P4
FULL PRODUCT VERSION :
java version "1.8.0_05"
Java(TM) SE Runtime Environment (build 1.8.0_05-b13)
Java HotSpot(TM) 64-Bit Server VM (build 25.5-b02, mixed mode)
and
java version "1.7.0_55"
Java(TM) SE Runtime Environment (build 1.7.0_55-b13)
Java HotSpot(TM) 64-Bit Server VM (build 24.55-b03, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Darwin xxx.local 13.3.0 Darwin Kernel Version 13.3.0: Tue Jun 3 21:27:35 PDT 2014; root:xnu-2422.110.17~1/RELEASE_X86_64 x86_64
EXTRA RELEVANT SYSTEM CONFIGURATION :
Java Webstart application is deployed on https server which requires a client certificate to be sent.
A DESCRIPTION OF THE PROBLEM :
With Windows, Java Webstart can load certificates with private keys from the operating system keystore.
On MacOS, the equivalent using Apple KeyChain does not work, despite having the options selected. Only truststore certificates are being loaded from the operating system KeyChain, but not private key entries.
While there has been a fundamental problem loading privates keys in earlier versions of Java (only the first private key could be loaded, see https://bugs.openjdk.java.net/browse/JDK-8000350), Java 7u4 and onwards have the capability to load certificates.
Debugging the problem has shown that the reason for this problem is that within the java webstart framework, the private key is requested with an empty password (loading the private key with a char[0] passphrase).
This empty password is passed through the call chain from X509DeployKeyManager via SunX509KeyManagerImpl into KeychainStore.
Setting a different password in any of those locations results in the private key being loaded correctly and the application can be deployed using client certificates.
ADDITIONAL REGRESSION INFORMATION:
This is a platform regression, not a version regression. Works as expected in Windows, does not work as expected on MacOS
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1.) Create a web server which requires client certificates for access
2.) Deploy Java webstart application onto the web server
3.) Install appropriate client certificate in browser keystore
4.) Start application through web browser.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Webstart starts the application, optionally asking for selection of a client certificate if multiple certificates match.
ACTUAL -
JNLP can be loaded through web browser, but loading further resources fails with a SSL handshake error.
ERROR MESSAGES/STACK TRACES THAT OCCUR :
***
javawsApplicationMain, READ: TLSv1.2 Handshake, length = 527
*** Diffie-Hellman ServerKeyExchange
DH Modulus: { 214, 125, 228, 64, 203, 187, 220, 25, 54, 214, 147, 211, 74, 253, 10, 213, 12, 132, 210, 57, 164, 95, 82, 11, 184, 129, 116, 203, 152, 188, 233, 81, 132, 159, 145, 46, 99, 156, 114, 251, 19, 180, 180, 215, 23, 126, 22, 213, 90, 193, 121, 186, 66, 11, 42, 41, 254, 50, 74, 70, 122, 99, 94, 129, 255, 89, 1, 55, 123, 237, 220, 253, 51, 22, 138, 70, 26, 173, 59, 114, 218, 232, 134, 0, 120, 4, 91, 7, 167, 219, 202, 120, 116, 8, 125, 21, 16, 234, 159, 204, 157, 221, 51, 5, 7, 221, 98, 219, 136, 174, 170, 116, 125, 224, 244, 214, 226, 189, 104, 176, 231, 57, 62, 15, 36, 33, 142, 179 }
DH Base: { 2 }
Server DH Public Key: { 78, 240, 213, 140, 50, 159, 160, 51, 15, 188, 95, 89, 220, 44, 54, 47, 32, 146, 209, 139, 172, 88, 41, 167, 199, 45, 186, 132, 147, 102, 149, 156, 113, 219, 129, 172, 170, 249, 240, 73, 214, 187, 229, 130, 142, 175, 164, 75, 56, 79, 127, 166, 152, 20, 58, 194, 86, 192, 132, 169, 162, 117, 102, 227, 101, 80, 180, 142, 2, 248, 222, 223, 198, 245, 70, 98, 212, 246, 4, 65, 140, 33, 194, 114, 6, 124, 6, 161, 60, 190, 195, 29, 111, 251, 194, 61, 76, 133, 25, 158, 250, 38, 222, 133, 83, 153, 63, 187, 244, 220, 10, 12, 154, 157, 69, 140, 218, 108, 51, 27, 243, 255, 196, 98, 75, 179, 128, 41 }
Anonymous
javawsApplicationMain, READ: TLSv1.2 Handshake, length = 5565
*** CertificateRequest
Cert Types: Fixed DH (RSA sig), Fixed DH (DSS sig), RSA, DSS, ECDSA
Supported Signature Algorithms: SHA512withRSA, Unknown (hash:0x6, signature:0x2), SHA512withECDSA, SHA384withRSA, Unknown (hash:0x5, signature:0x2), SHA384withECDSA, SHA256withRSA, Unknown (hash:0x4, signature:0x2), SHA256withECDSA, SHA224withRSA, Unknown (hash:0x3, signature:0x2), SHA224withECDSA, SHA1withRSA, SHA1withDSA, SHA1withECDSA, MD5withRSA
Cert Authorities:
<CN=A-Trust-nQual-01, OU=A-Trust-nQual-01, O=A-Trust, C=AT>
<CN=lisign-qualified-01, OU=lisign-qualified-01, O=FLZ-Anstalt, C=LI>
<CN=lisign-qualified-05, OU=lisign-qualified-05, O=FLZ-Anstalt, C=LI>
<CN=a-sign-SSL-03, OU=a-sign-SSL-03, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-SSL-05, OU=a-sign-SSL-05, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-light-02, OU=a-sign-light-02, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-light-03, OU=a-sign-light-03, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-light-05, OU=a-sign-light-05, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-Token-03, OU=a-sign-Token-03, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=A-Trust-Qual-02, OU=A-Trust-Qual-02, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=A-Trust-Qual-03, OU=A-Trust-Qual-03, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-SSL-EV-03, OU=a-sign-SSL-EV-03, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-SSL-EV-05, OU=a-sign-SSL-EV-05, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=A-Trust-nQual-03, OU=A-Trust-nQual-03, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=A-Trust-Qual-01, OU=A-Trust-Qual-01, O=A-Trust Ges. für Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-Inhouse-03, OU=a-sign-Inhouse-03, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-Inhouse-05, OU=a-sign-Inhouse-05, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-limited-03, OU=a-sign-limited-03, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<EMAILADDRESS=office@3kraft.com, CN=ACG Certificate Gateway CA, O=3kraft IT Gmbh & Co KG, L=Vienna, ST=AT, C=AT>
<CN=a-sign-corporate-03, OU=a-sign-corporate-03, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-corporate-05, OU=a-sign-corporate-05, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-developer-02, OU=a-sign-developer-02, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-developer-05, OU=a-sign-developer-05, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-Token-Enc-02, OU=a-sign-Token-Enc-02, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-Token-Sig-02, OU=a-sign-Token-Sig-02, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-Premium-Enc-02, OU=a-sign-Premium-Enc-02, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-Premium-Enc-05, OU=a-sign-Premium-Enc-05, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-Premium-Sig-02, OU=a-sign-Premium-Sig-02, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-Premium-Sig-03, OU=a-sign-Premium-Sig-03, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-Premium-Sig-05, OU=a-sign-Premium-Sig-05, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-company-root-03, OU=a-sign-company-root-03, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-premium-mobile-03, OU=a-sign-premium-mobile-03, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-premium-mobile-05, OU=a-sign-premium-mobile-05, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-corporate-light-03, OU=a-sign-corporate-light-03, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-corporate-medium-02, OU=a-sign-corporate-medium-02, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-corporate-strong-02, OU=a-sign-corporate-strong-02, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<EMAILADDRESS=fcl3@austrocontrol.at, CN=Austro Control FCL3 Root CA, OU=AES, O=Austro Control GmbH, L=Wien, ST=Wien, C=AT>
*** ServerHelloDone
*** Certificate chain
***
*** ClientKeyExchange, DH
DH Public key: { 186, 60, 236, 173, 245, 141, 81, 130, 27, 22, 106, 114, 39, 254, 213, 45, 138, 127, 109, 235, 226, 223, 171, 18, 67, 231, 69, 233, 224, 6, 216, 120, 236, 211, 111, 99, 170, 180, 59, 79, 185, 251, 134, 235, 242, 110, 157, 25, 211, 21, 209, 248, 16, 127, 85, 62, 99, 58, 65, 88, 178, 115, 122, 57, 213, 26, 81, 237, 4, 193, 167, 105, 10, 136, 117, 128, 46, 114, 192, 196, 141, 165, 189, 120, 252, 55, 51, 111, 80, 4, 2, 177, 200, 44, 248, 13, 137, 2, 191, 161, 99, 243, 106, 179, 78, 91, 255, 9, 206, 252, 225, 155, 226, 160, 204, 221, 124, 135, 247, 52, 20, 101, 148, 25, 129, 56, 176, 121 }
javawsApplicationMain, WRITE: TLSv1.2 Handshake, length = 141
SESSION KEYGEN:
PreMaster Secret:
0000: 72 82 51 75 F1 EB BB 7A A4 D3 DF EE FF 1B 0B 33 r.Qu...z.......3
0010: D2 3B 53 9D 00 61 95 6F EC 62 27 61 98 C6 8A 36 .;S..a.o.b'a...6
0020: A1 D7 18 19 D0 5A 1F C6 E3 1B D7 7F C1 C8 D7 78 .....Z.........x
0030: 94 FF 07 9E 5F 64 F2 C3 BB D6 04 6D AD 79 2F 5F ...._d.....m.y/_
0040: 24 EB 38 EA 80 C6 0C 6E 6C 24 2C 12 75 80 E7 52 $.8....nl$,.u..R
0050: 3A 14 CE 53 40 94 60 67 2E 4D A3 7B CE AB 1E 87 :..S@.`g.M......
