我再次准备了密钥库,现在我遇到了握手问题。 请查看如下跟踪:
adding as trusted cert:
Subject: CN=GeoTrust SSL CA - G3, O=GeoTrust Inc., C=US
Issuer: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
Algorithm: RSA; Serial number: 0x23a6f
Valid from Wed Nov 06 03:06:50 IST 2013 until Sat May 21 03:06:50 IST 2022
adding as trusted cert:
Subject: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
Issuer: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
Algorithm: RSA; Serial number: 0x23456
Valid from Tue May 21 09:30:00 IST 2002 until Sat May 21 09:30:00 IST 2022
adding as trusted cert:
Subject: CN=TEST-V3, OU=Payment Systems - Test, O=IBM
Issuer: CN=IBM Payment Systems Test Certification Authority, OU=IBM Payment Systems, O=IBM, C=DK
Algorithm: RSA; Serial number: 0x1af
Valid from Thu Mar 09 05:30:00 IST 2017 until Thu Aug 01 05:29:59 IST 2019
trigger seeding of SecureRandom
done seeding SecureRandom
Executing request GET https://test:50443/ping/sys HTTP/1.1
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring disabled protocol: SSLv3
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_GCM_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1472397740 bytes = { 90, 142, 214, 84, 183, 215, 31, 160, 157, 197, 81, 89, 66, 174, 32, 173, 75, 155, 37, 76, 134, 0, 61, 180, 100, 107, 107, 127 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension server_name, server_name: [type=host_name (0), value=test]
***
[write] MD5 and SHA1 hashes: len = 181
0000: 01 00 00 B1 03 01 58 C3 02 AC 5A 8E D6 54 B7 D7 ......X...Z..T..
0010: 1F A0 9D C5 51 59 42 AE 20 AD 4B 9B 25 4C 86 00 ....QYB. .K.%L..
0020: 3D B4 64 6B 6B 7F 00 00 2C C0 0A C0 14 00 35 C0 =.dkk...,.....5.
0030: 05 C0 0F 00 39 00 38 C0 09 C0 13 00 2F C0 04 C0 ....9.8...../...
0040: 0E 00 33 00 32 C0 08 C0 12 00 0A C0 03 C0 0D 00 ..3.2...........
0050: 16 00 13 00 FF 01 00 00 5C 00 0A 00 34 00 32 00 ........\...4.2.
0060: 17 00 01 00 03 00 13 00 15 00 06 00 07 00 09 00 ................
0070: 0A 00 18 00 0B 00 0C 00 19 00 0D 00 0E 00 0F 00 ................
0080: 10 00 11 00 02 00 12 00 04 00 05 00 14 00 08 00 ................
0090: 16 00 0B 00 02 01 00 00 00 00 1A 00 18 00 00 15 ................
00A0: 69 70 73 2D 70 72 65 70 72 6F 64 2E 69 68 6F 73 test
main, WRITE: TLSv1 Handshake, length = 181
[Raw write]: length = 186
[Raw read]: length = 5
0000: 16 03 01 00 55 ....U
[Raw read]: length = 85
main, READ: TLSv1 Handshake, length = 85
*** ServerHello, TLSv1
RandomCookie: GMT: -1763120708 bytes = { 59, 4, 22, 253, 85, 2, 33, 55, 71, 167, 214, 2, 43, 34, 103, 36, 246, 211, 29, 98, 71, 35, 217, 149, 242, 147, 142, 60 }
Session ID: {130, 248, 4, 146, 215, 60, 121, 119, 106, 192, 124, 239, 63, 133, 32, 255, 251, 76, 14, 153, 69, 208, 159, 189, 205, 94, 191, 243, 14, 21, 112, 15}
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
Extension server_name, server_name:
***
%% Initialized: [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]
** TLS_RSA_WITH_AES_128_CBC_SHA
[read] MD5 and SHA1 hashes: len = 85
main, READ: TLSv1 Handshake, length = 2375
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=test, O=IBM Danmark ApS, L=Ballerup, ST=Denmark, C=DK
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
modulus:
public exponent: 65537
Validity: [From: Wed Aug 19 05:30:00 IST 2015,
To: Thu Oct 18 05:29:59 IST 2018]
Issuer: CN=GeoTrust SSL CA - G3, O=GeoTrust Inc., C=US
SerialNumber: [ 58fc8755 d3dec7e7 4f9dd9a6 64d6c312]
Certificate Extensions: 8
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: ocsp
accessLocation: URIName: http://gn.symcd.com
,
accessMethod: caIssuers
accessLocation: URIName: http://gn.symcb.com/gn.crt
]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: D2 6F F7 96 F4 85 3F 72 3C 30 7D 23 DA 85 78 9B .o....?r<0.#..x.
