-
Bug
-
Resolution: Cannot Reproduce
-
P3
-
14, 17, 21, 22
-
b01
-
generic
-
generic
A DESCRIPTION OF THE PROBLEM :
We are seeing connection errors to certain servers when TLS Session tickets are in use. Specifically the server sends a TLS session ticket which is valid for 5 minutes. After 6 minutes Java still sends the old ticket and then complains that the server restarts the SSL handshake.
Please note that I am not sure whether this is solely a Java bug, a server bug or a bug in both.
REGRESSION : Last worked in version 8u391
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Compile the attached source and run with -Djavax.net.debug=ssl,handshake
You will see "GET Response Code :: 404" and after another 6 minutes an error: Unexpected handshake message: certificate
See below in the actual results for the full output.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
The second request should work.
ACTUAL -
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:06.759 GMT|SSLCipher.java:432|jdk.tls.keyLimits: entry = AES/GCM/NoPadding KeyUpdate 2^37. AES/GCM/NOPADDING:KEYUPDATE = 137438953472
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:06.770 GMT|SSLCipher.java:432|jdk.tls.keyLimits: entry = ChaCha20-Poly1305 KeyUpdate 2^37. CHACHA20-POLY1305:KEYUPDATE = 137438953472
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:06.898 GMT|Utilities.java:74|the previous server name in SNI (type=host_name (0), value=ida2a.llv.li) was replaced with (type=host_name (0), value=ida2a.llv.li)
javax.net.ssl|INFO|10|main|2023-11-14 08:28:06.908 GMT|AlpnExtension.java:179|No available application protocols
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:06.908 GMT|SSLExtensions.java:272|Ignore, context unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:06.908 GMT|SessionTicketExtension.java:352|Stateless resumption supported
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:06.909 GMT|SSLExtensions.java:272|Ignore, context unavailable extension: cookie
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:06.957 GMT|SSLExtensions.java:272|Ignore, context unavailable extension: renegotiation_info
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:06.958 GMT|PreSharedKeyExtension.java:659|No session to resume.
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:06.958 GMT|SSLExtensions.java:272|Ignore, context unavailable extension: pre_shared_key
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:06.968 GMT|ClientHello.java:640|Produced ClientHello handshake message (
"ClientHello": {
"client version" : "TLSv1.2",
"random" : "C945FC013B0B2AFCBB651ACEFC872CB1EA3254CAF5E3773C8BB930899B60D541",
"session id" : "AF1F7EECF2B4D6FEFEE094D97893DE9A8A7C3D2A3F784371FEE1479FB1AA40C2",
"cipher suites" : "[TLS_AES_256_GCM_SHA384(0x1302), TLS_AES_128_GCM_SHA256(0x1301), TLS_CHACHA20_POLY1305_SHA256(0x1303), TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(0xC02C), TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(0xC02B), TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256(0xCCA9), TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xC030), TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256(0xCCA8), TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xC02F), TLS_DHE_RSA_WITH_AES_256_GCM_SHA384(0x009F), TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256(0xCCAA), TLS_DHE_DSS_WITH_AES_256_GCM_SHA384(0x00A3), TLS_DHE_RSA_WITH_AES_128_GCM_SHA256(0x009E), TLS_DHE_DSS_WITH_AES_128_GCM_SHA256(0x00A2), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384(0xC024), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(0xC028), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(0xC023), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(0xC027), TLS_DHE_RSA_WITH_AES_256_CBC_SHA256(0x006B), TLS_DHE_DSS_WITH_AES_256_CBC_SHA256(0x006A), TLS_DHE_RSA_WITH_AES_128_CBC_SHA256(0x0067), TLS_DHE_DSS_WITH_AES_128_CBC_SHA256(0x0040), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA(0xC00A), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(0xC014), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(0xC009), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(0xC013), TLS_DHE_RSA_WITH_AES_256_CBC_SHA(0x0039), TLS_DHE_DSS_WITH_AES_256_CBC_SHA(0x0038), TLS_DHE_RSA_WITH_AES_128_CBC_SHA(0x0033), TLS_DHE_DSS_WITH_AES_128_CBC_SHA(0x0032), TLS_RSA_WITH_AES_256_GCM_SHA384(0x009D), TLS_RSA_WITH_AES_128_GCM_SHA256(0x009C), TLS_RSA_WITH_AES_256_CBC_SHA256(0x003D), TLS_RSA_WITH_AES_128_CBC_SHA256(0x003C), TLS_RSA_WITH_AES_256_CBC_SHA(0x0035), TLS_RSA_WITH_AES_128_CBC_SHA(0x002F), TLS_EMPTY_RENEGOTIATION_INFO_SCSV(0x00FF)]",
"compression methods" : "00",
"extensions" : [
"server_name (0)": {
type=host_name (0), value=ida2a.llv.li
},
"status_request (5)": {
"certificate status type": ocsp
"OCSP status request": {
"responder_id": <empty>
"request extensions": {
<empty>
}
}
},
"supported_groups (10)": {
"named groups": [x25519, secp256r1, secp384r1, secp521r1, x448, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192]
},
"ec_point_formats (11)": {
"formats": [uncompressed]
},
"status_request_v2 (17)": {
"cert status request": {
"certificate status type": ocsp_multi
"OCSP status request": {
"responder_id": <empty>
"request extensions": {
<empty>
}
}
}
},
"extended_master_secret (23)": {
<empty>
},
"session_ticket (35)": {
<empty>
},
"signature_algorithms (13)": {
"signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, ed25519, ed448, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha224, rsa_sha224, dsa_sha224, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
},
"supported_versions (43)": {
"versions": [TLSv1.3, TLSv1.2]
},
"psk_key_exchange_modes (45)": {
"ke_modes": [psk_dhe_ke]
},
"signature_algorithms_cert (50)": {
"signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, ed25519, ed448, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha224, rsa_sha224, dsa_sha224, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
},
"key_share (51)": {
"client_shares": [
{
"named group": x25519
"key_exchange": {
0000: 9C D7 50 00 D4 9E A3 AE E4 3D 3C B7 92 AB CF 13 ..P......=<.....
0010: 7A C5 92 51 33 C2 18 55 DC 32 02 90 DE F8 63 71 z..Q3..U.2....cq
}
},
{
"named group": secp256r1
"key_exchange": {
0000: 04 95 D8 E2 52 7A 53 29 D9 AF 4D B9 96 2F 98 5A ....RzS)..M../.Z
0010: E1 7A F4 82 47 4E 88 4F CA 96 BF A2 7D 7F F9 67 .z..GN.O.......g
0020: BA 20 A2 40 D1 09 69 49 B0 24 98 E9 CF FD ED 27 . .@..iI.$.....'
0030: 2E 13 C2 18 94 D4 48 8A 29 08 4F 0A 0F 5A D5 16 ......H.).O..Z..
0040: 7D
}
},
]
}
]
}
)
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:06.994 GMT|ServerHello.java:883|Consuming ServerHello handshake message (
"ServerHello": {
"server version" : "TLSv1.2",
"random" : "65532F966850EA664D75CB95622C56F5D9B641915A1DC9D7C82B4738E4480C42",
"session id" : "0000000000000000000000000000000000000000000000000000000000000000",
"cipher suite" : "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xC030)",
"compression methods" : "00",
"extensions" : [
"renegotiation_info (65,281)": {
"renegotiated connection": [<no renegotiated connection>]
},
"session_ticket (35)": {
<empty>
},
"ec_point_formats (11)": {
"formats": [uncompressed]
}
]
}
)
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:06.995 GMT|SSLExtensions.java:185|Ignore unavailable extension: supported_versions
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:06.995 GMT|ServerHello.java:979|Negotiated protocol version: TLSv1.2
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:06.996 GMT|SSLExtensions.java:204|Consumed extension: renegotiation_info
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:06.996 GMT|SSLExtensions.java:185|Ignore unavailable extension: server_name
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:06.996 GMT|SSLExtensions.java:185|Ignore unavailable extension: max_fragment_length
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:06.996 GMT|SSLExtensions.java:185|Ignore unavailable extension: status_request
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:06.996 GMT|SSLExtensions.java:204|Consumed extension: ec_point_formats
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:06.996 GMT|SSLExtensions.java:185|Ignore unavailable extension: status_request_v2
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:06.996 GMT|SSLExtensions.java:204|Consumed extension: session_ticket
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:06.997 GMT|SSLExtensions.java:175|Ignore unsupported extension: supported_versions
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:06.997 GMT|SSLExtensions.java:175|Ignore unsupported extension: key_share
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:06.997 GMT|SSLExtensions.java:204|Consumed extension: renegotiation_info
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:06.997 GMT|SSLExtensions.java:175|Ignore unsupported extension: pre_shared_key
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:06.997 GMT|SSLExtensions.java:219|Ignore unavailable extension: server_name
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:06.997 GMT|SSLExtensions.java:219|Ignore unavailable extension: max_fragment_length
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:06.997 GMT|SSLExtensions.java:219|Ignore unavailable extension: status_request
javax.net.ssl|WARNING|10|main|2023-11-14 08:28:06.998 GMT|SSLExtensions.java:227|Ignore impact of unsupported extension: ec_point_formats
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:06.998 GMT|SSLExtensions.java:219|Ignore unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:06.998 GMT|SSLExtensions.java:219|Ignore unavailable extension: status_request_v2
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:06.998 GMT|SSLExtensions.java:219|Ignore unavailable extension: extended_master_secret
javax.net.ssl|WARNING|10|main|2023-11-14 08:28:06.998 GMT|SSLExtensions.java:227|Ignore impact of unsupported extension: session_ticket
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:06.998 GMT|SSLExtensions.java:219|Ignore unavailable extension: supported_versions
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:06.998 GMT|SSLExtensions.java:219|Ignore unavailable extension: key_share
javax.net.ssl|WARNING|10|main|2023-11-14 08:28:06.998 GMT|SSLExtensions.java:227|Ignore impact of unsupported extension: renegotiation_info
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:06.999 GMT|SSLExtensions.java:219|Ignore unavailable extension: pre_shared_key
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:07.008 GMT|CertificateMessage.java:360|Consuming server Certificate handshake message (
"Certificates": [
"certificate" : {
"version" : "v3",
"serial number" : "75FE473860C068D382BBC465EC5576D9EB0BAD06",
"signature algorithm": "SHA256withRSA",
"issuer" : "CN=SwissSign RSA TLS OV ICA 2022 - 1, O=SwissSign AG, C=CH",
"not before" : "2023-10-25 06:28:59.000 GMT",
"not after" : "2024-10-25 06:28:59.000 GMT",
"subject" : "CN=*.llv.li, O=LIECHTENSTEINISCHE LANDESVERWALTUNG, L=Vaduz, C=LI",
"subject public key" : "RSA",
"extensions" : [
{
ObjectId: 1.3.6.1.4.1.11129.2.4.2 Criticality=false
},
{
ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: caIssuers
accessLocation: URIName: http://aia.swisssign.ch/air-0f2bf9a5-dd37-48c9-a85b-12acdcb8be45
,
accessMethod: ocsp
accessLocation: URIName: http://ocsp.swisssign.ch/sign/ocs-aaccced5-66e8-4069-9b1b-fd29ab73efec
]
]
},
{
ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 7C 6F 0A 6F 13 0F D9 8C 24 6F 26 34 F3 5C 6B 43 .o.o....$o&4.\kC
0010: 6D B7 23 B6 m.#.
