Trying to establish SSL connection - Fails in handshake

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

Trying to establish SSL connection - Fails in handshake

Siman Tov Gal

Hi

 

I am trying to establish a SSL handshake with my Grizzly server and an openssl client.

 

I’ve  configured the SSLEngineConfigurator with the following setup:

 

              sslContextConfig.setKeyStoreFile(keyStoreLocation);

              sslContextConfig.setKeyStorePass(keyStorePassword);

             

              // Create SSLEngine configurator

              SSLEngineConfigurator sslEngineConfigurator = new SSLEngineConfigurator(sslContextConfig.createSSLContext(),false,false,false);

              SSLSocketFactory sf = sslEngineConfigurator.getSslContext().getSocketFactory();         

             

              String[] supportedProtocols = {"TLSv1","SSLv3","TLSv1.1","TLSv1.2","SSLv2Hello"};

              sslEngineConfigurator.setEnabledProtocols(supportedProtocols);

              sslEngineConfigurator.setProtocolConfigured(true);

              String[] cipherSuites = sf.getSupportedCipherSuites();

              sslEngineConfigurator.setEnabledCipherSuites(cipherSuites);

              sslEngineConfigurator.setCipherConfigured(true);

              sslEngineConfigurator.setNeedClientAuth(false);

              sslEngineConfigurator.setWantClientAuth(false);

 

When debugging the handshake code, the point of failure was in the SSLBaseFilter:doHandshakeStep() method.

When entering the case of NEED_UNWRAP, the handshake failed due to the fact that the inputBuffer was set to null.

 

The openssl client send the following command :

 

openssl.exe s_client -debug -msg -connect localhost:50443

 

I am getting the following response :

 

8392:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:.\ssl\s23_clnt.c:601

 

Thanks in advance

 

Gal S.T

 

P.S:  I open the SSL debug info (using : -Djavax.net.debug=all)

 

Here is the output :

 

chain [0] = [

[

  Version: V3

  Subject: CN=mist mist, OU=VI, O=Comverse, L=Raanana, ST=Israel, C=IL

  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

 

  Key:  Sun RSA public key, 2048 bits

  modulus: 24414085473144772337919323012074107190618816754963514243080255494571539528736844619038076143491962690817977116723664346553272438908433680538048087195422831263971167306175278902944331875961609798287166241724881538546675318900905485132685167634098012392607384655817306725746127194856379390873270494744745754705873786404248972196545665264863541650881792842260766824580673229124863089563730094213195521617379221251195145200022967368062802615057847357727486054056179317815221853820588458878995885198226082418443238912098038011785005029767939039988128318928941102946178680941872945325579621419106798984545238312478653261279

  public exponent: 65537

  Validity: [From: Thu Jan 15 15:47:10 IST 2015,

               To: Wed Aug 10 16:47:10 IDT 2044]

  Issuer: CN=mist mist, OU=VI, O=Comverse, L=Raanana, ST=Israel, C=IL

  SerialNumber: [    5606fc55]

 

Certificate Extensions: 1

[1]: ObjectId: 2.5.29.14 Criticality=false

SubjectKeyIdentifier [

KeyIdentifier [

0000: 27 D1 11 CB 8B AF EB 5E   D8 67 A5 58 88 CE 39 72  '......^.g.X..9r

0010: 74 DA 48 65                                        t.He

]

]

 

]

  Algorithm: [SHA1withRSA]

  Signature:

0000: 56 82 F0 A4 A6 56 A8 F8   37 3D E6 A5 1F 87 E3 9D  V....V..7=......

0010: 45 33 C6 C6 DB 5E A5 46   C7 EB 6D 12 FD 12 38 F3  E3...^.F..m...8.

0020: 0F 80 99 A6 B7 1D 1F 84   22 5E E6 B8 FA DE 7F 68  ........"^.....h

0030: 7B 0D D0 24 53 D0 DA CB   13 F3 38 E3 EA 3B 69 C1  ...$S.....8..;i.

0040: 1E 6B BB AA 32 4F CF AF   42 91 52 C5 07 49 99 AB  .k..2O..B.R..I..

0050: C5 48 29 64 17 2A 23 AF   74 B0 2C 90 01 C1 7E BE  .H)d.*#.t.,.....

0060: 37 ED DC 2E F3 59 E7 6C   0B B0 6B DF 20 5C 61 24  7....Y.l..k. \a$

0070: FB BA EB 4E 35 BD 6A AE   DB 98 59 27 D4 C1 6D 81  ...N5.j...Y'..m.

0080: 50 8A 7B 45 9C ED 73 20   74 78 6E 45 44 54 E3 3E  P..E..s txnEDT.>

0090: B8 B6 86 98 EE 3D 65 36   D8 F2 96 67 9B BD DC DE  .....=e6...g....

00A0: CF 6B 12 51 2F D3 5E B6   E4 87 9C E5 2C 91 E6 70  .k.Q/.^.....,..p

00B0: F4 2F 19 A0 08 19 BF BF   0B 25 87 16 AE 98 76 94  ./.......%....v.

00C0: 22 DD 36 99 0A FB 41 53   0D 46 C6 18 33 36 A7 4F  ".6...AS.F..36.O

00D0: DF 45 71 46 3B 02 DA 55   58 E8 65 9F 70 E6 E1 F9  .EqF;..UX.e.p...

00E0: 6D A3 B9 6D 56 01 F8 B8   E1 A0 47 E5 76 EA 25 BE  m..mV.....G.v.%.

00F0: 6B 64 1A AA 04 1D A2 61   D9 CB 3F 2C 06 FC 24 37  kd.....a..?,..$7

 

]

***

trustStore is: C:\jdk1.7.0_72\jre\lib\security\cacerts

trustStore type is : jks

trustStore provider is :

init truststore

adding as trusted cert:

  Subject: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH

  Issuer:  CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH

  Algorithm: RSA; Serial number: 0x4eb200670c035d4f

  Valid from Wed Oct 25 10:36:00 IST 2006 until Sat Oct 25 11:36:00 IDT 2036

 

adding as trusted cert:

  Subject: EMAILADDRESS=[hidden email], CN=http://www.valicert.com/, OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network

  Issuer:  EMAILADDRESS=[hidden email], CN=http://www.valicert.com/, OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network

  Algorithm: RSA; Serial number: 0x1

  Valid from Sat Jun 26 01:23:48 IDT 1999 until Wed Jun 26 01:23:48 IDT 2019

 

trigger seeding of SecureRandom

done seeding SecureRandom

Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_ECDH_anon_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA

***** MIST started in 10092 ms *****

Using SSLEngineImpl.

Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA

Allow unsafe renegotiation: false

Allow legacy hello messages: true

Is initial handshake: true

Is secure renegotiation: false

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1

%% No cached client session

*** ClientHello, TLSv1.2

RandomCookie:  GMT: 1404790585 bytes = { 174, 154, 88, 222, 218, 55, 81, 20, 22, 53, 136, 174, 20, 168, 180, 225, 117, 54, 216, 158, 183, 119, 118, 16, 236, 221, 24, 251 }

Session ID:  {}

Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, TLS_DH_anon_WITH_AES_128_CBC_SHA256, TLS_ECDH_anon_WITH_AES_128_CBC_SHA, TLS_DH_anon_WITH_AES_128_CBC_SHA, TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA, SSL_DH_anon_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_anon_WITH_RC4_128_SHA, SSL_DH_anon_WITH_RC4_128_MD5, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_DH_anon_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_DH_anon_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA, TLS_RSA_WITH_NULL_SHA256, TLS_ECDHE_ECDSA_WITH_NULL_SHA, TLS_ECDHE_RSA_WITH_NULL_SHA, SSL_RSA_WITH_NULL_SHA, TLS_ECDH_ECDSA_WITH_NULL_SHA, TLS_ECDH_RSA_WITH_NULL_SHA, TLS_ECDH_anon_WITH_NULL_SHA, SSL_RSA_WITH_NULL_MD5, TLS_KRB5_WITH_3DES_EDE_CBC_SHA, TLS_KRB5_WITH_3DES_EDE_CBC_MD5, TLS_KRB5_WITH_RC4_128_SHA, TLS_KRB5_WITH_RC4_128_MD5, TLS_KRB5_WITH_DES_CBC_SHA, TLS_KRB5_WITH_DES_CBC_MD5, TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5, TLS_KRB5_EXPORT_WITH_RC4_40_SHA, TLS_KRB5_EXPORT_WITH_RC4_40_MD5]

Compression Methods:  { 0 }

Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}

Extension ec_point_formats, formats: [uncompressed]

Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA

***

[write] MD5 and SHA1 hashes:  len = 263

0000: 01 00 01 03 03 03 54 BB   67 39 AE 9A 58 DE DA 37  ......T.g9..X..7

0010: 51 14 16 35 88 AE 14 A8   B4 E1 75 36 D8 9E B7 77  Q..5......u6...w

0020: 76 10 EC DD 18 FB 00 00   7E C0 23 C0 27 00 3C C0  v.........#.'.<.

0030: 25 C0 29 00 67 00 40 C0   09 C0 13 00 2F C0 04 C0  %.).g.@...../...

0040: 0E 00 33 00 32 C0 08 C0   12 00 0A C0 03 C0 0D 00  ..3.2...........

0050: 16 00 13 C0 07 C0 11 00   05 C0 02 C0 0C 00 04 00  ................

0060: FF 00 6C C0 18 00 34 C0   17 00 1B C0 16 00 18 00  ..l...4.........

0070: 09 00 15 00 12 00 1A 00   03 00 17 00 08 00 14 00  ................

0080: 11 00 19 00 3B C0 06 C0   10 00 02 C0 01 C0 0B C0  ....;...........

0090: 15 00 01 00 1F 00 23 00   20 00 24 00 1E 00 22 00  ......#. .$...".

00A0: 26 00 29 00 28 00 2B 01   00 00 5C 00 0A 00 34 00  &.).(.+...\...4.

00B0: 32 00 17 00 01 00 03 00   13 00 15 00 06 00 07 00  2...............

00C0: 09 00 0A 00 18 00 0B 00   0C 00 19 00 0D 00 0E 00  ................

00D0: 0F 00 10 00 11 00 02 00   12 00 04 00 05 00 14 00  ................

00E0: 08 00 16 00 0B 00 02 01   00 00 0D 00 1A 00 18 06  ................

00F0: 03 06 01 05 03 05 01 04   03 04 01 03 03 03 01 02  ................

0100: 03 02 01 02 02 01 01                               .......

StartPoint-IMAP-SSL-Kernel(3) SelectorRunner, WRITE: TLSv1.2 Handshake, length = 263

[write] MD5 and SHA1 hashes:  len = 257

0000: 01 03 03 00 D8 00 00 00   20 00 C0 23 00 C0 27 00  ........ ..#..'.

0010: 00 3C 00 C0 25 00 C0 29   00 00 67 00 00 40 00 C0  .<..%..)..g..@..

0020: 09 06 00 40 00 C0 13 00   00 2F 00 C0 04 01 00 80  ...@...../......

0030: 00 C0 0E 00 00 33 00 00   32 00 C0 08 00 C0 12 00  .....3..2.......

0040: 00 0A 07 00 C0 00 C0 03   02 00 80 00 C0 0D 00 00  ................

0050: 16 00 00 13 00 C0 07 05   00 80 00 C0 11 00 00 05  ................

0060: 00 C0 02 00 C0 0C 00 00   04 01 00 80 00 00 FF 00  ................

0070: 00 6C 00 C0 18 00 00 34   00 C0 17 00 00 1B 00 C0  .l.....4........

0080: 16 00 00 18 00 00 09 06   00 40 00 00 15 00 00 12  .........@......

0090: 00 00 1A 00 00 03 02 00   80 00 00 17 00 00 08 00  ................

00A0: 00 14 00 00 11 00 00 19   00 00 3B 00 C0 06 04 00  ..........;.....

00B0: 80 00 C0 10 00 00 02 00   C0 01 00 C0 0B 00 C0 15  ................

00C0: 00 00 01 00 00 1F 00 00   23 00 00 20 00 00 24 00  ........#.. ..$.

00D0: 00 1E 00 00 22 00 00 26   00 00 29 00 00 28 00 00  ...."..&..)..(..

00E0: 2B 54 BB 67 39 AE 9A 58   DE DA 37 51 14 16 35 88  +T.g9..X..7Q..5.

00F0: AE 14 A8 B4 E1 75 36 D8   9E B7 77 76 10 EC DD 18  .....u6...wv....

0100: FB                                                 .

StartPoint-IMAP-SSL-Kernel(3) SelectorRunner, WRITE: SSLv2 client hello message, length = 257

[Raw write]: length = 259

0000: 81 01 01 03 03 00 D8 00   00 00 20 00 C0 23 00 C0  .......... ..#..

0010: 27 00 00 3C 00 C0 25 00   C0 29 00 00 67 00 00 40  '..<..%..)..g..@

0020: 00 C0 09 06 00 40 00 C0   13 00 00 2F 00 C0 04 01  .....@...../....

0030: 00 80 00 C0 0E 00 00 33   00 00 32 00 C0 08 00 C0  .......3..2.....

0040: 12 00 00 0A 07 00 C0 00   C0 03 02 00 80 00 C0 0D  ................

0050: 00 00 16 00 00 13 00 C0   07 05 00 80 00 C0 11 00  ................

0060: 00 05 00 C0 02 00 C0 0C   00 00 04 01 00 80 00 00  ................

0070: FF 00 00 6C 00 C0 18 00   00 34 00 C0 17 00 00 1B  ...l.....4......

0080: 00 C0 16 00 00 18 00 00   09 06 00 40 00 00 15 00  ...........@....

0090: 00 12 00 00 1A 00 00 03   02 00 80 00 00 17 00 00  ................

00A0: 08 00 00 14 00 00 11 00   00 19 00 00 3B 00 C0 06  ............;...

00B0: 04 00 80 00 C0 10 00 00   02 00 C0 01 00 C0 0B 00  ................

00C0: C0 15 00 00 01 00 00 1F   00 00 23 00 00 20 00 00  ..........#.. ..

00D0: 24 00 00 1E 00 00 22 00   00 26 00 00 29 00 00 28  $....."..&..)..(

00E0: 00 00 2B 54 BB 67 39 AE   9A 58 DE DA 37 51 14 16  ..+T.g9..X..7Q..

00F0: 35 88 AE 14 A8 B4 E1 75   36 D8 9E B7 77 76 10 EC  5......u6...wv..

0100: DD 18 FB     


“This e-mail message may contain confidential, commercial or privileged information that constitutes proprietary information of Comverse Inc. or its subsidiaries. If you are not the intended recipient of this message, you are hereby notified that any review, use or distribution of this information is absolutely prohibited and we request that you delete all copies and contact us by e-mailing to: [hidden email]. Thank You.”
Reply | Threaded
Open this post in threaded view
|

Re: Trying to establish SSL connection - Fails in handshake

oleksiys
Administrator
Hi,

can you pls. share the test case so we can reproduce the problem?

Thank you.

WBR,
Alexey.

On 18.01.15 00:13, Siman Tov Gal wrote:

Hi

 

I am trying to establish a SSL handshake with my Grizzly server and an openssl client.

 

I’ve  configured the SSLEngineConfigurator with the following setup:

 

              sslContextConfig.setKeyStoreFile(keyStoreLocation);

              sslContextConfig.setKeyStorePass(keyStorePassword);

             

              // Create SSLEngine configurator

              SSLEngineConfigurator sslEngineConfigurator = new SSLEngineConfigurator(sslContextConfig.createSSLContext(),false,false,false);

              SSLSocketFactory sf = sslEngineConfigurator.getSslContext().getSocketFactory();         

             

              String[] supportedProtocols = {"TLSv1","SSLv3","TLSv1.1","TLSv1.2","SSLv2Hello"};

              sslEngineConfigurator.setEnabledProtocols(supportedProtocols);

              sslEngineConfigurator.setProtocolConfigured(true);

              String[] cipherSuites = sf.getSupportedCipherSuites();

              sslEngineConfigurator.setEnabledCipherSuites(cipherSuites);

              sslEngineConfigurator.setCipherConfigured(true);

              sslEngineConfigurator.setNeedClientAuth(false);

              sslEngineConfigurator.setWantClientAuth(false);

 

When debugging the handshake code, the point of failure was in the SSLBaseFilter:doHandshakeStep() method.

When entering the case of NEED_UNWRAP, the handshake failed due to the fact that the inputBuffer was set to null.

 

The openssl client send the following command :

 

openssl.exe s_client -debug -msg -connect localhost:50443

 

I am getting the following response :

 

8392:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:.\ssl\s23_clnt.c:601

 

Thanks in advance

 

Gal S.T

 

P.S:  I open the SSL debug info (using : -Djavax.net.debug=all)

 

Here is the output :

 

chain [0] = [

[

  Version: V3

  Subject: CN=mist mist, OU=VI, O=Comverse, L=Raanana, ST=Israel, C=IL

  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

 

  Key:  Sun RSA public key, 2048 bits

  modulus: 24414085473144772337919323012074107190618816754963514243080255494571539528736844619038076143491962690817977116723664346553272438908433680538048087195422831263971167306175278902944331875961609798287166241724881538546675318900905485132685167634098012392607384655817306725746127194856379390873270494744745754705873786404248972196545665264863541650881792842260766824580673229124863089563730094213195521617379221251195145200022967368062802615057847357727486054056179317815221853820588458878995885198226082418443238912098038011785005029767939039988128318928941102946178680941872945325579621419106798984545238312478653261279

  public exponent: 65537

  Validity: [From: Thu Jan 15 15:47:10 IST 2015,

               To: Wed Aug 10 16:47:10 IDT 2044]

  Issuer: CN=mist mist, OU=VI, O=Comverse, L=Raanana, ST=Israel, C=IL

  SerialNumber: [    5606fc55]

 

Certificate Extensions: 1

[1]: ObjectId: 2.5.29.14 Criticality=false

SubjectKeyIdentifier [

KeyIdentifier [

0000: 27 D1 11 CB 8B AF EB 5E   D8 67 A5 58 88 CE 39 72  '......^.g.X..9r

0010: 74 DA 48 65                                        t.He

]

]

 

]

  Algorithm: [SHA1withRSA]

  Signature:

0000: 56 82 F0 A4 A6 56 A8 F8   37 3D E6 A5 1F 87 E3 9D  V....V..7=......

0010: 45 33 C6 C6 DB 5E A5 46   C7 EB 6D 12 FD 12 38 F3  E3...^.F..m...8.

0020: 0F 80 99 A6 B7 1D 1F 84   22 5E E6 B8 FA DE 7F 68  ........"^.....h

0030: 7B 0D D0 24 53 D0 DA CB   13 F3 38 E3 EA 3B 69 C1  ...$S.....8..;i.

0040: 1E 6B BB AA 32 4F CF AF   42 91 52 C5 07 49 99 AB  .k..2O..B.R..I..

0050: C5 48 29 64 17 2A 23 AF   74 B0 2C 90 01 C1 7E BE  .H)d.*#.t.,.....

0060: 37 ED DC 2E F3 59 E7 6C   0B B0 6B DF 20 5C 61 24  7....Y.l..k. \a$

0070: FB BA EB 4E 35 BD 6A AE   DB 98 59 27 D4 C1 6D 81  ...N5.j...Y'..m.

0080: 50 8A 7B 45 9C ED 73 20   74 78 6E 45 44 54 E3 3E  P..E..s txnEDT.>

0090: B8 B6 86 98 EE 3D 65 36   D8 F2 96 67 9B BD DC DE  .....=e6...g....

00A0: CF 6B 12 51 2F D3 5E B6   E4 87 9C E5 2C 91 E6 70  .k.Q/.^.....,..p

00B0: F4 2F 19 A0 08 19 BF BF   0B 25 87 16 AE 98 76 94  ./.......%....v.

00C0: 22 DD 36 99 0A FB 41 53   0D 46 C6 18 33 36 A7 4F  ".6...AS.F..36.O

00D0: DF 45 71 46 3B 02 DA 55   58 E8 65 9F 70 E6 E1 F9  .EqF;..UX.e.p...

00E0: 6D A3 B9 6D 56 01 F8 B8   E1 A0 47 E5 76 EA 25 BE  m..mV.....G.v.%.

00F0: 6B 64 1A AA 04 1D A2 61   D9 CB 3F 2C 06 FC 24 37  kd.....a..?,..$7

 

]

***

trustStore is: C:\jdk1.7.0_72\jre\lib\security\cacerts

trustStore type is : jks

trustStore provider is :

init truststore

adding as trusted cert:

  Subject: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH

  Issuer:  CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH

  Algorithm: RSA; Serial number: 0x4eb200670c035d4f

  Valid from Wed Oct 25 10:36:00 IST 2006 until Sat Oct 25 11:36:00 IDT 2036

 

adding as trusted cert:

  Subject: [hidden email], CN=http://www.valicert.com/, OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network

  Issuer:  [hidden email], CN=http://www.valicert.com/, OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network

  Algorithm: RSA; Serial number: 0x1

  Valid from Sat Jun 26 01:23:48 IDT 1999 until Wed Jun 26 01:23:48 IDT 2019

 

trigger seeding of SecureRandom

done seeding SecureRandom

Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_ECDH_anon_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA

***** MIST started in 10092 ms *****

Using SSLEngineImpl.

Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA

Allow unsafe renegotiation: false

Allow legacy hello messages: true

Is initial handshake: true

Is secure renegotiation: false

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1

%% No cached client session

*** ClientHello, TLSv1.2

RandomCookie:  GMT: 1404790585 bytes = { 174, 154, 88, 222, 218, 55, 81, 20, 22, 53, 136, 174, 20, 168, 180, 225, 117, 54, 216, 158, 183, 119, 118, 16, 236, 221, 24, 251 }

Session ID:  {}

Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, TLS_DH_anon_WITH_AES_128_CBC_SHA256, TLS_ECDH_anon_WITH_AES_128_CBC_SHA, TLS_DH_anon_WITH_AES_128_CBC_SHA, TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA, SSL_DH_anon_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_anon_WITH_RC4_128_SHA, SSL_DH_anon_WITH_RC4_128_MD5, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_DH_anon_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_DH_anon_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA, TLS_RSA_WITH_NULL_SHA256, TLS_ECDHE_ECDSA_WITH_NULL_SHA, TLS_ECDHE_RSA_WITH_NULL_SHA, SSL_RSA_WITH_NULL_SHA, TLS_ECDH_ECDSA_WITH_NULL_SHA, TLS_ECDH_RSA_WITH_NULL_SHA, TLS_ECDH_anon_WITH_NULL_SHA, SSL_RSA_WITH_NULL_MD5, TLS_KRB5_WITH_3DES_EDE_CBC_SHA, TLS_KRB5_WITH_3DES_EDE_CBC_MD5, TLS_KRB5_WITH_RC4_128_SHA, TLS_KRB5_WITH_RC4_128_MD5, TLS_KRB5_WITH_DES_CBC_SHA, TLS_KRB5_WITH_DES_CBC_MD5, TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5, TLS_KRB5_EXPORT_WITH_RC4_40_SHA, TLS_KRB5_EXPORT_WITH_RC4_40_MD5]

Compression Methods:  { 0 }

Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}

Extension ec_point_formats, formats: [uncompressed]

Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA

***

[write] MD5 and SHA1 hashes:  len = 263

0000: 01 00 01 03 03 03 54 BB   67 39 AE 9A 58 DE DA 37  ......T.g9..X..7

0010: 51 14 16 35 88 AE 14 A8   B4 E1 75 36 D8 9E B7 77  Q..5......u6...w

0020: 76 10 EC DD 18 FB 00 00   7E C0 23 C0 27 00 3C C0  v.........#.'.<.

0030: 25 C0 29 00 67 00 40 C0   09 C0 13 00 2F C0 04 C0  %.).g.@...../...

0040: 0E 00 33 00 32 C0 08 C0   12 00 0A C0 03 C0 0D 00  ..3.2...........

0050: 16 00 13 C0 07 C0 11 00   05 C0 02 C0 0C 00 04 00  ................

0060: FF 00 6C C0 18 00 34 C0   17 00 1B C0 16 00 18 00  ..l...4.........

0070: 09 00 15 00 12 00 1A 00   03 00 17 00 08 00 14 00  ................

0080: 11 00 19 00 3B C0 06 C0   10 00 02 C0 01 C0 0B C0  ....;...........

0090: 15 00 01 00 1F 00 23 00   20 00 24 00 1E 00 22 00  ......#. .$...".

00A0: 26 00 29 00 28 00 2B 01   00 00 5C 00 0A 00 34 00  &.).(.+...\...4.

00B0: 32 00 17 00 01 00 03 00   13 00 15 00 06 00 07 00  2...............

00C0: 09 00 0A 00 18 00 0B 00   0C 00 19 00 0D 00 0E 00  ................

00D0: 0F 00 10 00 11 00 02 00   12 00 04 00 05 00 14 00  ................

00E0: 08 00 16 00 0B 00 02 01   00 00 0D 00 1A 00 18 06  ................

00F0: 03 06 01 05 03 05 01 04   03 04 01 03 03 03 01 02  ................

0100: 03 02 01 02 02 01 01                               .......

StartPoint-IMAP-SSL-Kernel(3) SelectorRunner, WRITE: TLSv1.2 Handshake, length = 263

[write] MD5 and SHA1 hashes:  len = 257

0000: 01 03 03 00 D8 00 00 00   20 00 C0 23 00 C0 27 00  ........ ..#..'.

0010: 00 3C 00 C0 25 00 C0 29   00 00 67 00 00 40 00 C0  .<..%..)..g..@..

0020: 09 06 00 40 00 C0 13 00   00 2F 00 C0 04 01 00 80  ...@...../......

0030: 00 C0 0E 00 00 33 00 00   32 00 C0 08 00 C0 12 00  .....3..2.......

0040: 00 0A 07 00 C0 00 C0 03   02 00 80 00 C0 0D 00 00  ................

0050: 16 00 00 13 00 C0 07 05   00 80 00 C0 11 00 00 05  ................

0060: 00 C0 02 00 C0 0C 00 00   04 01 00 80 00 00 FF 00  ................

0070: 00 6C 00 C0 18 00 00 34   00 C0 17 00 00 1B 00 C0  .l.....4........

0080: 16 00 00 18 00 00 09 06   00 40 00 00 15 00 00 12  .........@......

0090: 00 00 1A 00 00 03 02 00   80 00 00 17 00 00 08 00  ................

00A0: 00 14 00 00 11 00 00 19   00 00 3B 00 C0 06 04 00  ..........;.....

00B0: 80 00 C0 10 00 00 02 00   C0 01 00 C0 0B 00 C0 15  ................

00C0: 00 00 01 00 00 1F 00 00   23 00 00 20 00 00 24 00  ........#.. ..$.

00D0: 00 1E 00 00 22 00 00 26   00 00 29 00 00 28 00 00  ...."..&..)..(..

00E0: 2B 54 BB 67 39 AE 9A 58   DE DA 37 51 14 16 35 88  +T.g9..X..7Q..5.

00F0: AE 14 A8 B4 E1 75 36 D8   9E B7 77 76 10 EC DD 18  .....u6...wv....

0100: FB                                                 .

StartPoint-IMAP-SSL-Kernel(3) SelectorRunner, WRITE: SSLv2 client hello message, length = 257

[Raw write]: length = 259

0000: 81 01 01 03 03 00 D8 00   00 00 20 00 C0 23 00 C0  .......... ..#..

0010: 27 00 00 3C 00 C0 25 00   C0 29 00 00 67 00 00 40  '..<..%..)..g..@

0020: 00 C0 09 06 00 40 00 C0   13 00 00 2F 00 C0 04 01  .....@...../....

0030: 00 80 00 C0 0E 00 00 33   00 00 32 00 C0 08 00 C0  .......3..2.....

0040: 12 00 00 0A 07 00 C0 00   C0 03 02 00 80 00 C0 0D  ................

0050: 00 00 16 00 00 13 00 C0   07 05 00 80 00 C0 11 00  ................

0060: 00 05 00 C0 02 00 C0 0C   00 00 04 01 00 80 00 00  ................

0070: FF 00 00 6C 00 C0 18 00   00 34 00 C0 17 00 00 1B  ...l.....4......

0080: 00 C0 16 00 00 18 00 00   09 06 00 40 00 00 15 00  ...........@....

0090: 00 12 00 00 1A 00 00 03   02 00 80 00 00 17 00 00  ................

00A0: 08 00 00 14 00 00 11 00   00 19 00 00 3B 00 C0 06  ............;...

00B0: 04 00 80 00 C0 10 00 00   02 00 C0 01 00 C0 0B 00  ................

00C0: C0 15 00 00 01 00 00 1F   00 00 23 00 00 20 00 00  ..........#.. ..

00D0: 24 00 00 1E 00 00 22 00   00 26 00 00 29 00 00 28  $....."..&..)..(

00E0: 00 00 2B 54 BB 67 39 AE   9A 58 DE DA 37 51 14 16  ..+T.g9..X..7Q..

00F0: 35 88 AE 14 A8 B4 E1 75   36 D8 9E B7 77 76 10 EC  5......u6...wv..

0100: DD 18 FB     


“This e-mail message may contain confidential, commercial or privileged information that constitutes proprietary information of Comverse Inc. or its subsidiaries. If you are not the intended recipient of this message, you are hereby notified that any review, use or distribution of this information is absolutely prohibited and we request that you delete all copies and contact us by e-mailing to: [hidden email]. Thank You.”

Reply | Threaded
Open this post in threaded view
|

RE: Trying to establish SSL connection - Fails in handshake

Meltser Tiran

Adding the mailing list.

 

Tiran Meltser

From: Siman Tov Gal
Sent: Monday, January 19, 2015 4:18 PM
To: Oleksiy Stashok
Cc: Meltser Tiran; Broide Uri
Subject: RE: Trying to establish SSL connection - Fails in handshake

 

Hi Alexey,

 

Thanks for the prompt reply.

 

I took a step back and tried to launch the SSL sample from the Grizzly repository (grizzly-framework-samples-2.3.18.jar).

I used an openssl client and on handshake I got the following error:

 

30720:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188:

 

Note that I did not perform any setup on the SSLEngineConfigurator.

 

As far as I’ve seen other examples they should work as is, but this does not happen here.

 

Am I missing something?

 

10x,

 

Gal

 

 

 

From: Oleksiy Stashok [[hidden email]]
Sent: Monday, January 19, 2015 6:58 AM
To: Siman Tov Gal; [hidden email]
Cc: Meltser Tiran; Broide Uri
Subject: Re: Trying to establish SSL connection - Fails in handshake

 

Hi,

can you pls. share the test case so we can reproduce the problem?

Thank you.

WBR,
Alexey.

On 18.01.15 00:13, Siman Tov Gal wrote:

Hi

 

I am trying to establish a SSL handshake with my Grizzly server and an openssl client.

 

I’ve  configured the SSLEngineConfigurator with the following setup:

 

              sslContextConfig.setKeyStoreFile(keyStoreLocation);

              sslContextConfig.setKeyStorePass(keyStorePassword);

             

              // Create SSLEngine configurator

              SSLEngineConfigurator sslEngineConfigurator = new SSLEngineConfigurator(sslContextConfig.createSSLContext(),false,false,false);

              SSLSocketFactory sf = sslEngineConfigurator.getSslContext().getSocketFactory();         

             

              String[] supportedProtocols = {"TLSv1","SSLv3","TLSv1.1","TLSv1.2","SSLv2Hello"};

              sslEngineConfigurator.setEnabledProtocols(supportedProtocols);

              sslEngineConfigurator.setProtocolConfigured(true);

              String[] cipherSuites = sf.getSupportedCipherSuites();

              sslEngineConfigurator.setEnabledCipherSuites(cipherSuites);

              sslEngineConfigurator.setCipherConfigured(true);

              sslEngineConfigurator.setNeedClientAuth(false);

              sslEngineConfigurator.setWantClientAuth(false);

 

When debugging the handshake code, the point of failure was in the SSLBaseFilter:doHandshakeStep() method.

When entering the case of NEED_UNWRAP, the handshake failed due to the fact that the inputBuffer was set to null.

 

The openssl client send the following command :

 

openssl.exe s_client -debug -msg -connect localhost:50443

 

I am getting the following response :

 

8392:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:.\ssl\s23_clnt.c:601

 

Thanks in advance

 

Gal S.T

 

P.S:  I open the SSL debug info (using : -Djavax.net.debug=all)

 

Here is the output :

 

chain [0] = [

[

  Version: V3

  Subject: CN=mist mist, OU=VI, O=Comverse, L=Raanana, ST=Israel, C=IL

  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

 

  Key:  Sun RSA public key, 2048 bits

  modulus: 24414085473144772337919323012074107190618816754963514243080255494571539528736844619038076143491962690817977116723664346553272438908433680538048087195422831263971167306175278902944331875961609798287166241724881538546675318900905485132685167634098012392607384655817306725746127194856379390873270494744745754705873786404248972196545665264863541650881792842260766824580673229124863089563730094213195521617379221251195145200022967368062802615057847357727486054056179317815221853820588458878995885198226082418443238912098038011785005029767939039988128318928941102946178680941872945325579621419106798984545238312478653261279

  public exponent: 65537

  Validity: [From: Thu Jan 15 15:47:10 IST 2015,

               To: Wed Aug 10 16:47:10 IDT 2044]

  Issuer: CN=mist mist, OU=VI, O=Comverse, L=Raanana, ST=Israel, C=IL

  SerialNumber: [    5606fc55]

 

Certificate Extensions: 1

[1]: ObjectId: 2.5.29.14 Criticality=false

SubjectKeyIdentifier [

KeyIdentifier [

0000: 27 D1 11 CB 8B AF EB 5E   D8 67 A5 58 88 CE 39 72  '......^.g.X..9r

0010: 74 DA 48 65                                        t.He

]

]

 

]

  Algorithm: [SHA1withRSA]

  Signature:

0000: 56 82 F0 A4 A6 56 A8 F8   37 3D E6 A5 1F 87 E3 9D  V....V..7=......

0010: 45 33 C6 C6 DB 5E A5 46   C7 EB 6D 12 FD 12 38 F3  E3...^.F..m...8.

0020: 0F 80 99 A6 B7 1D 1F 84   22 5E E6 B8 FA DE 7F 68  ........"^.....h

0030: 7B 0D D0 24 53 D0 DA CB   13 F3 38 E3 EA 3B 69 C1  ...$S.....8..;i.

0040: 1E 6B BB AA 32 4F CF AF   42 91 52 C5 07 49 99 AB  .k..2O..B.R..I..

0050: C5 48 29 64 17 2A 23 AF   74 B0 2C 90 01 C1 7E BE  .H)d.*#.t.,.....

0060: 37 ED DC 2E F3 59 E7 6C   0B B0 6B DF 20 5C 61 24  7....Y.l..k. \a$

0070: FB BA EB 4E 35 BD 6A AE   DB 98 59 27 D4 C1 6D 81  ...N5.j...Y'..m.

0080: 50 8A 7B 45 9C ED 73 20   74 78 6E 45 44 54 E3 3E  P..E..s txnEDT.>

0090: B8 B6 86 98 EE 3D 65 36   D8 F2 96 67 9B BD DC DE  .....=e6...g....

00A0: CF 6B 12 51 2F D3 5E B6   E4 87 9C E5 2C 91 E6 70  .k.Q/.^.....,..p

00B0: F4 2F 19 A0 08 19 BF BF   0B 25 87 16 AE 98 76 94  ./.......%....v.

00C0: 22 DD 36 99 0A FB 41 53   0D 46 C6 18 33 36 A7 4F  ".6...AS.F..36.O

00D0: DF 45 71 46 3B 02 DA 55   58 E8 65 9F 70 E6 E1 F9  .EqF;..UX.e.p...

00E0: 6D A3 B9 6D 56 01 F8 B8   E1 A0 47 E5 76 EA 25 BE  m..mV.....G.v.%.

00F0: 6B 64 1A AA 04 1D A2 61   D9 CB 3F 2C 06 FC 24 37  kd.....a..?,..$7

 

]

***

trustStore is: C:\jdk1.7.0_72\jre\lib\security\cacerts

trustStore type is : jks

trustStore provider is :

init truststore

adding as trusted cert:

  Subject: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH

  Issuer:  CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH

  Algorithm: RSA; Serial number: 0x4eb200670c035d4f

  Valid from Wed Oct 25 10:36:00 IST 2006 until Sat Oct 25 11:36:00 IDT 2036

 

adding as trusted cert:

  Subject: [hidden email], CN=http://www.valicert.com/, OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network

  Issuer:  [hidden email], CN=http://www.valicert.com/, OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network

  Algorithm: RSA; Serial number: 0x1

  Valid from Sat Jun 26 01:23:48 IDT 1999 until Wed Jun 26 01:23:48 IDT 2019

 

trigger seeding of SecureRandom

done seeding SecureRandom

Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_ECDH_anon_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA

***** MIST started in 10092 ms *****

Using SSLEngineImpl.

Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA

Allow unsafe renegotiation: false

Allow legacy hello messages: true

Is initial handshake: true

Is secure renegotiation: false

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1

%% No cached client session

*** ClientHello, TLSv1.2

RandomCookie:  GMT: 1404790585 bytes = { 174, 154, 88, 222, 218, 55, 81, 20, 22, 53, 136, 174, 20, 168, 180, 225, 117, 54, 216, 158, 183, 119, 118, 16, 236, 221, 24, 251 }

Session ID:  {}

Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, TLS_DH_anon_WITH_AES_128_CBC_SHA256, TLS_ECDH_anon_WITH_AES_128_CBC_SHA, TLS_DH_anon_WITH_AES_128_CBC_SHA, TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA, SSL_DH_anon_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_anon_WITH_RC4_128_SHA, SSL_DH_anon_WITH_RC4_128_MD5, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_DH_anon_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_DH_anon_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA, TLS_RSA_WITH_NULL_SHA256, TLS_ECDHE_ECDSA_WITH_NULL_SHA, TLS_ECDHE_RSA_WITH_NULL_SHA, SSL_RSA_WITH_NULL_SHA, TLS_ECDH_ECDSA_WITH_NULL_SHA, TLS_ECDH_RSA_WITH_NULL_SHA, TLS_ECDH_anon_WITH_NULL_SHA, SSL_RSA_WITH_NULL_MD5, TLS_KRB5_WITH_3DES_EDE_CBC_SHA, TLS_KRB5_WITH_3DES_EDE_CBC_MD5, TLS_KRB5_WITH_RC4_128_SHA, TLS_KRB5_WITH_RC4_128_MD5, TLS_KRB5_WITH_DES_CBC_SHA, TLS_KRB5_WITH_DES_CBC_MD5, TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5, TLS_KRB5_EXPORT_WITH_RC4_40_SHA, TLS_KRB5_EXPORT_WITH_RC4_40_MD5]

Compression Methods:  { 0 }

Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}

Extension ec_point_formats, formats: [uncompressed]

Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA

***

[write] MD5 and SHA1 hashes:  len = 263

0000: 01 00 01 03 03 03 54 BB   67 39 AE 9A 58 DE DA 37  ......T.g9..X..7

0010: 51 14 16 35 88 AE 14 A8   B4 E1 75 36 D8 9E B7 77  Q..5......u6...w

0020: 76 10 EC DD 18 FB 00 00   7E C0 23 C0 27 00 3C C0  v.........#.'.<.

0030: 25 C0 29 00 67 00 40 C0   09 C0 13 00 2F C0 04 C0  %.)[hidden email]...

0040: 0E 00 33 00 32 C0 08 C0   12 00 0A C0 03 C0 0D 00  ..3.2...........

0050: 16 00 13 C0 07 C0 11 00   05 C0 02 C0 0C 00 04 00  ................

0060: FF 00 6C C0 18 00 34 C0   17 00 1B C0 16 00 18 00  ..l...4.........

0070: 09 00 15 00 12 00 1A 00   03 00 17 00 08 00 14 00  ................

0080: 11 00 19 00 3B C0 06 C0   10 00 02 C0 01 C0 0B C0  ....;...........

0090: 15 00 01 00 1F 00 23 00   20 00 24 00 1E 00 22 00  ......#. .$...".

00A0: 26 00 29 00 28 00 2B 01   00 00 5C 00 0A 00 34 00  &.).(.+...\...4.

00B0: 32 00 17 00 01 00 03 00   13 00 15 00 06 00 07 00  2...............

00C0: 09 00 0A 00 18 00 0B 00   0C 00 19 00 0D 00 0E 00  ................

00D0: 0F 00 10 00 11 00 02 00   12 00 04 00 05 00 14 00  ................

00E0: 08 00 16 00 0B 00 02 01   00 00 0D 00 1A 00 18 06  ................

00F0: 03 06 01 05 03 05 01 04   03 04 01 03 03 03 01 02  ................

0100: 03 02 01 02 02 01 01                               .......

StartPoint-IMAP-SSL-Kernel(3) SelectorRunner, WRITE: TLSv1.2 Handshake, length = 263

[write] MD5 and SHA1 hashes:  len = 257

0000: 01 03 03 00 D8 00 00 00   20 00 C0 23 00 C0 27 00  ........ ..#..'.

0010: 00 3C 00 C0 25 00 C0 29   00 00 67 00 00 40 00 C0  .<..%..)[hidden email]..

0020: 09 06 00 40 00 C0 13 00   00 2F 00 C0 04 01 00 80  [hidden email]......

0030: 00 C0 0E 00 00 33 00 00   32 00 C0 08 00 C0 12 00  .....3..2.......

0040: 00 0A 07 00 C0 00 C0 03   02 00 80 00 C0 0D 00 00  ................

0050: 16 00 00 13 00 C0 07 05   00 80 00 C0 11 00 00 05  ................

0060: 00 C0 02 00 C0 0C 00 00   04 01 00 80 00 00 FF 00  ................

0070: 00 6C 00 C0 18 00 00 34   00 C0 17 00 00 1B 00 C0  .l.....4........

0080: 16 00 00 18 00 00 09 06   00 40 00 00 15 00 00 12  [hidden email]......

0090: 00 00 1A 00 00 03 02 00   80 00 00 17 00 00 08 00  ................

00A0: 00 14 00 00 11 00 00 19   00 00 3B 00 C0 06 04 00  ..........;.....

00B0: 80 00 C0 10 00 00 02 00   C0 01 00 C0 0B 00 C0 15  ................

00C0: 00 00 01 00 00 1F 00 00   23 00 00 20 00 00 24 00  ........#.. ..$.

