f



Simple SSL problem

Hi all,

I am trying to something very simple, or so I thought it would be, but 
alas...


I have a n application that uses apache common-http client. This client 
is built into a stand alone java program which tries to open a https 
connection. The server that its trying to talk to is tomcat running ssl 
with a self signed (keytool -selfcert..) certificate.

The connection fails with unauthorized certificate message. The JVM that 
  I am using for both tomcat and by standalone program is the same (JDK 
1.5), so the notion of importing the client cert should not matter.


I have several questions.

1. How do I make this work
2. When a browser encounters a unknown ca authority or an expired 
certificate it give the user an opportunity to accept it or not. How do 
I build something simmila into my own application.
3. If I want to turn my application into an applet, would this require 
to install my certificate as a root certificate into each user client 
browser's JVM? Please say there is a better way.

I played with HostnameResolver class which doing url.openConnection() 
that returns HttpConnection, but the apache classes that I am using 
don't use url.openConnection so there has to be another way.

Please reply here, thanks in advance
0
Boris
6/10/2005 11:39:56 PM
comp.lang.java.security 1502 articles. 0 followers. Post Follow

13 Replies
7168 Views

Similar Articles

[PageSpeed] 7

Boris Tabenkin schrieb:

> I have a n application that uses apache common-http client. This client 
> is built into a stand alone java program which tries to open a https 
> connection. The server that its trying to talk to is tomcat running ssl 
> with a self signed (keytool -selfcert..) certificate.

> The connection fails with unauthorized certificate message. The JVM that 
>   I am using for both tomcat and by standalone program is the same (JDK 
> 1.5), so the notion of importing the client cert should not matter.

1. Import the public certificate of your server into a keystore:

keytool -import -trustcacerts -keystore <keystorefile> -file <cert.cer>
-alias <anything>  

2. In your program you have to add this keystore as trustStore:
System.setProperty("javax.net.ssl.trustStore", "keystorefilename");
 
> 2. When a browser encounters a unknown ca authority or an expired 
> certificate it give the user an opportunity to accept it or not. How do 
> I build something simmila into my own application.

You have to implement your own HostnameVerifier that returns true for your
cerificate/server combination and set is as default:

javax.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier(new
MyHostnameVerifierImpl());

Jan
0
Jan
6/11/2005 9:26:41 AM
Jan,

I am, confused. I am using the same JVM for both my server and client 
(this is a test machine), woudn't the certificate allready be there?

Also, I am not using url.getConnection, so the HostnameVerifier is never 
called. I think I need to do something with my own TrustManager, but I 
just dont known how to install it.


Jan Peter Stotz wrote:
> Boris Tabenkin schrieb:
> 
> 
>>I have a n application that uses apache common-http client. This client 
>>is built into a stand alone java program which tries to open a https 
>>connection. The server that its trying to talk to is tomcat running ssl 
>>with a self signed (keytool -selfcert..) certificate.
> 
> 
>>The connection fails with unauthorized certificate message. The JVM that 
>>  I am using for both tomcat and by standalone program is the same (JDK 
>>1.5), so the notion of importing the client cert should not matter.
> 
> 
> 1. Import the public certificate of your server into a keystore:
> 
> keytool -import -trustcacerts -keystore <keystorefile> -file <cert.cer>
> -alias <anything>  
> 
> 2. In your program you have to add this keystore as trustStore:
> System.setProperty("javax.net.ssl.trustStore", "keystorefilename");
>  
> 
>>2. When a browser encounters a unknown ca authority or an expired 
>>certificate it give the user an opportunity to accept it or not. How do 
>>I build something simmila into my own application.
> 
> 
> You have to implement your own HostnameVerifier that returns true for your
> cerificate/server combination and set is as default:
> 
> javax.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier(new
> MyHostnameVerifierImpl());
> 
> Jan
0
Boris
6/11/2005 10:40:32 AM
Boris Tabenkin schrieb:

> I am, confused. I am using the same JVM for both my server and client 
> (this is a test machine), woudn't the certificate allready be there?

Only if you had installed your self signed certificate as trusted root
certificate via java controlpanel. Both, client and server use the same JVM
but they have their own instance (there should be two java[w] processes
visible in the taskmanager) which are independent.
 
> Also, I am not using url.getConnection, so the HostnameVerifier is never 
> called. 

There is a second class that holds a defaultHostnameVerifier:
com.sun.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier()

May be this implementation is used or the framework you use its own
HostenameVerifier implementation and you can configure it by setting a
system property. 

Jan
0
Jan
6/11/2005 11:12:42 AM
Jan Peter Stotz wrote:
> Boris Tabenkin schrieb:
> 
> 
>>I am, confused. I am using the same JVM for both my server and client 
>>(this is a test machine), woudn't the certificate allready be there?
> 
> 
> Only if you had installed your self signed certificate as trusted root
> certificate via java controlpanel. Both, client and server use the same JVM
> but they have their own instance (there should be two java[w] processes
> visible in the taskmanager) which are independent.
>  
> 
>>Also, I am not using url.getConnection, so the HostnameVerifier is never 
>>called. 
> 
> 
> There is a second class that holds a defaultHostnameVerifier:
> com.sun.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier()
> 
> May be this implementation is used or the framework you use its own
> HostenameVerifier implementation and you can configure it by setting a
> system property. 
> 
Jan,

I will try this, thanks, so are you saying that if I call 
com.sun.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier() it 
should work even if the code that I am calling does 
SSLSocketContext.getDefault().connect(host,port) ( I think this is the 
right class)
0
Boris
6/11/2005 10:19:52 PM
Jan Peter Stotz wrote:
> Boris Tabenkin schrieb:
> 
> 
>>I am, confused. I am using the same JVM for both my server and client 
>>(this is a test machine), woudn't the certificate allready be there?
> 
> 
> Only if you had installed your self signed certificate as trusted root
> certificate via java controlpanel. Both, client and server use the same JVM
> but they have their own instance (there should be two java[w] processes
> visible in the taskmanager) which are independent.
>  
> 
>>Also, I am not using url.getConnection, so the HostnameVerifier is never 
>>called. 
> 
> 
> There is a second class that holds a defaultHostnameVerifier:
> com.sun.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier()
> 
> May be this implementation is used or the framework you use its own
> HostenameVerifier implementation and you can configure it by setting a
> system property. 
> 
> Jan

Wit this code:

	 com.sun.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier(new 
HostnameVerifier(){

			public boolean verify(String arg0, String arg1) {
				return true;
			}});

I just tried this, here is what I got for an error (this jdk 1.5)


javax.net.ssl.SSLHandshakeException: 
sun.security.validator.ValidatorException: PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to 
find valid certification path to requested target
	at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
	at 
com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476)
	at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
	at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
	at 
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:847)
	at 
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)
	at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
	at 
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
	at 
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815)
	at 
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025)
	at 
com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:619)
	at 
com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
	at 
org.apache.commons.httpclient.HttpConnection$WrappedOutputStream.write(HttpConnection.java:1360)
	at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
	at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
	at 
org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:790)
	at 
org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2271)
	at 
org.apache.commons.httpclient.HttpMethodBase.processRequest(HttpMethodBase.java:2651)
	at 
org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1087)
	at 
org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:643)
	at 
org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:497)
	at com.matrixone.client.fcs.FcsClient$SubmitWorker.run(FcsClient.java:521)
Caused by: sun.security.validator.ValidatorException: PKIX path building 
failed: sun.security.provider.certpath.SunCertPathBuilderException: 
unable to find valid certification path to requested target
	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221)
	at 
sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145)
	at sun.security.validator.Validator.validate(Validator.java:203)
	at 
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172)
	at 
com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320)
	at 
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:840)
	... 17 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: 
unable to find valid certification path to requested target
	at 
sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:236)
	at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194)
	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216)
	... 22 more
0
Boris
6/11/2005 10:29:43 PM
I dont mean to keep harping on this, but I am desperste,

here is a very simple test program, it gets the exception as follows

package junk;

import java.io.IOException;
import java.io.OutputStream;
import java.net.Socket;
import java.net.UnknownHostException;

import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;

public class SSLTest {

	/**
	 * @param args
	 * @throws IOException
	 * @throws UnknownHostException
	 * @throws NumberFormatException
	 */
	public static void main(String[] args) throws NumberFormatException,
			UnknownHostException, IOException {
		HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
			public boolean verify(String hostname, SSLSession session) {
				return true;
			}
		});

