You are viewing a plain text version of this content. The canonical link for it is here.
Posted to httpclient-users@hc.apache.org by Adalbert Wysocki <aw...@ariba.com> on 2006/08/03 15:13:34 UTC
endless handshake when using SSL with server and client certificates through a proxy server
Hi all,
I am implementing a module using HTTPClient to perform secure HTTPS
requests on a server site.
The sever site offers a trusted by CA certificate and the authentication
of the client on the server is performed using a digest authentication
method or a client trusted by CA certificate.
When requesting directly using either a client certificate or digest
password based authentications everything is works fine.
When requesting through a proxy server using digest password based
authentication everything is works fine.
When requesting through a proxy server using client certificate based
authentication, the connection blocks on the handshake until the proxy
server interrupts it reaching its timeout (360 sec...).
I don't know at all the reason of this behavior except that it seems
provoked by the client certificate!!!
Here after the ssl negotiation log and the exception:
Any ideas????
Thanks for your HELP!!!
Aldo
-------------Start cp---------------
***
found key for : testadapter
chain [0] = [
[
Version: V3
Subject: CN=XXX.com, OU=EAI, O=XXX Ltd, L=XXX, ST=XXX, C=CN
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: SunJSSE RSA public key:
public exponent:
010001
modulus:
d2892103 c4a57723 e2817b08 fc5d1b09 f81d3e52 bd7fab19 1520381a
d79d01b4
54aaeb1e 0ae46836 9f0f85d8 3c2299f3 a6f06fec c1fd7fdd 30ceb2e9
92b693d2
628a4341 1e5a7210 cec3209f 91161c60 a6c63994 0f096b86 9e48431d
b1976f31
74c320a3 68567347 f3c744e2 090aec5a 203a9c3e 4eae6fb7 0b75e35e
8f956c41
Validity: [From: Tue Feb 28 02:29:28 IST 2006,
To: Wed Feb 28 02:56:28 IST 2007]
Issuer: CN=Entrust.net Secure Server Certification Authority, OU=(c)
1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits
liab.), O=Entrust.net, C=US
SerialNumber: [ 42863b9c]
Certificate Extensions: 10
[1]: ObjectId: 2.5.29.23 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: F0 17 62 13 55 3D B3 FF 0A 00 6B FB 50 84 97 F3
..b.U=....k.P...
0010: ED 62 D0 1A .b..
]
]
[2]: ObjectId: 1.2.840.113533.7.65.0 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 0C 30 0A 1B 04 56 37 2E 31 03 02 03 28 ..0...V7.1...(
[3]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 6F B6 E1 43 AB E2 EF 41 6F 70 CA A5 78 04 E8 E4
o..C...Aop..x...
0010: CD CF EA 0C ....
]
]
[4]: ObjectId: 2.5.29.14 Criticality=false
PrivateKeyUsage: [
From: Tue Feb 28 02:20:28 IST 2006, To: Wed Feb 28 02:56:28 IST 2007]
[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [1.2.840.113533.7.75.2]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1A 68 74 7A 70 3F 2F 2F 77 77 77 2E 65 6E 74
..http://www.ent
0010: 72 75 73 74 2E 6E 65 74 2F 63 70 73 rust.net/cps
], PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.2
qualifier: 0000: 30 82 01 0E 1A 82 01 0A 54 68 65 20 45 6E 74 72
0.......The Entr
0010: 75 73 74 30 53 53 4C 20 57 65 62 20 53 65 72 76 ust SSL Web
Serv
0020: 65 72 20 43 65 72 74 69 66 69 63 61 74 69 6F 6E er
Certification
0030: 20 50 72 61 63 74 65 63 65 20 53 74 61 74 65 6D Practice
Statem
0040: 65 6E 74 20 28 43 20 53 29 20 61 76 61 69 6C 61 ent (CPS)
availa
0050: 62 6C 65 20 61 74 20 77 77 77 2E 65 6E 74 72 75 ble at
www.entru
0060: 73 74 2E 6E 65 74 2F 63 70 73 20 77 69 73 20 68 st.net/cps is
h
0070: 65 72 65 62 79 20 69 6E 63 6F 72 70 6F 72 61 74 ereby
incorporat
0080: 65 64 20 69 6E 74 6F 20 79 6F 75 72 20 75 73 65 ed into your
use
0090: 20 6F 72 20 72 65 6C 69 61 6E 63 65 20 6F 6E 20 or reliance on
00A0: 74 68 69 73 20 43 65 72 74 69 66 69 63 61 74 65 this
Certificate
00B0: 2E 20 20 54 68 69 73 20 43 50 53 20 63 6F 6E 74 . This CPS
cont
00C0: 61 69 6E 73 20 6C 69 6D 69 74 61 74 69 6F 6E 73 ains
limitations
00D0: 20 6F 6E 20 77 61 72 72 61 6E 74 69 65 73 20 61 on warranties
a
00E0: 6E 64 20 6C 69 61 62 69 6C 69 74 69 65 73 2E 20 nd liabilities.
00F0: 43 6F 70 99 72 69 67 68 74 20 28 63 29 20 32 30 Copyright (c)
20
0100: 30 32 20 45 6E 74 72 75 73 74 20 4C 69 6D 69 74 02 Entrust
Limit
0110: 65 64 ed
]] ]
]
[6]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL client
SSL server
]
[7]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
]
[8]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
[1.3.6.1.5.5.7.3.1, 1.3.6.1.5.5.7.3.2]]
[9]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.entrust.net/server1.crl]
, DistributionPoint:
[CN=CRL96, CN=Entrust.net Secure Server Certification Authority,
OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref.
(limits liab.), O=Entrust.net, C=US]
]]
[10]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Key_Encipherment
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 27 9F 50 5A 7A 40 CF 98 78 46 B6 29 5B E6 0C 27
'.PZz@..xF.)[..'