00D0: 00 1E 00 00 22 00 00 26   00 00 29 00 00 28 00 00  ...."..&..)..(..

00E0: 2B 54 BB 67 39 AE 9A 58   DE DA 37 51 14 16 35 88  +T.g9..X..7Q..5.

00F0: AE 14 A8 B4 E1 75 36 D8   9E B7 77 76 10 EC DD 18  .....u6...wv....

0100: FB                                                 .

StartPoint-IMAP-SSL-Kernel(3) SelectorRunner, WRITE: SSLv2 client hello message, length = 257

[Raw write]: length = 259

0000: 81 01 01 03 03 00 D8 00   00 00 20 00 C0 23 00 C0  .......... ..#..

0010: 27 00 00 3C 00 C0 25 00   C0 29 00 00 67 00 00 40  '..<..%..)..g..@

0020: 00 C0 09 06 00 40 00 C0   13 00 00 2F 00 C0 04 01  [hidden email]....

0030: 00 80 00 C0 0E 00 00 33   00 00 32 00 C0 08 00 C0  .......3..2.....

0040: 12 00 00 0A 07 00 C0 00   C0 03 02 00 80 00 C0 0D  ................

0050: 00 00 16 00 00 13 00 C0   07 05 00 80 00 C0 11 00  ................

0060: 00 05 00 C0 02 00 C0 0C   00 00 04 01 00 80 00 00  ................

0070: FF 00 00 6C 00 C0 18 00   00 34 00 C0 17 00 00 1B  ...l.....4......

0080: 00 C0 16 00 00 18 00 00   09 06 00 40 00 00 15 00  [hidden email]....

0090: 00 12 00 00 1A 00 00 03   02 00 80 00 00 17 00 00  ................

00A0: 08 00 00 14 00 00 11 00   00 19 00 00 3B 00 C0 06  ............;...

00B0: 04 00 80 00 C0 10 00 00   02 00 C0 01 00 C0 0B 00  ................

00C0: C0 15 00 00 01 00 00 1F   00 00 23 00 00 20 00 00  ..........#.. ..

00D0: 24 00 00 1E 00 00 22 00   00 26 00 00 29 00 00 28  $....."..&..)..(

00E0: 00 00 2B 54 BB 67 39 AE   9A 58 DE DA 37 51 14 16  ..+T.g9..X..7Q..

00F0: 35 88 AE 14 A8 B4 E1 75   36 D8 9E B7 77 76 10 EC  5......u6...wv..

0100: DD 18 FB     


“This e-mail message may contain confidential, commercial or privileged information that constitutes proprietary information of Comverse Inc. or its subsidiaries. If you are not the intended recipient of this message, you are hereby notified that any review, use or distribution of this information is absolutely prohibited and we request that you delete all copies and contact us by e-mailing to: [hidden email]. Thank You.”

 


“This e-mail message may contain confidential, commercial or privileged information that constitutes proprietary information of Comverse Inc. or its subsidiaries. If you are not the intended recipient of this message, you are hereby notified that any review, use or distribution of this information is absolutely prohibited and we request that you delete all copies and contact us by e-mailing to: [hidden email]. Thank You.”
Reply | Threaded
Open this post in threaded view
|

Re: Trying to establish SSL connection - Fails in handshake

oleksiys
Administrator
In reply to this post by oleksiys
Hi,

are you running SSLEchoServer?
If yes, there is SSLEchoClient, does it work with the server?

Thank you.

WBR,
Alexey.

On 19.01.15 06:17, Siman Tov Gal wrote:

Hi Alexey,

 

Thanks for the prompt reply.

 

I took a step back and tried to launch the SSL sample from the Grizzly repository (grizzly-framework-samples-2.3.18.jar).

I used an openssl client and on handshake I got the following error:

 

30720:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188:

 

Note that I did not perform any setup on the SSLEngineConfigurator.

 

As far as I’ve seen other examples they should work as is, but this does not happen here.

 

Am I missing something?

 

10x,

 

Gal

 

 

 

From: Oleksiy Stashok [[hidden email]]
Sent: Monday, January 19, 2015 6:58 AM
To: Siman Tov Gal; [hidden email]
Cc: Meltser Tiran; Broide Uri
Subject: Re: Trying to establish SSL connection - Fails in handshake

 

Hi,

can you pls. share the test case so we can reproduce the problem?

Thank you.

WBR,
Alexey.

On 18.01.15 00:13, Siman Tov Gal wrote:

Hi

 

I am trying to establish a SSL handshake with my Grizzly server and an openssl client.

 

I’ve  configured the SSLEngineConfigurator with the following setup:

 

              sslContextConfig.setKeyStoreFile(keyStoreLocation);

              sslContextConfig.setKeyStorePass(keyStorePassword);

             

              // Create SSLEngine configurator

              SSLEngineConfigurator sslEngineConfigurator = new SSLEngineConfigurator(sslContextConfig.createSSLContext(),false,false,false);

              SSLSocketFactory sf = sslEngineConfigurator.getSslContext().getSocketFactory();         

             

              String[] supportedProtocols = {"TLSv1","SSLv3","TLSv1.1","TLSv1.2","SSLv2Hello"};

              sslEngineConfigurator.setEnabledProtocols(supportedProtocols);

              sslEngineConfigurator.setProtocolConfigured(true);

              String[] cipherSuites = sf.getSupportedCipherSuites();

              sslEngineConfigurator.setEnabledCipherSuites(cipherSuites);

              sslEngineConfigurator.setCipherConfigured(true);

              sslEngineConfigurator.setNeedClientAuth(false);

              sslEngineConfigurator.setWantClientAuth(false);

 

When debugging the handshake code, the point of failure was in the SSLBaseFilter:doHandshakeStep() method.

When entering the case of NEED_UNWRAP, the handshake failed due to the fact that the inputBuffer was set to null.

 

The openssl client send the following command :

 

openssl.exe s_client -debug -msg -connect localhost:50443

 

I am getting the following response :

 

8392:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:.\ssl\s23_clnt.c:601

 

Thanks in advance

 

Gal S.T

 

P.S:  I open the SSL debug info (using : -Djavax.net.debug=all)

 

Here is the output :

 

chain [0] = [

[

  Version: V3

  Subject: CN=mist mist, OU=VI, O=Comverse, L=Raanana, ST=Israel, C=IL

  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

 

  Key:  Sun RSA public key, 2048 bits

  modulus: 24414085473144772337919323012074107190618816754963514243080255494571539528736844619038076143491962690817977116723664346553272438908433680538048087195422831263971167306175278902944331875961609798287166241724881538546675318900905485132685167634098012392607384655817306725746127194856379390873270494744745754705873786404248972196545665264863541650881792842260766824580673229124863089563730094213195521617379221251195145200022967368062802615057847357727486054056179317815221853820588458878995885198226082418443238912098038011785005029767939039988128318928941102946178680941872945325579621419106798984545238312478653261279

  public exponent: 65537

  Validity: [From: Thu Jan 15 15:47:10 IST 2015,

               To: Wed Aug 10 16:47:10 IDT 2044]

  Issuer: CN=mist mist, OU=VI, O=Comverse, L=Raanana, ST=Israel, C=IL

  SerialNumber: [    5606fc55]

 

Certificate Extensions: 1

[1]: ObjectId: 2.5.29.14 Criticality=false

SubjectKeyIdentifier [

KeyIdentifier [

0000: 27 D1 11 CB 8B AF EB 5E   D8 67 A5 58 88 CE 39 72  '......^.g.X..9r

0010: 74 DA 48 65                                        t.He

]

]

 

]

  Algorithm: [SHA1withRSA]

  Signature:

0000: 56 82 F0 A4 A6 56 A8 F8   37 3D E6 A5 1F 87 E3 9D  V....V..7=......

0010: 45 33 C6 C6 DB 5E A5 46   C7 EB 6D 12 FD 12 38 F3  E3...^.F..m...8.

0020: 0F 80 99 A6 B7 1D 1F 84   22 5E E6 B8 FA DE 7F 68  ........"^.....h

0030: 7B 0D D0 24 53 D0 DA CB   13 F3 38 E3 EA 3B 69 C1  ...$S.....8..;i.

0040: 1E 6B BB AA 32 4F CF AF   42 91 52 C5 07 49 99 AB  .k..2O..B.R..I..

0050: C5 48 29 64 17 2A 23 AF   74 B0 2C 90 01 C1 7E BE  .H)d.*#.t.,.....

0060: 37 ED DC 2E F3 59 E7 6C   0B B0 6B DF 20 5C 61 24  7....Y.l..k. \a$

0070: FB BA EB 4E 35 BD 6A AE   DB 98 59 27 D4 C1 6D 81  ...N5.j...Y'..m.

0080: 50 8A 7B 45 9C ED 73 20   74 78 6E 45 44 54 E3 3E  P..E..s txnEDT.>

0090: B8 B6 86 98 EE 3D 65 36   D8 F2 96 67 9B BD DC DE  .....=e6...g....

00A0: CF 6B 12 51 2F D3 5E B6   E4 87 9C E5 2C 91 E6 70  .k.Q/.^.....,..p

00B0: F4 2F 19 A0 08 19 BF BF   0B 25 87 16 AE 98 76 94  ./.......%....v.

00C0: 22 DD 36 99 0A FB 41 53   0D 46 C6 18 33 36 A7 4F  ".6...AS.F..36.O

00D0: DF 45 71 46 3B 02 DA 55   58 E8 65 9F 70 E6 E1 F9  .EqF;..UX.e.p...

00E0: 6D A3 B9 6D 56 01 F8 B8   E1 A0 47 E5 76 EA 25 BE  m..mV.....G.v.%.

00F0: 6B 64 1A AA 04 1D A2 61   D9 CB 3F 2C 06 FC 24 37  kd.....a..?,..$7

 

]

***

trustStore is: C:\jdk1.7.0_72\jre\lib\security\cacerts

trustStore type is : jks

trustStore provider is :

init truststore

adding as trusted cert:

  Subject: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH

  Issuer:  CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH

  Algorithm: RSA; Serial number: 0x4eb200670c035d4f

  Valid from Wed Oct 25 10:36:00 IST 2006 until Sat Oct 25 11:36:00 IDT 2036

 

adding as trusted cert:

  Subject: [hidden email], CN=http://www.valicert.com/, OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network

  Issuer:  [hidden email], CN=http://www.valicert.com/, OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network

  Algorithm: RSA; Serial number: 0x1

  Valid from Sat Jun 26 01:23:48 IDT 1999 until Wed Jun 26 01:23:48 IDT 2019

 

trigger seeding of SecureRandom

done seeding SecureRandom

Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_ECDH_anon_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA

***** MIST started in 10092 ms *****

Using SSLEngineImpl.

Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA

Allow unsafe renegotiation: false

Allow legacy hello messages: true

Is initial handshake: true

Is secure renegotiation: false

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1

%% No cached client session

*** ClientHello, TLSv1.2

RandomCookie:  GMT: 1404790585 bytes = { 174, 154, 88, 222, 218, 55, 81, 20, 22, 53, 136, 174, 20, 168, 180, 225, 117, 54, 216, 158, 183, 119, 118, 16, 236, 221, 24, 251 }

Session ID:  {}

Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, TLS_DH_anon_WITH_AES_128_CBC_SHA256, TLS_ECDH_anon_WITH_AES_128_CBC_SHA, TLS_DH_anon_WITH_AES_128_CBC_SHA, TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA, SSL_DH_anon_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_anon_WITH_RC4_128_SHA, SSL_DH_anon_WITH_RC4_128_MD5, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_DH_anon_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_DH_anon_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA, TLS_RSA_WITH_NULL_SHA256, TLS_ECDHE_ECDSA_WITH_NULL_SHA, TLS_ECDHE_RSA_WITH_NULL_SHA, SSL_RSA_WITH_NULL_SHA, TLS_ECDH_ECDSA_WITH_NULL_SHA, TLS_ECDH_RSA_WITH_NULL_SHA, TLS_ECDH_anon_WITH_NULL_SHA, SSL_RSA_WITH_NULL_MD5, TLS_KRB5_WITH_3DES_EDE_CBC_SHA, TLS_KRB5_WITH_3DES_EDE_CBC_MD5, TLS_KRB5_WITH_RC4_128_SHA, TLS_KRB5_WITH_RC4_128_MD5, TLS_KRB5_WITH_DES_CBC_SHA, TLS_KRB5_WITH_DES_CBC_MD5, TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5, TLS_KRB5_EXPORT_WITH_RC4_40_SHA, TLS_KRB5_EXPORT_WITH_RC4_40_MD5]

Compression Methods:  { 0 }

Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}

Extension ec_point_formats, formats: [uncompressed]

Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA

***

[write] MD5 and SHA1 hashes:  len = 263

0000: 01 00 01 03 03 03 54 BB   67 39 AE 9A 58 DE DA 37  ......T.g9..X..7

0010: 51 14 16 35 88 AE 14 A8   B4 E1 75 36 D8 9E B7 77  Q..5......u6...w

0020: 76 10 EC DD 18 FB 00 00   7E C0 23 C0 27 00 3C C0  v.........#.'.<.

0030: 25 C0 29 00 67 00 40 C0   09 C0 13 00 2F C0 04 C0  %.)[hidden email]...

0040: 0E 00 33 00 32 C0 08 C0   12 00 0A C0 03 C0 0D 00  ..3.2...........

0050: 16 00 13 C0 07 C0 11 00   05 C0 02 C0 0C 00 04 00  ................

0060: FF 00 6C C0 18 00 34 C0   17 00 1B C0 16 00 18 00  ..l...4.........

0070: 09 00 15 00 12 00 1A 00   03 00 17 00 08 00 14 00  ................

0080: 11 00 19 00 3B C0 06 C0   10 00 02 C0 01 C0 0B C0  ....;...........

0090: 15 00 01 00 1F 00 23 00   20 00 24 00 1E 00 22 00  ......#. .$...".

00A0: 26 00 29 00 28 00 2B 01   00 00 5C 00 0A 00 34 00  &.).(.+...\...4.

00B0: 32 00 17 00 01 00 03 00   13 00 15 00 06 00 07 00  2...............

00C0: 09 00 0A 00 18 00 0B 00   0C 00 19 00 0D 00 0E 00  ................

00D0: 0F 00 10 00 11 00 02 00   12 00 04 00 05 00 14 00  ................

00E0: 08 00 16 00 0B 00 02 01   00 00 0D 00 1A 00 18 06  ................

00F0: 03 06 01 05 03 05 01 04   03 04 01 03 03 03 01 02  ................

0100: 03 02 01 02 02 01 01                               .......

StartPoint-IMAP-SSL-Kernel(3) SelectorRunner, WRITE: TLSv1.2 Handshake, length = 263

[write] MD5 and SHA1 hashes:  len = 257

0000: 01 03 03 00 D8 00 00 00   20 00 C0 23 00 C0 27 00  ........ ..#..'.

0010: 00 3C 00 C0 25 00 C0 29   00 00 67 00 00 40 00 C0  .<..%..)[hidden email]..

0020: 09 06 00 40 00 C0 13 00   00 2F 00 C0 04 01 00 80  [hidden email]......

0030: 00 C0 0E 00 00 33 00 00   32 00 C0 08 00 C0 12 00  .....3..2.......

0040: 00 0A 07 00 C0 00 C0 03   02 00 80 00 C0 0D 00 00  ................

0050: 16 00 00 13 00 C0 07 05   00 80 00 C0 11 00 00 05  ................

0060: 00 C0 02 00 C0 0C 00 00   04 01 00 80 00 00 FF 00  ................

0070: 00 6C 00 C0 18 00 00 34   00 C0 17 00 00 1B 00 C0  .l.....4........

0080: 16 00 00 18 00 00 09 06   00 40 00 00 15 00 00 12  [hidden email]......

0090: 00 00 1A 00 00 03 02 00   80 00 00 17 00 00 08 00  ................

00A0: 00 14 00 00 11 00 00 19   00 00 3B 00 C0 06 04 00  ..........;.....

00B0: 80 00 C0 10 00 00 02 00   C0 01 00 C0 0B 00 C0 15  ................

00C0: 00 00 01 00 00 1F 00 00   23 00 00 20 00 00 24 00  ........#.. ..$.

00D0: 00 1E 00 00 22 00 00 26   00 00 29 00 00 28 00 00  ...."..&..)..(..

00E0: 2B 54 BB 67 39 AE 9A 58   DE DA 37 51 14 16 35 88  +T.g9..X..7Q..5.

00F0: AE 14 A8 B4 E1 75 36 D8   9E B7 77 76 10 EC DD 18  .....u6...wv....

0100: FB                                                 .

StartPoint-IMAP-SSL-Kernel(3) SelectorRunner, WRITE: SSLv2 client hello message, length = 257

[Raw write]: length = 259

0000: 81 01 01 03 03 00 D8 00   00 00 20 00 C0 23 00 C0  .......... ..#..

0010: 27 00 00 3C 00 C0 25 00   C0 29 00 00 67 00 00 40  '..<..%..)..g..@

0020: 00 C0 09 06 00 40 00 C0   13 00 00 2F 00 C0 04 01  [hidden email]....

0030: 00 80 00 C0 0E 00 00 33   00 00 32 00 C0 08 00 C0  .......3..2.....

0040: 12 00 00 0A 07 00 C0 00   C0 03 02 00 80 00 C0 0D  ................

0050: 00 00 16 00 00 13 00 C0   07 05 00 80 00 C0 11 00  ................

0060: 00 05 00 C0 02 00 C0 0C   00 00 04 01 00 80 00 00  ................

0070: FF 00 00 6C 00 C0 18 00   00 34 00 C0 17 00 00 1B  ...l.....4......

0080: 00 C0 16 00 00 18 00 00   09 06 00 40 00 00 15 00  [hidden email]....

0090: 00 12 00 00 1A 00 00 03   02 00 80 00 00 17 00 00  ................

00A0: 08 00 00 14 00 00 11 00   00 19 00 00 3B 00 C0 06  ............;...

00B0: 04 00 80 00 C0 10 00 00   02 00 C0 01 00 C0 0B 00  ................

00C0: C0 15 00 00 01 00 00 1F   00 00 23 00 00 20 00 00  ..........#.. ..

00D0: 24 00 00 1E 00 00 22 00   00 26 00 00 29 00 00 28  $....."..&..)..(

00E0: 00 00 2B 54 BB 67 39 AE   9A 58 DE DA 37 51 14 16  ..+T.g9..X..7Q..

00F0: 35 88 AE 14 A8 B4 E1 75   36 D8 9E B7 77 76 10 EC  5......u6...wv..

0100: DD 18 FB     


“This e-mail message may contain confidential, commercial or privileged information that constitutes proprietary information of Comverse Inc. or its subsidiaries. If you are not the intended recipient of this message, you are hereby notified that any review, use or distribution of this information is absolutely prohibited and we request that you delete all copies and contact us by e-mailing to: [hidden email]. Thank You.”

 


“This e-mail message may contain confidential, commercial or privileged information that constitutes proprietary information of Comverse Inc. or its subsidiaries. If you are not the intended recipient of this message, you are hereby notified that any review, use or distribution of this information is absolutely prohibited and we request that you delete all copies and contact us by e-mailing to: [hidden email]. Thank You.”

Reply | Threaded
Open this post in threaded view
|

RE: Trying to establish SSL connection - Fails in handshake

Siman Tov Gal

Hi Alexey.

I have run the SSLEchoServer along with the SSLEchoClient (As taken from the Grizzly samples).

 

I have added to the SSLEchoServer runtime execution the  -Djavax.net.debug=all .

 

I got the following output during the handshake :

 

trustStore is: C:\jdk1.7.0_72\jre\lib\security\cacerts

trustStore type is : jks

trustStore provider is :

init truststore

 

trigger seeding of SecureRandom

done seeding SecureRandom

Press any key to stop the server...

Using SSLEngineImpl.

Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA

Allow unsafe renegotiation: false

Allow legacy hello messages: true

Is initial handshake: true

Is secure renegotiation: false

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1

[Raw read]: length = 5

0000: 16 03 01 00 95                                     .....

[Raw read]: length = 149

0000: 01 00 00 91 03 01 54 BF   77 2F A6 34 EF B4 AD CA  ......T.w/.4....

0010: 49 27 25 DD 7A CA 3E EF   A9 9E 60 33 15 0C 81 A0  I'%.z.>...`3....

0020: 8B 12 9D B1 B4 7C 00 00   2A C0 09 C0 13 00 2F C0  ........*...../.

0030: 04 C0 0E 00 33 00 32 C0   08 C0 12 00 0A C0 03 C0  ....3.2.........

0040: 0D 00 16 00 13 C0 07 C0   11 00 05 C0 02 C0 0C 00  ................

0050: 04 00 FF 01 00 00 3E 00   0A 00 34 00 32 00 17 00  ......>...4.2...

0060: 01 00 03 00 13 00 15 00   06 00 07 00 09 00 0A 00  ................

0070: 18 00 0B 00 0C 00 19 00   0D 00 0E 00 0F 00 10 00  ................

0080: 11 00 02 00 12 00 04 00   05 00 14 00 08 00 16 00  ................

0090: 0B 00 02 01 00                                     .....

