with the server admin.
> > > > > >
> > > > > > Oleg
> > > > > >
> > > > > >
> > > > > >
> > ---------------------------------------------------------------------
> > > > > > To unsubscribe, e-mail:
> httpclient-users-unsubscribe@hc.apache.org <javascript:;>
> > > > > > For additional commands, e-mail:
> > httpclient-users-help@hc.apache.org <javascript:;>
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > > >
> > > > ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> <javascript:;>
> > > > For additional commands, e-mail: httpclient-users-help@hc.apache.org
> <javascript:;>
> > > >
> > > >
> > >
> > >
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> <javascript:;>
> > For additional commands, e-mail: httpclient-users-help@hc.apache.org
> <javascript:;>
> >
> >
>
>
> --
> Murat Balkan
>
--
Cordialement.
Philippe Mouawad.
Re: HttpClient SSL Connection Issue
Posted by Murat Balkan <mr...@gmail.com>.
I tried the following with URL class this time:
URL my_url = new URL("https://so.n11.com");
BufferedReader br = new BufferedReader(new
InputStreamReader(my_url.openStream()));
String strTemp = "";
while(null != (strTemp = br.readLine())){
System.out.println(strTemp);
}
Even this works. So far URL, HttpURLConnection and Browsers are able to
fetch the page. Apache HttpClient cannot.
I also tried Fluent from the same package. It fails too.
On Mon, Feb 22, 2016 at 12:40 PM, Oleg Kalnichevski <ol...@apache.org>
wrote:
> On Mon, 2016-02-22 at 11:27 -0500, Murat Balkan wrote:
> > Can you please suggest me how HttpClient can get the page like
> > HttpUrlConnection? or Google Chrome?
>
> Capture a session between a browser or HttpUrlConnection using Wireshark
> or browser plugin of your choosing. Configure HttpClient to generate
> identical messages. See what happens.
>
> > If I go to the site admin, wouldnt he say the site is totally reachable?
> >
>
> The admin can say that Earth is flat for all I care, but their server
> drops connections without sending back a status code like all well
> behaved, spec complaint HTTP servers are supposed to do.
>
> Oleg
>
>
>
> > On Mon, Feb 22, 2016 at 11:22 AM, Oleg Kalnichevski <ol...@apache.org>
> > wrote:
> >
> > > On Mon, 2016-02-22 at 11:18 -0500, Murat Balkan wrote:
> > > > Hi Oleg,
> > > > I do not aggree, other Http libraries does not have this problem. As
> I
> > > said
> > > > HttpUrlConnection gets the page, all types of browsers can get the
> page.
> > > It
> > > > is clear that this is an error that is related with the Apache
> Client.
> > > > Thnaks
> > > > Murat
> > >
> > > You are very welcome to disagree.
> > >
> > > Your own log clearly show that the problem has nothing to do with SSL
> > > and is caused by peer connection reset.
> > >
> > > Oleg
> > >
> > >
> > > >
> > > > On Mon, Feb 22, 2016 at 11:14 AM, Oleg Kalnichevski <
> olegk@apache.org>
> > > > wrote:
> > > >
> > > > > On Mon, 2016-02-22 at 10:57 -0500, Murat Balkan wrote:
> > > > > > I enabled the debug log and it seems the connection is
> established .
> > > Any
> > > > > > ideas? Attaching below:
> > > > > >
> > > > > > 2016/02/22 10:49:45:146 EST [DEBUG]
> > > DefaultHttpClientConnectionOperator -
> > > > > > Connection established 142.133.240.86:34018<->176.41.133.12:443
> > > > > > 2016/02/22 10:49:45:146 EST [DEBUG] MainClientExec - Executing
> > > request
> > > > > GET
> > > > > > / HTTP/1.1
> > > > > > 2016/02/22 10:49:45:146 EST [DEBUG] MainClientExec - Target auth
> > > state:
> > > > > > UNCHALLENGED
> > > > > > 2016/02/22 10:49:45:146 EST [DEBUG] MainClientExec - Proxy auth
> > > state:
> > > > > > UNCHALLENGED
> > > > > > 2016/02/22 10:49:45:147 EST [DEBUG] headers - http-outgoing-3 >>
> GET
> > > /
> > > > > > HTTP/1.1
> > > > > > 2016/02/22 10:49:45:147 EST [DEBUG] headers - http-outgoing-3 >>
> > > Host:
> > > > > > so.n11.com
> > > > > > 2016/02/22 10:49:45:147 EST [DEBUG] headers - http-outgoing-3 >>
> > > > > > Connection: Keep-Alive
> > > > > > 2016/02/22 10:49:45:147 EST [DEBUG] headers - http-outgoing-3 >>
> > > > > > User-Agent: Apache-HttpClient/4.5.1 (Java/1.7.0_79)
> > > > > > 2016/02/22 10:49:45:148 EST [DEBUG] headers - http-outgoing-3 >>
> > > > > > Accept-Encoding: gzip,deflate
> > > > > > 2016/02/22 10:49:45:419 EST [DEBUG]
> > > DefaultManagedHttpClientConnection -
> > > > > > http-outgoing-3: Close connection
> > > > > > 2016/02/22 10:49:45:419 EST [DEBUG]
> > > DefaultManagedHttpClientConnection -
> > > > > > http-outgoing-3: Shutdown connection
> > > > > > 2016/02/22 10:49:45:419 EST [DEBUG] MainClientExec - Connection
> > > discarded
> > > > > >
> > > > >
> > > > > The connection is dropped by the server due to an internal error of
> > > some
> > > > > sort. You need to take it up with the server admin.
> > > > >
> > > > > Oleg
> > > > >
> > > > >
> > > > >
> ---------------------------------------------------------------------
> > > > > To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> > > > > For additional commands, e-mail:
> httpclient-users-help@hc.apache.org
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> > > For additional commands, e-mail: httpclient-users-help@hc.apache.org
> > >
> > >
> >
> >
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
>
--
Murat Balkan
Re: HttpClient SSL Connection Issue
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Mon, 2016-02-22 at 11:27 -0500, Murat Balkan wrote:
> Can you please suggest me how HttpClient can get the page like
> HttpUrlConnection? or Google Chrome?
Capture a session between a browser or HttpUrlConnection using Wireshark
or browser plugin of your choosing. Configure HttpClient to generate
identical messages. See what happens.
> If I go to the site admin, wouldnt he say the site is totally reachable?
>
The admin can say that Earth is flat for all I care, but their server
drops connections without sending back a status code like all well
behaved, spec complaint HTTP servers are supposed to do.
Oleg
> On Mon, Feb 22, 2016 at 11:22 AM, Oleg Kalnichevski <ol...@apache.org>
> wrote:
>
> > On Mon, 2016-02-22 at 11:18 -0500, Murat Balkan wrote:
> > > Hi Oleg,
> > > I do not aggree, other Http libraries does not have this problem. As I
> > said
> > > HttpUrlConnection gets the page, all types of browsers can get the page.
> > It
> > > is clear that this is an error that is related with the Apache Client.
> > > Thnaks
> > > Murat
> >
> > You are very welcome to disagree.
> >
> > Your own log clearly show that the problem has nothing to do with SSL
> > and is caused by peer connection reset.
> >
> > Oleg
> >
> >
> > >
> > > On Mon, Feb 22, 2016 at 11:14 AM, Oleg Kalnichevski <ol...@apache.org>
> > > wrote:
> > >
> > > > On Mon, 2016-02-22 at 10:57 -0500, Murat Balkan wrote:
> > > > > I enabled the debug log and it seems the connection is established .
> > Any
> > > > > ideas? Attaching below:
> > > > >
> > > > > 2016/02/22 10:49:45:146 EST [DEBUG]
> > DefaultHttpClientConnectionOperator -
> > > > > Connection established 142.133.240.86:34018<->176.41.133.12:443
> > > > > 2016/02/22 10:49:45:146 EST [DEBUG] MainClientExec - Executing
> > request
> > > > GET
> > > > > / HTTP/1.1
> > > > > 2016/02/22 10:49:45:146 EST [DEBUG] MainClientExec - Target auth
> > state:
> > > > > UNCHALLENGED
> > > > > 2016/02/22 10:49:45:146 EST [DEBUG] MainClientExec - Proxy auth
> > state:
> > > > > UNCHALLENGED
> > > > > 2016/02/22 10:49:45:147 EST [DEBUG] headers - http-outgoing-3 >> GET
> > /
> > > > > HTTP/1.1
> > > > > 2016/02/22 10:49:45:147 EST [DEBUG] headers - http-outgoing-3 >>
> > Host:
> > > > > so.n11.com
> > > > > 2016/02/22 10:49:45:147 EST [DEBUG] headers - http-outgoing-3 >>
> > > > > Connection: Keep-Alive
> > > > > 2016/02/22 10:49:45:147 EST [DEBUG] headers - http-outgoing-3 >>
> > > > > User-Agent: Apache-HttpClient/4.5.1 (Java/1.7.0_79)
> > > > > 2016/02/22 10:49:45:148 EST [DEBUG] headers - http-outgoing-3 >>
> > > > > Accept-Encoding: gzip,deflate
> > > > > 2016/02/22 10:49:45:419 EST [DEBUG]
> > DefaultManagedHttpClientConnection -
> > > > > http-outgoing-3: Close connection
> > > > > 2016/02/22 10:49:45:419 EST [DEBUG]
> > DefaultManagedHttpClientConnection -
> > > > > http-outgoing-3: Shutdown connection
> > > > > 2016/02/22 10:49:45:419 EST [DEBUG] MainClientExec - Connection
> > discarded
> > > > >
> > > >
> > > > The connection is dropped by the server due to an internal error of
> > some
> > > > sort. You need to take it up with the server admin.
