You are viewing a plain text version of this content. The canonical link for it is here.
Posted to httpclient-users@hc.apache.org by Julius Davies <ju...@cucbc.com> on 2006/08/03 18:42:28 UTC
Re: endless handshake when using SSL with server and client
certificates through a proxy server
Hi, Aldo,
Can you try running the "Ping" utility I created inside my "commons-ssl"
proposal?
http://juliusdavies.ca/commons-ssl/
Download "commons-ssl.jar" and then try running:
java -jar commons-ssl.jar
That executes the org.apache.commons.ssl.Ping main method. It will give
you options for specifying a proxy and a client certificate. If the
connection succeeds it will write "HEAD / HTTP/1.1" to the server on the
other end.
If it doesn't work and the "endless handshake" still occurs, then
there's something wrong with Java. Try with a different version of Java
in that case.
yours,
Julius
----------------------------------------------------------------------------
"Ping" Utility Attempts "HEAD / HTTP/1.1" Request:
This utility is very handy because it can get you the server's public
certificate even if your client certificate is bad (so even though the
SSL handshake fails). And unlike "openssl s_client", this utility can
bind against any IP address available.
Usage: java -jar commons-ssl.jar [options]
Options: (*=required)
* -t --target [hostname[:port]] default port=443
-b --bind [hostname[:port]] default port=0 "ANY"
-r --proxy [hostname[:port]] default port=80
-c --client-cert [path to client certificate] *.jks or *.pfx
-p --password [client cert password]
Example:
java -jar commons-ssl.jar -t cucbc.com:443 -c ./client.pfx -p `cat ./pass.txt`
Note: *.pfx == *.p12 - same thing!
On Thu, 2006-03-08 at 18:43 +0530, Adalbert Wysocki wrote:
> Hi all,
>
> I am implementing a module using HTTPClient to perform secure HTTPS
> requests on a server site.
>
> The sever site offers a trusted by CA certificate and the authentication
> of the client on the server is performed using a digest authentication
> method or a client trusted by CA certificate.
>
> When requesting directly using either a client certificate or digest
> password based authentications everything is works fine.
>
> When requesting through a proxy server using digest password based
> authentication everything is works fine.
>
> When requesting through a proxy server using client certificate based
> authentication, the connection blocks on the handshake until the proxy
> server interrupts it reaching its timeout (360 sec...).
>
>
>
> I don't know at all the reason of this behavior except that it seems
> provoked by the client certificate!!!
>
> Here after the ssl negotiation log and the exception:
>
>
>
> Any ideas????
>
> Thanks for your HELP!!!
>
>
>
> Aldo
>
>
>
> -------------Start cp---------------
>
> ***
>
> found key for : testadapter
>
> chain [0] = [
>
> [
>
> Version: V3
>
> Subject: CN=XXX.com, OU=EAI, O=XXX Ltd, L=XXX, ST=XXX, C=CN
>
> Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
>
>
>
> Key: SunJSSE RSA public key:
>
> public exponent:
>
> 010001
>
> modulus:
>
> d2892103 c4a57723 e2817b08 fc5d1b09 f81d3e52 bd7fab19 1520381a
> d79d01b4
>
> 54aaeb1e 0ae46836 9f0f85d8 3c2299f3 a6f06fec c1fd7fdd 30ceb2e9
> 92b693d2
>
> 628a4341 1e5a7210 cec3209f 91161c60 a6c63994 0f096b86 9e48431d
> b1976f31
>
> 74c320a3 68567347 f3c744e2 090aec5a 203a9c3e 4eae6fb7 0b75e35e
> 8f956c41
>
> Validity: [From: Tue Feb 28 02:29:28 IST 2006,
>
> To: Wed Feb 28 02:56:28 IST 2007]
>
> Issuer: CN=Entrust.net Secure Server Certification Authority, OU=(c)
> 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits
> liab.), O=Entrust.net, C=US
>
> SerialNumber: [ 42863b9c]
>
>
>
> Certificate Extensions: 10
>
> [1]: ObjectId: 2.5.29.23 Criticality=false
>
> AuthorityKeyIdentifier [
>
> KeyIdentifier [
>
> 0000: F0 17 62 13 55 3D B3 FF 0A 00 6B FB 50 84 97 F3
> ..b.U=....k.P...