		Socket s = SSLSocketFactory.getDefault()
				.createSocket("localhost", 8444);
		OutputStream out = s.getOutputStream();
		out.write("Say hello".getBytes("UTF8"));
		out.close();
		s.close();
	}

}
(With jdk 1.5)
Exception in thread "main" javax.net.ssl.SSLHandshakeException: 
sun.security.validator.ValidatorException: PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to 
find valid certification path to requested target
	at
(With jdk1.4.2)
javax.net.ssl.SSLHandshakeException: 
sun.security.validator.ValidatorException: No trusted certificate found
	
Boris Tabenkin wrote:
> Jan Peter Stotz wrote:
> 
>> Boris Tabenkin schrieb:
>>
>>
>>> I am, confused. I am using the same JVM for both my server and client 
>>> (this is a test machine), woudn't the certificate allready be there?
>>
>>
>>
>> Only if you had installed your self signed certificate as trusted root
>> certificate via java controlpanel. Both, client and server use the 
>> same JVM
>> but they have their own instance (there should be two java[w] processes
>> visible in the taskmanager) which are independent.
>>  
>>
>>> Also, I am not using url.getConnection, so the HostnameVerifier is 
>>> never called. 
>>
>>
>>
>> There is a second class that holds a defaultHostnameVerifier:
>> com.sun.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier()
>>
>> May be this implementation is used or the framework you use its own
>> HostenameVerifier implementation and you can configure it by setting a
>> system property.
>> Jan
> 
> 
0
Boris
6/12/2005 12:21:51 AM
Boris Tabenkin wrote:

> I dont mean to keep harping on this, but I am desperste,
> here is a very simple test program, it gets the exception as follows
> 
> [example program]

You still have to import your public certificate into a keystore and add it
as trusted keystore even with your own HostnameVerifier implementation.
Please read my first post in this thread again.

Jan
0
Jan
6/12/2005 9:02:32 AM
Jan,

So are you saying that if this code runs in a browser, everyone will 
have to import the public certificate?

As fasr as importing, in the control panel there are four chocies:

"Trusted Certificates","Secure Site","Signer CA","Secure Site 
CA","Client Authentication". All these choise have a "user" and "System" 
tabs. Which type should I import into to?

Once again, though, the applet does give you a dialog box to choose to 
accepth an unknow certificate, why can't my own program do something 
similar.

Thanks,

Boris


Jan Peter Stotz wrote:
> Boris Tabenkin wrote:
> 
> 
>>I dont mean to keep harping on this, but I am desperste,
>>here is a very simple test program, it gets the exception as follows
>>
>>[example program]
> 
> 
> You still have to import your public certificate into a keystore and add it
> as trusted keystore even with your own HostnameVerifier implementation.
> Please read my first post in this thread again.
> 
> Jan
0
Boris
6/12/2005 1:21:50 PM
Boris Tabenkin schrieb:

> So are you saying that if this code runs in a browser, everyone will 
> have to import the public certificate?

If you are using a self-signed certificate, yes. If you buy a
SSL-Certificate from Thawte, Verisign or another trustcenter that has its
trusted root certificate shipped with the JVM you don't have to do it.

The public key certificates is needed to verify the identity of the
endpoint. Everybody can create self-signed certificates (even the bad guys
like phishers). For that reason it is untrusted by default.
 
> As fasr as importing, in the control panel there are four chocies:
> "Trusted Certificates",

Thats the one.

> Once again, though, the applet does give you a dialog box to choose to 
> accepth an unknow certificate, why can't my own program do something 
> similar.

This dialog box is part of your browser, not of the applet.

If you don't want to install your self-signed certificate everywhere,
create a trusted keystore as separate file and add it during runtime of
your program as trusted keystore:

System.setProperty("javax.net.ssl.trustStore", "<keystorefilename>");

Jan
0
Jan
6/12/2005 1:37:37 PM
Jan,

I added the keystore, and now Ia m gettinga s lightly different error. 
It looks like its now finding my certificates and adding them as 
trusted. (This is with javax.ssl.debug=all)

	   System.setProperty("javax.net.ssl.trustStore", "c:\\Documents and 
Settings\\btabenkin\\.keystore");

setting up default SSLSocketFactory
use default SunJSSE impl class: 
com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl
class com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl is loaded
keyStore is :
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
trustStore is: c:\Documents and Settings\btabenkin\.keystore
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
   Subject: CN=Boris Tabenkin, OU=MatrixOne Inc., O=MatrixOne Inc, 
L="Westford ", ST=MA, C=US
   Issuer:  CN=Boris Tabenkin, OU=MatrixOne Inc., O=MatrixOne Inc, 
L="Westford ", ST=MA, C=US
   Algorithm: DSA; Serial number: 0x42a9f4db
   Valid from Fri Jun 10 16:15:23 EDT 2005 until Thu Sep 08 16:15:23 EDT 
2005

adding as trusted cert:
   Subject: CN=MatrixOne, OU=MatrixOne, O=MatrixOne, C=US
   Issuer:  CN=MatrixOne, OU=MatrixOne, O=MatrixOne, C=US
   Algorithm: DSA; Serial number: 0x427a8006
   Valid from Thu May 05 16:20:22 EDT 2005 until Wed Aug 03 16:20:22 EDT 
2005

adding as trusted cert:
   Subject: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, 
C=Unknown
   Issuer:  CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, 
C=Unknown
   Algorithm: DSA; Serial number: 0x42a9f4ab
   Valid from Fri Jun 10 16:14:35 EDT 2005 until Thu Sep 08 16:14:35 EDT 
2005

adding as trusted cert:
   Subject: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, 
C=Unknown
   Issuer:  CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, 
C=Unknown
   Algorithm: DSA; Serial number: 0x42a9fd72
   Valid from Fri Jun 10 16:52:02 EDT 2005 until Mon Oct 25 16:52:02 EDT 
2032

