-
Bug
-
Resolution: Not an Issue
-
P3
-
None
-
7
-
x86
-
windows_7
FULL PRODUCT VERSION :
java version "1.7.0_04"
Java(TM) SE Runtime Environment (build 1.7.0_04-b20)
Java HotSpot(TM) 64-Bit Server VM (build 23.0-b21, mixed mode)
java version "1.6.0_31"
Java(TM) SE Runtime Environment (build 1.6.0_31-b05)
Java HotSpot(TM) 64-Bit Server VM (build 20.6-b01, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Version 6.1.7601]
A DESCRIPTION OF THE PROBLEM :
We have an application that connects to a webservice over ssl. This works fine with Java 1.6.
Last week we tried to switch to Java 1.7. Unfortunately the application is no longer able to connect to the webservice.
The application throws an exception
main, handling exception: javax.net.ssl.SSLException: Received fatal alert: unexpected_message
Exception in thread "main" javax.net.ssl.SSLException: Received fatal alert: unexpected_message
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
REGRESSION. Last worked in version 6u31
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Import the certificate from https://portal.conextrade.com into a keystore
keytool.exe -import -trustcacerts -file thecertificate.cer -keystore keystore
Execute Test Programm
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Java 6:
=====
keyStore is :
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
trustStore is: c:\keystore
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: EMAILADDRESS=###@###.###, CN=portal.conextrade.com, OU=eTrade, O=Swisscom IT Services AG, L=Zurich, ST=Zurich, C=CH
Issuer: CN=Swisscom Rubin CA 1, OU=Digital Certificate Services, O=Swisscom, C=ch
Algorithm: RSA; Serial number: 0xf4911d1fc64c897b5ee0327a7cac4fc4
Valid from Thu Jul 01 15:35:31 CEST 2010 until Mon Jul 01 15:35:31 CEST 2013
trigger seeding of SecureRandom
done seeding SecureRandom
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1329727349 bytes = { 89, 13, 21, 51, 8, 96, 232, 222, 110, 133, 251, 168, 17, 9, 52, 113, 67, 2, 231, 189, 197, 135, 151, 110, 167, 65, 169, 83 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
***
[write] MD5 and SHA1 hashes: len = 75
main, WRITE: TLSv1 Handshake, length = 75
[write] MD5 and SHA1 hashes: len = 101
main, WRITE: SSLv2 client hello message, length = 101
[Raw write]: length = 103
[Raw read]: length = 5
0000: 16 03 01 0B 6A ....j
[Raw read]: length = 1447
[Raw read]: length = 23
0000: 1E DE 5A 40 9D 4D A0 43 85 89 8E 71 BD 23 DC F2 ..Z@.M.C...q.#..
0010: 9C 32 EB 0E 00 00 00 .2.....
main, READ: TLSv1 Handshake, length = 2922
*** ServerHello, TLSv1
RandomCookie: GMT: 1329727351 bytes = { 244, 254, 202, 89, 42, 196, 210, 251, 171, 157, 178, 130, 217, 222, 133, 246, 159, 217, 145, 109, 172, 246, 3, 217, 238, 9, 204, 173 }
Session ID: {222, 38, 194, 184, 34, 248, 213, 233, 159, 199, 30, 155, 246, 156, 15, 25}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
***
Warning: No renegotiation indication extension in ServerHello
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
[read] MD5 and SHA1 hashes: len = 58
0000: 02 00 00 36 03 01 4F 42 07 77 F4 FE CA 59 2A C4 ...6..OB.w...Y*.
0010: D2 FB AB 9D B2 82 D9 DE 85 F6 9F D9 91 6D AC F6 .............m..
0020: 03 D9 EE 09 CC AD 10 DE 26 C2 B8 22 F8 D5 E9 9F ........&.."....
0030: C7 1E 9B F6 9C 0F 19 00 04 00 ..........
