5 Replies Latest reply: Jun 23, 2011 5:52 AM by EJP RSS

    SSLConnection with client certificate

    870901
      Hello, i have problem with SSL

      I wrote little program witch try connect to a server, but when I send client cert, server doesn't answer to me i wait 5 mins and after that have error. Someone have the same problem [http://stackoverflow.com/questions/2596022/getting-eofexception-while-trying-to-read-from-sslsocket](The server was getting the packet, checking that it was badly formatted and dropping the connection. Fixing the packet format fixed the problem). But i don't know how to resolve it... Anyone can help me?

      If I try connect with openssl program and PEM files, i recived answer from server

      here is code and debug log
      import java.io.*;
      import java.math.BigInteger;
      import java.security.Certificate;
      import javax.net.ssl.*;
      import java.security.KeyStore;
      import java.security.PrivateKey;
      import java.security.cert.X509Certificate;
      import java.util.Enumeration;
      
      
      public class Starter {
      
          public static void main(String[] args) throws Exception {
              System.setProperty("javax.net.debug", "all");
           String host = null;
           int port = -1;
           String path = null;
           for (int a = 0; i < args.length; i++)
               System.out.println(args[a]);
      
           if (args.length < 3) {
               System.out.println(
                "USAGE: java SSLSocketClientWithClientAuth " +
                "host port requestedfilepath");
               System.exit(-1);
           }
      
           try {
               host = args[0];
               port = Integer.parseInt(args[1]);
               path = args[2];
           } catch (IllegalArgumentException e) {
                System.out.println("USAGE: java SSLSocketClientWithClientAuth " +
                 "host port requestedfilepath");
                System.exit(-1);
           }
      
           try {
      
           
               SSLSocketFactory factory = null;
               try {
                SSLContext ctx;
                KeyManagerFactory kmf;
                KeyStore ks;
                      TrustManager[] tm; 
                      TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); 
                char[] passphrase = "pass".toCharArray();
                      KeyStore ksTrust = KeyStore.getInstance("JKS"); 
                      ksTrust.load(new FileInputStream("***.trust"), passphrase);                 
                      tmf.init(ksTrust); 
                      tm = tmf.getTrustManagers(); 
      
                ctx = SSLContext.getInstance("TLS");
                                
                      kmf = KeyManagerFactory.getInstance("SunX509");
                ks = KeyStore.getInstance("PKCS12");
                ks.load(new FileInputStream("mykeystore.pfx"), passphrase);
                     
                      
                kmf.init(ks, passphrase);
                ctx.init(kmf.getKeyManagers(), tm, null);
      
                factory = ctx.getSocketFactory();
               } catch (Exception e) {
                      e.printStackTrace();
                throw new IOException(e.getMessage());
                      
               }
      
               SSLSocket socket = (SSLSocket)factory.createSocket(host, port);
      
               /*
                * send http request
                *
                * See SSLSocketClient.java for more information about why
                * there is a forced handshake here when using PrintWriters.
                */
               socket.startHandshake();      
                  SSLSession session = ((SSLSocket) socket).getSession();   
                  System.out.println("Peer host is " + session.getPeerHost());
                  System.out.println("Cipher is " + session.getCipherSuite());
                  System.out.println("Protocol is " + session.getProtocol());
                  System.out.println("ID is " + new BigInteger(session.getId()));
                  System.out.println("Session created in " + session.getCreationTime());
                  System.out.println("Session accessed in " + session.getLastAccessedTime());           
      
               PrintWriter out = new PrintWriter(
                            new BufferedWriter(
                            new OutputStreamWriter(
                                 socket.getOutputStream())));
               out.println("GET " + path + " HTTP/1.0");
               out.println();
               out.flush();
      
               /*
                * Make sure there were no surprises
                */
               if (out.checkError())
                System.out.println(
                    "SSLSocketClient: java.io.PrintWriter error");
      
               /* read response */
               BufferedReader in = new BufferedReader(
                              new InputStreamReader(
                              socket.getInputStream()));
      
               String inputLine;
      
               while ((inputLine = in.readLine()) != null)
                System.out.println(inputLine);
      
               in.close();
               out.close();
               socket.close();
      
