我已经学习了一周的SSL / TSL和证书。
看起来它正常工作,并且我有SSL / TLS客户端/服务器证书,用于双向身份验证SSL工作。
Java服务器在PC win7上,Java客户端在Android ICS上 客户端连接并发送文本字符串和服务器回复文本字符串。
传输工作但我不确定它是否已加密,因为我无法看到正在发送的数据。
如果我做错了,我想对调试日志有第二意见? (删除了很多二进制文本以适合此主体)
adding as trusted cert:
Subject: CN=smith.droid-ip.com, O=SMITH, C=SE
Issuer: CN=smith.droid-ip.com, O=SMITH, C=SE
Algorithm: RSA; Serial number: 0xb4ba1f6a7902bb97
Valid from Thu Oct 11 18:37:21 CEST 2012 until Fri Oct 11 18:37:21 CEST 2013
***
found key for : 1
chain [0] = [
[
Version: V3
Subject: CN=smith.droid-ip.com, O=SMITH, C=SE
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: 19828292987711460063479095233990735206267474911720200680398978846239921718204800830196446367271259853243857782157464503041073715350900882399263842246256739265150626309452599118681530205469111691215024194198408322269068550434706560902100199589198763096214957779831336905118521574867338194318861017871505432271905525399396261074008234892595483193798680621671023145911
public exponent: 65537
Validity: [From: Thu Oct 11 18:38:14 CEST 2012,
To: Fri Oct 11 18:38:14 CEST 2013]
Issuer: CN=smith.droid-ip.com, O=SMITH, C=SE
SerialNumber: [ ef1a4465 3fb9d4ed]
Certificate Extensions: 3
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: F5 6E DA 1E DD 85 08 31 D9 16 AC 37 23 DB 52 6A .n.....1...7#.Rj
0010: FF B3 D4 E3 ....
]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: F5 6E DA 1E DD 85 08 31 D9 16 AC 37 23 DB 52 6A .n.....1...7#.Rj
0010: FF B3 D4 E3 ....
]
]
[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 7C EA BF 17 BB 9C 6E E6 DC 6E D3 5D 7E B5 48 0F ......n..n.]..H.
0010: 5A A1 98 5F 15 A8 46 49 36 D2 1B F9 05 60 87 ED Z.._..FI6....`..
00E0: 61 9B 78 96 F7 54 D3 68 F2 91 9F 43 57 AB C5 0E a.x..T.h...CW...
00F0: D8 9E 51 85 08 62 F6 B4 BB A4 70 04 0F BA D2 C6 ..Q..b....p.....
]
***
SSL Key 1
SSL Trust 1
trigger seeding of SecureRandom
done seeding SecureRandom
Server started
Waiting for connection from client...
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Accepted connection from 192.168.1.1, port 54732
[Raw read]: length = 5
0000: 16 03 01 00 B3 .....
[Raw read]: length = 179
0000: 01 00 00 AF 03 01 50 77 38 3C 36 6C 05 1E DA AF ......Pw8<6l....
0010: DA 43 76 EF 65 9B 43 C4 5A 05 34 FC 42 B9 4F 54 .Cv.e.C.Z.4.B.OT
0090: 08 00 09 00 0A 00 0B 00 0C 00 0D 00 0E 00 0F 00 ................
00A0: 10 00 11 00 12 00 13 00 14 00 15 00 16 00 17 00 ................
00B0: 18 00 19 ...
main, READ: TLSv1 Handshake, length = 179
*** ClientHello, TLSv1
RandomCookie: GMT: 1349990460 bytes = { 54, 108, 5, 30, 218, 175, 218, 67, 118, 239, 101, 155, 67, 196, 90, 5, 52, 252, 66, 185, 79, 84, 176, 249, 20, 196, 174, 171 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension ec_point_formats, formats: [uncompressed, ansiX962_compressed_prime, ansiX962_compressed_char2]
Extension elliptic_curves, curve names: {sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, secp224k1, secp224r1, secp256k1, secp256r1, secp384r1, secp521r1}
***
[read] MD5 and SHA1 hashes: len = 179
0000: 01 00 00 AF 03 01 50 77 38 3C 36 6C 05 1E DA AF ......Pw8<6l....
0010: DA 43 76 EF 65 9B 43 C4 5A 05 34 FC 42 B9 4F 54 .Cv.e.C.Z.4.B.OT
0020: B0 F9 14 C4 AE AB 00 00 46 00 04 00 05 00 2F 00 ........F...../.
0090: 08 00 09 00 0A 00 0B 00 0C 00 0D 00 0E 00 0F 00 ................