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: EMAILADDRESS=###@###.###, CN=portal.conextrade.com, OU=eTrade, O=Swisscom IT Services AG, L=Zurich, ST=Zurich, C=CH
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: 21433107734581350948415011107642111998968948635016996101529201817477356098190703519214444230870553866961794931689472656773083868993023071906065291462967301034070995998179232469090572408180285996779457465853528719789593776958911956176849867203743472526831968939510639422609748373231273083973527207291753627469531232077546076513481096173590383365996865535130592362780009661364636052667964251546797013622260176991917434054941639659462253950497493898323092218019470807906000206169023508468934218728151859020203746306455108128579269913518404756170452254192030880912209635594177277670022168378900628787129170950386994169253
public exponent: 65537
Validity: [From: Thu Jul 01 15:35:31 CEST 2010,
To: Mon Jul 01 15:35:31 CEST 2013]
Issuer: CN=Swisscom Rubin CA 1, OU=Digital Certificate Services, O=Swisscom, C=ch
SerialNumber: [ f4911d1f c64c897b 5ee0327a 7cac4fc4]
Certificate Extensions: 7
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: D9 63 7A 45 DE 12 94 BD 6A 72 11 63 D3 1E 3D 48 .czE....jr.c..=H
0010: 7B F0 98 96 ....
]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 2D C2 A7 A3 63 3E 3F 83 47 AB 48 33 36 81 85 F7 -...c>?.G.H36...
0010: D4 E9 AC C0 ....
]
]
[3]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
RFC822Name: ###@###.###
]
[4]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
2.16.840.1.113730.4.1
]
[5]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
]
[6]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.756.1.83.4]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 25 68 74 74 70 3A 2F 2F 77 77 77 2E 73 77 69 .%http://www.swi
0010: 73 73 64 69 67 69 63 65 72 74 2E 63 68 2F 64 6F ssdigicert.ch/do
0020: 63 75 6D 65 6E 74 73 cuments
]] ]
]
[7]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: 1.3.6.1.5.5.7.48.1
accessLocation: URIName: http://ocsp.swissdigicert.ch/rubin,
accessMethod: 1.3.6.1.5.5.7.48.2
accessLocation: URIName: http://www.swissdigicert.ch/download
]
Unparseable certificate extensions: 1
[1]: ObjectId: 2.5.29.31 Criticality=false
Unparseable CRLDistributionPoints extension due to
java.io.IOException: invalid URI name:ldap://ldap.swissdigicert.ch/CN=Swisscom Rubin CA 1,dc=rubin,dc=swissdigicert,dc=ch?certificateRevocationList?
]
Algorithm: [SHA1withRSA]
Signature:
]
chain [1] = [
[
Version: V3
Subject: CN=Swisscom Rubin CA 1, OU=Digital Certificate Services, O=Swisscom, C=ch
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: 25039181334177605665348188361384833284338454108451495379200756462611895777158645543181949916265045590435493889720475627207791179169954955932481075804934694229656067476750176621610916419730241635071599980372508406907822967879952412966361208896535687501205989988554923283919063444000961625863777730630694843738526055013062610787052880764817172123818980265982116651440707330608214186344449994988418573585484196446045181530492632957068420320525053465414361272768949453838692999587744234298628319868552240073297523752438525890789997972406162077539546657549688432375280630924322955925303111883020966788257941025503691489683
public exponent: 65537
Validity: [From: Thu Feb 23 10:53:12 CET 2006,
To: Tue Feb 23 10:53:12 CET 2016]
Issuer: CN=Swisscom Root CA 1, OU=Digital Certificate Services, O=Swisscom, C=ch
SerialNumber: [ 261d9475 0f6c9d82 d4efcce3 b90f613a]
Certificate Extensions: 7
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 2D C2 A7 A3 63 3E 3F 83 47 AB 48 33 36 81 85 F7 -...c>?.G.H36...
0010: D4 E9 AC C0 ....
]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 03 25 2F DE 6F 82 01 3A 5C 2C DC 2B A1 69 B5 67 .%/.o..:\,.+.i.g
0010: D4 8C D3 FD ....