> > > >
> > > > Oleg
> > > >
> > > >
> > > > ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> > > > For additional commands, e-mail: httpclient-users-help@hc.apache.org
> > > >
> > > >
> > >
> > >
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> > For additional commands, e-mail: httpclient-users-help@hc.apache.org
> >
> >
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
Re: HttpClient SSL Connection Issue
Posted by Murat Balkan <mr...@gmail.com>.
Can you please suggest me how HttpClient can get the page like
HttpUrlConnection? or Google Chrome?
If I go to the site admin, wouldnt he say the site is totally reachable?
On Mon, Feb 22, 2016 at 11:22 AM, Oleg Kalnichevski <ol...@apache.org>
wrote:
> On Mon, 2016-02-22 at 11:18 -0500, Murat Balkan wrote:
> > Hi Oleg,
> > I do not aggree, other Http libraries does not have this problem. As I
> said
> > HttpUrlConnection gets the page, all types of browsers can get the page.
> It
> > is clear that this is an error that is related with the Apache Client.
> > Thnaks
> > Murat
>
> You are very welcome to disagree.
>
> Your own log clearly show that the problem has nothing to do with SSL
> and is caused by peer connection reset.
>
> Oleg
>
>
> >
> > On Mon, Feb 22, 2016 at 11:14 AM, Oleg Kalnichevski <ol...@apache.org>
> > wrote:
> >
> > > On Mon, 2016-02-22 at 10:57 -0500, Murat Balkan wrote:
> > > > I enabled the debug log and it seems the connection is established .
> Any
> > > > ideas? Attaching below:
> > > >
> > > > 2016/02/22 10:49:45:146 EST [DEBUG]
> DefaultHttpClientConnectionOperator -
> > > > Connection established 142.133.240.86:34018<->176.41.133.12:443
> > > > 2016/02/22 10:49:45:146 EST [DEBUG] MainClientExec - Executing
> request
> > > GET
> > > > / HTTP/1.1
> > > > 2016/02/22 10:49:45:146 EST [DEBUG] MainClientExec - Target auth
> state:
> > > > UNCHALLENGED
> > > > 2016/02/22 10:49:45:146 EST [DEBUG] MainClientExec - Proxy auth
> state:
> > > > UNCHALLENGED
> > > > 2016/02/22 10:49:45:147 EST [DEBUG] headers - http-outgoing-3 >> GET
> /
> > > > HTTP/1.1
> > > > 2016/02/22 10:49:45:147 EST [DEBUG] headers - http-outgoing-3 >>
> Host:
> > > > so.n11.com
> > > > 2016/02/22 10:49:45:147 EST [DEBUG] headers - http-outgoing-3 >>
> > > > Connection: Keep-Alive
> > > > 2016/02/22 10:49:45:147 EST [DEBUG] headers - http-outgoing-3 >>
> > > > User-Agent: Apache-HttpClient/4.5.1 (Java/1.7.0_79)
> > > > 2016/02/22 10:49:45:148 EST [DEBUG] headers - http-outgoing-3 >>
> > > > Accept-Encoding: gzip,deflate
> > > > 2016/02/22 10:49:45:419 EST [DEBUG]
> DefaultManagedHttpClientConnection -
> > > > http-outgoing-3: Close connection
> > > > 2016/02/22 10:49:45:419 EST [DEBUG]
> DefaultManagedHttpClientConnection -
> > > > http-outgoing-3: Shutdown connection
> > > > 2016/02/22 10:49:45:419 EST [DEBUG] MainClientExec - Connection
> discarded
> > > >
> > >
> > > The connection is dropped by the server due to an internal error of
> some
> > > sort. You need to take it up with the server admin.
> > >
> > > Oleg
> > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> > > For additional commands, e-mail: httpclient-users-help@hc.apache.org
> > >
> > >
> >
> >
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
>
--
Murat Balkan
Re: HttpClient SSL Connection Issue
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Mon, 2016-02-22 at 11:18 -0500, Murat Balkan wrote:
> Hi Oleg,
> I do not aggree, other Http libraries does not have this problem. As I said
> HttpUrlConnection gets the page, all types of browsers can get the page. It
> is clear that this is an error that is related with the Apache Client.
> Thnaks
> Murat
You are very welcome to disagree.
Your own log clearly show that the problem has nothing to do with SSL
and is caused by peer connection reset.
Oleg
>
> On Mon, Feb 22, 2016 at 11:14 AM, Oleg Kalnichevski <ol...@apache.org>
> wrote:
>
> > On Mon, 2016-02-22 at 10:57 -0500, Murat Balkan wrote:
> > > I enabled the debug log and it seems the connection is established . Any
> > > ideas? Attaching below:
> > >
> > > 2016/02/22 10:49:45:146 EST [DEBUG] DefaultHttpClientConnectionOperator -
> > > Connection established 142.133.240.86:34018<->176.41.133.12:443
> > > 2016/02/22 10:49:45:146 EST [DEBUG] MainClientExec - Executing request
> > GET
> > > / HTTP/1.1
> > > 2016/02/22 10:49:45:146 EST [DEBUG] MainClientExec - Target auth state:
> > > UNCHALLENGED
> > > 2016/02/22 10:49:45:146 EST [DEBUG] MainClientExec - Proxy auth state:
> > > UNCHALLENGED
> > > 2016/02/22 10:49:45:147 EST [DEBUG] headers - http-outgoing-3 >> GET /
> > > HTTP/1.1
> > > 2016/02/22 10:49:45:147 EST [DEBUG] headers - http-outgoing-3 >> Host:
> > > so.n11.com
> > > 2016/02/22 10:49:45:147 EST [DEBUG] headers - http-outgoing-3 >>
> > > Connection: Keep-Alive
> > > 2016/02/22 10:49:45:147 EST [DEBUG] headers - http-outgoing-3 >>
> > > User-Agent: Apache-HttpClient/4.5.1 (Java/1.7.0_79)
> > > 2016/02/22 10:49:45:148 EST [DEBUG] headers - http-outgoing-3 >>
> > > Accept-Encoding: gzip,deflate
> > > 2016/02/22 10:49:45:419 EST [DEBUG] DefaultManagedHttpClientConnection -
> > > http-outgoing-3: Close connection
> > > 2016/02/22 10:49:45:419 EST [DEBUG] DefaultManagedHttpClientConnection -
> > > http-outgoing-3: Shutdown connection
> > > 2016/02/22 10:49:45:419 EST [DEBUG] MainClientExec - Connection discarded
> > >
> >
> > The connection is dropped by the server due to an internal error of some
> > sort. You need to take it up with the server admin.
> >
> > Oleg
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> > For additional commands, e-mail: httpclient-users-help@hc.apache.org
> >
> >
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
Re: HttpClient SSL Connection Issue
Posted by Murat Balkan <mr...@gmail.com>.
Hi Oleg,
I do not aggree, other Http libraries does not have this problem. As I said
HttpUrlConnection gets the page, all types of browsers can get the page. It
is clear that this is an error that is related with the Apache Client.
Thnaks
Murat
On Mon, Feb 22, 2016 at 11:14 AM, Oleg Kalnichevski <ol...@apache.org>
wrote:
> On Mon, 2016-02-22 at 10:57 -0500, Murat Balkan wrote:
> > I enabled the debug log and it seems the connection is established . Any
> > ideas? Attaching below:
> >
> > 2016/02/22 10:49:45:146 EST [DEBUG] DefaultHttpClientConnectionOperator -
> > Connection established 142.133.240.86:34018<->176.41.133.12:443
> > 2016/02/22 10:49:45:146 EST [DEBUG] MainClientExec - Executing request
> GET
> > / HTTP/1.1
> > 2016/02/22 10:49:45:146 EST [DEBUG] MainClientExec - Target auth state:
> > UNCHALLENGED
> > 2016/02/22 10:49:45:146 EST [DEBUG] MainClientExec - Proxy auth state:
> > UNCHALLENGED
> > 2016/02/22 10:49:45:147 EST [DEBUG] headers - http-outgoing-3 >> GET /
> > HTTP/1.1
> > 2016/02/22 10:49:45:147 EST [DEBUG] headers - http-outgoing-3 >> Host:
> > so.n11.com
> > 2016/02/22 10:49:45:147 EST [DEBUG] headers - http-outgoing-3 >>
> > Connection: Keep-Alive
> > 2016/02/22 10:49:45:147 EST [DEBUG] headers - http-outgoing-3 >>
> > User-Agent: Apache-HttpClient/4.5.1 (Java/1.7.0_79)
> > 2016/02/22 10:49:45:148 EST [DEBUG] headers - http-outgoing-3 >>
> > Accept-Encoding: gzip,deflate
> > 2016/02/22 10:49:45:419 EST [DEBUG] DefaultManagedHttpClientConnection -
> > http-outgoing-3: Close connection
> > 2016/02/22 10:49:45:419 EST [DEBUG] DefaultManagedHttpClientConnection -
> > http-outgoing-3: Shutdown connection
> > 2016/02/22 10:49:45:419 EST [DEBUG] MainClientExec - Connection discarded
> >
>
> The connection is dropped by the server due to an internal error of some
> sort. You need to take it up with the server admin.