0060: A7 C6 F0 65 01 76 27 33 E5 08 1A C3 CE 8F 95 80 ...e.v'3........
0070: 9D 6B 7F 13 66 C0 54 1C 41 AF EA FE 58 AA 13 A7 .k..f.T.A...X...
CONNECTION KEYGEN:
Client Nonce:
0000: 53 C3 FE 29 25 B6 BB A5 A8 63 01 CE 77 4F 9D 99 S..)%....c..wO..
0010: F1 F9 01 E4 4D 70 CD 41 6A E8 05 2F 63 9A 0D 50 ....Mp.Aj../c..P
Server Nonce:
0000: 53 C3 FD D1 F5 1D 0F B0 69 91 68 BD 98 32 71 AD S.......i.h..2q.
0010: 69 61 82 A0 69 A6 BC 10 C3 90 C4 C2 99 6E 94 D6 ia..i........n..
Master Secret:
0000: 58 24 34 18 67 3E 3C 66 5E FF 40 B5 22 6B D9 66 X$4.g><f^.@."k.f
0010: 17 45 C0 4B 0C 88 2B 89 50 F0 54 C0 9B 21 B8 28 .E.K..+.P.T..!.(
0020: 77 B3 D5 FF 5B C6 FE 35 8D FC A9 67 B3 B1 0D 6B w...[..5...g...k
Client MAC write Secret:
0000: 7A 35 98 E2 16 49 44 FF 38 8E D0 5F F5 A9 E4 C1 z5...ID.8.._....
0010: C4 6A F5 BC C6 BE 77 ED E9 98 C5 EA 07 04 AF BE .j....w.........
Server MAC write Secret:
0000: CF 35 C1 75 2C 4A 87 C4 29 EF C4 38 C9 CD FD A1 .5.u,J..)..8....
0010: C0 B6 69 17 67 C9 F3 F5 FA E7 9C 5E 53 6C E8 C4 ..i.g......^Sl..
Client write key:
0000: B4 53 A3 B9 19 0E 35 41 77 C5 06 3E BF 27 9B DE .S....5Aw..>.'..
Server write key:
0000: C5 98 1A 90 2F DC B5 DE F7 C7 66 52 8F A1 20 17 ..../.....fR.. .
... no IV derived for this protocol
javawsApplicationMain, WRITE: TLSv1.2 Change Cipher Spec, length = 1
*** Finished
verify_data: { 208, 23, 121, 35, 151, 222, 189, 123, 153, 30, 143, 78 }
***
javawsApplicationMain, WRITE: TLSv1.2 Handshake, length = 80
javawsApplicationMain, READ: TLSv1.2 Change Cipher Spec, length = 1
javawsApplicationMain, READ: TLSv1.2 Handshake, length = 80
*** Finished
verify_data: { 158, 146, 220, 219, 163, 141, 155, 118, 103, 176, 9, 19 }
***
%% Cached client session: [Session-3, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256]
javawsApplicationMain, WRITE: TLSv1.2 Application Data, length = 224
javawsApplicationMain, READ: TLSv1.2 Handshake, length = 64
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: false
Is secure renegotiation: true
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1
*** HelloRequest (empty)
%% Client cached [Session-3, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256]
%% Try resuming [Session-3, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256] from port 49351
*** ClientHello, TLSv1.2
RandomCookie: GMT: 1388510774 bytes = { 91, 181, 187, 240, 61, 251, 111, 199, 195, 136, 175, 185, 133, 42, 52, 81, 98, 249, 126, 71, 194, 159, 32, 53, 1, 186, 91, 153 }
Session ID: {210, 60, 17, 68, 173, 163, 157, 122, 0, 76, 28, 204, 81, 50, 59, 103, 13, 244, 165, 253, 113, 253, 21, 233, 212, 13, 168, 92, 185, 246, 80, 113}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA
Extension renegotiation_info, renegotiated_connection: d0:17:79:23:97:de:bd:7b:99:1e:8f:4e
***
javawsApplicationMain, WRITE: TLSv1.2 Handshake, length = 304
javawsApplicationMain, READ: TLSv1.2 Handshake, length = 160
*** ServerHello, TLSv1.2
RandomCookie: GMT: 1388510430 bytes = { 170, 107, 21, 210, 34, 137, 119, 104, 22, 194, 11, 208, 238, 189, 88, 103, 161, 79, 177, 5, 155, 218, 43, 161, 231, 94, 239, 244 }
Session ID: {103, 90, 199, 12, 104, 99, 158, 175, 148, 227, 163, 158, 66, 64, 66, 85, 140, 69, 34, 167, 52, 248, 241, 107, 210, 113, 145, 106, 26, 129, 238, 255}
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: d0:17:79:23:97:de:bd:7b:99:1e:8f:4e:9e:92:dc:db:a3:8d:9b:76:67:b0:09:13
***
%% Initialized: [Session-4, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256]
** TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
javawsApplicationMain, READ: TLSv1.2 Handshake, length = 3504
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: EMAILADDRESS=empic-test-cert@3kraft.com, CN=empic-test-cert, O=3kraft IT Gmbh & Co KG, L=Vienna, ST=AT, C=AT
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: 24698606253640522083646757926554440189484096492528450008476337523151169618747865058680377014959073618897549019699392615437364542126858052233624489426663451637782090644585829219409530876382847333954394422664717113707634589707023326482923481303201043096575343457736820746756387033491865124405865511571330817473958777313045287010388914085894773992093355418701868389268149938447754857741541655070218987624680255116084342261055456580644115461998093881000242266518289853115807773331223995083032520209432446033357380449839292088385720230822361499036372887099870741773755989673291185008452457733598613463962354129919817142079
public exponent: 65537
Validity: [From: Thu Jul 10 14:25:36 CEST 2014,
To: Fri Jul 10 14:25:36 CEST 2015]
Issuer: EMAILADDRESS=office@3kraft.com, CN=ACG Certificate Gateway CA, O=3kraft IT Gmbh & Co KG, L=Vienna, ST=AT, C=AT
SerialNumber: [ 04]
Certificate Extensions: 7
[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 1E 16 1C 54 69 6E 79 43 41 20 47 65 6E 65 72 ....TinyCA Gener
0010: 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 65 ated Certificate
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: C0 EA 94 27 3E E8 B3 21 37 50 E3 40 AF 90 0B 85 ...'>..!7P.@....
0010: CA 2B EC 6F .+.o
]
[EMAILADDRESS=office@3kraft.com, CN=ACG Certificate Gateway CA, O=3kraft IT Gmbh & Co KG, L=Vienna, ST=AT, C=AT]
SerialNumber: [ f8505e70 f175acf7]
]
[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
]
[4]: ObjectId: 2.5.29.18 Criticality=false
IssuerAlternativeName [
RFC822Name: office@3kraft.com
]
[5]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL server
]
[6]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
RFC822Name: empic-test-cert@3kraft.com
]
[7]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 02 98 D9 05 60 CC C5 9C BD 99 A7 4C F4 45 B3 C2 ....`......L.E..
0010: 98 9D 0A 64 ...d
]
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: A0 21 75 6E 6D AC A9 76 34 EE 2B 2C 81 CD 6D 00 .!unm..v4.+,..m.
0010: 7D 37 FD AB 58 2B FF B0 A3 78 7E 14 B6 C4 10 06 .7..X+...x......
0020: 1A 6A 7A 2A DB C0 27 F0 97 44 F8 37 67 99 F3 C5 .jz*..'..D.7g...
0030: A5 66 FE 2D 69 A1 7C 2B 3A 08 8B 77 C8 FD B2 22 .f.-i..+:..w..."
0040: 92 80 B2 C7 74 3B 10 A6 C1 71 D8 25 97 A1 C1 8B ....t;...q.%....
0050: 64 27 8F 27 CE CA 9A 91 E4 D7 78 1A E4 2F 65 66 d'.'......x../ef
0060: 92 6C 97 58 57 DC 45 7E B5 FB 69 A5 AA 7A C1 6D .l.XW.E...i..z.m
0070: EF B3 19 A9 1D CB 9B 50 03 30 3A 67 D1 68 40 9D .......P.0:g.h@.
0080: BB BD 9D 19 7B A2 1E 9C 45 59 85 4A DF 66 D0 9E ........EY.J.f..
0090: D7 DD 80 DE C5 31 8F B4 27 89 83 1B 4C F1 A4 39 .....1..'...L..9
00A0: FC EE 83 03 06 0B A6 60 CC 30 81 58 A2 25 C8 F5 .......`.0.X.%..
00B0: 60 A2 58 9F 32 7F B7 CC 08 0E 2B 92 26 2C 64 DF `.X.2.....+.&,d.
00C0: 1C A8 8D 62 63 EB D4 97 DD B5 2C 2D 67 62 DF 67 ...bc.....,-gb.g
00D0: 32 CC 54 E1 99 F0 E3 AA 48 74 A2 67 22 06 A7 E0 2.T.....Ht.g"...
00E0: D3 82 89 D5 C9 55 52 C5 4F E4 C5 D6 BF 98 9E CC .....UR.O.......
00F0: D8 6C CA 44 32 E7 AE 3A 7A B4 10 EA 7E C2 F5 BA .l.D2..:z.......
0100: F7 8A 29 93 A5 95 41 6F F6 28 0A F8 57 5E 38 20 ..)...Ao.(..W^8
0110: B8 5C A5 42 48 AB 02 42 87 B5 80 BE EC DD 8D 31 .\.BH..B.......1
0120: 4A 6F 0B E2 05 8F 69 5C 0B 79 8E C0 0D 6A C0 CA Jo....i\.y...j..
0130: 9C 12 A0 B9 3E DC 39 A0 C5 E2 CB 57 F6 D0 B3 A6 ....>.9....W....
0140: 56 31 8F 56 5B EC 86 9D 17 92 B1 F1 1D 16 42 ED V1.V[.........B.