init context
trigger seeding of SecureRandom
done seeding SecureRandom
instantiated an instance of class 
com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl
export control - checking the cipher suites
export control - no cached value available...
export control - storing legal entry into cache...
%% No cached client session
*** ClientHello, TLSv1
RandomCookie:  GMT: 1101806437 bytes = { 247, 18, 26, 174, 1, 84, 75, 
205, 62, 34, 22, 227, 78, 128, 199, 192, 66, 74, 175, 89, 243, 38, 40, 
45, 7, 158, 254, 67 }
Session ID:  {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, 
TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, 
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, 
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, 
SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, 
SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, 
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, 
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, 
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods:  { 0 }
***
[write] MD5 and SHA1 hashes:  len = 73
0000: 01 00 00 45 03 01 42 AC   3B 65 F7 12 1A AE 01 54  ...E..B.;e.....T
0010: 4B CD 3E 22 16 E3 4E 80   C7 C0 42 4A AF 59 F3 26  K.>"..N...BJ.Y.&
0020: 28 2D 07 9E FE 43 00 00   1E 00 04 00 05 00 2F 00  (-...C......../.
0030: 33 00 32 00 0A 00 16 00   13 00 09 00 15 00 12 00  3.2.............
0040: 03 00 08 00 14 00 11 01   00                       .........
main, WRITE: TLSv1 Handshake, length = 73
[write] MD5 and SHA1 hashes:  len = 98
0000: 01 03 01 00 39 00 00 00   20 00 00 04 01 00 80 00  ....9... .......
0010: 00 05 00 00 2F 00 00 33   00 00 32 00 00 0A 07 00  ..../..3..2.....
0020: C0 00 00 16 00 00 13 00   00 09 06 00 40 00 00 15  ............@...
0030: 00 00 12 00 00 03 02 00   80 00 00 08 00 00 14 00  ................
0040: 00 11 42 AC 3B 65 F7 12   1A AE 01 54 4B CD 3E 22  ..B.;e.....TK.>"
0050: 16 E3 4E 80 C7 C0 42 4A   AF 59 F3 26 28 2D 07 9E  ..N...BJ.Y.&(-..
0060: FE 43                                              .C
main, WRITE: SSLv2 client hello message, length = 98
[Raw write]: length = 100
0000: 80 62 01 03 01 00 39 00   00 00 20 00 00 04 01 00  .b....9... .....
0010: 80 00 00 05 00 00 2F 00   00 33 00 00 32 00 00 0A  ....../..3..2...
0020: 07 00 C0 00 00 16 00 00   13 00 00 09 06 00 40 00  ..............@.
0030: 00 15 00 00 12 00 00 03   02 00 80 00 00 08 00 00  ................
0040: 14 00 00 11 42 AC 3B 65   F7 12 1A AE 01 54 4B CD  ....B.;e.....TK.
0050: 3E 22 16 E3 4E 80 C7 C0   42 4A AF 59 F3 26 28 2D  >"..N...BJ.Y.&(-
0060: 07 9E FE 43                                        ...C
[Raw read]: length = 5
0000: 16 03 01 04 A3                                     .....
[Raw read]: length = 1187
0000: 02 00 00 46 03 01 42 AC   3B 65 A5 2E F5 8E 52 35  ...F..B.;e....R5
0010: 69 16 E1 5F 91 C0 84 49   F8 B8 27 BE AD 9D A2 C3  i.._...I..'.....
0020: D5 1D 06 DC ED 4E 20 42   AC 3B 65 C8 D5 12 E2 44  .....N B.;e....D
0030: 6A DF C2 A6 75 CD F6 9F   58 C0 D0 57 F7 85 7D 41  j...u...X..W...A
0040: 4B 4D C7 81 BA 8B F3 00   32 00 0B 00 03 16 00 03  KM......2.......
0050: 13 00 03 10 30 82 03 0C   30 82 02 CA 02 04 42 A9  ....0...0.....B.
0060: FD 72 30 0B 06 07 2A 86   48 CE 38 04 03 05 00 30  .r0...*.H.8....0
0070: 6C 31 10 30 0E 06 03 55   04 06 13 07 55 6E 6B 6E  l1.0...U....Unkn
0080: 6F 77 6E 31 10 30 0E 06   03 55 04 08 13 07 55 6E  own1.0...U....Un
0090: 6B 6E 6F 77 6E 31 10 30   0E 06 03 55 04 07 13 07  known1.0...U....
00A0: 55 6E 6B 6E 6F 77 6E 31   10 30 0E 06 03 55 04 0A  Unknown1.0...U..
00B0: 13 07 55 6E 6B 6E 6F 77   6E 31 10 30 0E 06 03 55  ..Unknown1.0...U
00C0: 04 0B 13 07 55 6E 6B 6E   6F 77 6E 31 10 30 0E 06  ....Unknown1.0..
00D0: 03 55 04 03 13 07 55 6E   6B 6E 6F 77 6E 30 1E 17  .U....Unknown0..
00E0: 0D 30 35 30 36 31 30 32   30 35 32 30 32 5A 17 0D  .050610205202Z..
00F0: 33 32 31 30 32 35 32 30   35 32 30 32 5A 30 6C 31  321025205202Z0l1
0100: 10 30 0E 06 03 55 04 06   13 07 55 6E 6B 6E 6F 77  .0...U....Unknow
0110: 6E 31 10 30 0E 06 03 55   04 08 13 07 55 6E 6B 6E  n1.0...U....Unkn
0120: 6F 77 6E 31 10 30 0E 06   03 55 04 07 13 07 55 6E  own1.0...U....Un
0130: 6B 6E 6F 77 6E 31 10 30   0E 06 03 55 04 0A 13 07  known1.0...U....
0140: 55 6E 6B 6E 6F 77 6E 31   10 30 0E 06 03 55 04 0B  Unknown1.0...U..
0150: 13 07 55 6E 6B 6E 6F 77   6E 31 10 30 0E 06 03 55  ..Unknown1.0...U
0160: 04 03 13 07 55 6E 6B 6E   6F 77 6E 30 82 01 B7 30  ....Unknown0...0
0170: 82 01 2C 06 07 2A 86 48   CE 38 04 01 30 82 01 1F  ..,..*.H.8..0...
0180: 02 81 81 00 FD 7F 53 81   1D 75 12 29 52 DF 4A 9C  ......S..u.)R.J.
0190: 2E EC E4 E7 F6 11 B7 52   3C EF 44 00 C3 1E 3F 80  .......R<.D...?.
01A0: B6 51 26 69 45 5D 40 22   51 FB 59 3D 8D 58 FA BF  .Q&iE]@"Q.Y=.X..
01B0: C5 F5 BA 30 F6 CB 9B 55   6C D7 81 3B 80 1D 34 6F  ...0...Ul..;..4o
01C0: F2 66 60 B7 6B 99 50 A5   A4 9F 9F E8 04 7B 10 22  .f`.k.P........"
01D0: C2 4F BB A9 D7 FE B7 C6   1B F8 3B 57 E7 C6 A8 A6  .O........;W....
01E0: 15 0F 04 FB 83 F6 D3 C5   1E C3 02 35 54 13 5A 16  ...........5T.Z.
01F0: 91 32 F6 75 F3 AE 2B 61   D7 2A EF F2 22 03 19 9D  .2.u..+a.*.."...
0200: D1 48 01 C7 02 15 00 97   60 50 8F 15 23 0B CC B2  .H......`P..#...
0210: 92 B9 82 A2 EB 84 0B F0   58 1C F5 02 81 81 00 F7  ........X.......
0220: E1 A0 85 D6 9B 3D DE CB   BC AB 5C 36 B8 57 B9 79  .....=....\6.W.y
0230: 94 AF BB FA 3A EA 82 F9   57 4C 0B 3D 07 82 67 51  ....:...WL.=..gQ
0240: 59 57 8E BA D4 59 4F E6   71 07 10 81 80 B4 49 16  YW...YO.q.....I.
0250: 71 23 E8 4C 28 16 13 B7   CF 09 32 8C C8 A6 E1 3C  q#.L(.....2....<
0260: 16 7A 8B 54 7C 8D 28 E0   A3 AE 1E 2B B3 A6 75 91  .z.T..(....+..u.
0270: 6E A3 7F 0B FA 21 35 62   F1 FB 62 7A 01 24 3B CC  n....!5b..bz.$;.
0280: A4 F1 BE A8 51 90 89 A8   83 DF E1 5A E5 9F 06 92  ....Q......Z....
0290: 8B 66 5E 80 7B 55 25 64   01 4C 3B FE CF 49 2A 03  .f^..U%d.L;..I*.
02A0: 81 84 00 02 81 80 23 29   3B 0F C2 5B 8A 26 54 C6  ......#);..[.&T.
02B0: D7 75 2E CD 74 8D 09 84   CE 5B FD 19 97 40 DF EB  .u..t....[...@..
02C0: 30 16 1E DF 10 31 45 78   CD D5 6F F7 85 AD EF F1  0....1Ex..o.....
02D0: ED 24 17 BC AA BA A1 C1   68 47 A2 DA E0 9A 03 2F  .$......hG...../
02E0: 2C 1A AC 82 A5 73 2F A3   28 50 E6 33 D7 65 32 5F  ,....s/.(P.3.e2_
02F0: DA CE C2 93 35 15 B8 88   7F C1 3B 39 57 E8 52 6D  ....5.....;9W.Rm
0300: 97 41 C5 7D 70 22 88 3E   73 B6 E0 DB F3 A7 00 8F  .A..p".>s.......
0310: 32 E8 C0 73 D4 DA 9A AE   DD B5 26 FD 9C F4 C5 6D  2..s......&....m
0320: EE 1A 6D 30 C9 91 30 0B   06 07 2A 86 48 CE 38 04  ..m0..0...*.H.8.
0330: 03 05 00 03 2F 00 30 2C   02 14 70 64 06 0F C4 6C  ..../.0,..pd...l
0340: 13 19 7E 43 9C F8 CA DE   67 7F F8 3F 9F E2 02 14  ...C....g..?....
0350: 47 A7 01 B3 81 22 B8 C9   41 4C 6A 61 73 0B 1C 2E  G...."..ALjas...
0360: D6 22 FA 70 0C 00 01 37   00 80 F4 88 FD 58 4E 49  .".p...7.....XNI
0370: DB CD 20 B4 9D E4 91 07   36 6B 33 6C 38 0D 45 1D  .. .....6k3l8.E.
0380: 0F 7C 88 B3 1C 7C 5B 2D   8E F6 F3 C9 23 C0 43 F0  ......[-....#.C.
0390: A5 5B 18 8D 8E BB 55 8C   B8 5D 38 D3 34 FD 7C 17  .[....U..]8.4...
03A0: 57 43 A3 1D 18 6C DE 33   21 2C B5 2A FF 3C E1 B1  WC...l.3!,.*.<..
03B0: 29 40 18 11 8D 7C 84 A7   0A 72 D6 86 C4 03 19 C8  )@.......r......
03C0: 07 29 7A CA 95 0C D9 96   9F AB D0 0A 50 9B 02 46  .)z.........P..F
03D0: D3 08 3D 66 A4 5D 41 9F   9C 7C BD 89 4B 22 19 26  ..=f.]A.....K".&
03E0: BA AB A2 5E C3 55 E9 2F   78 C7 00 01 02 00 80 5A  ...^.U./x......Z
03F0: DE 13 99 37 01 59 72 4F   39 73 12 6A 8D DD 48 39  ...7.YrO9s.j..H9
0400: 41 61 A3 E8 D2 A1 DD 93   B1 97 DA 34 93 25 35 C8  Aa.........4.%5.
0410: 2F 93 FB 93 06 5A C2 F3   17 F0 40 E9 CF CA 91 DB  /....Z....@.....
0420: 94 21 B8 DE E7 8F 53 DA   77 D5 A8 AA F6 DA F3 A3  .!....S.w.......
0430: 07 CA 7B 2C E7 84 39 CE   1F 8F 0C 89 C8 BF D2 2E  ...,..9.........
0440: F5 0F C4 8F 36 BE 21 15   F5 E4 75 11 A3 BA AD 26  ....6.!...u....&
0450: 52 7F 8E B0 4C 38 9D E5   1E B1 3A 7A BC 0B D9 75  R...L8....:z...u
0460: F8 0B 29 C6 36 AC 3A 94   91 35 9F 13 28 E3 CA 00  ..).6.:..5..(...
0470: 2E 30 2C 02 14 79 BB FB   F6 E7 80 26 67 BB 59 35  .0,..y.....&g.Y5
0480: 9D 10 BB 27 56 EE DF 90   FC 02 14 33 2D 12 E4 C4  ...'V......3-...
0490: 17 6A 85 A8 6A 16 FE A3   B4 BC B6 1A E8 A0 B2 0E  .j..j...........
04A0: 00 00 00                                           ...
main, READ: TLSv1 Handshake, length = 1187
*** ServerHello, TLSv1
RandomCookie:  GMT: 1101806437 bytes = { 165, 46, 245, 142, 82, 53, 105, 
22, 225, 95, 145, 192, 132, 73, 248, 184, 39, 190, 173, 157, 162, 195, 
213, 29, 6, 220, 237, 78 }
Session ID:  {66, 172, 59, 101, 200, 213, 18, 226, 68, 106, 223, 194, 
166, 117, 205, 246, 159, 88, 192, 208, 87, 247, 133, 125, 65, 75, 77, 
199, 129, 186, 139, 243}
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA
Compression Method: 0
***
%% Created:  [Session-1, TLS_DHE_DSS_WITH_AES_128_CBC_SHA]
** TLS_DHE_DSS_WITH_AES_128_CBC_SHA
[read] MD5 and SHA1 hashes:  len = 74
0000: 02 00 00 46 03 01 42 AC   3B 65 A5 2E F5 8E 52 35  ...F..B.;e....R5
0010: 69 16 E1 5F 91 C0 84 49   F8 B8 27 BE AD 9D A2 C3  i.._...I..'.....
0020: D5 1D 06 DC ED 4E 20 42   AC 3B 65 C8 D5 12 E2 44  .....N B.;e....D
0030: 6A DF C2 A6 75 CD F6 9F   58 C0 D0 57 F7 85 7D 41  j...u...X..W...A
0040: 4B 4D C7 81 BA 8B F3 00   32 00                    KM......2.
*** Certificate chain
chain [0] = [
[
   Version: V1
   Subject: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, 
C=Unknown
   Signature Algorithm: SHA1withDSA, OID = 1.2.840.10040.4.3