>
> Oleg
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
>
--
Murat Balkan
Re: HttpClient SSL Connection Issue
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Mon, 2016-02-22 at 10:57 -0500, Murat Balkan wrote:
> I enabled the debug log and it seems the connection is established . Any
> ideas? Attaching below:
>
> 2016/02/22 10:49:45:146 EST [DEBUG] DefaultHttpClientConnectionOperator -
> Connection established 142.133.240.86:34018<->176.41.133.12:443
> 2016/02/22 10:49:45:146 EST [DEBUG] MainClientExec - Executing request GET
> / HTTP/1.1
> 2016/02/22 10:49:45:146 EST [DEBUG] MainClientExec - Target auth state:
> UNCHALLENGED
> 2016/02/22 10:49:45:146 EST [DEBUG] MainClientExec - Proxy auth state:
> UNCHALLENGED
> 2016/02/22 10:49:45:147 EST [DEBUG] headers - http-outgoing-3 >> GET /
> HTTP/1.1
> 2016/02/22 10:49:45:147 EST [DEBUG] headers - http-outgoing-3 >> Host:
> so.n11.com
> 2016/02/22 10:49:45:147 EST [DEBUG] headers - http-outgoing-3 >>
> Connection: Keep-Alive
> 2016/02/22 10:49:45:147 EST [DEBUG] headers - http-outgoing-3 >>
> User-Agent: Apache-HttpClient/4.5.1 (Java/1.7.0_79)
> 2016/02/22 10:49:45:148 EST [DEBUG] headers - http-outgoing-3 >>
> Accept-Encoding: gzip,deflate
> 2016/02/22 10:49:45:419 EST [DEBUG] DefaultManagedHttpClientConnection -
> http-outgoing-3: Close connection
> 2016/02/22 10:49:45:419 EST [DEBUG] DefaultManagedHttpClientConnection -
> http-outgoing-3: Shutdown connection
> 2016/02/22 10:49:45:419 EST [DEBUG] MainClientExec - Connection discarded
>
The connection is dropped by the server due to an internal error of some
sort. You need to take it up with the server admin.
Oleg
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
Re: HttpClient SSL Connection Issue
Posted by Murat Balkan <mr...@gmail.com>.
I enabled the debug log and it seems the connection is established . Any
ideas? Attaching below:
2016/02/22 10:49:45:146 EST [DEBUG] DefaultHttpClientConnectionOperator -
Connection established 142.133.240.86:34018<->176.41.133.12:443
2016/02/22 10:49:45:146 EST [DEBUG] MainClientExec - Executing request GET
/ HTTP/1.1
2016/02/22 10:49:45:146 EST [DEBUG] MainClientExec - Target auth state:
UNCHALLENGED
2016/02/22 10:49:45:146 EST [DEBUG] MainClientExec - Proxy auth state:
UNCHALLENGED
2016/02/22 10:49:45:147 EST [DEBUG] headers - http-outgoing-3 >> GET /
HTTP/1.1
2016/02/22 10:49:45:147 EST [DEBUG] headers - http-outgoing-3 >> Host:
so.n11.com
2016/02/22 10:49:45:147 EST [DEBUG] headers - http-outgoing-3 >>
Connection: Keep-Alive
2016/02/22 10:49:45:147 EST [DEBUG] headers - http-outgoing-3 >>
User-Agent: Apache-HttpClient/4.5.1 (Java/1.7.0_79)
2016/02/22 10:49:45:148 EST [DEBUG] headers - http-outgoing-3 >>
Accept-Encoding: gzip,deflate
2016/02/22 10:49:45:419 EST [DEBUG] DefaultManagedHttpClientConnection -
http-outgoing-3: Close connection
2016/02/22 10:49:45:419 EST [DEBUG] DefaultManagedHttpClientConnection -
http-outgoing-3: Shutdown connection
2016/02/22 10:49:45:419 EST [DEBUG] MainClientExec - Connection discarded
On Sat, Feb 20, 2016 at 10:51 PM, Murat Balkan <mr...@gmail.com> wrote:
> Hi,
>
> I have a problem with HttpClient. (All versions, seems to have the same)
>
> When I try to connect an Https site (specifically so.n11.com) I got a
> connection reset error after the handshake is finalized. If I try to call
> the same URL with HttpUrlConnection, I dont get any errors. The browsers do
> not have any problems displaying this site.
>
> I started thinking that this could be a bug, or I am doing something
> wrong. I hope somebody can recognize this issue.
>
>
> The code I am running is pretty straightforward: The same code works for
> other HTTPS sites I tested.
>
> SSLConnectionSocketFactory sslConnectionFactory = new
>> SSLConnectionSocketFactory(sslContext,new String[]
>> {"TLSv1","TLSv1.1","TLSv1.2"},null, NoopHostnameVerifier.INSTANCE);
>> Registry<ConnectionSocketFactory> socketFactoryRegistry =
>> RegistryBuilder.<ConnectionSocketFactory>create()
>> .register("http", PlainConnectionSocketFactory.getSocketFactory())
>> .register("https", sslConnectionFactory)
>> .build();
>> PoolingHttpClientConnectionManager cm = new
>> PoolingHttpClientConnectionManager(socketFactoryRegistry);
>> cm.setDefaultMaxPerRoute(1);
>> CloseableHttpClient httpClient = HttpClientBuilder.create().build();
>> HttpGet httpGet = new HttpGet("https://so.n11.com");
>> httpClient.execute(httpGet);
>> System.out.println("I can never reach this point");
>
>
>
> The exception I am receiving is:
>
> java.net.SocketException: Connection reset
>> at java.net.SocketInputStream.read(Unknown Source)
>> at java.net.SocketInputStream.read(Unknown Source)
>> at sun.security.ssl.InputRecord.readFully(Unknown Source)
>> at sun.security.ssl.InputRecord.read(Unknown Source)
>> at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
>> at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
>> at sun.security.ssl.AppInputStream.read(Unknown Source)
>> at
>> org.apache.http.impl.io.SessionInputBufferImpl.streamRead(SessionInputBufferImpl.java:139)
>> at
>> org.apache.http.impl.io.SessionInputBufferImpl.fillBuffer(SessionInputBufferImpl.java:155)
>> at
>> org.apache.http.impl.io.SessionInputBufferImpl.readLine(SessionInputBufferImpl.java:284)
>> at
>> org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:140)
>> at
>> org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:57)
>> at
>> org.apache.http.impl.io.AbstractMessageParser.parse(AbstractMessageParser.java:261)
>> at
>> org.apache.http.impl.DefaultBHttpClientConnection.receiveResponseHeader(DefaultBHttpClientConnection.java:165)
>> at
>> org.apache.http.impl.conn.CPoolProxy.receiveResponseHeader(CPoolProxy.java:167)
>> at
>> org.apache.http.protocol.HttpRequestExecutor.doReceiveResponse(HttpRequestExecutor.java:272)
>> at
>> org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:124)
>> at
>> org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:271)
>> at
>> org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184)
>> at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88)
>> at
>> org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
>> at
>> org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
>> at
>> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
>> at
>> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
>> at HttpTest.main(HttpTest.java:102)
>
>
>
> My ssl debugged console output, The last line shows where it is crashing.
>
>
> keyStore is :
> keyStore type is : jks
> keyStore provider is :
> init keystore
> init keymanager of type SunX509
> trustStore is: C:\Program Files\Java\jre7\lib\security\cacerts
> trustStore type is : jks
> trustStore provider is :
> init truststore
> adding as trusted cert:
> Subject: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
> Issuer: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
> Algorithm: RSA; Serial number: 0x4eb200670c035d4f
> Valid from Wed Oct 25 04:36:00 EDT 2006 until Sat Oct 25 04:36:00 EDT
> 2036
>
> adding as trusted cert:
> Subject: EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/,
> OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.",
> L=ValiCert Validation Network
> Issuer: EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/,
> OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.",
> L=ValiCert Validation Network
> Algorithm: RSA; Serial number: 0x1
> Valid from Fri Jun 25 18:23:48 EDT 1999 until Tue Jun 25 18:23:48 EDT
> 2019
>
> .............other certs are added here.....................