Grizzly-worker(1), READ: TLSv1 Handshake, length = 149

*** ClientHello, TLSv1

RandomCookie:  GMT: 1405056815 bytes = { 166, 52, 239, 180, 173, 202, 73, 39, 37, 221, 122, 202, 62, 239, 169, 158, 96, 51, 21, 12, 129, 160, 139, 18, 157, 177, 180, 124 }

Session ID:  {}

Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]

Compression Methods:  { 0 }

Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}

Extension ec_point_formats, formats: [uncompressed]

***

[read] MD5 and SHA1 hashes:  len = 149

0000: 01 00 00 91 03 01 54 BF   77 2F A6 34 EF B4 AD CA  ......T.w/.4....

0010: 49 27 25 DD 7A CA 3E EF   A9 9E 60 33 15 0C 81 A0  I'%.z.>...`3....

0020: 8B 12 9D B1 B4 7C 00 00   2A C0 09 C0 13 00 2F C0  ........*...../.

0030: 04 C0 0E 00 33 00 32 C0   08 C0 12 00 0A C0 03 C0  ....3.2.........

0040: 0D 00 16 00 13 C0 07 C0   11 00 05 C0 02 C0 0C 00  ................

0050: 04 00 FF 01 00 00 3E 00   0A 00 34 00 32 00 17 00  ......>...4.2...

0060: 01 00 03 00 13 00 15 00   06 00 07 00 09 00 0A 00  ................

0070: 18 00 0B 00 0C 00 19 00   0D 00 0E 00 0F 00 10 00  ................

0080: 11 00 02 00 12 00 04 00   05 00 14 00 08 00 16 00  ................

0090: 0B 00 02 01 00                                     .....

%% Initialized:  [Session-1, SSL_NULL_WITH_NULL_NULL]

Grizzly-worker(1), fatal error: 40: no cipher suites in common

javax.net.ssl.SSLHandshakeException: no cipher suites in common

%% Invalidated:  [Session-1, SSL_NULL_WITH_NULL_NULL]

Grizzly-worker(1), SEND TLSv1 ALERT:  fatal, description = handshake_failure

Grizzly-worker(1), WRITE: TLSv1 Alert, length = 2

Grizzly-worker(1), fatal: engine already closed.  Rethrowing javax.net.ssl.SSLHandshakeException: no cipher suites in common

 

 

Please advise,

 

Thanks Gal Siman-Tov

 

From: Oleksiy Stashok [mailto:[hidden email]]
Sent: Wednesday, January 21, 2015 3:27 AM
To: Siman Tov Gal
Cc: Meltser Tiran; Broide Uri; '[hidden email]'
Subject: Re: Trying to establish SSL connection - Fails in handshake

 

Hi,

are you running SSLEchoServer?
If yes, there is SSLEchoClient, does it work with the server?

Thank you.

WBR,
Alexey.

On 19.01.15 06:17, Siman Tov Gal wrote:

Hi Alexey,

 

Thanks for the prompt reply.

 

I took a step back and tried to launch the SSL sample from the Grizzly repository (grizzly-framework-samples-2.3.18.jar).

I used an openssl client and on handshake I got the following error:

 

30720:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188:

 

Note that I did not perform any setup on the SSLEngineConfigurator.

 

As far as I’ve seen other examples they should work as is, but this does not happen here.

 

Am I missing something?

 

10x,

 

Gal

 

 

 

From: Oleksiy Stashok [[hidden email]]
Sent: Monday, January 19, 2015 6:58 AM
To: Siman Tov Gal; [hidden email]
Cc: Meltser Tiran; Broide Uri
Subject: Re: Trying to establish SSL connection - Fails in handshake

 

Hi,

can you pls. share the test case so we can reproduce the problem?

Thank you.

WBR,
Alexey.

On 18.01.15 00:13, Siman Tov Gal wrote:

Hi

 

I am trying to establish a SSL handshake with my Grizzly server and an openssl client.

 

I’ve  configured the SSLEngineConfigurator with the following setup:

 

              sslContextConfig.setKeyStoreFile(keyStoreLocation);

              sslContextConfig.setKeyStorePass(keyStorePassword);

             

              // Create SSLEngine configurator

              SSLEngineConfigurator sslEngineConfigurator = new SSLEngineConfigurator(sslContextConfig.createSSLContext(),false,false,false);

              SSLSocketFactory sf = sslEngineConfigurator.getSslContext().getSocketFactory();         

             

              String[] supportedProtocols = {"TLSv1","SSLv3","TLSv1.1","TLSv1.2","SSLv2Hello"};

              sslEngineConfigurator.setEnabledProtocols(supportedProtocols);

              sslEngineConfigurator.setProtocolConfigured(true);

              String[] cipherSuites = sf.getSupportedCipherSuites();

              sslEngineConfigurator.setEnabledCipherSuites(cipherSuites);

              sslEngineConfigurator.setCipherConfigured(true);

              sslEngineConfigurator.setNeedClientAuth(false);

              sslEngineConfigurator.setWantClientAuth(false);

 

When debugging the handshake code, the point of failure was in the SSLBaseFilter:doHandshakeStep() method.

When entering the case of NEED_UNWRAP, the handshake failed due to the fact that the inputBuffer was set to null.

 

The openssl client send the following command :

 

openssl.exe s_client -debug -msg -connect localhost:50443

 

I am getting the following response :

 

8392:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:.\ssl\s23_clnt.c:601

 

Thanks in advance

 

Gal S.T

 

P.S:  I open the SSL debug info (using : -Djavax.net.debug=all)

 

Here is the output :

 

chain [0] = [

[

  Version: V3

  Subject: CN=mist mist, OU=VI, O=Comverse, L=Raanana, ST=Israel, C=IL

  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

 

  Key:  Sun RSA public key, 2048 bits

  modulus: 24414085473144772337919323012074107190618816754963514243080255494571539528736844619038076143491962690817977116723664346553272438908433680538048087195422831263971167306175278902944331875961609798287166241724881538546675318900905485132685167634098012392607384655817306725746127194856379390873270494744745754705873786404248972196545665264863541650881792842260766824580673229124863089563730094213195521617379221251195145200022967368062802615057847357727486054056179317815221853820588458878995885198226082418443238912098038011785005029767939039988128318928941102946178680941872945325579621419106798984545238312478653261279

  public exponent: 65537

  Validity: [From: Thu Jan 15 15:47:10 IST 2015,

               To: Wed Aug 10 16:47:10 IDT 2044]

  Issuer: CN=mist mist, OU=VI, O=Comverse, L=Raanana, ST=Israel, C=IL

  SerialNumber: [    5606fc55]

 

Certificate Extensions: 1

[1]: ObjectId: 2.5.29.14 Criticality=false

SubjectKeyIdentifier [

KeyIdentifier [

0000: 27 D1 11 CB 8B AF EB 5E   D8 67 A5 58 88 CE 39 72  '......^.g.X..9r

0010: 74 DA 48 65                                        t.He

]

]

 

]

  Algorithm: [SHA1withRSA]

  Signature:

0000: 56 82 F0 A4 A6 56 A8 F8   37 3D E6 A5 1F 87 E3 9D  V....V..7=......

0010: 45 33 C6 C6 DB 5E A5 46   C7 EB 6D 12 FD 12 38 F3  E3...^.F..m...8.

0020: 0F 80 99 A6 B7 1D 1F 84   22 5E E6 B8 FA DE 7F 68  ........"^.....h

0030: 7B 0D D0 24 53 D0 DA CB   13 F3 38 E3 EA 3B 69 C1  ...$S.....8..;i.

0040: 1E 6B BB AA 32 4F CF AF   42 91 52 C5 07 49 99 AB  .k..2O..B.R..I..

0050: C5 48 29 64 17 2A 23 AF   74 B0 2C 90 01 C1 7E BE  .H)d.*#.t.,.....

0060: 37 ED DC 2E F3 59 E7 6C   0B B0 6B DF 20 5C 61 24  7....Y.l..k. \a$

0070: FB BA EB 4E 35 BD 6A AE   DB 98 59 27 D4 C1 6D 81  ...N5.j...Y'..m.

0080: 50 8A 7B 45 9C ED 73 20   74 78 6E 45 44 54 E3 3E  P..E..s txnEDT.>

0090: B8 B6 86 98 EE 3D 65 36   D8 F2 96 67 9B BD DC DE  .....=e6...g....

00A0: CF 6B 12 51 2F D3 5E B6   E4 87 9C E5 2C 91 E6 70  .k.Q/.^.....,..p

00B0: F4 2F 19 A0 08 19 BF BF   0B 25 87 16 AE 98 76 94  ./.......%....v.

00C0: 22 DD 36 99 0A FB 41 53   0D 46 C6 18 33 36 A7 4F  ".6...AS.F..36.O

00D0: DF 45 71 46 3B 02 DA 55   58 E8 65 9F 70 E6 E1 F9  .EqF;..UX.e.p...

00E0: 6D A3 B9 6D 56 01 F8 B8   E1 A0 47 E5 76 EA 25 BE  m..mV.....G.v.%.

00F0: 6B 64 1A AA 04 1D A2 61   D9 CB 3F 2C 06 FC 24 37  kd.....a..?,..$7

 

]

***

trustStore is: C:\jdk1.7.0_72\jre\lib\security\cacerts

trustStore type is : jks

trustStore provider is :

init truststore

adding as trusted cert:

  Subject: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH

  Issuer:  CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH

  Algorithm: RSA; Serial number: 0x4eb200670c035d4f

  Valid from Wed Oct 25 10:36:00 IST 2006 until Sat Oct 25 11:36:00 IDT 2036

 

adding as trusted cert:

  Subject: [hidden email], CN=http://www.valicert.com/, OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network

  Issuer:  [hidden email], CN=http://www.valicert.com/, OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network

  Algorithm: RSA; Serial number: 0x1

  Valid from Sat Jun 26 01:23:48 IDT 1999 until Wed Jun 26 01:23:48 IDT 2019

 

trigger seeding of SecureRandom

done seeding SecureRandom

Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_ECDH_anon_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA

***** MIST started in 10092 ms *****

Using SSLEngineImpl.

Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA

Allow unsafe renegotiation: false

Allow legacy hello messages: true

Is initial handshake: true

Is secure renegotiation: false

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1

%% No cached client session

*** ClientHello, TLSv1.2

RandomCookie:  GMT: 1404790585 bytes = { 174, 154, 88, 222, 218, 55, 81, 20, 22, 53, 136, 174, 20, 168, 180, 225, 117, 54, 216, 158, 183, 119, 118, 16, 236, 221, 24, 251 }

Session ID:  {}

Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, TLS_DH_anon_WITH_AES_128_CBC_SHA256, TLS_ECDH_anon_WITH_AES_128_CBC_SHA, TLS_DH_anon_WITH_AES_128_CBC_SHA, TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA, SSL_DH_anon_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_anon_WITH_RC4_128_SHA, SSL_DH_anon_WITH_RC4_128_MD5, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_DH_anon_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_DH_anon_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA, TLS_RSA_WITH_NULL_SHA256, TLS_ECDHE_ECDSA_WITH_NULL_SHA, TLS_ECDHE_RSA_WITH_NULL_SHA, SSL_RSA_WITH_NULL_SHA, TLS_ECDH_ECDSA_WITH_NULL_SHA, TLS_ECDH_RSA_WITH_NULL_SHA, TLS_ECDH_anon_WITH_NULL_SHA, SSL_RSA_WITH_NULL_MD5, TLS_KRB5_WITH_3DES_EDE_CBC_SHA, TLS_KRB5_WITH_3DES_EDE_CBC_MD5, TLS_KRB5_WITH_RC4_128_SHA, TLS_KRB5_WITH_RC4_128_MD5, TLS_KRB5_WITH_DES_CBC_SHA, TLS_KRB5_WITH_DES_CBC_MD5, TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5, TLS_KRB5_EXPORT_WITH_RC4_40_SHA, TLS_KRB5_EXPORT_WITH_RC4_40_MD5]

Compression Methods:  { 0 }

Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}

Extension ec_point_formats, formats: [uncompressed]

Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA

***

[write] MD5 and SHA1 hashes:  len = 263

0000: 01 00 01 03 03 03 54 BB   67 39 AE 9A 58 DE DA 37  ......T.g9..X..7

0010: 51 14 16 35 88 AE 14 A8   B4 E1 75 36 D8 9E B7 77  Q..5......u6...w

0020: 76 10 EC DD 18 FB 00 00   7E C0 23 C0 27 00 3C C0  v.........#.'.<.

0030: 25 C0 29 00 67 00 40 C0   09 C0 13 00 2F C0 04 C0  %.)[hidden email]...

0040: 0E 00 33 00 32 C0 08 C0   12 00 0A C0 03 C0 0D 00  ..3.2...........

0050: 16 00 13 C0 07 C0 11 00   05 C0 02 C0 0C 00 04 00  ................

0060: FF 00 6C C0 18 00 34 C0   17 00 1B C0 16 00 18 00  ..l...4.........

0070: 09 00 15 00 12 00 1A 00   03 00 17 00 08 00 14 00  ................

0080: 11 00 19 00 3B C0 06 C0   10 00 02 C0 01 C0 0B C0  ....;...........

0090: 15 00 01 00 1F 00 23 00   20 00 24 00 1E 00 22 00  ......#. .$...".

00A0: 26 00 29 00 28 00 2B 01   00 00 5C 00 0A 00 34 00  &.).(.+...\...4.

00B0: 32 00 17 00 01 00 03 00   13 00 15 00 06 00 07 00  2...............

00C0: 09 00 0A 00 18 00 0B 00   0C 00 19 00 0D 00 0E 00  ................

00D0: 0F 00 10 00 11 00 02 00   12 00 04 00 05 00 14 00  ................

00E0: 08 00 16 00 0B 00 02 01   00 00 0D 00 1A 00 18 06  ................

00F0: 03 06 01 05 03 05 01 04   03 04 01 03 03 03 01 02  ................

0100: 03 02 01 02 02 01 01                               .......

StartPoint-IMAP-SSL-Kernel(3) SelectorRunner, WRITE: TLSv1.2 Handshake, length = 263

[write] MD5 and SHA1 hashes:  len = 257

0000: 01 03 03 00 D8 00 00 00   20 00 C0 23 00 C0 27 00  ........ ..#..'.

0010: 00 3C 00 C0 25 00 C0 29   00 00 67 00 00 40 00 C0  .<..%..)[hidden email]..

0020: 09 06 00 40 00 C0 13 00   00 2F 00 C0 04 01 00 80  [hidden email]......

0030: 00 C0 0E 00 00 33 00 00   32 00 C0 08 00 C0 12 00  .....3..2.......

0040: 00 0A 07 00 C0 00 C0 03   02 00 80 00 C0 0D 00 00  ................

0050: 16 00 00 13 00 C0 07 05   00 80 00 C0 11 00 00 05  ................

0060: 00 C0 02 00 C0 0C 00 00   04 01 00 80 00 00 FF 00  ................

0070: 00 6C 00 C0 18 00 00 34   00 C0 17 00 00 1B 00 C0  .l.....4........

0080: 16 00 00 18 00 00 09 06   00 40 00 00 15 00 00 12  [hidden email]......

0090: 00 00 1A 00 00 03 02 00   80 00 00 17 00 00 08 00  ................

00A0: 00 14 00 00 11 00 00 19   00 00 3B 00 C0 06 04 00  ..........;.....

00B0: 80 00 C0 10 00 00 02 00   C0 01 00 C0 0B 00 C0 15  ................

00C0: 00 00 01 00 00 1F 00 00   23 00 00 20 00 00 24 00  ........#.. ..$.

00D0: 00 1E 00 00 22 00 00 26   00 00 29 00 00 28 00 00  ...."..&..)..(..

00E0: 2B 54 BB 67 39 AE 9A 58   DE DA 37 51 14 16 35 88  +T.g9..X..7Q..5.

00F0: AE 14 A8 B4 E1 75 36 D8   9E B7 77 76 10 EC DD 18  .....u6...wv....

0100: FB                                                 .

StartPoint-IMAP-SSL-Kernel(3) SelectorRunner, WRITE: SSLv2 client hello message, length = 257

[Raw write]: length = 259

0000: 81 01 01 03 03 00 D8 00   00 00 20 00 C0 23 00 C0  .......... ..#..

0010: 27 00 00 3C 00 C0 25 00   C0 29 00 00 67 00 00 40  '..<..%..)..g..@

0020: 00 C0 09 06 00 40 00 C0   13 00 00 2F 00 C0 04 01  [hidden email]....

0030: 00 80 00 C0 0E 00 00 33   00 00 32 00 C0 08 00 C0  .......3..2.....

0040: 12 00 00 0A 07 00 C0 00   C0 03 02 00 80 00 C0 0D  ................

0050: 00 00 16 00 00 13 00 C0   07 05 00 80 00 C0 11 00  ................

0060: 00 05 00 C0 02 00 C0 0C   00 00 04 01 00 80 00 00  ................

0070: FF 00 00 6C 00 C0 18 00   00 34 00 C0 17 00 00 1B  ...l.....4......

0080: 00 C0 16 00 00 18 00 00   09 06 00 40 00 00 15 00  [hidden email]....

0090: 00 12 00 00 1A 00 00 03   02 00 80 00 00 17 00 00  ................

00A0: 08 00 00 14 00 00 11 00   00 19 00 00 3B 00 C0 06  ............;...

00B0: 04 00 80 00 C0 10 00 00   02 00 C0 01 00 C0 0B 00  ................

00C0: C0 15 00 00 01 00 00 1F   00 00 23 00 00 20 00 00  ..........#.. ..

00D0: 24 00 00 1E 00 00 22 00   00 26 00 00 29 00 00 28  $....."..&..)..(

00E0: 00 00 2B 54 BB 67 39 AE   9A 58 DE DA 37 51 14 16  ..+T.g9..X..7Q..

00F0: 35 88 AE 14 A8 B4 E1 75   36 D8 9E B7 77 76 10 EC  5......u6...wv..

0100: DD 18 FB     


“This e-mail message may contain confidential, commercial or privileged information that constitutes proprietary information of Comverse Inc. or its subsidiaries. If you are not the intended recipient of this message, you are hereby notified that any review, use or distribution of this information is absolutely prohibited and we request that you delete all copies and contact us by e-mailing to: [hidden email]. Thank You.”

 


“This e-mail message may contain confidential, commercial or privileged information that constitutes proprietary information of Comverse Inc. or its subsidiaries. If you are not the intended recipient of this message, you are hereby notified that any review, use or distribution of this information is absolutely prohibited and we request that you delete all copies and contact us by e-mailing to: [hidden email]. Thank You.”

 


“This e-mail message may contain confidential, commercial or privileged information that constitutes proprietary information of Comverse Inc. or its subsidiaries. If you are not the intended recipient of this message, you are hereby notified that any review, use or distribution of this information is absolutely prohibited and we request that you delete all copies and contact us by e-mailing to: [hidden email]. Thank You.”
Reply | Threaded
Open this post in threaded view
|

Re: Trying to establish SSL connection - Fails in handshake

oleksiys
Administrator
Hi,

unfortunately I can't reproduce the problem locally.
How do you run the sample server, do you use maven?
Can you pls. share the entire server SSL log, not only handshake.

Thank you.

WBR,
Alexey.

On 21.01.15 01:58, Siman Tov Gal wrote:

Hi Alexey.

I have run the SSLEchoServer along with the SSLEchoClient (As taken from the Grizzly samples).

 

I have added to the SSLEchoServer runtime execution the  -Djavax.net.debug=all .

 

I got the following output during the handshake :

 

trustStore is: C:\jdk1.7.0_72\jre\lib\security\cacerts

trustStore type is : jks

trustStore provider is :

init truststore

 

trigger seeding of SecureRandom

done seeding SecureRandom

Press any key to stop the server...

Using SSLEngineImpl.

Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA

Allow unsafe renegotiation: false

Allow legacy hello messages: true

Is initial handshake: true

Is secure renegotiation: false

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1

[Raw read]: length = 5

0000: 16 03 01 00 95                                     .....

[Raw read]: length = 149

0000: 01 00 00 91 03 01 54 BF   77 2F A6 34 EF B4 AD CA  ......T.w/.4....

0010: 49 27 25 DD 7A CA 3E EF   A9 9E 60 33 15 0C 81 A0  I'%.z.>...`3....

0020: 8B 12 9D B1 B4 7C 00 00   2A C0 09 C0 13 00 2F C0  ........*...../.

0030: 04 C0 0E 00 33 00 32 C0   08 C0 12 00 0A C0 03 C0  ....3.2.........

0040: 0D 00 16 00 13 C0 07 C0   11 00 05 C0 02 C0 0C 00  ................

0050: 04 00 FF 01 00 00 3E 00   0A 00 34 00 32 00 17 00  ......>...4.2...

0060: 01 00 03 00 13 00 15 00   06 00 07 00 09 00 0A 00  ................

0070: 18 00 0B 00 0C 00 19 00   0D 00 0E 00 0F 00 10 00  ................

0080: 11 00 02 00 12 00 04 00   05 00 14 00 08 00 16 00  ................

0090: 0B 00 02 01 00                                     .....