>
> 0010: ED 62 D0 1A .b..
>
> ]
>
>
>
> ]
>
>
>
> [2]: ObjectId: 1.2.840.113533.7.65.0 Criticality=false
>
> Extension unknown: DER encoded OCTET string =
>
> 0000: 04 0C 30 0A 1B 04 56 37 2E 31 03 02 03 28 ..0...V7.1...(
>
>
>
>
>
> [3]: ObjectId: 2.5.29.14 Criticality=false
>
> SubjectKeyIdentifier [
>
> KeyIdentifier [
>
> 0000: 6F B6 E1 43 AB E2 EF 41 6F 70 CA A5 78 04 E8 E4
> o..C...Aop..x...
>
> 0010: CD CF EA 0C ....
>
> ]
>
> ]
>
>
>
> [4]: ObjectId: 2.5.29.14 Criticality=false
>
> PrivateKeyUsage: [
>
> From: Tue Feb 28 02:20:28 IST 2006, To: Wed Feb 28 02:56:28 IST 2007]
>
>
>
> [5]: ObjectId: 2.5.29.32 Criticality=false
>
> CertificatePolicies [
>
> [CertificatePolicyId: [1.2.840.113533.7.75.2]
>
> [PolicyQualifierInfo: [
>
> qualifierID: 1.3.6.1.5.5.7.2.1
>
> qualifier: 0000: 16 1A 68 74 7A 70 3F 2F 2F 77 77 77 2E 65 6E 74
> ..http://www.ent
>
> 0010: 72 75 73 74 2E 6E 65 74 2F 63 70 73 rust.net/cps
>
>
>
> ], PolicyQualifierInfo: [
>
> qualifierID: 1.3.6.1.5.5.7.2.2
>
> qualifier: 0000: 30 82 01 0E 1A 82 01 0A 54 68 65 20 45 6E 74 72
> 0.......The Entr
>
> 0010: 75 73 74 30 53 53 4C 20 57 65 62 20 53 65 72 76 ust SSL Web
> Serv
>
> 0020: 65 72 20 43 65 72 74 69 66 69 63 61 74 69 6F 6E er
> Certification
>
> 0030: 20 50 72 61 63 74 65 63 65 20 53 74 61 74 65 6D Practice
> Statem
>
> 0040: 65 6E 74 20 28 43 20 53 29 20 61 76 61 69 6C 61 ent (CPS)
> availa
>
> 0050: 62 6C 65 20 61 74 20 77 77 77 2E 65 6E 74 72 75 ble at
> www.entru
>
> 0060: 73 74 2E 6E 65 74 2F 63 70 73 20 77 69 73 20 68 st.net/cps is
> h
>
> 0070: 65 72 65 62 79 20 69 6E 63 6F 72 70 6F 72 61 74 ereby
> incorporat
>
> 0080: 65 64 20 69 6E 74 6F 20 79 6F 75 72 20 75 73 65 ed into your
> use
>
> 0090: 20 6F 72 20 72 65 6C 69 61 6E 63 65 20 6F 6E 20 or reliance on
>
>
> 00A0: 74 68 69 73 20 43 65 72 74 69 66 69 63 61 74 65 this
> Certificate
>
> 00B0: 2E 20 20 54 68 69 73 20 43 50 53 20 63 6F 6E 74 . This CPS
> cont
>
> 00C0: 61 69 6E 73 20 6C 69 6D 69 74 61 74 69 6F 6E 73 ains
> limitations
>
> 00D0: 20 6F 6E 20 77 61 72 72 61 6E 74 69 65 73 20 61 on warranties
> a
>
> 00E0: 6E 64 20 6C 69 61 62 69 6C 69 74 69 65 73 2E 20 nd liabilities.