]
]
[3]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://www.swissdigicert.ch/download/sdcs-root.crl
]]
[4]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]
[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.756.1.83.4]
[] ]
]
[6]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:0
]
[7]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: 1.3.6.1.5.5.7.48.2
accessLocation: URIName: http://www.swissdigicert.ch/download
]
]
Algorithm: [SHA1withRSA]
Signature:
]
***
Found trusted certificate:
[
[
Version: V3
Subject: EMAILADDRESS=###@###.###, CN=portal.conextrade.com, OU=eTrade, O=Swisscom IT Services AG, L=Zurich, ST=Zurich, C=CH
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: 21433107734581350948415011107642111998968948635016996101529201817477356098190703519214444230870553866961794931689472656773083868993023071906065291462967301034070995998179232469090572408180285996779457465853528719789593776958911956176849867203743472526831968939510639422609748373231273083973527207291753627469531232077546076513481096173590383365996865535130592362780009661364636052667964251546797013622260176991917434054941639659462253950497493898323092218019470807906000206169023508468934218728151859020203746306455108128579269913518404756170452254192030880912209635594177277670022168378900628787129170950386994169253
public exponent: 65537
Validity: [From: Thu Jul 01 15:35:31 CEST 2010,
To: Mon Jul 01 15:35:31 CEST 2013]
Issuer: CN=Swisscom Rubin CA 1, OU=Digital Certificate Services, O=Swisscom, C=ch
SerialNumber: [ f4911d1f c64c897b 5ee0327a 7cac4fc4]
Certificate Extensions: 7
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: D9 63 7A 45 DE 12 94 BD 6A 72 11 63 D3 1E 3D 48 .czE....jr.c..=H
0010: 7B F0 98 96 ....
]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 2D C2 A7 A3 63 3E 3F 83 47 AB 48 33 36 81 85 F7 -...c>?.G.H36...
0010: D4 E9 AC C0 ....
]
]
[3]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
RFC822Name: ###@###.###
]
[4]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
2.16.840.1.113730.4.1
]
[5]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
]
[6]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.756.1.83.4]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 25 68 74 74 70 3A 2F 2F 77 77 77 2E 73 77 69 .%http://www.swi
0010: 73 73 64 69 67 69 63 65 72 74 2E 63 68 2F 64 6F ssdigicert.ch/do
0020: 63 75 6D 65 6E 74 73 cuments
]] ]
]
[7]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: 1.3.6.1.5.5.7.48.1
accessLocation: URIName: http://ocsp.swissdigicert.ch/rubin,
accessMethod: 1.3.6.1.5.5.7.48.2
accessLocation: URIName: http://www.swissdigicert.ch/download
]
Unparseable certificate extensions: 1
[1]: ObjectId: 2.5.29.31 Criticality=false
Unparseable CRLDistributionPoints extension due to
java.io.IOException: invalid URI name:ldap://ldap.swissdigicert.ch/CN=Swisscom Rubin CA 1,dc=rubin,dc=swissdigicert,dc=ch?certificateRevocationList?