00A0: 10 00 11 00 12 00 13 00 14 00 15 00 16 00 17 00 ................
00B0: 18 00 19 ...
%% Initialized: [Session-1, SSL_NULL_WITH_NULL_NULL]
matching alias: 1
%% Negotiating: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
*** ServerHello, TLSv1
RandomCookie: GMT: 1349990450 bytes = { 174, 0, 115, 139, 10, 24, 65, 65, 210, 225, 235, 246, 73, 222, 227, 2, 249, 108, 142, 119, 113, 131, 78, 202, 83, 67, 172, 181 }
Session ID: {80, 119, 56, 50, 9, 30, 182, 174, 111, 28, 205, 221, 135, 132, 189, 19, 82, 157, 109, 159, 42, 162, 203, 141, 125, 61, 76, 105, 185, 192, 186, 184}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
Cipher suite: SSL_RSA_WITH_RC4_128_MD5
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=smith.droid-ip.com, O=SMITH, C=SE
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: 198282929877114600634790952339907352062674749117202006803989788462399217182048008301964463672712598532438577821574645030410737153509008823992638422462567392651506263094525991186815305469111691215024194198408322269068550434706560902100199589198763096214957779831336905118521574867338194318861017871505432271905525399396261074008234892595483193798680621671023145911
public exponent: 65537
Validity: [From: Thu Oct 11 18:38:14 CEST 2012,
To: Fri Oct 11 18:38:14 CEST 2013]
Issuer: CN=smith.droid-ip.com, O=SMITH, C=SE
SerialNumber: [ ef1a4465 3fb9d4ed]
Certificate Extensions: 3
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: F5 6E DA 1E DD 85 08 31 D9 16 AC 37 23 DB 52 6A .n.....1...7#.Rj
0010: FF B3 D4 E3 ....
]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: F5 6E DA 1E DD 85 08 31 D9 16 AC 37 23 DB 52 6A .n.....1...7#.Rj
0010: FF B3 D4 E3 ....
]
]
[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 7C EA BF 17 BB 9C 6E E6 DC 6E D3 5D 7E B5 48 0F ......n..n.]..H.
0010: 5A A1 98 5F 15 A8 46 49 36 D2 1B F9 05 60 87 ED Z.._..FI6....`..
0020: F8 59 E5 08 9F 06 22 0F 18 4A F6 E6 6C 23 39 E8 .Y...."..J..l#9.
00D0: 5A F8 94 F4 5F C2 01 BE EE E0 4E 8B BD CA 14 3C Z..._.....N....<
00E0: 61 9B 78 96 F7 54 D3 68 F2 91 9F 43 57 AB C5 0E a.x..T.h...CW...
00F0: D8 9E 51 85 08 62 F6 B4 BB A4 70 04 0F BA D2 C6 ..Q..b....p.....
]
***
*** CertificateRequest
Cert Types: RSA, DSS, ECDSA
Cert Authorities:
<CN=smith.droid-ip.com, O=SMITH, C=SE>
*** ServerHelloDone
[write] MD5 and SHA1 hashes: len = 1022
0000: 02 00 00 4D 03 01 50 77 38 32 AE 00 73 8B 0A 18 ...M..Pw82..s...
0010: 41 41 D2 E1 EB F6 49 DE E3 02 F9 6C 8E 77 71 83 AA....I....l.wq.
0060: 82 02 37 A0 03 02 01 02 02 09 00 EF 1A 44 65 3F ..7..........De?
0070: B9 D4 ED 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 ...0...*.H......
0080: 05 00 30 3E 31 0B 30 09 06 03 55 04 06 13 02 53 ..0>1.0...U....S
0090: 45 31 0F 30 0D 06 03 55 04 0A 0C 06 53 50 52 49 E1.0...U....SPRI
00A0: 49 44 31 1E 30 1C 06 03 55 04 03 0C 15 64 72 75 ID1.0...U....dru
00B0: 74 74 65 6E 2E 64 79 6E 64 6E 73 2D 69 70 2E 63 tten.droid-ip.c
00C0: 6F 6D 30 1E 17 0D 31 32 31 30 31 31 31 36 33 38 om0...1210111638
00D0: 31 34 5A 17 0D 31 33 31 30 31 31 31 36 33 38 31 14Z..13101116381
00E0: 34 5A 30 3E 31 0B 30 09 06 03 55 04 06 13 02 53 4Z0>1.0...U....S
00F0: 45 31 0F 30 0D 06 03 55 04 0A 0C 06 53 50 52 49 E1.0...U....SPRI
0100: 49 44 31 1E 30 1C 06 03 55 04 03 0C 15 64 72 75 ID1.0...U....dru
0110: 74 74 65 6E 2E 64 79 6E 64 6E 73 2D 69 70 2E 63 tten.droid-ip.c
0120: 6F 6D 30 82 01 22 30 0D 06 09 2A 86 48 86 F7 0D om0.."0...*.H...