0010: C8 38 35 89 97 BB 36 F0 42 E2 1C FD 33 DA E3 53
.85...6.B...3..S
0020: FE 14 A3 80 E2 EC 69 F3 65 BA B7 7A A9 1B 4F 4C
......i.e..z..OL
0030: 63 2C 99 0E 46 5A 37 DD E3 0E 60 7E C9 74 49 51
c,..FZ7...`..tIQ
0040: 75 23 81 DD 43 F4 E5 B1 FD F4 E6 3F CB 57 B5 35
u#..C......?.W.5
0050: 70 9A 14 DB 04 DA 4B F3 3B 5B 19 89 CD 48 1B 5A
p.....K.;[...H.Z
0060: DB D3 05 20 0A 64 91 0A 74 65 67 6C 81 2B E0 CD ...
.d..tegl.+..
0070: 1A 51 9F 1A E3 51 20 E8 51 52 89 DA 33 FD 68 6D .Q...Q
.QR..3.hm
]
chain [1] = [
[
Version: V3
Subject: CN=Entrust.net Secure Server Certification Authority, OU=(c)
1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits
liab.), O=Entrust.net, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: SunJSSE RSA public key:
public exponent:
03
modulus:
cd288334 541b89f3 0faf3791 31ffaf31 60c9a8e8 b21068ed 9fe79336
f10a64bb
47f50417 3f23474d c5271981 260c5472 0d882dd9 1f9a129f bcb371d3
80193f47
667b8c35 28d2b90a df24da9c d6507981 7a5ad337 f7c24ad8 29922664
d1e4986c
3a008af5 349b65f8 ede310ff fdb84958 dca0de82 396b81b1 161961b9
54b6e643
Validity: [From: Tue May 25 21:39:40 IST 1999,
To: Sat May 25 22:09:40 IST 2019]
Issuer: CN=Entrust.net Secure Server Certification Authority, OU=(c)
1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits
liab.), O=Entrust.net, C=US
SerialNumber: [ 374ad243]
Certificate Extensions: 8
[1]: ObjectId: 1.2.840.113533.7.65.0 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 0C 30 0A 1B 04 56 34 2E 30 03 02 04 90 ..0...V4.0....
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: F0 17 62 13 55 3D B3 FF 0A 00 6B FB 50 84 97 F3
..b.U=....k.P...
0010: ED 62 D0 1A .b..
]
]
[3]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL CA
S/MIME CA
Object Signing CA]
[4]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: F0 17 62 13 55 3D B3 FF 0A 00 6B FB 50 84 97 F3
..b.U=....k.P...
0010: ED 62 D0 1A .b..
]
]
[5]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[CN=CRL1, CN=Entrust.net Secure Server Certification Authority,
OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref.
(limits liab.), O=Entrust.net, C=US]
, DistributionPoint:
[URIName: http://www.entrust.net/CRL/net1.crl]
]]
[6]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
Key_CertSign
Crl_Sign
]
[7]: ObjectId: 2.5.29.16 Criticality=false
PrivateKeyUsage: [
From: Tue May 25 21:39:40 IST 1999, To: Sat May 25 21:39:40 IST 2019]
[8]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 90 DC 30 02 FA 64 74 C2 A7 0A A5 7C 21 8D 34 17
..0..dt.....!.4.
0010: A8 FB 47 0E FF 25 7C 8D 13 0A FB E4 98 B5 EF 8C
..G..%..........
0020: F8 C5 10 0D F7 92 BE F1 C3 D5 D5 95 6A 04 BB 2C
............j..,
0030: CE 26 36 65 C8 31 C6 E7 EE 3F E3 57 75 84 7A 11
.&6e.1...?.Wu.z.
0040: EF 46 4F 18 F4 D3 98 BB A8 87 32 BA 72 F6 3C E2
.FO.......2.r.<.
0050: 3D 9F D7 1D D9 C3 60 43 8C 58 0E 22 96 2F 62 A3
=.....`C.X."./b.
0060: 2C 1F BA AD 05 EF AB 32 78 87 A0 54 73 19 B5 5C
,......2x..Ts..\
0070: 05 F9 52 3E 6D 2D 45 0B F7 0A 93 EA ED 06 F9 B2
..R>m-E.........
]
***
trustStore is: C:\devtools\jdk1.4.2_02\jre\lib\security\cacerts
trustStore type is : jks
init truststore
adding as trusted cert:
Subject: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium
Server CA, OU=Certification Services Division, O=Thawte Consulting cc,
L=Cape Town, ST=Western Cape, C=ZA
Issuer: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium
Server CA, OU=Certification Services Division, O=Thawte Consulting cc,
L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x1
Valid from Thu Aug 01 05:30:00 IST 1996 until Fri Jan 01 05:29:59 IST
2021
adding as trusted cert:
Subject: OU=Secure Server Certification Authority, O="RSA Data
Security, Inc.", C=US
Issuer: OU=Secure Server Certification Authority, O="RSA Data
Security, Inc.", C=US
Algorithm: RSA; Serial number: 0x2ad667e4e45fe5e576f3c98195eddc0
Valid from Wed Nov 09 05:30:00 IST 1994 until Fri Jan 08 05:29:59 IST
2010
adding as trusted cert:
Subject: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust,
O=Baltimore, C=IE
Issuer: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust,
O=Baltimore, C=IE
Algorithm: RSA; Serial number: 0x20000bf
Valid from Wed May 17 19:31:00 IST 2000 until Sun May 18 05:29:00 IST
2025
adding as trusted cert:
Subject: CN=Entrust.net Secure Server Certification Authority, OU=(c)
1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits
liab.), O=Entrust.net, C=US
Issuer: CN=Entrust.net Secure Server Certification Authority, OU=(c)
1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits
liab.), O=Entrust.net, C=US
Algorithm: RSA; Serial number: 0x374ad243
Valid from Tue May 25 21:39:40 IST 1999 until Sat May 25 22:09:40 IST
2019
adding as trusted cert:
Subject: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore,
C=IE
Issuer: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore,
C=IE
Algorithm: RSA; Serial number: 0x20000b9
Valid from Sat May 13 00:16:00 IST 2000 until Tue May 13 05:29:00 IST
2025
adding as trusted cert:
Subject: CN=Entrust.net Client Certification Authority, OU=(c) 1999
Entrust.net Limited, OU=www.entrust.net/Client_CA_Info/CPS incorp. by
ref. limits liab., O=Entrust.net, C=US
Issuer: CN=Entrust.net Client Certification Authority, OU=(c) 1999
Entrust.net Limited, OU=www.entrust.net/Client_CA_Info/CPS incorp. by
