This discussion is archived
5 Replies Latest reply: Jun 23, 2011 3:52 AM by EJP RSS

SSLConnection with client certificate

870901 Newbie
Currently Being Moderated
Hello, i have problem with SSL

I wrote little program witch try connect to a server, but when I send client cert, server doesn't answer to me i wait 5 mins and after that have error. Someone have the same problem [http://stackoverflow.com/questions/2596022/getting-eofexception-while-trying-to-read-from-sslsocket](The server was getting the packet, checking that it was badly formatted and dropping the connection. Fixing the packet format fixed the problem). But i don't know how to resolve it... Anyone can help me?

If I try connect with openssl program and PEM files, i recived answer from server

here is code and debug log
import java.io.*;
import java.math.BigInteger;
import java.security.Certificate;
import javax.net.ssl.*;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.Enumeration;


public class Starter {

    public static void main(String[] args) throws Exception {
        System.setProperty("javax.net.debug", "all");
     String host = null;
     int port = -1;
     String path = null;
     for (int a = 0; i < args.length; i++)
         System.out.println(args[a]);

     if (args.length < 3) {
         System.out.println(
          "USAGE: java SSLSocketClientWithClientAuth " +
          "host port requestedfilepath");
         System.exit(-1);
     }

     try {
         host = args[0];
         port = Integer.parseInt(args[1]);
         path = args[2];
     } catch (IllegalArgumentException e) {
          System.out.println("USAGE: java SSLSocketClientWithClientAuth " +
           "host port requestedfilepath");
          System.exit(-1);
     }

     try {

     
         SSLSocketFactory factory = null;
         try {
          SSLContext ctx;
          KeyManagerFactory kmf;
          KeyStore ks;
                TrustManager[] tm; 
                TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); 
          char[] passphrase = "pass".toCharArray();
                KeyStore ksTrust = KeyStore.getInstance("JKS"); 
                ksTrust.load(new FileInputStream("***.trust"), passphrase);                 
                tmf.init(ksTrust); 
                tm = tmf.getTrustManagers(); 

          ctx = SSLContext.getInstance("TLS");
                          
                kmf = KeyManagerFactory.getInstance("SunX509");
          ks = KeyStore.getInstance("PKCS12");
          ks.load(new FileInputStream("mykeystore.pfx"), passphrase);
               
                
          kmf.init(ks, passphrase);
          ctx.init(kmf.getKeyManagers(), tm, null);

          factory = ctx.getSocketFactory();
         } catch (Exception e) {
                e.printStackTrace();
          throw new IOException(e.getMessage());
                
         }

         SSLSocket socket = (SSLSocket)factory.createSocket(host, port);

         /*
          * send http request
          *
          * See SSLSocketClient.java for more information about why
          * there is a forced handshake here when using PrintWriters.
          */
         socket.startHandshake();      
            SSLSession session = ((SSLSocket) socket).getSession();   
            System.out.println("Peer host is " + session.getPeerHost());
            System.out.println("Cipher is " + session.getCipherSuite());
            System.out.println("Protocol is " + session.getProtocol());
            System.out.println("ID is " + new BigInteger(session.getId()));
            System.out.println("Session created in " + session.getCreationTime());
            System.out.println("Session accessed in " + session.getLastAccessedTime());           

         PrintWriter out = new PrintWriter(
                      new BufferedWriter(
                      new OutputStreamWriter(
                           socket.getOutputStream())));
         out.println("GET " + path + " HTTP/1.0");
         out.println();
         out.flush();

         /*
          * Make sure there were no surprises
          */
         if (out.checkError())
          System.out.println(
              "SSLSocketClient: java.io.PrintWriter error");

         /* read response */
         BufferedReader in = new BufferedReader(
                        new InputStreamReader(
                        socket.getInputStream()));

         String inputLine;

         while ((inputLine = in.readLine()) != null)
          System.out.println(inputLine);

         in.close();
         out.close();
         socket.close();

     } catch (Exception e) {
         e.printStackTrace();
     }
    }
}
10.0.***.***
443
/***/**WebService.asmx
adding as trusted cert:
Subject: CN=*******.***.ru
Issuer: CN=epa


adding as trusted cert:
Subject: CN=*******.***.ru, OU=Stand_server, O=Dept, L=****, C=RU
Issuer: CN=****, OU=IT Dept., O=** **** OJSC, C=RU, DC=***