0150: C1 89 09 EE FD 33 EC 74 4F 7B 1E 60 D0 77 AD 8B .....3.tO..`.w..
0160: 28 B7 71 75 BA 41 2C 51 1F 84 8E C6 3B 50 B4 30 (.qu.A,Q....;P.0
0170: 2C 60 E0 EB 9A 37 BD 04 2E 2E 81 9A 77 67 3C C1 ,`...7......wg<.
0180: 04 FD D5 50 8F 23 9C A2 B4 4A 94 7D EC 0C 60 70 ...P.#...J....`p
0190: 90 64 10 B9 B0 BC A3 15 B0 18 A2 08 99 2A ED D0 .d...........*..
01A0: 0E 96 A5 08 3A A3 5A 6D 65 94 63 CD 46 25 6F 0B ....:.Zme.c.F%o.
01B0: 41 3F D7 66 5C D4 EE DF B4 05 1E 27 2B 3B F4 B6 A?.f\......'+;..
01C0: CD AC C4 2F 90 38 31 F4 46 82 C2 7D 89 DE F4 FE .../.81.F.......
01D0: 1A 4F 2F 65 91 C7 99 EA C9 CA 5E 0D 81 72 1B 9A .O/e......^..r..
01E0: 3A BE 20 F9 2C 03 26 AC 1D AA 8D E1 70 AD EC 41 :. .,.&.....p..A
01F0: E4 CF A7 BC D9 F4 E6 20 CC 72 8C C2 18 42 0F D0 ....... .r...B..
]
chain [1] = [
[
Version: V3
Subject: EMAILADDRESS=office@3kraft.com, CN=ACG Certificate Gateway CA, O=3kraft IT Gmbh & Co KG, L=Vienna, ST=AT, C=AT
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 4096 bits
modulus: 854119331822294391308089239256295093119861834456278140546248668741213033134494675388371092560301863951903494890289978393597528906513386750421518494812229217282409316414502110772170038790734044617499764130133648878632516232279289166822444978496464240782080228525998305535107673494242093914147545683489646347612221750601896443094728158474636778049215812638600999100313632356930005408350594909607937430293419911372834480391278822591466795491433099934617453293902999356290178529609345986371127996541630944880531834650217763824619953197428390296123969107145330264916999670500667314710963142280702668764840132295965071672980756372334427469284785523658985006096977443137591027563576122658807074755984571799265840256310613639466496809768379182955930539133072550540967488577269824170650939458424420949584489216134496928408727442689200317575772342857533859229817234355557764302662283555872810941371853755719244772836798680743418476766856128057742002073495465886992738381954345251921666664256301036999814388292271168366749159331075609203892972158561161205830966740355889527827217675377153759367442153532227915291812553607927158083094787851454712970760951921318785735675585554844392811252573264234080862460016580576044735657727308499903793223741
public exponent: 65537
Validity: [From: Sat Jul 05 16:20:25 CEST 2014,
To: Fri Jun 30 16:20:25 CEST 2034]
Issuer: EMAILADDRESS=office@3kraft.com, CN=ACG Certificate Gateway CA, O=3kraft IT Gmbh & Co KG, L=Vienna, ST=AT, C=AT
SerialNumber: [ f8505e70 f175acf7]
Certificate Extensions: 7
[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 35 16 33 33 6B 72 61 66 74 20 49 54 20 47 6D .5.33kraft IT Gm
0010: 62 48 20 26 20 43 6F 20 4B 47 20 41 43 47 20 43 bH & Co KG ACG C
0020: 65 72 74 69 66 69 63 61 74 65 20 47 61 74 65 77 ertificate Gatew
0030: 61 79 20 52 6F 6F 74 ay Root
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: C0 EA 94 27 3E E8 B3 21 37 50 E3 40 AF 90 0B 85 ...'>..!7P.@....
0010: CA 2B EC 6F .+.o
]
[EMAILADDRESS=office@3kraft.com, CN=ACG Certificate Gateway CA, O=3kraft IT Gmbh & Co KG, L=Vienna, ST=AT, C=AT]
SerialNumber: [ f8505e70 f175acf7]
]
[3]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]
[4]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]
[5]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL CA
S/MIME CA
]
[6]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
RFC822Name: office@3kraft.com
]
[7]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: C0 EA 94 27 3E E8 B3 21 37 50 E3 40 AF 90 0B 85 ...'>..!7P.@....
0010: CA 2B EC 6F .+.o
]
]
Unparseable certificate extensions: 1
[1]: ObjectId: 2.5.29.18 Criticality=false
Unparseable IssuerAlternativeName extension due to
java.io.IOException: No data available in passed DER encoded value.
0000: 30 00 0.
]
Algorithm: [SHA1withRSA]
Signature:
0000: CE B3 85 EA 81 1E 42 EB F7 16 F9 63 C3 B5 CF 00 ......B....c....
0010: 03 AB 2F 83 59 4B AD CA 47 1F 65 25 4F 1B 93 FF ../.YK..G.e%O...
0020: AD 8A 12 EB A5 97 EE B8 3B EC D3 06 E4 3C E5 C0 ........;....<..
0030: A6 88 14 67 D0 87 39 B2 54 23 2F 13 AC 85 7A 41 ...g..9.T#/...zA
0040: 4C DD 29 57 46 CF 0E 5A 08 50 8A BA CB 2B 37 B6 L.)WF..Z.P...+7.
0050: 5B CA A5 6C 6E 97 22 A1 C5 A4 CA 48 7C 65 7B 8F [..ln."....H.e..
0060: CE 17 7F F4 C2 9F C7 BF 90 8B FB C3 6E 87 ED 1A ............n...
0070: AE 32 3C 61 FE 36 EA 65 31 3E 44 21 E2 21 0C 1A .2<a.6.e1>D!.!..
0080: 70 EF EF 97 42 44 F9 18 63 9A B1 57 0F 55 6E 62 p...BD..c..W.Unb
0090: 5B B2 93 90 6A 6C FD BD 27 CA 65 8B 5F B1 00 F1 [...jl..'.e._...
00A0: AC 64 17 01 15 39 6F CE FD 72 1B AA C0 DF 27 FF .d...9o..r....'.
00B0: AD BD FF 6D 8D E9 D4 63 1A 5A 98 5D 42 8F E5 D4 ...m...c.Z.]B...
00C0: 7D C4 FF E3 34 40 E9 A8 30 CF F9 B0 84 6A F4 79 ....4@..0....j.y
00D0: D5 47 35 65 69 40 85 2A B2 44 86 E4 C4 98 23 3B .G5ei@.*.D....#;
00E0: BA 01 76 43 91 D8 03 11 44 E9 D3 18 4E B8 D5 43 ..vC....D...N..C
00F0: 16 D3 49 02 B0 22 30 BF F8 DB 47 74 85 E5 95 3B ..I.."0...Gt...;
0100: C4 8F A0 09 63 A2 4C 06 D2 84 EB E5 94 2E 93 40 ....c.L........@
0110: E0 0F F8 09 D0 AA 20 05 94 1E 57 F1 AB 6A 1F 34 ...... ...W..j.4
0120: 2C 2E 4F 36 4C 8F 1F 92 11 1D 23 D7 43 01 86 37 ,.O6L.....#.C..7
0130: 1D CD 0A 26 FA 6F 9A 2A 8D B6 0F 2F 51 44 9A 7A ...&.o.*.../QD.z
0140: 71 82 E6 54 D6 49 05 2A 05 E5 1E 9F 80 5B 5A BE q..T.I.*.....[Z.
0150: 6F 48 80 67 BB AA 16 F4 A2 B2 AA EA 2D F2 20 E3 oH.g........-. .
0160: E7 D5 67 A0 8C 33 12 DD AC 2D AE 21 90 7C 1B 6B ..g..3...-.!...k
0170: 33 C6 70 53 7F 39 F1 CE E9 9A 6F 85 C9 26 90 F5 3.pS.9....o..&..
0180: 4C 13 AA 0E D7 1E 80 79 47 C6 2F C5 C7 7C 81 23 L......yG./....#
0190: 68 F6 58 5C 42 80 D8 DE 83 E3 45 4F A7 43 E9 F7 h.X\B.....EO.C..
01A0: 6A 37 2A F2 18 39 F0 00 08 FE AE FA 56 CE 44 8B j7*..9......V.D.
01B0: 90 45 51 47 5D C3 C2 52 36 65 F2 E1 32 45 13 2D .EQG]..R6e..2E.-
01C0: FC E8 FA CC 54 20 CC B6 AC 3E BA 19 FD 0F 57 CB ....T ...>....W.