]
]
},
{
ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.swisssign.ch/cdp-96b62f5a-6b73-4da4-87f7-ce4002c1cd34]
]]
},
{
ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.23.140.1.2.2]
[] ]
[CertificatePolicyId: [0.4.0.2042.1.7]
[] ]
[CertificatePolicyId: [2.16.756.1.89.2.1.2]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 36 68 74 74 70 73 3A 2F 2F 72 65 70 6F 73 69 .6https://reposi
0010: 74 6F 72 79 2E 73 77 69 73 73 73 69 67 6E 2E 63 tory.swisssign.c
0020: 6F 6D 2F 53 77 69 73 73 53 69 67 6E 5F 43 50 53 om/SwissSign_CPS
0030: 5F 54 4C 53 2E 70 64 66 _TLS.pdf
]] ]
]
},
{
ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
]
},
{
ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
]
},
{
ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: *.llv.li
DNSName: llv.li
]
},
{
ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 8D B4 6E 6C 79 10 B4 EA 1E 2B 99 48 C6 CD 0E 70 ..nly....+.H...p
0010: 61 F6 A0 D1 a...
]
]
}
]},
"certificate" : {
"version" : "v3",
"serial number" : "6AEC7C44417B9B441FB97634CBC6A780B0041E01",
"signature algorithm": "SHA256withRSA",
"issuer" : "CN=SwissSign RSA TLS Root CA 2022 - 1, O=SwissSign AG, C=CH",
"not before" : "2022-06-29 09:34:30.000 GMT",
"not after" : "2036-06-29 09:34:30.000 GMT",
"subject" : "CN=SwissSign RSA TLS OV ICA 2022 - 1, O=SwissSign AG, C=CH",
"subject public key" : "RSA",
"extensions" : [
{
ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: caIssuers
accessLocation: URIName: http://aia.swisssign.ch/air-aeff374d-0f7a-4c55-a034-1440290cfa32
]
]
},
{
ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 6F 8E 62 8B 93 43 B0 E1 40 F6 A7 C3 FD F1 0F B8 o.b..C..@.......
0010: 0F 15 38 A5 ..8.
]
]
},
{
ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:0
]
},
{
ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.swisssign.ch/cdp-9661c29f-9121-4f46-acd8-ead4a22f7160]
]]
},
{
ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.23.140.1.2.2]
[] ]
[CertificatePolicyId: [0.4.0.2042.1.7]
[] ]
[CertificatePolicyId: [2.16.756.1.89.2.1.2]
[] ]
]
},
{
ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
]
},
{
ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]
},
{
ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 7C 6F 0A 6F 13 0F D9 8C 24 6F 26 34 F3 5C 6B 43 .o.o....$o&4.\kC
0010: 6D B7 23 B6 m.#.
]
]
}
]},
"certificate" : {
"version" : "v3",
"serial number" : "686F43B4DC404C067E230E3FAFC32B",
"signature algorithm": "SHA256withRSA",
"issuer" : "CN=SwissSign Gold CA - G2, O=SwissSign AG, C=CH",
"not before" : "2022-06-28 11:27:11.000 GMT",
"not after" : "2036-09-22 11:27:11.000 GMT",
"subject" : "CN=SwissSign RSA TLS Root CA 2022 - 1, O=SwissSign AG, C=CH",
"subject public key" : "RSA",
"extensions" : [
{
ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 5B 25 7B 96 A4 65 51 7E B8 39 F3 C0 78 66 5E E8 [%...eQ..9..xf^.
0010: 3A E7 F0 EE :...
]
]
},
{
ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen: no limit
]
},
{
ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.swisssign.net/5B257B96A465517EB839F3C078665EE83AE7F0EE]
]]
},
{
ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.5.29.32.0]
[] ]
]
},
{
ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]
},
{
ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 6F 8E 62 8B 93 43 B0 E1 40 F6 A7 C3 FD F1 0F B8 o.b..C..@.......
0010: 0F 15 38 A5 ..8.
]
]
}
]},
"certificate" : {
"version" : "v3",
"serial number" : "00BB401C43F55E4FB0",
"signature algorithm": "SHA1withRSA",
"issuer" : "CN=SwissSign Gold CA - G2, O=SwissSign AG, C=CH",
"not before" : "2006-10-25 08:30:35.000 GMT",
"not after" : "2036-10-25 08:30:35.000 GMT",
"subject" : "CN=SwissSign Gold CA - G2, O=SwissSign AG, C=CH",
"subject public key" : "RSA",
"extensions" : [
{
ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 5B 25 7B 96 A4 65 51 7E B8 39 F3 C0 78 66 5E E8 [%...eQ..9..xf^.
0010: 3A E7 F0 EE :...
]
]
},
{
ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen: no limit
]
},
{
ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.756.1.89.1.2.1.1]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 20 68 74 74 70 3A 2F 2F 72 65 70 6F 73 69 74 . http://reposit
0010: 6F 72 79 2E 73 77 69 73 73 73 69 67 6E 2E 63 6F ory.swisssign.co
0020: 6D 2F m/
]] ]
]
},
{
ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]
},
{
ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 5B 25 7B 96 A4 65 51 7E B8 39 F3 C0 78 66 5E E8 [%...eQ..9..xf^.
0010: 3A E7 F0 EE :...
]
]
}
]}
]
)
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:07.075 GMT|ECDHServerKeyExchange.java:526|Consuming ECDH ServerKeyExchange handshake message (
"ECDH ServerKeyExchange": {
"parameters": {
"named group": "secp256r1"
"ecdh public": {
0000: 04 72 89 06 B1 F8 F6 3B 31 7E 60 96 DC 78 A6 BB .r.....;1.`..x..
0010: 70 E2 E0 E0 41 0E F1 46 FB B5 A5 BF 51 37 F5 C7 p...A..F....Q7..
0020: B6 28 5C 78 8E 0A E4 CD 30 A1 50 5B 92 E0 EB A8 .(\x....0.P[....
0030: D5 A6 0E D7 D9 05 ED 9B B8 C5 3E 03 08 7A C4 EA ..........>..z..
0040: D6 .
},
},
"digital signature": {
"signature algorithm": "rsa_pkcs1_sha512"
"signature": {
0000: 76 9D 69 AE 5A 7F C5 D9 AA 52 CD 8B AF 45 16 ED v.i.Z....R...E..
0010: 94 1C 56 A1 35 F0 E9 CC 97 A2 C7 4C C5 B5 FF BC ..V.5......L....
0020: D7 85 DA D4 82 11 B8 14 CE 04 6C A8 3C 59 63 0C ..........l.<Yc.
0030: AF 0D 07 F9 21 4F 85 3E 46 AD 33 F2 73 15 6D 25 ....!O.>F.3.s.m%
0040: 4A 37 C1 3F 7E 83 99 68 7C 93 93 CD 8B 00 92 E6 J7.?...h........
0050: 7E 6F 59 C4 AE 1E 53 2B 24 73 C5 86 C4 D8 A3 83 .oY...S+$s......
0060: D3 98 3F 91 1A 71 5E 35 E9 FA 5B 36 BC 93 75 DC ..?..q^5..[6..u.
0070: 05 BF 32 DF 5E CC 9F 90 A5 46 60 38 F2 EE AD 0B ..2.^....F`8....
0080: E2 7F 43 C4 EE 87 DE D4 9D 1B 73 C3 98 3E 09 90 ..C.......s..>..
0090: 8A B0 E9 B8 35 55 42 29 BE 56 FF BE F2 EE 20 FC ....5UB).V.... .
00A0: FF 57 12 B6 15 2B A7 DC D5 31 56 00 3A B7 50 BD .W...+...1V.:.P.
00B0: E7 C3 E1 8E 85 54 60 67 B9 66 D1 B6 3F 09 FA 3C .....T`g.f..?..<
00C0: AC 86 59 03 CC D1 97 E5 6C D4 5A 88 87 F0 07 BB ..Y.....l.Z.....
00D0: B8 72 3E F8 8B FA 2F 76 5A D1 88 F4 E2 78 3C D5 .r>.../vZ....x<.
00E0: 6E F1 45 14 0C 29 08 ED CB 35 87 F4 57 D9 58 EC n.E..)...5..W.X.
00F0: E6 FA 77 AC 64 A9 A2 4A 83 B6 AC 88 B3 2E 23 2C ..w.d..J......#,
0100: 7B F7 62 F4 90 04 7E 61 AC 77 29 50 CC 89 82 CC ..b....a.w)P....
0110: EA 4C BE BE DF 8D 83 91 72 9F FD 96 B6 74 BD 66 .L......r....t.f
0120: 19 3B CD 06 DA 0F 0F 08 88 29 2D 12 FF 4F DD C0 .;.......)-..O..