***
trigger seeding of SecureRandom
done seeding SecureRandom
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1308748425 bytes = { 215, 155, 51, 153, 87, 151, 102, 151, 80, 197, 124, 221, 75, 43, 106, 18, 23, 52, 37, 104, 139, 87, 68, 165, 59, 154, 228, 213 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
***
[write] MD5 and SHA1 hashes: len = 73
0000: 01 00 00 45 03 01 4E 02 EB 89 D7 9B 33 99 57 97 ...E..N.....3.W.
0010: 66 97 50 C5 7C DD 4B 2B 6A 12 17 34 25 68 8B 57 f.P...K+j..4%h.W
0020: 44 A5 3B 9A E4 D5 00 00 1E 00 04 00 05 00 2F 00 D.;.........../.
0030: 33 00 32 00 0A 00 16 00 13 00 09 00 15 00 12 00 3.2.............
0040: 03 00 08 00 14 00 11 01 00 .........
main, WRITE: TLSv1 Handshake, length = 73
[write] MD5 and SHA1 hashes: len = 98
0000: 01 03 01 00 39 00 00 00 20 00 00 04 01 00 80 00 ....9... .......
0010: 00 05 00 00 2F 00 00 33 00 00 32 00 00 0A 07 00 ..../..3..2.....
0020: C0 00 00 16 00 00 13 00 00 09 06 00 40 00 00 15 ............@...
0030: 00 00 12 00 00 03 02 00 80 00 00 08 00 00 14 00 ................
0040: 00 11 4E 02 EB 89 D7 9B 33 99 57 97 66 97 50 C5 ..N.....3.W.f.P.
0050: 7C DD 4B 2B 6A 12 17 34 25 68 8B 57 44 A5 3B 9A ..K+j..4%h.WD.;.
0060: E4 D5 ..
main, WRITE: SSLv2 client hello message, length = 98
[Raw write]: length = 100
0000: 80 62 01 03 01 00 39 00 00 00 20 00 00 04 01 00 .b....9... .....
0010: 80 00 00 05 00 00 2F 00 00 33 00 00 32 00 00 0A ....../..3..2...
0020: 07 00 C0 00 00 16 00 00 13 00 00 09 06 00 40 00 ..............@.
0030: 00 15 00 00 12 00 00 03 02 00 80 00 00 08 00 00 ................
0040: 14 00 00 11 4E 02 EB 89 D7 9B 33 99 57 97 66 97 ....N.....3.W.f.
0050: 50 C5 7C DD 4B 2B 6A 12 17 34 25 68 8B 57 44 A5 P...K+j..4%h.WD.
0060: 3B 9A E4 D5 ;...
[Raw read]: length = 5
0000: 16 03 01 07 44 ....D
[Raw read]: length = 1860
....
main, READ: TLSv1 Handshake, length = 1860
*** ServerHello, TLSv1
RandomCookie: GMT: 1308748429 bytes = { 159, 227, 170, 187, 162, 103, 88, 126, 188, 167, 13, 26, 213, 114, 21, 13, 157, 193, 0, 68, 200, 248, 18, 179, 56, 110, 70, 194 }
Session ID: {19, 3, 0, 0, 156, 64, 179, 154, 241, 208, 36, 44, 42, 116, 32, 132, 192, 202, 107, 146, 12, 160, 72, 15, 10, 182, 90, 214, 164, 240, 86, 243}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
***
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
[read] MD5 and SHA1 hashes: len = 74
0000: 02 00 00 46 03 01 4E 02 EB 8D 9F E3 AA BB A2 67 ...F..N........g