> trigger seeding of SecureRandom
> done seeding SecureRandom
> Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
> Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
> Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
> Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
> Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
> Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
> Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
> Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
> Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
> Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
> Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
> Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
> Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
> Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
> Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
> Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
> Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
> Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
> Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
> Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
> Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
> Allow unsafe renegotiation: true
> Allow legacy hello messages: true
> Is initial handshake: true
> Is secure renegotiation: false
> %% No cached client session
> *** ClientHello, TLSv1
> RandomCookie: GMT: 1439249216 bytes = { 181, 51, 240, 91, 213, 128, 253,
> 130, 175, 1, 120, 144, 175, 47, 84, 255, 110, 176, 90, 12, 1, 222, 26, 228,
> 217, 253, 204, 183 }
> Session ID: {}
> Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA,
> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
> TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
> SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
> TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
> SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
> TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA,
> TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA,
> SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
> Compression Methods: { 0 }
> Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2,
> secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1,
> secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1,
> secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1,
> sect193r2, secp224k1, sect239k1, secp256k1}
> Extension ec_point_formats, formats: [uncompressed]
> Extension server_name, server_name: [host_name: so.n11.com]
> ***
> main, WRITE: TLSv1 Handshake, length = 168
> main, READ: TLSv1 Handshake, length = 81
> *** ServerHello, TLSv1
> RandomCookie: GMT: -248021780 bytes = { 64, 87, 126, 169, 131, 166, 131,
> 53, 47, 116, 132, 123, 96, 239, 214, 212, 205, 233, 60, 43, 47, 215, 42,
> 241, 70, 71, 193, 163 }
> Session ID: {160, 223, 84, 38, 21, 14, 47, 17, 44, 4, 143, 239, 27, 88,
> 141, 50, 135, 210, 22, 55, 10, 225, 144, 80, 32, 160, 166, 196, 53, 97,
> 173, 162}
> Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA
> Compression Method: 0
> Extension renegotiation_info, renegotiated_connection: <empty>
> ***
> %% Initialized: [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]
> ** TLS_RSA_WITH_AES_128_CBC_SHA
> main, READ: TLSv1 Handshake, length = 2811
> *** Certificate chain
> chain [0] = [
> [
> Version: V3
> Subject: CN=www.n11.com, O=Dogus Planet Elektronik Ticaret ve Bilisim
> Hizmetleri A.S., OU=Dogus Planet IT, STREET=Resitpasa Mah. ITU Teknokent
> ARI-3 N:4/A-3 Ickapi No:8-9, L=Sariyer, ST=Istanbul, C=TR,
> OID.1.3.6.1.4.1.311.60.2.1.3=TR, SERIALNUMBER=824112, OID.2.5.4.15=Private
> Organization
> Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
>
> Key: Sun RSA public key, 2048 bits
> modulus:
> 22836644521018276508843000972511360511817142465792577836128935435959156931305947010784223146380337369761698668175134462105224854055862419613719124355757789290179807554826760077516112777710883109860118043817151287493315641961466739474383875608008783365165145348645068516141971909173260212386832124402015304544064531092387299432880310533962291809691804377688097843426102003484673487144027667161121551683699081796612343937318530829213637924448835944079059665915427348484513297817037245931982590522360400125477769611363538194862955227499328393935619714246489467507020716345946541974642275640240250388710544525695289196549
> public exponent: 65537
> Validity: [From: Fri Oct 31 04:02:29 EDT 2014,
> To: Thu Dec 29 06:26:06 EST 2016]
> Issuer: CN=GlobalSign Extended Validation CA - SHA256 - G2, O=GlobalSign
> nv-sa, C=BE
> SerialNumber: [ 1121bf16 2244ec94 9440daf8 7379f94c b34f]
>
> Certificate Extensions: 9
> [1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
> AuthorityInfoAccess [
> [
> accessMethod: caIssuers
> accessLocation: URIName:
> http://secure.globalsign.com/cacert/gsextendvalsha2g2r2.crt
> ,
> accessMethod: ocsp
> accessLocation: URIName: http://ocsp2.globalsign.com/gsextendvalsha2g2
> ]
> ]
>
> [2]: ObjectId: 2.5.29.35 Criticality=false
> AuthorityKeyIdentifier [
> KeyIdentifier [
> 0000: DA 40 77 43 65 1C F8 FE A7 E3 F4 64 82 3E 4D 43 .@wCe......d.>MC
> 0010: 13 22 31 02 ."1.
> ]
> ]
>
> [3]: ObjectId: 2.5.29.19 Criticality=false
> BasicConstraints:[
> CA:false
> PathLen: undefined
> ]
>
> [4]: ObjectId: 2.5.29.31 Criticality=false
> CRLDistributionPoints [
> [DistributionPoint:
> [URIName: http://crl.globalsign.com/gs/gsextendvalsha2g2.crl]
> ]]
>
> [5]: ObjectId: 2.5.29.32 Criticality=false
> CertificatePolicies [
> [CertificatePolicyId: [1.3.6.1.4.1.4146.1.1]
> [PolicyQualifierInfo: [
> qualifierID: 1.3.6.1.5.5.7.2.1
> qualifier: 0000: 16 26 68 74 74 70 73 3A 2F 2F 77 77 77 2E 67 6C .&
> https://www.gl
> 0010: 6F 62 61 6C 73 69 67 6E 2E 63 6F 6D 2F 72 65 70 obalsign.com/rep
> 0020: 6F 73 69 74 6F 72 79 2F ository/
>
> ]] ]
> ]
>
> [6]: ObjectId: 2.5.29.37 Criticality=false
> ExtendedKeyUsages [
> serverAuth
> clientAuth
> ]
>
> [7]: ObjectId: 2.5.29.15 Criticality=true
> KeyUsage [
> DigitalSignature
> Key_Encipherment
> ]
>
>
> [9]: ObjectId: 2.5.29.14 Criticality=false
> SubjectKeyIdentifier [
> KeyIdentifier [
> 0000: 19 9D 52 D4 5D 21 D9 9B 34 AE 69 A7 B4 AE 1D EA ..R.]!..4.i.....
> 0010: 01 16 93 67 ...g
> ]
> ]
>
> ]
> Algorithm: [SHA256withRSA]
> Signature:
> 0000: 28 2D 42 BA 57 3C AF 1A 4B E8 97 50 B0 B6 11 06 (-B.W<..K..P....
> 0010: 70 72 92 1A 25 83 F8 21 32 8E A2 7E 38 4F 1E 80 pr..%..!2...8O..
> 0020: 48 25 50 2D E4 C8 AE CB 3B 94 18 DC 00 FE CF CA H%P-....;.......
> 0030: 6B D5 5F 72 1A 4C FF D1 41 B0 ED E7 49 06 D2 FD k._r.L..A...I...
> 0040: 9B CA 89 6E 4E 33 2B EE 85 CE A3 AE 5E BA 3B 56 ...nN3+.....^.;V
> 0050: 65 84 5A 43 33 C1 D4 06 6D 4C 98 00 B7 E4 8A 69 e.ZC3...mL.....i
> 0060: B9 56 0B 3F FA A6 BD 19 C9 FB CC 30 AB 4F 1E 9C .V.?.......0.O..
> 0070: 0A 6C E8 4B DA B6 26 B2 20 81 1C 16 74 AD 34 A7 .l.K..&. ...t.4.
> 0080: 8C D6 E4 60 19 8F 41 9E 2C 1C 9A 21 0D F7 62 39 ...`..A.,..!..b9
> 0090: 10 A0 4F 2E 18 70 70 60 00 88 C1 F8 6C 3B 0C 68 ..O..pp`....l;.h
> 00A0: 62 5C FD 5E 35 51 A8 3D C7 D5 BF 78 03 A8 74 1A b\.^5Q.=...x..t.
> 00B0: FB 6B 50 A0 36 42 16 36 3C 5B CD 60 38 08 06 6A .kP.6B.6<[.`8..j
> 00C0: AA 67 B7 D4 E6 7A 8B 6B 77 6B 05 67 D1 88 68 0E .g...z.kwk.g..h.
> 00D0: 88 62 76 83 20 18 2F 72 DD 91 91 13 55 53 5A FC .bv. ./r....USZ.
> 00E0: 82 E9 1E FB DF F1 5F AE C6 04 DB 45 69 0B 04 38 ......_....Ei..8
> 00F0: 75 BD ED 0D 1F AE 6B 6D 1E EA 0E 1C 6F 42 4C 25 u.....km....oBL%
>
> ]
> chain [1] = [
> [
> Version: V3
> Subject: CN=GlobalSign Extended Validation CA - SHA256 - G2,
> O=GlobalSign nv-sa, C=BE
> Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
>
> Key: Sun RSA public key, 2048 bits
> modulus:
> 20692545121192705092405399875689416275597327546962973690741146883608321881781548932874259264607405405821919372397851572311930571962344287019261678681503760836519538358426465125953767433400572674072012145502030347174099865398052927036123107330917599170883590029311075000964745788613042980084055476636747733880637074492577425731573013081070696586930500469603621400721003820193820122061857579582118659259010126818383230058089163517313498544019626528673455603854715135869762703162961091666004266797443259485594287862070970208959708347187322803241694112144804033788054120679393348853865967461591910068386373642566288179927
> public exponent: 65537
> Validity: [From: Thu Feb 20 05:00:00 EST 2014,
> To: Wed Dec 15 03:00:00 EST 2021]
> Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
> SerialNumber: [ 04000000 0001444e f04a55]
>
> Certificate Extensions: 7
> [1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
> AuthorityInfoAccess [
> [
> accessMethod: ocsp
> accessLocation: URIName: http://ocsp.globalsign.com/rootr2
> ]
> ]
>
> [2]: ObjectId: 2.5.29.35 Criticality=false
> AuthorityKeyIdentifier [
> KeyIdentifier [
> 0000: 9B E2 07 57 67 1C 1E C0 6A 06 DE 59 B4 9A 2D DF ...Wg...j..Y..-.
> 0010: DC 19 86 2E ....
> ]
> ]
>
> [3]: ObjectId: 2.5.29.19 Criticality=true
> BasicConstraints:[
> CA:true
> PathLen:0
> ]
>
> [4]: ObjectId: 2.5.29.31 Criticality=false
> CRLDistributionPoints [
> [DistributionPoint:
> [URIName: http://crl.globalsign.net/root-r2.crl]
> ]]
>
> [5]: ObjectId: 2.5.29.32 Criticality=false
> CertificatePolicies [
> [CertificatePolicyId: [2.5.29.32.0]
> [PolicyQualifierInfo: [
> qualifierID: 1.3.6.1.5.5.7.2.1
> qualifier: 0000: 16 26 68 74 74 70 73 3A 2F 2F 77 77 77 2E 67 6C .&
> https://www.gl
> 0010: 6F 62 61 6C 73 69 67 6E 2E 63 6F 6D 2F 72 65 70 obalsign.com/rep
> 0020: 6F 73 69 74 6F 72 79 2F ository/
>
> ]] ]
> ]
>
> [6]: ObjectId: 2.5.29.15 Criticality=true
> KeyUsage [
> Key_CertSign
> Crl_Sign
> ]
>
> [7]: ObjectId: 2.5.29.14 Criticality=false
> SubjectKeyIdentifier [
> KeyIdentifier [
> 0000: DA 40 77 43 65 1C F8 FE A7 E3 F4 64 82 3E 4D 43 .@wCe......d.>MC
> 0010: 13 22 31 02 ."1.