>
>
> 00F0: 43 6F 70 99 72 69 67 68 74 20 28 63 29 20 32 30 Copyright (c)
> 20
>
> 0100: 30 32 20 45 6E 74 72 75 73 74 20 4C 69 6D 69 74 02 Entrust
> Limit
>
> 0110: 65 64 ed
>
>
>
> ]] ]
>
> ]
>
>
>
> [6]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
>
> NetscapeCertType [
>
> SSL client
>
> SSL server
>
> ]
>
>
>
> [7]: ObjectId: 2.5.29.19 Criticality=false
>
> BasicConstraints:[
>
> CA:false
>
> PathLen: undefined
>
> ]
>
>
>
> [8]: ObjectId: 2.5.29.37 Criticality=false
>
> ExtendedKeyUsages [
>
> [1.3.6.1.5.5.7.3.1, 1.3.6.1.5.5.7.3.2]]
>
>
>
> [9]: ObjectId: 2.5.29.31 Criticality=false
>
> CRLDistributionPoints [
>
> [DistributionPoint:
>
> [URIName: http://crl.entrust.net/server1.crl]
>
> , DistributionPoint:
>
> [CN=CRL96, CN=Entrust.net Secure Server Certification Authority,
> OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref.
> (limits liab.), O=Entrust.net, C=US]
>
> ]]
>
>
>
> [10]: ObjectId: 2.5.29.15 Criticality=false
>
> KeyUsage [
>
> DigitalSignature
>
> Key_Encipherment
>
> ]
>
>
>
> ]
>
> Algorithm: [SHA1withRSA]
>
> Signature:
>
> 0000: 27 9F 50 5A 7A 40 CF 98 78 46 B6 29 5B E6 0C 27
> '.PZz@..xF.)[..'
>
> 0010: C8 38 35 89 97 BB 36 F0 42 E2 1C FD 33 DA E3 53
> .85...6.B...3..S
>
> 0020: FE 14 A3 80 E2 EC 69 F3 65 BA B7 7A A9 1B 4F 4C
> ......i.e..z..OL
>
> 0030: 63 2C 99 0E 46 5A 37 DD E3 0E 60 7E C9 74 49 51
> c,..FZ7...`..tIQ
>
> 0040: 75 23 81 DD 43 F4 E5 B1 FD F4 E6 3F CB 57 B5 35
> u#..C......?.W.5
>
> 0050: 70 9A 14 DB 04 DA 4B F3 3B 5B 19 89 CD 48 1B 5A
> p.....K.;[...H.Z
>
> 0060: DB D3 05 20 0A 64 91 0A 74 65 67 6C 81 2B E0 CD ...
> .d..tegl.+..
>
> 0070: 1A 51 9F 1A E3 51 20 E8 51 52 89 DA 33 FD 68 6D .Q...Q
> .QR..3.hm
>
>
>
> ]
>
> chain [1] = [
>
> [
>
> Version: V3
>
> Subject: CN=Entrust.net Secure Server Certification Authority, OU=(c)
> 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits
> liab.), O=Entrust.net, C=US
>
> Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
>
>
>
> Key: SunJSSE RSA public key:
>
> public exponent:
>
> 03
>
> modulus:
>
> cd288334 541b89f3 0faf3791 31ffaf31 60c9a8e8 b21068ed 9fe79336
> f10a64bb
>
> 47f50417 3f23474d c5271981 260c5472 0d882dd9 1f9a129f bcb371d3
> 80193f47
>
> 667b8c35 28d2b90a df24da9c d6507981 7a5ad337 f7c24ad8 29922664
> d1e4986c
>
> 3a008af5 349b65f8 ede310ff fdb84958 dca0de82 396b81b1 161961b9
> 54b6e643
>
> Validity: [From: Tue May 25 21:39:40 IST 1999,
>
> To: Sat May 25 22:09:40 IST 2019]
>
> Issuer: CN=Entrust.net Secure Server Certification Authority, OU=(c)
> 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits
> liab.), O=Entrust.net, C=US
>
> SerialNumber: [ 374ad243]
>
>
>
> Certificate Extensions: 8
>
> [1]: ObjectId: 1.2.840.113533.7.65.0 Criticality=false
>
> Extension unknown: DER encoded OCTET string =
>
> 0000: 04 0C 30 0A 1B 04 56 34 2E 30 03 02 04 90 ..0...V4.0....