ref. limits liab., O=Entrust.net, C=US
Algorithm: RSA; Serial number: 0x380391ee
Valid from Wed Oct 13 00:54:30 IST 1999 until Sun Oct 13 01:24:30 IST
2019
adding as trusted cert:
Subject: CN=Entrust.net Client Certification Authority, OU=(c) 2000
Entrust.net Limited, OU=www.entrust.net/GCCA_CPS incorp. by ref. (limits
liab.), O=Entrust.net
Issuer: CN=Entrust.net Client Certification Authority, OU=(c) 2000
Entrust.net Limited, OU=www.entrust.net/GCCA_CPS incorp. by ref. (limits
liab.), O=Entrust.net
Algorithm: RSA; Serial number: 0x389ef6e4
Valid from Mon Feb 07 21:46:40 IST 2000 until Fri Feb 07 22:16:40 IST
2020
adding as trusted cert:
Subject: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions,
Inc.", O=GTE Corporation, C=US
Issuer: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions,
Inc.", O=GTE Corporation, C=US
Algorithm: RSA; Serial number: 0x1a5
Valid from Thu Aug 13 05:59:00 IST 1998 until Tue Aug 14 05:29:00 IST
2018
adding as trusted cert:
Subject: EMAILADDRESS=server-certs@thawte.com, CN=Thawte Server CA,
OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town,
ST=Western Cape, C=ZA
Issuer: EMAILADDRESS=server-certs@thawte.com, CN=Thawte Server CA,
OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town,
ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x1
Valid from Thu Aug 01 05:30:00 IST 1996 until Fri Jan 01 05:29:59 IST
2021
adding as trusted cert:
Subject: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
Issuer: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
Algorithm: RSA; Serial number: 0x23456
Valid from Tue May 21 09:30:00 IST 2002 until Sat May 21 09:30:00 IST
2022
adding as trusted cert:
Subject: CN=Entrust.net Certification Authority (2048), OU=(c) 1999
Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits
liab.), O=Entrust.net
Issuer: CN=Entrust.net Certification Authority (2048), OU=(c) 1999
Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits
liab.), O=Entrust.net
Algorithm: RSA; Serial number: 0x3863b966
Valid from Fri Dec 24 23:20:51 IST 1999 until Tue Dec 24 23:50:51 IST
2019
adding as trusted cert:
Subject: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure
Inc., C=US
Issuer: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure
Inc., C=US
Algorithm: RSA; Serial number: 0x1
Valid from Mon Jun 21 09:30:00 IST 1999 until Sun Jun 21 09:30:00 IST
2020
adding as trusted cert:
Subject: EMAILADDRESS=personal-basic@thawte.com, CN=Thawte Personal
Basic CA, OU=Certification Services Division, O=Thawte Consulting,
L=Cape Town, ST=Western Cape, C=ZA
Issuer: EMAILADDRESS=personal-basic@thawte.com, CN=Thawte Personal
Basic CA, OU=Certification Services Division, O=Thawte Consulting,
L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x0
Valid from Mon Jan 01 05:30:00 IST 1996 until Fri Jan 01 05:29:59 IST
2021
adding as trusted cert:
Subject: OU=Equifax Secure eBusiness CA-2, O=Equifax Secure, C=US
Issuer: OU=Equifax Secure eBusiness CA-2, O=Equifax Secure, C=US
Algorithm: RSA; Serial number: 0x3770cfb5
Valid from Wed Jun 23 17:44:45 IST 1999 until Sun Jun 23 17:44:45 IST
2019
adding as trusted cert:
Subject: OU=Class 1 Public Primary Certification Authority,
O="VeriSign, Inc.", C=US
Issuer: OU=Class 1 Public Primary Certification Authority,
O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x325033cf50d156f35c81ad655c4fc825
Valid from Mon Jan 29 05:30:00 IST 1996 until Wed Jan 08 05:29:59 IST
2020
adding as trusted cert:
Subject: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
Algorithm: RSA; Serial number: 0x35def4cf
Valid from Sat Aug 22 22:11:51 IST 1998 until Wed Aug 22 22:11:51 IST
2018
adding as trusted cert:
Subject: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US
Issuer: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US
Algorithm: RSA; Serial number: 0x4
Valid from Mon Jun 21 09:30:00 IST 1999 until Sun Jun 21 09:30:00 IST
2020
adding as trusted cert:
Subject: EMAILADDRESS=personal-freemail@thawte.com, CN=Thawte Personal
Freemail CA, OU=Certification Services Division, O=Thawte Consulting,
L=Cape Town, ST=Western Cape, C=ZA
Issuer: EMAILADDRESS=personal-freemail@thawte.com, CN=Thawte Personal
Freemail CA, OU=Certification Services Division, O=Thawte Consulting,
L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x0
Valid from Mon Jan 01 05:30:00 IST 1996 until Fri Jan 01 05:29:59 IST
2021
adding as trusted cert:
Subject: EMAILADDRESS=personal-premium@thawte.com, CN=Thawte Personal
Premium CA, OU=Certification Services Division, O=Thawte Consulting,
L=Cape Town, ST=Western Cape, C=ZA
Issuer: EMAILADDRESS=personal-premium@thawte.com, CN=Thawte Personal
Premium CA, OU=Certification Services Division, O=Thawte Consulting,
L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x0
Valid from Mon Jan 01 05:30:00 IST 1996 until Fri Jan 01 05:29:59 IST
2021
adding as trusted cert:
Subject: CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions,
Inc.", O=GTE Corporation, C=US
Issuer: CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions,
Inc.", O=GTE Corporation, C=US
Algorithm: RSA; Serial number: 0x1b6
Valid from Fri Aug 14 20:20:00 IST 1998 until Thu Aug 15 05:29:00 IST
2013
adding as trusted cert:
Subject: CN=Entrust.net Secure Server Certification Authority, OU=(c)