> ]
> ]
>
> ]
> Algorithm: [SHA256withRSA]
> Signature:
> 0000: 40 EF 12 90 83 74 96 8A F9 3A BA 9B 59 4A 33 D3 @....t...:..YJ3.
> 0010: EF 4C 13 2B B5 91 CB C9 96 ED 6E F5 6C 64 F1 C6 .L.+......n.ld..
> 0020: 84 B2 46 59 5A 58 82 52 F1 34 A0 54 41 64 20 AB ..FYZX.R.4.TAd .
> 0030: D8 57 3B D4 14 74 71 18 36 CC 13 C1 C7 70 C0 F5 .W;..tq.6....p..
> 0040: 45 66 0E 71 AE 87 AF 92 94 EB 71 40 09 F4 CC 77 Ef.q......q@...w
> 0050: F7 1B 93 85 8A 4A AE 33 85 E6 74 AE F5 10 A6 3E .....J.3..t....>
> 0060: C9 59 83 C3 F9 5C 96 F9 28 F7 34 7B E9 38 C6 91 .Y...\..(.4..8..
> 0070: 3C 4F 71 58 75 FE E1 56 75 76 CD 40 C4 15 40 39 <OqXu..Vuv.@..@9
> 0080: A9 41 FD 64 10 0F 97 85 07 E8 79 64 D0 5B 4D 4C .A.d......yd.[ML
> 0090: 9B 27 97 D3 73 5E 92 7E 1F 48 E2 CA B9 05 97 4E .'..s^...H.....N
> 00A0: EF 2C 1C 6B 4D 8A 5F 78 53 95 CD 02 39 C2 2F E6 .,.kM._xS...9./.
> 00B0: 69 4F F6 71 D1 99 B5 7F 6D 20 DE 43 8F DB 00 1B iO.q....m .C....
> 00C0: A3 3B 37 DE D1 3F 6D F3 B6 90 76 1D AC 9D 6F 84 .;7..?m...v...o.
> 00D0: 4F 24 94 09 76 E0 9D A8 4D F7 4D 37 8F A4 2F 5F O$..v...M.M7../_
> 00E0: 4B 41 E4 49 16 97 CC 7B 6C AF 11 CA 96 54 09 8B KA.I....l....T..
> 00F0: 24 51 AE 5D ED A2 F1 BB 53 10 4D 97 FA 1A 77 03 $Q.]....S.M...w.
>
> ]
> ***
> Found trusted certificate:
> [
> [
> Version: V3
> Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
> Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
>
> Key: Sun RSA public key, 2048 bits
> modulus:
> 21057703584475184807565557524537816321491861642060041763647257260224980509300477196924243590718942686590709107534863816871998744486217397041943036790668349398596465655712023148303173173625617456109014852791089527884590320201838663822684972532489783525944263241117811947512306928924706019699374824809368116805968844700689553244922646662031817428598871924656385681991340984751484716908148967287908171187321560857250025694833777855463632395686856225456740364321799926634676042609958611723658984406384068047734580405304178873193147583468071249577706812402337331306461396767845742998827081874578148453783909473879293336463
> public exponent: 65537
> Validity: [From: Fri Dec 15 03:00:00 EST 2006,
> To: Wed Dec 15 03:00:00 EST 2021]
> Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
> SerialNumber: [ 04000000 00010f86 26e60d]
>
> Certificate Extensions: 5
> [1]: ObjectId: 2.5.29.35 Criticality=false
> AuthorityKeyIdentifier [
> KeyIdentifier [
> 0000: 9B E2 07 57 67 1C 1E C0 6A 06 DE 59 B4 9A 2D DF ...Wg...j..Y..-.
> 0010: DC 19 86 2E ....
> ]
> ]
>
> [2]: ObjectId: 2.5.29.19 Criticality=true
> BasicConstraints:[
> CA:true
> PathLen:2147483647
> ]
>
> [3]: ObjectId: 2.5.29.31 Criticality=false
> CRLDistributionPoints [
> [DistributionPoint:
> [URIName: http://crl.globalsign.net/root-r2.crl]
> ]]
>
> [4]: ObjectId: 2.5.29.15 Criticality=true
> KeyUsage [
> Key_CertSign
> Crl_Sign
> ]
>
> [5]: ObjectId: 2.5.29.14 Criticality=false
> SubjectKeyIdentifier [
> KeyIdentifier [
> 0000: 9B E2 07 57 67 1C 1E C0 6A 06 DE 59 B4 9A 2D DF ...Wg...j..Y..-.
> 0010: DC 19 86 2E ....
> ]
> ]
>
> ]
> Algorithm: [SHA1withRSA]
> Signature:
> 0000: 99 81 53 87 1C 68 97 86 91 EC E0 4A B8 44 0B AB ..S..h.....J.D..
> 0010: 81 AC 27 4F D6 C1 B8 1C 43 78 B3 0C 9A FC EA 2C ..'O....Cx.....,
> 0020: 3C 6E 61 1B 4D 4B 29 F5 9F 05 1D 26 C1 B8 E9 83 <na.MK)....&....
> 0030: 00 62 45 B6 A9 08 93 B9 A9 33 4B 18 9A C2 F8 87 .bE......3K.....
> 0040: 88 4E DB DD 71 34 1A C1 54 DA 46 3F E0 D3 2A AB .N..q4..T.F?..*.
> 0050: 6D 54 22 F5 3A 62 CD 20 6F BA 29 89 D7 DD 91 EE mT".:b. o.).....
> 0060: D3 5C A2 3E A1 5B 41 F5 DF E5 64 43 2D E9 D5 39 .\.>.[A...dC-..9
> 0070: AB D2 A2 DF B7 8B D0 C0 80 19 1C 45 C0 2D 8C E8 ...........E.-..
> 0080: F8 2D A4 74 56 49 C5 05 B5 4F 15 DE 6E 44 78 39 .-.tVI...O..nDx9
> 0090: 87 A8 7E BB F3 79 18 91 BB F4 6F 9D C1 F0 8C 35 .....y....o....5
> 00A0: 8C 5D 01 FB C3 6D B9 EF 44 6D 79 46 31 7E 0A FE .]...m..DmyF1...
> 00B0: A9 82 C1 FF EF AB 6E 20 C4 50 C9 5F 9D 4D 9B 17 ......n .P._.M..
> 00C0: 8C 0C E5 01 C9 A0 41 6A 73 53 FA A5 50 B4 6E 25 ......AjsS..P.n%
> 00D0: 0F FB 4C 18 F4 FD 52 D9 8E 69 B1 E8 11 0F DE 88 ..L...R..i......
> 00E0: D8 FB 1D 49 F7 AA DE 95 CF 20 78 C2 60 12 DB 25 ...I..... x.`..%
> 00F0: 40 8C 6A FC 7E 42 38 40 64 12 F7 9E 81 E1 93 2E @.j..B8@d.......
>
> ]
> main, READ: TLSv1 Handshake, length = 4
> *** ServerHelloDone
> *** ClientKeyExchange, RSA PreMasterSecret, TLSv1
> main, WRITE: TLSv1 Handshake, length = 262
> SESSION KEYGEN:
> PreMaster Secret:
> 0000: 03 01 21 B5 D6 C8 83 20 13 CE 9D 81 F5 A8 8A 41 ..!.... .......A
> 0010: DF 7C 00 1F DC 55 1E 03 F5 B9 A6 AE FE F5 EF 8F .....U..........
> 0020: D8 30 2C 83 3C 66 40 9E D2 EF 06 88 16 AB 4F 87 .0,.<f@.......O.
> CONNECTION KEYGEN:
> Client Nonce:
> 0000: 56 C9 33 40 B5 33 F0 5B D5 80 FD 82 AF 01 78 90 V.3@.3.[......x.
> 0010: AF 2F 54 FF 6E B0 5A 0C 01 DE 1A E4 D9 FD CC B7 ./T.n.Z.........
> Server Nonce:
> 0000: F1 37 7D EC 40 57 7E A9 83 A6 83 35 2F 74 84 7B .7..@W.....5/t..
> 0010: 60 EF D6 D4 CD E9 3C 2B 2F D7 2A F1 46 47 C1 A3 `.....<+/.*.FG..
> Master Secret:
> 0000: 6D 69 DA AA B3 B5 32 CB 23 3A 65 0E B9 82 0D A0 mi....2.#:e.....
> 0010: F1 BA CC 1D 5C 40 AE 40 5F A2 C5 93 4D 1A A0 4E ....\@.@_...M..N
> 0020: A0 87 22 6E FF D9 64 05 8F 92 EF 8D AE 07 49 54 .."n..d.......IT
> Client MAC write Secret:
> 0000: C8 43 0C 40 43 8B B0 CE 7A 2F 0E 1F 03 D3 54 B8 .C.@C...z/....T.
> 0010: DE 34 8F 90 .4..