>
>
>
>
>
> [2]: ObjectId: 2.5.29.14 Criticality=false
>
> SubjectKeyIdentifier [
>
> KeyIdentifier [
>
> 0000: F0 17 62 13 55 3D B3 FF 0A 00 6B FB 50 84 97 F3
> ..b.U=....k.P...
>
> 0010: ED 62 D0 1A .b..
>
> ]
>
> ]
>
>
>
> [3]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
>
> NetscapeCertType [
>
> SSL CA
>
> S/MIME CA
>
> Object Signing CA]
>
>
>
> [4]: ObjectId: 2.5.29.35 Criticality=false
>
> AuthorityKeyIdentifier [
>
> KeyIdentifier [
>
> 0000: F0 17 62 13 55 3D B3 FF 0A 00 6B FB 50 84 97 F3
> ..b.U=....k.P...
>
> 0010: ED 62 D0 1A .b..
>
> ]
>
>
>
> ]
>
>
>
> [5]: ObjectId: 2.5.29.31 Criticality=false
>
> CRLDistributionPoints [
>
> [DistributionPoint:
>
> [CN=CRL1, CN=Entrust.net Secure Server Certification Authority,
> OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref.
> (limits liab.), O=Entrust.net, C=US]
>
> , DistributionPoint:
>
> [URIName: http://www.entrust.net/CRL/net1.crl]
>
> ]]
>
>
>
> [6]: ObjectId: 2.5.29.15 Criticality=false
>
> KeyUsage [
>
> Key_CertSign
>
> Crl_Sign
>
> ]
>
>
>
> [7]: ObjectId: 2.5.29.16 Criticality=false
>
> PrivateKeyUsage: [
>
> From: Tue May 25 21:39:40 IST 1999, To: Sat May 25 21:39:40 IST 2019]
>
>
>
> [8]: ObjectId: 2.5.29.19 Criticality=false
>
> BasicConstraints:[
>
> CA:true
>
> PathLen:2147483647
>
> ]
>
>
>
> ]
>
> Algorithm: [SHA1withRSA]
>
> Signature:
>
> 0000: 90 DC 30 02 FA 64 74 C2 A7 0A A5 7C 21 8D 34 17
> ..0..dt.....!.4.
>
> 0010: A8 FB 47 0E FF 25 7C 8D 13 0A FB E4 98 B5 EF 8C
> ..G..%..........
>
> 0020: F8 C5 10 0D F7 92 BE F1 C3 D5 D5 95 6A 04 BB 2C
> ............j..,
>
> 0030: CE 26 36 65 C8 31 C6 E7 EE 3F E3 57 75 84 7A 11
> .&6e.1...?.Wu.z.
>
> 0040: EF 46 4F 18 F4 D3 98 BB A8 87 32 BA 72 F6 3C E2
> .FO.......2.r.<.
>
> 0050: 3D 9F D7 1D D9 C3 60 43 8C 58 0E 22 96 2F 62 A3
> =.....`C.X."./b.
>
> 0060: 2C 1F BA AD 05 EF AB 32 78 87 A0 54 73 19 B5 5C
> ,......2x..Ts..\
>
> 0070: 05 F9 52 3E 6D 2D 45 0B F7 0A 93 EA ED 06 F9 B2
> ..R>m-E.........