2000 Entrust.net Limited, OU=www.entrust.net/SSL_CPS incorp. by ref.
(limits liab.), O=Entrust.net
Issuer: CN=Entrust.net Secure Server Certification Authority, OU=(c)
2000 Entrust.net Limited, OU=www.entrust.net/SSL_CPS incorp. by ref.
(limits liab.), O=Entrust.net
Algorithm: RSA; Serial number: 0x389b113c
Valid from Fri Feb 04 22:50:00 IST 2000 until Tue Feb 04 23:20:00 IST
2020
trigger seeding of SecureRandom
done seeding SecureRandom
setSoTimeout(0) called
setSoTimeout(0) called
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1137760405 bytes = { 108, 80, 166, 213, 128, 139,
59, 115, 186, 225, 216, 239, 227, 158, 37, 255, 67, 12, 237, 57, 159,
165, 129, 33, 130, 246, 214, 76 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA,
SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5,
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
***
main, WRITE: TLSv1 Handshake, length = 73
main, WRITE: SSLv2 client hello message, length = 98
main, received EOFException: error
com.testpckg.TestClassException: Cannot connect to the target server
main, handling exception: javax.net.ssl.SSLHandshakeException: Remote
host closed connection during handshake
main, SEND TLSv1 ALERT: fatal, description = handshake_failure
main, WRITE: TLSv1 Alert, length = 2
main, called closeSocket()
main, called close()
main, called closeInternal(true)
main, called close()
main, called closeInternal(true)
main, called close()
main, called closeInternal(true)
Re: endless handshake when using SSL with server and client
certificates through a proxy server
Posted by Julius Davies <ju...@cucbc.com>.
Hi, Aldo,
Can you try running the "Ping" utility I created inside my "commons-ssl"
proposal?
http://juliusdavies.ca/commons-ssl/
Download "commons-ssl.jar" and then try running:
java -jar commons-ssl.jar
That executes the org.apache.commons.ssl.Ping main method. It will give
you options for specifying a proxy and a client certificate. If the
connection succeeds it will write "HEAD / HTTP/1.1" to the server on the
other end.
If it doesn't work and the "endless handshake" still occurs, then
there's something wrong with Java. Try with a different version of Java
in that case.
yours,
Julius
----------------------------------------------------------------------------
"Ping" Utility Attempts "HEAD / HTTP/1.1" Request:
This utility is very handy because it can get you the server's public
certificate even if your client certificate is bad (so even though the
SSL handshake fails). And unlike "openssl s_client", this utility can
bind against any IP address available.
Usage: java -jar commons-ssl.jar [options]
Options: (*=required)
* -t --target [hostname[:port]] default port=443
-b --bind [hostname[:port]] default port=0 "ANY"
-r --proxy [hostname[:port]] default port=80
-c --client-cert [path to client certificate] *.jks or *.pfx
-p --password [client cert password]
Example:
java -jar commons-ssl.jar -t cucbc.com:443 -c ./client.pfx -p `cat ./pass.txt`
Note: *.pfx == *.p12 - same thing!
On Thu, 2006-03-08 at 18:43 +0530, Adalbert Wysocki wrote:
> Hi all,
>
> I am implementing a module using HTTPClient to perform secure HTTPS
> requests on a server site.
>
> The sever site offers a trusted by CA certificate and the authentication
> of the client on the server is performed using a digest authentication
> method or a client trusted by CA certificate.
>
> When requesting directly using either a client certificate or digest
> password based authentications everything is works fine.
>
> When requesting through a proxy server using digest password based
> authentication everything is works fine.
>
> When requesting through a proxy server using client certificate based
> authentication, the connection blocks on the handshake until the proxy
> server interrupts it reaching its timeout (360 sec...).
>
>
>
> I don't know at all the reason of this behavior except that it seems
> provoked by the client certificate!!!
>
> Here after the ssl negotiation log and the exception:
>
>
>
> Any ideas????
>
> Thanks for your HELP!!!
>
>
>
> Aldo
>
>
>
> -------------Start cp---------------
>
> ***
>
> found key for : testadapter
>
> chain [0] = [
>
> [
>
> Version: V3
>
> Subject: CN=XXX.com, OU=EAI, O=XXX Ltd, L=XXX, ST=XXX, C=CN
>
> Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
>
>
>
> Key: SunJSSE RSA public key:
>
> public exponent:
>
> 010001
>
> modulus:
>
> d2892103 c4a57723 e2817b08 fc5d1b09 f81d3e52 bd7fab19 1520381a
> d79d01b4
>
> 54aaeb1e 0ae46836 9f0f85d8 3c2299f3 a6f06fec c1fd7fdd 30ceb2e9
> 92b693d2
>
> 628a4341 1e5a7210 cec3209f 91161c60 a6c63994 0f096b86 9e48431d
> b1976f31
>
> 74c320a3 68567347 f3c744e2 090aec5a 203a9c3e 4eae6fb7 0b75e35e
> 8f956c41
>
> Validity: [From: Tue Feb 28 02:29:28 IST 2006,
>
> To: Wed Feb 28 02:56:28 IST 2007]
>
> Issuer: CN=Entrust.net Secure Server Certification Authority, OU=(c)
> 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits
> liab.), O=Entrust.net, C=US
>
> SerialNumber: [ 42863b9c]
>
>
>
> Certificate Extensions: 10
>
> [1]: ObjectId: 2.5.29.23 Criticality=false
>
> AuthorityKeyIdentifier [
>
> KeyIdentifier [
>
> 0000: F0 17 62 13 55 3D B3 FF 0A 00 6B FB 50 84 97 F3
> ..b.U=....k.P...