   Key:  Sun DSA Public Key
     Parameters:DSA
	p:     fd7f5381 1d751229 52df4a9c 2eece4e7 f611b752 3cef4400 c31e3f80 
b6512669
     455d4022 51fb593d 8d58fabf c5f5ba30 f6cb9b55 6cd7813b 801d346f f26660b7
     6b9950a5 a49f9fe8 047b1022 c24fbba9 d7feb7c6 1bf83b57 e7c6a8a6 150f04fb
     83f6d3c5 1ec30235 54135a16 9132f675 f3ae2b61 d72aeff2 2203199d d14801c7
	q:     9760508f 15230bcc b292b982 a2eb840b f0581cf5
	g:     f7e1a085 d69b3dde cbbcab5c 36b857b9 7994afbb fa3aea82 f9574c0b 
3d078267
     5159578e bad4594f e6710710 8180b449 167123e8 4c281613 b7cf0932 8cc8a6e1
     3c167a8b 547c8d28 e0a3ae1e 2bb3a675 916ea37f 0bfa2135 62f1fb62 7a01243b
     cca4f1be a8519089 a883dfe1 5ae59f06 928b665e 807b5525 64014c3b fecf492a

   y:
     23293b0f c25b8a26 54c6d775 2ecd748d 0984ce5b fd199740 dfeb3016 1edf1031
     4578cdd5 6ff785ad eff1ed24 17bcaaba a1c16847 a2dae09a 032f2c1a ac82a573
     2fa32850 e633d765 325fdace c2933515 b8887fc1 3b3957e8 526d9741 c57d7022
     883e73b6 e0dbf3a7 008f32e8 c073d4da 9aaeddb5 26fd9cf4 c56dee1a 6d30c991