0130: 7D 9A 28 C6 59 43 39 33 66 AD 85 E9 CB 5D 31 5E ..(.YC93f....]1^
0140: 95 03 5B BA E8 59 AE 49 AF 87 58 61 2C C7 26 22 ..[..Y.I..Xa,.&"
0150: 22 03 1A 85 7A F4 99 A2 5E A9 C7 93 77 04 1F EA "...z...^...w...
0160: 9D AA F6 36 E0 EA 4B 52 4C 4B 4B 8B 71 B7 33 BD ...6..KRLKK.q.3.
0170: E4 3D 23 D1 0E E5 C0 5D 9D EF E6 6B 39 08 F4 F5 .=#....]...k9...
0180: 7D EC 38 DC 7D 58 B9 03 E0 39 1A 81 4A AA 79 12 ..8..X...9..J.y.
0190: D2 DE 6F 78 96 42 51 19 CA 16 CE A7 B4 7E 65 7E ..ox.BQ.......e.
01A0: FB E3 6C 49 FF 3A 3E C6 1F 7A D6 B5 88 AD 18 82 ..lI.:>..z......
01B0: 0B 33 E7 F0 81 30 26 ED 41 04 5C 42 47 6E C5 B2 .3...0&.A.\BGn..
01C0: 0D A9 7A 4A 6C A9 79 66 B1 68 10 24 0B D3 0B 97 ..zJl.yf.h.$....
01D0: D2 C5 E6 1B 0C D4 9A BD 0C BA A0 31 5D 35 02 3A ...........1]5.:
01E0: A6 58 45 90 BD 4B 64 4E 3E BE 78 62 80 F4 53 BF .XE..KdN>.xb..S.
01F0: 15 05 52 0E 72 EC BE 17 42 D8 66 79 04 C4 39 77 ..R.r...B.fy..9w
},
}
}
)
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:07.076 GMT|ServerHelloDone.java:151|Consuming ServerHelloDone handshake message (
<empty>
)
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:07.077 GMT|ECDHClientKeyExchange.java:403|Produced ECDHE ClientKeyExchange handshake message (
"ECDH ClientKeyExchange": {
"ecdh public": {
0000: 04 68 F4 3D 6D 7A 81 9F 91 A8 DB 8B F3 62 F1 F5 .h.=mz.......b..
0010: 59 73 9D 8D D5 77 23 80 97 A6 4F 54 2C CA 27 81 Ys...w#...OT,.'.
0020: B3 CD 76 64 D6 E3 FC DB 16 1B 63 69 AE ED 1A A3 ..vd......ci....
0030: 3B 80 BF 84 1D A9 90 10 B1 0B A5 ED 6E EB 5E B4 ;...........n.^.
0040: 49 I
},
}
)
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:07.082 GMT|ChangeCipherSpec.java:114|Produced ChangeCipherSpec message
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:07.083 GMT|Finished.java:396|Produced client Finished handshake message (
"Finished": {
"verify data": {
0000: A6 F5 BA 18 0B EA 3A C3 77 3E E7 CE
}
}
)
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:07.108 GMT|NewSessionTicket.java:677|Consuming NewSessionTicket
"NewSessionTicket": {
"ticket_lifetime" : "300",
"ticket" : {
0000: E1 C6 C6 33 DE A4 85 AB 53 B4 A5 75 C2 71 5F EB ...3....S..u.q_.
0010: 5E 49 7C 10 20 2B BE 2D B3 1F F2 7E 51 5F 31 CE ^I.. +.-....Q_1.
0020: AC 57 3A F9 22 F6 79 3D 17 46 F7 4A D8 1F B2 70 .W:.".y=.F.J...p
0030: 7F 12 43 D7 5C 1E 94 76 4B 46 27 FE 74 47 95 A7 ..C.\..vKF'.tG..
0040: 1B 7D A7 8E 9F F9 DF B2 D1 2D 04 67 5A 4E EE D6 .........-.gZN..
0050: 87 A0 1E 29 E6 D5 BB 87 CD 7D AB 11 73 98 F6 F9 ...)........s...
0060: 46 70 84 15 95 D9 B8 06 F9 A3 37 63 B3 E8 E7 D8 Fp........7c....
0070: C5 92 3A 3A DF 21 EB AB 75 A6 A7 8A 8F E2 0F 2B ..::.!..u......+
0080: 53 63 97 4C 7A 40 ED 04 25 72 AF 3C 86 5C 3E C3 Sc.Lz@..%r.<.\>.
0090: B2 87 22 43 93 83 80 0E 93 44 B2 D3 7F 3F E5 89 .."C.....D...?..
00A0: 0D C9 8F E1 69 9D 56 53 58 ED D6 AC 03 CA 75 70 ....i.VSX.....up
00B0: D2 6C 05 0B 23 C8 99 08 FD 23 3B 0F F5 B5 32 1C .l..#....#;...2.
00C0: 03 AD 02 5B D6 57 E4 CF E7 3E 43 8D 0A 7F 9E 4D ...[.W...>C....M
00D0: 13 3D 33 4A B4 A4 56 48 9C BA AE 36 66 F4 BC 0B .=3J..VH...6f...
00E0: D3 91 C9 C3 86 57 75 FB 0E AB 48 58 5C 0C B5 EC .....Wu...HX\...
}'}
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:07.109 GMT|ChangeCipherSpec.java:148|Consuming ChangeCipherSpec message
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:07.110 GMT|Finished.java:548|Consuming server Finished handshake message (
"Finished": {
"verify data": {
0000: 4A DB A4 2B 35 55 7B F4 96 E8 E6 C5
}
}
)
GET Response Code :: 404
javax.net.ssl|DEBUG|10|main|2023-11-14 08:34:07.249 GMT|Utilities.java:74|the previous server name in SNI (type=host_name (0), value=ida2a.llv.li) was replaced with (type=host_name (0), value=ida2a.llv.li)
javax.net.ssl|INFO|10|main|2023-11-14 08:34:07.251 GMT|AlpnExtension.java:179|No available application protocols
javax.net.ssl|DEBUG|10|main|2023-11-14 08:34:07.251 GMT|SSLExtensions.java:272|Ignore, context unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|DEBUG|10|main|2023-11-14 08:34:07.251 GMT|SSLExtensions.java:272|Ignore, context unavailable extension: cookie
javax.net.ssl|DEBUG|10|main|2023-11-14 08:34:07.252 GMT|SSLExtensions.java:272|Ignore, context unavailable extension: renegotiation_info
javax.net.ssl|DEBUG|10|main|2023-11-14 08:34:07.252 GMT|PreSharedKeyExtension.java:679|Existing session has no PSK.
javax.net.ssl|DEBUG|10|main|2023-11-14 08:34:07.253 GMT|SSLExtensions.java:272|Ignore, context unavailable extension: pre_shared_key
javax.net.ssl|DEBUG|10|main|2023-11-14 08:34:07.255 GMT|ClientHello.java:640|Produced ClientHello handshake message (
"ClientHello": {
"client version" : "TLSv1.2",
"random" : "7C110E189DBCC08F6B24488A5B1CAEDECAA77B1483DBA78D092F79877E7C5888",
"session id" : "0000000000000000000000000000000000000000000000000000000000000000",
"cipher suites" : "[TLS_AES_256_GCM_SHA384(0x1302), TLS_AES_128_GCM_SHA256(0x1301), TLS_CHACHA20_POLY1305_SHA256(0x1303), TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(0xC02C), TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(0xC02B), TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256(0xCCA9), TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xC030), TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256(0xCCA8), TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xC02F), TLS_DHE_RSA_WITH_AES_256_GCM_SHA384(0x009F), TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256(0xCCAA), TLS_DHE_DSS_WITH_AES_256_GCM_SHA384(0x00A3), TLS_DHE_RSA_WITH_AES_128_GCM_SHA256(0x009E), TLS_DHE_DSS_WITH_AES_128_GCM_SHA256(0x00A2), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384(0xC024), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(0xC028), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(0xC023), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(0xC027), TLS_DHE_RSA_WITH_AES_256_CBC_SHA256(0x006B), TLS_DHE_DSS_WITH_AES_256_CBC_SHA256(0x006A), TLS_DHE_RSA_WITH_AES_128_CBC_SHA256(0x0067), TLS_DHE_DSS_WITH_AES_128_CBC_SHA256(0x0040), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA(0xC00A), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(0xC014), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(0xC009), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(0xC013), TLS_DHE_RSA_WITH_AES_256_CBC_SHA(0x0039), TLS_DHE_DSS_WITH_AES_256_CBC_SHA(0x0038), TLS_DHE_RSA_WITH_AES_128_CBC_SHA(0x0033), TLS_DHE_DSS_WITH_AES_128_CBC_SHA(0x0032), TLS_RSA_WITH_AES_256_GCM_SHA384(0x009D), TLS_RSA_WITH_AES_128_GCM_SHA256(0x009C), TLS_RSA_WITH_AES_256_CBC_SHA256(0x003D), TLS_RSA_WITH_AES_128_CBC_SHA256(0x003C), TLS_RSA_WITH_AES_256_CBC_SHA(0x0035), TLS_RSA_WITH_AES_128_CBC_SHA(0x002F), TLS_EMPTY_RENEGOTIATION_INFO_SCSV(0x00FF)]",
"compression methods" : "00",
"extensions" : [
"server_name (0)": {
type=host_name (0), value=ida2a.llv.li
},
"status_request (5)": {
"certificate status type": ocsp
"OCSP status request": {
"responder_id": <empty>
"request extensions": {
<empty>
}
}
},
"supported_groups (10)": {
"named groups": [x25519, secp256r1, secp384r1, secp521r1, x448, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192]
},
"ec_point_formats (11)": {
"formats": [uncompressed]
},
"status_request_v2 (17)": {
"cert status request": {
"certificate status type": ocsp_multi
"OCSP status request": {
"responder_id": <empty>
"request extensions": {
<empty>
}
}
}
},
"extended_master_secret (23)": {
<empty>
},
"session_ticket (35)": {
"ticket" : {
0000: E1 C6 C6 33 DE A4 85 AB 53 B4 A5 75 C2 71 5F EB ...3....S..u.q_.
0010: 5E 49 7C 10 20 2B BE 2D B3 1F F2 7E 51 5F 31 CE ^I.. +.-....Q_1.