03C0: 06 03 55 04 06 13 02 53 45 31 0F 30 0D 06 03 55 ..U....SE1.0...U
03D0: 04 0A 0C 06 53 50 52 49 49 44 31 1E 30 1C 06 03 ....SMITH1.0...
03E0: 55 04 03 0C 15 64 72 75 74 74 65 6E 2E 64 79 6E U....smith.dyn
03F0: 64 6E 73 2D 69 70 2E 63 6F 6D 0E 00 00 00 dns-ip.com....
main, WRITE: TLSv1 Handshake, length = 1022
[Raw write]: length = 1027
0000: 16 03 01 03 FE 02 00 00 4D 03 01 50 77 38 32 AE ........M..Pw82.
0010: 00 73 8B 0A 18 41 41 D2 E1 EB F6 49 DE E3 02 F9 .s...AA....I....
0020: 6C 8E 77 71 83 4E CA 53 43 AC B5 20 50 77 38 32 l.wq.N.SC.. Pw82
0090: 04 06 13 02 53 45 31 0F 30 0D 06 03 55 04 0A 0C ....SE1.0...U...
00A0: 06 53 50 52 49 49 44 31 1E 30 1C 06 03 55 04 03 .SMITH1.0...U..
00B0: 0C 15 64 72 75 74 74 65 6E 2E 64 79 6E 64 6E 73 ..smith.droid
00C0: 2D 69 70 2E 63 6F 6D 30 1E 17 0D 31 32 31 30 31 -ip.com0...12101
00D0: 31 31 36 33 38 31 34 5A 17 0D 31 33 31 30 31 31 1163814Z..131011
03E0: 1E 30 1C 06 03 55 04 03 0C 15 64 72 75 74 74 65 .0...U....drutte
03F0: 6E 2E 64 79 6E 64 6E 73 2D 69 70 2E 63 6F 6D 0E n.droid-ip.com.
0400: 00 00 00 ...
[Raw read]: length = 5
0000: 16 03 01 03 5D ....]
[Raw read]: length = 861
0000: 0B 00 03 59 00 03 56 00 03 53 30 82 03 4F 30 82 ...Y..V..S0..O0.
0010: 02 37 A0 03 02 01 02 02 09 00 B4 BA 1F 6A 79 02 .7...........jy.
0020: BB 97 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 ..0...*.H.......
0030: 00 30 3E 31 0B 30 09 06 03 55 04 06 13 02 53 45 .0>1.0...U....SE
0040: 31 0F 30 0D 06 03 55 04 0A 0C 06 53 50 52 49 49 1.0...U....SPRII
0330: AD 48 3B FE 4B F9 1A 82 C9 CB 24 88 89 C3 78 8E .H;.K.....$...x.
0340: A6 D4 FE CE 39 66 F4 48 39 16 7D 8E 08 DB 3E 24 ....9f.H9.....>$
0350: F7 FD 34 76 94 6D 37 BE EF 53 BA 89 4D ..4v.m7..S..M
main, READ: TLSv1 Handshake, length = 861
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=smith.droid-ip.com, O=SMITH, C=SE
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: 23496237719502336160731187123882087516857248303136016525007515477411820324389309412497616204841416737428369029539727911829957261900246123671755448783374076371585220700946079814339410199697877719076300791503351733152444962714618216706903270272228589537934701160017250218124068090224176369183083907456616852817429610227318879195807569316432328134191548839310114727528540673
public exponent: 65537 Validity: [From: Thu Oct 11 18:37:21 CEST 2012,
To: Fri Oct 11 18:37:21 CEST 2013]
Issuer: CN=smith.droid-ip.com, O=SMITH, C=SE
SerialNumber: [ b4ba1f6a 7902bb97]
Certificate Extensions: 3
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 28 E3 D4 F1 6B 59 12 54 26 6B 9B 09 6A 94 77 79 (...kY.T&k..j.wy
0010: AE BC 3D 2B ..=+
]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 28 E3 D4 F1 6B 59 12 54 26 6B 9B 09 6A 94 77 79 (...kY.T&k..j.wy
0010: AE BC 3D 2B ..=+
]
]
[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: B0 22 82 D5 1B AF 4C A7 7E D9 B4 27 F7 48 C4 D7 ."....L....'.H..