0010: A3 7C 5A 7C ..Z.
]
]
[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
]
[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://gn.symcb.com/gn.crl]
]]
[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.23.140.1.2.2]
[6]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
]
[7]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
]
[8]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: test
]
]
Algorithm: [SHA256withRSA]
Signature:
]
chain [1] = [
[
Version: V3
Subject: CN=GeoTrust SSL CA - G3, O=GeoTrust Inc., C=US
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
modulus: 28750030505165604890850270805621306257072804387937490615824770523820321362550937780850035994683054588055508748696205117506674985865653625543463062925106222857728617711064416811840996536244297773530394755403023692961185980704471296075689618905841805280863747434432441027316024968573511986381257910569786560233452976395052435967005000570194527947098842065537915042318598723531518795601302291733897107118135130366085680274591705427460152216995720185506015185633329842959670187299414247347586421938382568908384120224025448454551141331962396420208135784878289124860435208739614728353739364385405169171116352649372320734821
public exponent: 65537
Validity: [From: Wed Nov 06 03:06:50 IST 2013,
To: Sat May 21 03:06:50 IST 2022]
Issuer: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
SerialNumber: [ 023a6f]
Certificate Extensions: 8
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: ocsp
accessLocation: URIName: http://g2.symcb.com
]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: C0 7A 98 68 8D 89 FB AB 05 64 0C 11 7D AA 7D 65 .z.h.....d.....e
0010: B8 CA CC 4E ...N
]
]
[3]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:0
]
[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://g1.symcb.com/crls/gtglobal.crl]
]]
[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.840.1.113733.1.7.54]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 25 68 74 74 70 3A 2F 2F 77 77 77 2E 67 65 6F .%http://www.geo
0010: 74 72 75 73 74 2E 63 6F 6D 2F 72 65 73 6F 75 72 trust.com/resour
0020: 63 65 73 2F 63 70 73 ces/cps
]] ]
]
[6]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]
[7]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
CN=SymantecPKI-1-539
]
[8]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: D2 6F F7 96 F4 85 3F 72 3C 30 7D 23 DA 85 78 9B .o....?r<0.#..x.
0010: A3 7C 5A 7C ..Z.
]
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: A0 D4 F7 2C FB 74 0B 7F 64 F1 CD 43 6A 9F 62 53 ...,.t..d..Cj.bS
0010: 1C 02 7C 98 90 A2 EE 4F 68 D4 20 1A 73 12 3E 77 .......Oh. .s.>w
0020: B3 50 EB 72 BC EE 88 BE 7F 17 EA 77 8F 83 61 95 .P.r.......w..a.
0030: 4F 84 A1 CB 32 4F 6C 21 BE D2 69 96 7D 63 BD DC O...2Ol!..i..c..
0040: 2B A8 1F D0 13 84 70 FE F6 35 95 89 F9 A6 77 B0 +.....p..5....w.
0050: 46 C8 BB B7 13 F5 C9 60 69 D6 4C FE D2 8E EF D3 F......`i.L.....
0060: 60 C1 80 80 E1 E7 FB 8B 6F 21 79 4A E0 DC A9 1B `.......o!yJ....
0070: C1 B7 FB C3 49 59 5C B5 77 07 44 D4 97 FC 49 00 ....IY\.w.D...I.