01D0: AB C6 C1 A3 C0 CA 64 9F 9D 2C 37 B6 90 75 78 56 ......d..,7..uxV
01E0: 76 5C EF 80 D5 1B 36 1C D2 E3 BA 92 55 00 B0 49 v\....6.....U..I
01F0: 9D FB 78 FB 89 02 D1 93 C0 42 11 EF 95 C5 68 2F ..x......B....h/
]
***
javawsApplicationMain, READ: TLSv1.2 Handshake, length = 576
*** Diffie-Hellman ServerKeyExchange
DH Modulus: { 214, 125, 228, 64, 203, 187, 220, 25, 54, 214, 147, 211, 74, 253, 10, 213, 12, 132, 210, 57, 164, 95, 82, 11, 184, 129, 116, 203, 152, 188, 233, 81, 132, 159, 145, 46, 99, 156, 114, 251, 19, 180, 180, 215, 23, 126, 22, 213, 90, 193, 121, 186, 66, 11, 42, 41, 254, 50, 74, 70, 122, 99, 94, 129, 255, 89, 1, 55, 123, 237, 220, 253, 51, 22, 138, 70, 26, 173, 59, 114, 218, 232, 134, 0, 120, 4, 91, 7, 167, 219, 202, 120, 116, 8, 125, 21, 16, 234, 159, 204, 157, 221, 51, 5, 7, 221, 98, 219, 136, 174, 170, 116, 125, 224, 244, 214, 226, 189, 104, 176, 231, 57, 62, 15, 36, 33, 142, 179 }
DH Base: { 2 }
Server DH Public Key: { 114, 87, 26, 236, 122, 81, 229, 53, 71, 3, 19, 133, 86, 143, 235, 250, 91, 191, 88, 156, 130, 52, 158, 11, 127, 237, 224, 46, 103, 9, 8, 252, 88, 170, 134, 232, 242, 2, 226, 206, 211, 218, 111, 218, 17, 237, 90, 104, 220, 9, 203, 121, 193, 229, 175, 91, 30, 212, 171, 136, 71, 1, 171, 211, 180, 104, 227, 189, 201, 40, 224, 65, 154, 102, 95, 207, 105, 14, 192, 102, 168, 149, 135, 77, 131, 91, 35, 116, 137, 210, 151, 179, 34, 188, 9, 195, 214, 185, 159, 8, 214, 181, 235, 177, 188, 239, 75, 148, 174, 30, 100, 66, 168, 130, 93, 245, 232, 205, 118, 251, 244, 54, 109, 168, 111, 138, 66, 4 }
Anonymous
javawsApplicationMain, READ: TLSv1.2 Handshake, length = 5616
*** CertificateRequest
Cert Types: Fixed DH (RSA sig), Fixed DH (DSS sig), RSA, DSS, ECDSA
Supported Signature Algorithms: SHA512withRSA, Unknown (hash:0x6, signature:0x2), SHA512withECDSA, SHA384withRSA, Unknown (hash:0x5, signature:0x2), SHA384withECDSA, SHA256withRSA, Unknown (hash:0x4, signature:0x2), SHA256withECDSA, SHA224withRSA, Unknown (hash:0x3, signature:0x2), SHA224withECDSA, SHA1withRSA, SHA1withDSA, SHA1withECDSA, MD5withRSA
Cert Authorities:
<CN=A-Trust-nQual-01, OU=A-Trust-nQual-01, O=A-Trust, C=AT>
<CN=lisign-qualified-01, OU=lisign-qualified-01, O=FLZ-Anstalt, C=LI>
<CN=lisign-qualified-05, OU=lisign-qualified-05, O=FLZ-Anstalt, C=LI>
<CN=a-sign-SSL-03, OU=a-sign-SSL-03, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-SSL-05, OU=a-sign-SSL-05, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-light-02, OU=a-sign-light-02, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-light-03, OU=a-sign-light-03, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-light-05, OU=a-sign-light-05, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-Token-03, OU=a-sign-Token-03, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=A-Trust-Qual-02, OU=A-Trust-Qual-02, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=A-Trust-Qual-03, OU=A-Trust-Qual-03, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-SSL-EV-03, OU=a-sign-SSL-EV-03, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-SSL-EV-05, OU=a-sign-SSL-EV-05, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=A-Trust-nQual-03, OU=A-Trust-nQual-03, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=A-Trust-Qual-01, OU=A-Trust-Qual-01, O=A-Trust Ges. für Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-Inhouse-03, OU=a-sign-Inhouse-03, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-Inhouse-05, OU=a-sign-Inhouse-05, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-limited-03, OU=a-sign-limited-03, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<EMAILADDRESS=office@3kraft.com, CN=ACG Certificate Gateway CA, O=3kraft IT Gmbh & Co KG, L=Vienna, ST=AT, C=AT>
<CN=a-sign-corporate-03, OU=a-sign-corporate-03, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-corporate-05, OU=a-sign-corporate-05, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-developer-02, OU=a-sign-developer-02, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-developer-05, OU=a-sign-developer-05, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-Token-Enc-02, OU=a-sign-Token-Enc-02, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-Token-Sig-02, OU=a-sign-Token-Sig-02, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-Premium-Enc-02, OU=a-sign-Premium-Enc-02, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-Premium-Enc-05, OU=a-sign-Premium-Enc-05, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-Premium-Sig-02, OU=a-sign-Premium-Sig-02, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-Premium-Sig-03, OU=a-sign-Premium-Sig-03, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-Premium-Sig-05, OU=a-sign-Premium-Sig-05, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-company-root-03, OU=a-sign-company-root-03, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-premium-mobile-03, OU=a-sign-premium-mobile-03, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-premium-mobile-05, OU=a-sign-premium-mobile-05, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-corporate-light-03, OU=a-sign-corporate-light-03, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-corporate-medium-02, OU=a-sign-corporate-medium-02, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-corporate-strong-02, OU=a-sign-corporate-strong-02, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<EMAILADDRESS=fcl3@austrocontrol.at, CN=Austro Control FCL3 Root CA, OU=AES, O=Austro Control GmbH, L=Wien, ST=Wien, C=AT>
*** ServerHelloDone
*** Certificate chain
***
*** ClientKeyExchange, DH
DH Public key: { 74, 216, 36, 68, 14, 30, 107, 121, 88, 154, 32, 72, 205, 217, 1, 152, 212, 31, 119, 103, 146, 220, 197, 134, 191, 172, 52, 235, 143, 121, 22, 189, 26, 173, 150, 198, 2, 18, 107, 225, 168, 55, 171, 243, 251, 188, 160, 110, 162, 60, 19, 82, 153, 79, 70, 191, 6, 100, 223, 49, 252, 201, 90, 165, 107, 93, 220, 91, 230, 125, 9, 1, 225, 191, 138, 79, 234, 22, 61, 117, 67, 180, 249, 43, 60, 234, 35, 186, 154, 122, 223, 46, 24, 249, 163, 221, 180, 36, 134, 253, 115, 186, 81, 14, 140, 178, 1, 15, 83, 188, 33, 69, 121, 178, 232, 173, 98, 197, 177, 28, 134, 178, 153, 223, 219, 80, 227, 77 }
javawsApplicationMain, WRITE: TLSv1.2 Handshake, length = 192
SESSION KEYGEN:
PreMaster Secret:
0000: 24 6E 9E DB FA CF 6A 81 F2 A8 C0 C5 11 DB B0 79 $n....j........y
0010: CF B1 45 A0 5B 13 2A 48 01 CC CB 9A D2 DB EB 76 ..E.[.*H.......v
0020: E1 8B 11 1C EC FE 39 2A C7 7D B9 E8 7E 84 4C B6 ......9*......L.
0030: 63 ED C2 35 BC DA 2A 95 05 EA EA FD 03 0C E0 10 c..5..*.........
0040: D8 13 C5 36 20 A7 62 FF CB 01 7E 7B 8D 28 AA E8 ...6 .b......(..
0050: 1E 17 06 02 72 0D B4 12 2A 2B E6 E2 6F F2 CF A4 ....r...*+..o...
0060: 57 BA DF BB D3 82 11 04 B8 A6 9F 39 25 69 29 C2 W..........9%i).
0070: 63 29 EC EF B5 ED 5A D6 8E 48 74 C3 99 7D 1D 8E c)....Z..Ht.....
CONNECTION KEYGEN:
Client Nonce:
0000: 53 C3 FE 36 5B B5 BB F0 3D FB 6F C7 C3 88 AF B9 S..6[...=.o.....
0010: 85 2A 34 51 62 F9 7E 47 C2 9F 20 35 01 BA 5B 99 .*4Qb..G.. 5..[.
Server Nonce:
0000: 53 C3 FD DE AA 6B 15 D2 22 89 77 68 16 C2 0B D0 S....k..".wh....
0010: EE BD 58 67 A1 4F B1 05 9B DA 2B A1 E7 5E EF F4 ..Xg.O....+..^..
Master Secret:
0000: 7F 4F F8 37 41 EC 45 85 CD A6 13 E5 57 B8 3F B8 .O.7A.E.....W.?.
0010: F2 A4 05 67 6D 42 FA 80 21 79 04 8D A0 C0 E2 F8 ...gmB..!y......
0020: F6 3E 79 7C 72 5D A4 E9 DE E3 01 7C 81 35 1A 3E .>y.r].......5.>
Client MAC write Secret:
0000: 83 34 55 D4 12 A2 F0 F1 1D 3A 0E 95 95 0C 9E 5B .4U......:.....[
0010: 43 8E A9 3C A1 0E 8E 9F B0 4B D8 E4 C1 E5 0D 4A C..<.....K.....J
Server MAC write Secret:
0000: 88 C7 D0 BC C8 0E C2 F1 52 0F 7C 60 99 5C 89 DE ........R..`.\..
0010: FC 66 83 B6 D9 B9 7C 58 BD 8E B0 37 CA 4F 38 10 .f.....X...7.O8.
Client write key:
0000: 20 67 9D 04 AB 37 1C FD 13 91 1A E5 C6 48 9F 88 g...7.......H..
Server write key:
0000: D7 B5 F6 93 84 3E 07 CC 6B F8 9C 72 11 E3 BC 02 .....>..k..r....
... no IV derived for this protocol
javawsApplicationMain, WRITE: TLSv1.2 Change Cipher Spec, length = 64
*** Finished
verify_data: { 89, 233, 121, 27, 223, 116, 104, 16, 165, 105, 219, 71 }
***
javawsApplicationMain, WRITE: TLSv1.2 Handshake, length = 80
javawsApplicationMain, READ: TLSv1.2 Alert, length = 64
javawsApplicationMain, RECV TLSv1.2 ALERT: fatal, handshake_failure
%% Invalidated: [Session-3, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256]
%% Invalidated: [Session-4, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256]
javawsApplicationMain, called closeSocket()
javawsApplicationMain, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
javawsApplicationMain, called close()
javawsApplicationMain, called closeInternal(true)
#### Java Web Start Error:
#### Received fatal alert: handshake_failure
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
No specific source code required - e.g. SwingSet on HTTPS server with client certificates required is sufficient
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
none - manipulating the boot class path overriding e.g. KeychainStore to use a dummy password if an empty password is passed fixes the problem, but obviously this is not a workaround for end users.
java version "1.8.0_05"
Java(TM) SE Runtime Environment (build 1.8.0_05-b13)
Java HotSpot(TM) 64-Bit Server VM (build 25.5-b02, mixed mode)
and
java version "1.7.0_55"
Java(TM) SE Runtime Environment (build 1.7.0_55-b13)
Java HotSpot(TM) 64-Bit Server VM (build 24.55-b03, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Darwin xxx.local 13.3.0 Darwin Kernel Version 13.3.0: Tue Jun 3 21:27:35 PDT 2014; root:xnu-2422.110.17~1/RELEASE_X86_64 x86_64
EXTRA RELEVANT SYSTEM CONFIGURATION :
Java Webstart application is deployed on https server which requires a client certificate to be sent.