           } catch (Exception e) {
               e.printStackTrace();
           }
          }
      }
      10.0.***.***
      443
      /***/**WebService.asmx
      adding as trusted cert:
      Subject: CN=*******.***.ru
      Issuer: CN=epa


      adding as trusted cert:
      Subject: CN=*******.***.ru, OU=Stand_server, O=Dept, L=****, C=RU
      Issuer: CN=****, OU=IT Dept., O=** **** OJSC, C=RU, DC=***

      ***
      trigger seeding of SecureRandom
      done seeding SecureRandom
      %% No cached client session
      *** ClientHello, TLSv1
      RandomCookie: GMT: 1308748425 bytes = { 215, 155, 51, 153, 87, 151, 102, 151, 80, 197, 124, 221, 75, 43, 106, 18, 23, 52, 37, 104, 139, 87, 68, 165, 59, 154, 228, 213 }
      Session ID: {}
      Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
      Compression Methods: { 0 }
      ***
      [write] MD5 and SHA1 hashes: len = 73
      0000: 01 00 00 45 03 01 4E 02 EB 89 D7 9B 33 99 57 97 ...E..N.....3.W.
      0010: 66 97 50 C5 7C DD 4B 2B 6A 12 17 34 25 68 8B 57 f.P...K+j..4%h.W
      0020: 44 A5 3B 9A E4 D5 00 00 1E 00 04 00 05 00 2F 00 D.;.........../.
      0030: 33 00 32 00 0A 00 16 00 13 00 09 00 15 00 12 00 3.2.............
      0040: 03 00 08 00 14 00 11 01 00 .........
      main, WRITE: TLSv1 Handshake, length = 73
      [write] MD5 and SHA1 hashes: len = 98
      0000: 01 03 01 00 39 00 00 00 20 00 00 04 01 00 80 00 ....9... .......
      0010: 00 05 00 00 2F 00 00 33 00 00 32 00 00 0A 07 00 ..../..3..2.....
      0020: C0 00 00 16 00 00 13 00 00 09 06 00 40 00 00 15 ............@...
      0030: 00 00 12 00 00 03 02 00 80 00 00 08 00 00 14 00 ................
      0040: 00 11 4E 02 EB 89 D7 9B 33 99 57 97 66 97 50 C5 ..N.....3.W.f.P.
      0050: 7C DD 4B 2B 6A 12 17 34 25 68 8B 57 44 A5 3B 9A ..K+j..4%h.WD.;.
      0060: E4 D5 ..
      main, WRITE: SSLv2 client hello message, length = 98
      [Raw write]: length = 100
      0000: 80 62 01 03 01 00 39 00 00 00 20 00 00 04 01 00 .b....9... .....
      0010: 80 00 00 05 00 00 2F 00 00 33 00 00 32 00 00 0A ....../..3..2...
      0020: 07 00 C0 00 00 16 00 00 13 00 00 09 06 00 40 00 ..............@.
      0030: 00 15 00 00 12 00 00 03 02 00 80 00 00 08 00 00 ................
      0040: 14 00 00 11 4E 02 EB 89 D7 9B 33 99 57 97 66 97 ....N.....3.W.f.
      0050: 50 C5 7C DD 4B 2B 6A 12 17 34 25 68 8B 57 44 A5 P...K+j..4%h.WD.
      0060: 3B 9A E4 D5 ;...
      [Raw read]: length = 5
      0000: 16 03 01 07 44 ....D
      [Raw read]: length = 1860
      ....
      main, READ: TLSv1 Handshake, length = 1860
      *** ServerHello, TLSv1
      RandomCookie: GMT: 1308748429 bytes = { 159, 227, 170, 187, 162, 103, 88, 126, 188, 167, 13, 26, 213, 114, 21, 13, 157, 193, 0, 68, 200, 248, 18, 179, 56, 110, 70, 194 }
      Session ID: {19, 3, 0, 0, 156, 64, 179, 154, 241, 208, 36, 44, 42, 116, 32, 132, 192, 202, 107, 146, 12, 160, 72, 15, 10, 182, 90, 214, 164, 240, 86, 243}
      Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
      Compression Method: 0
      ***
      %% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
      ** SSL_RSA_WITH_RC4_128_MD5
      [read] MD5 and SHA1 hashes: len = 74
      0000: 02 00 00 46 03 01 4E 02 EB 8D 9F E3 AA BB A2 67 ...F..N........g
      0010: 58 7E BC A7 0D 1A D5 72 15 0D 9D C1 00 44 C8 F8 X......r.....D..
      0020: 12 B3 38 6E 46 C2 20 13 03 00 00 9C 40 B3 9A F1 ..8nF. .....@...
      0030: D0 24 2C 2A 74 20 84 C0 CA 6B 92 0C A0 48 0F 0A .$,*t ...k...H..
      0040: B6 5A D6 A4 F0 56 F3 00 04 00 .Z...V....
      *** Certificate chain
      [read] MD5 and SHA1 hashes: len = 1782
      06F0: CE B7 EF 53 51 D9 ...SQ.
      *** ServerHelloDone
      [read] MD5 and SHA1 hashes: len = 4
      0000: 0E 00 00 00 ....
      *** ClientKeyExchange, RSA PreMasterSecret, TLSv1
      [write] MD5 and SHA1 hashes: len = 134
      0000: 10 00 00 82 00 80 72 C4 E5 B1 9F 5F E9 DC A3 B7 ......r...._....
      0010: D9 E4 6A 3F 22 8A 46 53 DC B0 80 D8 59 B5 91 CD ..j?".FS....Y...
      0020: 00 85 A3 66 63 88 10 EE 28 DB E6 A5 9A 4E 9E E7 ...fc...(....N..
      0030: 1A 2C 9A 97 FB E3 CC 37 EC 7A 5F F4 96 1A DA 4D .,.....7.z_....M
      0040: E2 4E BA D3 76 0E E5 9C 36 4B 5C 64 6D 15 05 06 .N..v...6K\dm...
      0050: 6C 51 02 E5 88 53 F9 3A E7 07 55 EF A4 E0 53 E9 lQ...S.:..U...S.
      0060: F1 C3 45 5F 19 6C 0A 2B 60 A8 C2 3A 79 40 3D 37 ..E_.l.+`..:y@=7
      0070: FE 12 F0 15 21 A1 76 15 03 C3 9E F2 4D 4B 9F DC ....!.v.....MK..
      0080: D9 3B 9C 48 6A 20 .;.Hj
      main, WRITE: TLSv1 Handshake, length = 134
      [Raw write]: length = 139
      0000: 16 03 01 00 86 10 00 00 82 00 80 72 C4 E5 B1 9F ...........r....
      0010: 5F E9 DC A3 B7 D9 E4 6A 3F 22 8A 46 53 DC B0 80 _......j?".FS...
      0020: D8 59 B5 91 CD 00 85 A3 66 63 88 10 EE 28 DB E6 .Y......fc...(..
      0030: A5 9A 4E 9E E7 1A 2C 9A 97 FB E3 CC 37 EC 7A 5F ..N...,.....7.z_
      0040: F4 96 1A DA 4D E2 4E BA D3 76 0E E5 9C 36 4B 5C ....M.N..v...6K\
      0050: 64 6D 15 05 06 6C 51 02 E5 88 53 F9 3A E7 07 55 dm...lQ...S.:..U
      0060: EF A4 E0 53 E9 F1 C3 45 5F 19 6C 0A 2B 60 A8 C2 ...S...E_.l.+`..
      0070: 3A 79 40 3D 37 FE 12 F0 15 21 A1 76 15 03 C3 9E :y@=7....!.v....
      0080: F2 4D 4B 9F DC D9 3B 9C 48 6A 20 .MK...;.Hj
      SESSION KEYGEN:
      PreMaster Secret:
      0000: 03 01 82 9A 2E 6F B6 FA 52 30 39 90 CE AE 25 42 .....o..R09...%B
      0010: F7 E2 92 37 A0 7A F9 E1 9D AD 33 5B 4A A4 70 C3 ...7.z....3[J.p.
      0020: 79 8F DB 22 FD 09 58 E1 6F 9F FC 87 63 B1 19 A3 y.."..X.o...c...
      CONNECTION KEYGEN:
      Client Nonce:
      0000: 4E 02 EB 89 D7 9B 33 99 57 97 66 97 50 C5 7C DD N.....3.W.f.P...
      0010: 4B 2B 6A 12 17 34 25 68 8B 57 44 A5 3B 9A E4 D5 K+j..4%h.WD.;...
      Server Nonce:
      0000: 4E 02 EB 8D 9F E3 AA BB A2 67 58 7E BC A7 0D 1A N........gX.....
      0010: D5 72 15 0D 9D C1 00 44 C8 F8 12 B3 38 6E 46 C2 .r.....D....8nF.
      Master Secret:
      0000: 99 0D E2 B7 A3 49 A9 67 DB 6B B8 D3 A6 D1 8C F4 .....I.g.k......
      0010: A3 B8 FC FF 4F 2C A3 7D 95 48 C2 42 7B FD 14 9F ....O,...H.B....
      0020: 64 3B A0 6F 75 A6 08 31 B9 A0 DB 61 8C 1F 6D 87 d;.ou..1...a..m.
      Client MAC write Secret:
      0000: 3A 0D 8D DD 00 4B 66 5D 72 29 A9 1B 2D 63 AD 62 :....Kf]r)..-c.b
      Server MAC write Secret:
      0000: 3D 8C 29 E8 A0 AB 41 56 78 9A 8D A5 AE BE 86 99 =.)...AVx.......
      Client write key:
      0000: 3A 59 BD A6 67 11 2F 65 B0 26 37 DD 30 58 EE 02 :Y..g./e.&7.0X..
      Server write key:
      0000: 93 B9 25 1C C1 D0 C7 8E 9B 4D 05 14 88 AB 4B AD ..%......M....K.
      ... no IV used for this cipher
      main, WRITE: TLSv1 Change Cipher Spec, length = 1
      [Raw write]: length = 6
      0000: 14 03 01 00 01 01 ......
      *** Finished
      verify_data: { 252, 230, 222, 200, 90, 113, 235, 57, 189, 174, 209, 46 }
      ***
      [write] MD5 and SHA1 hashes: len = 16
      0000: 14 00 00 0C FC E6 DE C8 5A 71 EB 39 BD AE D1 2E ........Zq.9....
      Padded plaintext before ENCRYPTION: len = 32
      0000: 14 00 00 0C FC E6 DE C8 5A 71 EB 39 BD AE D1 2E ........Zq.9....
      0010: 65 12 E9 90 91 55 D1 C6 B0 A5 6A F9 86 2A 92 B5 e....U....j..*..
      main, WRITE: TLSv1 Handshake, length = 32
      [Raw write]: length = 37
      0000: 16 03 01 00 20 4C 83 F8 E6 F6 52 18 4B BF 1D AE .... L....R.K...
      0010: 7E 4F 8B 65 D2 B9 01 5D 6B C7 B8 5A 75 85 1B 6B .O.e...]k..Zu..k
      0020: 33 9C 18 98 8A 3....
      [Raw read]: length = 5
      0000: 14 03 01 00 01 .....
      [Raw read]: length = 1
      0000: 01 .
      main, READ: TLSv1 Change Cipher Spec, length = 1
      [Raw read]: length = 5
      0000: 16 03 01 00 20 ....
      [Raw read]: length = 32
      0000: 21 54 2B A6 79 7D 6E 6F 6F 87 50 00 2B 02 C7 5C !T+.y.noo.P.+..\
      0010: EC 84 B5 80 0F 24 69 36 C0 29 99 94 C3 C1 42 C0 .....$i6.)....B.
      main, READ: TLSv1 Handshake, length = 32
      Padded plaintext after DECRYPTION: len = 32
      0000: 14 00 00 0C 10 20 1E B5 01 03 98 47 F9 14 49 88 ..... .....G..I.
      0010: 8B 89 AC 16 E2 35 0F 2D 30 35 99 F6 90 EE 78 1E .....5.-05....x.
      *** Finished
      verify_data: { 16, 32, 30, 181, 1, 3, 152, 71, 249, 20, 73, 136 }
      ***
      %% Cached client session: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
      [read] MD5 and SHA1 hashes: len = 16
      0000: 14 00 00 0C 10 20 1E B5 01 03 98 47 F9 14 49 88 ..... .....G..I.
      Peer host is 10.0.144.149
      Cipher is SSL_RSA_WITH_RC4_128_MD5
      Protocol is TLSv1
      ID is 8599244680731730719806797747831288892765752495312727708257996995427856045811
      Session created in 1308814217841