0080: 89 6F 06 4E 01 70 19 AC 2F 11 C0 E2 E6 0F 2F 86 .o.N.p../...../.
0090: 4B 8D 7B C3 B9 A7 2E F4 F1 AC 16 3E 39 49 51 9E K..........>9IQ.
00A0: 17 4B 4F 10 3A 5B A5 A8 92 6F FD FA D6 0B 03 4D .KO.:[...o.....M
00B0: 47 56 57 19 F3 CB 6B F5 F3 D6 CF B0 F5 F5 A3 11 GVW...k.........
00C0: D2 20 53 13 34 37 05 2C 43 5A 63 DF 8D 40 D6 85 . S.47.,CZc..@..
00D0: 1E 51 E9 51 17 1E 03 56 C9 F1 30 AD E7 9B 11 A2 .Q.Q...V..0.....
00E0: B9 D0 31 81 9B 68 B1 D9 E8 F3 E6 94 7E C7 AE 13 ..1..h..........
00F0: 2F 87 ED D0 25 B0 68 F9 DE 08 5A F3 29 CC D4 92 /...%.h...Z.)...
]
***
Found trusted certificate:
[
[
Version: V3
Subject: CN=GeoTrust SSL CA - G3, O=GeoTrust Inc., C=US
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
modulus: 28750030505165604890850270805621306257072804387937490615824770523820321362550937780850035994683054588055508748696205117506674985865653625543463062925106222857728617711064416811840996536244297773530394755403023692961185980704471296075689618905841805280863747434432441027316024968573511986381257910569786560233452976395052435967005000570194527947098842065537915042318598723531518795601302291733897107118135130366085680274591705427460152216995720185506015185633329842959670187299414247347586421938382568908384120224025448454551141331962396420208135784878289124860435208739614728353739364385405169171116352649372320734821
public exponent: 65537
Validity: [From: Wed Nov 06 03:06:50 IST 2013,
To: Sat May 21 03:06:50 IST 2022]
Issuer: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
SerialNumber: [ 023a6f6 13 02 47 42 31 17 30 15 .0...U....GB1.0.
0020: 06 03 55 04 08 13 0E 43 61 6D 62 72 69 64 67 65 ..U....Cambridge
0030: 73 68 69 72 65 31 12 30 10 06 03 55 04 07 13 09 shire1.0...U....
0040: 43 61 6D 62 72 69 64 67 65 31 15 30 13 06 03 55 Cambridge1.0...U
0050: 04 0A 13 0C 57 6F 72 6C 64 50 61 79 20 4C 74 64 ....WorldPay Ltd
0060: 31 1F 30 1D 06 03 55 04 0B 13 16 41 70 70 6C 69 1.0...U....Appli
0070: 63 61 74 69 6F 6E 20 4D 61 6E 61 67 65 6D 65 6E cation Managemen
0080: 74 31 1B 30 19 06 03 55 04 03 13 12 57 50 47 20 t1.0...U....WPG
0090: 43 6C 69 65 6E 74 20 52 6F 6F 74 20 43 41 00 76 Client Root CA.v
00A0: 30 74 31 0B 30 09 06 03 55 04 06 13 02 44 4B 31 0t1.0...U....DK1
00B0: 0C 30 0A 06 03 55 04 0A 13 03 49 42 4D 31 1C 30 .0...U....IBM1.0
00C0: 1A 06 03 55 04 0B 13 13 49 42 4D 20 50 61 79 6D ...U....IBM Paym
00D0: 65 6E 74 20 53 79 73 74 65 6D 73 31 39 30 37 06 ent Systems1907.
00E0: 03 55 04 03 13 30 49 42 4D 20 50 61 79 6D 65 6E .U...0IBM Paymen
00F0: 74 20 53 79 73 74 65 6D 73 20 54 65 73 74 20 43 t Systems Test C
0100: 65 72 74 69 66 69 63 61 74 69 6F 6E 20 41 75 74 ertification Aut
0110: 68 6F 72 69 74 79 00 78 30 76 31 0B 30 09 06 03 hority.x0v1.0...