> Server MAC write Secret:
> 0000: 6E 93 C2 22 EA EF 6B 2D 28 E1 65 8E 34 48 32 1E n.."..k-(.e.4H2.
> 0010: 95 21 57 ED .!W.
> Client write key:
> 0000: AE 53 70 D1 87 6C 8B 09 E0 17 84 19 F1 6E 48 47 .Sp..l.......nHG
> Server write key:
> 0000: 27 4C EC 7F 63 08 FA EA 47 FB 1C F3 05 90 D3 9E 'L..c...G.......
> Client write IV:
> 0000: CD FC 9B 82 6C 44 5E 83 FF 64 B1 B8 E1 76 87 97 ....lD^..d...v..
> Server write IV:
> 0000: 4F 4B 7D D1 22 0F 57 1A 87 8D 67 51 F1 95 87 EA OK..".W...gQ....
> main, WRITE: TLSv1 Change Cipher Spec, length = 1
> *** Finished
> verify_data: { 102, 197, 238, 191, 74, 233, 79, 51, 129, 63, 254, 62 }
> ***
> main, WRITE: TLSv1 Handshake, length = 48
> main, READ: TLSv1 Change Cipher Spec, length = 1
> main, READ: TLSv1 Handshake, length = 48
> *** Finished
> verify_data: { 126, 240, 234, 164, 31, 72, 200, 61, 37, 219, 129, 50 }
> ***
> %% Cached client session: [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]
> main, WRITE: TLSv1 Application Data, length = 176
> main, handling exception: java.net.SocketException: Connection reset
> %% Invalidated: [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]
> main, SEND TLSv1 ALERT: fatal, description = unexpected_message
> main, WRITE: TLSv1 Alert, length = 32
> main, Exception sending alert: java.net.SocketException: Connection reset
> by peer: socket write error
> main, called closeSocket()
> main, called close()
> main, called closeInternal(true)
>
>
>
>
--
Murat Balkan
Re: HttpClient SSL Connection Issue
Posted by Murat Balkan <mr...@gmail.com>.
>
> Hi,
>
> I have a problem with HttpClient 4.5.1 GA (But all previous versions seems
> to have the same)
>
> When I try to connect to a specific HTTPS site (specifically http://
> so.n11.com) I got a connection reset error after the handshake is
> finalized. If I try to call the same URL with HttpUrlConnection, I don't
> get any errors. The browsers do not have any problems displaying this site.
>
> I started thinking that this could be a bug but before this I tried my
> chance with the user group without success.
>
> The code I am running is pretty straightforward: The same code works for
> other HTTPS sites(>50) I tested. The problem can be easily reproduced with
> any version of HttpClient with the provided url.
>
> Thanks a lot for the help,
>
> Code:
>
> SSLConnectionSocketFactory sslConnectionFactory = new
>> SSLConnectionSocketFactory(sslContext,new String[]
>> {"TLSv1","TLSv1.1","TLSv1.2"},null, NoopHostnameVerifier.INSTANCE);
>> Registry<ConnectionSocketFactory> socketFactoryRegistry =
>> RegistryBuilder.<ConnectionSocketFactory>create()
>> .register("http", PlainConnectionSocketFactory.getSocketFactory())
>> .register("https", sslConnectionFactory)
>> .build();
>> PoolingHttpClientConnectionManager cm = new
>> PoolingHttpClientConnectionManager(socketFactoryRegistry);
>> cm.setDefaultMaxPerRoute(1);
>> CloseableHttpClient httpClient = HttpClientBuilder.create().build();
>> HttpGet httpGet = new HttpGet("https://so.n11.com");
>> httpClient.execute(httpGet);
>> System.out.println("I can never reach this point");
>
>
> The exception I am receiving is:
>
> java.net.SocketException: Connection reset
>> at java.net.SocketInputStream.read(Unknown Source)
>> at java.net.SocketInputStream.read(Unknown Source)
>> at sun.security.ssl.InputRecord.readFully(Unknown Source)
>> at sun.security.ssl.InputRecord.read(Unknown Source)
>> at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
>> at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
>> at sun.security.ssl.AppInputStream.read(Unknown Source)
>> at
>> org.apache.http.impl.io.SessionInputBufferImpl.streamRead(SessionInputBufferImpl.java:139)
>> at
>> org.apache.http.impl.io.SessionInputBufferImpl.fillBuffer(SessionInputBufferImpl.java:155)
>> at
>> org.apache.http.impl.io.SessionInputBufferImpl.readLine(SessionInputBufferImpl.java:284)
>> at
>> org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:140)
>> at
>> org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:57)
>> at
>> org.apache.http.impl.io.AbstractMessageParser.parse(AbstractMessageParser.java:261)
>> at
>> org.apache.http.impl.DefaultBHttpClientConnection.receiveResponseHeader(DefaultBHttpClientConnection.java:165)
>> at
>> org.apache.http.impl.conn.CPoolProxy.receiveResponseHeader(CPoolProxy.java:167)
>> at
>> org.apache.http.protocol.HttpRequestExecutor.doReceiveResponse(HttpRequestExecutor.java:272)
>> at
>> org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:124)
>> at
>> org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:271)
>> at
>> org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184)
>> at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88)
>> at
>> org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
>> at
>> org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
>> at
>> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
>> at
>> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
>> at HttpTest.main(HttpTest.java:102)
>
>
>
> My ssl debugged console output, The last line shows where it is crashing.
>
>
> keyStore is :
> keyStore type is : jks
> keyStore provider is :
> init keystore
> init keymanager of type SunX509
> trustStore is: C:\Program Files\Java\jre7\lib\security\cacerts
> trustStore type is : jks
> trustStore provider is :
> init truststore
> adding as trusted cert:
> Subject: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
> Issuer: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
> Algorithm: RSA; Serial number: 0x4eb200670c035d4f
> Valid from Wed Oct 25 04:36:00 EDT 2006 until Sat Oct 25 04:36:00 EDT
> 2036
>
> adding as trusted cert:
> Subject: EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/,
> OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.",
> L=ValiCert Validation Network
> Issuer: EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/,
> OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.",
> L=ValiCert Validation Network
> Algorithm: RSA; Serial number: 0x1
> Valid from Fri Jun 25 18:23:48 EDT 1999 until Tue Jun 25 18:23:48 EDT
> 2019
>
> .............other certs are added here.....................
> trigger seeding of SecureRandom
> done seeding SecureRandom
> Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
> Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
> Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
> Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
> Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
> Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
> Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
> Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
> Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
> Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
> Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
> Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
> Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
> Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
> Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
> Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
> Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
> Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
> Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
> Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
> Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
> Allow unsafe renegotiation: true
> Allow legacy hello messages: true
> Is initial handshake: true
> Is secure renegotiation: false
> %% No cached client session
> *** ClientHello, TLSv1
> RandomCookie: GMT: 1439249216 bytes = { 181, 51, 240, 91, 213, 128, 253,
> 130, 175, 1, 120, 144, 175, 47, 84, 255, 110, 176, 90, 12, 1, 222, 26, 228,
> 217, 253, 204, 183 }
> Session ID: {}
> Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA,
> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
> TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
> SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
> TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
> SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
> TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA,
> TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA,
> SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
> Compression Methods: { 0 }
> Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2,
> secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1,
> secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1,
> secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1,
> sect193r2, secp224k1, sect239k1, secp256k1}
> Extension ec_point_formats, formats: [uncompressed]
> Extension server_name, server_name: [host_name: so.n11.com]
> ***
> main, WRITE: TLSv1 Handshake, length = 168
> main, READ: TLSv1 Handshake, length = 81
> *** ServerHello, TLSv1
> RandomCookie: GMT: -248021780 bytes = { 64, 87, 126, 169, 131, 166, 131,
> 53, 47, 116, 132, 123, 96, 239, 214, 212, 205, 233, 60, 43, 47, 215, 42,
> 241, 70, 71, 193, 163 }
> Session ID: {160, 223, 84, 38, 21, 14, 47, 17, 44, 4, 143, 239, 27, 88,
> 141, 50, 135, 210, 22, 55, 10, 225, 144, 80, 32, 160, 166, 196, 53, 97,
> 173, 162}
> Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA
> Compression Method: 0
> Extension renegotiation_info, renegotiated_connection: <empty>
> ***
> %% Initialized: [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]
> ** TLS_RSA_WITH_AES_128_CBC_SHA
> main, READ: TLSv1 Handshake, length = 2811
> *** Certificate chain
> chain [0] = [
> [
> Version: V3
> Subject: CN=www.n11.com, O=Dogus Planet Elektronik Ticaret ve Bilisim
> Hizmetleri A.S., OU=Dogus Planet IT, STREET=Resitpasa Mah. ITU Teknokent
> ARI-3 N:4/A-3 Ickapi No:8-9, L=Sariyer, ST=Istanbul, C=TR,
> OID.1.3.6.1.4.1.311.60.2.1.3=TR, SERIALNUMBER=824112, OID.2.5.4.15=Private
> Organization
> Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
>
> Key: Sun RSA public key, 2048 bits
> modulus:
> 22836644521018276508843000972511360511817142465792577836128935435959156931305947010784223146380337369761698668175134462105224854055862419613719124355757789290179807554826760077516112777710883109860118043817151287493315641961466739474383875608008783365165145348645068516141971909173260212386832124402015304544064531092387299432880310533962291809691804377688097843426102003484673487144027667161121551683699081796612343937318530829213637924448835944079059665915427348484513297817037245931982590522360400125477769611363538194862955227499328393935619714246489467507020716345946541974642275640240250388710544525695289196549
> public exponent: 65537
> Validity: [From: Fri Oct 31 04:02:29 EDT 2014,
> To: Thu Dec 29 06:26:06 EST 2016]
> Issuer: CN=GlobalSign Extended Validation CA - SHA256 - G2, O=GlobalSign
> nv-sa, C=BE
> SerialNumber: [ 1121bf16 2244ec94 9440daf8 7379f94c b34f]
>
> Certificate Extensions: 9
> [1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
> AuthorityInfoAccess [
> [
> accessMethod: caIssuers
> accessLocation: URIName:
> http://secure.globalsign.com/cacert/gsextendvalsha2g2r2.crt
> ,
> accessMethod: ocsp
> accessLocation: URIName: http://ocsp2.globalsign.com/gsextendvalsha2g2
> ]
> ]
>
> [2]: ObjectId: 2.5.29.35 Criticality=false
> AuthorityKeyIdentifier [
> KeyIdentifier [
> 0000: DA 40 77 43 65 1C F8 FE A7 E3 F4 64 82 3E 4D 43 .@wCe......d.>MC
> 0010: 13 22 31 02 ."1.