      Session accessed in 1308814218179
      Padded plaintext before ENCRYPTION: len = 64
      0000: 47 45 54 20 2F 50 53 5F 57 65 62 53 65 72 76 69 GET /PS_WebServi
      0010: 63 65 2F 50 53 5F 57 65 62 53 65 72 76 69 63 65 ce/PS_WebService
      0020: 2E 61 73 6D 78 20 48 54 54 50 2F 31 2E 30 0A 0A .asmx HTTP/1.0..
      0030: 04 99 13 70 24 84 3A AA F5 7A 0F 80 72 6C 15 03 ...p$.:..z..rl..
      main, WRITE: TLSv1 Application Data, length = 64
      [Raw write]: length = 69
      0000: 17 03 01 00 40 B0 4C 25 4A AD 4F 8A 6F 36 6F F8 ....@.L%J.O.o6o.
      0010: 71 3B 98 17 51 7F 72 89 A6 93 E6 B3 9A E4 4E B0 q;..Q.r.......N.
      0020: 1D 2A 9F 4D FE 4F 38 5E 37 E0 E7 31 1C 4A 6C 41 .*.M.O8^7..1.JlA
      0030: C9 F6 7F 53 95 57 68 A7 96 F3 BA AD DC DE 83 4D ...S.Wh........M
      0040: 36 B7 55 3F 14 6.U?.
      [Raw read]: length = 5
      0000: 16 03 01 00 14 .....
      [Raw read]: length = 20
      0000: 19 9D 9E 55 EE 91 0F D3 C0 6F 2A AA D1 1B 7C 12 ...U.....o*.....
      0010: 43 0A E7 E5 C...
      main, READ: TLSv1 Handshake, length = 20
      Padded plaintext after DECRYPTION: len = 20
      0000: 00 00 00 00 E0 2C 2C B3 1B 53 55 ED 68 CD 93 37 .....,,..SU.h..7
      0010: 57 D3 C1 19 W...
      *** HelloRequest (empty)
      %% Client cached [Session-1, SSL_RSA_WITH_RC4_128_MD5]
      %% Try resuming [Session-1, SSL_RSA_WITH_RC4_128_MD5] from port 40078
      *** ClientHello, TLSv1
      RandomCookie: GMT: 1308748426 bytes = { 113, 76, 185, 147, 171, 255, 240, 73, 95, 58, 226, 3, 119, 115, 181, 242, 39, 116, 154, 215, 146, 107, 198, 154, 141, 125, 3, 71 }
      Session ID: {19, 3, 0, 0, 156, 64, 179, 154, 241, 208, 36, 44, 42, 116, 32, 132, 192, 202, 107, 146, 12, 160, 72, 15, 10, 182, 90, 214, 164, 240, 86, 243}
      Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
      Compression Methods: { 0 }
      ***
      *** ServerHello, TLSv1
      RandomCookie: GMT: 1308748430 bytes = { 176, 46, 197, 23, 221, 23, 80, 195, 205, 166, 122, 197, 61, 240, 53, 59, 52, 155, 104, 38, 205, 198, 251, 56, 53, 61, 108, 143 }
      Session ID: {92, 29, 0, 0, 13, 115, 187, 243, 245, 115, 128, 95, 161, 222, 133, 18, 54, 109, 39, 178, 194, 211, 255, 131, 38, 67, 189, 143, 12, 40, 126, 29}
      Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
      Compression Method: 0
      ***
      %% Created: [Session-2, SSL_RSA_WITH_RC4_128_MD5]
      ** SSL_RSA_WITH_RC4_128_MD5
      [read] MD5 and SHA1 hashes: len = 74
      0000: 02 00 00 46 03 01 4E 02 EB 8E B0 2E C5 17 DD 17 ...F..N.........
      0010: 50 C3 CD A6 7A C5 3D F0 35 3B 34 9B 68 26 CD C6 P...z.=.5;4.h&..
      0020: FB 38 35 3D 6C 8F 20 5C 1D 00 00 0D 73 BB F3 F5 .85=l. \....s...
      0030: 73 80 5F A1 DE 85 12 36 6D 27 B2 C2 D3 FF 83 26 s._....6m'.....&
      0040: 43 BD 8F 0C 28 7E 1D 00 04 00 C...(.....
      *** Certificate chain