0120: 55 04 06 13 02 44 4B 31 0C 30 0A 06 03 55 04 0A U....DK1.0...U..
0130: 13 03 49 42 4D 31 1D 30 1B 06 03 55 04 0B 13 14 ..IBM1.0...U....
0140: 49 42 4D 20 50 61 79 6D 65 6E 74 73 20 47 61 74 IBM Payments Gat
0150: 65 77 61 79 31 3A 30 38 06 03 55 04 03 13 31 49 eway1:08..U...1I
0160: 42 4D 20 50 61 79 6D 65 6E 74 73 20 47 61 74 65 BM Payments Gate
0170: 77 61 79 20 54 65 73 74 20 43 65 72 74 69 66 69 way Test Certifi
0180: 63 61 74 69 6F 6E 20 41 75 74 68 6F 72 69 74 79 cation Authority
[Raw read]: length = 5
0000: 16 03 01 00 04 .....
[Raw read]: length = 4
0000: 0E 00 00 00 ....
main, READ: TLSv1 Handshake, length = 4
*** ServerHelloDone
[read] MD5 and SHA1 hashes: len = 4
0000: 0E 00 00 00 ....
Warning: no suitable certificate found - continuing without client authentication
*** Certificate chain
<Empty>
***
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
[write] MD5 and SHA1 hashes: len = 269
0000: 0B 00 00 03 00 00 00 10 00 01 02 01 00 5B 8C E0 .............[..
0010: 1F 11 FA 1A 21 5E 38 87 25 C0 AF 7F D6 C3 A3 4E ....!^8.%......N
0020: 65 D8 D2 34 FF 98 66 8F 57 78 81 C0 4B 80 A8 13 e..4..f.Wx..K...
0030: 4E 47 C3 33 CB 7F D1 58 94 A5 E0 D1 47 A6 E7 71 NG.3...X....G..q
0040: 3A 27 49 99 9B C0 5D 10 67 71 3F BA 3F 73 15 60 :'I...].gq?.?s.`
0050: 34 90 BC 7E 6D 52 33 8F 46 D4 0A BC 38 E9 9F 9B 4...mR3.F...8...
0060: ED 36 CC 84 91 ED E5 CB 31 A2 22 B5 A7 BF 22 A8 .6......1."...".
0070: B8 F3 A6 DA A5 CA CC BF FB B5 E0 FA F7 E6 15 70 ...............p
0080: 40 C2 68 1C F8 C6 6D 2D 02 7E 00 9E 9F 54 2A 6F @.h...m-.....T*o
0090: 4C 34 6A 40 F9 51 04 BA 50 2B 5F 9F 9D 04 B3 BA L4j@.Q..P+_.....
00A0: 9D AE AB E2 0D 56 42 C0 3E 9A 2E C2 07 74 A4 86 .....VB.>....t..
00B0: 8B B9 B2 E9 C1 67 59 06 2E 0F 46 BC E9 37 ED 36 .....gY...F..7.6
00C0: 7B 71 8C 62 CD 29 ED 17 0D 3C 02 19 58 FF E8 B2 .q.b.)...<..X...
00D0: C7 D4 31 CC 54 BB 7C 5F 54 EB 8D 1B FE 0D E0 44 ..1.T.._T......D
00E0: 00 83 05 9C 46 28 06 93 5E FA A8 EF A8 6C EB B4 ....F(..^....l..
00F0: F0 4D 32 AD D8 90 7D 7F 8B 01 EC 47 2F 5C AC C9 .M2........G/\..
0100: 74 CD BC B1 27 74 83 15 FA 92 86 39 EC t...'t.....9.
main, WRITE: TLSv1 Handshake, length = 269
[Raw write]: length = 274
0000: 16 03 01 01 0D 0B 00 00 03 00 00 00 10 00 01 02 ................
0010: 01 00 5B 8C E0 1F 11 FA 1A 21 5E 38 87 25 C0 AF ..[......!^8.%..
0020: 7F D6 C3 A3 4E 65 D8 D2 34 FF 98 66 8F 57 78 81 ....Ne..4..f.Wx.