0010: DE A5 45 E6 72 D1 85 DE CF F7 AF A4 97 7B 68 6A ..E.r.........hj
0020: FE 22 D0 1A 38 E6 5F D4 6B ED CD F1 32 6B 29 E5 ."..8._.k...2k).
0030: 72 EE 9F 7F 4F 16 10 7D C4 1B 6C 1A 31 4A 8E 3C r...O.....l.1J.<
0040: E0 E9 8B 0E E2 D5 5B 01 00 29 1C 32 8B E8 D9 56 ......[..).2...V
0050: DF 5D 6A 95 F4 BA 20 7D CA E7 FD 0E C5 C1 91 36 .]j... ........6
0060: 5C 13 00 F9 04 A8 4C 93 A7 46 0D C6 54 07 4B 7B \.....L..F..T.K.
00F0: DB 3E 24 F7 FD 34 76 94 6D 37 BE EF 53 BA 89 4D .>$..4v.m7..S..M
]
***
Found trusted certificate:
[
[
Version: V3
Subject: CN=smith.droid-ip.com, O=SMITH, C=SE
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: 23496237719502336160731187123882087516857248303136016525007515477411820324389309412497616204841416737428369029539727911829957261900246123671755448783374076371585220700946079814339410697877719076300791503351733152444962714618216706903270272228589537934701160017250218124068090224176369183083907456616852817429610227318879195807569316432328134191548839310114727528540673
public exponent: 65537
Validity: [From: Thu Oct 11 18:37:21 CEST 2012,
To: Fri Oct 11 18:37:21 CEST 2013]
Issuer: CN=smith.droid-ip.com, O=SMITH, C=SE
SerialNumber: [ b4ba1f6a 7902bb97]
Certificate Extensions: 3
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 28 E3 D4 F1 6B 59 12 54 26 6B 9B 09 6A 94 77 79 (...kY.T&k..j.wy
0010: AE BC 3D 2B ..=+
]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 28 E3 D4 F1 6B 59 12 54 26 6B 9B 09 6A 94 77 79 (...kY.T&k..j.wy
0010: AE BC 3D 2B ..=+
]
]
[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: B0 22 82 D5 1B AF 4C A7 7E D9 B4 27 F7 48 C4 D7 ."....L....'.H..
0010: DE A5 45 E6 72 D1 85 DE CF F7 AF A4 97 7B 68 6A ..E.r.........hj
0020: FE 22 D0 1A 38 E6 5F D4 6B ED CD F1 32 6B 29 E5 ."..8._.k...2k).
00D0: CF 07 1B AD 48 3B FE 4B F9 1A 82 C9 CB 24 88 89 ....H;.K.....$..
00E0: C3 78 8E A6 D4 FE CE 39 66 F4 48 39 16 7D 8E 08 .x.....9f.H9....
00F0: DB 3E 24 F7 FD 34 76 94 6D 37 BE EF 53 BA 89 4D .>$..4v.m7..S..M
]
[read] MD5 and SHA1 hashes: len = 861
0000: 0B 00 03 59 00 03 56 00 03 53 30 82 03 4F 30 82 ...Y..V..S0..O0.
0010: 02 37 A0 03 02 01 02 02 09 00 B4 BA 1F 6A 79 02 .7...........jy.
0030: 00 30 3E 31 0B 30 09 06 03 55 04 06 13 02 53 45 .0>1.0...U....SE
0040: 31 0F 30 0D 06 03 55 04 0A 0C 06 53 50 52 49 49 1.0...U....SPRII
00D0: 6D 30 82 01 22 30 0D 06 09 2A 86 48 86 F7 0D 01 m0.."0...*.H....
01D0: 4F DE F0 44 74 44 65 34 E5 05 79 01 B3 11 6F 56 O..DtDe4..y...oV
01E0: EC C0 54 54 BF E1 E9 AA 1E 8B E7 F7 32 7C 54 30 ..TT........2.T0
0340: A6 D4 FE CE 39 66 F4 48 39 16 7D 8E 08 DB 3E 24 ....9f.H9.....>$
0350: F7 FD 34 76 94 6D 37 BE EF 53 BA 89 4D ..4v.m7..S..M
[Raw read]: length = 5
0000: 16 03 01 01 06 .....
[Raw read]: length = 262
0000: 10 00 01 02 01 00 68 11 0C CB 8C 6D 92 37 18 B5 ......h....m.7..