>
> 0010: ED 62 D0 1A .b..
>
> ]
>
>
>
> ]
>
>
>
> [2]: ObjectId: 1.2.840.113533.7.65.0 Criticality=false
>
> Extension unknown: DER encoded OCTET string =
>
> 0000: 04 0C 30 0A 1B 04 56 37 2E 31 03 02 03 28 ..0...V7.1...(
>
>
>
>
>
> [3]: ObjectId: 2.5.29.14 Criticality=false
>
> SubjectKeyIdentifier [
>
> KeyIdentifier [
>
> 0000: 6F B6 E1 43 AB E2 EF 41 6F 70 CA A5 78 04 E8 E4
> o..C...Aop..x...
>
> 0010: CD CF EA 0C ....
>
> ]
>
> ]
>
>
>
> [4]: ObjectId: 2.5.29.14 Criticality=false
>
> PrivateKeyUsage: [
>
> From: Tue Feb 28 02:20:28 IST 2006, To: Wed Feb 28 02:56:28 IST 2007]
>
>
>
> [5]: ObjectId: 2.5.29.32 Criticality=false
>
> CertificatePolicies [
>
> [CertificatePolicyId: [1.2.840.113533.7.75.2]
>
> [PolicyQualifierInfo: [
>
> qualifierID: 1.3.6.1.5.5.7.2.1
>
> qualifier: 0000: 16 1A 68 74 7A 70 3F 2F 2F 77 77 77 2E 65 6E 74
> ..http://www.ent
>
> 0010: 72 75 73 74 2E 6E 65 74 2F 63 70 73 rust.net/cps
>
>
>
> ], PolicyQualifierInfo: [
>
> qualifierID: 1.3.6.1.5.5.7.2.2
>
> qualifier: 0000: 30 82 01 0E 1A 82 01 0A 54 68 65 20 45 6E 74 72
> 0.......The Entr
>
> 0010: 75 73 74 30 53 53 4C 20 57 65 62 20 53 65 72 76 ust SSL Web
> Serv
>
> 0020: 65 72 20 43 65 72 74 69 66 69 63 61 74 69 6F 6E er
> Certification
>
> 0030: 20 50 72 61 63 74 65 63 65 20 53 74 61 74 65 6D Practice
> Statem
>
> 0040: 65 6E 74 20 28 43 20 53 29 20 61 76 61 69 6C 61 ent (CPS)
> availa
>
> 0050: 62 6C 65 20 61 74 20 77 77 77 2E 65 6E 74 72 75 ble at
> www.entru
>
> 0060: 73 74 2E 6E 65 74 2F 63 70 73 20 77 69 73 20 68 st.net/cps is
> h
>
> 0070: 65 72 65 62 79 20 69 6E 63 6F 72 70 6F 72 61 74 ereby
> incorporat
>
> 0080: 65 64 20 69 6E 74 6F 20 79 6F 75 72 20 75 73 65 ed into your
> use
>
> 0090: 20 6F 72 20 72 65 6C 69 61 6E 63 65 20 6F 6E 20 or reliance on
>
>
> 00A0: 74 68 69 73 20 43 65 72 74 69 66 69 63 61 74 65 this
> Certificate
>
> 00B0: 2E 20 20 54 68 69 73 20 43 50 53 20 63 6F 6E 74 . This CPS
> cont
>
> 00C0: 61 69 6E 73 20 6C 69 6D 69 74 61 74 69 6F 6E 73 ains
> limitations
>
> 00D0: 20 6F 6E 20 77 61 72 72 61 6E 74 69 65 73 20 61 on warranties
> a
>
> 00E0: 6E 64 20 6C 69 61 62 69 6C 69 74 69 65 73 2E 20 nd liabilities.
>
>
> 00F0: 43 6F 70 99 72 69 67 68 74 20 28 63 29 20 32 30 Copyright (c)
> 20
>
> 0100: 30 32 20 45 6E 74 72 75 73 74 20 4C 69 6D 69 74 02 Entrust
> Limit
>
> 0110: 65 64 ed
>
>
>
> ]] ]
>
> ]
>
>
>
> [6]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
>
> NetscapeCertType [
>
> SSL client
>
> SSL server
>
> ]
>
>
>
> [7]: ObjectId: 2.5.29.19 Criticality=false
>
> BasicConstraints:[
>
> CA:false
>
> PathLen: undefined
>
> ]
>
>
>
> [8]: ObjectId: 2.5.29.37 Criticality=false
>
> ExtendedKeyUsages [
>
> [1.3.6.1.5.5.7.3.1, 1.3.6.1.5.5.7.3.2]]
>
>
>
> [9]: ObjectId: 2.5.29.31 Criticality=false
>
> CRLDistributionPoints [
>
> [DistributionPoint:
>
> [URIName: http://crl.entrust.net/server1.crl]
>
> , DistributionPoint:
>
> [CN=CRL96, CN=Entrust.net Secure Server Certification Authority,
> OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref.
> (limits liab.), O=Entrust.net, C=US]
>
> ]]
>
>
>
> [10]: ObjectId: 2.5.29.15 Criticality=false
>
> KeyUsage [
>
> DigitalSignature
>
> Key_Encipherment
>
> ]
>
>
>
> ]
>
> Algorithm: [SHA1withRSA]
>
> Signature:
>
> 0000: 27 9F 50 5A 7A 40 CF 98 78 46 B6 29 5B E6 0C 27
> '.PZz@..xF.)[..'