0010: 58 7E BC A7 0D 1A D5 72 15 0D 9D C1 00 44 C8 F8 X......r.....D..
0020: 12 B3 38 6E 46 C2 20 13 03 00 00 9C 40 B3 9A F1 ..8nF. .....@...
0030: D0 24 2C 2A 74 20 84 C0 CA 6B 92 0C A0 48 0F 0A .$,*t ...k...H..
0040: B6 5A D6 A4 F0 56 F3 00 04 00 .Z...V....
*** Certificate chain
[read] MD5 and SHA1 hashes: len = 1782
06F0: CE B7 EF 53 51 D9 ...SQ.
*** ServerHelloDone
[read] MD5 and SHA1 hashes: len = 4
0000: 0E 00 00 00 ....
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
[write] MD5 and SHA1 hashes: len = 134
0000: 10 00 00 82 00 80 72 C4 E5 B1 9F 5F E9 DC A3 B7 ......r...._....
0010: D9 E4 6A 3F 22 8A 46 53 DC B0 80 D8 59 B5 91 CD ..j?".FS....Y...
0020: 00 85 A3 66 63 88 10 EE 28 DB E6 A5 9A 4E 9E E7 ...fc...(....N..
0030: 1A 2C 9A 97 FB E3 CC 37 EC 7A 5F F4 96 1A DA 4D .,.....7.z_....M
0040: E2 4E BA D3 76 0E E5 9C 36 4B 5C 64 6D 15 05 06 .N..v...6K\dm...
0050: 6C 51 02 E5 88 53 F9 3A E7 07 55 EF A4 E0 53 E9 lQ...S.:..U...S.
0060: F1 C3 45 5F 19 6C 0A 2B 60 A8 C2 3A 79 40 3D 37 ..E_.l.+`..:y@=7
0070: FE 12 F0 15 21 A1 76 15 03 C3 9E F2 4D 4B 9F DC ....!.v.....MK..
0080: D9 3B 9C 48 6A 20 .;.Hj
main, WRITE: TLSv1 Handshake, length = 134
[Raw write]: length = 139
0000: 16 03 01 00 86 10 00 00 82 00 80 72 C4 E5 B1 9F ...........r....
0010: 5F E9 DC A3 B7 D9 E4 6A 3F 22 8A 46 53 DC B0 80 _......j?".FS...
0020: D8 59 B5 91 CD 00 85 A3 66 63 88 10 EE 28 DB E6 .Y......fc...(..
0030: A5 9A 4E 9E E7 1A 2C 9A 97 FB E3 CC 37 EC 7A 5F ..N...,.....7.z_
0040: F4 96 1A DA 4D E2 4E BA D3 76 0E E5 9C 36 4B 5C ....M.N..v...6K\
0050: 64 6D 15 05 06 6C 51 02 E5 88 53 F9 3A E7 07 55 dm...lQ...S.:..U
0060: EF A4 E0 53 E9 F1 C3 45 5F 19 6C 0A 2B 60 A8 C2 ...S...E_.l.+`..
0070: 3A 79 40 3D 37 FE 12 F0 15 21 A1 76 15 03 C3 9E :y@=7....!.v....
0080: F2 4D 4B 9F DC D9 3B 9C 48 6A 20 .MK...;.Hj
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 82 9A 2E 6F B6 FA 52 30 39 90 CE AE 25 42 .....o..R09...%B
0010: F7 E2 92 37 A0 7A F9 E1 9D AD 33 5B 4A A4 70 C3 ...7.z....3[J.p.
0020: 79 8F DB 22 FD 09 58 E1 6F 9F FC 87 63 B1 19 A3 y.."..X.o...c...
CONNECTION KEYGEN:
Client Nonce:
0000: 4E 02 EB 89 D7 9B 33 99 57 97 66 97 50 C5 7C DD N.....3.W.f.P...
0010: 4B 2B 6A 12 17 34 25 68 8B 57 44 A5 3B 9A E4 D5 K+j..4%h.WD.;...
Server Nonce:
0000: 4E 02 EB 8D 9F E3 AA BB A2 67 58 7E BC A7 0D 1A N........gX.....
0010: D5 72 15 0D 9D C1 00 44 C8 F8 12 B3 38 6E 46 C2 .r.....D....8nF.
Master Secret:
0000: 99 0D E2 B7 A3 49 A9 67 DB 6B B8 D3 A6 D1 8C F4 .....I.g.k......
0010: A3 B8 FC FF 4F 2C A3 7D 95 48 C2 42 7B FD 14 9F ....O,...H.B....
0020: 64 3B A0 6F 75 A6 08 31 B9 A0 DB 61 8C 1F 6D 87 d;.ou..1...a..m.
Client MAC write Secret:
0000: 3A 0D 8D DD 00 4B 66 5D 72 29 A9 1B 2D 63 AD 62 :....Kf]r)..-c.b
Server MAC write Secret:
0000: 3D 8C 29 E8 A0 AB 41 56 78 9A 8D A5 AE BE 86 99 =.)...AVx.......
Client write key:
0000: 3A 59 BD A6 67 11 2F 65 B0 26 37 DD 30 58 EE 02 :Y..g./e.&7.0X..
Server write key:
0000: 93 B9 25 1C C1 D0 C7 8E 9B 4D 05 14 88 AB 4B AD ..%......M....K.
... no IV used for this cipher
main, WRITE: TLSv1 Change Cipher Spec, length = 1
[Raw write]: length = 6
0000: 14 03 01 00 01 01 ......
*** Finished
verify_data: { 252, 230, 222, 200, 90, 113, 235, 57, 189, 174, 209, 46 }
***
[write] MD5 and SHA1 hashes: len = 16
0000: 14 00 00 0C FC E6 DE C8 5A 71 EB 39 BD AE D1 2E ........Zq.9....
Padded plaintext before ENCRYPTION: len = 32
0000: 14 00 00 0C FC E6 DE C8 5A 71 EB 39 BD AE D1 2E ........Zq.9....
0010: 65 12 E9 90 91 55 D1 C6 B0 A5 6A F9 86 2A 92 B5 e....U....j..*..
main, WRITE: TLSv1 Handshake, length = 32
[Raw write]: length = 37
0000: 16 03 01 00 20 4C 83 F8 E6 F6 52 18 4B BF 1D AE .... L....R.K...
0010: 7E 4F 8B 65 D2 B9 01 5D 6B C7 B8 5A 75 85 1B 6B .O.e...]k..Zu..k
0020: 33 9C 18 98 8A 3....
[Raw read]: length = 5
0000: 14 03 01 00 01 .....
[Raw read]: length = 1
0000: 01 .
main, READ: TLSv1 Change Cipher Spec, length = 1
[Raw read]: length = 5
0000: 16 03 01 00 20 ....
[Raw read]: length = 32
0000: 21 54 2B A6 79 7D 6E 6F 6F 87 50 00 2B 02 C7 5C !T+.y.noo.P.+..\
0010: EC 84 B5 80 0F 24 69 36 C0 29 99 94 C3 C1 42 C0 .....$i6.)....B.
main, READ: TLSv1 Handshake, length = 32
Padded plaintext after DECRYPTION: len = 32
0000: 14 00 00 0C 10 20 1E B5 01 03 98 47 F9 14 49 88 ..... .....G..I.
0010: 8B 89 AC 16 E2 35 0F 2D 30 35 99 F6 90 EE 78 1E .....5.-05....x.
*** Finished
verify_data: { 16, 32, 30, 181, 1, 3, 152, 71, 249, 20, 73, 136 }
***
%% Cached client session: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
[read] MD5 and SHA1 hashes: len = 16
0000: 14 00 00 0C 10 20 1E B5 01 03 98 47 F9 14 49 88 ..... .....G..I.
Peer host is 10.0.144.149
Cipher is SSL_RSA_WITH_RC4_128_MD5
Protocol is TLSv1
ID is 8599244680731730719806797747831288892765752495312727708257996995427856045811
Session created in 1308814217841
Session accessed in 1308814218179
Padded plaintext before ENCRYPTION: len = 64