0010: 4E FD 0E 78 75 8F D1 DB 66 0F EA BB D5 72 D0 3A N..xu...f....r.:
0020: 1F 90 F3 43 59 6D 4B 41 12 ED 79 48 89 FF 76 59 ...CYmKA..yH..vY
0030: DF 37 0B 0D 9A AA 22 A6 CB EF 60 4E D3 39 39 81 .7...."...`N.99.
00E0: EC 82 8D 45 BA 4A 50 2D 6D D6 20 70 85 11 35 4A ...E.JP-m. p..5J
00F0: 25 34 00 57 44 34 36 AE 3F 52 A9 8A 16 A1 B2 5A %4.WD46.?R.....Z
0100: 5A 96 A9 F2 5D E4 Z...].
main, READ: TLSv1 Handshake, length = 262
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 D6 F1 4F BA 49 65 65 6E 06 F8 82 06 9C D7 ....O.Ieen......
0010: 4A C2 FA A8 2B 06 79 71 9B 3E CA 4D B7 2D D1 FE J...+.yq.>.M.-..
0020: 81 50 20 43 B8 37 9D EA 67 F5 76 C3 EC E0 6B 79 .P C.7..g.v...ky
CONNECTION KEYGEN:
Client Nonce:
0000: 50 77 38 3C 36 6C 05 1E DA AF DA 43 76 EF 65 9B Pw8<6l.....Cv.e.
0010: 43 C4 5A 05 34 FC 42 B9 4F 54 B0 F9 14 C4 AE AB C.Z.4.B.OT......
Server Nonce:
0000: 50 77 38 32 AE 00 73 8B 0A 18 41 41 D2 E1 EB F6 Pw82..s...AA....
0010: 49 DE E3 02 F9 6C 8E 77 71 83 4E CA 53 43 AC B5 I....l.wq.N.SC..
Master Secret:
0000: 1C 3A 33 0F 48 F6 EB D8 E4 89 67 06 3E E8 5A AF .:3.H.....g.>.Z.
0010: 4A E9 18 C9 D2 BA 9B 5E 5F FE D5 A5 3A 84 47 54 J......^_...:.GT
0020: 0F 37 A3 6F A1 E9 F8 E8 F6 48 CD BA 59 60 54 AC .7.o.....H..Y`T.
Client MAC write Secret:
0000: E7 E3 96 EB A2 8D A7 C0 AE 86 D7 E2 9E 92 F4 C6 ................
Server MAC write Secret:
0000: 01 BE 26 91 6C 97 03 BE 98 22 76 10 92 80 71 F1 ..&.l...."v...q.
Client write key:
0000: EF 91 16 71 44 15 66 AB ED 8C 0E D8 1E EE DE B9 ...qD.f.........
Server write key:
0000: 7D CD 93 B3 35 53 1D 34 F8 6C 60 6C EC B5 F7 5A ....5S.4.l`l...Z
... no IV used for this cipher
[read] MD5 and SHA1 hashes: len = 262
0000: 10 00 01 02 01 00 68 11 0C CB 8C 6D 92 37 18 B5 ......h....m.7..
0010: 4E FD 0E 78 75 8F D1 DB 66 0F EA BB D5 72 D0 3A N..xu...f....r.:
0020: 1F 90 F3 43 59 6D 4B 41 12 ED 79 48 89 FF 76 59 ...CYmKA..yH..vY
0030: DF 37 0B 0D 9A AA 22 A6 CB EF 60 4E D3 39 39 81 .7...."...`N.99.
00D0: D4 CB 63 98 27 D7 79 28 EE EA F6 83 0E 9A 49 0C ..c.'.y(......I.
00E0: EC 82 8D 45 BA 4A 50 2D 6D D6 20 70 85 11 35 4A ...E.JP-m. p..5J
00F0: 25 34 00 57 44 34 36 AE 3F 52 A9 8A 16 A1 B2 5A %4.WD46.?R.....Z
0100: 5A 96 A9 F2 5D E4 Z...].
[Raw read]: length = 5
0000: 16 03 01 01 06 .....
[Raw read]: length = 262
0000: 0F 00 01 02 01 00 39 86 C9 39 9F 54 9A AF 49 40 ......9..9.T..I@
0010: B3 EB C4 81 2A 68 FA E8 ED CE 70 AF 1C 57 43 64 ....*h....p..WCd
0020: 5E C5 B7 86 01 0F 17 E1 BA 52 2A 98 63 33 BF E5 ^........R*.c3..
0030: 05 25 B4 68 6B 7E 0E 86 8A E0 21 66 C2 1A 93 E3 .%.hk.....!f....
0040: B7 3C DD B2 44 86 BF 39 54 00 93 55 1D 22 90 74 .<..D..9T..U.".t
00D0: 2D C5 AC C0 73 6B E4 89 01 6E 4E C5 9F 78 EF 8F -...sk...nN..x..