0030: C0 4B 80 A8 13 4E 47 C3 33 CB 7F D1 58 94 A5 E0 .K...NG.3...X...
0040: D1 47 A6 E7 71 3A 27 49 99 9B C0 5D 10 67 71 3F .G..q:'I...].gq?
0050: BA 3F 73 15 60 34 90 BC 7E 6D 52 33 8F 46 D4 0A .?s.`4...mR3.F..
0060: BC 38 E9 9F 9B ED 36 CC 84 91 ED E5 CB 31 A2 22 .8....6......1."
0070: B5 A7 BF 22 A8 B8 F3 A6 DA A5 CA CC BF FB B5 E0 ..."............
0080: FA F7 E6 15 70 40 C2 68 1C F8 C6 6D 2D 02 7E 00 ....p@.h...m-...
0090: 9E 9F 54 2A 6F 4C 34 6A 40 F9 51 04 BA 50 2B 5F ..T*oL4j@.Q..P+_
00A0: 9F 9D 04 B3 BA 9D AE AB E2 0D 56 42 C0 3E 9A 2E ..........VB.>..
00B0: C2 07 74 A4 86 8B B9 B2 E9 C1 67 59 06 2E 0F 46 ..t.......gY...F
00C0: BC E9 37 ED 36 7B 71 8C 62 CD 29 ED 17 0D 3C 02 ..7.6.q.b.)...<.
00D0: 19 58 FF E8 B2 C7 D4 31 CC 54 BB 7C 5F 54 EB 8D .X.....1.T.._T..
00E0: 1B FE 0D E0 44 00 83 05 9C 46 28 06 93 5E FA A8 ....D....F(..^..
00F0: EF A8 6C EB B4 F0 4D 32 AD D8 90 7D 7F 8B 01 EC ..l...M2........
0100: 47 2F 5C AC C9 74 CD BC B1 27 74 83 15 FA 92 86 G/\..t...'t.....
0110: 39 EC 9.
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 E2 E9 39 8F 1B E2 C5 2D 87 6C EC 06 B9 F1 ....9....-.l....
0010: DE A4 46 39 5A 29 75 42 17 C9 A6 D0 C8 66 A0 43 ..F9Z)uB.....f.C
0020: CA BE AF 3C E8 4A AF 67 E8 E1 CC 1B DA 37 4E E1 ...<.J.g.....7N.
CONNECTION KEYGEN:
Client Nonce:
0000: 58 C3 02 AC 5A 8E D6 54 B7 D7 1F A0 9D C5 51 59 X...Z..T......QY
0010: 42 AE 20 AD 4B 9B 25 4C 86 00 3D B4 64 6B 6B 7F B. .K.%L..=.dkk.
Server Nonce:
0000: 97 E9 EA BC 3B 04 16 FD 55 02 21 37 47 A7 D6 02 ....;...U.!7G...
0010: 2B 22 67 24 F6 D3 1D 62 47 23 D9 95 F2 93 8E 3C +"g$...bG#.....<
Master Secret:
0000: F8 ED 09 5D C9 9A 75 5F 64 93 B2 1F AF 1B AF 7B ...]..u_d.......
0010: FF 46 26 15 53 36 AA 07 86 37 32 C6 A8 69 0E F1 .F&.S6...72..i..
0020: 22 23 57 ED B0 11 8F 43 B2 37 61 13 C6 93 CB 35 "#W....C.7a....5
Client MAC write Secret:
0000: D0 E7 74 D8 BF E0 EC 3B A6 05 4A FB 8A 08 2E F5 ..t....;..J.....
0010: 03 18 AF 84 ....
Server MAC write Secret:
0000: BF F3 47 87 5B 12 EB 8A CD CD C1 15 E8 0C 3A 7C ..G.[.........:.
0010: 8F AF A0 62 ...b
Client write key:
0000: 21 C2 0E 03 A1 E5 64 BE D6 D5 82 92 43 12 C4 2F !.....d.....C../
Server write key:
0000: 3C 28 7D 04 5D E4 21 83 5D B9 97 C7 18 B0 34 A6 <(..].!.].....4.
