Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-7156553

TLS session terminated by mobile device after upgrading 1.7.0 from 1.6.0

XMLWordPrintable

      FULL PRODUCT VERSION :
      Java(TM) SE Runtime Environment (build 1.7.0_03-b04)
      Java HotSpot(TM) Server VM (build 22.1-b02, mixed mode)


      ADDITIONAL OS VERSION INFORMATION :
      SunOS v245gw2 5.10 Generic_141414-10 sun4u sparc SUNW,Sun-Fire-V245

      A DESCRIPTION OF THE PROBLEM :
      Our application creates a tls server socket which is accessed by mobile device, it was working with jre 1.6.0_27 but not working with 1.6.0_31 and higher versions including 1.7.0_04. It is reported from mobile device vendors that packet size is wrong, below is the tls debug info for both 1.6.0_27 and 1.6.0_31;

      =================== 1.6.0_27 ===================
      Finalizer, called close()
      Finalizer, called closeInternal(true)
      Mar 23, 2012 6:23:58 PM org.apache.coyote.http11.Http11Protocol start
      INFO: Starting Coyote HTTP/1.1 on http-8080
      Mar 23, 2012 6:23:58 PM org.apache.jk.common.ChannelSocket init
      INFO: JK: ajp13 listening on /0.0.0.0:8009
      Mar 23, 2012 6:23:58 PM org.apache.jk.server.JkMain start
      INFO: Jk running ID=0 time=0/70 config=null
      Mar 23, 2012 6:23:58 PM org.apache.catalina.startup.Catalina start
      INFO: Server startup in 17760 ms
      Allow unsafe renegotiation: false
      Allow legacy hello messages: true
      Is initial handshake: true
      Is secure renegotiation: false
      SSLSocketListener:7275, setSoTimeout(1000) called
      [Raw read]: length = 5
      0000: 16 03 01 00 45 ....E
      [Raw read]: length = 69
      0000: 01 00 00 41 03 01 4F 6C A3 D0 D9 5A 75 FE 79 0A ...A..Ol...Zu.y.
      0010: 72 B0 80 CD 9A 94 FC 5B CF FB 75 49 86 A2 1A 92 r......[..uI....
      0020: FB 0B CA 6B EA BF 00 00 1A 00 35 00 2F 00 0A 00 ...k......5./...
      0030: 16 00 13 00 05 00 04 00 09 00 12 00 08 00 03 00 ................
      0040: 11 00 14 01 00 .....
      pool-20-thread-1, READ: TLSv1 Handshake, length = 69
      *** ClientHello, TLSv1
      RandomCookie: GMT: 1332454096 bytes = { 217, 90, 117, 254, 121, 10, 114, 176, 128, 205, 154, 148, 252, 91, 207, 251, 117, 73, 134, 162, 26, 146, 251, 11, 202, 107, 234, 191 }
      Session ID: {}
      Cipher Suites: [TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA]
      Compression Methods: { 0 }
      ***
      Warning: No renegotiation indication in ClientHello, allow legacy ClientHello
      [read] MD5 and SHA1 hashes: len = 69
      0000: 01 00 00 41 03 01 4F 6C A3 D0 D9 5A 75 FE 79 0A ...A..Ol...Zu.y.
      0010: 72 B0 80 CD 9A 94 FC 5B CF FB 75 49 86 A2 1A 92 r......[..uI....
      0020: FB 0B CA 6B EA BF 00 00 1A 00 35 00 2F 00 0A 00 ...k......5./...
      0030: 16 00 13 00 05 00 04 00 09 00 12 00 08 00 03 00 ................
      0040: 11 00 14 01 00 .....
      %% Created: [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]
      *** ServerHello, TLSv1
      RandomCookie: GMT: 1332454097 bytes = { 239, 228, 128, 15, 41, 248, 199, 164, 38, 34, 53, 112, 191, 197, 246, 49, 255, 76, 229, 195, 227, 92, 191, 72, 244, 248, 205, 30 }
      Session ID: {79, 108, 163, 209, 184, 114, 97, 180, 115, 39, 110, 53, 192, 228, 65, 16, 211, 248, 46, 18, 36, 53, 24, 212, 13, 238, 152, 161, 44, 51, 85, 146}
      Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA
      Compression Method: 0
      ***
      Cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA
      *** Certificate chain
      chain [0] = [
      [
        Version: V3
        Subject: CN=supl.oksijen.com, OU=Domain Validated, OU=Thawte SSL123 certificate, OU=Go to https://www.thawte.com/repository/index.html, O=supl.oksijen.com
        Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