Exception in thread "main" java.io.IOException: Server returned HTTP response code: 401 for URL: https://portal.conextrade.com
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1436)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
at ListQ.main(ListQ.java:29)
ACTUAL -
Java 7
=====
keyStore is :
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
trustStore is: c:\temp\keystore
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: EMAILADDRESS=###@###.###, OU=TC TrustCenter Class 3 CA, O=TC TrustCenter for Security in Data Networks GmbH, L=Hamburg, ST=Hamburg, C=DE
Issuer: EMAILADDRESS=###@###.###, OU=TC TrustCenter Class 3 CA, O=TC TrustCenter for Security in Data Networks GmbH, L=Hamburg, ST=Hamburg, C=DE
Algorithm: RSA; Serial number: 0x3eb
Valid from Mon Mar 09 12:59:59 CET 1998 until Sat Jan 01 12:59:59 CET 2011
adding as trusted cert:
Subject: CN=portal.conextrade.com, OU=Terms of use at www.verisign.com/rpa (c)00, OU=eTrade B2B, O=Swisscom IT Services AG, L=Zurich, ST=Zurich, C=CH
Issuer: OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign, OU=VeriSign International Server CA - Class 3, OU="VeriSign, Inc.", O=VeriSign Trust Network
Algorithm: RSA; Serial number: 0x3db88db898a3a8365f94e114263d9438
Valid from Tue Jul 26 02:00:00 CEST 2005 until Tue Aug 21 01:59:59 CEST 2007
adding as trusted cert:
Subject: CN=qa-portal.conextrade.com, OU=eCommerce B2B, O=Swisscom AG, L=Zurich, ST=Zurich, C=CH, EMAILADDRESS=###@###.###
Issuer: CN=Conextrade, OU=Swisscom IT, O=Swisscom AG, L=Zurich, ST=Zurich, C=CH, EMAILADDRESS=###@###.###
Algorithm: RSA; Serial number: 0x33378a34000000000018
Valid from Fri Sep 16 11:09:37 CEST 2005 until Thu Sep 16 11:19:37 CEST 2010
adding as trusted cert:
Subject: CN=Swisscom Root CA 1, OU=Digital Certificate Services, O=Swisscom, C=ch
Issuer: CN=Swisscom Root CA 1, OU=Digital Certificate Services, O=Swisscom, C=ch
Algorithm: RSA; Serial number: 0x5c0b855c0be75941df57cc3f7f9da836
Valid from Thu Aug 18 14:06:20 CEST 2005 until Tue Aug 19 00:06:20 CEST 2025
adding as trusted cert:
Subject: CN=dap0.billingservices.ch, OU=TC TrustCenter DEMO, O=PayNet (Schweiz) AG, L=Wallisellen, C=CH
Issuer: EMAILADDRESS=###@###.###, OU=TC TrustCenter Class 0 CA, O=TC TrustCenter AG, L=Hamburg, ST=Hamburg, C=DE
Algorithm: RSA; Serial number: 0xddc9000100026f74ac8ef49e0e7a
Valid from Fri Sep 01 06:56:18 CEST 2006 until Sat Sep 01 06:56:18 CEST 2007
trigger seeding of SecureRandom
done seeding SecureRandom
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cip
( This report has more than 16,000 characters and has been truncated. )
java version "1.7.0_04"
Java(TM) SE Runtime Environment (build 1.7.0_04-b20)
Java HotSpot(TM) 64-Bit Server VM (build 23.0-b21, mixed mode)
java version "1.6.0_31"
Java(TM) SE Runtime Environment (build 1.6.0_31-b05)
Java HotSpot(TM) 64-Bit Server VM (build 20.6-b01, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Version 6.1.7601]
A DESCRIPTION OF THE PROBLEM :
We have an application that connects to a webservice over ssl. This works fine with Java 1.6.
Last week we tried to switch to Java 1.7. Unfortunately the application is no longer able to connect to the webservice.
The application throws an exception
main, handling exception: javax.net.ssl.SSLException: Received fatal alert: unexpected_message
Exception in thread "main" javax.net.ssl.SSLException: Received fatal alert: unexpected_message
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
REGRESSION. Last worked in version 6u31
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Import the certificate from https://portal.conextrade.com into a keystore
keytool.exe -import -trustcacerts -file thecertificate.cer -keystore keystore
Execute Test Programm
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Java 6:
=====
keyStore is :
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
trustStore is: c:\keystore
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: EMAILADDRESS=###@###.###, CN=portal.conextrade.com, OU=eTrade, O=Swisscom IT Services AG, L=Zurich, ST=Zurich, C=CH
Issuer: CN=Swisscom Rubin CA 1, OU=Digital Certificate Services, O=Swisscom, C=ch
Algorithm: RSA; Serial number: 0xf4911d1fc64c897b5ee0327a7cac4fc4
Valid from Thu Jul 01 15:35:31 CEST 2010 until Mon Jul 01 15:35:31 CEST 2013
trigger seeding of SecureRandom
done seeding SecureRandom
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1329727349 bytes = { 89, 13, 21, 51, 8, 96, 232, 222, 110, 133, 251, 168, 17, 9, 52, 113, 67, 2, 231, 189, 197, 135, 151, 110, 167, 65, 169, 83 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
***
[write] MD5 and SHA1 hashes: len = 75
main, WRITE: TLSv1 Handshake, length = 75
[write] MD5 and SHA1 hashes: len = 101
main, WRITE: SSLv2 client hello message, length = 101
[Raw write]: length = 103
[Raw read]: length = 5
0000: 16 03 01 0B 6A ....j
[Raw read]: length = 1447
[Raw read]: length = 23
0000: 1E DE 5A 40 9D 4D A0 43 85 89 8E 71 BD 23 DC F2 ..Z@.M.C...q.#..