A DESCRIPTION OF THE PROBLEM :
With Windows, Java Webstart can load certificates with private keys from the operating system keystore.
On MacOS, the equivalent using Apple KeyChain does not work, despite having the options selected. Only truststore certificates are being loaded from the operating system KeyChain, but not private key entries.
While there has been a fundamental problem loading privates keys in earlier versions of Java (only the first private key could be loaded, see https://bugs.openjdk.java.net/browse/JDK-8000350), Java 7u4 and onwards have the capability to load certificates.
Debugging the problem has shown that the reason for this problem is that within the java webstart framework, the private key is requested with an empty password (loading the private key with a char[0] passphrase).
This empty password is passed through the call chain from X509DeployKeyManager via SunX509KeyManagerImpl into KeychainStore.
Setting a different password in any of those locations results in the private key being loaded correctly and the application can be deployed using client certificates.
ADDITIONAL REGRESSION INFORMATION:
This is a platform regression, not a version regression. Works as expected in Windows, does not work as expected on MacOS
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1.) Create a web server which requires client certificates for access
2.) Deploy Java webstart application onto the web server
3.) Install appropriate client certificate in browser keystore
4.) Start application through web browser.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Webstart starts the application, optionally asking for selection of a client certificate if multiple certificates match.
ACTUAL -
JNLP can be loaded through web browser, but loading further resources fails with a SSL handshake error.
ERROR MESSAGES/STACK TRACES THAT OCCUR :
***
javawsApplicationMain, READ: TLSv1.2 Handshake, length = 527
*** Diffie-Hellman ServerKeyExchange
DH Modulus: { 214, 125, 228, 64, 203, 187, 220, 25, 54, 214, 147, 211, 74, 253, 10, 213, 12, 132, 210, 57, 164, 95, 82, 11, 184, 129, 116, 203, 152, 188, 233, 81, 132, 159, 145, 46, 99, 156, 114, 251, 19, 180, 180, 215, 23, 126, 22, 213, 90, 193, 121, 186, 66, 11, 42, 41, 254, 50, 74, 70, 122, 99, 94, 129, 255, 89, 1, 55, 123, 237, 220, 253, 51, 22, 138, 70, 26, 173, 59, 114, 218, 232, 134, 0, 120, 4, 91, 7, 167, 219, 202, 120, 116, 8, 125, 21, 16, 234, 159, 204, 157, 221, 51, 5, 7, 221, 98, 219, 136, 174, 170, 116, 125, 224, 244, 214, 226, 189, 104, 176, 231, 57, 62, 15, 36, 33, 142, 179 }
DH Base: { 2 }
Server DH Public Key: { 78, 240, 213, 140, 50, 159, 160, 51, 15, 188, 95, 89, 220, 44, 54, 47, 32, 146, 209, 139, 172, 88, 41, 167, 199, 45, 186, 132, 147, 102, 149, 156, 113, 219, 129, 172, 170, 249, 240, 73, 214, 187, 229, 130, 142, 175, 164, 75, 56, 79, 127, 166, 152, 20, 58, 194, 86, 192, 132, 169, 162, 117, 102, 227, 101, 80, 180, 142, 2, 248, 222, 223, 198, 245, 70, 98, 212, 246, 4, 65, 140, 33, 194, 114, 6, 124, 6, 161, 60, 190, 195, 29, 111, 251, 194, 61, 76, 133, 25, 158, 250, 38, 222, 133, 83, 153, 63, 187, 244, 220, 10, 12, 154, 157, 69, 140, 218, 108, 51, 27, 243, 255, 196, 98, 75, 179, 128, 41 }
Anonymous
javawsApplicationMain, READ: TLSv1.2 Handshake, length = 5565
*** CertificateRequest
Cert Types: Fixed DH (RSA sig), Fixed DH (DSS sig), RSA, DSS, ECDSA
Supported Signature Algorithms: SHA512withRSA, Unknown (hash:0x6, signature:0x2), SHA512withECDSA, SHA384withRSA, Unknown (hash:0x5, signature:0x2), SHA384withECDSA, SHA256withRSA, Unknown (hash:0x4, signature:0x2), SHA256withECDSA, SHA224withRSA, Unknown (hash:0x3, signature:0x2), SHA224withECDSA, SHA1withRSA, SHA1withDSA, SHA1withECDSA, MD5withRSA
Cert Authorities:
<CN=A-Trust-nQual-01, OU=A-Trust-nQual-01, O=A-Trust, C=AT>
<CN=lisign-qualified-01, OU=lisign-qualified-01, O=FLZ-Anstalt, C=LI>
<CN=lisign-qualified-05, OU=lisign-qualified-05, O=FLZ-Anstalt, C=LI>
<CN=a-sign-SSL-03, OU=a-sign-SSL-03, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-SSL-05, OU=a-sign-SSL-05, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-light-02, OU=a-sign-light-02, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-light-03, OU=a-sign-light-03, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-light-05, OU=a-sign-light-05, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-Token-03, OU=a-sign-Token-03, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=A-Trust-Qual-02, OU=A-Trust-Qual-02, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=A-Trust-Qual-03, OU=A-Trust-Qual-03, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-SSL-EV-03, OU=a-sign-SSL-EV-03, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-SSL-EV-05, OU=a-sign-SSL-EV-05, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=A-Trust-nQual-03, OU=A-Trust-nQual-03, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=A-Trust-Qual-01, OU=A-Trust-Qual-01, O=A-Trust Ges. für Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-Inhouse-03, OU=a-sign-Inhouse-03, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-Inhouse-05, OU=a-sign-Inhouse-05, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-limited-03, OU=a-sign-limited-03, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<EMAILADDRESS=office@3kraft.com, CN=ACG Certificate Gateway CA, O=3kraft IT Gmbh & Co KG, L=Vienna, ST=AT, C=AT>
<CN=a-sign-corporate-03, OU=a-sign-corporate-03, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-corporate-05, OU=a-sign-corporate-05, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-developer-02, OU=a-sign-developer-02, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-developer-05, OU=a-sign-developer-05, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-Token-Enc-02, OU=a-sign-Token-Enc-02, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-Token-Sig-02, OU=a-sign-Token-Sig-02, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-Premium-Enc-02, OU=a-sign-Premium-Enc-02, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-Premium-Enc-05, OU=a-sign-Premium-Enc-05, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-Premium-Sig-02, OU=a-sign-Premium-Sig-02, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-Premium-Sig-03, OU=a-sign-Premium-Sig-03, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-Premium-Sig-05, OU=a-sign-Premium-Sig-05, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-company-root-03, OU=a-sign-company-root-03, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-premium-mobile-03, OU=a-sign-premium-mobile-03, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-premium-mobile-05, OU=a-sign-premium-mobile-05, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-corporate-light-03, OU=a-sign-corporate-light-03, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-corporate-medium-02, OU=a-sign-corporate-medium-02, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-corporate-strong-02, OU=a-sign-corporate-strong-02, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<EMAILADDRESS=fcl3@austrocontrol.at, CN=Austro Control FCL3 Root CA, OU=AES, O=Austro Control GmbH, L=Wien, ST=Wien, C=AT>
*** ServerHelloDone
*** Certificate chain
***
*** ClientKeyExchange, DH
DH Public key: { 186, 60, 236, 173, 245, 141, 81, 130, 27, 22, 106, 114, 39, 254, 213, 45, 138, 127, 109, 235, 226, 223, 171, 18, 67, 231, 69, 233, 224, 6, 216, 120, 236, 211, 111, 99, 170, 180, 59, 79, 185, 251, 134, 235, 242, 110, 157, 25, 211, 21, 209, 248, 16, 127, 85, 62, 99, 58, 65, 88, 178, 115, 122, 57, 213, 26, 81, 237, 4, 193, 167, 105, 10, 136, 117, 128, 46, 114, 192, 196, 141, 165, 189, 120, 252, 55, 51, 111, 80, 4, 2, 177, 200, 44, 248, 13, 137, 2, 191, 161, 99, 243, 106, 179, 78, 91, 255, 9, 206, 252, 225, 155, 226, 160, 204, 221, 124, 135, 247, 52, 20, 101, 148, 25, 129, 56, 176, 121 }
javawsApplicationMain, WRITE: TLSv1.2 Handshake, length = 141
SESSION KEYGEN:
PreMaster Secret:
0000: 72 82 51 75 F1 EB BB 7A A4 D3 DF EE FF 1B 0B 33 r.Qu...z.......3
0010: D2 3B 53 9D 00 61 95 6F EC 62 27 61 98 C6 8A 36 .;S..a.o.b'a...6
0020: A1 D7 18 19 D0 5A 1F C6 E3 1B D7 7F C1 C8 D7 78 .....Z.........x
0030: 94 FF 07 9E 5F 64 F2 C3 BB D6 04 6D AD 79 2F 5F ...._d.....m.y/_
0040: 24 EB 38 EA 80 C6 0C 6E 6C 24 2C 12 75 80 E7 52 $.8....nl$,.u..R
0050: 3A 14 CE 53 40 94 60 67 2E 4D A3 7B CE AB 1E 87 :..S@.`g.M......