Client write IV:
0000: 29 19 60 A2 AA 1C 12 8E 6D 2A 52 FF 27 5F 62 F6 ).`.....m*R.'_b.
Server write IV:
0000: 1F 08 C3 16 DA 35 1B 5F 9A 2A 61 89 BA 52 2D 55 .....5._.*a..R-U
main, WRITE: TLSv1 Change Cipher Spec, length = 1
[Raw write]: length = 6
0000: 14 03 01 00 01 01 ......
*** Finished
verify_data: { 188, 233, 16, 38, 60, 75, 65, 122, 43, 133, 174, 190 }
***
[write] MD5 and SHA1 hashes: len = 16
0000: 14 00 00 0C BC E9 10 26 3C 4B 41 7A 2B 85 AE BE .......&<KAz+...
Padded plaintext before ENCRYPTION: len = 48
0000: 14 00 00 0C BC E9 10 26 3C 4B 41 7A 2B 85 AE BE .......&<KAz+...
0010: AE 44 07 6D D0 13 3D B5 CA 45 64 E4 4A 7C 29 FB .D.m..=..Ed.J.).
0020: 13 AE D5 33 0B 0B 0B 0B 0B 0B 0B 0B 0B 0B 0B 0B ...3............
main, WRITE: TLSv1 Handshake, length = 48
[Raw write]: length = 53
0000: 16 03 01 00 30 29 57 15 15 A7 F7 90 C4 4C AA DC ....0)W......L..
0010: 99 5E 39 00 6A 38 72 A0 2F 71 90 68 A8 EF 34 C1 .^9.j8r./q.h..4.
0020: 9E 0D 1A EB CF 5A 9B 98 8E 3D 53 80 FD 89 64 F7 .....Z...=S...d.
0030: CB D7 BB 3B BC ...;.
[Raw read]: length = 5
0000: 15 03 01 00 02 .....
[Raw read]: length = 2
0000: 02 28 .(
main, READ: TLSv1 Alert, length = 2
main, RECV TLSv1 ALERT: fatal, handshake_failure
%% Invalidated: [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
Exception in thread "main" javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:396)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:355)
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:359)
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:381)
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237)
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185)
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:111)
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108)
at com.husqvarna.poc.ClientCustomSSL.main(ClientCustomSSL.java:40)
当我使用“ openssl s_client -connect test ”命令检查连接时,我收到以下信息:
CONNECTED(00000003)
depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
verify return:1
depth=1 C = US, O = GeoTrust Inc., CN = GeoTrust SSL CA - G3
verify return:1
depth=0 C = DK, ST = Denmark, L = Ballerup, O = IBM Danmark ApS, CN = test
verify return:1
4294956672:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:s3_pkt.c:1493:SSL alert number 40
4294956672:error:140790E5:SSL routines:ssl23_write:ssl handshake failure:s23_lib.c:177:
---
Certificate chain
0 s:/C=DK/ST=Denmark/L=Ballerup/O=IBM Danmark ApS/CN=test
i:/C=US/O=GeoTrust Inc./CN=GeoTrust SSL CA - G3
1 s:/C=US/O=GeoTrust Inc./CN=GeoTrust SSL CA - G3
i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIE4zCCA8ugAwIBAgIQWPyHVdPex+dPndmmZNbDEjANBgkqhkiG9w0BAQsFADBE
MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMU
R2VvVHJ1c3QgU1NMIENBIC0gRzMwHhcNMTUwODE5MDAwMDAwWhcNMTgxMDE3MjM1