>
>
>
> ]
>
> ***
>
> trustStore is: C:\devtools\jdk1.4.2_02\jre\lib\security\cacerts
>
> trustStore type is : jks
>
> init truststore
>
> adding as trusted cert:
>
> Subject: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium
> Server CA, OU=Certification Services Division, O=Thawte Consulting cc,
> L=Cape Town, ST=Western Cape, C=ZA
>
> Issuer: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium
> Server CA, OU=Certification Services Division, O=Thawte Consulting cc,
> L=Cape Town, ST=Western Cape, C=ZA
>
> Algorithm: RSA; Serial number: 0x1
>
> Valid from Thu Aug 01 05:30:00 IST 1996 until Fri Jan 01 05:29:59 IST
> 2021
>
>
>
> adding as trusted cert:
>
> Subject: OU=Secure Server Certification Authority, O="RSA Data
> Security, Inc.", C=US
>
> Issuer: OU=Secure Server Certification Authority, O="RSA Data
> Security, Inc.", C=US
>
> Algorithm: RSA; Serial number: 0x2ad667e4e45fe5e576f3c98195eddc0
>
> Valid from Wed Nov 09 05:30:00 IST 1994 until Fri Jan 08 05:29:59 IST
> 2010
>
>
>
> adding as trusted cert:
>
> Subject: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust,
> O=Baltimore, C=IE
>
> Issuer: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust,
> O=Baltimore, C=IE
>
> Algorithm: RSA; Serial number: 0x20000bf
>
> Valid from Wed May 17 19:31:00 IST 2000 until Sun May 18 05:29:00 IST
> 2025
>
>
>
> adding as trusted cert:
>
> Subject: CN=Entrust.net Secure Server Certification Authority, OU=(c)
> 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits
> liab.), O=Entrust.net, C=US
>
> Issuer: CN=Entrust.net Secure Server Certification Authority, OU=(c)
> 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits
> liab.), O=Entrust.net, C=US
>
> Algorithm: RSA; Serial number: 0x374ad243
>
> Valid from Tue May 25 21:39:40 IST 1999 until Sat May 25 22:09:40 IST
> 2019
>
>
>
> adding as trusted cert:
>
> Subject: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore,
> C=IE
>
> Issuer: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore,
> C=IE
>
> Algorithm: RSA; Serial number: 0x20000b9
>
> Valid from Sat May 13 00:16:00 IST 2000 until Tue May 13 05:29:00 IST
> 2025
>
>
>
> adding as trusted cert:
>
> Subject: CN=Entrust.net Client Certification Authority, OU=(c) 1999
> Entrust.net Limited, OU=www.entrust.net/Client_CA_Info/CPS incorp. by
> ref. limits liab., O=Entrust.net, C=US
>
> Issuer: CN=Entrust.net Client Certification Authority, OU=(c) 1999
> Entrust.net Limited, OU=www.entrust.net/Client_CA_Info/CPS incorp. by
> ref. limits liab., O=Entrust.net, C=US
>
> Algorithm: RSA; Serial number: 0x380391ee
>
> Valid from Wed Oct 13 00:54:30 IST 1999 until Sun Oct 13 01:24:30 IST
> 2019
>
>
>
> adding as trusted cert:
>
> Subject: CN=Entrust.net Client Certification Authority, OU=(c) 2000
> Entrust.net Limited, OU=www.entrust.net/GCCA_CPS incorp. by ref. (limits
> liab.), O=Entrust.net
>
> Issuer: CN=Entrust.net Client Certification Authority, OU=(c) 2000
> Entrust.net Limited, OU=www.entrust.net/GCCA_CPS incorp. by ref. (limits
> liab.), O=Entrust.net
>
> Algorithm: RSA; Serial number: 0x389ef6e4
>
> Valid from Mon Feb 07 21:46:40 IST 2000 until Fri Feb 07 22:16:40 IST
> 2020
>
>
>
> adding as trusted cert:
>
> Subject: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions,
> Inc.", O=GTE Corporation, C=US
>
> Issuer: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions,
> Inc.", O=GTE Corporation, C=US
>
> Algorithm: RSA; Serial number: 0x1a5
>
> Valid from Thu Aug 13 05:59:00 IST 1998 until Tue Aug 14 05:29:00 IST
> 2018
>
>
>