0020: AC 57 3A F9 22 F6 79 3D 17 46 F7 4A D8 1F B2 70 .W:.".y=.F.J...p
0030: 7F 12 43 D7 5C 1E 94 76 4B 46 27 FE 74 47 95 A7 ..C.\..vKF'.tG..
0040: 1B 7D A7 8E 9F F9 DF B2 D1 2D 04 67 5A 4E EE D6 .........-.gZN..
0050: 87 A0 1E 29 E6 D5 BB 87 CD 7D AB 11 73 98 F6 F9 ...)........s...
0060: 46 70 84 15 95 D9 B8 06 F9 A3 37 63 B3 E8 E7 D8 Fp........7c....
0070: C5 92 3A 3A DF 21 EB AB 75 A6 A7 8A 8F E2 0F 2B ..::.!..u......+
0080: 53 63 97 4C 7A 40 ED 04 25 72 AF 3C 86 5C 3E C3 Sc.Lz@..%r.<.\>.
0090: B2 87 22 43 93 83 80 0E 93 44 B2 D3 7F 3F E5 89 .."C.....D...?..
00A0: 0D C9 8F E1 69 9D 56 53 58 ED D6 AC 03 CA 75 70 ....i.VSX.....up
00B0: D2 6C 05 0B 23 C8 99 08 FD 23 3B 0F F5 B5 32 1C .l..#....#;...2.
00C0: 03 AD 02 5B D6 57 E4 CF E7 3E 43 8D 0A 7F 9E 4D ...[.W...>C....M
00D0: 13 3D 33 4A B4 A4 56 48 9C BA AE 36 66 F4 BC 0B .=3J..VH...6f...
00E0: D3 91 C9 C3 86 57 75 FB 0E AB 48 58 5C 0C B5 EC .....Wu...HX\...
}
},
"signature_algorithms (13)": {
"signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, ed25519, ed448, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha224, rsa_sha224, dsa_sha224, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
},
"supported_versions (43)": {
"versions": [TLSv1.3, TLSv1.2]
},
"psk_key_exchange_modes (45)": {
"ke_modes": [psk_dhe_ke]
},
"signature_algorithms_cert (50)": {
"signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, ed25519, ed448, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha224, rsa_sha224, dsa_sha224, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
},
"key_share (51)": {
"client_shares": [
{
"named group": x25519
"key_exchange": {
0000: A1 D7 34 25 F9 13 2E D3 58 DF 62 69 E3 EC 30 E1 ..4%....X.bi..0.
0010: CE AD 7F 87 0E 08 99 A2 73 02 FA 9A 26 13 49 05 ........s...&.I.
}
},
{
"named group": secp256r1
"key_exchange": {
0000: 04 44 15 68 AA D0 F2 20 2C 4A 4F 79 16 47 CE 83 .D.h... ,JOy.G..
0010: 7A 83 6C C0 C7 A5 15 7C F6 BD DF B8 2E E9 57 CB z.l...........W.
0020: 9C 5F 8B ED 5C EC 2E BA 7E 7A BA 53 CE 7E E0 BD ._..\....z.S....
0030: 77 49 30 BE 5E C5 8A D9 45 35 D1 E7 46 13 BB 8E wI0.^...E5..F...
0040: EB
}
},
]
}
]
}
)
javax.net.ssl|DEBUG|10|main|2023-11-14 08:34:07.280 GMT|ServerHello.java:883|Consuming ServerHello handshake message (
"ServerHello": {
"server version" : "TLSv1.2",
"random" : "655330FF44144F32068BA9A3D1AA96D4B72AD1BF439AC09A288BFB07B5BCB6FE",
"session id" : "0000000000000000000000000000000000000000000000000000000000000000",
"cipher suite" : "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xC030)",
"compression methods" : "00",
"extensions" : [
"renegotiation_info (65,281)": {
"renegotiated connection": [<no renegotiated connection>]
},
"session_ticket (35)": {
<empty>
},
"ec_point_formats (11)": {
"formats": [uncompressed]
}
]
}
)
javax.net.ssl|DEBUG|10|main|2023-11-14 08:34:07.280 GMT|SSLExtensions.java:185|Ignore unavailable extension: supported_versions
javax.net.ssl|DEBUG|10|main|2023-11-14 08:34:07.280 GMT|ServerHello.java:979|Negotiated protocol version: TLSv1.2
javax.net.ssl|DEBUG|10|main|2023-11-14 08:34:07.280 GMT|SSLExtensions.java:204|Consumed extension: renegotiation_info
javax.net.ssl|DEBUG|10|main|2023-11-14 08:34:07.280 GMT|SSLExtensions.java:185|Ignore unavailable extension: server_name
javax.net.ssl|DEBUG|10|main|2023-11-14 08:34:07.281 GMT|SSLExtensions.java:185|Ignore unavailable extension: max_fragment_length
javax.net.ssl|DEBUG|10|main|2023-11-14 08:34:07.281 GMT|SSLExtensions.java:185|Ignore unavailable extension: status_request
javax.net.ssl|DEBUG|10|main|2023-11-14 08:34:07.281 GMT|SSLExtensions.java:204|Consumed extension: ec_point_formats
javax.net.ssl|DEBUG|10|main|2023-11-14 08:34:07.281 GMT|SSLExtensions.java:185|Ignore unavailable extension: status_request_v2
javax.net.ssl|DEBUG|10|main|2023-11-14 08:34:07.281 GMT|SSLExtensions.java:204|Consumed extension: session_ticket
javax.net.ssl|DEBUG|10|main|2023-11-14 08:34:07.281 GMT|SSLExtensions.java:175|Ignore unsupported extension: supported_versions
javax.net.ssl|DEBUG|10|main|2023-11-14 08:34:07.281 GMT|SSLExtensions.java:175|Ignore unsupported extension: key_share
javax.net.ssl|DEBUG|10|main|2023-11-14 08:34:07.281 GMT|SSLExtensions.java:204|Consumed extension: renegotiation_info
javax.net.ssl|DEBUG|10|main|2023-11-14 08:34:07.281 GMT|SSLExtensions.java:175|Ignore unsupported extension: pre_shared_key
javax.net.ssl|DEBUG|10|main|2023-11-14 08:34:07.281 GMT|SSLExtensions.java:219|Ignore unavailable extension: server_name
javax.net.ssl|DEBUG|10|main|2023-11-14 08:34:07.281 GMT|SSLExtensions.java:219|Ignore unavailable extension: max_fragment_length
javax.net.ssl|DEBUG|10|main|2023-11-14 08:34:07.282 GMT|SSLExtensions.java:219|Ignore unavailable extension: status_request
javax.net.ssl|WARNING|10|main|2023-11-14 08:34:07.282 GMT|SSLExtensions.java:227|Ignore impact of unsupported extension: ec_point_formats
javax.net.ssl|DEBUG|10|main|2023-11-14 08:34:07.282 GMT|SSLExtensions.java:219|Ignore unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|DEBUG|10|main|2023-11-14 08:34:07.282 GMT|SSLExtensions.java:219|Ignore unavailable extension: status_request_v2
javax.net.ssl|DEBUG|10|main|2023-11-14 08:34:07.282 GMT|SSLExtensions.java:219|Ignore unavailable extension: extended_master_secret
javax.net.ssl|WARNING|10|main|2023-11-14 08:34:07.282 GMT|SSLExtensions.java:227|Ignore impact of unsupported extension: session_ticket
javax.net.ssl|DEBUG|10|main|2023-11-14 08:34:07.282 GMT|SSLExtensions.java:219|Ignore unavailable extension: supported_versions
javax.net.ssl|DEBUG|10|main|2023-11-14 08:34:07.282 GMT|SSLExtensions.java:219|Ignore unavailable extension: key_share
javax.net.ssl|WARNING|10|main|2023-11-14 08:34:07.282 GMT|SSLExtensions.java:227|Ignore impact of unsupported extension: renegotiation_info
javax.net.ssl|DEBUG|10|main|2023-11-14 08:34:07.282 GMT|SSLExtensions.java:219|Ignore unavailable extension: pre_shared_key
javax.net.ssl|ERROR|10|main|2023-11-14 08:34:07.283 GMT|TransportContext.java:370|Fatal (UNEXPECTED_MESSAGE): Unexpected handshake message: certificate (
"throwable" : {
javax.net.ssl.SSLProtocolException: Unexpected handshake message: certificate
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:128)
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:470)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:447)
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:201)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1506)
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1421)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:455)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:426)
at java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:586)
at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:187)
at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1675)
at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1599)
at java.base/java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:531)
at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:307)
at HttpURLConnectionExample.sendGET(HttpURLConnectionExample.java:22)
at HttpURLConnectionExample.main(HttpURLConnectionExample.java:15)}
)
javax.net.ssl|DEBUG|10|main|2023-11-14 08:34:07.284 GMT|SSLSocketImpl.java:1749|close the underlying socket
javax.net.ssl|DEBUG|10|main|2023-11-14 08:34:07.284 GMT|SSLSocketImpl.java:1775|close the SSL connection (passive)
Exception in thread "main" javax.net.ssl.SSLProtocolException: Unexpected handshake message: certificate
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:128)
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:470)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:447)
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:201)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1506)
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1421)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:455)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:426)
at java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:586)
at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:187)
at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1675)
at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1599)
at java.base/java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:531)
at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:307)
at HttpURLConnectionExample.sendGET(HttpURLConnectionExample.java:22)
at HttpURLConnectionExample.main(HttpURLConnectionExample.java:15)
---------- BEGIN SOURCE ----------
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStream;
import javax.net.ssl.HttpsURLConnection;
import java.net.URL;
public class HttpURLConnectionExample {
private static final String GET_URL = "https://ida2a.llv.li/auth/realms/";
public static void main(String[] args) throws IOException, InterruptedException {
sendGET(); // runs fine
Thread.sleep(60 * 6 * 1000); // sleep 6 minutes
sendGET(); // fails
}
private static void sendGET() throws IOException {
URL obj = new URL(GET_URL);
HttpsURLConnection con = (HttpsURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
System.out.println("GET Response Code :: " + responseCode);
}
}
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
Set -Djdk.tls.client.enableSessionTicketExtension=false
FREQUENCY : always
We are seeing connection errors to certain servers when TLS Session tickets are in use. Specifically the server sends a TLS session ticket which is valid for 5 minutes. After 6 minutes Java still sends the old ticket and then complains that the server restarts the SSL handshake.