OTU5WjBsMQswCQYDVQQGEwJESzEQMA4GA1UECBMHRGVubWFyazERMA8GA1UEBxQI
QmFsbGVydXAxGDAWBgNVBAoUD0lCTSBEYW5tYXJrIEFwUzEeMBwGA1UEAxQVaXBz
LXByZXByb2QuaWhvc3QuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAuB8Mx+Kh1G9PU0bnxU1Y2CfgXTOGpAUR8UhcOiJIVNvC/4dmW5svQjsvKlXC
DpM00/RcWbUIdNCZlSVs4V2nxyS4HAg8o8Wv6ukkSyCQfYUrcciwndA0iEdmj5du
JUujXELVGXM5Fpt7Xl/11KRYSdp/6c1O6CpYKQKox2c3do33nLlqo3z1lPW8R+sL
kH6xacenKsbn/KegdfunlR9922fWpMk4LIa9+B+adkdcHDbonwIRySco9hI4Snr3
Sqr8GsKKyjJXIS+tulMYNVfYZw7BjdtKYfKRrza7OdHgft1FlA1NavSlAnlOZFvu
rttEnzs+ZpRge3wrfxQKDxrlbwIDAQABo4IBpzCCAaMwIAYDVR0RBBkwF4IVaXBz
LXByZXByb2QuaWhvc3QuY29tMAkGA1UdgfdvMAAwDgYDVR0PAQH/BAQDAgWgMCsG
A1UdHwQkMCIwIKAeoByGGmh0dHA6Ly9nbi5zeW1jYi5jb20vZ24uY3JsMIGdBgNV
HSAEgZUwgZIwgY8GBmeBDAECAjCBhDA/dhgvjgEFBQcCARYzaHR0cHM6Ly93d3cu
Z2VvdHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5L2xlZ2FsMEEGCCsGAQUF
BwICMDUMM2h0dHBzOigwdu3Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvcmVwb3Np
dG9yeS9sZWdhbDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHwYDVR0j
BBgwFoAU0m/3lvSFP3I8MH0j2oV4m6N8WnwwVwYIKwYBBQUHAQEESzBJMB8GCCsG
AQUFBzABhhNodHRwOi8vZ24uc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8v
Z24uc3ltY2IuY29tL2duLmNydDANBgkqhkiG9w0BAQsFAAOCAQEAaL1NE8stx84Y
G4Fft1fjDtIDqanZwnb5t9FpLpqCS0wLfDENiITD84XhidfiqV8MHrcjKV2Pp3zg
kaoXtGUZM1Hme6VC+ofOMbmjE7S7k0u05iuKQECNh02OGiRxti4D6si5PFi/E3eB
OkFX6mca1DcshdxZqwTNmSP6biAsDpxvjl+AquiC56f2lhTZapBB2HLYgih5xkVI
XOm3uQmCxLTyHKeQ9UqziYPSkaCfCjKX2mWz7PKhKm/fQgRiyaWh1bhb5KY/w8IE
xWalANXqvhavRB8U084grfX1pzyKKp7388AvEcyTQaqioga2nQkqthpI+Gee1epJ
32UiNwFIGQ==
-----END CERTIFICATE-----
subject=/C=DK/ST=Denmark/L=Ballerup/O=IBM Danmark ApS/CN=test
issuer=/C=US/O=GeoTrust Inc./CN=GeoTrust SSL CA - G3
---
Acceptable client certificate CA names
/C=GB/ST=Cambridgeshire/L=Cambridge/O=WorldPay Ltd/OU=Application Management/CN=WPG Client Root CA
/C=DK/O=IBM/OU=IBM Payment Systems/CN=IBM Payment Systems Test Certification Authority
/C=DK/O=IBM/OU=IBM Payments Gateway/CN=IBM Payments Gateway Test Certification Authority
Client Certificate Types: RSA sign, DSA sign, ECDSA sign
Requested Signature Algorithms: RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Shared Requested Signature Algorithms: RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
---
SSL handshake has read 2913 bytes and written 354 bytes
---
New, TLSv1/SSLv3, Cipher is AES128-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : AES128-SHA
Session-ID: EA40AC1BBF05A17FD208C14A274D4806A27EAFF63A9DA052F796E76BF6DD9817
Session-ID-ctx:
Master-Key: 72440DCEB2FDC82B000671D8AF54D6E4BBF6C635CB97F440E3DCE7530C4B52BB687A33FC134F65E10235109163C8F848
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1489175050
Timeout : 300 (sec)
Verify return code: 0 (ok)
---