   Validity: [From: Fri Jun 10 16:52:02 EDT 2005,
                To: Mon Oct 25 16:52:02 EDT 2032]
   Issuer: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, 
C=Unknown
   SerialNumber: [    42a9fd72]

]
   Algorithm: [SHA1withDSA]
   Signature:
0000: 30 2C 02 14 70 64 06 0F   C4 6C 13 19 7E 43 9C F8  0,..pd...l...C..
0010: CA DE 67 7F F8 3F 9F E2   02 14 47 A7 01 B3 81 22  ..g..?....G...."
0020: B8 C9 41 4C 6A 61 73 0B   1C 2E D6 22 FA 70        ..ALjas....".p

]
***
Found trusted certificate:
[
[
   Version: V1
   Subject: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, 
C=Unknown
   Signature Algorithm: SHA1withDSA, OID = 1.2.840.10040.4.3

   Key:  Sun DSA Public Key
     Parameters:DSA
	p:     fd7f5381 1d751229 52df4a9c 2eece4e7 f611b752 3cef4400 c31e3f80 
b6512669
     455d4022 51fb593d 8d58fabf c5f5ba30 f6cb9b55 6cd7813b 801d346f f26660b7
     6b9950a5 a49f9fe8 047b1022 c24fbba9 d7feb7c6 1bf83b57 e7c6a8a6 150f04fb
     83f6d3c5 1ec30235 54135a16 9132f675 f3ae2b61 d72aeff2 2203199d d14801c7
	q:     9760508f 15230bcc b292b982 a2eb840b f0581cf5
	g:     f7e1a085 d69b3dde cbbcab5c 36b857b9 7994afbb fa3aea82 f9574c0b 
3d078267
     5159578e bad4594f e6710710 8180b449 167123e8 4c281613 b7cf0932 8cc8a6e1
     3c167a8b 547c8d28 e0a3ae1e 2bb3a675 916ea37f 0bfa2135 62f1fb62 7a01243b
     cca4f1be a8519089 a883dfe1 5ae59f06 928b665e 807b5525 64014c3b fecf492a

   y:
     23293b0f c25b8a26 54c6d775 2ecd748d 0984ce5b fd199740 dfeb3016 1edf1031
     4578cdd5 6ff785ad eff1ed24 17bcaaba a1c16847 a2dae09a 032f2c1a ac82a573
     2fa32850 e633d765 325fdace c2933515 b8887fc1 3b3957e8 526d9741 c57d7022
     883e73b6 e0dbf3a7 008f32e8 c073d4da 9aaeddb5 26fd9cf4 c56dee1a 6d30c991

   Validity: [From: Fri Jun 10 16:52:02 EDT 2005,
                To: Mon Oct 25 16:52:02 EDT 2032]
   Issuer: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, 
C=Unknown
   SerialNumber: [    42a9fd72]

]
   Algorithm: [SHA1withDSA]
   Signature:
0000: 30 2C 02 14 70 64 06 0F   C4 6C 13 19 7E 43 9C F8  0,..pd...l...C..
0010: CA DE 67 7F F8 3F 9F E2   02 14 47 A7 01 B3 81 22  ..g..?....G...."
0020: B8 C9 41 4C 6A 61 73 0B   1C 2E D6 22 FA 70        ..ALjas....".p