Grizzly-worker(1), READ: TLSv1 Handshake, length = 149

*** ClientHello, TLSv1

RandomCookie:  GMT: 1405056815 bytes = { 166, 52, 239, 180, 173, 202, 73, 39, 37, 221, 122, 202, 62, 239, 169, 158, 96, 51, 21, 12, 129, 160, 139, 18, 157, 177, 180, 124 }

Session ID:  {}

Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]

Compression Methods:  { 0 }

Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}

Extension ec_point_formats, formats: [uncompressed]

***

[read] MD5 and SHA1 hashes:  len = 149

0000: 01 00 00 91 03 01 54 BF   77 2F A6 34 EF B4 AD CA  ......T.w/.4....

0010: 49 27 25 DD 7A CA 3E EF   A9 9E 60 33 15 0C 81 A0  I'%.z.>...`3....

0020: 8B 12 9D B1 B4 7C 00 00   2A C0 09 C0 13 00 2F C0  ........*...../.

0030: 04 C0 0E 00 33 00 32 C0   08 C0 12 00 0A C0 03 C0  ....3.2.........

0040: 0D 00 16 00 13 C0 07 C0   11 00 05 C0 02 C0 0C 00  ................

0050: 04 00 FF 01 00 00 3E 00   0A 00 34 00 32 00 17 00  ......>...4.2...

0060: 01 00 03 00 13 00 15 00   06 00 07 00 09 00 0A 00  ................

0070: 18 00 0B 00 0C 00 19 00   0D 00 0E 00 0F 00 10 00  ................

0080: 11 00 02 00 12 00 04 00   05 00 14 00 08 00 16 00  ................

0090: 0B 00 02 01 00                                     .....

%% Initialized:  [Session-1, SSL_NULL_WITH_NULL_NULL]

Grizzly-worker(1), fatal error: 40: no cipher suites in common

javax.net.ssl.SSLHandshakeException: no cipher suites in common

%% Invalidated:  [Session-1, SSL_NULL_WITH_NULL_NULL]

Grizzly-worker(1), SEND TLSv1 ALERT:  fatal, description = handshake_failure

Grizzly-worker(1), WRITE: TLSv1 Alert, length = 2

Grizzly-worker(1), fatal: engine already closed.  Rethrowing javax.net.ssl.SSLHandshakeException: no cipher suites in common

 

 

Please advise,

 

Thanks Gal Siman-Tov

 

From: Oleksiy Stashok [[hidden email]]
Sent: Wednesday, January 21, 2015 3:27 AM
To: Siman Tov Gal
Cc: Meltser Tiran; Broide Uri; '[hidden email]'
Subject: Re: Trying to establish SSL connection - Fails in handshake

 

Hi,

are you running SSLEchoServer?
If yes, there is SSLEchoClient, does it work with the server?

Thank you.

WBR,
Alexey.

On 19.01.15 06:17, Siman Tov Gal wrote:

Hi Alexey,

 

Thanks for the prompt reply.

 

I took a step back and tried to launch the SSL sample from the Grizzly repository (grizzly-framework-samples-2.3.18.jar).

I used an openssl client and on handshake I got the following error:

 

30720:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188:

 

Note that I did not perform any setup on the SSLEngineConfigurator.

 

As far as I’ve seen other examples they should work as is, but this does not happen here.

 

Am I missing something?

 

10x,

 

Gal

 

 

 

From: Oleksiy Stashok [[hidden email]]
Sent: Monday, January 19, 2015 6:58 AM
To: Siman Tov Gal; [hidden email]
Cc: Meltser Tiran; Broide Uri
Subject: Re: Trying to establish SSL connection - Fails in handshake

 

Hi,

can you pls. share the test case so we can reproduce the problem?

Thank you.

WBR,
Alexey.

On 18.01.15 00:13, Siman Tov Gal wrote:

Hi

 

I am trying to establish a SSL handshake with my Grizzly server and an openssl client.

 

I’ve  configured the SSLEngineConfigurator with the following setup:

 

              sslContextConfig.setKeyStoreFile(keyStoreLocation);

              sslContextConfig.setKeyStorePass(keyStorePassword);

             

              // Create SSLEngine configurator

              SSLEngineConfigurator sslEngineConfigurator = new SSLEngineConfigurator(sslContextConfig.createSSLContext(),false,false,false);

              SSLSocketFactory sf = sslEngineConfigurator.getSslContext().getSocketFactory();         

             

              String[] supportedProtocols = {"TLSv1","SSLv3","TLSv1.1","TLSv1.2","SSLv2Hello"};

              sslEngineConfigurator.setEnabledProtocols(supportedProtocols);

              sslEngineConfigurator.setProtocolConfigured(true);

              String[] cipherSuites = sf.getSupportedCipherSuites();

              sslEngineConfigurator.setEnabledCipherSuites(cipherSuites);

              sslEngineConfigurator.setCipherConfigured(true);

              sslEngineConfigurator.setNeedClientAuth(false);

              sslEngineConfigurator.setWantClientAuth(false);

 

When debugging the handshake code, the point of failure was in the SSLBaseFilter:doHandshakeStep() method.

When entering the case of NEED_UNWRAP, the handshake failed due to the fact that the inputBuffer was set to null.

 

The openssl client send the following command :

 

openssl.exe s_client -debug -msg -connect localhost:50443

 

I am getting the following response :

 

8392:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:.\ssl\s23_clnt.c:601

 

Thanks in advance

 

Gal S.T

 

P.S:  I open the SSL debug info (using : -Djavax.net.debug=all)

 

Here is the output :

 

chain [0] = [

[

  Version: V3

  Subject: CN=mist mist, OU=VI, O=Comverse, L=Raanana, ST=Israel, C=IL

  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

 

  Key:  Sun RSA public key, 2048 bits

  modulus: 24414085473144772337919323012074107190618816754963514243080255494571539528736844619038076143491962690817977116723664346553272438908433680538048087195422831263971167306175278902944331875961609798287166241724881538546675318900905485132685167634098012392607384655817306725746127194856379390873270494744745754705873786404248972196545665264863541650881792842260766824580673229124863089563730094213195521617379221251195145200022967368062802615057847357727486054056179317815221853820588458878995885198226082418443238912098038011785005029767939039988128318928941102946178680941872945325579621419106798984545238312478653261279

  public exponent: 65537

  Validity: [From: Thu Jan 15 15:47:10 IST 2015,

               To: Wed Aug 10 16:47:10 IDT 2044]

  Issuer: CN=mist mist, OU=VI, O=Comverse, L=Raanana, ST=Israel, C=IL

  SerialNumber: [    5606fc55]

 

Certificate Extensions: 1

[1]: ObjectId: 2.5.29.14 Criticality=false

SubjectKeyIdentifier [

KeyIdentifier [

0000: 27 D1 11 CB 8B AF EB 5E   D8 67 A5 58 88 CE 39 72  '......^.g.X..9r

0010: 74 DA 48 65                                        t.He

]

]

 

]

  Algorithm: [SHA1withRSA]

  Signature:

0000: 56 82 F0 A4 A6 56 A8 F8   37 3D E6 A5 1F 87 E3 9D  V....V..7=......

0010: 45 33 C6 C6 DB 5E A5 46   C7 EB 6D 12 FD 12 38 F3  E3...^.F..m...8.

0020: 0F 80 99 A6 B7 1D 1F 84   22 5E E6 B8 FA DE 7F 68  ........"^.....h

0030: 7B 0D D0 24 53 D0 DA CB   13 F3 38 E3 EA 3B 69 C1  ...$S.....8..;i.

0040: 1E 6B BB AA 32 4F CF AF   42 91 52 C5 07 49 99 AB  .k..2O..B.R..I..

0050: C5 48 29 64 17 2A 23 AF   74 B0 2C 90 01 C1 7E BE  .H)d.*#.t.,.....

0060: 37 ED DC 2E F3 59 E7 6C   0B B0 6B DF 20 5C 61 24  7....Y.l..k. \a$

0070: FB BA EB 4E 35 BD 6A AE   DB 98 59 27 D4 C1 6D 81  ...N5.j...Y'..m.

0080: 50 8A 7B 45 9C ED 73 20   74 78 6E 45 44 54 E3 3E  P..E..s txnEDT.>

0090: B8 B6 86 98 EE 3D 65 36   D8 F2 96 67 9B BD DC DE  .....=e6...g....

00A0: CF 6B 12 51 2F D3 5E B6   E4 87 9C E5 2C 91 E6 70  .k.Q/.^.....,..p

00B0: F4 2F 19 A0 08 19 BF BF   0B 25 87 16 AE 98 76 94  ./.......%....v.

00C0: 22 DD 36 99 0A FB 41 53   0D 46 C6 18 33 36 A7 4F  ".6...AS.F..36.O

00D0: DF 45 71 46 3B 02 DA 55   58 E8 65 9F 70 E6 E1 F9  .EqF;..UX.e.p...

00E0: 6D A3 B9 6D 56 01 F8 B8   E1 A0 47 E5 76 EA 25 BE  m..mV.....G.v.%.

00F0: 6B 64 1A AA 04 1D A2 61   D9 CB 3F 2C 06 FC 24 37  kd.....a..?,..$7

 

]

***

trustStore is: C:\jdk1.7.0_72\jre\lib\security\cacerts

trustStore type is : jks

trustStore provider is :

init truststore

adding as trusted cert:

  Subject: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH

  Issuer:  CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH

  Algorithm: RSA; Serial number: 0x4eb200670c035d4f

  Valid from Wed Oct 25 10:36:00 IST 2006 until Sat Oct 25 11:36:00 IDT 2036

 

adding as trusted cert:

  Subject: [hidden email], CN=http://www.valicert.com/, OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network

  Issuer:  [hidden email], CN=http://www.valicert.com/, OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network

  Algorithm: RSA; Serial number: 0x1

  Valid from Sat Jun 26 01:23:48 IDT 1999 until Wed Jun 26 01:23:48 IDT 2019

 

trigger seeding of SecureRandom

done seeding SecureRandom

Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_ECDH_anon_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA

***** MIST started in 10092 ms *****

Using SSLEngineImpl.

Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA

Allow unsafe renegotiation: false

Allow legacy hello messages: true

Is initial handshake: true

Is secure renegotiation: false

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1

%% No cached client session

*** ClientHello, TLSv1.2

RandomCookie:  GMT: 1404790585 bytes = { 174, 154, 88, 222, 218, 55, 81, 20, 22, 53, 136, 174, 20, 168, 180, 225, 117, 54, 216, 158, 183, 119, 118, 16, 236, 221, 24, 251 }

Session ID:  {}

Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, TLS_DH_anon_WITH_AES_128_CBC_SHA256, TLS_ECDH_anon_WITH_AES_128_CBC_SHA, TLS_DH_anon_WITH_AES_128_CBC_SHA, TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA, SSL_DH_anon_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_anon_WITH_RC4_128_SHA, SSL_DH_anon_WITH_RC4_128_MD5, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_DH_anon_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_DH_anon_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA, TLS_RSA_WITH_NULL_SHA256, TLS_ECDHE_ECDSA_WITH_NULL_SHA, TLS_ECDHE_RSA_WITH_NULL_SHA, SSL_RSA_WITH_NULL_SHA, TLS_ECDH_ECDSA_WITH_NULL_SHA, TLS_ECDH_RSA_WITH_NULL_SHA, TLS_ECDH_anon_WITH_NULL_SHA, SSL_RSA_WITH_NULL_MD5, TLS_KRB5_WITH_3DES_EDE_CBC_SHA, TLS_KRB5_WITH_3DES_EDE_CBC_MD5, TLS_KRB5_WITH_RC4_128_SHA, TLS_KRB5_WITH_RC4_128_MD5, TLS_KRB5_WITH_DES_CBC_SHA, TLS_KRB5_WITH_DES_CBC_MD5, TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5, TLS_KRB5_EXPORT_WITH_RC4_40_SHA, TLS_KRB5_EXPORT_WITH_RC4_40_MD5]

Compression Methods:  { 0 }

Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}

Extension ec_point_formats, formats: [uncompressed]

Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA

***

[write] MD5 and SHA1 hashes:  len = 263

0000: 01 00 01 03 03 03 54 BB   67 39 AE 9A 58 DE DA 37  ......T.g9..X..7

0010: 51 14 16 35 88 AE 14 A8   B4 E1 75 36 D8 9E B7 77  Q..5......u6...w

0020: 76 10 EC DD 18 FB 00 00   7E C0 23 C0 27 00 3C C0  v.........#.'.<.

0030: 25 C0 29 00 67 00 40 C0   09 C0 13 00 2F C0 04 C0  %.)[hidden email]...

0040: 0E 00 33 00 32 C0 08 C0   12 00 0A C0 03 C0 0D 00  ..3.2...........

0050: 16 00 13 C0 07 C0 11 00   05 C0 02 C0 0C 00 04 00  ................

0060: FF 00 6C C0 18 00 34 C0   17 00 1B C0 16 00 18 00  ..l...4.........

0070: 09 00 15 00 12 00 1A 00   03 00 17 00 08 00 14 00  ................

0080: 11 00 19 00 3B C0 06 C0   10 00 02 C0 01 C0 0B C0  ....;...........

0090: 15 00 01 00 1F 00 23 00   20 00 24 00 1E 00 22 00  ......#. .$...".

00A0: 26 00 29 00 28 00 2B 01   00 00 5C 00 0A 00 34 00  &.).(.+...\...4.

00B0: 32 00 17 00 01 00 03 00   13 00 15 00 06 00 07 00  2...............

00C0: 09 00 0A 00 18 00 0B 00   0C 00 19 00 0D 00 0E 00  ................

00D0: 0F 00 10 00 11 00 02 00   12 00 04 00 05 00 14 00  ................

00E0: 08 00 16 00 0B 00 02 01   00 00 0D 00 1A 00 18 06  ................

00F0: 03 06 01 05 03 05 01 04   03 04 01 03 03 03 01 02  ................

0100: 03 02 01 02 02 01 01                               .......

StartPoint-IMAP-SSL-Kernel(3) SelectorRunner, WRITE: TLSv1.2 Handshake, length = 263

[write] MD5 and SHA1 hashes:  len = 257

0000: 01 03 03 00 D8 00 00 00   20 00 C0 23 00 C0 27 00  ........ ..#..'.

0010: 00 3C 00 C0 25 00 C0 29   00 00 67 00 00 40 00 C0  .<..%..)[hidden email]..

0020: 09 06 00 40 00 C0 13 00   00 2F 00 C0 04 01 00 80  [hidden email]......

0030: 00 C0 0E 00 00 33 00 00   32 00 C0 08 00 C0 12 00  .....3..2.......

0040: 00 0A 07 00 C0 00 C0 03   02 00 80 00 C0 0D 00 00  ................

0050: 16 00 00 13 00 C0 07 05   00 80 00 C0 11 00 00 05  ................

0060: 00 C0 02 00 C0 0C 00 00   04 01 00 80 00 00 FF 00  ................

0070: 00 6C 00 C0 18 00 00 34   00 C0 17 00 00 1B 00 C0  .l.....4........

0080: 16 00 00 18 00 00 09 06   00 40 00 00 15 00 00 12  [hidden email]......

0090: 00 00 1A 00 00 03 02 00   80 00 00 17 00 00 08 00  ................

00A0: 00 14 00 00 11 00 00 19   00 00 3B 00 C0 06 04 00  ..........;.....

00B0: 80 00 C0 10 00 00 02 00   C0 01 00 C0 0B 00 C0 15  ................

00C0: 00 00 01 00 00 1F 00 00   23 00 00 20 00 00 24 00  ........#.. ..$.

00D0: 00 1E 00 00 22 00 00 26   00 00 29 00 00 28 00 00  ...."..&..)..(..

00E0: 2B 54 BB 67 39 AE 9A 58   DE DA 37 51 14 16 35 88  +T.g9..X..7Q..5.

00F0: AE 14 A8 B4 E1 75 36 D8   9E B7 77 76 10 EC DD 18  .....u6...wv....

0100: FB                                                 .

StartPoint-IMAP-SSL-Kernel(3) SelectorRunner, WRITE: SSLv2 client hello message, length = 257

[Raw write]: length = 259

0000: 81 01 01 03 03 00 D8 00   00 00 20 00 C0 23 00 C0  .......... ..#..

0010: 27 00 00 3C 00 C0 25 00   C0 29 00 00 67 00 00 40  '..<..%..)..g..@

0020: 00 C0 09 06 00 40 00 C0   13 00 00 2F 00 C0 04 01  [hidden email]....

0030: 00 80 00 C0 0E 00 00 33   00 00 32 00 C0 08 00 C0  .......3..2.....

0040: 12 00 00 0A 07 00 C0 00   C0 03 02 00 80 00 C0 0D  ................

0050: 00 00 16 00 00 13 00 C0   07 05 00 80 00 C0 11 00  ................

0060: 00 05 00 C0 02 00 C0 0C   00 00 04 01 00 80 00 00  ................

0070: FF 00 00 6C 00 C0 18 00   00 34 00 C0 17 00 00 1B  ...l.....4......

0080: 00 C0 16 00 00 18 00 00   09 06 00 40 00 00 15 00  [hidden email]....

0090: 00 12 00 00 1A 00 00 03   02 00 80 00 00 17 00 00  ................

00A0: 08 00 00 14 00 00 11 00   00 19 00 00 3B 00 C0 06  ............;...

00B0: 04 00 80 00 C0 10 00 00   02 00 C0 01 00 C0 0B 00  ................

00C0: C0 15 00 00 01 00 00 1F   00 00 23 00 00 20 00 00  ..........#.. ..

00D0: 24 00 00 1E 00 00 22 00   00 26 00 00 29 00 00 28  $....."..&..)..(

00E0: 00 00 2B 54 BB 67 39 AE   9A 58 DE DA 37 51 14 16  ..+T.g9..X..7Q..

00F0: 35 88 AE 14 A8 B4 E1 75   36 D8 9E B7 77 76 10 EC  5......u6...wv..

0100: DD 18 FB     


“This e-mail message may contain confidential, commercial or privileged information that constitutes proprietary information of Comverse Inc. or its subsidiaries. If you are not the intended recipient of this message, you are hereby notified that any review, use or distribution of this information is absolutely prohibited and we request that you delete all copies and contact us by e-mailing to: [hidden email]. Thank You.”

 


“This e-mail message may contain confidential, commercial or privileged information that constitutes proprietary information of Comverse Inc. or its subsidiaries. If you are not the intended recipient of this message, you are hereby notified that any review, use or distribution of this information is absolutely prohibited and we request that you delete all copies and contact us by e-mailing to: [hidden email]. Thank You.”

 


“This e-mail message may contain confidential, commercial or privileged information that constitutes proprietary information of Comverse Inc. or its subsidiaries. If you are not the intended recipient of this message, you are hereby notified that any review, use or distribution of this information is absolutely prohibited and we request that you delete all copies and contact us by e-mailing to: [hidden email]. Thank You.”

Reply | Threaded
Open this post in threaded view
|

RE: Trying to establish SSL connection - Fails in handshake

Siman Tov Gal

Hi Alexey,

 

First thanks for the prompt responses.

 

It turns out the problem was on our side and the SSL example works like a charm.

 

After opening the Grizzly logs we found out that the jks/cert files were not located on the class loader path.

The next problem that we encountered , is that our openssl client did not proceed beyond the handshake.

Later on we discovered that we need to add an option of crlf , in order for our server to recognize the EOL.

 

The next step in the SSL development, is to filter out several protocols and ciphers for security hardening.

 

Do you have any suggested solution to filter out specific protocols and ciphers  ?

Grizzly API seems to provide a “white list” for these settings. What we are looking for is an option to provide a “black list”.

 

Thanks

 

Gal

 

 

From: Oleksiy Stashok [[hidden email]]
Sent: Thursday, January 22, 2015 7:58 AM
To: [hidden email]
Subject: Re: Trying to establish SSL connection - Fails in handshake

 

Hi,

unfortunately I can't reproduce the problem locally.
How do you run the sample server, do you use maven?
Can you pls. share the entire server SSL log, not only handshake.

Thank you.

WBR,
Alexey.

On 21.01.15 01:58, Siman Tov Gal wrote:

Hi Alexey.

I have run the SSLEchoServer along with the SSLEchoClient (As taken from the Grizzly samples).

 

I have added to the SSLEchoServer runtime execution the  -Djavax.net.debug=all .

 

I got the following output during the handshake :

 

trustStore is: C:\jdk1.7.0_72\jre\lib\security\cacerts

trustStore type is : jks

trustStore provider is :

init truststore

 

trigger seeding of SecureRandom

done seeding SecureRandom

Press any key to stop the server...

Using SSLEngineImpl.

Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA

Allow unsafe renegotiation: false

Allow legacy hello messages: true

Is initial handshake: true

Is secure renegotiation: false

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1

[Raw read]: length = 5

0000: 16 03 01 00 95                                     .....

[Raw read]: length = 149

0000: 01 00 00 91 03 01 54 BF   77 2F A6 34 EF B4 AD CA  ......T.w/.4....

0010: 49 27 25 DD 7A CA 3E EF   A9 9E 60 33 15 0C 81 A0  I'%.z.>...`3....

0020: 8B 12 9D B1 B4 7C 00 00   2A C0 09 C0 13 00 2F C0  ........*...../.

0030: 04 C0 0E 00 33 00 32 C0   08 C0 12 00 0A C0 03 C0  ....3.2.........

0040: 0D 00 16 00 13 C0 07 C0   11 00 05 C0 02 C0 0C 00  ................

0050: 04 00 FF 01 00 00 3E 00   0A 00 34 00 32 00 17 00  ......>...4.2...

