Using SSLEngineImpl. Allow unsafe renegotiation: false Allow legacy hello messages: true Is initial handshake: true Is secure renegotiation: false Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1 Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1 Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1 Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1 Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1 Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1 Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1 Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1 Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1 XNIO-3 I/O-2, READ: TLSv1.2 Handshake, length = 88 *** ClientHello, TLSv1.2 RandomCookie: GMT: 1502389437 bytes = { 219, 255, 99, 98, 17, 110, 5, 172, 39, 63, 64, 51, 110, 159, 127, 110, 34, 214, 115, 153, 248, 174, 186, 64, 73, 83, 21, 69 } Session ID: {} Cipher Suites: [TLS_DHE_RSA_WITH_AES_256_GCM_SHA384] Compression Methods: { 0 } Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA224withECDSA, SHA224withRSA, SHA224withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA Extension extended_master_secret Extension renegotiation_info, renegotiated_connection: *** %% Initialized: [Session-27, SSL_NULL_WITH_NULL_NULL] Standard ciphersuite chosen: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 %% Negotiating: [Session-27, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384] *** ServerHello, TLSv1.2 RandomCookie: GMT: 1502389437 bytes = { 35, 150, 46, 239, 203, 233, 132, 37, 11, 239, 68, 56, 115, 159, 240, 199, 67, 203, 218, 150, 213, 103, 70, 163, 66, 125, 81, 6 } Session ID: {90, 141, 165, 189, 44, 228, 231, 165, 212, 18, 188, 159, 211, 34, 174, 147, 5, 196, 2, 251, 136, 70, 137, 175, 179, 128, 167, 254, 90, 112, 29, 94} Cipher Suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 Compression Method: 0 Extension renegotiation_info, renegotiated_connection: Extension extended_master_secret *** Cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 *** Certificate chain chain [0] = [ [ Version: V3 Subject: CN=plynch-ha-vm1.prx.eng.westminster.polycom.com, DC=prx, DC=eng, DC=westminster, DC=polycom, DC=com, OU=Self Signed Certificate, O=Polycom DMA 7000 Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 Key: Sun RSA public key, 2048 bits modulus: 22450137317933990583362835823066010951805498962597488124787679145186723462299276598861237909688565221505661428858516467213432460801295075297044789527887303071887056608796208165385980865789536776398112791533635398709615177092948761827064749736844161813966682242679499239383850350421603264562718790905262891709282518837844218804190833129148455815141508872244731860079508704013460512270226150586680443445639064757434194092264004031698898929632715601378614972821309251492044959357713120633912637317550677630285783912503116318207057027623949256399371851705671443314232145919805452190582749821412438190867994684829026930113 public exponent: 65537 Validity: [From: Fri Feb 16 08:37:48 MST 2018, To: Sun Mar 27 09:37:48 MDT 2022] Issuer: CN=plynch-ha-vm1.prx.eng.westminster.polycom.com, DC=prx, DC=eng, DC=westminster, DC=polycom, DC=com, OU=Self Signed Certificate, O=Polycom DMA 7000 SerialNumber: [ e2ef8d2d e11eff7c] Certificate Extensions: 4 [1]: ObjectId: 2.5.29.19 Criticality=false BasicConstraints:[ CA:false PathLen: undefined ] [2]: ObjectId: 2.5.29.37 Criticality=false ExtendedKeyUsages [ serverAuth clientAuth ] [3]: ObjectId: 2.5.29.15 Criticality=false KeyUsage [ DigitalSignature Key_Encipherment ] [4]: ObjectId: 2.5.29.17 Criticality=false SubjectAlternativeName [ DNSName: plynch-ha-vm1.prx.eng.westminster.polycom.com DNSName: plynch-ha-vm1 IPAddress: 10.47.17.140 ] ] Algorithm: [SHA256withRSA] Signature: 0000: 29 15 31 07 AF 9D EC A6 66 3B 8A 37 91 9A BE 7B ).1.....f;.7.... 