00E0: 52 4A 7F 8C 47 AC 3A 37 FF FD 67 77 F9 37 F4 B8 RJ..G.:7..gw.7..
00F0: 82 B2 25 3C 8D A7 F2 4F E2 D6 74 CA 67 9F 07 90 ..%<...O..t.g...
0100: 19 6D 89 2E 90 98 .m....
main, READ: TLSv1 Handshake, length = 262
*** CertificateVerify
[read] MD5 and SHA1 hashes: len = 262
0000: 0F 00 01 02 01 00 39 86 C9 39 9F 54 9A AF 49 40 ......9..9.T..I@
0010: B3 EB C4 81 2A 68 FA E8 ED CE 70 AF 1C 57 43 64 ....*h....p..WCd
0020: 5E C5 B7 86 01 0F 17 E1 BA 52 2A 98 63 33 BF E5 ^........R*.c3..
00A0: 0C E5 B2 29 6D 68 94 FC 8C 06 77 3D B5 F2 1F 60 ...)mh....w=...`
00B0: 49 81 B7 82 D7 39 14 6B 0A 56 B4 A7 1A 18 B5 71 I....9.k.V.....q
00C0: 62 64 F6 C6 6C 9C 13 59 5B 85 7C 88 7E 31 43 E0 bd..l..Y[....1C.
00D0: 2D C5 AC C0 73 6B E4 89 01 6E 4E C5 9F 78 EF 8F -...sk...nN..x..
00E0: 52 4A 7F 8C 47 AC 3A 37 FF FD 67 77 F9 37 F4 B8 RJ..G.:7..gw.7..
00F0: 82 B2 25 3C 8D A7 F2 4F E2 D6 74 CA 67 9F 07 90 ..%<...O..t.g...
0100: 19 6D 89 2E 90 98 .m....
[Raw read]: length = 5
0000: 14 03 01 00 01 .....
[Raw read]: length = 1
0000: 01 .
main, READ: TLSv1 Change Cipher Spec, length = 1
[Raw read]: length = 5
0000: 16 03 01 00 20 ....
[Raw read]: length = 32
0000: 01 98 6F CA DD 51 09 F5 05 94 7F 52 DB 34 BD D8 ..o..Q.....R.4..
0010: 13 5A A5 76 3F D5 92 A8 A8 95 D9 22 99 B5 1E DF .Z.v?......"....
main, READ: TLSv1 Handshake, length = 32
Padded plaintext after DECRYPTION: len = 32
0000: 14 00 00 0C D6 D1 12 A7 F8 A4 7A 44 47 9C 47 3E ..........zDG.G>
0010: BB 4E 1E 95 4E 50 44 B3 39 7E 30 09 77 6A DE 92 .N..NPD.9.0.wj..
*** Finished
verify_data: { 214, 209, 18, 167, 248, 164, 122, 68, 71, 156, 71, 62 }
***
[read] MD5 and SHA1 hashes: len = 16
0000: 14 00 00 0C D6 D1 12 A7 F8 A4 7A 44 47 9C 47 3E ..........zDG.G>
main, WRITE: TLSv1 Change Cipher Spec, length = 1
[Raw write]: length = 6
0000: 14 03 01 00 01 01 ......
*** Finished
verify_data: { 165, 58, 44, 99, 220, 79, 174, 0, 32, 51, 253, 168 }
***
[write] MD5 and SHA1 hashes: len = 16
0000: 14 00 00 0C A5 3A 2C 63 DC 4F AE 00 20 33 FD A8 .....:,c.O.. 3..
Padded plaintext before ENCRYPTION: len = 32
0000: 14 00 00 0C A5 3A 2C 63 DC 4F AE 00 20 33 FD A8 .....:,c.O.. 3..
0010: 62 F0 CA 30 9A 85 CC 70 4C C8 06 AB 4E C3 D4 51 b..0...pL...N..Q
main, WRITE: TLSv1 Handshake, length = 32
[Raw write]: length = 37
0000: 16 03 01 00 20 60 0E 0F 7F 02 92 30 80 95 F3 FD .... `.....0....
0010: C9 64 76 7D 2F 38 08 5F BF A8 CD 58 DD 67 77 52 .dv./8._...X.gwR
0020: E2 A5 0B 42 36 ...B6
%% Cached server session: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
printSocketInfo......
Server socket class: class sun.security.ssl.SSLServerSocketImpl
Socker address = 0.0.0.0/0.0.0.0
Socker port = 54012
Need client authentication = true
Want client authentication = false
Use client mode = false
END printSocketInfo......