>
> 0010: C8 38 35 89 97 BB 36 F0 42 E2 1C FD 33 DA E3 53
> .85...6.B...3..S
>
> 0020: FE 14 A3 80 E2 EC 69 F3 65 BA B7 7A A9 1B 4F 4C
> ......i.e..z..OL
>
> 0030: 63 2C 99 0E 46 5A 37 DD E3 0E 60 7E C9 74 49 51
> c,..FZ7...`..tIQ
>
> 0040: 75 23 81 DD 43 F4 E5 B1 FD F4 E6 3F CB 57 B5 35
> u#..C......?.W.5
>
> 0050: 70 9A 14 DB 04 DA 4B F3 3B 5B 19 89 CD 48 1B 5A
> p.....K.;[...H.Z
>
> 0060: DB D3 05 20 0A 64 91 0A 74 65 67 6C 81 2B E0 CD ...
> .d..tegl.+..
>
> 0070: 1A 51 9F 1A E3 51 20 E8 51 52 89 DA 33 FD 68 6D .Q...Q
> .QR..3.hm
>
>
>
> ]
>
> chain [1] = [
>
> [
>
> Version: V3
>
> Subject: CN=Entrust.net Secure Server Certification Authority, OU=(c)
> 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits
> liab.), O=Entrust.net, C=US
>
> Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
>
>
>
> Key: SunJSSE RSA public key:
>
> public exponent:
>
> 03
>
> modulus:
>
> cd288334 541b89f3 0faf3791 31ffaf31 60c9a8e8 b21068ed 9fe79336
> f10a64bb
>
> 47f50417 3f23474d c5271981 260c5472 0d882dd9 1f9a129f bcb371d3
> 80193f47
>
> 667b8c35 28d2b90a df24da9c d6507981 7a5ad337 f7c24ad8 29922664
> d1e4986c
>
> 3a008af5 349b65f8 ede310ff fdb84958 dca0de82 396b81b1 161961b9
> 54b6e643
>
> Validity: [From: Tue May 25 21:39:40 IST 1999,
>
> To: Sat May 25 22:09:40 IST 2019]
>
> Issuer: CN=Entrust.net Secure Server Certification Authority, OU=(c)
> 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits
> liab.), O=Entrust.net, C=US
>
> SerialNumber: [ 374ad243]
>
>
>
> Certificate Extensions: 8
>
> [1]: ObjectId: 1.2.840.113533.7.65.0 Criticality=false
>
> Extension unknown: DER encoded OCTET string =
>
> 0000: 04 0C 30 0A 1B 04 56 34 2E 30 03 02 04 90 ..0...V4.0....
>
>
>
>
>
> [2]: ObjectId: 2.5.29.14 Criticality=false
>
> SubjectKeyIdentifier [
>
> KeyIdentifier [
>
> 0000: F0 17 62 13 55 3D B3 FF 0A 00 6B FB 50 84 97 F3
> ..b.U=....k.P...
>
> 0010: ED 62 D0 1A .b..
>
> ]
>
> ]
>
>
>
> [3]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
>
> NetscapeCertType [
>
> SSL CA
>
> S/MIME CA
>
> Object Signing CA]
>
>
>
> [4]: ObjectId: 2.5.29.35 Criticality=false
>
> AuthorityKeyIdentifier [
>
> KeyIdentifier [
>
> 0000: F0 17 62 13 55 3D B3 FF 0A 00 6B FB 50 84 97 F3
> ..b.U=....k.P...
>
> 0010: ED 62 D0 1A .b..
>
> ]
>
>
>
> ]
>
>
>
> [5]: ObjectId: 2.5.29.31 Criticality=false
>
> CRLDistributionPoints [
>
> [DistributionPoint:
>
> [CN=CRL1, CN=Entrust.net Secure Server Certification Authority,
> OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref.
> (limits liab.), O=Entrust.net, C=US]
>
> , DistributionPoint:
>
> [URIName: http://www.entrust.net/CRL/net1.crl]
>
> ]]
>
>
>
> [6]: ObjectId: 2.5.29.15 Criticality=false
>
> KeyUsage [
>
> Key_CertSign
>
> Crl_Sign
>
> ]
>
>
>
> [7]: ObjectId: 2.5.29.16 Criticality=false
>
> PrivateKeyUsage: [
>
> From: Tue May 25 21:39:40 IST 1999, To: Sat May 25 21:39:40 IST 2019]
>
>
>
> [8]: ObjectId: 2.5.29.19 Criticality=false
>
> BasicConstraints:[
>
> CA:true
>
> PathLen:2147483647
>
> ]
>
>
>
> ]
>
> Algorithm: [SHA1withRSA]
>
> Signature:
>
> 0000: 90 DC 30 02 FA 64 74 C2 A7 0A A5 7C 21 8D 34 17
> ..0..dt.....!.4.
>
> 0010: A8 FB 47 0E FF 25 7C 8D 13 0A FB E4 98 B5 EF 8C
> ..G..%..........
>
> 0020: F8 C5 10 0D F7 92 BE F1 C3 D5 D5 95 6A 04 BB 2C
> ............j..,
>
> 0030: CE 26 36 65 C8 31 C6 E7 EE 3F E3 57 75 84 7A 11
> .&6e.1...?.Wu.z.
>
> 0040: EF 46 4F 18 F4 D3 98 BB A8 87 32 BA 72 F6 3C E2
> .FO.......2.r.<.
>
> 0050: 3D 9F D7 1D D9 C3 60 43 8C 58 0E 22 96 2F 62 A3
> =.....`C.X."./b.
>
> 0060: 2C 1F BA AD 05 EF AB 32 78 87 A0 54 73 19 B5 5C
> ,......2x..Ts..\
>
> 0070: 05 F9 52 3E 6D 2D 45 0B F7 0A 93 EA ED 06 F9 B2
> ..R>m-E.........