> ]
> ]
>
> [3]: ObjectId: 2.5.29.19 Criticality=false
> BasicConstraints:[
> CA:false
> PathLen: undefined
> ]
>
> [4]: ObjectId: 2.5.29.31 Criticality=false
> CRLDistributionPoints [
> [DistributionPoint:
> [URIName: http://crl.globalsign.com/gs/gsextendvalsha2g2.crl]
> ]]
>
> [5]: ObjectId: 2.5.29.32 Criticality=false
> CertificatePolicies [
> [CertificatePolicyId: [1.3.6.1.4.1.4146.1.1]
> [PolicyQualifierInfo: [
> qualifierID: 1.3.6.1.5.5.7.2.1
> qualifier: 0000: 16 26 68 74 74 70 73 3A 2F 2F 77 77 77 2E 67 6C .&
> https://www.gl
> 0010: 6F 62 61 6C 73 69 67 6E 2E 63 6F 6D 2F 72 65 70 obalsign.com/rep
> 0020: 6F 73 69 74 6F 72 79 2F ository/
>
> ]] ]
> ]
>
> [6]: ObjectId: 2.5.29.37 Criticality=false
> ExtendedKeyUsages [
> serverAuth
> clientAuth
> ]
>
> [7]: ObjectId: 2.5.29.15 Criticality=true
> KeyUsage [
> DigitalSignature
> Key_Encipherment
> ]
>
>
> [9]: ObjectId: 2.5.29.14 Criticality=false
> SubjectKeyIdentifier [
> KeyIdentifier [
> 0000: 19 9D 52 D4 5D 21 D9 9B 34 AE 69 A7 B4 AE 1D EA ..R.]!..4.i.....
> 0010: 01 16 93 67 ...g
> ]
> ]
>
> ]
> Algorithm: [SHA256withRSA]
> Signature:
> 0000: 28 2D 42 BA 57 3C AF 1A 4B E8 97 50 B0 B6 11 06 (-B.W<..K..P....
> 0010: 70 72 92 1A 25 83 F8 21 32 8E A2 7E 38 4F 1E 80 pr..%..!2...8O..
> 0020: 48 25 50 2D E4 C8 AE CB 3B 94 18 DC 00 FE CF CA H%P-....;.......
> 0030: 6B D5 5F 72 1A 4C FF D1 41 B0 ED E7 49 06 D2 FD k._r.L..A...I...
> 0040: 9B CA 89 6E 4E 33 2B EE 85 CE A3 AE 5E BA 3B 56 ...nN3+.....^.;V
> 0050: 65 84 5A 43 33 C1 D4 06 6D 4C 98 00 B7 E4 8A 69 e.ZC3...mL.....i
> 0060: B9 56 0B 3F FA A6 BD 19 C9 FB CC 30 AB 4F 1E 9C .V.?.......0.O..
> 0070: 0A 6C E8 4B DA B6 26 B2 20 81 1C 16 74 AD 34 A7 .l.K..&. ...t.4.
> 0080: 8C D6 E4 60 19 8F 41 9E 2C 1C 9A 21 0D F7 62 39 ...`..A.,..!..b9
> 0090: 10 A0 4F 2E 18 70 70 60 00 88 C1 F8 6C 3B 0C 68 ..O..pp`....l;.h
> 00A0: 62 5C FD 5E 35 51 A8 3D C7 D5 BF 78 03 A8 74 1A b\.^5Q.=...x..t.
> 00B0: FB 6B 50 A0 36 42 16 36 3C 5B CD 60 38 08 06 6A .kP.6B.6<[.`8..j
> 00C0: AA 67 B7 D4 E6 7A 8B 6B 77 6B 05 67 D1 88 68 0E .g...z.kwk.g..h.
> 00D0: 88 62 76 83 20 18 2F 72 DD 91 91 13 55 53 5A FC .bv. ./r....USZ.
> 00E0: 82 E9 1E FB DF F1 5F AE C6 04 DB 45 69 0B 04 38 ......_....Ei..8
> 00F0: 75 BD ED 0D 1F AE 6B 6D 1E EA 0E 1C 6F 42 4C 25 u.....km....oBL%
>
> ]
> chain [1] = [
> [
> Version: V3
> Subject: CN=GlobalSign Extended Validation CA - SHA256 - G2,
> O=GlobalSign nv-sa, C=BE
> Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
>
> Key: Sun RSA public key, 2048 bits
> modulus:
> 20692545121192705092405399875689416275597327546962973690741146883608321881781548932874259264607405405821919372397851572311930571962344287019261678681503760836519538358426465125953767433400572674072012145502030347174099865398052927036123107330917599170883590029311075000964745788613042980084055476636747733880637074492577425731573013081070696586930500469603621400721003820193820122061857579582118659259010126818383230058089163517313498544019626528673455603854715135869762703162961091666004266797443259485594287862070970208959708347187322803241694112144804033788054120679393348853865967461591910068386373642566288179927
> public exponent: 65537
> Validity: [From: Thu Feb 20 05:00:00 EST 2014,
> To: Wed Dec 15 03:00:00 EST 2021]
> Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
> SerialNumber: [ 04000000 0001444e f04a55]
>
> Certificate Extensions: 7
> [1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
> AuthorityInfoAccess [
> [
> accessMethod: ocsp
> accessLocation: URIName: http://ocsp.globalsign.com/rootr2
> ]
> ]
>
> [2]: ObjectId: 2.5.29.35 Criticality=false
> AuthorityKeyIdentifier [
> KeyIdentifier [
> 0000: 9B E2 07 57 67 1C 1E C0 6A 06 DE 59 B4 9A 2D DF ...Wg...j..Y..-.
> 0010: DC 19 86 2E ....
> ]
> ]
>
> [3]: ObjectId: 2.5.29.19 Criticality=true
> BasicConstraints:[
> CA:true
> PathLen:0
> ]
>
> [4]: ObjectId: 2.5.29.31 Criticality=false
> CRLDistributionPoints [
> [DistributionPoint:
> [URIName: http://crl.globalsign.net/root-r2.crl]
> ]]
>
> [5]: ObjectId: 2.5.29.32 Criticality=false
> CertificatePolicies [
> [CertificatePolicyId: [2.5.29.32.0]
> [PolicyQualifierInfo: [
> qualifierID: 1.3.6.1.5.5.7.2.1
> qualifier: 0000: 16 26 68 74 74 70 73 3A 2F 2F 77 77 77 2E 67 6C .&
> https://www.gl
> 0010: 6F 62 61 6C 73 69 67 6E 2E 63 6F 6D 2F 72 65 70 obalsign.com/rep
> 0020: 6F 73 69 74 6F 72 79 2F ository/
>
> ]] ]
> ]
>
> [6]: ObjectId: 2.5.29.15 Criticality=true
> KeyUsage [
> Key_CertSign
> Crl_Sign
> ]
>
> [7]: ObjectId: 2.5.29.14 Criticality=false
> SubjectKeyIdentifier [
> KeyIdentifier [
> 0000: DA 40 77 43 65 1C F8 FE A7 E3 F4 64 82 3E 4D 43 .@wCe......d.>MC
> 0010: 13 22 31 02 ."1.
> ]
> ]
>
> ]
> Algorithm: [SHA256withRSA]
> Signature:
> 0000: 40 EF 12 90 83 74 96 8A F9 3A BA 9B 59 4A 33 D3 @....t...:..YJ3.
> 0010: EF 4C 13 2B B5 91 CB C9 96 ED 6E F5 6C 64 F1 C6 .L.+......n.ld..
> 0020: 84 B2 46 59 5A 58 82 52 F1 34 A0 54 41 64 20 AB ..FYZX.R.4.TAd .
> 0030: D8 57 3B D4 14 74 71 18 36 CC 13 C1 C7 70 C0 F5 .W;..tq.6....p..
> 0040: 45 66 0E 71 AE 87 AF 92 94 EB 71 40 09 F4 CC 77 Ef.q......q@...w
> 0050: F7 1B 93 85 8A 4A AE 33 85 E6 74 AE F5 10 A6 3E .....J.3..t....>
> 0060: C9 59 83 C3 F9 5C 96 F9 28 F7 34 7B E9 38 C6 91 .Y...\..(.4..8..