]
[read] MD5 and SHA1 hashes:  len = 794
0000: 0B 00 03 16 00 03 13 00   03 10 30 82 03 0C 30 82  ..........0...0.
0010: 02 CA 02 04 42 A9 FD 72   30 0B 06 07 2A 86 48 CE  ....B..r0...*.H.
0020: 38 04 03 05 00 30 6C 31   10 30 0E 06 03 55 04 06  8....0l1.0...U..
0030: 13 07 55 6E 6B 6E 6F 77   6E 31 10 30 0E 06 03 55  ..Unknown1.0...U
0040: 04 08 13 07 55 6E 6B 6E   6F 77 6E 31 10 30 0E 06  ....Unknown1.0..
0050: 03 55 04 07 13 07 55 6E   6B 6E 6F 77 6E 31 10 30  .U....Unknown1.0
0060: 0E 06 03 55 04 0A 13 07   55 6E 6B 6E 6F 77 6E 31  ...U....Unknown1
0070: 10 30 0E 06 03 55 04 0B   13 07 55 6E 6B 6E 6F 77  .0...U....Unknow
0080: 6E 31 10 30 0E 06 03 55   04 03 13 07 55 6E 6B 6E  n1.0...U....Unkn
0090: 6F 77 6E 30 1E 17 0D 30   35 30 36 31 30 32 30 35  own0...050610205
00A0: 32 30 32 5A 17 0D 33 32   31 30 32 35 32 30 35 32  202Z..3210252052
00B0: 30 32 5A 30 6C 31 10 30   0E 06 03 55 04 06 13 07  02Z0l1.0...U....
00C0: 55 6E 6B 6E 6F 77 6E 31   10 30 0E 06 03 55 04 08  Unknown1.0...U..
00D0: 13 07 55 6E 6B 6E 6F 77   6E 31 10 30 0E 06 03 55  ..Unknown1.0...U
00E0: 04 07 13 07 55 6E 6B 6E   6F 77 6E 31 10 30 0E 06  ....Unknown1.0..
00F0: 03 55 04 0A 13 07 55 6E   6B 6E 6F 77 6E 31 10 30  .U....Unknown1.0
0100: 0E 06 03 55 04 0B 13 07   55 6E 6B 6E 6F 77 6E 31  ...U....Unknown1
0110: 10 30 0E 06 03 55 04 03   13 07 55 6E 6B 6E 6F 77  .0...U....Unknow
0120: 6E 30 82 01 B7 30 82 01   2C 06 07 2A 86 48 CE 38  n0...0..,..*.H.8
0130: 04 01 30 82 01 1F 02 81   81 00 FD 7F 53 81 1D 75  ..0.........S..u
0140: 12 29 52 DF 4A 9C 2E EC   E4 E7 F6 11 B7 52 3C EF  .)R.J........R<.
0150: 44 00 C3 1E 3F 80 B6 51   26 69 45 5D 40 22 51 FB  D...?..Q&iE]@"Q.
0160: 59 3D 8D 58 FA BF C5 F5   BA 30 F6 CB 9B 55 6C D7  Y=.X.....0...Ul.
0170: 81 3B 80 1D 34 6F F2 66   60 B7 6B 99 50 A5 A4 9F  .;..4o.f`.k.P...
0180: 9F E8 04 7B 10 22 C2 4F   BB A9 D7 FE B7 C6 1B F8  .....".O........
0190: 3B 57 E7 C6 A8 A6 15 0F   04 FB 83 F6 D3 C5 1E C3  ;W..............
01A0: 02 35 54 13 5A 16 91 32   F6 75 F3 AE 2B 61 D7 2A  .5T.Z..2.u..+a.*
01B0: EF F2 22 03 19 9D D1 48   01 C7 02 15 00 97 60 50  .."....H......`P
01C0: 8F 15 23 0B CC B2 92 B9   82 A2 EB 84 0B F0 58 1C  ..#...........X.
01D0: F5 02 81 81 00 F7 E1 A0   85 D6 9B 3D DE CB BC AB  ...........=....
01E0: 5C 36 B8 57 B9 79 94 AF   BB FA 3A EA 82 F9 57 4C  \6.W.y....:...WL
01F0: 0B 3D 07 82 67 51 59 57   8E BA D4 59 4F E6 71 07  .=..gQYW...YO.q.
0200: 10 81 80 B4 49 16 71 23   E8 4C 28 16 13 B7 CF 09  ....I.q#.L(.....
0210: 32 8C C8 A6 E1 3C 16 7A   8B 54 7C 8D 28 E0 A3 AE  2....<.z.T..(...
0220: 1E 2B B3 A6 75 91 6E A3   7F 0B FA 21 35 62 F1 FB  .+..u.n....!5b..
0230: 62 7A 01 24 3B CC A4 F1   BE A8 51 90 89 A8 83 DF  bz.$;.....Q.....
0240: E1 5A E5 9F 06 92 8B 66   5E 80 7B 55 25 64 01 4C  .Z.....f^..U%d.L
0250: 3B FE CF 49 2A 03 81 84   00 02 81 80 23 29 3B 0F  ;..I*.......#);.
0260: C2 5B 8A 26 54 C6 D7 75   2E CD 74 8D 09 84 CE 5B  .[.&T..u..t....[
0270: FD 19 97 40 DF EB 30 16   1E DF 10 31 45 78 CD D5  ...@..0....1Ex..
0280: 6F F7 85 AD EF F1 ED 24   17 BC AA BA A1 C1 68 47  o......$......hG
0290: A2 DA E0 9A 03 2F 2C 1A   AC 82 A5 73 2F A3 28 50  ...../,....s/.(P
02A0: E6 33 D7 65 32 5F DA CE   C2 93 35 15 B8 88 7F C1  .3.e2_....5.....
02B0: 3B 39 57 E8 52 6D 97 41   C5 7D 70 22 88 3E 73 B6  ;9W.Rm.A..p".>s.
02C0: E0 DB F3 A7 00 8F 32 E8   C0 73 D4 DA 9A AE DD B5  ......2..s......
02D0: 26 FD 9C F4 C5 6D EE 1A   6D 30 C9 91 30 0B 06 07  &....m..m0..0...
02E0: 2A 86 48 CE 38 04 03 05   00 03 2F 00 30 2C 02 14  *.H.8...../.0,..
02F0: 70 64 06 0F C4 6C 13 19   7E 43 9C F8 CA DE 67 7F  pd...l...C....g.
0300: F8 3F 9F E2 02 14 47 A7   01 B3 81 22 B8 C9 41 4C  .?....G...."..AL
0310: 6A 61 73 0B 1C 2E D6 22   FA 70                    jas....".p
*** Diffie-Hellman ServerKeyExchange
DH Modulus:  { 244, 136, 253, 88, 78, 73, 219, 205, 32, 180, 157, 228, 
145, 7, 54, 107, 51, 108, 56, 13, 69, 29, 15, 124, 136, 179, 28, 124, 
91, 45, 142, 246, 243, 201, 35, 192, 67, 240, 165, 91, 24, 141, 142, 
187, 85, 140, 184, 93, 56, 211, 52, 253, 124, 23, 87, 67, 163, 29, 24, 
108, 222, 51, 33, 44, 181, 42, 255, 60, 225, 177, 41, 64, 24, 17, 141, 
124, 132, 167, 10, 114, 214, 134, 196, 3, 25, 200, 7, 41, 122, 202, 149, 
12, 217, 150, 159, 171, 208, 10, 80, 155, 2, 70, 211, 8, 61, 102, 164, 
93, 65, 159, 156, 124, 189, 137, 75, 34, 25, 38, 186, 171, 162, 94, 195, 
85, 233, 47, 120, 199 }
DH Base:  { 2 }
Server DH Public Key:  { 90, 222, 19, 153, 55, 1, 89, 114, 79, 57, 115, 
18, 106, 141, 221, 72, 57, 65, 97, 163, 232, 210, 161, 221, 147, 177, 
151, 218, 52, 147, 37, 53, 200, 47, 147, 251, 147, 6, 90, 194, 243, 23, 
240, 64, 233, 207, 202, 145, 219, 148, 33, 184, 222, 231, 143, 83, 218, 
119, 213, 168, 170, 246, 218, 243, 163, 7, 202, 123, 44, 231, 132, 57, 
206, 31, 143, 12, 137, 200, 191, 210, 46, 245, 15, 196, 143, 54, 190, 
33, 21, 245, 228, 117, 17, 163, 186, 173, 38, 82, 127, 142, 176, 76, 56, 
157, 229, 30, 177, 58, 122, 188, 11, 217, 117, 248, 11, 41, 198, 54, 
172, 58, 148, 145, 53, 159, 19, 40, 227, 202 }
Anonymous
[read] MD5 and SHA1 hashes:  len = 315
0000: 0C 00 01 37 00 80 F4 88   FD 58 4E 49 DB CD 20 B4  ...7.....XNI.. .
0010: 9D E4 91 07 36 6B 33 6C   38 0D 45 1D 0F 7C 88 B3  ....6k3l8.E.....
0020: 1C 7C 5B 2D 8E F6 F3 C9   23 C0 43 F0 A5 5B 18 8D  ..[-....#.C..[..
0030: 8E BB 55 8C B8 5D 38 D3   34 FD 7C 17 57 43 A3 1D  ..U..]8.4...WC..
0040: 18 6C DE 33 21 2C B5 2A   FF 3C E1 B1 29 40 18 11  .l.3!,.*.<..)@..
0050: 8D 7C 84 A7 0A 72 D6 86   C4 03 19 C8 07 29 7A CA  .....r.......)z.
0060: 95 0C D9 96 9F AB D0 0A   50 9B 02 46 D3 08 3D 66  ........P..F..=f
0070: A4 5D 41 9F 9C 7C BD 89   4B 22 19 26 BA AB A2 5E  .]A.....K".&...^
0080: C3 55 E9 2F 78 C7 00 01   02 00 80 5A DE 13 99 37  .U./x......Z...7
0090: 01 59 72 4F 39 73 12 6A   8D DD 48 39 41 61 A3 E8  .YrO9s.j..H9Aa..
00A0: D2 A1 DD 93 B1 97 DA 34   93 25 35 C8 2F 93 FB 93  .......4.%5./...
00B0: 06 5A C2 F3 17 F0 40 E9   CF CA 91 DB 94 21 B8 DE  .Z....@......!..
00C0: E7 8F 53 DA 77 D5 A8 AA   F6 DA F3 A3 07 CA 7B 2C  ..S.w..........,
00D0: E7 84 39 CE 1F 8F 0C 89   C8 BF D2 2E F5 0F C4 8F  ..9.............
00E0: 36 BE 21 15 F5 E4 75 11   A3 BA AD 26 52 7F 8E B0  6.!...u....&R...
00F0: 4C 38 9D E5 1E B1 3A 7A   BC 0B D9 75 F8 0B 29 C6  L8....:z...u..).
0100: 36 AC 3A 94 91 35 9F 13   28 E3 CA 00 2E 30 2C 02  6.:..5..(....0,.
0110: 14 79 BB FB F6 E7 80 26   67 BB 59 35 9D 10 BB 27  .y.....&g.Y5...'
0120: 56 EE DF 90 FC 02 14 33   2D 12 E4 C4 17 6A 85 A8  V......3-....j..
0130: 6A 16 FE A3 B4 BC B6 1A   E8 A0 B2                 j..........
*** ServerHelloDone
[read] MD5 and SHA1 hashes:  len = 4
0000: 0E 00 00 00                                        ....
*** ClientDiffieHellmanPublic
DH Public key:  { 49, 112, 13, 58, 155, 44, 213, 106, 221, 93, 177, 49, 
213, 115, 22, 189, 116, 101, 162, 202, 36, 254, 82, 41, 49, 220, 22, 
219, 195, 62, 33, 6, 249, 123, 52, 131, 111, 117, 184, 213, 214, 210, 
239, 9, 171, 49, 219, 236, 222, 26, 147, 229, 240, 183, 113, 68, 112, 
86, 20, 217, 220, 92, 238, 71, 173, 60, 104, 228, 12, 168, 136, 188, 
229, 207, 67, 246, 202, 116, 207, 24, 225, 239, 123, 228, 71, 63, 91, 
90, 130, 193, 63, 154, 82, 8, 240, 38, 87, 55, 241, 56, 97, 124, 10, 
156, 37, 92, 30, 10, 53, 245, 81, 147, 83, 152, 215, 114, 243, 209, 227, 
167, 237, 48, 204, 140, 206, 229, 75, 171 }
[write] MD5 and SHA1 hashes:  len = 134
0000: 10 00 00 82 00 80 31 70   0D 3A 9B 2C D5 6A DD 5D  ......1p.:.,.j.]
0010: B1 31 D5 73 16 BD 74 65   A2 CA 24 FE 52 29 31 DC  .1.s..te..$.R)1.
0020: 16 DB C3 3E 21 06 F9 7B   34 83 6F 75 B8 D5 D6 D2  ...>!...4.ou....
0030: EF 09 AB 31 DB EC DE 1A   93 E5 F0 B7 71 44 70 56  ...1........qDpV
0040: 14 D9 DC 5C EE 47 AD 3C   68 E4 0C A8 88 BC E5 CF  ...\.G.<h.......
0050: 43 F6 CA 74 CF 18 E1 EF   7B E4 47 3F 5B 5A 82 C1  C..t......G?[Z..
0060: 3F 9A 52 08 F0 26 57 37   F1 38 61 7C 0A 9C 25 5C  ?.R..&W7.8a...%\
0070: 1E 0A 35 F5 51 93 53 98   D7 72 F3 D1 E3 A7 ED 30  ..5.Q.S..r.....0
0080: CC 8C CE E5 4B AB                                  ....K.
main, WRITE: TLSv1 Handshake, length = 134
[Raw write]: length = 139
0000: 16 03 01 00 86 10 00 00   82 00 80 31 70 0D 3A 9B  ...........1p.:.
0010: 2C D5 6A DD 5D B1 31 D5   73 16 BD 74 65 A2 CA 24  ,.j.].1.s..te..$
0020: FE 52 29 31 DC 16 DB C3   3E 21 06 F9 7B 34 83 6F  .R)1....>!...4.o
0030: 75 B8 D5 D6 D2 EF 09 AB   31 DB EC DE 1A 93 E5 F0  u.......1.......
0040: B7 71 44 70 56 14 D9 DC   5C EE 47 AD 3C 68 E4 0C  .qDpV...\.G.<h..
0050: A8 88 BC E5 CF 43 F6 CA   74 CF 18 E1 EF 7B E4 47  .....C..t......G
0060: 3F 5B 5A 82 C1 javax.net.ssl.SSLException: Connection has been 
shutdown: javax.net.ssl.SSLException: java.lang.RuntimeException: Could 
not generate secret3F 9A 52   08 F0 26 57 37 F1 38 61  ?[Z..?.R..&W7.8a
0070: 7C 0A 9C 25 5C 1E 0A 35   F5 51 93 53 98 D7 72 F3  ...%\..5.Q.S..r.
0080: D1 E3 A7 ED 30 CC 8C CE   E5 4B AB                 ....0....K.
main, handling exception: java.lang.RuntimeException: Could not generate 
secret
main, SEND TLSv1 ALERT:  fatal, description = internal_error
main, WRITE: TLSv1 Alert, length = 2
[Raw write]: length = 7
0000: 15 03 01 00 02 02 50                               ......P
main, called closeSocket()