Please note that I am not sure whether this is solely a Java bug, a server bug or a bug in both.
REGRESSION : Last worked in version 8u391
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Compile the attached source and run with -Djavax.net.debug=ssl,handshake
You will see "GET Response Code :: 404" and after another 6 minutes an error: Unexpected handshake message: certificate
See below in the actual results for the full output.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
The second request should work.
ACTUAL -
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:06.759 GMT|SSLCipher.java:432|jdk.tls.keyLimits: entry = AES/GCM/NoPadding KeyUpdate 2^37. AES/GCM/NOPADDING:KEYUPDATE = 137438953472
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:06.770 GMT|SSLCipher.java:432|jdk.tls.keyLimits: entry = ChaCha20-Poly1305 KeyUpdate 2^37. CHACHA20-POLY1305:KEYUPDATE = 137438953472
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:06.898 GMT|Utilities.java:74|the previous server name in SNI (type=host_name (0), value=ida2a.llv.li) was replaced with (type=host_name (0), value=ida2a.llv.li)
javax.net.ssl|INFO|10|main|2023-11-14 08:28:06.908 GMT|AlpnExtension.java:179|No available application protocols
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:06.908 GMT|SSLExtensions.java:272|Ignore, context unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:06.908 GMT|SessionTicketExtension.java:352|Stateless resumption supported
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:06.909 GMT|SSLExtensions.java:272|Ignore, context unavailable extension: cookie
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:06.957 GMT|SSLExtensions.java:272|Ignore, context unavailable extension: renegotiation_info
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:06.958 GMT|PreSharedKeyExtension.java:659|No session to resume.
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:06.958 GMT|SSLExtensions.java:272|Ignore, context unavailable extension: pre_shared_key
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:06.968 GMT|ClientHello.java:640|Produced ClientHello handshake message (
"ClientHello": {
"client version" : "TLSv1.2",
"random" : "C945FC013B0B2AFCBB651ACEFC872CB1EA3254CAF5E3773C8BB930899B60D541",
"session id" : "AF1F7EECF2B4D6FEFEE094D97893DE9A8A7C3D2A3F784371FEE1479FB1AA40C2",
"cipher suites" : "[TLS_AES_256_GCM_SHA384(0x1302), TLS_AES_128_GCM_SHA256(0x1301), TLS_CHACHA20_POLY1305_SHA256(0x1303), TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(0xC02C), TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(0xC02B), TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256(0xCCA9), TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xC030), TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256(0xCCA8), TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xC02F), TLS_DHE_RSA_WITH_AES_256_GCM_SHA384(0x009F), TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256(0xCCAA), TLS_DHE_DSS_WITH_AES_256_GCM_SHA384(0x00A3), TLS_DHE_RSA_WITH_AES_128_GCM_SHA256(0x009E), TLS_DHE_DSS_WITH_AES_128_GCM_SHA256(0x00A2), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384(0xC024), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(0xC028), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(0xC023), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(0xC027), TLS_DHE_RSA_WITH_AES_256_CBC_SHA256(0x006B), TLS_DHE_DSS_WITH_AES_256_CBC_SHA256(0x006A), TLS_DHE_RSA_WITH_AES_128_CBC_SHA256(0x0067), TLS_DHE_DSS_WITH_AES_128_CBC_SHA256(0x0040), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA(0xC00A), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(0xC014), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(0xC009), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(0xC013), TLS_DHE_RSA_WITH_AES_256_CBC_SHA(0x0039), TLS_DHE_DSS_WITH_AES_256_CBC_SHA(0x0038), TLS_DHE_RSA_WITH_AES_128_CBC_SHA(0x0033), TLS_DHE_DSS_WITH_AES_128_CBC_SHA(0x0032), TLS_RSA_WITH_AES_256_GCM_SHA384(0x009D), TLS_RSA_WITH_AES_128_GCM_SHA256(0x009C), TLS_RSA_WITH_AES_256_CBC_SHA256(0x003D), TLS_RSA_WITH_AES_128_CBC_SHA256(0x003C), TLS_RSA_WITH_AES_256_CBC_SHA(0x0035), TLS_RSA_WITH_AES_128_CBC_SHA(0x002F), TLS_EMPTY_RENEGOTIATION_INFO_SCSV(0x00FF)]",
"compression methods" : "00",
"extensions" : [
"server_name (0)": {
type=host_name (0), value=ida2a.llv.li
},
"status_request (5)": {
"certificate status type": ocsp
"OCSP status request": {
"responder_id": <empty>
"request extensions": {
<empty>
}
}
},
"supported_groups (10)": {
"named groups": [x25519, secp256r1, secp384r1, secp521r1, x448, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192]
},
"ec_point_formats (11)": {
"formats": [uncompressed]
},
"status_request_v2 (17)": {
"cert status request": {
"certificate status type": ocsp_multi
"OCSP status request": {
"responder_id": <empty>
"request extensions": {
<empty>
}
}
}
},
"extended_master_secret (23)": {
<empty>
},
"session_ticket (35)": {
<empty>
},
"signature_algorithms (13)": {
"signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, ed25519, ed448, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha224, rsa_sha224, dsa_sha224, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
},
"supported_versions (43)": {
"versions": [TLSv1.3, TLSv1.2]
},
"psk_key_exchange_modes (45)": {
"ke_modes": [psk_dhe_ke]
},
"signature_algorithms_cert (50)": {
"signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, ed25519, ed448, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha224, rsa_sha224, dsa_sha224, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
},
"key_share (51)": {
"client_shares": [
{
"named group": x25519
"key_exchange": {
0000: 9C D7 50 00 D4 9E A3 AE E4 3D 3C B7 92 AB CF 13 ..P......=<.....
0010: 7A C5 92 51 33 C2 18 55 DC 32 02 90 DE F8 63 71 z..Q3..U.2....cq
}
},
{
"named group": secp256r1
"key_exchange": {
0000: 04 95 D8 E2 52 7A 53 29 D9 AF 4D B9 96 2F 98 5A ....RzS)..M../.Z
0010: E1 7A F4 82 47 4E 88 4F CA 96 BF A2 7D 7F F9 67 .z..GN.O.......g
0020: BA 20 A2 40 D1 09 69 49 B0 24 98 E9 CF FD ED 27 . .@..iI.$.....'
0030: 2E 13 C2 18 94 D4 48 8A 29 08 4F 0A 0F 5A D5 16 ......H.).O..Z..
0040: 7D
}
},
]
}
]
}
)
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:06.994 GMT|ServerHello.java:883|Consuming ServerHello handshake message (
"ServerHello": {
"server version" : "TLSv1.2",
"random" : "65532F966850EA664D75CB95622C56F5D9B641915A1DC9D7C82B4738E4480C42",
"session id" : "0000000000000000000000000000000000000000000000000000000000000000",
"cipher suite" : "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xC030)",
"compression methods" : "00",
"extensions" : [
"renegotiation_info (65,281)": {
"renegotiated connection": [<no renegotiated connection>]
},
"session_ticket (35)": {
<empty>
},
"ec_point_formats (11)": {
"formats": [uncompressed]
}
]
}
)
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:06.995 GMT|SSLExtensions.java:185|Ignore unavailable extension: supported_versions
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:06.995 GMT|ServerHello.java:979|Negotiated protocol version: TLSv1.2
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:06.996 GMT|SSLExtensions.java:204|Consumed extension: renegotiation_info
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:06.996 GMT|SSLExtensions.java:185|Ignore unavailable extension: server_name
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:06.996 GMT|SSLExtensions.java:185|Ignore unavailable extension: max_fragment_length
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:06.996 GMT|SSLExtensions.java:185|Ignore unavailable extension: status_request
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:06.996 GMT|SSLExtensions.java:204|Consumed extension: ec_point_formats
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:06.996 GMT|SSLExtensions.java:185|Ignore unavailable extension: status_request_v2
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:06.996 GMT|SSLExtensions.java:204|Consumed extension: session_ticket
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:06.997 GMT|SSLExtensions.java:175|Ignore unsupported extension: supported_versions
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:06.997 GMT|SSLExtensions.java:175|Ignore unsupported extension: key_share
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:06.997 GMT|SSLExtensions.java:204|Consumed extension: renegotiation_info
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:06.997 GMT|SSLExtensions.java:175|Ignore unsupported extension: pre_shared_key
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:06.997 GMT|SSLExtensions.java:219|Ignore unavailable extension: server_name
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:06.997 GMT|SSLExtensions.java:219|Ignore unavailable extension: max_fragment_length
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:06.997 GMT|SSLExtensions.java:219|Ignore unavailable extension: status_request
javax.net.ssl|WARNING|10|main|2023-11-14 08:28:06.998 GMT|SSLExtensions.java:227|Ignore impact of unsupported extension: ec_point_formats
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:06.998 GMT|SSLExtensions.java:219|Ignore unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:06.998 GMT|SSLExtensions.java:219|Ignore unavailable extension: status_request_v2
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:06.998 GMT|SSLExtensions.java:219|Ignore unavailable extension: extended_master_secret
javax.net.ssl|WARNING|10|main|2023-11-14 08:28:06.998 GMT|SSLExtensions.java:227|Ignore impact of unsupported extension: session_ticket
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:06.998 GMT|SSLExtensions.java:219|Ignore unavailable extension: supported_versions
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:06.998 GMT|SSLExtensions.java:219|Ignore unavailable extension: key_share
javax.net.ssl|WARNING|10|main|2023-11-14 08:28:06.998 GMT|SSLExtensions.java:227|Ignore impact of unsupported extension: renegotiation_info
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:06.999 GMT|SSLExtensions.java:219|Ignore unavailable extension: pre_shared_key
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:07.008 GMT|CertificateMessage.java:360|Consuming server Certificate handshake message (
"Certificates": [
"certificate" : {
"version" : "v3",
"serial number" : "75FE473860C068D382BBC465EC5576D9EB0BAD06",
"signature algorithm": "SHA256withRSA",
"issuer" : "CN=SwissSign RSA TLS OV ICA 2022 - 1, O=SwissSign AG, C=CH",
"not before" : "2023-10-25 06:28:59.000 GMT",
"not after" : "2024-10-25 06:28:59.000 GMT",
"subject" : "CN=*.llv.li, O=LIECHTENSTEINISCHE LANDESVERWALTUNG, L=Vaduz, C=LI",
"subject public key" : "RSA",
"extensions" : [
{
ObjectId: 1.3.6.1.4.1.11129.2.4.2 Criticality=false
},
{
ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: caIssuers
accessLocation: URIName: http://aia.swisssign.ch/air-0f2bf9a5-dd37-48c9-a85b-12acdcb8be45
,
accessMethod: ocsp
accessLocation: URIName: http://ocsp.swisssign.ch/sign/ocs-aaccced5-66e8-4069-9b1b-fd29ab73efec
]
]
},
{
ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 7C 6F 0A 6F 13 0F D9 8C 24 6F 26 34 F3 5C 6B 43 .o.o....$o&4.\kC
0010: 6D B7 23 B6 m.#.