Cipher suite used for this session: SSL_RSA_WITH_RC4_128_MD5
Server -> receiving...
[Raw read]: length = 5
0000: 17 03 01 00 62 ....b
[Raw read]: length = 98
0000: E8 15 04 7C 7E 46 D5 57 5C 54 4A 60 56 40 BF B5 .....F.W\TJ`V@..
0010: 09 40 C3 E5 A9 DD DF CA F7 B3 DE 93 C0 41 7A 84 .@...........Az.
0020: 1C 8E C2 81 98 FA 74 3C 80 13 FD B1 BB 97 B4 02 ......t<........
0030: A9 04 67 92 08 1D F6 24 D1 77 D0 89 D8 92 88 53 ..g....$.w.....S
0040: 33 47 00 DB E7 F8 B1 75 1C EC B8 A5 FA 60 12 2B 3G.....u.....`.+
0050: 7A 6C 88 4C 60 46 E6 89 61 96 53 7E 64 F1 F3 30 zl.L`F..a.S.d..0
0060: A5 B1 ..
main, READ: TLSv1 Application Data, length = 98
Padded plaintext after DECRYPTION: len = 98
0000: 00 50 2A 2A 2A 2A 2A 2A 2A 2A 2A 20 54 68 69 73 .P********* This
0010: 20 6C 69 6E 65 20 69 73 20 73 65 6E 74 20 66 72 line is sent fr
0020: 6F 6D 20 41 6E 64 72 6F 69 64 20 63 6C 69 65 6E om Android clien
0030: 74 2E 20 48 65 6C 6C 6F 20 73 73 6C 53 65 72 76 t. Hello sslServ
0040: 65 72 53 6F 63 6B 65 74 2A 2A 2A 2A 2A 2A 2A 2A erSocket********
0050: 2A 2A 03 CE 95 53 B4 97 8D BE 2A 25 DD 52 6B 1F **...S....*%.Rk.
0060: 19 44 .D
Padded plaintext before ENCRYPTION: len = 88
0000: 00 46 2A 2A 2A 2A 2A 2A 2A 2A 2A 20 54 68 69 73 .F********* This
0010: 20 6C 69 6E 65 20 69 73 20 73 65 6E 74 20 66 72 line is sent fr
0020: 6F 6D 20 50 43 20 63 6C 69 65 6E 74 2E 20 48 65 om PC client. He
0030: 6C 6C 6F 20 53 53 4C 53 6F 63 6B 65 74 20 2A 2A llo SSLSocket **
0040: 2A 2A 2A 2A 2A 2A 2A 2A 7B A6 BC 2F 8B C5 E0 A4 ********.../....
0050: B1 D7 F9 70 DD EF DF 6C ...p...l
main, WRITE: TLSv1 Application Data, length = 88
[Raw write]: length = 93
0000: 17 03 01 00 58 BA D5 B5 95 E2 12 7A D8 A7 1A D1 ....X......z....
0010: FD FB C6 01 39 2A AD 69 DE A9 6A AE CB 56 4A EF ....9*.i..j..VJ.
0020: E1 B8 EF 20 9D E3 CB 95 EF 37 1D 0A 51 78 DA E6 ... .....7..Qx..
0030: 6C 7D 4C BB 70 B3 28 16 E1 44 9D 15 DA B5 C5 B3 l.L.p.(..D......
0040: C1 68 93 57 E8 2E 9A 2D 80 D4 F0 9C 95 CB 8E 32 .h.W...-.......2
0050: 13 9B 99 3B 68 3A 4F E0 E0 2C 8B 97 CD ...;h:O..,...
********* This line is sent from Android client. Hello sslServerSocket**********
main, called close()
main, called closeInternal(true)
main, SEND TLSv1 ALERT: warning, description = close_notify
Padded plaintext before ENCRYPTION: len = 18
0000: 01 00 30 AA AA 69 87 AF BF AC 5C CD 2D A9 92 29 ..0..i....\.-..)