0010: 9C 32 EB 0E 00 00 00 .2.....
main, READ: TLSv1 Handshake, length = 2922
*** ServerHello, TLSv1
RandomCookie: GMT: 1329727351 bytes = { 244, 254, 202, 89, 42, 196, 210, 251, 171, 157, 178, 130, 217, 222, 133, 246, 159, 217, 145, 109, 172, 246, 3, 217, 238, 9, 204, 173 }
Session ID: {222, 38, 194, 184, 34, 248, 213, 233, 159, 199, 30, 155, 246, 156, 15, 25}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
***
Warning: No renegotiation indication extension in ServerHello
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
[read] MD5 and SHA1 hashes: len = 58
0000: 02 00 00 36 03 01 4F 42 07 77 F4 FE CA 59 2A C4 ...6..OB.w...Y*.
0010: D2 FB AB 9D B2 82 D9 DE 85 F6 9F D9 91 6D AC F6 .............m..
0020: 03 D9 EE 09 CC AD 10 DE 26 C2 B8 22 F8 D5 E9 9F ........&.."....
0030: C7 1E 9B F6 9C 0F 19 00 04 00 ..........
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: EMAILADDRESS=###@###.###, CN=portal.conextrade.com, OU=eTrade, O=Swisscom IT Services AG, L=Zurich, ST=Zurich, C=CH
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: 21433107734581350948415011107642111998968948635016996101529201817477356098190703519214444230870553866961794931689472656773083868993023071906065291462967301034070995998179232469090572408180285996779457465853528719789593776958911956176849867203743472526831968939510639422609748373231273083973527207291753627469531232077546076513481096173590383365996865535130592362780009661364636052667964251546797013622260176991917434054941639659462253950497493898323092218019470807906000206169023508468934218728151859020203746306455108128579269913518404756170452254192030880912209635594177277670022168378900628787129170950386994169253
public exponent: 65537
Validity: [From: Thu Jul 01 15:35:31 CEST 2010,
To: Mon Jul 01 15:35:31 CEST 2013]
Issuer: CN=Swisscom Rubin CA 1, OU=Digital Certificate Services, O=Swisscom, C=ch
SerialNumber: [ f4911d1f c64c897b 5ee0327a 7cac4fc4]
Certificate Extensions: 7
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: D9 63 7A 45 DE 12 94 BD 6A 72 11 63 D3 1E 3D 48 .czE....jr.c..=H
0010: 7B F0 98 96 ....
]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 2D C2 A7 A3 63 3E 3F 83 47 AB 48 33 36 81 85 F7 -...c>?.G.H36...
0010: D4 E9 AC C0 ....
]
]
[3]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
RFC822Name: ###@###.###
]
[4]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
2.16.840.1.113730.4.1
]
[5]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
]
[6]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.756.1.83.4]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 25 68 74 74 70 3A 2F 2F 77 77 77 2E 73 77 69 .%http://www.swi
0010: 73 73 64 69 67 69 63 65 72 74 2E 63 68 2F 64 6F ssdigicert.ch/do
0020: 63 75 6D 65 6E 74 73 cuments
]] ]
]
[7]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: 1.3.6.1.5.5.7.48.1
accessLocation: URIName: http://ocsp.swissdigicert.ch/rubin,
accessMethod: 1.3.6.1.5.5.7.48.2
accessLocation: URIName: http://www.swissdigicert.ch/download
]
Unparseable certificate extensions: 1
[1]: ObjectId: 2.5.29.31 Criticality=false
Unparseable CRLDistributionPoints extension due to
java.io.IOException: invalid URI name:ldap://ldap.swissdigicert.ch/CN=Swisscom Rubin CA 1,dc=rubin,dc=swissdigicert,dc=ch?certificateRevocationList?