> 0070: 3C 4F 71 58 75 FE E1 56 75 76 CD 40 C4 15 40 39 <OqXu..Vuv.@..@9
> 0080: A9 41 FD 64 10 0F 97 85 07 E8 79 64 D0 5B 4D 4C .A.d......yd.[ML
> 0090: 9B 27 97 D3 73 5E 92 7E 1F 48 E2 CA B9 05 97 4E .'..s^...H.....N
> 00A0: EF 2C 1C 6B 4D 8A 5F 78 53 95 CD 02 39 C2 2F E6 .,.kM._xS...9./.
> 00B0: 69 4F F6 71 D1 99 B5 7F 6D 20 DE 43 8F DB 00 1B iO.q....m .C....
> 00C0: A3 3B 37 DE D1 3F 6D F3 B6 90 76 1D AC 9D 6F 84 .;7..?m...v...o.
> 00D0: 4F 24 94 09 76 E0 9D A8 4D F7 4D 37 8F A4 2F 5F O$..v...M.M7../_
> 00E0: 4B 41 E4 49 16 97 CC 7B 6C AF 11 CA 96 54 09 8B KA.I....l....T..
> 00F0: 24 51 AE 5D ED A2 F1 BB 53 10 4D 97 FA 1A 77 03 $Q.]....S.M...w.
>
> ]
> ***
> Found trusted certificate:
> [
> [
> Version: V3
> Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
> Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
>
> Key: Sun RSA public key, 2048 bits
> modulus:
> 21057703584475184807565557524537816321491861642060041763647257260224980509300477196924243590718942686590709107534863816871998744486217397041943036790668349398596465655712023148303173173625617456109014852791089527884590320201838663822684972532489783525944263241117811947512306928924706019699374824809368116805968844700689553244922646662031817428598871924656385681991340984751484716908148967287908171187321560857250025694833777855463632395686856225456740364321799926634676042609958611723658984406384068047734580405304178873193147583468071249577706812402337331306461396767845742998827081874578148453783909473879293336463
> public exponent: 65537
> Validity: [From: Fri Dec 15 03:00:00 EST 2006,
> To: Wed Dec 15 03:00:00 EST 2021]
> Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
> SerialNumber: [ 04000000 00010f86 26e60d]
>
> Certificate Extensions: 5
> [1]: ObjectId: 2.5.29.35 Criticality=false
> AuthorityKeyIdentifier [
> KeyIdentifier [
> 0000: 9B E2 07 57 67 1C 1E C0 6A 06 DE 59 B4 9A 2D DF ...Wg...j..Y..-.
> 0010: DC 19 86 2E ....
> ]
> ]
>
> [2]: ObjectId: 2.5.29.19 Criticality=true
> BasicConstraints:[
> CA:true
> PathLen:2147483647
> ]
>
> [3]: ObjectId: 2.5.29.31 Criticality=false
> CRLDistributionPoints [
> [DistributionPoint:
> [URIName: http://crl.globalsign.net/root-r2.crl]
> ]]
>
> [4]: ObjectId: 2.5.29.15 Criticality=true
> KeyUsage [
> Key_CertSign
> Crl_Sign
> ]
>
> [5]: ObjectId: 2.5.29.14 Criticality=false
> SubjectKeyIdentifier [
> KeyIdentifier [
> 0000: 9B E2 07 57 67 1C 1E C0 6A 06 DE 59 B4 9A 2D DF ...Wg...j..Y..-.
> 0010: DC 19 86 2E ....
> ]
> ]
>
> ]
> Algorithm: [SHA1withRSA]
> Signature:
> 0000: 99 81 53 87 1C 68 97 86 91 EC E0 4A B8 44 0B AB ..S..h.....J.D..
> 0010: 81 AC 27 4F D6 C1 B8 1C 43 78 B3 0C 9A FC EA 2C ..'O....Cx.....,
> 0020: 3C 6E 61 1B 4D 4B 29 F5 9F 05 1D 26 C1 B8 E9 83 <na.MK)....&....
> 0030: 00 62 45 B6 A9 08 93 B9 A9 33 4B 18 9A C2 F8 87 .bE......3K.....
> 0040: 88 4E DB DD 71 34 1A C1 54 DA 46 3F E0 D3 2A AB .N..q4..T.F?..*.
> 0050: 6D 54 22 F5 3A 62 CD 20 6F BA 29 89 D7 DD 91 EE mT".:b. o.).....
> 0060: D3 5C A2 3E A1 5B 41 F5 DF E5 64 43 2D E9 D5 39 .\.>.[A...dC-..9
> 0070: AB D2 A2 DF B7 8B D0 C0 80 19 1C 45 C0 2D 8C E8 ...........E.-..
> 0080: F8 2D A4 74 56 49 C5 05 B5 4F 15 DE 6E 44 78 39 .-.tVI...O..nDx9
> 0090: 87 A8 7E BB F3 79 18 91 BB F4 6F 9D C1 F0 8C 35 .....y....o....5
> 00A0: 8C 5D 01 FB C3 6D B9 EF 44 6D 79 46 31 7E 0A FE .]...m..DmyF1...
> 00B0: A9 82 C1 FF EF AB 6E 20 C4 50 C9 5F 9D 4D 9B 17 ......n .P._.M..
> 00C0: 8C 0C E5 01 C9 A0 41 6A 73 53 FA A5 50 B4 6E 25 ......AjsS..P.n%
> 00D0: 0F FB 4C 18 F4 FD 52 D9 8E 69 B1 E8 11 0F DE 88 ..L...R..i......
> 00E0: D8 FB 1D 49 F7 AA DE 95 CF 20 78 C2 60 12 DB 25 ...I..... x.`..%
> 00F0: 40 8C 6A FC 7E 42 38 40 64 12 F7 9E 81 E1 93 2E @.j..B8@d.......
>
> ]
> main, READ: TLSv1 Handshake, length = 4
> *** ServerHelloDone
> *** ClientKeyExchange, RSA PreMasterSecret, TLSv1
> main, WRITE: TLSv1 Handshake, length = 262
> SESSION KEYGEN:
> PreMaster Secret:
> 0000: 03 01 21 B5 D6 C8 83 20 13 CE 9D 81 F5 A8 8A 41 ..!.... .......A
> 0010: DF 7C 00 1F DC 55 1E 03 F5 B9 A6 AE FE F5 EF 8F .....U..........
> 0020: D8 30 2C 83 3C 66 40 9E D2 EF 06 88 16 AB 4F 87 .0,.<f@.......O.
> CONNECTION KEYGEN:
> Client Nonce:
> 0000: 56 C9 33 40 B5 33 F0 5B D5 80 FD 82 AF 01 78 90 V.3@.3.[......x.
> 0010: AF 2F 54 FF 6E B0 5A 0C 01 DE 1A E4 D9 FD CC B7 ./T.n.Z.........
> Server Nonce:
> 0000: F1 37 7D EC 40 57 7E A9 83 A6 83 35 2F 74 84 7B .7..@W.....5/t..
> 0010: 60 EF D6 D4 CD E9 3C 2B 2F D7 2A F1 46 47 C1 A3 `.....<+/.*.FG..
> Master Secret:
> 0000: 6D 69 DA AA B3 B5 32 CB 23 3A 65 0E B9 82 0D A0 mi....2.#:e.....
> 0010: F1 BA CC 1D 5C 40 AE 40 5F A2 C5 93 4D 1A A0 4E ....\@.@_...M..N
> 0020: A0 87 22 6E FF D9 64 05 8F 92 EF 8D AE 07 49 54 .."n..d.......IT
> Client MAC write Secret:
> 0000: C8 43 0C 40 43 8B B0 CE 7A 2F 0E 1F 03 D3 54 B8 .C.@C...z/....T.
> 0010: DE 34 8F 90 .4..
> Server MAC write Secret:
> 0000: 6E 93 C2 22 EA EF 6B 2D 28 E1 65 8E 34 48 32 1E n.."..k-(.e.4H2.
> 0010: 95 21 57 ED .!W.
> Client write key:
> 0000: AE 53 70 D1 87 6C 8B 09 E0 17 84 19 F1 6E 48 47 .Sp..l.......nHG
> Server write key:
> 0000: 27 4C EC 7F 63 08 FA EA 47 FB 1C F3 05 90 D3 9E 'L..c...G.......
> Client write IV:
> 0000: CD FC 9B 82 6C 44 5E 83 FF 64 B1 B8 E1 76 87 97 ....lD^..d...v..
> Server write IV:
> 0000: 4F 4B 7D D1 22 0F 57 1A 87 8D 67 51 F1 95 87 EA OK..".W...gQ....
> main, WRITE: TLSv1 Change Cipher Spec, length = 1
> *** Finished
> verify_data: { 102, 197, 238, 191, 74, 233, 79, 51, 129, 63, 254, 62 }
> ***
> main, WRITE: TLSv1 Handshake, length = 48
> main, READ: TLSv1 Change Cipher Spec, length = 1
> main, READ: TLSv1 Handshake, length = 48
> *** Finished
> verify_data: { 126, 240, 234, 164, 31, 72, 200, 61, 37, 219, 129, 50 }
> ***
> %% Cached client session: [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]
> main, WRITE: TLSv1 Application Data, length = 176
> main, handling exception: java.net.SocketException: Connection reset
> %% Invalidated: [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]
> main, SEND TLSv1 ALERT: fatal, description = unexpected_message
> main, WRITE: TLSv1 Alert, length = 32
> main, Exception sending alert: java.net.SocketException: Connection reset
> by peer: socket write error
> main, called closeSocket()
> main, called close()
> main, called closeInternal(true)
>
>
>
--
Murat Balkan