0010: 92 32 74 CB D2 49 59 38 6D 94 09 F3 B7 78 2D 97 .2t..IY8m....x-. 0020: 3F 36 40 04 F2 30 B9 39 68 BD 24 A6 4C 77 B3 A7 ?6@..0.9h.$.Lw.. 0030: 69 71 06 30 26 A8 83 66 6B 54 36 8E BE A0 34 11 iq.0&..fkT6...4. 0040: 7C 43 25 27 CD 79 04 14 A7 2F 92 A7 EB 16 7B 02 .C%'.y.../...... 0050: 83 56 2C 47 75 42 BE 32 22 87 18 73 22 72 D8 1F .V,GuB.2"..s"r.. 0060: 4A D0 CA D6 28 DE 5B 89 B6 60 73 55 07 BF 5A 21 J...(.[..`sU..Z! 0070: 1D 81 B1 9E E7 54 D2 8F 4C 7E 48 E8 24 5E ED A6 .....T..L.H.$^.. 0080: 5C 30 CD 1C 00 B9 FB 8C FD 9B B3 9A 0B 86 D8 BF \0.............. 0090: CA 02 0C 7D B0 9D 2A B3 A3 FF 02 11 BB 9F F2 25 ......*........% 00A0: 20 05 1C 35 74 9E B7 3A 5F 7D 9A 74 94 D6 C9 DE ..5t..:_..t.... 00B0: 4D C9 2D F5 98 E4 85 7E D8 D1 25 FE 1D DB 3E A1 M.-.......%...>. 00C0: 17 4E A6 D3 7A 01 52 90 51 4F E3 8A 43 7D D3 A1 .N..z.R.QO..C... 00D0: E4 37 C6 6A 5A 8B D8 38 3F B1 15 37 C7 CC 86 A5 .7.jZ..8?..7.... 00E0: C5 01 9C 59 A4 72 0E 02 A8 6D 56 FF 24 30 A9 90 ...Y.r...mV.$0.. 00F0: FF 35 D9 AA C3 7E 47 BF F4 B9 76 38 9E 6D BB 99 .5....G...v8.m.. ] *** *** Diffie-Hellman ServerKeyExchange DH Modulus: { 255, 255, 255, 255, 255, 255, 255, 255, 201, 15, 218, 162, 33, 104, 194, 52, 196, 198, 98, 139, 128, 220, 28, 209, 41, 2, 78, 8, 138, 103, 204, 116, 2, 11, 190, 166, 59, 19, 155, 34, 81, 74, 8, 121, 142, 52, 4, 221, 239, 149, 25, 179, 205, 58, 67, 27, 48, 43, 10, 109, 242, 95, 20, 55, 79, 225, 53, 109, 109, 81, 194, 69, 228, 133, 181, 118, 98, 94, 126, 198, 244, 76, 66, 233, 166, 55, 237, 107, 11, 255, 92, 182, 244, 6, 183, 237, 238, 56, 107, 251, 90, 137, 159, 165, 174, 159, 36, 17, 124, 75, 31, 230, 73, 40, 102, 81, 236, 230, 83, 129, 255, 255, 255, 255, 255, 255, 255, 255 } DH Base: { 2 } Server DH Public Key: { 236, 130, 210, 168, 179, 134, 183, 243, 138, 152, 8, 176, 69, 117, 43, 222, 140, 16, 34, 32, 5, 30, 167, 118, 126, 165, 176, 156, 233, 209, 116, 106, 251, 68, 240, 23, 2, 237, 145, 100, 255, 122, 186, 67, 252, 187, 243, 243, 29, 159, 106, 190, 83, 189, 165, 187, 137, 199, 218, 216, 38, 123, 208, 67, 215, 68, 18, 164, 254, 226, 197, 189, 225, 14, 110, 237, 236, 122, 58, 118, 101, 242, 84, 195, 41, 28, 11, 115, 34, 236, 20, 66, 42, 221, 123, 2, 224, 219, 144, 21, 59, 167, 183, 93, 125, 175, 125, 80, 102, 59, 108, 195, 129, 64, 241, 73, 178, 48, 210, 44, 165, 116, 226, 138, 241, 141, 65, 248 } Signature Algorithm SHA512withRSA Signed with a DSA or RSA public key *** ServerHelloDone XNIO-3 task-4, WRITE: TLSv1.2 Handshake, length = 1881 XNIO-3 I/O-2, READ: TLSv1.2 Handshake, length = 134 *** ClientKeyExchange, DH DH Public key: { 225, 141, 137, 161, 181, 70, 214, 157, 194, 102, 116, 73, 166, 108, 98, 225, 123, 166, 18, 6, 31, 117, 212, 226, 183, 23, 204, 240, 58, 138, 225, 87, 64, 232, 110, 147, 64, 226, 215, 28, 59, 31, 57, 63, 206, 206, 178, 127, 192, 126, 75, 133, 159, 168, 74, 45, 29, 22, 19, 42, 5, 123, 190, 75, 112, 157, 135, 227, 123, 31, 182, 198, 203, 169, 89, 12, 160, 126, 12, 135, 207, 108, 129, 247, 249, 168, 28, 9, 167, 62, 74, 102, 129, 198, 6, 193, 192, 16, 254, 158, 42, 109, 52, 39, 154, 108, 142, 57, 242, 222, 82, 8, 146, 160, 6, 47, 160, 41, 185, 65, 59, 207, 183, 101, 171, 189, 33, 127 } XNIO-3 I/O-2, fatal error: 80: problem unwrapping net record javax.net.ssl.SSLHandshakeException: DHPublicKey does not comply to algorithm constraints %% Invalidated: [Session-27, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384] XNIO-3 I/O-2, SEND TLSv1.2 ALERT: fatal, description = internal_error XNIO-3 I/O-2, WRITE: TLSv1.2 Alert, length = 2 XNIO-3 I/O-2, called closeInbound() XNIO-3 I/O-2, fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack? XNIO-3 I/O-2, called closeOutbound() XNIO-3 I/O-2, closeOutboundInternal()