0000: 47 45 54 20 2F 50 53 5F 57 65 62 53 65 72 76 69 GET /PS_WebServi
0010: 63 65 2F 50 53 5F 57 65 62 53 65 72 76 69 63 65 ce/PS_WebService
0020: 2E 61 73 6D 78 20 48 54 54 50 2F 31 2E 30 0A 0A .asmx HTTP/1.0..
0030: 04 99 13 70 24 84 3A AA F5 7A 0F 80 72 6C 15 03 ...p$.:..z..rl..
main, WRITE: TLSv1 Application Data, length = 64
[Raw write]: length = 69
0000: 17 03 01 00 40 B0 4C 25 4A AD 4F 8A 6F 36 6F F8 ....@.L%J.O.o6o.
0010: 71 3B 98 17 51 7F 72 89 A6 93 E6 B3 9A E4 4E B0 q;..Q.r.......N.
0020: 1D 2A 9F 4D FE 4F 38 5E 37 E0 E7 31 1C 4A 6C 41 .*.M.O8^7..1.JlA
0030: C9 F6 7F 53 95 57 68 A7 96 F3 BA AD DC DE 83 4D ...S.Wh........M
0040: 36 B7 55 3F 14 6.U?.
[Raw read]: length = 5
0000: 16 03 01 00 14 .....
[Raw read]: length = 20
0000: 19 9D 9E 55 EE 91 0F D3 C0 6F 2A AA D1 1B 7C 12 ...U.....o*.....
0010: 43 0A E7 E5 C...
main, READ: TLSv1 Handshake, length = 20
Padded plaintext after DECRYPTION: len = 20
0000: 00 00 00 00 E0 2C 2C B3 1B 53 55 ED 68 CD 93 37 .....,,..SU.h..7
0010: 57 D3 C1 19 W...
*** HelloRequest (empty)
%% Client cached [Session-1, SSL_RSA_WITH_RC4_128_MD5]
%% Try resuming [Session-1, SSL_RSA_WITH_RC4_128_MD5] from port 40078
*** ClientHello, TLSv1
RandomCookie: GMT: 1308748426 bytes = { 113, 76, 185, 147, 171, 255, 240, 73, 95, 58, 226, 3, 119, 115, 181, 242, 39, 116, 154, 215, 146, 107, 198, 154, 141, 125, 3, 71 }
Session ID: {19, 3, 0, 0, 156, 64, 179, 154, 241, 208, 36, 44, 42, 116, 32, 132, 192, 202, 107, 146, 12, 160, 72, 15, 10, 182, 90, 214, 164, 240, 86, 243}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
***
*** ServerHello, TLSv1
RandomCookie: GMT: 1308748430 bytes = { 176, 46, 197, 23, 221, 23, 80, 195, 205, 166, 122, 197, 61, 240, 53, 59, 52, 155, 104, 38, 205, 198, 251, 56, 53, 61, 108, 143 }
Session ID: {92, 29, 0, 0, 13, 115, 187, 243, 245, 115, 128, 95, 161, 222, 133, 18, 54, 109, 39, 178, 194, 211, 255, 131, 38, 67, 189, 143, 12, 40, 126, 29}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
***
%% Created: [Session-2, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
[read] MD5 and SHA1 hashes: len = 74
0000: 02 00 00 46 03 01 4E 02 EB 8E B0 2E C5 17 DD 17 ...F..N.........
0010: 50 C3 CD A6 7A C5 3D F0 35 3B 34 9B 68 26 CD C6 P...z.=.5;4.h&..
0020: FB 38 35 3D 6C 8F 20 5C 1D 00 00 0D 73 BB F3 F5 .85=l. \....s...
0030: 73 80 5F A1 DE 85 12 36 6D 27 B2 C2 D3 FF 83 26 s._....6m'.....&
0040: 43 BD 8F 0C 28 7E 1D 00 04 00 C...(.....
*** Certificate chain