]
Algorithm: [SHA1withRSA]
Signature:
]
chain [1] = [
[
Version: V3
Subject: CN=Swisscom Rubin CA 1, OU=Digital Certificate Services, O=Swisscom, C=ch
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: 25039181334177605665348188361384833284338454108451495379200756462611895777158645543181949916265045590435493889720475627207791179169954955932481075804934694229656067476750176621610916419730241635071599980372508406907822967879952412966361208896535687501205989988554923283919063444000961625863777730630694843738526055013062610787052880764817172123818980265982116651440707330608214186344449994988418573585484196446045181530492632957068420320525053465414361272768949453838692999587744234298628319868552240073297523752438525890789997972406162077539546657549688432375280630924322955925303111883020966788257941025503691489683
public exponent: 65537
Validity: [From: Thu Feb 23 10:53:12 CET 2006,
To: Tue Feb 23 10:53:12 CET 2016]
Issuer: CN=Swisscom Root CA 1, OU=Digital Certificate Services, O=Swisscom, C=ch
SerialNumber: [ 261d9475 0f6c9d82 d4efcce3 b90f613a]
Certificate Extensions: 7
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 2D C2 A7 A3 63 3E 3F 83 47 AB 48 33 36 81 85 F7 -...c>?.G.H36...
0010: D4 E9 AC C0 ....
]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 03 25 2F DE 6F 82 01 3A 5C 2C DC 2B A1 69 B5 67 .%/.o..:\,.+.i.g
0010: D4 8C D3 FD ....
]
]
[3]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://www.swissdigicert.ch/download/sdcs-root.crl
]]
[4]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]
[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.756.1.83.4]
[] ]
]
[6]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:0
]
[7]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: 1.3.6.1.5.5.7.48.2
accessLocation: URIName: http://www.swissdigicert.ch/download
]
]
Algorithm: [SHA1withRSA]
Signature:
]
***
Found trusted certificate:
[
[
Version: V3
Subject: EMAILADDRESS=###@###.###, CN=portal.conextrade.com, OU=eTrade, O=Swisscom IT Services AG, L=Zurich, ST=Zurich, C=CH
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: 21433107734581350948415011107642111998968948635016996101529201817477356098190703519214444230870553866961794931689472656773083868993023071906065291462967301034070995998179232469090572408180285996779457465853528719789593776958911956176849867203743472526831968939510639422609748373231273083973527207291753627469531232077546076513481096173590383365996865535130592362780009661364636052667964251546797013622260176991917434054941639659462253950497493898323092218019470807906000206169023508468934218728151859020203746306455108128579269913518404756170452254192030880912209635594177277670022168378900628787129170950386994169253
public exponent: 65537
Validity: [From: Thu Jul 01 15:35:31 CEST 2010,
To: Mon Jul 01 15:35:31 CEST 2013]
Issuer: CN=Swisscom Rubin CA 1, OU=Digital Certificate Services, O=Swisscom, C=ch
SerialNumber: [ f4911d1f c64c897b 5ee0327a 7cac4fc4]
Certificate Extensions: 7
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: D9 63 7A 45 DE 12 94 BD 6A 72 11 63 D3 1E 3D 48 .czE....jr.c..=H
0010: 7B F0 98 96 ....
]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 2D C2 A7 A3 63 3E 3F 83 47 AB 48 33 36 81 85 F7 -...c>?.G.H36...
0010: D4 E9 AC C0 ....