0060: A7 C6 F0 65 01 76 27 33 E5 08 1A C3 CE 8F 95 80 ...e.v'3........
0070: 9D 6B 7F 13 66 C0 54 1C 41 AF EA FE 58 AA 13 A7 .k..f.T.A...X...
CONNECTION KEYGEN:
Client Nonce:
0000: 53 C3 FE 29 25 B6 BB A5 A8 63 01 CE 77 4F 9D 99 S..)%....c..wO..
0010: F1 F9 01 E4 4D 70 CD 41 6A E8 05 2F 63 9A 0D 50 ....Mp.Aj../c..P
Server Nonce:
0000: 53 C3 FD D1 F5 1D 0F B0 69 91 68 BD 98 32 71 AD S.......i.h..2q.
0010: 69 61 82 A0 69 A6 BC 10 C3 90 C4 C2 99 6E 94 D6 ia..i........n..
Master Secret:
0000: 58 24 34 18 67 3E 3C 66 5E FF 40 B5 22 6B D9 66 X$4.g><f^.@."k.f
0010: 17 45 C0 4B 0C 88 2B 89 50 F0 54 C0 9B 21 B8 28 .E.K..+.P.T..!.(
0020: 77 B3 D5 FF 5B C6 FE 35 8D FC A9 67 B3 B1 0D 6B w...[..5...g...k
Client MAC write Secret:
0000: 7A 35 98 E2 16 49 44 FF 38 8E D0 5F F5 A9 E4 C1 z5...ID.8.._....
0010: C4 6A F5 BC C6 BE 77 ED E9 98 C5 EA 07 04 AF BE .j....w.........
Server MAC write Secret:
0000: CF 35 C1 75 2C 4A 87 C4 29 EF C4 38 C9 CD FD A1 .5.u,J..)..8....
0010: C0 B6 69 17 67 C9 F3 F5 FA E7 9C 5E 53 6C E8 C4 ..i.g......^Sl..
Client write key:
0000: B4 53 A3 B9 19 0E 35 41 77 C5 06 3E BF 27 9B DE .S....5Aw..>.'..
Server write key:
0000: C5 98 1A 90 2F DC B5 DE F7 C7 66 52 8F A1 20 17 ..../.....fR.. .
... no IV derived for this protocol
javawsApplicationMain, WRITE: TLSv1.2 Change Cipher Spec, length = 1
*** Finished
verify_data: { 208, 23, 121, 35, 151, 222, 189, 123, 153, 30, 143, 78 }
***
javawsApplicationMain, WRITE: TLSv1.2 Handshake, length = 80
javawsApplicationMain, READ: TLSv1.2 Change Cipher Spec, length = 1
javawsApplicationMain, READ: TLSv1.2 Handshake, length = 80
*** Finished
verify_data: { 158, 146, 220, 219, 163, 141, 155, 118, 103, 176, 9, 19 }
***
%% Cached client session: [Session-3, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256]
javawsApplicationMain, WRITE: TLSv1.2 Application Data, length = 224
javawsApplicationMain, READ: TLSv1.2 Handshake, length = 64
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: false
Is secure renegotiation: true
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1
*** HelloRequest (empty)
%% Client cached [Session-3, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256]
%% Try resuming [Session-3, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256] from port 49351
*** ClientHello, TLSv1.2
RandomCookie: GMT: 1388510774 bytes = { 91, 181, 187, 240, 61, 251, 111, 199, 195, 136, 175, 185, 133, 42, 52, 81, 98, 249, 126, 71, 194, 159, 32, 53, 1, 186, 91, 153 }
Session ID: {210, 60, 17, 68, 173, 163, 157, 122, 0, 76, 28, 204, 81, 50, 59, 103, 13, 244, 165, 253, 113, 253, 21, 233, 212, 13, 168, 92, 185, 246, 80, 113}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA
Extension renegotiation_info, renegotiated_connection: d0:17:79:23:97:de:bd:7b:99:1e:8f:4e
***
javawsApplicationMain, WRITE: TLSv1.2 Handshake, length = 304
javawsApplicationMain, READ: TLSv1.2 Handshake, length = 160
*** ServerHello, TLSv1.2
RandomCookie: GMT: 1388510430 bytes = { 170, 107, 21, 210, 34, 137, 119, 104, 22, 194, 11, 208, 238, 189, 88, 103, 161, 79, 177, 5, 155, 218, 43, 161, 231, 94, 239, 244 }
Session ID: {103, 90, 199, 12, 104, 99, 158, 175, 148, 227, 163, 158, 66, 64, 66, 85, 140, 69, 34, 167, 52, 248, 241, 107, 210, 113, 145, 106, 26, 129, 238, 255}
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: d0:17:79:23:97:de:bd:7b:99:1e:8f:4e:9e:92:dc:db:a3:8d:9b:76:67:b0:09:13
***
%% Initialized: [Session-4, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256]
** TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
javawsApplicationMain, READ: TLSv1.2 Handshake, length = 3504
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: EMAILADDRESS=empic-test-cert@3kraft.com, CN=empic-test-cert, O=3kraft IT Gmbh & Co KG, L=Vienna, ST=AT, C=AT
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: 24698606253640522083646757926554440189484096492528450008476337523151169618747865058680377014959073618897549019699392615437364542126858052233624489426663451637782090644585829219409530876382847333954394422664717113707634589707023326482923481303201043096575343457736820746756387033491865124405865511571330817473958777313045287010388914085894773992093355418701868389268149938447754857741541655070218987624680255116084342261055456580644115461998093881000242266518289853115807773331223995083032520209432446033357380449839292088385720230822361499036372887099870741773755989673291185008452457733598613463962354129919817142079
public exponent: 65537
Validity: [From: Thu Jul 10 14:25:36 CEST 2014,
To: Fri Jul 10 14:25:36 CEST 2015]
Issuer: EMAILADDRESS=office@3kraft.com, CN=ACG Certificate Gateway CA, O=3kraft IT Gmbh & Co KG, L=Vienna, ST=AT, C=AT
SerialNumber: [ 04]
Certificate Extensions: 7
[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 1E 16 1C 54 69 6E 79 43 41 20 47 65 6E 65 72 ....TinyCA Gener
0010: 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 65 ated Certificate
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: C0 EA 94 27 3E E8 B3 21 37 50 E3 40 AF 90 0B 85 ...'>..!7P.@....
0010: CA 2B EC 6F .+.o
]
[EMAILADDRESS=office@3kraft.com, CN=ACG Certificate Gateway CA, O=3kraft IT Gmbh & Co KG, L=Vienna, ST=AT, C=AT]
SerialNumber: [ f8505e70 f175acf7]
]
[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
]
[4]: ObjectId: 2.5.29.18 Criticality=false
IssuerAlternativeName [
RFC822Name: office@3kraft.com
]
[5]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL server
]
[6]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
RFC822Name: empic-test-cert@3kraft.com
]
[7]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 02 98 D9 05 60 CC C5 9C BD 99 A7 4C F4 45 B3 C2 ....`......L.E..
0010: 98 9D 0A 64 ...d
]
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: A0 21 75 6E 6D AC A9 76 34 EE 2B 2C 81 CD 6D 00 .!unm..v4.+,..m.
0010: 7D 37 FD AB 58 2B FF B0 A3 78 7E 14 B6 C4 10 06 .7..X+...x......
0020: 1A 6A 7A 2A DB C0 27 F0 97 44 F8 37 67 99 F3 C5 .jz*..'..D.7g...
0030: A5 66 FE 2D 69 A1 7C 2B 3A 08 8B 77 C8 FD B2 22 .f.-i..+:..w..."
0040: 92 80 B2 C7 74 3B 10 A6 C1 71 D8 25 97 A1 C1 8B ....t;...q.%....
0050: 64 27 8F 27 CE CA 9A 91 E4 D7 78 1A E4 2F 65 66 d'.'......x../ef
0060: 92 6C 97 58 57 DC 45 7E B5 FB 69 A5 AA 7A C1 6D .l.XW.E...i..z.m
0070: EF B3 19 A9 1D CB 9B 50 03 30 3A 67 D1 68 40 9D .......P.0:g.h@.
0080: BB BD 9D 19 7B A2 1E 9C 45 59 85 4A DF 66 D0 9E ........EY.J.f..
0090: D7 DD 80 DE C5 31 8F B4 27 89 83 1B 4C F1 A4 39 .....1..'...L..9
00A0: FC EE 83 03 06 0B A6 60 CC 30 81 58 A2 25 C8 F5 .......`.0.X.%..
00B0: 60 A2 58 9F 32 7F B7 CC 08 0E 2B 92 26 2C 64 DF `.X.2.....+.&,d.
00C0: 1C A8 8D 62 63 EB D4 97 DD B5 2C 2D 67 62 DF 67 ...bc.....,-gb.g
00D0: 32 CC 54 E1 99 F0 E3 AA 48 74 A2 67 22 06 A7 E0 2.T.....Ht.g"...
00E0: D3 82 89 D5 C9 55 52 C5 4F E4 C5 D6 BF 98 9E CC .....UR.O.......
00F0: D8 6C CA 44 32 E7 AE 3A 7A B4 10 EA 7E C2 F5 BA .l.D2..:z.......
0100: F7 8A 29 93 A5 95 41 6F F6 28 0A F8 57 5E 38 20 ..)...Ao.(..W^8
0110: B8 5C A5 42 48 AB 02 42 87 B5 80 BE EC DD 8D 31 .\.BH..B.......1
0120: 4A 6F 0B E2 05 8F 69 5C 0B 79 8E C0 0D 6A C0 CA Jo....i\.y...j..
0130: 9C 12 A0 B9 3E DC 39 A0 C5 E2 CB 57 F6 D0 B3 A6 ....>.9....W....
0140: 56 31 8F 56 5B EC 86 9D 17 92 B1 F1 1D 16 42 ED V1.V[.........B.
0150: C1 89 09 EE FD 33 EC 74 4F 7B 1E 60 D0 77 AD 8B .....3.tO..`.w..