	at 
com.sun.net.ssl.internal.ssl.SSLSocketImpl.checkEOF(SSLSocketImpl.java:1154)
	at com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:65)
	at sun.nio.cs.StreamDecoder$CharsetSD.readBytes(StreamDecoder.java:411)
	at sun.nio.cs.StreamDecoder$CharsetSD.implRead(StreamDecoder.java:453)
	at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:183)
	at java.io.InputStreamReader.read(InputStreamReader.java:167)
	at java.io.BufferedReader.fill(BufferedReader.java:136)
	at java.io.BufferedReader.readLine(BufferedReader.java:299)
	at java.io.BufferedReader.readLine(BufferedReader.java:362)
	at junk.JSSE.main(JSSE.java:50)
Caused by: javax.net.ssl.SSLException: java.lang.RuntimeException: Could 
not generate secret
	at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:166)
	at 
com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476)
	at 
com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1443)
	at 
com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1426)
	at 
com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:64)
	at sun.nio.cs.StreamEncoder$CharsetSE.writeBytes(StreamEncoder.java:336)
	at 
sun.nio.cs.StreamEncoder$CharsetSE.implFlushBuffer(StreamEncoder.java:404)
	at sun.nio.cs.StreamEncoder$CharsetSE.implFlush(StreamEncoder.java:408)
	at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:152)
	at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:213)
	at java.io.BufferedWriter.flush(BufferedWriter.java:236)
	at java.io.PrintWriter.flush(PrintWriter.java:270)
	at junk.JSSE.main(JSSE.java:41)
Caused by: java.lang.RuntimeException: Could not generate secret
	at 
com.sun.net.ssl.internal.ssl.DHKeyExchange.getAgreedSecret(DHKeyExchange.java:174)
	at 
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:584)
	at 
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:160)
	at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
	at 
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
	at 
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:815)
	at 
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025)
	at 
com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:619)
	at 
com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
	... 8 more
Caused by: java.security.NoSuchAlgorithmException: DiffieHellman 
KeyFactory not available
	at java.security.KeyFactory.<init>(KeyFactory.java:108)
	at java.security.KeyFactory.getInstance(KeyFactory.java:135)
	at 
com.sun.net.ssl.internal.ssl.DHKeyExchange.getAgreedSecret(DHKeyExchange.java:164)
	... 16 more
Error reading: javax.net.ssl.SSLException: Connection has been shutdown: 
javax.net.ssl.SSLException: java.lang.RuntimeException: Could not 
generate secret

Error reading: javax.net.ssl.SSLException: Connection has been shutdown: 
javax.net.ssl.SSLException: java.lang.RuntimeException: Could not 
generate secret

Jan Peter Stotz wrote:
> Boris Tabenkin schrieb:
> 
> 
>>So are you saying that if this code runs in a browser, everyone will 
>>have to import the public certificate?
> 
> 
> If you are using a self-signed certificate, yes. If you buy a
> SSL-Certificate from Thawte, Verisign or another trustcenter that has its
> trusted root certificate shipped with the JVM you don't have to do it.
> 
> The public key certificates is needed to verify the identity of the
> endpoint. Everybody can create self-signed certificates (even the bad guys
> like phishers). For that reason it is untrusted by default.
>  
> 
>>As fasr as importing, in the control panel there are four chocies:
>>"Trusted Certificates",
> 
> 
> Thats the one.
> 
> 
>>Once again, though, the applet does give you a dialog box to choose to 
>>accepth an unknow certificate, why can't my own program do something 
>>similar.
> 
> 
> This dialog box is part of your browser, not of the applet.
> 
> If you don't want to install your self-signed certificate everywhere,
> create a trusted keystore as separate file and add it during runtime of
> your program as trusted keystore:
> 
> System.setProperty("javax.net.ssl.trustStore", "<keystorefilename>");
> 
> Jan
0
Boris
6/12/2005 1:44:11 PM
Boris Tabenkin schrieb:

Please limit your posts to what is necessary (including the fullquote of my
posting): 

> Caused by: java.security.NoSuchAlgorithmException: DiffieHellman 
> KeyFactory not available
> 	at java.security.KeyFactory.<init>(KeyFactory.java:108)
> 	at java.security.KeyFactory.getInstance(KeyFactory.java:135)
> 	at 

NoSuchAlgorithmException: Make sure on the target platform is a
cryptographic provider available that implements the DiffieHellman
algorithm. The Sun-JCE should do it. It is included in JRE1.4 and above.