> adding as trusted cert:
>
> Subject: EMAILADDRESS=server-certs@thawte.com, CN=Thawte Server CA,
> OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town,
> ST=Western Cape, C=ZA
>
> Issuer: EMAILADDRESS=server-certs@thawte.com, CN=Thawte Server CA,
> OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town,
> ST=Western Cape, C=ZA
>
> Algorithm: RSA; Serial number: 0x1
>
> Valid from Thu Aug 01 05:30:00 IST 1996 until Fri Jan 01 05:29:59 IST
> 2021
>
>
>
> adding as trusted cert:
>
> Subject: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
>
> Issuer: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
>
> Algorithm: RSA; Serial number: 0x23456
>
> Valid from Tue May 21 09:30:00 IST 2002 until Sat May 21 09:30:00 IST
> 2022
>
>
>
> adding as trusted cert:
>
> Subject: CN=Entrust.net Certification Authority (2048), OU=(c) 1999
> Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits
> liab.), O=Entrust.net
>
> Issuer: CN=Entrust.net Certification Authority (2048), OU=(c) 1999
> Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits
> liab.), O=Entrust.net
>
> Algorithm: RSA; Serial number: 0x3863b966
>
> Valid from Fri Dec 24 23:20:51 IST 1999 until Tue Dec 24 23:50:51 IST
> 2019
>
>
>
> adding as trusted cert:
>
> Subject: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure
> Inc., C=US
>
> Issuer: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure
> Inc., C=US
>
> Algorithm: RSA; Serial number: 0x1
>
> Valid from Mon Jun 21 09:30:00 IST 1999 until Sun Jun 21 09:30:00 IST
> 2020
>
>
>
> adding as trusted cert:
>
> Subject: EMAILADDRESS=personal-basic@thawte.com, CN=Thawte Personal
> Basic CA, OU=Certification Services Division, O=Thawte Consulting,
> L=Cape Town, ST=Western Cape, C=ZA
>
> Issuer: EMAILADDRESS=personal-basic@thawte.com, CN=Thawte Personal
> Basic CA, OU=Certification Services Division, O=Thawte Consulting,
> L=Cape Town, ST=Western Cape, C=ZA
>
> Algorithm: RSA; Serial number: 0x0
>
> Valid from Mon Jan 01 05:30:00 IST 1996 until Fri Jan 01 05:29:59 IST
> 2021
>
>
>
> adding as trusted cert:
>
> Subject: OU=Equifax Secure eBusiness CA-2, O=Equifax Secure, C=US
>
> Issuer: OU=Equifax Secure eBusiness CA-2, O=Equifax Secure, C=US
>
> Algorithm: RSA; Serial number: 0x3770cfb5
>
> Valid from Wed Jun 23 17:44:45 IST 1999 until Sun Jun 23 17:44:45 IST
> 2019
>
>
>
> adding as trusted cert:
>
> Subject: OU=Class 1 Public Primary Certification Authority,
> O="VeriSign, Inc.", C=US
>
> Issuer: OU=Class 1 Public Primary Certification Authority,
> O="VeriSign, Inc.", C=US
>
> Algorithm: RSA; Serial number: 0x325033cf50d156f35c81ad655c4fc825
>
> Valid from Mon Jan 29 05:30:00 IST 1996 until Wed Jan 08 05:29:59 IST
> 2020
>
>
>
> adding as trusted cert:
>
> Subject: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
>
> Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
>
> Algorithm: RSA; Serial number: 0x35def4cf
>
> Valid from Sat Aug 22 22:11:51 IST 1998 until Wed Aug 22 22:11:51 IST
> 2018
>
>
>
> adding as trusted cert:
>
> Subject: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US
>
> Issuer: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US
>
> Algorithm: RSA; Serial number: 0x4
>
> Valid from Mon Jun 21 09:30:00 IST 1999 until Sun Jun 21 09:30:00 IST
> 2020
>
>
>
> adding as trusted cert:
>
> Subject: EMAILADDRESS=personal-freemail@thawte.com, CN=Thawte Personal
> Freemail CA, OU=Certification Services Division, O=Thawte Consulting,
> L=Cape Town, ST=Western Cape, C=ZA
>
> Issuer: EMAILADDRESS=personal-freemail@thawte.com, CN=Thawte Personal