0160: 28 B7 71 75 BA 41 2C 51 1F 84 8E C6 3B 50 B4 30 (.qu.A,Q....;P.0
0170: 2C 60 E0 EB 9A 37 BD 04 2E 2E 81 9A 77 67 3C C1 ,`...7......wg<.
0180: 04 FD D5 50 8F 23 9C A2 B4 4A 94 7D EC 0C 60 70 ...P.#...J....`p
0190: 90 64 10 B9 B0 BC A3 15 B0 18 A2 08 99 2A ED D0 .d...........*..
01A0: 0E 96 A5 08 3A A3 5A 6D 65 94 63 CD 46 25 6F 0B ....:.Zme.c.F%o.
01B0: 41 3F D7 66 5C D4 EE DF B4 05 1E 27 2B 3B F4 B6 A?.f\......'+;..
01C0: CD AC C4 2F 90 38 31 F4 46 82 C2 7D 89 DE F4 FE .../.81.F.......
01D0: 1A 4F 2F 65 91 C7 99 EA C9 CA 5E 0D 81 72 1B 9A .O/e......^..r..
01E0: 3A BE 20 F9 2C 03 26 AC 1D AA 8D E1 70 AD EC 41 :. .,.&.....p..A
01F0: E4 CF A7 BC D9 F4 E6 20 CC 72 8C C2 18 42 0F D0 ....... .r...B..
]
chain [1] = [
[
Version: V3
Subject: EMAILADDRESS=office@3kraft.com, CN=ACG Certificate Gateway CA, O=3kraft IT Gmbh & Co KG, L=Vienna, ST=AT, C=AT
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 4096 bits
modulus: 854119331822294391308089239256295093119861834456278140546248668741213033134494675388371092560301863951903494890289978393597528906513386750421518494812229217282409316414502110772170038790734044617499764130133648878632516232279289166822444978496464240782080228525998305535107673494242093914147545683489646347612221750601896443094728158474636778049215812638600999100313632356930005408350594909607937430293419911372834480391278822591466795491433099934617453293902999356290178529609345986371127996541630944880531834650217763824619953197428390296123969107145330264916999670500667314710963142280702668764840132295965071672980756372334427469284785523658985006096977443137591027563576122658807074755984571799265840256310613639466496809768379182955930539133072550540967488577269824170650939458424420949584489216134496928408727442689200317575772342857533859229817234355557764302662283555872810941371853755719244772836798680743418476766856128057742002073495465886992738381954345251921666664256301036999814388292271168366749159331075609203892972158561161205830966740355889527827217675377153759367442153532227915291812553607927158083094787851454712970760951921318785735675585554844392811252573264234080862460016580576044735657727308499903793223741
public exponent: 65537
Validity: [From: Sat Jul 05 16:20:25 CEST 2014,
To: Fri Jun 30 16:20:25 CEST 2034]
Issuer: EMAILADDRESS=office@3kraft.com, CN=ACG Certificate Gateway CA, O=3kraft IT Gmbh & Co KG, L=Vienna, ST=AT, C=AT
SerialNumber: [ f8505e70 f175acf7]
Certificate Extensions: 7
[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 35 16 33 33 6B 72 61 66 74 20 49 54 20 47 6D .5.33kraft IT Gm
0010: 62 48 20 26 20 43 6F 20 4B 47 20 41 43 47 20 43 bH & Co KG ACG C
0020: 65 72 74 69 66 69 63 61 74 65 20 47 61 74 65 77 ertificate Gatew
0030: 61 79 20 52 6F 6F 74 ay Root
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: C0 EA 94 27 3E E8 B3 21 37 50 E3 40 AF 90 0B 85 ...'>..!7P.@....
0010: CA 2B EC 6F .+.o
]
[EMAILADDRESS=office@3kraft.com, CN=ACG Certificate Gateway CA, O=3kraft IT Gmbh & Co KG, L=Vienna, ST=AT, C=AT]
SerialNumber: [ f8505e70 f175acf7]
]
[3]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]
[4]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]
[5]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL CA
S/MIME CA
]
[6]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
RFC822Name: office@3kraft.com
]
[7]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: C0 EA 94 27 3E E8 B3 21 37 50 E3 40 AF 90 0B 85 ...'>..!7P.@....
0010: CA 2B EC 6F .+.o
]
]
Unparseable certificate extensions: 1
[1]: ObjectId: 2.5.29.18 Criticality=false
Unparseable IssuerAlternativeName extension due to
java.io.IOException: No data available in passed DER encoded value.
0000: 30 00 0.
]
Algorithm: [SHA1withRSA]
Signature:
0000: CE B3 85 EA 81 1E 42 EB F7 16 F9 63 C3 B5 CF 00 ......B....c....
0010: 03 AB 2F 83 59 4B AD CA 47 1F 65 25 4F 1B 93 FF ../.YK..G.e%O...
0020: AD 8A 12 EB A5 97 EE B8 3B EC D3 06 E4 3C E5 C0 ........;....<..
0030: A6 88 14 67 D0 87 39 B2 54 23 2F 13 AC 85 7A 41 ...g..9.T#/...zA
0040: 4C DD 29 57 46 CF 0E 5A 08 50 8A BA CB 2B 37 B6 L.)WF..Z.P...+7.
0050: 5B CA A5 6C 6E 97 22 A1 C5 A4 CA 48 7C 65 7B 8F [..ln."....H.e..
0060: CE 17 7F F4 C2 9F C7 BF 90 8B FB C3 6E 87 ED 1A ............n...
0070: AE 32 3C 61 FE 36 EA 65 31 3E 44 21 E2 21 0C 1A .2<a.6.e1>D!.!..
0080: 70 EF EF 97 42 44 F9 18 63 9A B1 57 0F 55 6E 62 p...BD..c..W.Unb
0090: 5B B2 93 90 6A 6C FD BD 27 CA 65 8B 5F B1 00 F1 [...jl..'.e._...
00A0: AC 64 17 01 15 39 6F CE FD 72 1B AA C0 DF 27 FF .d...9o..r....'.
00B0: AD BD FF 6D 8D E9 D4 63 1A 5A 98 5D 42 8F E5 D4 ...m...c.Z.]B...
00C0: 7D C4 FF E3 34 40 E9 A8 30 CF F9 B0 84 6A F4 79 ....4@..0....j.y
00D0: D5 47 35 65 69 40 85 2A B2 44 86 E4 C4 98 23 3B .G5ei@.*.D....#;
00E0: BA 01 76 43 91 D8 03 11 44 E9 D3 18 4E B8 D5 43 ..vC....D...N..C
00F0: 16 D3 49 02 B0 22 30 BF F8 DB 47 74 85 E5 95 3B ..I.."0...Gt...;
0100: C4 8F A0 09 63 A2 4C 06 D2 84 EB E5 94 2E 93 40 ....c.L........@
0110: E0 0F F8 09 D0 AA 20 05 94 1E 57 F1 AB 6A 1F 34 ...... ...W..j.4
0120: 2C 2E 4F 36 4C 8F 1F 92 11 1D 23 D7 43 01 86 37 ,.O6L.....#.C..7
0130: 1D CD 0A 26 FA 6F 9A 2A 8D B6 0F 2F 51 44 9A 7A ...&.o.*.../QD.z
0140: 71 82 E6 54 D6 49 05 2A 05 E5 1E 9F 80 5B 5A BE q..T.I.*.....[Z.
0150: 6F 48 80 67 BB AA 16 F4 A2 B2 AA EA 2D F2 20 E3 oH.g........-. .
0160: E7 D5 67 A0 8C 33 12 DD AC 2D AE 21 90 7C 1B 6B ..g..3...-.!...k
0170: 33 C6 70 53 7F 39 F1 CE E9 9A 6F 85 C9 26 90 F5 3.pS.9....o..&..
0180: 4C 13 AA 0E D7 1E 80 79 47 C6 2F C5 C7 7C 81 23 L......yG./....#
0190: 68 F6 58 5C 42 80 D8 DE 83 E3 45 4F A7 43 E9 F7 h.X\B.....EO.C..
01A0: 6A 37 2A F2 18 39 F0 00 08 FE AE FA 56 CE 44 8B j7*..9......V.D.
01B0: 90 45 51 47 5D C3 C2 52 36 65 F2 E1 32 45 13 2D .EQG]..R6e..2E.-
01C0: FC E8 FA CC 54 20 CC B6 AC 3E BA 19 FD 0F 57 CB ....T ...>....W.