      *** CertificateRequest
      Cert Types: RSA, DSS
      Cert Authorities:
      <CN=*** Root CA, OU=IT Dept., O=** **** OJSC, C=RU, DC=***>
      <CN=*** Root CA, O=** **** OJSC, C=RU>
      <OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US>
      [read] MD5 and SHA1 hashes: len = 886

      0370: 68 6F 72 69 74 79 hority
      *** ServerHelloDone
      [read] MD5 and SHA1 hashes: len = 4
      0000: 0E 00 00 00 ....
      matching alias: 1
      *** Certificate chain

      *** ClientKeyExchange, RSA PreMasterSecret, TLSv1
      [write] MD5 and SHA1 hashes: len = 2872

      Padded plaintext before ENCRYPTION: len = 2888

      main, WRITE: TLSv1 Handshake, length = 2888
      [Raw write]: length = 2893
      SESSION KEYGEN:
      PreMaster Secret:
      0000: 03 01 A7 44 61 D5 90 8F 54 CB CA AE 8D B9 75 2A ...Da...T.....u*
      0010: 2F 84 F2 5F 4C E7 9F 7A 29 A2 52 F4 CC 8A 91 57 /.._L..z).R....W
      0020: 3A F5 34 21 0C 43 81 7F DB 19 23 61 94 51 8F 8E :.4!.C....#a.Q..
      CONNECTION KEYGEN:
      Client Nonce:
      0000: 4E 02 EB 8A 71 4C B9 93 AB FF F0 49 5F 3A E2 03 N...qL.....I_:..
      0010: 77 73 B5 F2 27 74 9A D7 92 6B C6 9A 8D 7D 03 47 ws..'t...k.....G
      Server Nonce:
      0000: 4E 02 EB 8E B0 2E C5 17 DD 17 50 C3 CD A6 7A C5 N.........P...z.
      0010: 3D F0 35 3B 34 9B 68 26 CD C6 FB 38 35 3D 6C 8F =.5;4.h&...85=l.
      Master Secret:
      0000: 60 C3 91 A2 1A 19 32 41 60 72 5C 0D 50 35 EA B9 `.....2A`r\.P5..
      0010: B6 DD 97 66 43 C4 8E 31 6E 4E F3 3B 50 BA 17 F0 ...fC..1nN.;P...
      0020: B7 8C 4F F1 FB DF F8 43 C1 D3 53 A5 4F 09 24 9D ..O....C..S.O.$.
      Client MAC write Secret:
      0000: A1 B2 1D 84 AE A2 38 AA 71 68 F4 4A 47 B3 4A 78 ......8.qh.JG.Jx
      Server MAC write Secret:
      0000: E1 06 CC 39 C8 C1 7E CE 8B C5 6E 81 B2 90 66 8A ...9......n...f.
      Client write key:
      0000: C2 A2 02 36 42 9C FB D4 A8 24 5E B6 88 A3 11 EA ...6B....$^.....
      Server write key:
      0000: EC EC E8 4D 61 27 99 45 2C 93 D9 80 65 99 B5 54 ...Ma'.E,...e..T
      ... no IV used for this cipher
      *** CertificateVerify
      [write] MD5 and SHA1 hashes: len = 134

      Padded plaintext before ENCRYPTION: len = 150

      main, WRITE: TLSv1 Handshake, length = 150
      [Raw write]: length = 155

      Padded plaintext before ENCRYPTION: len = 17
      0000: 01 56 EC 5D 35 92 AA E8 C3 22 E3 E1 D1 58 59 8F .V.]5...."...XY.
      0010: EF .
      main, WRITE: TLSv1 Change Cipher Spec, length = 17
      [Raw write]: length = 22
      0000: 14 03 01 00 11 2E BB 33 35 17 CD BE 86 FC 3E 15 .......35.....>.
      0010: B2 EF E2 96 B5 17 ......
      *** Finished
      verify_data: { 220, 36, 145, 176, 66, 131, 125, 22, 188, 184, 67, 159 }
      ***
      [write] MD5 and SHA1 hashes: len = 16
      0000: 14 00 00 0C DC 24 91 B0 42 83 7D 16 BC B8 43 9F .....$..B.....C.
      Padded plaintext before ENCRYPTION: len = 32
      0000: 14 00 00 0C DC 24 91 B0 42 83 7D 16 BC B8 43 9F .....$..B.....C.
      0010: DF 24 08 21 AA 21 E9 83 1D 79 6E C2 16 6F 25 44 .$.!.!...yn..o%D
      main, WRITE: TLSv1 Handshake, length = 32
      [Raw write]: length = 37
      0000: 16 03 01 00 20 2C 41 54 45 B7 9D B2 82 1D A2 26 .... ,ATE......&
      0010: DA 72 D3 06 B5 AF 15 21 EE C8 7A DE CD B7 FE 13 .r.....!..z.....
      0020: 77 9F C3 DD 56 w...V
      main, received EOFException: ignored
      main, called closeInternal(false)
      main, SEND TLSv1 ALERT: warning, description = close_notify
      Padded plaintext before ENCRYPTION: len = 18
      0000: 01 00 8C DA ED D2 6C 19 2B AB 5C FC ED 4C 38 2B ......l.+.\..L8+
      0010: BD 0E ..
      main, WRITE: TLSv1 Alert, length = 18
      [Raw write]: length = 23
      0000: 15 03 01 00 12 7C B8 7C AB 7D 3F B6 82 D6 06 E8 ..........?.....
      0010: EF 6F 3A DC 27 F5 A8 .o:.'..
      main, called close()
      main, called closeInternal(true)
      main, called close()
      main, called closeInternal(true)
      main, called close()
      main, called closeInternal(true)