*** CertificateRequest
Cert Types: RSA, DSS
Cert Authorities:
<CN=*** Root CA, OU=IT Dept., O=** **** OJSC, C=RU, DC=***>
<CN=*** Root CA, O=** **** OJSC, C=RU>
<OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US>
[read] MD5 and SHA1 hashes: len = 886

0370: 68 6F 72 69 74 79 hority
*** ServerHelloDone
[read] MD5 and SHA1 hashes: len = 4
0000: 0E 00 00 00 ....
matching alias: 1
*** Certificate chain

*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
[write] MD5 and SHA1 hashes: len = 2872

Padded plaintext before ENCRYPTION: len = 2888

main, WRITE: TLSv1 Handshake, length = 2888
[Raw write]: length = 2893
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 A7 44 61 D5 90 8F 54 CB CA AE 8D B9 75 2A ...Da...T.....u*
0010: 2F 84 F2 5F 4C E7 9F 7A 29 A2 52 F4 CC 8A 91 57 /.._L..z).R....W
0020: 3A F5 34 21 0C 43 81 7F DB 19 23 61 94 51 8F 8E :.4!.C....#a.Q..
CONNECTION KEYGEN:
Client Nonce:
0000: 4E 02 EB 8A 71 4C B9 93 AB FF F0 49 5F 3A E2 03 N...qL.....I_:..
0010: 77 73 B5 F2 27 74 9A D7 92 6B C6 9A 8D 7D 03 47 ws..'t...k.....G
Server Nonce:
0000: 4E 02 EB 8E B0 2E C5 17 DD 17 50 C3 CD A6 7A C5 N.........P...z.
0010: 3D F0 35 3B 34 9B 68 26 CD C6 FB 38 35 3D 6C 8F =.5;4.h&...85=l.
Master Secret:
0000: 60 C3 91 A2 1A 19 32 41 60 72 5C 0D 50 35 EA B9 `.....2A`r\.P5..
0010: B6 DD 97 66 43 C4 8E 31 6E 4E F3 3B 50 BA 17 F0 ...fC..1nN.;P...
0020: B7 8C 4F F1 FB DF F8 43 C1 D3 53 A5 4F 09 24 9D ..O....C..S.O.$.
Client MAC write Secret:
0000: A1 B2 1D 84 AE A2 38 AA 71 68 F4 4A 47 B3 4A 78 ......8.qh.JG.Jx
Server MAC write Secret:
0000: E1 06 CC 39 C8 C1 7E CE 8B C5 6E 81 B2 90 66 8A ...9......n...f.
Client write key:
0000: C2 A2 02 36 42 9C FB D4 A8 24 5E B6 88 A3 11 EA ...6B....$^.....
Server write key:
0000: EC EC E8 4D 61 27 99 45 2C 93 D9 80 65 99 B5 54 ...Ma'.E,...e..T
... no IV used for this cipher
*** CertificateVerify
[write] MD5 and SHA1 hashes: len = 134

Padded plaintext before ENCRYPTION: len = 150

main, WRITE: TLSv1 Handshake, length = 150
[Raw write]: length = 155

Padded plaintext before ENCRYPTION: len = 17
0000: 01 56 EC 5D 35 92 AA E8 C3 22 E3 E1 D1 58 59 8F .V.]5...."...XY.
0010: EF .
main, WRITE: TLSv1 Change Cipher Spec, length = 17
[Raw write]: length = 22
0000: 14 03 01 00 11 2E BB 33 35 17 CD BE 86 FC 3E 15 .......35.....>.
0010: B2 EF E2 96 B5 17 ......
*** Finished
verify_data: { 220, 36, 145, 176, 66, 131, 125, 22, 188, 184, 67, 159 }
***
[write] MD5 and SHA1 hashes: len = 16
0000: 14 00 00 0C DC 24 91 B0 42 83 7D 16 BC B8 43 9F .....$..B.....C.
Padded plaintext before ENCRYPTION: len = 32
0000: 14 00 00 0C DC 24 91 B0 42 83 7D 16 BC B8 43 9F .....$..B.....C.
0010: DF 24 08 21 AA 21 E9 83 1D 79 6E C2 16 6F 25 44 .$.!.!...yn..o%D
main, WRITE: TLSv1 Handshake, length = 32
[Raw write]: length = 37
0000: 16 03 01 00 20 2C 41 54 45 B7 9D B2 82 1D A2 26 .... ,ATE......&
0010: DA 72 D3 06 B5 AF 15 21 EE C8 7A DE CD B7 FE 13 .r.....!..z.....
0020: 77 9F C3 DD 56 w...V
main, received EOFException: ignored
main, called closeInternal(false)
main, SEND TLSv1 ALERT: warning, description = close_notify
Padded plaintext before ENCRYPTION: len = 18
0000: 01 00 8C DA ED D2 6C 19 2B AB 5C FC ED 4C 38 2B ......l.+.\..L8+
0010: BD 0E ..
main, WRITE: TLSv1 Alert, length = 18
[Raw write]: length = 23
0000: 15 03 01 00 12 7C B8 7C AB 7D 3F B6 82 D6 06 E8 ..........?.....
0010: EF 6F 3A DC 27 F5 A8 .o:.'..
main, called close()
main, called closeInternal(true)
main, called close()
main, called closeInternal(true)
main, called close()
main, called closeInternal(true)

Edited by: 867898 on 23.06.2011 2:36

Edited by: EJP on 23/06/2011 20:09: added {noformat}
{noformat} tags. Please use them.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    
  • 1. Re: SSLConnection with client certificate
    EJP Guru
    Currently Being Moderated
    Your specific problem may be that the HTTP newline is defined as \r\n\, and there is no guarantee that PrintWriter will send exactly that. But why aren't you using an HTTPS URL for this? with URLConnection, etc? No point in reinventing this wheel.

    And you don't need most of that code. Just set the system properties described in the JSSE Reference Guide.
  • 2. Re: SSLConnection with client certificate
    870901 Newbie
    Currently Being Moderated
    I try don't use \r\n\ this is not a problem, this is example code, i have app which try connect using HTPPS protocol and system properties, but has same problem. I don't understand how openssl connect with PEM files(cert, key and root). And nothing else (java, firefox etc.) never connected only wait 5 minutes and go away.....
  • 3. Re: SSLConnection with client certificate
    EJP Guru
    Currently Being Moderated
    I try don't use \r\n\ this is not a problem
    I do not understand.
    this is example code
    If it doesn't exemplify your real code it is pointless.
    i have app which try connect using HTPPS protocol and system properties, but has same problem.
    Exactly the same? EOFException?
    *** CertificateRequest
    Cert Types: RSA, DSS
    Cert Authorities:
    <CN=*** Root CA, OU=IT Dept., O=** **** OJSC, C=RU, DC=***>
    <CN=*** Root CA, O=** **** OJSC, C=RU>
    <OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US>
    [read] MD5 and SHA1 hashes: len = 886
    
    0370: 68 6F 72 69 74 79 hority
    *** ServerHelloDone
    [read] MD5 and SHA1 hashes: len = 4
    0000: 0E 00 00 00 ....
    matching alias: 1
    *** Certificate chain
    
    *** ClientKeyExchange, RSA PreMasterSecret, TLSv1
    It appears that your client hasn't responded to the CertificateRequest, or has sent an empty certificate chain. This will be either because there is no available client certificate at all, or there isn't one that matches the parameters specified in the CertificateRequest. This will cause a Java server configured with needClientAuth=true to close the connection.
  • 4. Re: SSLConnection with client certificate
    870901 Newbie
    Currently Being Moderated
    EJP wrote:
    If it doesn't exemplify your real code it is pointless.
    I don't think so.
    Exactly the same? EOFException?
    Not exactly "HttpErrorCode:0", but guys who can see logs of https server saw 403.7 Forbidden: Client certificate required error. Like I didn't sent cert.
    It appears that your client hasn't responded to the CertificateRequest, or has sent an empty certificate chain. This will be either because there is no available client >certificate at all, or there isn't one that matches the parameters specified in the CertificateRequest. This will cause a Java server configured with needClientAuth=true >to close the connection.
    We have
    matching alias: 1
    *** Certificate chain
    So he find alias...

    And then try

    *** CertificateVerify
    main, WRITE: TLSv1 Handshake, length = 150
    main, WRITE: TLSv1 Change Cipher Spec, length = 17
    *** Finished

    Edited by: 867898 on 23.06.2011 3:50
  • 5. Re: SSLConnection with client certificate
    EJP Guru
    Currently Being Moderated
    I don't think so.
    I do. If you post code for review that doesn't correspond to your real code in some significant respect, you are wasting time. I don't care about yours but mine is valuable.
    Not exactly "HttpErrorCode:0", but guys who can see logs of https server saw 403.7 Forbidden: Client certificate required error. Like I didn't sent cert.
    Exactly. See below.
    We have
    matching alias: 1
    *** Certificate chain
    So he find alias...
    And sends a zero length chain, as per your 'not exactly above'.

    So your present task is to check that your client certificate conforms with the parameters in the CertificateRequest message: signers and algorithms.

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points