>
>
>
> ]
>
> ***
>
> trustStore is: C:\devtools\jdk1.4.2_02\jre\lib\security\cacerts
>
> trustStore type is : jks
>
> init truststore
>
> adding as trusted cert:
>
> Subject: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium
> Server CA, OU=Certification Services Division, O=Thawte Consulting cc,
> L=Cape Town, ST=Western Cape, C=ZA
>
> Issuer: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium
> Server CA, OU=Certification Services Division, O=Thawte Consulting cc,
> L=Cape Town, ST=Western Cape, C=ZA
>
> Algorithm: RSA; Serial number: 0x1
>
> Valid from Thu Aug 01 05:30:00 IST 1996 until Fri Jan 01 05:29:59 IST
> 2021
>
>
>
> adding as trusted cert:
>
> Subject: OU=Secure Server Certification Authority, O="RSA Data
> Security, Inc.", C=US
>
> Issuer: OU=Secure Server Certification Authority, O="RSA Data
> Security, Inc.", C=US
>
> Algorithm: RSA; Serial number: 0x2ad667e4e45fe5e576f3c98195eddc0
>
> Valid from Wed Nov 09 05:30:00 IST 1994 until Fri Jan 08 05:29:59 IST
> 2010
>
>
>
> adding as trusted cert:
>
> Subject: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust,
> O=Baltimore, C=IE
>
> Issuer: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust,
> O=Baltimore, C=IE
>
> Algorithm: RSA; Serial number: 0x20000bf
>
> Valid from Wed May 17 19:31:00 IST 2000 until Sun May 18 05:29:00 IST
> 2025
>
>
>
> adding as trusted cert:
>
> Subject: CN=Entrust.net Secure Server Certification Authority, OU=(c)
> 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits
> liab.), O=Entrust.net, C=US
>
> Issuer: CN=Entrust.net Secure Server Certification Authority, OU=(c)
> 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits
> liab.), O=Entrust.net, C=US
>
> Algorithm: RSA; Serial number: 0x374ad243
>
> Valid from Tue May 25 21:39:40 IST 1999 until Sat May 25 22:09:40 IST
> 2019
>
>
>
> adding as trusted cert:
>
> Subject: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore,
> C=IE
>
> Issuer: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore,
> C=IE
>
> Algorithm: RSA; Serial number: 0x20000b9
>
> Valid from Sat May 13 00:16:00 IST 2000 until Tue May 13 05:29:00 IST
> 2025
>
>
>
> adding as trusted cert:
>
> Subject: CN=Entrust.net Client Certification Authority, OU=(c) 1999
> Entrust.net Limited, OU=www.entrust.net/Client_CA_Info/CPS incorp. by
> ref. limits liab., O=Entrust.net, C=US
>
> Issuer: CN=Entrust.net Client Certification Authority, OU=(c) 1999
> Entrust.net Limited, OU=www.entrust.net/Client_CA_Info/CPS incorp. by
> ref. limits liab., O=Entrust.net, C=US
>
> Algorithm: RSA; Serial number: 0x380391ee
>
> Valid from Wed Oct 13 00:54:30 IST 1999 until Sun Oct 13 01:24:30 IST
> 2019
>
>
>
> adding as trusted cert:
>
> Subject: CN=Entrust.net Client Certification Authority, OU=(c) 2000
> Entrust.net Limited, OU=www.entrust.net/GCCA_CPS incorp. by ref. (limits
> liab.), O=Entrust.net
>
> Issuer: CN=Entrust.net Client Certification Authority, OU=(c) 2000
> Entrust.net Limited, OU=www.entrust.net/GCCA_CPS incorp. by ref. (limits
> liab.), O=Entrust.net
>
> Algorithm: RSA; Serial number: 0x389ef6e4
>
> Valid from Mon Feb 07 21:46:40 IST 2000 until Fri Feb 07 22:16:40 IST
> 2020
>
>
>
> adding as trusted cert:
>
> Subject: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions,
> Inc.", O=GTE Corporation, C=US
>
> Issuer: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions,
> Inc.", O=GTE Corporation, C=US
>
> Algorithm: RSA; Serial number: 0x1a5
>
> Valid from Thu Aug 13 05:59:00 IST 1998 until Tue Aug 14 05:29:00 IST
> 2018
>
>
>
> adding as trusted cert:
>
> Subject: EMAILADDRESS=server-certs@thawte.com, CN=Thawte Server CA,
> OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town,
> ST=Western Cape, C=ZA
>
> Issuer: EMAILADDRESS=server-certs@thawte.com, CN=Thawte Server CA,
> OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town,
> ST=Western Cape, C=ZA
>
> Algorithm: RSA; Serial number: 0x1
>
> Valid from Thu Aug 01 05:30:00 IST 1996 until Fri Jan 01 05:29:59 IST
> 2021
>
>
>
> adding as trusted cert:
>
> Subject: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
>
> Issuer: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
>
> Algorithm: RSA; Serial number: 0x23456
>
> Valid from Tue May 21 09:30:00 IST 2002 until Sat May 21 09:30:00 IST
> 2022
>
>
>
> adding as trusted cert:
>
> Subject: CN=Entrust.net Certification Authority (2048), OU=(c) 1999
> Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits
> liab.), O=Entrust.net
>
> Issuer: CN=Entrust.net Certification Authority (2048), OU=(c) 1999
> Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits
> liab.), O=Entrust.net
>
> Algorithm: RSA; Serial number: 0x3863b966
>
> Valid from Fri Dec 24 23:20:51 IST 1999 until Tue Dec 24 23:50:51 IST
> 2019
>
>
>
> adding as trusted cert:
>
> Subject: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure
> Inc., C=US
>
> Issuer: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure
> Inc., C=US
>
> Algorithm: RSA; Serial number: 0x1
>
> Valid from Mon Jun 21 09:30:00 IST 1999 until Sun Jun 21 09:30:00 IST
> 2020
>
>
>
> adding as trusted cert:
>
> Subject: EMAILADDRESS=personal-basic@thawte.com, CN=Thawte Personal
> Basic CA, OU=Certification Services Division, O=Thawte Consulting,
> L=Cape Town, ST=Western Cape, C=ZA
>