]
]
},
{
ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.swisssign.ch/cdp-96b62f5a-6b73-4da4-87f7-ce4002c1cd34]
]]
},
{
ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.23.140.1.2.2]
[] ]
[CertificatePolicyId: [0.4.0.2042.1.7]
[] ]
[CertificatePolicyId: [2.16.756.1.89.2.1.2]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 36 68 74 74 70 73 3A 2F 2F 72 65 70 6F 73 69 .6https://reposi
0010: 74 6F 72 79 2E 73 77 69 73 73 73 69 67 6E 2E 63 tory.swisssign.c
0020: 6F 6D 2F 53 77 69 73 73 53 69 67 6E 5F 43 50 53 om/SwissSign_CPS
0030: 5F 54 4C 53 2E 70 64 66 _TLS.pdf
]] ]
]
},
{
ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
]
},
{
ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
]
},
{
ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: *.llv.li
DNSName: llv.li
]
},
{
ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 8D B4 6E 6C 79 10 B4 EA 1E 2B 99 48 C6 CD 0E 70 ..nly....+.H...p
0010: 61 F6 A0 D1 a...
]
]
}
]},
"certificate" : {
"version" : "v3",
"serial number" : "6AEC7C44417B9B441FB97634CBC6A780B0041E01",
"signature algorithm": "SHA256withRSA",
"issuer" : "CN=SwissSign RSA TLS Root CA 2022 - 1, O=SwissSign AG, C=CH",
"not before" : "2022-06-29 09:34:30.000 GMT",
"not after" : "2036-06-29 09:34:30.000 GMT",
"subject" : "CN=SwissSign RSA TLS OV ICA 2022 - 1, O=SwissSign AG, C=CH",
"subject public key" : "RSA",
"extensions" : [
{
ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: caIssuers
accessLocation: URIName: http://aia.swisssign.ch/air-aeff374d-0f7a-4c55-a034-1440290cfa32
]
]
},
{
ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 6F 8E 62 8B 93 43 B0 E1 40 F6 A7 C3 FD F1 0F B8 o.b..C..@.......
0010: 0F 15 38 A5 ..8.
]
]
},
{
ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:0
]
},
{
ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.swisssign.ch/cdp-9661c29f-9121-4f46-acd8-ead4a22f7160]
]]
},
{
ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.23.140.1.2.2]
[] ]
[CertificatePolicyId: [0.4.0.2042.1.7]
[] ]
[CertificatePolicyId: [2.16.756.1.89.2.1.2]
[] ]
]
},
{
ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
]
},
{
ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]
},
{
ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 7C 6F 0A 6F 13 0F D9 8C 24 6F 26 34 F3 5C 6B 43 .o.o....$o&4.\kC
0010: 6D B7 23 B6 m.#.
]
]
}
]},
"certificate" : {
"version" : "v3",
"serial number" : "686F43B4DC404C067E230E3FAFC32B",
"signature algorithm": "SHA256withRSA",
"issuer" : "CN=SwissSign Gold CA - G2, O=SwissSign AG, C=CH",
"not before" : "2022-06-28 11:27:11.000 GMT",
"not after" : "2036-09-22 11:27:11.000 GMT",
"subject" : "CN=SwissSign RSA TLS Root CA 2022 - 1, O=SwissSign AG, C=CH",
"subject public key" : "RSA",
"extensions" : [
{
ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 5B 25 7B 96 A4 65 51 7E B8 39 F3 C0 78 66 5E E8 [%...eQ..9..xf^.
0010: 3A E7 F0 EE :...
]
]
},
{
ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen: no limit
]
},
{
ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.swisssign.net/5B257B96A465517EB839F3C078665EE83AE7F0EE]
]]
},
{
ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.5.29.32.0]
[] ]
]
},
{
ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]
},
{
ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 6F 8E 62 8B 93 43 B0 E1 40 F6 A7 C3 FD F1 0F B8 o.b..C..@.......
0010: 0F 15 38 A5 ..8.
]
]
}
]},
"certificate" : {
"version" : "v3",
"serial number" : "00BB401C43F55E4FB0",
"signature algorithm": "SHA1withRSA",
"issuer" : "CN=SwissSign Gold CA - G2, O=SwissSign AG, C=CH",
"not before" : "2006-10-25 08:30:35.000 GMT",
"not after" : "2036-10-25 08:30:35.000 GMT",
"subject" : "CN=SwissSign Gold CA - G2, O=SwissSign AG, C=CH",
"subject public key" : "RSA",
"extensions" : [
{
ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 5B 25 7B 96 A4 65 51 7E B8 39 F3 C0 78 66 5E E8 [%...eQ..9..xf^.
0010: 3A E7 F0 EE :...
]
]
},
{
ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen: no limit
]
},
{
ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.756.1.89.1.2.1.1]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 20 68 74 74 70 3A 2F 2F 72 65 70 6F 73 69 74 . http://reposit
0010: 6F 72 79 2E 73 77 69 73 73 73 69 67 6E 2E 63 6F ory.swisssign.co
0020: 6D 2F m/
]] ]
]
},
{
ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]
},
{
ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 5B 25 7B 96 A4 65 51 7E B8 39 F3 C0 78 66 5E E8 [%...eQ..9..xf^.
0010: 3A E7 F0 EE :...
]
]
}
]}
]
)
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:07.075 GMT|ECDHServerKeyExchange.java:526|Consuming ECDH ServerKeyExchange handshake message (
"ECDH ServerKeyExchange": {
"parameters": {
"named group": "secp256r1"
"ecdh public": {
0000: 04 72 89 06 B1 F8 F6 3B 31 7E 60 96 DC 78 A6 BB .r.....;1.`..x..
0010: 70 E2 E0 E0 41 0E F1 46 FB B5 A5 BF 51 37 F5 C7 p...A..F....Q7..
0020: B6 28 5C 78 8E 0A E4 CD 30 A1 50 5B 92 E0 EB A8 .(\x....0.P[....
0030: D5 A6 0E D7 D9 05 ED 9B B8 C5 3E 03 08 7A C4 EA ..........>..z..
0040: D6 .
},
},
"digital signature": {
"signature algorithm": "rsa_pkcs1_sha512"
"signature": {
0000: 76 9D 69 AE 5A 7F C5 D9 AA 52 CD 8B AF 45 16 ED v.i.Z....R...E..
0010: 94 1C 56 A1 35 F0 E9 CC 97 A2 C7 4C C5 B5 FF BC ..V.5......L....
0020: D7 85 DA D4 82 11 B8 14 CE 04 6C A8 3C 59 63 0C ..........l.<Yc.
0030: AF 0D 07 F9 21 4F 85 3E 46 AD 33 F2 73 15 6D 25 ....!O.>F.3.s.m%
0040: 4A 37 C1 3F 7E 83 99 68 7C 93 93 CD 8B 00 92 E6 J7.?...h........
0050: 7E 6F 59 C4 AE 1E 53 2B 24 73 C5 86 C4 D8 A3 83 .oY...S+$s......
0060: D3 98 3F 91 1A 71 5E 35 E9 FA 5B 36 BC 93 75 DC ..?..q^5..[6..u.
0070: 05 BF 32 DF 5E CC 9F 90 A5 46 60 38 F2 EE AD 0B ..2.^....F`8....
0080: E2 7F 43 C4 EE 87 DE D4 9D 1B 73 C3 98 3E 09 90 ..C.......s..>..
0090: 8A B0 E9 B8 35 55 42 29 BE 56 FF BE F2 EE 20 FC ....5UB).V.... .
00A0: FF 57 12 B6 15 2B A7 DC D5 31 56 00 3A B7 50 BD .W...+...1V.:.P.
00B0: E7 C3 E1 8E 85 54 60 67 B9 66 D1 B6 3F 09 FA 3C .....T`g.f..?..<
00C0: AC 86 59 03 CC D1 97 E5 6C D4 5A 88 87 F0 07 BB ..Y.....l.Z.....
00D0: B8 72 3E F8 8B FA 2F 76 5A D1 88 F4 E2 78 3C D5 .r>.../vZ....x<.
00E0: 6E F1 45 14 0C 29 08 ED CB 35 87 F4 57 D9 58 EC n.E..)...5..W.X.
00F0: E6 FA 77 AC 64 A9 A2 4A 83 B6 AC 88 B3 2E 23 2C ..w.d..J......#,
0100: 7B F7 62 F4 90 04 7E 61 AC 77 29 50 CC 89 82 CC ..b....a.w)P....
0110: EA 4C BE BE DF 8D 83 91 72 9F FD 96 B6 74 BD 66 .L......r....t.f
0120: 19 3B CD 06 DA 0F 0F 08 88 29 2D 12 FF 4F DD C0 .;.......)-..O..
0130: 7D 9A 28 C6 59 43 39 33 66 AD 85 E9 CB 5D 31 5E ..(.YC93f....]1^
0140: 95 03 5B BA E8 59 AE 49 AF 87 58 61 2C C7 26 22 ..[..Y.I..Xa,.&"
0150: 22 03 1A 85 7A F4 99 A2 5E A9 C7 93 77 04 1F EA "...z...^...w...