01D0: AB C6 C1 A3 C0 CA 64 9F 9D 2C 37 B6 90 75 78 56 ......d..,7..uxV
01E0: 76 5C EF 80 D5 1B 36 1C D2 E3 BA 92 55 00 B0 49 v\....6.....U..I
01F0: 9D FB 78 FB 89 02 D1 93 C0 42 11 EF 95 C5 68 2F ..x......B....h/
]
***
javawsApplicationMain, READ: TLSv1.2 Handshake, length = 576
*** Diffie-Hellman ServerKeyExchange
DH Modulus: { 214, 125, 228, 64, 203, 187, 220, 25, 54, 214, 147, 211, 74, 253, 10, 213, 12, 132, 210, 57, 164, 95, 82, 11, 184, 129, 116, 203, 152, 188, 233, 81, 132, 159, 145, 46, 99, 156, 114, 251, 19, 180, 180, 215, 23, 126, 22, 213, 90, 193, 121, 186, 66, 11, 42, 41, 254, 50, 74, 70, 122, 99, 94, 129, 255, 89, 1, 55, 123, 237, 220, 253, 51, 22, 138, 70, 26, 173, 59, 114, 218, 232, 134, 0, 120, 4, 91, 7, 167, 219, 202, 120, 116, 8, 125, 21, 16, 234, 159, 204, 157, 221, 51, 5, 7, 221, 98, 219, 136, 174, 170, 116, 125, 224, 244, 214, 226, 189, 104, 176, 231, 57, 62, 15, 36, 33, 142, 179 }
DH Base: { 2 }
Server DH Public Key: { 114, 87, 26, 236, 122, 81, 229, 53, 71, 3, 19, 133, 86, 143, 235, 250, 91, 191, 88, 156, 130, 52, 158, 11, 127, 237, 224, 46, 103, 9, 8, 252, 88, 170, 134, 232, 242, 2, 226, 206, 211, 218, 111, 218, 17, 237, 90, 104, 220, 9, 203, 121, 193, 229, 175, 91, 30, 212, 171, 136, 71, 1, 171, 211, 180, 104, 227, 189, 201, 40, 224, 65, 154, 102, 95, 207, 105, 14, 192, 102, 168, 149, 135, 77, 131, 91, 35, 116, 137, 210, 151, 179, 34, 188, 9, 195, 214, 185, 159, 8, 214, 181, 235, 177, 188, 239, 75, 148, 174, 30, 100, 66, 168, 130, 93, 245, 232, 205, 118, 251, 244, 54, 109, 168, 111, 138, 66, 4 }
Anonymous
javawsApplicationMain, READ: TLSv1.2 Handshake, length = 5616
*** CertificateRequest
Cert Types: Fixed DH (RSA sig), Fixed DH (DSS sig), RSA, DSS, ECDSA
Supported Signature Algorithms: SHA512withRSA, Unknown (hash:0x6, signature:0x2), SHA512withECDSA, SHA384withRSA, Unknown (hash:0x5, signature:0x2), SHA384withECDSA, SHA256withRSA, Unknown (hash:0x4, signature:0x2), SHA256withECDSA, SHA224withRSA, Unknown (hash:0x3, signature:0x2), SHA224withECDSA, SHA1withRSA, SHA1withDSA, SHA1withECDSA, MD5withRSA
Cert Authorities:
<CN=A-Trust-nQual-01, OU=A-Trust-nQual-01, O=A-Trust, C=AT>
<CN=lisign-qualified-01, OU=lisign-qualified-01, O=FLZ-Anstalt, C=LI>
<CN=lisign-qualified-05, OU=lisign-qualified-05, O=FLZ-Anstalt, C=LI>
<CN=a-sign-SSL-03, OU=a-sign-SSL-03, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-SSL-05, OU=a-sign-SSL-05, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-light-02, OU=a-sign-light-02, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-light-03, OU=a-sign-light-03, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-light-05, OU=a-sign-light-05, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-Token-03, OU=a-sign-Token-03, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=A-Trust-Qual-02, OU=A-Trust-Qual-02, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=A-Trust-Qual-03, OU=A-Trust-Qual-03, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-SSL-EV-03, OU=a-sign-SSL-EV-03, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-SSL-EV-05, OU=a-sign-SSL-EV-05, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=A-Trust-nQual-03, OU=A-Trust-nQual-03, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=A-Trust-Qual-01, OU=A-Trust-Qual-01, O=A-Trust Ges. für Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-Inhouse-03, OU=a-sign-Inhouse-03, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-Inhouse-05, OU=a-sign-Inhouse-05, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-limited-03, OU=a-sign-limited-03, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<EMAILADDRESS=office@3kraft.com, CN=ACG Certificate Gateway CA, O=3kraft IT Gmbh & Co KG, L=Vienna, ST=AT, C=AT>
<CN=a-sign-corporate-03, OU=a-sign-corporate-03, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-corporate-05, OU=a-sign-corporate-05, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-developer-02, OU=a-sign-developer-02, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-developer-05, OU=a-sign-developer-05, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-Token-Enc-02, OU=a-sign-Token-Enc-02, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-Token-Sig-02, OU=a-sign-Token-Sig-02, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-Premium-Enc-02, OU=a-sign-Premium-Enc-02, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-Premium-Enc-05, OU=a-sign-Premium-Enc-05, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-Premium-Sig-02, OU=a-sign-Premium-Sig-02, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-Premium-Sig-03, OU=a-sign-Premium-Sig-03, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-Premium-Sig-05, OU=a-sign-Premium-Sig-05, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-company-root-03, OU=a-sign-company-root-03, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-premium-mobile-03, OU=a-sign-premium-mobile-03, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-premium-mobile-05, OU=a-sign-premium-mobile-05, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-corporate-light-03, OU=a-sign-corporate-light-03, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-corporate-medium-02, OU=a-sign-corporate-medium-02, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<CN=a-sign-corporate-strong-02, OU=a-sign-corporate-strong-02, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, C=AT>
<EMAILADDRESS=fcl3@austrocontrol.at, CN=Austro Control FCL3 Root CA, OU=AES, O=Austro Control GmbH, L=Wien, ST=Wien, C=AT>
*** ServerHelloDone
*** Certificate chain
***
*** ClientKeyExchange, DH
DH Public key: { 74, 216, 36, 68, 14, 30, 107, 121, 88, 154, 32, 72, 205, 217, 1, 152, 212, 31, 119, 103, 146, 220, 197, 134, 191, 172, 52, 235, 143, 121, 22, 189, 26, 173, 150, 198, 2, 18, 107, 225, 168, 55, 171, 243, 251, 188, 160, 110, 162, 60, 19, 82, 153, 79, 70, 191, 6, 100, 223, 49, 252, 201, 90, 165, 107, 93, 220, 91, 230, 125, 9, 1, 225, 191, 138, 79, 234, 22, 61, 117, 67, 180, 249, 43, 60, 234, 35, 186, 154, 122, 223, 46, 24, 249, 163, 221, 180, 36, 134, 253, 115, 186, 81, 14, 140, 178, 1, 15, 83, 188, 33, 69, 121, 178, 232, 173, 98, 197, 177, 28, 134, 178, 153, 223, 219, 80, 227, 77 }
javawsApplicationMain, WRITE: TLSv1.2 Handshake, length = 192
SESSION KEYGEN:
PreMaster Secret:
0000: 24 6E 9E DB FA CF 6A 81 F2 A8 C0 C5 11 DB B0 79 $n....j........y
0010: CF B1 45 A0 5B 13 2A 48 01 CC CB 9A D2 DB EB 76 ..E.[.*H.......v
0020: E1 8B 11 1C EC FE 39 2A C7 7D B9 E8 7E 84 4C B6 ......9*......L.
0030: 63 ED C2 35 BC DA 2A 95 05 EA EA FD 03 0C E0 10 c..5..*.........
0040: D8 13 C5 36 20 A7 62 FF CB 01 7E 7B 8D 28 AA E8 ...6 .b......(..
0050: 1E 17 06 02 72 0D B4 12 2A 2B E6 E2 6F F2 CF A4 ....r...*+..o...
0060: 57 BA DF BB D3 82 11 04 B8 A6 9F 39 25 69 29 C2 W..........9%i).
0070: 63 29 EC EF B5 ED 5A D6 8E 48 74 C3 99 7D 1D 8E c)....Z..Ht.....
CONNECTION KEYGEN:
Client Nonce:
0000: 53 C3 FE 36 5B B5 BB F0 3D FB 6F C7 C3 88 AF B9 S..6[...=.o.....
0010: 85 2A 34 51 62 F9 7E 47 C2 9F 20 35 01 BA 5B 99 .*4Qb..G.. 5..[.
Server Nonce:
0000: 53 C3 FD DE AA 6B 15 D2 22 89 77 68 16 C2 0B D0 S....k..".wh....
0010: EE BD 58 67 A1 4F B1 05 9B DA 2B A1 E7 5E EF F4 ..Xg.O....+..^..
Master Secret:
0000: 7F 4F F8 37 41 EC 45 85 CD A6 13 E5 57 B8 3F B8 .O.7A.E.....W.?.
0010: F2 A4 05 67 6D 42 FA 80 21 79 04 8D A0 C0 E2 F8 ...gmB..!y......
0020: F6 3E 79 7C 72 5D A4 E9 DE E3 01 7C 81 35 1A 3E .>y.r].......5.>
Client MAC write Secret:
0000: 83 34 55 D4 12 A2 F0 F1 1D 3A 0E 95 95 0C 9E 5B .4U......:.....[
0010: 43 8E A9 3C A1 0E 8E 9F B0 4B D8 E4 C1 E5 0D 4A C..<.....K.....J
Server MAC write Secret:
0000: 88 C7 D0 BC C8 0E C2 F1 52 0F 7C 60 99 5C 89 DE ........R..`.\..
0010: FC 66 83 B6 D9 B9 7C 58 BD 8E B0 37 CA 4F 38 10 .f.....X...7.O8.
Client write key:
0000: 20 67 9D 04 AB 37 1C FD 13 91 1A E5 C6 48 9F 88 g...7.......H..
Server write key:
0000: D7 B5 F6 93 84 3E 07 CC 6B F8 9C 72 11 E3 BC 02 .....>..k..r....
... no IV derived for this protocol
javawsApplicationMain, WRITE: TLSv1.2 Change Cipher Spec, length = 64
*** Finished
verify_data: { 89, 233, 121, 27, 223, 116, 104, 16, 165, 105, 219, 71 }
***
javawsApplicationMain, WRITE: TLSv1.2 Handshake, length = 80
javawsApplicationMain, READ: TLSv1.2 Alert, length = 64
javawsApplicationMain, RECV TLSv1.2 ALERT: fatal, handshake_failure
%% Invalidated: [Session-3, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256]
%% Invalidated: [Session-4, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256]
javawsApplicationMain, called closeSocket()
javawsApplicationMain, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
javawsApplicationMain, called close()
javawsApplicationMain, called closeInternal(true)
#### Java Web Start Error:
#### Received fatal alert: handshake_failure
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
No specific source code required - e.g. SwingSet on HTTPS server with client certificates required is sufficient
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
none - manipulating the boot class path overriding e.g. KeychainStore to use a dummy password if an empty password is passed fixes the problem, but obviously this is not a workaround for end users.