      Edited by: 867898 on 23.06.2011 2:36

      Edited by: EJP on 23/06/2011 20:09: added {noformat}
      {noformat} tags. Please use them.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    
        • 1. Re: SSLConnection with client certificate
          EJP
          Your specific problem may be that the HTTP newline is defined as \r\n\, and there is no guarantee that PrintWriter will send exactly that. But why aren't you using an HTTPS URL for this? with URLConnection, etc? No point in reinventing this wheel.

          And you don't need most of that code. Just set the system properties described in the JSSE Reference Guide.
          • 2. Re: SSLConnection with client certificate
            870901
            I try don't use \r\n\ this is not a problem, this is example code, i have app which try connect using HTPPS protocol and system properties, but has same problem. I don't understand how openssl connect with PEM files(cert, key and root). And nothing else (java, firefox etc.) never connected only wait 5 minutes and go away.....
            • 3. Re: SSLConnection with client certificate
              EJP
              I try don't use \r\n\ this is not a problem
              I do not understand.
              this is example code
              If it doesn't exemplify your real code it is pointless.
              i have app which try connect using HTPPS protocol and system properties, but has same problem.
              Exactly the same? EOFException?
              *** CertificateRequest
              Cert Types: RSA, DSS
              Cert Authorities:
              <CN=*** Root CA, OU=IT Dept., O=** **** OJSC, C=RU, DC=***>
              <CN=*** Root CA, O=** **** OJSC, C=RU>
              <OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US>
              [read] MD5 and SHA1 hashes: len = 886
              
              0370: 68 6F 72 69 74 79 hority
              *** ServerHelloDone
              [read] MD5 and SHA1 hashes: len = 4
              0000: 0E 00 00 00 ....
              matching alias: 1
              *** Certificate chain
              
              *** ClientKeyExchange, RSA PreMasterSecret, TLSv1
              It appears that your client hasn't responded to the CertificateRequest, or has sent an empty certificate chain. This will be either because there is no available client certificate at all, or there isn't one that matches the parameters specified in the CertificateRequest. This will cause a Java server configured with needClientAuth=true to close the connection.
              • 4. Re: SSLConnection with client certificate
                870901
                EJP wrote:
                If it doesn't exemplify your real code it is pointless.
                I don't think so.
                Exactly the same? EOFException?
                Not exactly "HttpErrorCode:0", but guys who can see logs of https server saw 403.7 Forbidden: Client certificate required error. Like I didn't sent cert.
                It appears that your client hasn't responded to the CertificateRequest, or has sent an empty certificate chain. This will be either because there is no available client >certificate at all, or there isn't one that matches the parameters specified in the CertificateRequest. This will cause a Java server configured with needClientAuth=true >to close the connection.
                We have
                matching alias: 1
                *** Certificate chain
                So he find alias...

                And then try

                *** CertificateVerify
                main, WRITE: TLSv1 Handshake, length = 150
                main, WRITE: TLSv1 Change Cipher Spec, length = 17
                *** Finished

                Edited by: 867898 on 23.06.2011 3:50
                • 5. Re: SSLConnection with client certificate
                  EJP
                  I don't think so.
                  I do. If you post code for review that doesn't correspond to your real code in some significant respect, you are wasting time. I don't care about yours but mine is valuable.
                  Not exactly "HttpErrorCode:0", but guys who can see logs of https server saw 403.7 Forbidden: Client certificate required error. Like I didn't sent cert.
                  Exactly. See below.
                  We have
                  matching alias: 1
                  *** Certificate chain
                  So he find alias...
                  And sends a zero length chain, as per your 'not exactly above'.

                  So your present task is to check that your client certificate conforms with the parameters in the CertificateRequest message: signers and algorithms.