0160: 9D AA F6 36 E0 EA 4B 52 4C 4B 4B 8B 71 B7 33 BD ...6..KRLKK.q.3.
0170: E4 3D 23 D1 0E E5 C0 5D 9D EF E6 6B 39 08 F4 F5 .=#....]...k9...
0180: 7D EC 38 DC 7D 58 B9 03 E0 39 1A 81 4A AA 79 12 ..8..X...9..J.y.
0190: D2 DE 6F 78 96 42 51 19 CA 16 CE A7 B4 7E 65 7E ..ox.BQ.......e.
01A0: FB E3 6C 49 FF 3A 3E C6 1F 7A D6 B5 88 AD 18 82 ..lI.:>..z......
01B0: 0B 33 E7 F0 81 30 26 ED 41 04 5C 42 47 6E C5 B2 .3...0&.A.\BGn..
01C0: 0D A9 7A 4A 6C A9 79 66 B1 68 10 24 0B D3 0B 97 ..zJl.yf.h.$....
01D0: D2 C5 E6 1B 0C D4 9A BD 0C BA A0 31 5D 35 02 3A ...........1]5.:
01E0: A6 58 45 90 BD 4B 64 4E 3E BE 78 62 80 F4 53 BF .XE..KdN>.xb..S.
01F0: 15 05 52 0E 72 EC BE 17 42 D8 66 79 04 C4 39 77 ..R.r...B.fy..9w
},
}
}
)
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:07.076 GMT|ServerHelloDone.java:151|Consuming ServerHelloDone handshake message (
<empty>
)
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:07.077 GMT|ECDHClientKeyExchange.java:403|Produced ECDHE ClientKeyExchange handshake message (
"ECDH ClientKeyExchange": {
"ecdh public": {
0000: 04 68 F4 3D 6D 7A 81 9F 91 A8 DB 8B F3 62 F1 F5 .h.=mz.......b..
0010: 59 73 9D 8D D5 77 23 80 97 A6 4F 54 2C CA 27 81 Ys...w#...OT,.'.
0020: B3 CD 76 64 D6 E3 FC DB 16 1B 63 69 AE ED 1A A3 ..vd......ci....
0030: 3B 80 BF 84 1D A9 90 10 B1 0B A5 ED 6E EB 5E B4 ;...........n.^.
0040: 49 I
},
}
)
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:07.082 GMT|ChangeCipherSpec.java:114|Produced ChangeCipherSpec message
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:07.083 GMT|Finished.java:396|Produced client Finished handshake message (
"Finished": {
"verify data": {
0000: A6 F5 BA 18 0B EA 3A C3 77 3E E7 CE
}
}
)
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:07.108 GMT|NewSessionTicket.java:677|Consuming NewSessionTicket
"NewSessionTicket": {
"ticket_lifetime" : "300",
"ticket" : {
0000: E1 C6 C6 33 DE A4 85 AB 53 B4 A5 75 C2 71 5F EB ...3....S..u.q_.
0010: 5E 49 7C 10 20 2B BE 2D B3 1F F2 7E 51 5F 31 CE ^I.. +.-....Q_1.
0020: AC 57 3A F9 22 F6 79 3D 17 46 F7 4A D8 1F B2 70 .W:.".y=.F.J...p
0030: 7F 12 43 D7 5C 1E 94 76 4B 46 27 FE 74 47 95 A7 ..C.\..vKF'.tG..
0040: 1B 7D A7 8E 9F F9 DF B2 D1 2D 04 67 5A 4E EE D6 .........-.gZN..
0050: 87 A0 1E 29 E6 D5 BB 87 CD 7D AB 11 73 98 F6 F9 ...)........s...
0060: 46 70 84 15 95 D9 B8 06 F9 A3 37 63 B3 E8 E7 D8 Fp........7c....
0070: C5 92 3A 3A DF 21 EB AB 75 A6 A7 8A 8F E2 0F 2B ..::.!..u......+
0080: 53 63 97 4C 7A 40 ED 04 25 72 AF 3C 86 5C 3E C3 Sc.Lz@..%r.<.\>.
0090: B2 87 22 43 93 83 80 0E 93 44 B2 D3 7F 3F E5 89 .."C.....D...?..
00A0: 0D C9 8F E1 69 9D 56 53 58 ED D6 AC 03 CA 75 70 ....i.VSX.....up
00B0: D2 6C 05 0B 23 C8 99 08 FD 23 3B 0F F5 B5 32 1C .l..#....#;...2.
00C0: 03 AD 02 5B D6 57 E4 CF E7 3E 43 8D 0A 7F 9E 4D ...[.W...>C....M
00D0: 13 3D 33 4A B4 A4 56 48 9C BA AE 36 66 F4 BC 0B .=3J..VH...6f...
00E0: D3 91 C9 C3 86 57 75 FB 0E AB 48 58 5C 0C B5 EC .....Wu...HX\...
}'}
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:07.109 GMT|ChangeCipherSpec.java:148|Consuming ChangeCipherSpec message
javax.net.ssl|DEBUG|10|main|2023-11-14 08:28:07.110 GMT|Finished.java:548|Consuming server Finished handshake message (
"Finished": {
"verify data": {
0000: 4A DB A4 2B 35 55 7B F4 96 E8 E6 C5
}
}
)
GET Response Code :: 404
javax.net.ssl|DEBUG|10|main|2023-11-14 08:34:07.249 GMT|Utilities.java:74|the previous server name in SNI (type=host_name (0), value=ida2a.llv.li) was replaced with (type=host_name (0), value=ida2a.llv.li)
javax.net.ssl|INFO|10|main|2023-11-14 08:34:07.251 GMT|AlpnExtension.java:179|No available application protocols
javax.net.ssl|DEBUG|10|main|2023-11-14 08:34:07.251 GMT|SSLExtensions.java:272|Ignore, context unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|DEBUG|10|main|2023-11-14 08:34:07.251 GMT|SSLExtensions.java:272|Ignore, context unavailable extension: cookie
javax.net.ssl|DEBUG|10|main|2023-11-14 08:34:07.252 GMT|SSLExtensions.java:272|Ignore, context unavailable extension: renegotiation_info
javax.net.ssl|DEBUG|10|main|2023-11-14 08:34:07.252 GMT|PreSharedKeyExtension.java:679|Existing session has no PSK.
javax.net.ssl|DEBUG|10|main|2023-11-14 08:34:07.253 GMT|SSLExtensions.java:272|Ignore, context unavailable extension: pre_shared_key
javax.net.ssl|DEBUG|10|main|2023-11-14 08:34:07.255 GMT|ClientHello.java:640|Produced ClientHello handshake message (
"ClientHello": {
"client version" : "TLSv1.2",
"random" : "7C110E189DBCC08F6B24488A5B1CAEDECAA77B1483DBA78D092F79877E7C5888",
"session id" : "0000000000000000000000000000000000000000000000000000000000000000",
"cipher suites" : "[TLS_AES_256_GCM_SHA384(0x1302), TLS_AES_128_GCM_SHA256(0x1301), TLS_CHACHA20_POLY1305_SHA256(0x1303), TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(0xC02C), TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(0xC02B), TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256(0xCCA9), TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xC030), TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256(0xCCA8), TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xC02F), TLS_DHE_RSA_WITH_AES_256_GCM_SHA384(0x009F), TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256(0xCCAA), TLS_DHE_DSS_WITH_AES_256_GCM_SHA384(0x00A3), TLS_DHE_RSA_WITH_AES_128_GCM_SHA256(0x009E), TLS_DHE_DSS_WITH_AES_128_GCM_SHA256(0x00A2), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384(0xC024), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(0xC028), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(0xC023), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(0xC027), TLS_DHE_RSA_WITH_AES_256_CBC_SHA256(0x006B), TLS_DHE_DSS_WITH_AES_256_CBC_SHA256(0x006A), TLS_DHE_RSA_WITH_AES_128_CBC_SHA256(0x0067), TLS_DHE_DSS_WITH_AES_128_CBC_SHA256(0x0040), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA(0xC00A), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(0xC014), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(0xC009), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(0xC013), TLS_DHE_RSA_WITH_AES_256_CBC_SHA(0x0039), TLS_DHE_DSS_WITH_AES_256_CBC_SHA(0x0038), TLS_DHE_RSA_WITH_AES_128_CBC_SHA(0x0033), TLS_DHE_DSS_WITH_AES_128_CBC_SHA(0x0032), TLS_RSA_WITH_AES_256_GCM_SHA384(0x009D), TLS_RSA_WITH_AES_128_GCM_SHA256(0x009C), TLS_RSA_WITH_AES_256_CBC_SHA256(0x003D), TLS_RSA_WITH_AES_128_CBC_SHA256(0x003C), TLS_RSA_WITH_AES_256_CBC_SHA(0x0035), TLS_RSA_WITH_AES_128_CBC_SHA(0x002F), TLS_EMPTY_RENEGOTIATION_INFO_SCSV(0x00FF)]",
"compression methods" : "00",
"extensions" : [
"server_name (0)": {
type=host_name (0), value=ida2a.llv.li
},
"status_request (5)": {
"certificate status type": ocsp
"OCSP status request": {
"responder_id": <empty>
"request extensions": {
<empty>
}
}
},
"supported_groups (10)": {
"named groups": [x25519, secp256r1, secp384r1, secp521r1, x448, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192]
},
"ec_point_formats (11)": {
"formats": [uncompressed]
},
"status_request_v2 (17)": {
"cert status request": {
"certificate status type": ocsp_multi
"OCSP status request": {
"responder_id": <empty>
"request extensions": {
<empty>
}
}
}
},
"extended_master_secret (23)": {
<empty>
},
"session_ticket (35)": {
"ticket" : {
0000: E1 C6 C6 33 DE A4 85 AB 53 B4 A5 75 C2 71 5F EB ...3....S..u.q_.
0010: 5E 49 7C 10 20 2B BE 2D B3 1F F2 7E 51 5F 31 CE ^I.. +.-....Q_1.