]
]
[3]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
RFC822Name: ###@###.###
]
[4]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
2.16.840.1.113730.4.1
]
[5]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
]
[6]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.756.1.83.4]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 25 68 74 74 70 3A 2F 2F 77 77 77 2E 73 77 69 .%http://www.swi
0010: 73 73 64 69 67 69 63 65 72 74 2E 63 68 2F 64 6F ssdigicert.ch/do
0020: 63 75 6D 65 6E 74 73 cuments
]] ]
]
[7]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: 1.3.6.1.5.5.7.48.1
accessLocation: URIName: http://ocsp.swissdigicert.ch/rubin,
accessMethod: 1.3.6.1.5.5.7.48.2
accessLocation: URIName: http://www.swissdigicert.ch/download
]
Unparseable certificate extensions: 1
[1]: ObjectId: 2.5.29.31 Criticality=false
Unparseable CRLDistributionPoints extension due to
java.io.IOException: invalid URI name:ldap://ldap.swissdigicert.ch/CN=Swisscom Rubin CA 1,dc=rubin,dc=swissdigicert,dc=ch?certificateRevocationList?
Exception in thread "main" java.io.IOException: Server returned HTTP response code: 401 for URL: https://portal.conextrade.com
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1436)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
at ListQ.main(ListQ.java:29)
ACTUAL -
Java 7
=====
keyStore is :
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
trustStore is: c:\temp\keystore
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: EMAILADDRESS=###@###.###, OU=TC TrustCenter Class 3 CA, O=TC TrustCenter for Security in Data Networks GmbH, L=Hamburg, ST=Hamburg, C=DE
Issuer: EMAILADDRESS=###@###.###, OU=TC TrustCenter Class 3 CA, O=TC TrustCenter for Security in Data Networks GmbH, L=Hamburg, ST=Hamburg, C=DE
Algorithm: RSA; Serial number: 0x3eb
Valid from Mon Mar 09 12:59:59 CET 1998 until Sat Jan 01 12:59:59 CET 2011
adding as trusted cert:
Subject: CN=portal.conextrade.com, OU=Terms of use at www.verisign.com/rpa (c)00, OU=eTrade B2B, O=Swisscom IT Services AG, L=Zurich, ST=Zurich, C=CH
Issuer: OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign, OU=VeriSign International Server CA - Class 3, OU="VeriSign, Inc.", O=VeriSign Trust Network
Algorithm: RSA; Serial number: 0x3db88db898a3a8365f94e114263d9438
Valid from Tue Jul 26 02:00:00 CEST 2005 until Tue Aug 21 01:59:59 CEST 2007
adding as trusted cert:
Subject: CN=qa-portal.conextrade.com, OU=eCommerce B2B, O=Swisscom AG, L=Zurich, ST=Zurich, C=CH, EMAILADDRESS=###@###.###
Issuer: CN=Conextrade, OU=Swisscom IT, O=Swisscom AG, L=Zurich, ST=Zurich, C=CH, EMAILADDRESS=###@###.###
Algorithm: RSA; Serial number: 0x33378a34000000000018
Valid from Fri Sep 16 11:09:37 CEST 2005 until Thu Sep 16 11:19:37 CEST 2010
adding as trusted cert:
Subject: CN=Swisscom Root CA 1, OU=Digital Certificate Services, O=Swisscom, C=ch
Issuer: CN=Swisscom Root CA 1, OU=Digital Certificate Services, O=Swisscom, C=ch
Algorithm: RSA; Serial number: 0x5c0b855c0be75941df57cc3f7f9da836
Valid from Thu Aug 18 14:06:20 CEST 2005 until Tue Aug 19 00:06:20 CEST 2025
adding as trusted cert:
Subject: CN=dap0.billingservices.ch, OU=TC TrustCenter DEMO, O=PayNet (Schweiz) AG, L=Wallisellen, C=CH
Issuer: EMAILADDRESS=###@###.###, OU=TC TrustCenter Class 0 CA, O=TC TrustCenter AG, L=Hamburg, ST=Hamburg, C=DE
Algorithm: RSA; Serial number: 0xddc9000100026f74ac8ef49e0e7a
Valid from Fri Sep 01 06:56:18 CEST 2006 until Sat Sep 01 06:56:18 CEST 2007
trigger seeding of SecureRandom
done seeding SecureRandom
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cip
( This report has more than 16,000 characters and has been truncated. )