Jan
0
Jan
6/12/2005 2:01:04 PM
Jan,

First aof all I would like to thanks you, this has been really informative.

I tried setting the keystore and with jdk1.4.2 it works fine, with 
jdk1.5 you get the can't create secret error, but thats ok for now.
Jan Peter Stotz wrote:
> Boris Tabenkin schrieb:
> 
> 
>>So are you saying that if this code runs in a browser, everyone will 
>>have to import the public certificate?
> 
> 
> If you are using a self-signed certificate, yes. If you buy a
> SSL-Certificate from Thawte, Verisign or another trustcenter that has its
> trusted root certificate shipped with the JVM you don't have to do it.
> 
> The public key certificates is needed to verify the identity of the
> endpoint. Everybody can create self-signed certificates (even the bad guys
> like phishers). For that reason it is untrusted by default.
>  
> 
>>As fasr as importing, in the control panel there are four chocies:
>>"Trusted Certificates",
> 
> 
> Thats the one.
> 
> 
>>Once again, though, the applet does give you a dialog box to choose to 
>>accepth an unknow certificate, why can't my own program do something 
>>similar.
> 
> 
> This dialog box is part of your browser, not of the applet.
> 
> If you don't want to install your self-signed certificate everywhere,
> create a trusted keystore as separate file and add it during runtime of
> your program as trusted keystore:
> 
> System.setProperty("javax.net.ssl.trustStore", "<keystorefilename>");
> 
> Jan
0
Boris
6/12/2005 2:06:11 PM
Try this code, don't know if this still works with current Apache 
Common-http client source but give it a try. ApacheHttpClient has own 
wrapper to the described "hostnameverifier" mechanism.

/*
  * ====================================================================
  *
  *  Copyright 2002-2004 The Apache Software Foundation
  *
  *  Licensed under the Apache License, Version 2.0 (the "License");
  *  you may not use this file except in compliance with the License.
  *  You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  *  Unless required by applicable law or agreed to in writing, software
  *  distributed under the License is distributed on an "AS IS" BASIS,
  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 
implied.
  *  See the License for the specific language governing permissions and
  *  limitations under the License.
  * ====================================================================
  *
  * This software consists of voluntary contributions made by many
  * individuals on behalf of the Apache Software Foundation.  For more
  * information on the Apache Software Foundation, please see
  * <http://www.apache.org/>.
  *
  * [Additional notices, if required by prior licensing conditions]
  *
  */

package org.apache.commons.httpclient.contrib.ssl;

import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;

/**
  * Usage:
  * <blockquote>
  *   1) register a common protocol handler
  *     Protocol.registerProtocol("https",
  *        new Protocol("https", new 
SelfSignedSSLProtocolSocketFactory(), 443));
  *
  *   2) register per client instance
  *      Protocol httpsProtocol = new Protocol(
  *        "https", new SelfSignedSSLProtocolSocketFactory(), 443);
  *      HttpClient client = new HttpClient();
  *      client.getHostConfiguration().setHost("localhost", 443, 
httpsProtocol);
  * </blockquote>
  */
public class SelfSignedSSLProtocolSocketFactory implements 
SecureProtocolSocketFactory {

    private static class TM implements X509TrustManager {
       public X509Certificate[] getAcceptedIssuers() {
          return new X509Certificate[0];
       }

       public void checkClientTrusted(X509Certificate[] arg0, String 
arg1) throws CertificateException {
       }

       public void checkServerTrusted(X509Certificate[] arg0, String 
arg1) throws CertificateException {
       }
    }

    private static SSLSocketFactory getSocketFactory() {
       try {
          SSLContext context = SSLContext.getInstance("SSL");
          context.init(null, new TrustManager[] {new TM()}, null);
          return context.getSocketFactory();
       } catch (Exception e) {
          throw new RuntimeException(e);
       }
    }

    public Socket createSocket(String host, int port, InetAddress 
clientHost, int clientPort) throws IOException, UnknownHostException {
       return getSocketFactory().createSocket(host, port, clientHost, 
clientPort);
    }

    public Socket createSocket(String host, int port)
          throws IOException, UnknownHostException {
       return getSocketFactory().createSocket(host, port);
    }

    public Socket createSocket(Socket socket, String host, int port,
          boolean autoClose) throws IOException, UnknownHostException {
       return getSocketFactory().createSocket(socket, host, port, 
autoClose);
    }
}



> I am trying to something very simple, or so I thought it would be, but 
> alas...
> I have a n application that uses apache common-http client. This client 
> is built into a stand alone java program which tries to open a https 
> connection. The server that its trying to talk to is tomcat running ssl 
> with a self signed (keytool -selfcert..) certificate.
0
AWieminer
7/1/2005 5:45:26 AM
Reply:

Web resources about - Simple SSL problem - comp.lang.java.security

Problem novel - Wikipedia, the free encyclopedia
Working class, or proletarian novels are often also social problem novels . This was in many ways a reaction to rapid industrialization , and ...

Thermomix, Dyson, HTC: The ethical problem with our electronics
IT IS the dirty price we pay for our electronic goods.

Scion FR-S recalled for key interlock problem
Filed under: Recalls , Scion , Safety , Coupe , Performance Scion is recalling the 2013-2016 FR-S because drivers with an automatic gearbox might ...

It’s a Societal Addiction Problem When It is White People
And a crime spree when they are black. The front page of my local tv station’s website has this taking up valuable real estate : From the comments ...

The problem with current 'smart' access control systems
... an access card? There’s a chance it could get into the wrong hands. This is certainly an issue for concern, but the true root of the problem ...

Maersk CEO warns about problems facing global trade - Business Insider Deutschland
The CEO of the world's biggest shipping company warned that conditions for global trade were worse than during the height of the 2008 financial ...

New Hampshire has a big drug problem
For the first time since 2008, New Hampshire residents see a bigger problem than jobs and the economy for the state.

Maybe they finally realized there IS a problem?
... and then that space disappeared over the weekend." The official word from IT is that fish needs a new, bigger hard drive to fix the problem. ...

Banks Mail Out Pre-Activated Credit Cards, Don’t See The Problem
... that Bank of America had to learn along with consumers how this “revolving credit” thing would work. They found that card theft was a problem, ...

Cisco ASA firewall has a wormable problem
CSO Online Cisco ASA firewall has a wormable problem CSO Online It has been a rough couple of weeks for security vendors. Juniper with their ...

Resources last updated: 2/11/2016 3:24:11 PM