0010: 00 F4 ..
main, WRITE: TLSv1 Alert, length = 18
[Raw write]: length = 23
0000: 15 03 01 00 12 C7 B4 E7 A6 27 7E B6 08 BD AD 54 .........'.....T
0010: AF 9E 1D 48 3B 66 16 ...H;f.
main, called closeSocket(selfInitiated)
main, called close()
main, called closeInternal(true)
main, called close()
main, called closeInternal(true)
Server ended
***FROM ANDROID CLIENT LOGCAT
10-11 23:21:00.800: I/System.out(25493): Socket class: class org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl
10-11 23:21:00.800: I/System.out(25493): Remote address = smith.droid-ip.com/82.209.154.27
10-11 23:21:00.800: I/System.out(25493): Remote port = 54012
10-11 23:21:00.800: I/System.out(25493): Local socket address = /192.168.1.251:54732
10-11 23:21:00.800: I/System.out(25493): Local address = /192.168.1.251
10-11 23:21:00.800: I/System.out(25493): Local port = 54732
10-11 23:21:00.800: I/System.out(25493): Need client authentication = false
10-11 23:21:01.180: I/System.out(25493): Session class: class org.apache.harmony.xnet.provider.jsse.OpenSSLSessionImpl
10-11 23:21:01.180: I/System.out(25493): Cipher suite = SSL_RSA_WITH_RC4_128_MD5
10-11 23:21:01.180: I/System.out(25493): Protocol = TLSv1
10-11 23:21:01.180: I/System.out(25493): PeerPrincipal = CN=smith.droid-ip.com,O=SMITH,C=SE
10-11 23:21:01.190: I/System.out(25493): LocalPrincipal = CN=smith.droid-ip.com,O=SMITH,C=SE
10-11 23:21:01.190: I/System.out(25493): Server -> receiving...
答案 0 :(得分:1)
如果查看跟踪,Certificate
和CertificateRequest
之后会收到ServerHelloDone
条消息,以及CertificateVerify
消息(后跟成功{{} 1}}),表示发生了客户端证书身份验证。
稍后,您会在加密之前/之后获得纯文本片段:
Finished
您还使用了支持加密和经过身份验证的密钥交换的密码套件:Padded plaintext after DECRYPTION: len = 98
0000: 00 50 2A 2A 2A 2A 2A 2A 2A 2A 2A 20 54 68 69 73 .P********* This
0010: 20 6C 69 6E 65 20 69 73 20 73 65 6E 74 20 66 72 line is sent fr
0020: 6F 6D 20 41 6E 64 72 6F 69 64 20 63 6C 69 65 6E om Android clien
0030: 74 2E 20 48 65 6C 6C 6F 20 73 73 6C 53 65 72 76 t. Hello sslServ
0040: 65 72 53 6F 63 6B 65 74 2A 2A 2A 2A 2A 2A 2A 2A erSocket********
0050: 2A 2A 03 CE 95 53 B4 97 8D BE 2A 25 DD 52 6B 1F **...S....*%.Rk.
0060: 19 44 .D
Padded plaintext before ENCRYPTION: len = 88
0000: 00 46 2A 2A 2A 2A 2A 2A 2A 2A 2A 20 54 68 69 73 .F********* This
0010: 20 6C 69 6E 65 20 69 73 20 73 65 6E 74 20 66 72 line is sent fr
0020: 6F 6D 20 50 43 20 63 6C 69 65 6E 74 2E 20 48 65 om PC client. He
0030: 6C 6C 6F 20 53 53 4C 53 6F 63 6B 65 74 20 2A 2A llo SSLSocket **
0040: 2A 2A 2A 2A 2A 2A 2A 2A 7B A6 BC 2F 8B C5 E0 A4 ********.../....
0050: B1 D7 F9 70 DD EF DF 6C ...p...l
。话虽如此,基于MD5的密码套件可能不是最佳选择。这个也是SunJSSE provider in Java 7默认启用的密码套件优先顺序中的最后一个,但它是您的客户端发送的列表中的第一个。您当然可以更改客户端上的密码套件,也可以在服务器上禁用密码套件(使用套接字上的SSL_RSA_WITH_RC4_128_MD5
)。
它似乎在那里正常工作。
看起来奇怪的是,您的客户端和服务器证书似乎都是具有相同名称的不同自签名证书(主题/颁发者DN:setEnabledCipherSuites()
,但密钥和序列号不同。)
这当然不是好习惯。即使您使用的是自签名证书,也不要使它们使用相同的名称。此外,您应检查您的客户端是否正确验证了服务器名称:您可以尝试使用IP地址连接到服务器(假设证书没有该地址的IP地址),以检查它它应该失败。
答案 1 :(得分:1)
除了查看调试日志之外,尝试使用WireShark或类似工具捕获服务器上的http流量。然后,您可以查看TLS握手并验证流量确实已在线路上加密。
答案 2 :(得分:1)
密码套件:SSL_RSA_WITH_RC4_128_MD5
告诉你密码套件。这是一个加密密码套件。
继续生成pre-master秘密和连接nonces:这些用于生成会话密钥,因此有一个会话密钥。
它是加密的。