> Freemail CA, OU=Certification Services Division, O=Thawte Consulting,
> L=Cape Town, ST=Western Cape, C=ZA
>
> Algorithm: RSA; Serial number: 0x0
>
> Valid from Mon Jan 01 05:30:00 IST 1996 until Fri Jan 01 05:29:59 IST
> 2021
>
>
>
> adding as trusted cert:
>
> Subject: EMAILADDRESS=personal-premium@thawte.com, CN=Thawte Personal
> Premium CA, OU=Certification Services Division, O=Thawte Consulting,
> L=Cape Town, ST=Western Cape, C=ZA
>
> Issuer: EMAILADDRESS=personal-premium@thawte.com, CN=Thawte Personal
> Premium CA, OU=Certification Services Division, O=Thawte Consulting,
> L=Cape Town, ST=Western Cape, C=ZA
>
> Algorithm: RSA; Serial number: 0x0
>
> Valid from Mon Jan 01 05:30:00 IST 1996 until Fri Jan 01 05:29:59 IST
> 2021
>
>
>
> adding as trusted cert:
>
> Subject: CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions,
> Inc.", O=GTE Corporation, C=US
>
> Issuer: CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions,
> Inc.", O=GTE Corporation, C=US
>
> Algorithm: RSA; Serial number: 0x1b6
>
> Valid from Fri Aug 14 20:20:00 IST 1998 until Thu Aug 15 05:29:00 IST
> 2013
>
>
>
> adding as trusted cert:
>
> Subject: CN=Entrust.net Secure Server Certification Authority, OU=(c)
> 2000 Entrust.net Limited, OU=www.entrust.net/SSL_CPS incorp. by ref.
> (limits liab.), O=Entrust.net
>
> Issuer: CN=Entrust.net Secure Server Certification Authority, OU=(c)
> 2000 Entrust.net Limited, OU=www.entrust.net/SSL_CPS incorp. by ref.
> (limits liab.), O=Entrust.net
>
> Algorithm: RSA; Serial number: 0x389b113c
>
> Valid from Fri Feb 04 22:50:00 IST 2000 until Tue Feb 04 23:20:00 IST
> 2020
>
>
>
> trigger seeding of SecureRandom
>
> done seeding SecureRandom
>
> setSoTimeout(0) called
>
> setSoTimeout(0) called
>
> %% No cached client session
>
> *** ClientHello, TLSv1
>
> RandomCookie: GMT: 1137760405 bytes = { 108, 80, 166, 213, 128, 139,
> 59, 115, 186, 225, 216, 239, 227, 158, 37, 255, 67, 12, 237, 57, 159,
> 165, 129, 33, 130, 246, 214, 76 }
>
> Session ID: {}
>
> Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA,
> TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
> TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
> SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
> SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA,
> SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5,
> SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,
> SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
> SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
>
> Compression Methods: { 0 }
>
> ***
>
> main, WRITE: TLSv1 Handshake, length = 73
>
> main, WRITE: SSLv2 client hello message, length = 98
>
> main, received EOFException: error
>
> com.testpckg.TestClassException: Cannot connect to the target server
>
> main, handling exception: javax.net.ssl.SSLHandshakeException: Remote
> host closed connection during handshake
>
> main, SEND TLSv1 ALERT: fatal, description = handshake_failure
>
> main, WRITE: TLSv1 Alert, length = 2
>
> main, called closeSocket()
>
> main, called close()
>
> main, called closeInternal(true)
>
> main, called close()
>
> main, called closeInternal(true)
>
> main, called close()
>
> main, called closeInternal(true)
>
>
>
>
>
--
Julius Davies
Senior Application Developer, Technology Services
Credit Union Central of British Columbia
http://www.cucbc.com/
Tel: 604-730-6385
Cel: 604-868-7571
Fax: 604-737-5910
1441 Creekside Drive
Vancouver, BC
Canada
V6J 4S7
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org