0060: 01 00 03 00 13 00 15 00   06 00 07 00 09 00 0A 00  ................

0070: 18 00 0B 00 0C 00 19 00   0D 00 0E 00 0F 00 10 00  ................

0080: 11 00 02 00 12 00 04 00   05 00 14 00 08 00 16 00  ................

0090: 0B 00 02 01 00                                     .....

Grizzly-worker(1), READ: TLSv1 Handshake, length = 149

*** ClientHello, TLSv1

RandomCookie:  GMT: 1405056815 bytes = { 166, 52, 239, 180, 173, 202, 73, 39, 37, 221, 122, 202, 62, 239, 169, 158, 96, 51, 21, 12, 129, 160, 139, 18, 157, 177, 180, 124 }

Session ID:  {}

Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]

Compression Methods:  { 0 }

Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}

Extension ec_point_formats, formats: [uncompressed]

***

[read] MD5 and SHA1 hashes:  len = 149

0000: 01 00 00 91 03 01 54 BF   77 2F A6 34 EF B4 AD CA  ......T.w/.4....

0010: 49 27 25 DD 7A CA 3E EF   A9 9E 60 33 15 0C 81 A0  I'%.z.>...`3....

0020: 8B 12 9D B1 B4 7C 00 00   2A C0 09 C0 13 00 2F C0  ........*...../.

0030: 04 C0 0E 00 33 00 32 C0   08 C0 12 00 0A C0 03 C0  ....3.2.........

0040: 0D 00 16 00 13 C0 07 C0   11 00 05 C0 02 C0 0C 00  ................

0050: 04 00 FF 01 00 00 3E 00   0A 00 34 00 32 00 17 00  ......>...4.2...

0060: 01 00 03 00 13 00 15 00   06 00 07 00 09 00 0A 00  ................

0070: 18 00 0B 00 0C 00 19 00   0D 00 0E 00 0F 00 10 00  ................

0080: 11 00 02 00 12 00 04 00   05 00 14 00 08 00 16 00  ................

0090: 0B 00 02 01 00                                     .....

%% Initialized:  [Session-1, SSL_NULL_WITH_NULL_NULL]

Grizzly-worker(1), fatal error: 40: no cipher suites in common

javax.net.ssl.SSLHandshakeException: no cipher suites in common

%% Invalidated:  [Session-1, SSL_NULL_WITH_NULL_NULL]

Grizzly-worker(1), SEND TLSv1 ALERT:  fatal, description = handshake_failure

Grizzly-worker(1), WRITE: TLSv1 Alert, length = 2

Grizzly-worker(1), fatal: engine already closed.  Rethrowing javax.net.ssl.SSLHandshakeException: no cipher suites in common

 

 

Please advise,

 

Thanks Gal Siman-Tov

 

From: Oleksiy Stashok [[hidden email]]
Sent: Wednesday, January 21, 2015 3:27 AM
To: Siman Tov Gal
Cc: Meltser Tiran; Broide Uri; '[hidden email]'
Subject: Re: Trying to establish SSL connection - Fails in handshake

 

Hi,

are you running SSLEchoServer?
If yes, there is SSLEchoClient, does it work with the server?

Thank you.

WBR,
Alexey.

On 19.01.15 06:17, Siman Tov Gal wrote:

Hi Alexey,

 

Thanks for the prompt reply.

 

I took a step back and tried to launch the SSL sample from the Grizzly repository (grizzly-framework-samples-2.3.18.jar).

I used an openssl client and on handshake I got the following error:

 

30720:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188:

 

Note that I did not perform any setup on the SSLEngineConfigurator.

 

As far as I’ve seen other examples they should work as is, but this does not happen here.

 

Am I missing something?

 

10x,

 

Gal

 

 

 

From: Oleksiy Stashok [[hidden email]]
Sent: Monday, January 19, 2015 6:58 AM
To: Siman Tov Gal; [hidden email]
Cc: Meltser Tiran; Broide Uri
Subject: Re: Trying to establish SSL connection - Fails in handshake

 

Hi,

can you pls. share the test case so we can reproduce the problem?

Thank you.

WBR,
Alexey.

On 18.01.15 00:13, Siman Tov Gal wrote:

Hi

 

I am trying to establish a SSL handshake with my Grizzly server and an openssl client.

 

I’ve  configured the SSLEngineConfigurator with the following setup:

 

              sslContextConfig.setKeyStoreFile(keyStoreLocation);

              sslContextConfig.setKeyStorePass(keyStorePassword);

             

              // Create SSLEngine configurator

              SSLEngineConfigurator sslEngineConfigurator = new SSLEngineConfigurator(sslContextConfig.createSSLContext(),false,false,false);

              SSLSocketFactory sf = sslEngineConfigurator.getSslContext().getSocketFactory();         

             

              String[] supportedProtocols = {"TLSv1","SSLv3","TLSv1.1","TLSv1.2","SSLv2Hello"};

              sslEngineConfigurator.setEnabledProtocols(supportedProtocols);

              sslEngineConfigurator.setProtocolConfigured(true);

              String[] cipherSuites = sf.getSupportedCipherSuites();

              sslEngineConfigurator.setEnabledCipherSuites(cipherSuites);

              sslEngineConfigurator.setCipherConfigured(true);

              sslEngineConfigurator.setNeedClientAuth(false);

              sslEngineConfigurator.setWantClientAuth(false);

 

When debugging the handshake code, the point of failure was in the SSLBaseFilter:doHandshakeStep() method.

When entering the case of NEED_UNWRAP, the handshake failed due to the fact that the inputBuffer was set to null.

 

The openssl client send the following command :

 

openssl.exe s_client -debug -msg -connect localhost:50443

 

I am getting the following response :

 

8392:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:.\ssl\s23_clnt.c:601

 

Thanks in advance

 

Gal S.T

 

P.S:  I open the SSL debug info (using : -Djavax.net.debug=all)

 

Here is the output :

 

chain [0] = [

[

  Version: V3

  Subject: CN=mist mist, OU=VI, O=Comverse, L=Raanana, ST=Israel, C=IL

  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

 

  Key:  Sun RSA public key, 2048 bits

  modulus: 24414085473144772337919323012074107190618816754963514243080255494571539528736844619038076143491962690817977116723664346553272438908433680538048087195422831263971167306175278902944331875961609798287166241724881538546675318900905485132685167634098012392607384655817306725746127194856379390873270494744745754705873786404248972196545665264863541650881792842260766824580673229124863089563730094213195521617379221251195145200022967368062802615057847357727486054056179317815221853820588458878995885198226082418443238912098038011785005029767939039988128318928941102946178680941872945325579621419106798984545238312478653261279

  public exponent: 65537

  Validity: [From: Thu Jan 15 15:47:10 IST 2015,

               To: Wed Aug 10 16:47:10 IDT 2044]

  Issuer: CN=mist mist, OU=VI, O=Comverse, L=Raanana, ST=Israel, C=IL

  SerialNumber: [    5606fc55]

 

Certificate Extensions: 1

[1]: ObjectId: 2.5.29.14 Criticality=false

SubjectKeyIdentifier [

KeyIdentifier [

0000: 27 D1 11 CB 8B AF EB 5E   D8 67 A5 58 88 CE 39 72  '......^.g.X..9r

0010: 74 DA 48 65                                        t.He

]

]

 

]

  Algorithm: [SHA1withRSA]

  Signature:

0000: 56 82 F0 A4 A6 56 A8 F8   37 3D E6 A5 1F 87 E3 9D  V....V..7=......

0010: 45 33 C6 C6 DB 5E A5 46   C7 EB 6D 12 FD 12 38 F3  E3...^.F..m...8.

0020: 0F 80 99 A6 B7 1D 1F 84   22 5E E6 B8 FA DE 7F 68  ........"^.....h

0030: 7B 0D D0 24 53 D0 DA CB   13 F3 38 E3 EA 3B 69 C1  ...$S.....8..;i.

0040: 1E 6B BB AA 32 4F CF AF   42 91 52 C5 07 49 99 AB  .k..2O..B.R..I..

0050: C5 48 29 64 17 2A 23 AF   74 B0 2C 90 01 C1 7E BE  .H)d.*#.t.,.....

0060: 37 ED DC 2E F3 59 E7 6C   0B B0 6B DF 20 5C 61 24  7....Y.l..k. \a$

0070: FB BA EB 4E 35 BD 6A AE   DB 98 59 27 D4 C1 6D 81  ...N5.j...Y'..m.

0080: 50 8A 7B 45 9C ED 73 20   74 78 6E 45 44 54 E3 3E  P..E..s txnEDT.>

0090: B8 B6 86 98 EE 3D 65 36   D8 F2 96 67 9B BD DC DE  .....=e6...g....

00A0: CF 6B 12 51 2F D3 5E B6   E4 87 9C E5 2C 91 E6 70  .k.Q/.^.....,..p

00B0: F4 2F 19 A0 08 19 BF BF   0B 25 87 16 AE 98 76 94  ./.......%....v.

00C0: 22 DD 36 99 0A FB 41 53   0D 46 C6 18 33 36 A7 4F  ".6...AS.F..36.O

00D0: DF 45 71 46 3B 02 DA 55   58 E8 65 9F 70 E6 E1 F9  .EqF;..UX.e.p...

00E0: 6D A3 B9 6D 56 01 F8 B8   E1 A0 47 E5 76 EA 25 BE  m..mV.....G.v.%.

00F0: 6B 64 1A AA 04 1D A2 61   D9 CB 3F 2C 06 FC 24 37  kd.....a..?,..$7

 

]

***

trustStore is: C:\jdk1.7.0_72\jre\lib\security\cacerts

trustStore type is : jks

trustStore provider is :

init truststore

adding as trusted cert:

  Subject: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH

  Issuer:  CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH

  Algorithm: RSA; Serial number: 0x4eb200670c035d4f

  Valid from Wed Oct 25 10:36:00 IST 2006 until Sat Oct 25 11:36:00 IDT 2036

 

adding as trusted cert:

  Subject: [hidden email], CN=http://www.valicert.com/, OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network

  Issuer:  [hidden email], CN=http://www.valicert.com/, OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network

  Algorithm: RSA; Serial number: 0x1

  Valid from Sat Jun 26 01:23:48 IDT 1999 until Wed Jun 26 01:23:48 IDT 2019

 

trigger seeding of SecureRandom

done seeding SecureRandom

Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_ECDH_anon_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA

***** MIST started in 10092 ms *****

Using SSLEngineImpl.

Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA

Allow unsafe renegotiation: false

Allow legacy hello messages: true

Is initial handshake: true

Is secure renegotiation: false

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1

%% No cached client session

*** ClientHello, TLSv1.2

RandomCookie:  GMT: 1404790585 bytes = { 174, 154, 88, 222, 218, 55, 81, 20, 22, 53, 136, 174, 20, 168, 180, 225, 117, 54, 216, 158, 183, 119, 118, 16, 236, 221, 24, 251 }

Session ID:  {}

Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, TLS_DH_anon_WITH_AES_128_CBC_SHA256, TLS_ECDH_anon_WITH_AES_128_CBC_SHA, TLS_DH_anon_WITH_AES_128_CBC_SHA, TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA, SSL_DH_anon_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_anon_WITH_RC4_128_SHA, SSL_DH_anon_WITH_RC4_128_MD5, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_DH_anon_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_DH_anon_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA, TLS_RSA_WITH_NULL_SHA256, TLS_ECDHE_ECDSA_WITH_NULL_SHA, TLS_ECDHE_RSA_WITH_NULL_SHA, SSL_RSA_WITH_NULL_SHA, TLS_ECDH_ECDSA_WITH_NULL_SHA, TLS_ECDH_RSA_WITH_NULL_SHA, TLS_ECDH_anon_WITH_NULL_SHA, SSL_RSA_WITH_NULL_MD5, TLS_KRB5_WITH_3DES_EDE_CBC_SHA, TLS_KRB5_WITH_3DES_EDE_CBC_MD5, TLS_KRB5_WITH_RC4_128_SHA, TLS_KRB5_WITH_RC4_128_MD5, TLS_KRB5_WITH_DES_CBC_SHA, TLS_KRB5_WITH_DES_CBC_MD5, TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5, TLS_KRB5_EXPORT_WITH_RC4_40_SHA, TLS_KRB5_EXPORT_WITH_RC4_40_MD5]

Compression Methods:  { 0 }

Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}

Extension ec_point_formats, formats: [uncompressed]

Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA

***

[write] MD5 and SHA1 hashes:  len = 263

0000: 01 00 01 03 03 03 54 BB   67 39 AE 9A 58 DE DA 37  ......T.g9..X..7

0010: 51 14 16 35 88 AE 14 A8   B4 E1 75 36 D8 9E B7 77  Q..5......u6...w

0020: 76 10 EC DD 18 FB 00 00   7E C0 23 C0 27 00 3C C0  v.........#.'.<.

0030: 25 C0 29 00 67 00 40 C0   09 C0 13 00 2F C0 04 C0  %.)[hidden email]...

0040: 0E 00 33 00 32 C0 08 C0   12 00 0A C0 03 C0 0D 00  ..3.2...........

0050: 16 00 13 C0 07 C0 11 00   05 C0 02 C0 0C 00 04 00  ................

0060: FF 00 6C C0 18 00 34 C0   17 00 1B C0 16 00 18 00  ..l...4.........

0070: 09 00 15 00 12 00 1A 00   03 00 17 00 08 00 14 00  ................

0080: 11 00 19 00 3B C0 06 C0   10 00 02 C0 01 C0 0B C0  ....;...........

0090: 15 00 01 00 1F 00 23 00   20 00 24 00 1E 00 22 00  ......#. .$...".

00A0: 26 00 29 00 28 00 2B 01   00 00 5C 00 0A 00 34 00  &.).(.+...\...4.

00B0: 32 00 17 00 01 00 03 00   13 00 15 00 06 00 07 00  2...............

00C0: 09 00 0A 00 18 00 0B 00   0C 00 19 00 0D 00 0E 00  ................

00D0: 0F 00 10 00 11 00 02 00   12 00 04 00 05 00 14 00  ................

00E0: 08 00 16 00 0B 00 02 01   00 00 0D 00 1A 00 18 06  ................

00F0: 03 06 01 05 03 05 01 04   03 04 01 03 03 03 01 02  ................

0100: 03 02 01 02 02 01 01                               .......

StartPoint-IMAP-SSL-Kernel(3) SelectorRunner, WRITE: TLSv1.2 Handshake, length = 263

[write] MD5 and SHA1 hashes:  len = 257

0000: 01 03 03 00 D8 00 00 00   20 00 C0 23 00 C0 27 00  ........ ..#..'.

0010: 00 3C 00 C0 25 00 C0 29   00 00 67 00 00 40 00 C0  .<..%..)[hidden email]..

0020: 09 06 00 40 00 C0 13 00   00 2F 00 C0 04 01 00 80  [hidden email]......

0030: 00 C0 0E 00 00 33 00 00   32 00 C0 08 00 C0 12 00  .....3..2.......

0040: 00 0A 07 00 C0 00 C0 03   02 00 80 00 C0 0D 00 00  ................

0050: 16 00 00 13 00 C0 07 05   00 80 00 C0 11 00 00 05  ................

0060: 00 C0 02 00 C0 0C 00 00   04 01 00 80 00 00 FF 00  ................

0070: 00 6C 00 C0 18 00 00 34   00 C0 17 00 00 1B 00 C0  .l.....4........

0080: 16 00 00 18 00 00 09 06   00 40 00 00 15 00 00 12  [hidden email]......

0090: 00 00 1A 00 00 03 02 00   80 00 00 17 00 00 08 00  ................

00A0: 00 14 00 00 11 00 00 19   00 00 3B 00 C0 06 04 00  ..........;.....

00B0: 80 00 C0 10 00 00 02 00   C0 01 00 C0 0B 00 C0 15  ................

00C0: 00 00 01 00 00 1F 00 00   23 00 00 20 00 00 24 00  ........#.. ..$.

00D0: 00 1E 00 00 22 00 00 26   00 00 29 00 00 28 00 00  ...."..&..)..(..

00E0: 2B 54 BB 67 39 AE 9A 58   DE DA 37 51 14 16 35 88  +T.g9..X..7Q..5.

00F0: AE 14 A8 B4 E1 75 36 D8   9E B7 77 76 10 EC DD 18  .....u6...wv....

0100: FB                                                 .

StartPoint-IMAP-SSL-Kernel(3) SelectorRunner, WRITE: SSLv2 client hello message, length = 257

[Raw write]: length = 259

0000: 81 01 01 03 03 00 D8 00   00 00 20 00 C0 23 00 C0  .......... ..#..

0010: 27 00 00 3C 00 C0 25 00   C0 29 00 00 67 00 00 40  '..<..%..)..g..@

0020: 00 C0 09 06 00 40 00 C0   13 00 00 2F 00 C0 04 01  [hidden email]....

0030: 00 80 00 C0 0E 00 00 33   00 00 32 00 C0 08 00 C0  .......3..2.....

0040: 12 00 00 0A 07 00 C0 00   C0 03 02 00 80 00 C0 0D  ................

0050: 00 00 16 00 00 13 00 C0   07 05 00 80 00 C0 11 00  ................

0060: 00 05 00 C0 02 00 C0 0C   00 00 04 01 00 80 00 00  ................

0070: FF 00 00 6C 00 C0 18 00   00 34 00 C0 17 00 00 1B  ...l.....4......

0080: 00 C0 16 00 00 18 00 00   09 06 00 40 00 00 15 00  [hidden email]....

0090: 00 12 00 00 1A 00 00 03   02 00 80 00 00 17 00 00  ................

00A0: 08 00 00 14 00 00 11 00   00 19 00 00 3B 00 C0 06  ............;...

00B0: 04 00 80 00 C0 10 00 00   02 00 C0 01 00 C0 0B 00  ................

00C0: C0 15 00 00 01 00 00 1F   00 00 23 00 00 20 00 00  ..........#.. ..

00D0: 24 00 00 1E 00 00 22 00   00 26 00 00 29 00 00 28  $....."..&..)..(

00E0: 00 00 2B 54 BB 67 39 AE   9A 58 DE DA 37 51 14 16  ..+T.g9..X..7Q..

00F0: 35 88 AE 14 A8 B4 E1 75   36 D8 9E B7 77 76 10 EC  5......u6...wv..

0100: DD 18 FB     


“This e-mail message may contain confidential, commercial or privileged information that constitutes proprietary information of Comverse Inc. or its subsidiaries. If you are not the intended recipient of this message, you are hereby notified that any review, use or distribution of this information is absolutely prohibited and we request that you delete all copies and contact us by e-mailing to: [hidden email]. Thank You.”

 


“This e-mail message may contain confidential, commercial or privileged information that constitutes proprietary information of Comverse Inc. or its subsidiaries. If you are not the intended recipient of this message, you are hereby notified that any review, use or distribution of this information is absolutely prohibited and we request that you delete all copies and contact us by e-mailing to: [hidden email]. Thank You.”

 


“This e-mail message may contain confidential, commercial or privileged information that constitutes proprietary information of Comverse Inc. or its subsidiaries. If you are not the intended recipient of this message, you are hereby notified that any review, use or distribution of this information is absolutely prohibited and we request that you delete all copies and contact us by e-mailing to: [hidden email]. Thank You.”

 


“This e-mail message may contain confidential, commercial or privileged information that constitutes proprietary information of Comverse Inc. or its subsidiaries. If you are not the intended recipient of this message, you are hereby notified that any review, use or distribution of this information is absolutely prohibited and we request that you delete all copies and contact us by e-mailing to: [hidden email]. Thank You.”
Reply | Threaded
Open this post in threaded view
|

Re: Trying to establish SSL connection - Fails in handshake

oleksiys
Administrator
Hi,

yeah, I expected there's something wrong with the config.
 

Do you have any suggested solution to filter out specific protocols and ciphers  ?

Grizzly API seems to provide a “white list” for these settings. What we are looking for is an option to provide a “black list”.

Well, it's always possible to get the list of *all* available ciphers and protocols, so it's very easy to get a "white list" out of a "black list".
To get the list of all supported protocols you can do something like:

SSLEngine dummySSLEngine = sslContextConfigurator.createSSLContext().createSSLEngine();
dummySSLEngine.getSupportedProtocols();
dummySSLEngine.getSupportedCipherSuites();


Thanks.

WBR,
Alexey.

 

From: Oleksiy Stashok [[hidden email]]
Sent: Thursday, January 22, 2015 7:58 AM
To: [hidden email]
Subject: Re: Trying to establish SSL connection - Fails in handshake

 

Hi,

unfortunately I can't reproduce the problem locally.
How do you run the sample server, do you use maven?
Can you pls. share the entire server SSL log, not only handshake.

Thank you.

WBR,
Alexey.

On 21.01.15 01:58, Siman Tov Gal wrote:

Hi Alexey.

I have run the SSLEchoServer along with the SSLEchoClient (As taken from the Grizzly samples).

 

I have added to the SSLEchoServer runtime execution the  -Djavax.net.debug=all .

 

I got the following output during the handshake :

 

trustStore is: C:\jdk1.7.0_72\jre\lib\security\cacerts

trustStore type is : jks

trustStore provider is :

init truststore

 

trigger seeding of SecureRandom

done seeding SecureRandom

Press any key to stop the server...

Using SSLEngineImpl.

Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA

Allow unsafe renegotiation: false

Allow legacy hello messages: true

Is initial handshake: true

Is secure renegotiation: false

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1

[Raw read]: length = 5

0000: 16 03 01 00 95                                     .....

[Raw read]: length = 149

0000: 01 00 00 91 03 01 54 BF   77 2F A6 34 EF B4 AD CA  ......T.w/.4....

0010: 49 27 25 DD 7A CA 3E EF   A9 9E 60 33 15 0C 81 A0  I'%.z.>...`3....

0020: 8B 12 9D B1 B4 7C 00 00   2A C0 09 C0 13 00 2F C0  ........*...../.

0030: 04 C0 0E 00 33 00 32 C0   08 C0 12 00 0A C0 03 C0  ....3.2.........

0040: 0D 00 16 00 13 C0 07 C0   11 00 05 C0 02 C0 0C 00  ................

0050: 04 00 FF 01 00 00 3E 00   0A 00 34 00 32 00 17 00  ......>...4.2...

0060: 01 00 03 00 13 00 15 00   06 00 07 00 09 00 0A 00  ................

0070: 18 00 0B 00 0C 00 19 00   0D 00 0E 00 0F 00 10 00  ................

0080: 11 00 02 00 12 00 04 00   05 00 14 00 08 00 16 00  ................

0090: 0B 00 02 01 00                                     .....

Grizzly-worker(1), READ: TLSv1 Handshake, length = 149

*** ClientHello, TLSv1

RandomCookie:  GMT: 1405056815 bytes = { 166, 52, 239, 180, 173, 202, 73, 39, 37, 221, 122, 202, 62, 239, 169, 158, 96, 51, 21, 12, 129, 160, 139, 18, 157, 177, 180, 124 }

Session ID:  {}

Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]

Compression Methods:  { 0 }

Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}

Extension ec_point_formats, formats: [uncompressed]

***

[read] MD5 and SHA1 hashes:  len = 149

0000: 01 00 00 91 03 01 54 BF   77 2F A6 34 EF B4 AD CA  ......T.w/.4....

0010: 49 27 25 DD 7A CA 3E EF   A9 9E 60 33 15 0C 81 A0  I'%.z.>...`3....

0020: 8B 12 9D B1 B4 7C 00 00   2A C0 09 C0 13 00 2F C0  ........*...../.

0030: 04 C0 0E 00 33 00 32 C0   08 C0 12 00 0A C0 03 C0  ....3.2.........

0040: 0D 00 16 00 13 C0 07 C0   11 00 05 C0 02 C0 0C 00  ................

0050: 04 00 FF 01 00 00 3E 00   0A 00 34 00 32 00 17 00  ......>...4.2...

0060: 01 00 03 00 13 00 15 00   06 00 07 00 09 00 0A 00  ................

0070: 18 00 0B 00 0C 00 19 00   0D 00 0E 00 0F 00 10 00  ................

0080: 11 00 02 00 12 00 04 00   05 00 14 00 08 00 16 00  ................

0090: 0B 00 02 01 00                                     .....

%% Initialized:  [Session-1, SSL_NULL_WITH_NULL_NULL]

Grizzly-worker(1), fatal error: 40: no cipher suites in common

javax.net.ssl.SSLHandshakeException: no cipher suites in common

%% Invalidated:  [Session-1, SSL_NULL_WITH_NULL_NULL]

Grizzly-worker(1), SEND TLSv1 ALERT:  fatal, description = handshake_failure

Grizzly-worker(1), WRITE: TLSv1 Alert, length = 2

Grizzly-worker(1), fatal: engine already closed.  Rethrowing javax.net.ssl.SSLHandshakeException: no cipher suites in common

 

 

Please advise,

 

Thanks Gal Siman-Tov

 

From: Oleksiy Stashok [[hidden email]]
Sent: Wednesday, January 21, 2015 3:27 AM
To: Siman Tov Gal
Cc: Meltser Tiran; Broide Uri; '[hidden email]'
Subject: Re: Trying to establish SSL connection - Fails in handshake

 

Hi,

are you running SSLEchoServer?
If yes, there is SSLEchoClient, does it work with the server?

Thank you.

WBR,
Alexey.

On 19.01.15 06:17, Siman Tov Gal wrote:

Hi Alexey,

 

Thanks for the prompt reply.

 

I took a step back and tried to launch the SSL sample from the Grizzly repository (grizzly-framework-samples-2.3.18.jar).

I used an openssl client and on handshake I got the following error:

 

30720:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188:

 

Note that I did not perform any setup on the SSLEngineConfigurator.

 

As far as I’ve seen other examples they should work as is, but this does not happen here.

 

Am I missing something?

 

10x,

 

Gal

 

 

 

From: Oleksiy Stashok [[hidden email]]
Sent: Monday, January 19, 2015 6:58 AM
To: Siman Tov Gal; [hidden email]
Cc: Meltser Tiran; Broide Uri
Subject: Re: Trying to establish SSL connection - Fails in handshake

 

Hi,

can you pls. share the test case so we can reproduce the problem?

Thank you.

WBR,
Alexey.

On 18.01.15 00:13, Siman Tov Gal wrote:

Hi

 

I am trying to establish a SSL handshake with my Grizzly server and an openssl client.

 

I’ve  configured the SSLEngineConfigurator with the following setup:

 

              sslContextConfig.setKeyStoreFile(keyStoreLocation);

              sslContextConfig.setKeyStorePass(keyStorePassword);

             

              // Create SSLEngine configurator

              SSLEngineConfigurator sslEngineConfigurator = new SSLEngineConfigurator(sslContextConfig.createSSLContext(),false,false,false);

              SSLSocketFactory sf = sslEngineConfigurator.getSslContext().getSocketFactory();         

             

              String[] supportedProtocols = {"TLSv1","SSLv3","TLSv1.1","TLSv1.2","SSLv2Hello"};

              sslEngineConfigurator.setEnabledProtocols(supportedProtocols);

              sslEngineConfigurator.setProtocolConfigured(true);

              String[] cipherSuites = sf.getSupportedCipherSuites();

              sslEngineConfigurator.setEnabledCipherSuites(cipherSuites);

              sslEngineConfigurator.setCipherConfigured(true);

              sslEngineConfigurator.setNeedClientAuth(false);

              sslEngineConfigurator.setWantClientAuth(false);

 

When debugging the handshake code, the point of failure was in the SSLBaseFilter:doHandshakeStep() method.

When entering the case of NEED_UNWRAP, the handshake failed due to the fact that the inputBuffer was set to null.

 

The openssl client send the following command :

 

openssl.exe s_client -debug -msg -connect localhost:50443

 

I am getting the following response :

 

8392:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:.\ssl\s23_clnt.c:601

 

Thanks in advance

 

Gal S.T

 

P.S:  I open the SSL debug info (using : -Djavax.net.debug=all)

 

Here is the output :

 

chain [0] = [

[

  Version: V3

  Subject: CN=mist mist, OU=VI, O=Comverse, L=Raanana, ST=Israel, C=IL

  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

 

  Key:  Sun RSA public key, 2048 bits

  modulus: 24414085473144772337919323012074107190618816754963514243080255494571539528736844619038076143491962690817977116723664346553272438908433680538048087195422831263971167306175278902944331875961609798287166241724881538546675318900905485132685167634098012392607384655817306725746127194856379390873270494744745754705873786404248972196545665264863541650881792842260766824580673229124863089563730094213195521617379221251195145200022967368062802615057847357727486054056179317815221853820588458878995885198226082418443238912098038011785005029767939039988128318928941102946178680941872945325579621419106798984545238312478653261279

  public exponent: 65537

  Validity: [From: Thu Jan 15 15:47:10 IST 2015,

               To: Wed Aug 10 16:47:10 IDT 2044]

  Issuer: CN=mist mist, OU=VI, O=Comverse, L=Raanana, ST=Israel, C=IL

  SerialNumber: [    5606fc55]

 

Certificate Extensions: 1

[1]: ObjectId: 2.5.29.14 Criticality=false

SubjectKeyIdentifier [

KeyIdentifier [

0000: 27 D1 11 CB 8B AF EB 5E   D8 67 A5 58 88 CE 39 72  '......^.g.X..9r

0010: 74 DA 48 65                                        t.He

]

]

 

]

  Algorithm: [SHA1withRSA]

  Signature:

0000: 56 82 F0 A4 A6 56 A8 F8   37 3D E6 A5 1F 87 E3 9D  V....V..7=......

0010: 45 33 C6 C6 DB 5E A5 46   C7 EB 6D 12 FD 12 38 F3  E3...^.F..m...8.

0020: 0F 80 99 A6 B7 1D 1F 84   22 5E E6 B8 FA DE 7F 68  ........"^.....h

0030: 7B 0D D0 24 53 D0 DA CB   13 F3 38 E3 EA 3B 69 C1  ...$S.....8..;i.

0040: 1E 6B BB AA 32 4F CF AF   42 91 52 C5 07 49 99 AB  .k..2O..B.R..I..

0050: C5 48 29 64 17 2A 23 AF   74 B0 2C 90 01 C1 7E BE  .H)d.*#.t.,.....

0060: 37 ED DC 2E F3 59 E7 6C   0B B0 6B DF 20 5C 61 24  7....Y.l..k. \a$

0070: FB BA EB 4E 35 BD 6A AE   DB 98 59 27 D4 C1 6D 81  ...N5.j...Y'..m.

0080: 50 8A 7B 45 9C ED 73 20   74 78 6E 45 44 54 E3 3E  P..E..s txnEDT.>

0090: B8 B6 86 98 EE 3D 65 36   D8 F2 96 67 9B BD DC DE  .....=e6...g....

00A0: CF 6B 12 51 2F D3 5E B6   E4 87 9C E5 2C 91 E6 70  .k.Q/.^.....,..p

00B0: F4 2F 19 A0 08 19 BF BF   0B 25 87 16 AE 98 76 94  ./.......%....v.

00C0: 22 DD 36 99 0A FB 41 53   0D 46 C6 18 33 36 A7 4F  ".6...AS.F..36.O

00D0: DF 45 71 46 3B 02 DA 55   58 E8 65 9F 70 E6 E1 F9  .EqF;..UX.e.p...

00E0: 6D A3 B9 6D 56 01 F8 B8   E1 A0 47 E5 76 EA 25 BE  m..mV.....G.v.%.

00F0: 6B 64 1A AA 04 1D A2 61   D9 CB 3F 2C 06 FC 24 37  kd.....a..?,..$7

 

]

***

trustStore is: C:\jdk1.7.0_72\jre\lib\security\cacerts

trustStore type is : jks

trustStore provider is :

init truststore

adding as trusted cert:

  Subject: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH

  Issuer:  CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH

  Algorithm: RSA; Serial number: 0x4eb200670c035d4f

  Valid from Wed Oct 25 10:36:00 IST 2006 until Sat Oct 25 11:36:00 IDT 2036

 

adding as trusted cert:

  Subject: [hidden email], CN=http://www.valicert.com/, OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network

  Issuer:  [hidden email], CN=http://www.valicert.com/, OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network

  Algorithm: RSA; Serial number: 0x1

  Valid from Sat Jun 26 01:23:48 IDT 1999 until Wed Jun 26 01:23:48 IDT 2019

 

trigger seeding of SecureRandom

done seeding SecureRandom

Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_ECDH_anon_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA

***** MIST started in 10092 ms *****

Using SSLEngineImpl.

Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA

Allow unsafe renegotiation: false

Allow legacy hello messages: true

Is initial handshake: true

Is secure renegotiation: false

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1

%% No cached client session

*** ClientHello, TLSv1.2

RandomCookie:  GMT: 1404790585 bytes = { 174, 154, 88, 222, 218, 55, 81, 20, 22, 53, 136, 174, 20, 168, 180, 225, 117, 54, 216, 158, 183, 119, 118, 16, 236, 221, 24, 251 }

Session ID:  {}

Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, TLS_DH_anon_WITH_AES_128_CBC_SHA256, TLS_ECDH_anon_WITH_AES_128_CBC_SHA, TLS_DH_anon_WITH_AES_128_CBC_SHA, TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA, SSL_DH_anon_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_anon_WITH_RC4_128_SHA, SSL_DH_anon_WITH_RC4_128_MD5, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_DH_anon_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_DH_anon_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA, TLS_RSA_WITH_NULL_SHA256, TLS_ECDHE_ECDSA_WITH_NULL_SHA, TLS_ECDHE_RSA_WITH_NULL_SHA, SSL_RSA_WITH_NULL_SHA, TLS_ECDH_ECDSA_WITH_NULL_SHA, TLS_ECDH_RSA_WITH_NULL_SHA, TLS_ECDH_anon_WITH_NULL_SHA, SSL_RSA_WITH_NULL_MD5, TLS_KRB5_WITH_3DES_EDE_CBC_SHA, TLS_KRB5_WITH_3DES_EDE_CBC_MD5, TLS_KRB5_WITH_RC4_128_SHA, TLS_KRB5_WITH_RC4_128_MD5, TLS_KRB5_WITH_DES_CBC_SHA, TLS_KRB5_WITH_DES_CBC_MD5, TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5, TLS_KRB5_EXPORT_WITH_RC4_40_SHA, TLS_KRB5_EXPORT_WITH_RC4_40_MD5]

Compression Methods:  { 0 }

Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}

Extension ec_point_formats, formats: [uncompressed]

Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA

***

[write] MD5 and SHA1 hashes:  len = 263

0000: 01 00 01 03 03 03 54 BB   67 39 AE 9A 58 DE DA 37  ......T.g9..X..7

0010: 51 14 16 35 88 AE 14 A8   B4 E1 75 36 D8 9E B7 77  Q..5......u6...w

0020: 76 10 EC DD 18 FB 00 00   7E C0 23 C0 27 00 3C C0  v.........#.'.<.

0030: 25 C0 29 00 67 00 40 C0   09 C0 13 00 2F C0 04 C0  %.)[hidden email]...

0040: 0E 00 33 00 32 C0 08 C0   12 00 0A C0 03 C0 0D 00  ..3.2...........

0050: 16 00 13 C0 07 C0 11 00   05 C0 02 C0 0C 00 04 00  ................

0060: FF 00 6C C0 18 00 34 C0   17 00 1B C0 16 00 18 00  ..l...4.........

0070: 09 00 15 00 12 00 1A 00   03 00 17 00 08 00 14 00  ................

0080: 11 00 19 00 3B C0 06 C0   10 00 02 C0 01 C0 0B C0  ....;...........

0090: 15 00 01 00 1F 00 23 00   20 00 24 00 1E 00 22 00  ......#. .$...".

00A0: 26 00 29 00 28 00 2B 01   00 00 5C 00 0A 00 34 00  &.).(.+...\...4.

00B0: 32 00 17 00 01 00 03 00   13 00 15 00 06 00 07 00  2...............

00C0: 09 00 0A 00 18 00 0B 00   0C 00 19 00 0D 00 0E 00  ................

00D0: 0F 00 10 00 11 00 02 00   12 00 04 00 05 00 14 00  ................

00E0: 08 00 16 00 0B 00 02 01   00 00 0D 00 1A 00 18 06  ................

00F0: 03 06 01 05 03 05 01 04   03 04 01 03 03 03 01 02  ................

0100: 03 02 01 02 02 01 01                               .......

StartPoint-IMAP-SSL-Kernel(3) SelectorRunner, WRITE: TLSv1.2 Handshake, length = 263

[write] MD5 and SHA1 hashes:  len = 257

0000: 01 03 03 00 D8 00 00 00   20 00 C0 23 00 C0 27 00  ........ ..#..'.

0010: 00 3C 00 C0 25 00 C0 29   00 00 67 00 00 40 00 C0  .<..%..)[hidden email]..

0020: 09 06 00 40 00 C0 13 00   00 2F 00 C0 04 01 00 80  [hidden email]......

0030: 00 C0 0E 00 00 33 00 00   32 00 C0 08 00 C0 12 00  .....3..2.......

0040: 00 0A 07 00 C0 00 C0 03   02 00 80 00 C0 0D 00 00  ................

0050: 16 00 00 13 00 C0 07 05   00 80 00 C0 11 00 00 05  ................

0060: 00 C0 02 00 C0 0C 00 00   04 01 00 80 00 00 FF 00  ................

0070: 00 6C 00 C0 18 00 00 34   00 C0 17 00 00 1B 00 C0  .l.....4........

0080: 16 00 00 18 00 00 09 06   00 40 00 00 15 00 00 12  [hidden email]......

0090: 00 00 1A 00 00 03 02 00   80 00 00 17 00 00 08 00  ................

00A0: 00 14 00 00 11 00 00 19   00 00 3B 00 C0 06 04 00  ..........;.....

00B0: 80 00 C0 10 00 00 02 00   C0 01 00 C0 0B 00 C0 15  ................

00C0: 00 00 01 00 00 1F 00 00   23 00 00 20 00 00 24 00  ........#.. ..$.

00D0: 00 1E 00 00 22 00 00 26   00 00 29 00 00 28 00 00  ...."..&..)..(..

00E0: 2B 54 BB 67 39 AE 9A 58   DE DA 37 51 14 16 35 88  +T.g9..X..7Q..5.

00F0: AE 14 A8 B4 E1 75 36 D8   9E B7 77 76 10 EC DD 18  .....u6...wv....

0100: FB                                                 .

StartPoint-IMAP-SSL-Kernel(3) SelectorRunner, WRITE: SSLv2 client hello message, length = 257

[Raw write]: length = 259

0000: 81 01 01 03 03 00 D8 00   00 00 20 00 C0 23 00 C0  .......... ..#..

0010: 27 00 00 3C 00 C0 25 00   C0 29 00 00 67 00 00 40  '..<..%..)..g..@

0020: 00 C0 09 06 00 40 00 C0   13 00 00 2F 00 C0 04 01  [hidden email]....

0030: 00 80 00 C0 0E 00 00 33   00 00 32 00 C0 08 00 C0  .......3..2.....

0040: 12 00 00 0A 07 00 C0 00   C0 03 02 00 80 00 C0 0D  ................

0050: 00 00 16 00 00 13 00 C0   07 05 00 80 00 C0 11 00  ................

0060: 00 05 00 C0 02 00 C0 0C   00 00 04 01 00 80 00 00  ................

0070: FF 00 00 6C 00 C0 18 00   00 34 00 C0 17 00 00 1B  ...l.....4......

0080: 00 C0 16 00 00 18 00 00   09 06 00 40 00 00 15 00  [hidden email]....

0090: 00 12 00 00 1A 00 00 03   02 00 80 00 00 17 00 00  ................

00A0: 08 00 00 14 00 00 11 00   00 19 00 00 3B 00 C0 06  ............;...

00B0: 04 00 80 00 C0 10 00 00   02 00 C0 01 00 C0 0B 00  ................

00C0: C0 15 00 00 01 00 00 1F   00 00 23 00 00 20 00 00  ..........#.. ..

00D0: 24 00 00 1E 00 00 22 00   00 26 00 00 29 00 00 28  $....."..&..)..(

00E0: 00 00 2B 54 BB 67 39 AE   9A 58 DE DA 37 51 14 16  ..+T.g9..X..7Q..

00F0: 35 88 AE 14 A8 B4 E1 75   36 D8 9E B7 77 76 10 EC  5......u6...wv..

0100: DD 18 FB     


“This e-mail message may contain confidential, commercial or privileged information that constitutes proprietary information of Comverse Inc. or its subsidiaries. If you are not the intended recipient of this message, you are hereby notified that any review, use or distribution of this information is absolutely prohibited and we request that you delete all copies and contact us by e-mailing to: [hidden email]. Thank You.”

 


“This e-mail message may contain confidential, commercial or privileged information that constitutes proprietary information of Comverse Inc. or its subsidiaries. If you are not the intended recipient of this message, you are hereby notified that any review, use or distribution of this information is absolutely prohibited and we request that you delete all copies and contact us by e-mailing to: [hidden email]. Thank You.”

 


“This e-mail message may contain confidential, commercial or privileged information that constitutes proprietary information of Comverse Inc. or its subsidiaries. If you are not the intended recipient of this message, you are hereby notified that any review, use or distribution of this information is absolutely prohibited and we request that you delete all copies and contact us by e-mailing to: [hidden email]. Thank You.”

 


“This e-mail message may contain confidential, commercial or privileged information that constitutes proprietary information of Comverse Inc. or its subsidiaries. If you are not the intended recipient of this message, you are hereby notified that any review, use or distribution of this information is absolutely prohibited and we request that you delete all copies and contact us by e-mailing to: [hidden email]. Thank You.”

Reply | Threaded
Open this post in threaded view
|

Re: Trying to establish SSL connection - Fails in handshake

oleksiys
Administrator
In reply to this post by Siman Tov Gal
Hi,

yeah, I expected there's something wrong with the config.
 

Do you have any suggested solution to filter out specific protocols and ciphers  ?

Grizzly API seems to provide a “white list” for these settings. What we are looking for is an option to provide a “black list”.

Well, it's always possible to get the list of *all* available ciphers and protocols, so it's very easy to get a "white list" out of "black list".
To get the list of all supported protocols you can do something like:


 

Thanks

 

Gal

 

 

From: Oleksiy Stashok [[hidden email]]
Sent: Thursday, January 22, 2015 7:58 AM
To: [hidden email]
Subject: Re: Trying to establish SSL connection - Fails in handshake

 

Hi,

unfortunately I can't reproduce the problem locally.
How do you run the sample server, do you use maven?
Can you pls. share the entire server SSL log, not only handshake.