        Key: SunPKCS11-Solaris RSA public key, 1024 bits (id 85629832, session object)
        modulus: 120598275309494828650775439122182490971314974575342901792485396175797849226277121851592853233827395922531208074888178314834470710699640438647970178816434399898627584108914505608176980008499085664214564719055962194153955275587611402977329362759107538999228807303416149258304360535491035210594226346396297578637
        public exponent: 65537
        Validity: [From: Tue Nov 29 02:00:00 EET 2011,
                     To: Tue Nov 27 01:59:59 EET 2012]
        Issuer: CN=Thawte DV SSL CA, OU=Domain Validated SSL, O="Thawte, Inc.", C=US
        SerialNumber: [ 4c9aeb87 b7fca2e3 46edb8de 3f12c7ac]

      Certificate Extensions: 4
      [1]: ObjectId: 2.5.29.31 Criticality=false
      CRLDistributionPoints [
        [DistributionPoint:
           [URIName: http://svr-dv-crl.thawte.com/ThawteDV.crl]
      ]]

      [2]: ObjectId: 2.5.29.37 Criticality=false
      ExtendedKeyUsages [
        serverAuth
        clientAuth
      ]

      [3]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
      AuthorityInfoAccess [
        [
         accessMethod: 1.3.6.1.5.5.7.48.1
         accessLocation: URIName: http://ocsp.thawte.com]
      ]

      [4]: ObjectId: 2.5.29.19 Criticality=true
      BasicConstraints:[
        CA:false
        PathLen: undefined
      ]

      ]
        Algorithm: [SHA1withRSA]
        Signature:
      0000: 2B 92 E3 A9 3B D3 07 CD FC 5B 9E 88 3B 34 39 0B +...;....[..;49.
      0010: C9 47 2A 03 05 9B 35 41 BF 3D 60 5D 88 FD D6 74 .G*...5A.=`]...t
      0020: F4 9B BB F0 49 2A 9B BC F4 10 C3 71 69 8D FA 6A ....I*.....qi..j
      0030: 87 B7 0B 08 97 16 2A 83 08 54 97 34 FA 20 0B 19 ......*..T.4. ..
      0040: 56 05 39 76 2A BA 20 7F CD 54 24 53 3F D1 06 1D V.9v*. ..T$S?...
      0050: 63 DE C1 6F 9C 06 1E 5C 14 A3 9D 52 13 F4 20 FB c..o...\...R.. .
      0060: F9 BF F4 1A 14 E7 3A A2 5D EE 81 B7 7E E0 DA AF ......:.].......
      0070: 95 04 27 60 A6 D6 4A 43 D5 76 1A B2 C5 21 07 FD ..'`..JC.v...!..
      0080: 6B 8B B5 B5 6F 28 AA 72 C3 A8 E2 31 BE D1 23 69 k...o(.r...1..#i
      0090: 29 01 18 02 79 51 D8 8F BE 28 C3 4E FC 76 42 2C )...yQ...(.N.vB,
      00A0: BC 01 E6 B6 5A F9 83 23 F0 42 01 77 0F 76 CD A2 ....Z..#.B.w.v..
      00B0: 4F 81 F4 2B 3C 63 CC 57 31 E1 F2 54 3C E5 D3 3C O..+<c.W1..T<..<
      00C0: 69 B9 DE 97 38 3F 18 C8 D3 88 F3 7B 88 C4 0A 2A i...8?.........*
      00D0: 3B D3 9D A3 42 07 0D 5D 35 AA C9 08 F2 80 87 A1 ;...B..]5.......
      00E0: 00 69 3C E8 CC 1A CA 8B F7 15 AF 23 0B 2E 70 F5 .i<........#..p.
      00F0: AE 8E D1 26 14 DB F7 77 05 D6 DC 54 EE 59 FF 13 ...&...w...T.Y..