0020: AC 57 3A F9 22 F6 79 3D 17 46 F7 4A D8 1F B2 70 .W:.".y=.F.J...p
0030: 7F 12 43 D7 5C 1E 94 76 4B 46 27 FE 74 47 95 A7 ..C.\..vKF'.tG..
0040: 1B 7D A7 8E 9F F9 DF B2 D1 2D 04 67 5A 4E EE D6 .........-.gZN..
0050: 87 A0 1E 29 E6 D5 BB 87 CD 7D AB 11 73 98 F6 F9 ...)........s...
0060: 46 70 84 15 95 D9 B8 06 F9 A3 37 63 B3 E8 E7 D8 Fp........7c....
0070: C5 92 3A 3A DF 21 EB AB 75 A6 A7 8A 8F E2 0F 2B ..::.!..u......+
0080: 53 63 97 4C 7A 40 ED 04 25 72 AF 3C 86 5C 3E C3 Sc.Lz@..%r.<.\>.
0090: B2 87 22 43 93 83 80 0E 93 44 B2 D3 7F 3F E5 89 .."C.....D...?..
00A0: 0D C9 8F E1 69 9D 56 53 58 ED D6 AC 03 CA 75 70 ....i.VSX.....up
00B0: D2 6C 05 0B 23 C8 99 08 FD 23 3B 0F F5 B5 32 1C .l..#....#;...2.
00C0: 03 AD 02 5B D6 57 E4 CF E7 3E 43 8D 0A 7F 9E 4D ...[.W...>C....M
00D0: 13 3D 33 4A B4 A4 56 48 9C BA AE 36 66 F4 BC 0B .=3J..VH...6f...
00E0: D3 91 C9 C3 86 57 75 FB 0E AB 48 58 5C 0C B5 EC .....Wu...HX\...
}
},
"signature_algorithms (13)": {
"signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, ed25519, ed448, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha224, rsa_sha224, dsa_sha224, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
},
"supported_versions (43)": {
"versions": [TLSv1.3, TLSv1.2]
},
"psk_key_exchange_modes (45)": {
"ke_modes": [psk_dhe_ke]
},
"signature_algorithms_cert (50)": {
"signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, ed25519, ed448, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha224, rsa_sha224, dsa_sha224, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
},
"key_share (51)": {
"client_shares": [
{
"named group": x25519
"key_exchange": {
0000: A1 D7 34 25 F9 13 2E D3 58 DF 62 69 E3 EC 30 E1 ..4%....X.bi..0.
0010: CE AD 7F 87 0E 08 99 A2 73 02 FA 9A 26 13 49 05 ........s...&.I.
}
},
{
"named group": secp256r1
"key_exchange": {
0000: 04 44 15 68 AA D0 F2 20 2C 4A 4F 79 16 47 CE 83 .D.h... ,JOy.G..
0010: 7A 83 6C C0 C7 A5 15 7C F6 BD DF B8 2E E9 57 CB z.l...........W.
0020: 9C 5F 8B ED 5C EC 2E BA 7E 7A BA 53 CE 7E E0 BD ._..\....z.S....
0030: 77 49 30 BE 5E C5 8A D9 45 35 D1 E7 46 13 BB 8E wI0.^...E5..F...
0040: EB
}
},
]
}
]
}
)
javax.net.ssl|DEBUG|10|main|2023-11-14 08:34:07.280 GMT|ServerHello.java:883|Consuming ServerHello handshake message (
"ServerHello": {
"server version" : "TLSv1.2",
"random" : "655330FF44144F32068BA9A3D1AA96D4B72AD1BF439AC09A288BFB07B5BCB6FE",
"session id" : "0000000000000000000000000000000000000000000000000000000000000000",
"cipher suite" : "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xC030)",
"compression methods" : "00",
"extensions" : [
"renegotiation_info (65,281)": {
"renegotiated connection": [<no renegotiated connection>]
},
"session_ticket (35)": {
<empty>
},
"ec_point_formats (11)": {
"formats": [uncompressed]
}
]
}
)
javax.net.ssl|DEBUG|10|main|2023-11-14 08:34:07.280 GMT|SSLExtensions.java:185|Ignore unavailable extension: supported_versions
javax.net.ssl|DEBUG|10|main|2023-11-14 08:34:07.280 GMT|ServerHello.java:979|Negotiated protocol version: TLSv1.2
javax.net.ssl|DEBUG|10|main|2023-11-14 08:34:07.280 GMT|SSLExtensions.java:204|Consumed extension: renegotiation_info
javax.net.ssl|DEBUG|10|main|2023-11-14 08:34:07.280 GMT|SSLExtensions.java:185|Ignore unavailable extension: server_name
javax.net.ssl|DEBUG|10|main|2023-11-14 08:34:07.281 GMT|SSLExtensions.java:185|Ignore unavailable extension: max_fragment_length
javax.net.ssl|DEBUG|10|main|2023-11-14 08:34:07.281 GMT|SSLExtensions.java:185|Ignore unavailable extension: status_request
javax.net.ssl|DEBUG|10|main|2023-11-14 08:34:07.281 GMT|SSLExtensions.java:204|Consumed extension: ec_point_formats
javax.net.ssl|DEBUG|10|main|2023-11-14 08:34:07.281 GMT|SSLExtensions.java:185|Ignore unavailable extension: status_request_v2
javax.net.ssl|DEBUG|10|main|2023-11-14 08:34:07.281 GMT|SSLExtensions.java:204|Consumed extension: session_ticket
javax.net.ssl|DEBUG|10|main|2023-11-14 08:34:07.281 GMT|SSLExtensions.java:175|Ignore unsupported extension: supported_versions
javax.net.ssl|DEBUG|10|main|2023-11-14 08:34:07.281 GMT|SSLExtensions.java:175|Ignore unsupported extension: key_share
javax.net.ssl|DEBUG|10|main|2023-11-14 08:34:07.281 GMT|SSLExtensions.java:204|Consumed extension: renegotiation_info
javax.net.ssl|DEBUG|10|main|2023-11-14 08:34:07.281 GMT|SSLExtensions.java:175|Ignore unsupported extension: pre_shared_key
javax.net.ssl|DEBUG|10|main|2023-11-14 08:34:07.281 GMT|SSLExtensions.java:219|Ignore unavailable extension: server_name
javax.net.ssl|DEBUG|10|main|2023-11-14 08:34:07.281 GMT|SSLExtensions.java:219|Ignore unavailable extension: max_fragment_length
javax.net.ssl|DEBUG|10|main|2023-11-14 08:34:07.282 GMT|SSLExtensions.java:219|Ignore unavailable extension: status_request
javax.net.ssl|WARNING|10|main|2023-11-14 08:34:07.282 GMT|SSLExtensions.java:227|Ignore impact of unsupported extension: ec_point_formats
javax.net.ssl|DEBUG|10|main|2023-11-14 08:34:07.282 GMT|SSLExtensions.java:219|Ignore unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|DEBUG|10|main|2023-11-14 08:34:07.282 GMT|SSLExtensions.java:219|Ignore unavailable extension: status_request_v2
javax.net.ssl|DEBUG|10|main|2023-11-14 08:34:07.282 GMT|SSLExtensions.java:219|Ignore unavailable extension: extended_master_secret
javax.net.ssl|WARNING|10|main|2023-11-14 08:34:07.282 GMT|SSLExtensions.java:227|Ignore impact of unsupported extension: session_ticket
javax.net.ssl|DEBUG|10|main|2023-11-14 08:34:07.282 GMT|SSLExtensions.java:219|Ignore unavailable extension: supported_versions
javax.net.ssl|DEBUG|10|main|2023-11-14 08:34:07.282 GMT|SSLExtensions.java:219|Ignore unavailable extension: key_share
javax.net.ssl|WARNING|10|main|2023-11-14 08:34:07.282 GMT|SSLExtensions.java:227|Ignore impact of unsupported extension: renegotiation_info
javax.net.ssl|DEBUG|10|main|2023-11-14 08:34:07.282 GMT|SSLExtensions.java:219|Ignore unavailable extension: pre_shared_key
javax.net.ssl|ERROR|10|main|2023-11-14 08:34:07.283 GMT|TransportContext.java:370|Fatal (UNEXPECTED_MESSAGE): Unexpected handshake message: certificate (
"throwable" : {
javax.net.ssl.SSLProtocolException: Unexpected handshake message: certificate
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:128)
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:470)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:447)
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:201)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1506)
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1421)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:455)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:426)
at java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:586)
at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:187)
at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1675)
at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1599)
at java.base/java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:531)
at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:307)
at HttpURLConnectionExample.sendGET(HttpURLConnectionExample.java:22)
at HttpURLConnectionExample.main(HttpURLConnectionExample.java:15)}
)
javax.net.ssl|DEBUG|10|main|2023-11-14 08:34:07.284 GMT|SSLSocketImpl.java:1749|close the underlying socket
javax.net.ssl|DEBUG|10|main|2023-11-14 08:34:07.284 GMT|SSLSocketImpl.java:1775|close the SSL connection (passive)
Exception in thread "main" javax.net.ssl.SSLProtocolException: Unexpected handshake message: certificate
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:128)
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:470)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:447)
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:201)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1506)
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1421)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:455)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:426)
at java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:586)
at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:187)
at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1675)
at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1599)
at java.base/java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:531)
at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:307)
at HttpURLConnectionExample.sendGET(HttpURLConnectionExample.java:22)
at HttpURLConnectionExample.main(HttpURLConnectionExample.java:15)
---------- BEGIN SOURCE ----------
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStream;
import javax.net.ssl.HttpsURLConnection;
import java.net.URL;
public class HttpURLConnectionExample {
private static final String GET_URL = "https://ida2a.llv.li/auth/realms/";
public static void main(String[] args) throws IOException, InterruptedException {
sendGET(); // runs fine
Thread.sleep(60 * 6 * 1000); // sleep 6 minutes
sendGET(); // fails
}
private static void sendGET() throws IOException {
URL obj = new URL(GET_URL);
HttpsURLConnection con = (HttpsURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
System.out.println("GET Response Code :: " + responseCode);
}
}
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
Set -Djdk.tls.client.enableSessionTicketExtension=false
FREQUENCY : always