Thank you.

WBR,
Alexey.

On 21.01.15 01:58, Siman Tov Gal wrote:

Hi Alexey.

I have run the SSLEchoServer along with the SSLEchoClient (As taken from the Grizzly samples).

 

I have added to the SSLEchoServer runtime execution the  -Djavax.net.debug=all .

 

I got the following output during the handshake :

 

trustStore is: C:\jdk1.7.0_72\jre\lib\security\cacerts

trustStore type is : jks

trustStore provider is :

init truststore

 

trigger seeding of SecureRandom

done seeding SecureRandom

Press any key to stop the server...

Using SSLEngineImpl.

Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA

Allow unsafe renegotiation: false

Allow legacy hello messages: true

Is initial handshake: true

Is secure renegotiation: false

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1

[Raw read]: length = 5

0000: 16 03 01 00 95                                     .....

[Raw read]: length = 149

0000: 01 00 00 91 03 01 54 BF   77 2F A6 34 EF B4 AD CA  ......T.w/.4....

0010: 49 27 25 DD 7A CA 3E EF   A9 9E 60 33 15 0C 81 A0  I'%.z.>...`3....

0020: 8B 12 9D B1 B4 7C 00 00   2A C0 09 C0 13 00 2F C0  ........*...../.

0030: 04 C0 0E 00 33 00 32 C0   08 C0 12 00 0A C0 03 C0  ....3.2.........

0040: 0D 00 16 00 13 C0 07 C0   11 00 05 C0 02 C0 0C 00  ................

0050: 04 00 FF 01 00 00 3E 00   0A 00 34 00 32 00 17 00  ......>...4.2...

0060: 01 00 03 00 13 00 15 00   06 00 07 00 09 00 0A 00  ................

0070: 18 00 0B 00 0C 00 19 00   0D 00 0E 00 0F 00 10 00  ................

0080: 11 00 02 00 12 00 04 00   05 00 14 00 08 00 16 00  ................

0090: 0B 00 02 01 00                                     .....

Grizzly-worker(1), READ: TLSv1 Handshake, length = 149

*** ClientHello, TLSv1

RandomCookie:  GMT: 1405056815 bytes = { 166, 52, 239, 180, 173, 202, 73, 39, 37, 221, 122, 202, 62, 239, 169, 158, 96, 51, 21, 12, 129, 160, 139, 18, 157, 177, 180, 124 }

Session ID:  {}

Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]

Compression Methods:  { 0 }

Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}

Extension ec_point_formats, formats: [uncompressed]

***

[read] MD5 and SHA1 hashes:  len = 149

0000: 01 00 00 91 03 01 54 BF   77 2F A6 34 EF B4 AD CA  ......T.w/.4....

0010: 49 27 25 DD 7A CA 3E EF   A9 9E 60 33 15 0C 81 A0  I'%.z.>...`3....

0020: 8B 12 9D B1 B4 7C 00 00   2A C0 09 C0 13 00 2F C0  ........*...../.

0030: 04 C0 0E 00 33 00 32 C0   08 C0 12 00 0A C0 03 C0  ....3.2.........

0040: 0D 00 16 00 13 C0 07 C0   11 00 05 C0 02 C0 0C 00  ................

0050: 04 00 FF 01 00 00 3E 00   0A 00 34 00 32 00 17 00  ......>...4.2...

0060: 01 00 03 00 13 00 15 00   06 00 07 00 09 00 0A 00  ................

0070: 18 00 0B 00 0C 00 19 00   0D 00 0E 00 0F 00 10 00  ................

0080: 11 00 02 00 12 00 04 00   05 00 14 00 08 00 16 00  ................

0090: 0B 00 02 01 00                                     .....

%% Initialized:  [Session-1, SSL_NULL_WITH_NULL_NULL]

Grizzly-worker(1), fatal error: 40: no cipher suites in common

javax.net.ssl.SSLHandshakeException: no cipher suites in common

%% Invalidated:  [Session-1, SSL_NULL_WITH_NULL_NULL]

Grizzly-worker(1), SEND TLSv1 ALERT:  fatal, description = handshake_failure

Grizzly-worker(1), WRITE: TLSv1 Alert, length = 2

Grizzly-worker(1), fatal: engine already closed.  Rethrowing javax.net.ssl.SSLHandshakeException: no cipher suites in common

 

 

Please advise,

 

Thanks Gal Siman-Tov

 

From: Oleksiy Stashok [[hidden email]]
Sent: Wednesday, January 21, 2015 3:27 AM
To: Siman Tov Gal
Cc: Meltser Tiran; Broide Uri; '[hidden email]'
Subject: Re: Trying to establish SSL connection - Fails in handshake

 

Hi,

are you running SSLEchoServer?
If yes, there is SSLEchoClient, does it work with the server?

Thank you.

WBR,
Alexey.

On 19.01.15 06:17, Siman Tov Gal wrote:

Hi Alexey,

 

Thanks for the prompt reply.

 

I took a step back and tried to launch the SSL sample from the Grizzly repository (grizzly-framework-samples-2.3.18.jar).

I used an openssl client and on handshake I got the following error:

 

30720:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188:

 

Note that I did not perform any setup on the SSLEngineConfigurator.

 

As far as I’ve seen other examples they should work as is, but this does not happen here.

 

Am I missing something?

 

10x,

 

Gal

 

 

 

From: Oleksiy Stashok [[hidden email]]
Sent: Monday, January 19, 2015 6:58 AM
To: Siman Tov Gal; [hidden email]
Cc: Meltser Tiran; Broide Uri
Subject: Re: Trying to establish SSL connection - Fails in handshake

 

Hi,

can you pls. share the test case so we can reproduce the problem?

Thank you.

WBR,
Alexey.

On 18.01.15 00:13, Siman Tov Gal wrote:

Hi

 

I am trying to establish a SSL handshake with my Grizzly server and an openssl client.

 

I’ve  configured the SSLEngineConfigurator with the following setup:

 

              sslContextConfig.setKeyStoreFile(keyStoreLocation);

              sslContextConfig.setKeyStorePass(keyStorePassword);

             

              // Create SSLEngine configurator

              SSLEngineConfigurator sslEngineConfigurator = new SSLEngineConfigurator(sslContextConfig.createSSLContext(),false,false,false);

              SSLSocketFactory sf = sslEngineConfigurator.getSslContext().getSocketFactory();         

             

              String[] supportedProtocols = {"TLSv1","SSLv3","TLSv1.1","TLSv1.2","SSLv2Hello"};

              sslEngineConfigurator.setEnabledProtocols(supportedProtocols);

              sslEngineConfigurator.setProtocolConfigured(true);

              String[] cipherSuites = sf.getSupportedCipherSuites();

              sslEngineConfigurator.setEnabledCipherSuites(cipherSuites);

              sslEngineConfigurator.setCipherConfigured(true);

              sslEngineConfigurator.setNeedClientAuth(false);

              sslEngineConfigurator.setWantClientAuth(false);

 

When debugging the handshake code, the point of failure was in the SSLBaseFilter:doHandshakeStep() method.

When entering the case of NEED_UNWRAP, the handshake failed due to the fact that the inputBuffer was set to null.

 

The openssl client send the following command :

 

openssl.exe s_client -debug -msg -connect localhost:50443

 

I am getting the following response :

 

8392:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:.\ssl\s23_clnt.c:601

 

Thanks in advance

 

Gal S.T

 

P.S:  I open the SSL debug info (using : -Djavax.net.debug=all)

 

Here is the output :

 

chain [0] = [

[

  Version: V3

  Subject: CN=mist mist, OU=VI, O=Comverse, L=Raanana, ST=Israel, C=IL

  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

 

  Key:  Sun RSA public key, 2048 bits

  modulus: 24414085473144772337919323012074107190618816754963514243080255494571539528736844619038076143491962690817977116723664346553272438908433680538048087195422831263971167306175278902944331875961609798287166241724881538546675318900905485132685167634098012392607384655817306725746127194856379390873270494744745754705873786404248972196545665264863541650881792842260766824580673229124863089563730094213195521617379221251195145200022967368062802615057847357727486054056179317815221853820588458878995885198226082418443238912098038011785005029767939039988128318928941102946178680941872945325579621419106798984545238312478653261279

  public exponent: 65537

  Validity: [From: Thu Jan 15 15:47:10 IST 2015,

               To: Wed Aug 10 16:47:10 IDT 2044]

  Issuer: CN=mist mist, OU=VI, O=Comverse, L=Raanana, ST=Israel, C=IL

  SerialNumber: [    5606fc55]

 

Certificate Extensions: 1

[1]: ObjectId: 2.5.29.14 Criticality=false

SubjectKeyIdentifier [

KeyIdentifier [

0000: 27 D1 11 CB 8B AF EB 5E   D8 67 A5 58 88 CE 39 72  '......^.g.X..9r

0010: 74 DA 48 65                                        t.He

]

]

 

]

  Algorithm: [SHA1withRSA]

  Signature:

0000: 56 82 F0 A4 A6 56 A8 F8   37 3D E6 A5 1F 87 E3 9D  V....V..7=......

0010: 45 33 C6 C6 DB 5E A5 46   C7 EB 6D 12 FD 12 38 F3  E3...^.F..m...8.

0020: 0F 80 99 A6 B7 1D 1F 84   22 5E E6 B8 FA DE 7F 68  ........"^.....h

0030: 7B 0D D0 24 53 D0 DA CB   13 F3 38 E3 EA 3B 69 C1  ...$S.....8..;i.

0040: 1E 6B BB AA 32 4F CF AF   42 91 52 C5 07 49 99 AB  .k..2O..B.R..I..

0050: C5 48 29 64 17 2A 23 AF   74 B0 2C 90 01 C1 7E BE  .H)d.*#.t.,.....

0060: 37 ED DC 2E F3 59 E7 6C   0B B0 6B DF 20 5C 61 24  7....Y.l..k. \a$

0070: FB BA EB 4E 35 BD 6A AE   DB 98 59 27 D4 C1 6D 81  ...N5.j...Y'..m.

0080: 50 8A 7B 45 9C ED 73 20   74 78 6E 45 44 54 E3 3E  P..E..s txnEDT.>

0090: B8 B6 86 98 EE 3D 65 36   D8 F2 96 67 9B BD DC DE  .....=e6...g....

00A0: CF 6B 12 51 2F D3 5E B6   E4 87 9C E5 2C 91 E6 70  .k.Q/.^.....,..p

00B0: F4 2F 19 A0 08 19 BF BF   0B 25 87 16 AE 98 76 94  ./.......%....v.

00C0: 22 DD 36 99 0A FB 41 53   0D 46 C6 18 33 36 A7 4F  ".6...AS.F..36.O

00D0: DF 45 71 46 3B 02 DA 55   58 E8 65 9F 70 E6 E1 F9  .EqF;..UX.e.p...

00E0: 6D A3 B9 6D 56 01 F8 B8   E1 A0 47 E5 76 EA 25 BE  m..mV.....G.v.%.

00F0: 6B 64 1A AA 04 1D A2 61   D9 CB 3F 2C 06 FC 24 37  kd.....a..?,..$7

 

]

***

trustStore is: C:\jdk1.7.0_72\jre\lib\security\cacerts

trustStore type is : jks

trustStore provider is :

init truststore

adding as trusted cert:

  Subject: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH

  Issuer:  CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH

  Algorithm: RSA; Serial number: 0x4eb200670c035d4f

  Valid from Wed Oct 25 10:36:00 IST 2006 until Sat Oct 25 11:36:00 IDT 2036

 

adding as trusted cert:

  Subject: [hidden email], CN=http://www.valicert.com/, OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network

  Issuer:  [hidden email], CN=http://www.valicert.com/, OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network

  Algorithm: RSA; Serial number: 0x1

  Valid from Sat Jun 26 01:23:48 IDT 1999 until Wed Jun 26 01:23:48 IDT 2019

 

trigger seeding of SecureRandom

done seeding SecureRandom

Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_ECDH_anon_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA

***** MIST started in 10092 ms *****

Using SSLEngineImpl.

Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256

Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384

Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA

Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA

Allow unsafe renegotiation: false

Allow legacy hello messages: true

Is initial handshake: true

Is secure renegotiation: false

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv2Hello

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv3

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1

%% No cached client session

*** ClientHello, TLSv1.2

RandomCookie:  GMT: 1404790585 bytes = { 174, 154, 88, 222, 218, 55, 81, 20, 22, 53, 136, 174, 20, 168, 180, 225, 117, 54, 216, 158, 183, 119, 118, 16, 236, 221, 24, 251 }

Session ID:  {}

Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, TLS_DH_anon_WITH_AES_128_CBC_SHA256, TLS_ECDH_anon_WITH_AES_128_CBC_SHA, TLS_DH_anon_WITH_AES_128_CBC_SHA, TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA, SSL_DH_anon_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_anon_WITH_RC4_128_SHA, SSL_DH_anon_WITH_RC4_128_MD5, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_DH_anon_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_DH_anon_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA, TLS_RSA_WITH_NULL_SHA256, TLS_ECDHE_ECDSA_WITH_NULL_SHA, TLS_ECDHE_RSA_WITH_NULL_SHA, SSL_RSA_WITH_NULL_SHA, TLS_ECDH_ECDSA_WITH_NULL_SHA, TLS_ECDH_RSA_WITH_NULL_SHA, TLS_ECDH_anon_WITH_NULL_SHA, SSL_RSA_WITH_NULL_MD5, TLS_KRB5_WITH_3DES_EDE_CBC_SHA, TLS_KRB5_WITH_3DES_EDE_CBC_MD5, TLS_KRB5_WITH_RC4_128_SHA, TLS_KRB5_WITH_RC4_128_MD5, TLS_KRB5_WITH_DES_CBC_SHA, TLS_KRB5_WITH_DES_CBC_MD5, TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5, TLS_KRB5_EXPORT_WITH_RC4_40_SHA, TLS_KRB5_EXPORT_WITH_RC4_40_MD5]

Compression Methods:  { 0 }

Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}

Extension ec_point_formats, formats: [uncompressed]

Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA

***

[write] MD5 and SHA1 hashes:  len = 263

0000: 01 00 01 03 03 03 54 BB   67 39 AE 9A 58 DE DA 37  ......T.g9..X..7

0010: 51 14 16 35 88 AE 14 A8   B4 E1 75 36 D8 9E B7 77  Q..5......u6...w

0020: 76 10 EC DD 18 FB 00 00   7E C0 23 C0 27 00 3C C0  v.........#.'.<.

0030: 25 C0 29 00 67 00 40 C0   09 C0 13 00 2F C0 04 C0  %.)[hidden email]...

0040: 0E 00 33 00 32 C0 08 C0   12 00 0A C0 03 C0 0D 00  ..3.2...........

0050: 16 00 13 C0 07 C0 11 00   05 C0 02 C0 0C 00 04 00  ................

0060: FF 00 6C C0 18 00 34 C0   17 00 1B C0 16 00 18 00  ..l...4.........

0070: 09 00 15 00 12 00 1A 00   03 00 17 00 08 00 14 00  ................

0080: 11 00 19 00 3B C0 06 C0   10 00 02 C0 01 C0 0B C0  ....;...........

0090: 15 00 01 00 1F 00 23 00   20 00 24 00 1E 00 22 00  ......#. .$...".

00A0: 26 00 29 00 28 00 2B 01   00 00 5C 00 0A 00 34 00  &.).(.+...\...4.

00B0: 32 00 17 00 01 00 03 00   13 00 15 00 06 00 07 00  2...............

00C0: 09 00 0A 00 18 00 0B 00   0C 00 19 00 0D 00 0E 00  ................

00D0: 0F 00 10 00 11 00 02 00   12 00 04 00 05 00 14 00  ................

00E0: 08 00 16 00 0B 00 02 01   00 00 0D 00 1A 00 18 06  ................

00F0: 03 06 01 05 03 05 01 04   03 04 01 03 03 03 01 02  ................

0100: 03 02 01 02 02 01 01                               .......

StartPoint-IMAP-SSL-Kernel(3) SelectorRunner, WRITE: TLSv1.2 Handshake, length = 263

[write] MD5 and SHA1 hashes:  len = 257

0000: 01 03 03 00 D8 00 00 00   20 00 C0 23 00 C0 27 00  ........ ..#..'.

0010: 00 3C 00 C0 25 00 C0 29   00 00 67 00 00 40 00 C0  .<..%..)[hidden email]..

0020: 09 06 00 40 00 C0 13 00   00 2F 00 C0 04 01 00 80  [hidden email]......

0030: 00 C0 0E 00 00 33 00 00   32 00 C0 08 00 C0 12 00  .....3..2.......

0040: 00 0A 07 00 C0 00 C0 03   02 00 80 00 C0 0D 00 00  ................

0050: 16 00 00 13 00 C0 07 05   00 80 00 C0 11 00 00 05  ................

0060: 00 C0 02 00 C0 0C 00 00   04 01 00 80 00 00 FF 00  ................

0070: 00 6C 00 C0 18 00 00 34   00 C0 17 00 00 1B 00 C0  .l.....4........

0080: 16 00 00 18 00 00 09 06   00 40 00 00 15 00 00 12  [hidden email]......

0090: 00 00 1A 00 00 03 02 00   80 00 00 17 00 00 08 00  ................

00A0: 00 14 00 00 11 00 00 19   00 00 3B 00 C0 06 04 00  ..........;.....

00B0: 80 00 C0 10 00 00 02 00   C0 01 00 C0 0B 00 C0 15  ................

00C0: 00 00 01 00 00 1F 00 00   23 00 00 20 00 00 24 00  ........#.. ..$.

00D0: 00 1E 00 00 22 00 00 26   00 00 29 00 00 28 00 00  ...."..&..)..(..

00E0: 2B 54 BB 67 39 AE 9A 58   DE DA 37 51 14 16 35 88  +T.g9..X..7Q..5.

00F0: AE 14 A8 B4 E1 75 36 D8   9E B7 77 76 10 EC DD 18  .....u6...wv....

0100: FB                                                 .

StartPoint-IMAP-SSL-Kernel(3) SelectorRunner, WRITE: SSLv2 client hello message, length = 257

[Raw write]: length = 259

0000: 81 01 01 03 03 00 D8 00   00 00 20 00 C0 23 00 C0  .......... ..#..

0010: 27 00 00 3C 00 C0 25 00   C0 29 00 00 67 00 00 40  '..<..%..)..g..@

0020: 00 C0 09 06 00 40 00 C0   13 00 00 2F 00 C0 04 01  [hidden email]....

0030: 00 80 00 C0 0E 00 00 33   00 00 32 00 C0 08 00 C0  .......3..2.....

0040: 12 00 00 0A 07 00 C0 00   C0 03 02 00 80 00 C0 0D  ................

0050: 00 00 16 00 00 13 00 C0   07 05 00 80 00 C0 11 00  ................

0060: 00 05 00 C0 02 00 C0 0C   00 00 04 01 00 80 00 00  ................

0070: FF 00 00 6C 00 C0 18 00   00 34 00 C0 17 00 00 1B  ...l.....4......

0080: 00 C0 16 00 00 18 00 00   09 06 00 40 00 00 15 00  [hidden email]....

0090: 00 12 00 00 1A 00 00 03   02 00 80 00 00 17 00 00  ................

00A0: 08 00 00 14 00 00 11 00   00 19 00 00 3B 00 C0 06  ............;...

00B0: 04 00 80 00 C0 10 00 00   02 00 C0 01 00 C0 0B 00  ................

00C0: C0 15 00 00 01 00 00 1F   00 00 23 00 00 20 00 00  ..........#.. ..

00D0: 24 00 00 1E 00 00 22 00   00 26 00 00 29 00 00 28  $....."..&..)..(

00E0: 00 00 2B 54 BB 67 39 AE   9A 58 DE DA 37 51 14 16  ..+T.g9..X..7Q..

00F0: 35 88 AE 14 A8 B4 E1 75   36 D8 9E B7 77 76 10 EC  5......u6...wv..

0100: DD 18 FB     


“This e-mail message may contain confidential, commercial or privileged information that constitutes proprietary information of Comverse Inc. or its subsidiaries. If you are not the intended recipient of this message, you are hereby notified that any review, use or distribution of this information is absolutely prohibited and we request that you delete all copies and contact us by e-mailing to: [hidden email]. Thank You.”

 


“This e-mail message may contain confidential, commercial or privileged information that constitutes proprietary information of Comverse Inc. or its subsidiaries. If you are not the intended recipient of this message, you are hereby notified that any review, use or distribution of this information is absolutely prohibited and we request that you delete all copies and contact us by e-mailing to: [hidden email]. Thank You.”

 


“This e-mail message may contain confidential, commercial or privileged information that constitutes proprietary information of Comverse Inc. or its subsidiaries. If you are not the intended recipient of this message, you are hereby notified that any review, use or distribution of this information is absolutely prohibited and we request that you delete all copies and contact us by e-mailing to: [hidden email]. Thank You.”

 


“This e-mail message may contain confidential, commercial or privileged information that constitutes proprietary information of Comverse Inc. or its subsidiaries. If you are not the intended recipient of this message, you are hereby notified that any review, use or distribution of this information is absolutely prohibited and we request that you delete all copies and contact us by e-mailing to: [hidden email]. Thank You.”