      ]
      chain [1] = [
      [
        Version: V3
        Subject: CN=Thawte DV SSL CA, OU=Domain Validated SSL, O="Thawte, Inc.", C=US
        Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

        Key: SunPKCS11-Solaris RSA public key, 2048 bits (id 6198152, session object)
        modulus: 25701717484853491437424643587435384947655042879579017200377794747735174183061275533271946354928754299745436930612096732059592290036133242863382696145247614638515940329571878798930120591612643480548140260642028775565866916653370805995814318360170559409969976874936984219480826128934300421815326970163576991408271640964914878312951354774468261605313367681695404259766066048556173382828286811361298161501279248814379846142433083837533966218185592141533643687375820728335650809270604148582814639876630437931801822297685398714224714209072329881336663635057667849684253169486424858469933035820711409092091268640626960413269
        public exponent: 65537
        Validity: [From: Thu Feb 18 02:00:00 EET 2010,
                     To: Tue Feb 18 01:59:59 EET 2020]
        Issuer: CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
        SerialNumber: [ 7610128a 17b682bb 3a1f9d1a 9a35c092]

      Certificate Extensions: 7
      [1]: ObjectId: 2.5.29.14 Criticality=false
        SubjectKeyIdentifier [
      KeyIdentifier [
      0000: AB 44 E4 5D EC 83 C7 D9 C0 85 9F F7 E1 C6 97 90 .D.]............
      0010: B0 8C 3F 98 ..?.
      ]
      ]

      [2]: ObjectId: 2.5.29.35 Criticality=false
      AuthorityKeyIdentifier [
      KeyIdentifier [
      0000: 7B 5B 45 CF AF CE CB 7A FD 31 92 1A 6A B6 F3 46 .[E....z.1..j..F
      0010: EB 57 48 50 .WHP
      ]

      ]

      [3]: ObjectId: 2.5.29.17 Criticality=false
        SubjectAlternativeName [
        CN=VeriSignMPKI-2-11
      ]

      [4]: ObjectId: 2.5.29.31 Criticality=false
      CRLDistributionPoints [
        [DistributionPoint:
           [URIName: http://crl.thawte.com/ThawtePCA.crl]
      ]]

      [5]: ObjectId: 2.5.29.15 Criticality=true
      KeyUsage [
        Key_CertSign
        Crl_Sign
      ]

      [6]: ObjectId: 2.5.29.19 Criticality=true
      BasicConstraints:[
        CA:true
        PathLen:0
      ]

      [7]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
      AuthorityInfoAccess [
        [
         accessMethod: 1.3.6.1.5.5.7.48.1
         accessLocation: URIName: http://ocsp.thawte.com]
      ]