> Issuer: EMAILADDRESS=personal-basic@thawte.com, CN=Thawte Personal
> Basic CA, OU=Certification Services Division, O=Thawte Consulting,
> L=Cape Town, ST=Western Cape, C=ZA
>
> Algorithm: RSA; Serial number: 0x0
>
> Valid from Mon Jan 01 05:30:00 IST 1996 until Fri Jan 01 05:29:59 IST
> 2021
>
>
>
> adding as trusted cert:
>
> Subject: OU=Equifax Secure eBusiness CA-2, O=Equifax Secure, C=US
>
> Issuer: OU=Equifax Secure eBusiness CA-2, O=Equifax Secure, C=US
>
> Algorithm: RSA; Serial number: 0x3770cfb5
>
> Valid from Wed Jun 23 17:44:45 IST 1999 until Sun Jun 23 17:44:45 IST
> 2019
>
>
>
> adding as trusted cert:
>
> Subject: OU=Class 1 Public Primary Certification Authority,
> O="VeriSign, Inc.", C=US
>
> Issuer: OU=Class 1 Public Primary Certification Authority,
> O="VeriSign, Inc.", C=US
>
> Algorithm: RSA; Serial number: 0x325033cf50d156f35c81ad655c4fc825
>
> Valid from Mon Jan 29 05:30:00 IST 1996 until Wed Jan 08 05:29:59 IST
> 2020
>
>
>
> adding as trusted cert:
>
> Subject: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
>
> Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
>
> Algorithm: RSA; Serial number: 0x35def4cf
>
> Valid from Sat Aug 22 22:11:51 IST 1998 until Wed Aug 22 22:11:51 IST
> 2018
>
>
>
> adding as trusted cert:
>
> Subject: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US
>
> Issuer: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US
>
> Algorithm: RSA; Serial number: 0x4
>
> Valid from Mon Jun 21 09:30:00 IST 1999 until Sun Jun 21 09:30:00 IST
> 2020
>
>
>
> adding as trusted cert:
>
> Subject: EMAILADDRESS=personal-freemail@thawte.com, CN=Thawte Personal
> Freemail CA, OU=Certification Services Division, O=Thawte Consulting,
> L=Cape Town, ST=Western Cape, C=ZA
>
> Issuer: EMAILADDRESS=personal-freemail@thawte.com, CN=Thawte Personal
> Freemail CA, OU=Certification Services Division, O=Thawte Consulting,
> L=Cape Town, ST=Western Cape, C=ZA
>
> Algorithm: RSA; Serial number: 0x0
>
> Valid from Mon Jan 01 05:30:00 IST 1996 until Fri Jan 01 05:29:59 IST
> 2021
>
>
>
> adding as trusted cert:
>
> Subject: EMAILADDRESS=personal-premium@thawte.com, CN=Thawte Personal
> Premium CA, OU=Certification Services Division, O=Thawte Consulting,
> L=Cape Town, ST=Western Cape, C=ZA
>
> Issuer: EMAILADDRESS=personal-premium@thawte.com, CN=Thawte Personal
> Premium CA, OU=Certification Services Division, O=Thawte Consulting,
> L=Cape Town, ST=Western Cape, C=ZA
>
> Algorithm: RSA; Serial number: 0x0
>
> Valid from Mon Jan 01 05:30:00 IST 1996 until Fri Jan 01 05:29:59 IST
> 2021
>
>
>
> adding as trusted cert:
>
> Subject: CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions,
> Inc.", O=GTE Corporation, C=US
>
> Issuer: CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions,
> Inc.", O=GTE Corporation, C=US
>
> Algorithm: RSA; Serial number: 0x1b6
>
> Valid from Fri Aug 14 20:20:00 IST 1998 until Thu Aug 15 05:29:00 IST
> 2013
>
>
>
> adding as trusted cert:
>
> Subject: CN=Entrust.net Secure Server Certification Authority, OU=(c)
> 2000 Entrust.net Limited, OU=www.entrust.net/SSL_CPS incorp. by ref.
> (limits liab.), O=Entrust.net
>
> Issuer: CN=Entrust.net Secure Server Certification Authority, OU=(c)
> 2000 Entrust.net Limited, OU=www.entrust.net/SSL_CPS incorp. by ref.
> (limits liab.), O=Entrust.net
>
> Algorithm: RSA; Serial number: 0x389b113c
>
> Valid from Fri Feb 04 22:50:00 IST 2000 until Tue Feb 04 23:20:00 IST
> 2020
>
>
>
> trigger seeding of SecureRandom
>
> done seeding SecureRandom
>
> setSoTimeout(0) called
>
> setSoTimeout(0) called
>
> %% No cached client session
>
> *** ClientHello, TLSv1
>
> RandomCookie: GMT: 1137760405 bytes = { 108, 80, 166, 213, 128, 139,
> 59, 115, 186, 225, 216, 239, 227, 158, 37, 255, 67, 12, 237, 57, 159,
> 165, 129, 33, 130, 246, 214, 76 }
>
> Session ID: {}
>
> Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA,
> TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
> TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
> SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
> SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA,
> SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5,
> SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,
> SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
> SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
>
> Compression Methods: { 0 }
>
> ***
>
> main, WRITE: TLSv1 Handshake, length = 73
>
> main, WRITE: SSLv2 client hello message, length = 98
>
> main, received EOFException: error
>
> com.testpckg.TestClassException: Cannot connect to the target server
>
> main, handling exception: javax.net.ssl.SSLHandshakeException: Remote
> host closed connection during handshake
>
> main, SEND TLSv1 ALERT: fatal, description = handshake_failure
>
> main, WRITE: TLSv1 Alert, length = 2
>
> main, called closeSocket()
>
> main, called close()
>
> main, called closeInternal(true)
>
> main, called close()
>
> main, called closeInternal(true)
>
> main, called close()
>
> main, called closeInternal(true)
>
>
>
>
>
--
Julius Davies
Senior Application Developer, Technology Services
Credit Union Central of British Columbia
http://www.cucbc.com/
Tel: 604-730-6385
Cel: 604-868-7571
Fax: 604-737-5910
1441 Creekside Drive
Vancouver, BC
Canada
V6J 4S7
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org