      ]
        Algorithm: [SHA1withRSA]
        Signature:
      0000: 04 BA FB AC BB FC 4B 54 11 A3 2D 88 B3 3C BD 00 ......KT..-..<..
      0010: 6D 8A 1A B6 8D C4 C1 83 F8 C7 53 2A C1 32 6E 3A m.........S*.2n:
      0020: 81 A1 54 7D DA 1A 3F 3A 45 4F 36 E7 42 B0 0A 42 ..T...?:EO6.B..B
      0030: 85 97 A0 AC FB E5 87 A7 83 4F E8 B1 B7 9B 58 65 .........O....Xe
      0040: 6E 26 80 0B 92 4D 47 55 B9 61 16 51 65 E9 2B F1 n&...MGU.a.Qe.+.
      0050: 68 D9 58 B8 03 81 D1 B7 66 1C D3 BC C5 A6 7B 5F h.X.....f......_
      0060: 3E C5 38 46 76 E7 75 B4 A0 0C 4B CE A2 C2 A9 C1 >.8Fv.u...K.....
      0070: CC 36 73 7B FB B9 24 24 A0 5E A7 F6 FA BB 0C 28 .6s...$$.^.....(
      0080: 43 9E 1D F0 4E F0 3F D8 24 B0 21 DC 6D 2D EE BF C...N.?.$.!.m-..
      0090: 5A 3B FA 88 9C 74 6C AF 21 DD 92 EC C3 15 EF 94 Z;...tl.!.......
      00A0: 75 26 46 D6 A6 3F BF 66 48 AA 1D EF DD 27 E6 B7 u&F..?.fH....'..
      00B0: 51 89 38 7D 13 84 0C 40 FC D0 B5 F1 E0 DB F9 4F Q.8....@.......O
      00C0: 2F 40 1C B4 8E 47 22 61 B8 4C 96 DE F0 5F 11 7E /@...G"a.L..._..
      00D0: 4F 11 D9 EC 50 47 22 0E C5 1D E2 64 49 E7 68 63 O...PG"....dI.hc
      00E0: 45 3A 8A D9 71 F4 5E F1 6E B7 14 4D 3E 6F 14 1E E:..q.^.n..M>o..
      00F0: DC 52 FE BC DF 0C BD 29 3F 76 FB 11 5F 68 68 15 .R.....)?v.._hh.

      ]
      chain [2] = [
      [
        Version: V3
        Subject: CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
        Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

        Key: SunPKCS11-Solaris RSA public key, 2048 bits (id 14331544, session object)
        modulus: 21792351585640198823010717570910971808469628036117065647538316584461104694117982485319401124457220049283378312411354535779127606968916044780332786260035481781765039797362215672421915437872814686294860940985466198627244991233897031307285975552662073780174254767374930165493818669253271286259780239288988465335988816384343753406049170266376223419710437879015046905429855225019948986073114815226362934518604529274034324266651314733393135633945096089333067879884414870938531015147310124871986717553381366235085215677397428475777665806913759265262907501168121945007318159396049901049180479495316851639382710767187677533597
        public exponent: 65537
        Validity: [From: Fri Nov 17 02:00:00 EET 2006,
                     To: Thu Dec 31 01:59:59 EET 2020]
        Issuer: EMAILADDRESS=###@###.###, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
        SerialNumber: [ 33655008 79ad73e2 30b9e01d 0d7fac91]

      Certificate Extensions: 5
      [1]: ObjectId: 2.5.29.14 Criticality=false
        SubjectKeyIdentifier [
      KeyIdentifier [
      0000: 7B 5B 45 CF AF CE CB 7A FD 31 92 1A 6A B6 F3 46 .[E....z.1..j..F
      0010: EB 57 48 50 .WHP
      ]
      ]

      [2]: ObjectId: 2.5.29.31 Criticality=false
      CRLDistributionPoints [
        [DistributionPoint:
           [URIName: http://crl.thawte.com/ThawtePremiumServerCA.crl]
      ]]

      [3]: ObjectId: 2.5.29.15 Criticality=true
      KeyUsage [
        Key_CertSign
        Crl_Sign
      ]

      [4]: ObjectId: 2.5.29.32 Criticality=false
      CertificatePolicies [
        [CertificatePolicyId: [2.5.29.32.0]
      [PolicyQualifierInfo: [
        qualifierID: 1.3.6.1.5.5.7.2.1
        qualifier: 0000: 16 1A 68 74 74 70 73 3A 2F 2F 77 77 77 2E 74 68 ..https://www.th
      0010: 61 77 74 65 2E 63 6F 6D 2F 63 70 73 awte.com/cps

      ]] ]
      ]

      [5]: ObjectId: 2.5.29.19 Criticality=true
      BasicConstraints:[
        CA:true
        PathLen:2147483647
      ]

      ]
        Algorithm: [SHA1withRSA]
        Signature:
      0000: 84 A8 4C C9 3E 2A BC 9A E2 CC 8F 0B B2 25 77 C4 ..L.>*.......%w.
      0010: 61 89 89 63 5A D4 A3 15 40 D4 FB 5E 3F B4 43 EA a..cZ...@..^?.C.
      0020: 63 17 2B 6B 99 74 9E 09 A8 DD D4 56 15 2E 7A 79 c.+k.t.....V..zy
      0030: 31 5F 63 96 53 1B 34 D9 15 EA 4F 6D 70 CA BE F6 1_c.S.4...Omp...
      0040: 82 A9 ED DA 85 77 CC 76 1C 6A 81 0A 21 D8 41 99 .....w.v.j..!.A.
      0050: 7F 5E 2E 82 C1 E8 AA F7 93 81 05 AA 92 B4 1F B7 .^..............
      0060: 9A C0 07 17 F5 CB C6 B4 4C 0E D7 56 DC 71 20 74 ........L..V.q t
      0070: 38 D6 74 C6 D6 8F 6B AF 8B 8D A0 6C 29 0B 61 E0 8.t...k....l).a.

      ]
      ***
      *** ServerHelloDone
      [write] MD5 and SHA1 hashes: len = 3318
      0000: 02 00 00 46 03 01 4F 6C A3 D1 EF E4 80 0F 29 F8 ...F..Ol......).
      0010: C7 A4 26 22 35 70 BF C5 F6 31 FF 4C E5 C3 E3 5C ..&"5p...1.L...0020: BF 48 F4 F8 CD 1E 20 4F 6C A3 D1 B8 72 61 B4 73 .H.... Ol...ra.s
      0030: 27 6E 35 C0 E4 41 10 D3 F8 2E 12 24 35 18 D4 0D 'n5..A.....$5...
      0040: EE 98 A1 2C 33 55 92 00 2F 00 0B 00 0C A4 00 0C ...,3U../.......
      0050: A1 00 03 BC 30 82 03 B8 30 82 02 A0 A0 03 02 01 ....0...0.......
      0060: 02 02 10 4C 9A EB 87 B7 FC A2 E3 46 ED B8 DE 3F ...L.......F...?
      0070: 12 C7 AC 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 ...0...*.H......
      0080: 05 00 30 5E 31 0B 30 09 06 03 55 04 06 13 02 55 ..0^1.0...U....U
      0090: 53 31 15 30 13 06 03 55 04 0A 13 0C 54 68 61 77 S1.0...U....Thaw
      00A0: 74 65 2C 20 49 6E 63 2E 31 1D 30 1B 06 03 55 04 te, Inc.1.0...U.
      00B0: 0B 13 14 44 6F 6D 61 69 6E 20 56 61 6C 69 64 61 ...Domain Valida
      00C0: 74 65 64 20 53 53 4C 31 19 30 17 06 03 55 04 03 ted SSL1.0...U..
      00D0: 13 10 54 68 61 77 74 65 20 44 56 20 53 53 4C 20 ..Thawte DV SSL
      00E0: 43 41 30 1E 17 0D 31 31 31 31 32 39 30 30 30 30 CA0...1111290000
      00F0: 30 30 5A 17 0D 31 32 31 31 32 36 32 33 35 39 35 00Z..12112623595
      0100: 39 5A 30 81 B2 31 19 30 17 06 03 55 04 0A 13 10 9Z0..1.0...U....
      0110: 73 75 70 6C 2E 6F 6B 73 69 6A 65 6E 2E 63 6F 6D supl.oksijen.com
      0120: 31 3B 30 39 06 03 55 04 0B 13 32 47 6F 20 74 6F 1;09..U...2Go to
      0130: 20 68 74 74 70 73 3A 2F 2F 77 77 77 2E 74 68 61 https://www.tha
      0140: 77 74 65 2E 63 6F 6D 2F 72 65 70 6F 73 69 74 6F wte.com/reposito
      0150: 72 79 2F 69 6E 64 65 78 2E 68 74 6D 6C 31 22 30 ry/index.html1"0
      0160: 20 06 03 55 04 0B 13 19 54 68 61 77 74 65 20 53 ..U....Thawte S
      0170: 53 4C 31 32 33 20 63 65 72 74 69 66 69 63 61 74 SL123 certificat
      0180: 65 31 19 30 17 06 03 55 04 0B 13 10 44 6F 6D 61 e1.0...U....Doma
      0190: 69 6E 20 56 61 6C 69 64 61 74 65 64 31 19 30 17 in Validated1.0.
      01A0: 06 03 55 04 03 13 10 73 75 70 6C 2E 6F 6B 73 69 ..U....supl.oksi
      01B0: 6A 65 6E 2E 63 6F 6D 30 81 9F 30 0D 06 09 2A 86 jen.com0..0...*.
      01C0: 48 86 F7 0D 01 01 01 05 00 03 81 8D 00 30 81 89 H............0..
      01D0: 02 81 81 00 AB BC D6 47 B1 EC 88 F1 7D 0A E5 91 .......G........
      01E0: 69 D9 BF C6 F9 CB 87 CD 03 AD 81 C1 09 43 6B 74 i............Ckt
      01F0: D5 25 0D F9 15 12 4A 5B EB 8D F8 6D 74 2B 7F 1F .%....J[...mt+..
      0200: 3C 25 93 04 22 53 8C 5F 46 66 52 08 6E 4E 18 F6 <%.."S._FfR.nN..
      0210: F8 56 2E B5 BD F4 9C 41 F0 B5 89 5C A6 59 89 F0 .V.....A...\.Y..
      0220: 78 02 D3 46 93 43 90 FF A3 1B 9A 99 4B 4F DC CA x..F.C......KO..
      0230: C2 F0 8C FA 17 D6 54 40 92 80 66 E9 C0 52 DB 74 ......T@..f..R.t
      0240: 2C 3A 0A C7 3E CB CF BE CE 06 0F 21 0D B8 95 ED ,:..>......!....
      0250: E3 C9 C8 8D 02 03 01 00 01 A3 81 A0 30 81 9D 30 ............0..0
      0260: 0C 06 03 55 1D 13 01 01 FF 04 02 30 00 30 3A 06 ...U.......0.0:.
      0270: 03 55 1D 1F 04 33 30 31 30 2F A0 2D A0 2B 86 29 .U...3010/.-.+.)
      0280: 68 74 74 70 3A 2F 2F 73 76 72 2D 64 76 2D 63 72 http://svr-dv-cr
      0290: 6C 2E 74 68 61 77 74 65 2E 63 6F 6D 2F 54 68 61 l.thawte.com/Tha
      02A0: 77 74 65 44 56 2E 63 72 6C 30 1D 06 03 55 1D 25 wteDV.crl0...U.%
      02B0: 04 16 30 14 06 08 2B 06 01 05 05 07 03 01 06 08 ..0...+.........
      02C0: 2B 06 01 05 05 07 03 02 30 32 06 08 2B 06 01 05 +.......02..+...
      02D0: 05 07 01 01 04 26 30 24 30 22 06 08 2B 06 01 05


      ( This report has more than 16,000 characters and has been truncated. )

            wetmore Bradford Wetmore
            webbuggrp Webbug Group
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved:
              Imported:
              Indexed: