jshell> java.net.http.HttpClient.newBuilder().build().send(java.net.http.HttpRequest.newBuilder(new java.net.URI("https ://www.google.com")).GET().build(), java.net.http.HttpResponse.BodyHandlers.ofString()).body() javax.net.ssl|DEBUG|01|main|2020-02-19 16:19:32.543 CST|SSLCipher.java:437|jdk.tls.keyLimits: entry = AES/GCM/NoPadding KeyUpdate 2^37. AES/GCM/NOPADDING:KEYUPDATE = 137438953472 javax.net.ssl|DEBUG|12|HttpClient-1-Worker-0|2020-02-19 16:19:33.235 CST|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_AES_128_GCM_SHA256 for TLS12 javax.net.ssl|DEBUG|12|HttpClient-1-Worker-0|2020-02-19 16:19:33.235 CST|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_AES_256_GCM_SHA384 for TLS12 javax.net.ssl|WARNING|12|HttpClient-1-Worker-0|2020-02-19 16:19:33.285 CST|SignatureScheme.java:295|Signature algorithm, ed25519, is not supported by the underlying providers javax.net.ssl|WARNING|12|HttpClient-1-Worker-0|2020-02-19 16:19:33.286 CST|SignatureScheme.java:295|Signature algorithm, ed448, is not supported by the underlying providers javax.net.ssl|ALL|12|HttpClient-1-Worker-0|2020-02-19 16:19:33.293 CST|SignatureScheme.java:372|Ignore disabled signature scheme: rsa_md5 javax.net.ssl|DEBUG|12|HttpClient-1-Worker-0|2020-02-19 16:19:33.294 CST|SSLExtensions.java:256|Ignore, context unavailable extension: cookie javax.net.ssl|DEBUG|12|HttpClient-1-Worker-0|2020-02-19 16:19:33.322 CST|SSLExtensions.java:256|Ignore, context unavailable extension: renegotiation_info javax.net.ssl|DEBUG|12|HttpClient-1-Worker-0|2020-02-19 16:19:33.323 CST|PreSharedKeyExtension.java:634|No session to resume. javax.net.ssl|DEBUG|12|HttpClient-1-Worker-0|2020-02-19 16:19:33.323 CST|SSLExtensions.java:256|Ignore, context unavailable extension: pre_shared_key javax.net.ssl|DEBUG|12|HttpClient-1-Worker-0|2020-02-19 16:19:33.330 CST|ClientHello.java:651|Produced ClientHello handshake message ( "ClientHello": { "client version" : "TLSv1.2", "random" : "08 03 EC 5A FB CC BD BE 7B 10 72 97 7D C6 1B B9 38 C6 8F C6 23 2D A6 C4 04 48 D0 7D 4C D0 00 53", "session id" : "3B C3 F4 A1 03 55 6A 42 1E ED 34 E6 65 80 CC 22 97 47 DA 69 D0 19 1C 57 76 0B 54 95 3E AC 15 03", "cipher suites" : "[TLS_AES_128_GCM_SHA256(0x1301), TLS_AES_256_GCM_SHA384(0x1302), TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(0xC02C), TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(0xC02B), TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xC030), TLS_RSA_WITH_AES_256_GCM_SHA384(0x009D), TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384(0xC02E), TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384(0xC032), TLS_DHE_RSA_WITH_AES_256_GCM_SHA384(0x009F), TLS_DHE_DSS_WITH_AES_256_GCM_SHA384(0x00A3), TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xC02F), TLS_RSA_WITH_AES_128_GCM_SHA256(0x009C), TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256(0xC02D), TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256(0xC031), TLS_DHE_RSA_WITH_AES_128_GCM_SHA256(0x009E), TLS_DHE_DSS_WITH_AES_128_GCM_SHA256(0x00A2), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384(0xC024), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(0xC028), TLS_RSA_WITH_AES_256_CBC_SHA256(0x003D), TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384(0xC026), TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384(0xC02A), TLS_DHE_RSA_WITH_AES_256_CBC_SHA256(0x006B), TLS_DHE_DSS_WITH_AES_256_CBC_SHA256(0x006A), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA(0xC00A), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(0xC014), TLS_RSA_WITH_AES_256_CBC_SHA(0x0035), TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA(0xC005), TLS_ECDH_RSA_WITH_AES_256_CBC_SHA(0xC00F), TLS_DHE_RSA_WITH_AES_256_CBC_SHA(0x0039), TLS_DHE_DSS_WITH_AES_256_CBC_SHA(0x0038), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(0xC023), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(0xC027), TLS_RSA_WITH_AES_128_CBC_SHA256(0x003C), TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256(0xC025), TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256(0xC029), TLS_DHE_RSA_WITH_AES_128_CBC_SHA256(0x0067), TLS_DHE_DSS_WITH_AES_128_CBC_SHA256(0x0040), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(0xC009), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(0xC013), TLS_RSA_WITH_AES_128_CBC_SHA(0x002F), TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA(0xC004), TLS_ECDH_RSA_WITH_AES_128_CBC_SHA(0xC00E), TLS_DHE_RSA_WITH_AES_128_CBC_SHA(0x0033), TLS_DHE_DSS_WITH_AES_128_CBC_SHA(0x0032), TLS_EMPTY_RENEGOTIATION_INFO_SCSV(0x00FF)]", "compression methods" : "00", "extensions" : [ "server_name (0)": { type=host_name (0), value=www.google.com }, "status_request (5)": { "certificate status type": ocsp "OCSP status request": { "responder_id": "request extensions": { } } }, "supported_groups (10)": { "versions": [secp256r1, secp384r1, secp521r1, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192] }, "ec_point_formats (11)": { "formats": [uncompressed] }, "signature_algorithms (13)": { "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1] }, "signature_algorithms_cert (50)": { "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1] }, "application_layer_protocol_negotiation (16)": { [h2, http/1.1] }, "status_request_v2 (17)": { "cert status request": { "certificate status type": ocsp_multi "OCSP status request": { "responder_id": "request extensions": { } } } }, "extended_master_secret (23)": { }, "supported_versions (43)": { "versions": [TLSv1.3, TLSv1.2] }, "psk_key_exchange_modes (45)": { "ke_modes": [psk_dhe_ke] }, "key_share (51)": { "client_shares": [ { "named group": secp256r1 "key_exchange": { 0000: 04 69 2E 8C 82 22 49 3D 29 76 09 45 EF 6F 79 95 .i..."I=)v.E.oy. 0010: 6C EE 46 85 23 D6 FF D3 1E 21 94 21 38 A8 4D 7A l.F.#....!.!8.Mz 0020: 37 28 80 2A 16 5D 6F 42 22 67 7E 85 B8 2E 1F C1 7(.*.]oB"g...... 0030: 57 E7 AB BB 88 4B 3F 49 96 EE C6 7B 5F E9 84 4D W....K?I...._..M 0040: 25 } }, ] } ] } ) javax.net.ssl|DEBUG|12|HttpClient-1-Worker-0|2020-02-19 16:19:33.356 CST|ServerHello.java:884|Consuming ServerHello handshake message ( "ServerHello": { "server version" : "TLSv1.2", "random" : "5E 4C EF 95 84 32 C5 84 7B EF 6C D8 11 9D 99 EE 43 83 86 0D 39 AC A7 08 ED BF B4 A8 C2 47 10 FF", "session id" : "A2 7D 51 DA 41 DE 3F 17 81 0B 6D 49 7C 2E 92 11 25 57 6E 92 83 82 47 39 16 C9 85 EB 76 F2 F9 3A", "cipher suite" : "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(0xC02B)", "compression methods" : "00", "extensions" : [ "extended_master_secret (23)": { }, "renegotiation_info (65,281)": { "renegotiated connection": [] }, "ec_point_formats (11)": { "formats": [uncompressed] }, "application_layer_protocol_negotiation (16)": { [h2] } ] } ) javax.net.ssl|DEBUG|12|HttpClient-1-Worker-0|2020-02-19 16:19:33.357 CST|SSLExtensions.java:169|Ignore unavailable extension: supported_versions javax.net.ssl|DEBUG|12|HttpClient-1-Worker-0|2020-02-19 16:19:33.357 CST|ServerHello.java:980|Negotiated protocol version: TLSv1.2 javax.net.ssl|DEBUG|12|HttpClient-1-Worker-0|2020-02-19 16:19:33.358 CST|SSLExtensions.java:188|Consumed extension: renegotiation_info javax.net.ssl|DEBUG|12|HttpClient-1-Worker-0|2020-02-19 16:19:33.359 CST|SSLExtensions.java:169|Ignore unavailable extension: server_name javax.net.ssl|DEBUG|12|HttpClient-1-Worker-0|2020-02-19 16:19:33.359 CST|SSLExtensions.java:169|Ignore unavailable extension: max_fragment_length javax.net.ssl|DEBUG|12|HttpClient-1-Worker-0|2020-02-19 16:19:33.359 CST|SSLExtensions.java:169|Ignore unavailable extension: status_request javax.net.ssl|DEBUG|12|HttpClient-1-Worker-0|2020-02-19 16:19:33.360 CST|SSLExtensions.java:188|Consumed extension: ec_point_formats javax.net.ssl|DEBUG|12|HttpClient-1-Worker-0|2020-02-19 16:19:33.360 CST|SSLExtensions.java:188|Consumed extension: application_layer_protocol_negotiation javax.net.ssl|DEBUG|12|HttpClient-1-Worker-0|2020-02-19 16:19:33.360 CST|SSLExtensions.java:169|Ignore unavailable extension: status_request_v2 javax.net.ssl|DEBUG|12|HttpClient-1-Worker-0|2020-02-19 16:19:33.361 CST|SSLExtensions.java:188|Consumed extension: extended_master_secret javax.net.ssl|DEBUG|12|HttpClient-1-Worker-0|2020-02-19 16:19:33.361 CST|SSLExtensions.java:159|Ignore unsupported extension: supported_versions javax.net.ssl|DEBUG|12|HttpClient-1-Worker-0|2020-02-19 16:19:33.361 CST|SSLExtensions.java:159|Ignore unsupported extension: key_share javax.net.ssl|DEBUG|12|HttpClient-1-Worker-0|2020-02-19 16:19:33.361 CST|SSLExtensions.java:188|Consumed extension: renegotiation_info javax.net.ssl|DEBUG|12|HttpClient-1-Worker-0|2020-02-19 16:19:33.362 CST|SSLExtensions.java:159|Ignore unsupported extension: pre_shared_key javax.net.ssl|DEBUG|12|HttpClient-1-Worker-0|2020-02-19 16:19:33.362 CST|SSLExtensions.java:203|Ignore unavailable extension: server_name javax.net.ssl|DEBUG|12|HttpClient-1-Worker-0|2020-02-19 16:19:33.363 CST|SSLExtensions.java:203|Ignore unavailable extension: max_fragment_length javax.net.ssl|DEBUG|12|HttpClient-1-Worker-0|2020-02-19 16:19:33.363 CST|SSLExtensions.java:203|Ignore unavailable extension: status_request javax.net.ssl|WARNING|12|HttpClient-1-Worker-0|2020-02-19 16:19:33.363 CST|SSLExtensions.java:211|Ignore impact of unsupported extension: ec_point_formats javax.net.ssl|WARNING|12|HttpClient-1-Worker-0|2020-02-19 16:19:33.363 CST|SSLExtensions.java:211|Ignore impact of unsupported extension: application_layer_protocol_negotiation javax.net.ssl|DEBUG|12|HttpClient-1-Worker-0|2020-02-19 16:19:33.364 CST|SSLExtensions.java:203|Ignore unavailable extension: status_request_v2 javax.net.ssl|WARNING|12|HttpClient-1-Worker-0|2020-02-19 16:19:33.364 CST|SSLExtensions.java:211|Ignore impact of unsupported extension: extended_master_secret javax.net.ssl|DEBUG|12|HttpClient-1-Worker-0|2020-02-19 16:19:33.364 CST|SSLExtensions.java:203|Ignore unavailable extension: supported_versions javax.net.ssl|DEBUG|12|HttpClient-1-Worker-0|2020-02-19 16:19:33.365 CST|SSLExtensions.java:203|Ignore unavailable extension: key_share javax.net.ssl|WARNING|12|HttpClient-1-Worker-0|2020-02-19 16:19:33.365 CST|SSLExtensions.java:211|Ignore impact of unsupported extension: renegotiation_info javax.net.ssl|DEBUG|12|HttpClient-1-Worker-0|2020-02-19 16:19:33.365 CST|SSLExtensions.java:203|Ignore unavailable extension: pre_shared_key javax.net.ssl|DEBUG|12|HttpClient-1-Worker-0|2020-02-19 16:19:33.377 CST|CertificateMessage.java:358|Consuming server Certificate handshake message ( "Certificates": [ "certificate" : { "version" : "v3", "serial number" : "00 D4 B0 87 D4 5A EC 89 BC 02 00 00 00 00 57 9B D4", "signature algorithm": "SHA256withRSA", "issuer" : "CN=GTS CA 1O1, O=Google Trust Services, C=US", "not before" : "2020-01-30 06:01:37.000 CST", "not after" : "2020-04-23 06:01:37.000 CST", "subject" : "CN=www.google.com, O=Google LLC, L=Mountain View, ST=California, C=US", "subject public key" : "EC", "extensions" : [ { ObjectId: 1.3.6.1.4.1.11129.2.4.2 Criticality=false }, { ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false AuthorityInfoAccess [ [ accessMethod: ocsp accessLocation: URIName: http://ocsp.pki.goog/gts1o1 , accessMethod: caIssuers accessLocation: URIName: http://pki.goog/gsr2/GTS1O1.crt ] ] }, { ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: 98 D1 F8 6E 10 EB CF 9B EC 60 9F 18 90 1B A0 EB ...n.....`...... 0010: 7D 09 FD 2B ...+ ] ] }, { ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:false PathLen: undefined ] }, { ObjectId: 2.5.29.31 Criticality=false CRLDistributionPoints [ [DistributionPoint: [URIName: http://crl.pki.goog/GTS1O1.crl] ]] }, { ObjectId: 2.5.29.32 Criticality=false CertificatePolicies [ [CertificatePolicyId: [2.23.140.1.2.2] [] ] [CertificatePolicyId: [1.3.6.1.4.1.11129.2.5.3] [] ] ] }, { ObjectId: 2.5.29.37 Criticality=false ExtendedKeyUsages [ serverAuth ] }, { ObjectId: 2.5.29.15 Criticality=true KeyUsage [ DigitalSignature ] }, { ObjectId: 2.5.29.17 Criticality=false SubjectAlternativeName [ DNSName: www.google.com ] }, { ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 3A C6 8F 58 05 D3 B4 E3 DB E7 FE 7A 94 8A 89 49 :..X.......z...I 0010: 93 41 52 DF .AR. ] ] } ]}, "certificate" : { "version" : "v3", "serial number" : "01 E3 B4 9A A1 8D 8A A9 81 25 69 50 B8", "signature algorithm": "SHA256withRSA", "issuer" : "CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2", "not before" : "2017-06-15 08:00:42.000 CST", "not after" : "2021-12-15 08:00:42.000 CST", "subject" : "CN=GTS CA 1O1, O=Google Trust Services, C=US", "subject public key" : "RSA", "extensions" : [ { ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false AuthorityInfoAccess [ [ accessMethod: ocsp accessLocation: URIName: http://ocsp.pki.goog/gsr2 ] ] }, { ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: 9B E2 07 57 67 1C 1E C0 6A 06 DE 59 B4 9A 2D DF ...Wg...j..Y..-. 0010: DC 19 86 2E .... ] ] }, { ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:true PathLen:0 ] }, { ObjectId: 2.5.29.31 Criticality=false CRLDistributionPoints [ [DistributionPoint: [URIName: http://crl.pki.goog/gsr2/gsr2.crl] ]] }, { ObjectId: 2.5.29.32 Criticality=false CertificatePolicies [ [CertificatePolicyId: [2.23.140.1.2.2] [PolicyQualifierInfo: [ qualifierID: 1.3.6.1.5.5.7.2.1 qualifier: 0000: 16 1C 68 74 74 70 73 3A 2F 2F 70 6B 69 2E 67 6F ..https://pki.go 0010: 6F 67 2F 72 65 70 6F 73 69 74 6F 72 79 2F og/repository/ ]] ] ] }, { ObjectId: 2.5.29.37 Criticality=false ExtendedKeyUsages [ serverAuth clientAuth ] }, { ObjectId: 2.5.29.15 Criticality=true KeyUsage [ DigitalSignature Key_CertSign Crl_Sign ] }, { ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 98 D1 F8 6E 10 EB CF 9B EC 60 9F 18 90 1B A0 EB ...n.....`...... 0010: 7D 09 FD 2B ...+ ] ] } ]} ] ) javax.net.ssl|DEBUG|12|HttpClient-1-Worker-0|2020-02-19 16:19:33.444 CST|ECDHServerKeyExchange.java:538|Consuming ECDH ServerKeyExchange handshake message ( "ECDH ServerKeyExchange": { "parameters": { "named group": "secp256r1" "ecdh public": { 0000: 04 C2 89 95 86 14 02 57 7D C0 D4 76 46 60 7C 6B .......W...vF`.k 0010: 9E 25 8C 74 0F 24 D6 4A DD F4 AF 0A 49 23 91 37 .%.t.$.J....I#.7 0020: 85 D4 0B 23 A7 67 B6 22 B8 61 DD 15 3B AF 52 35 ...#.g.".a..;.R5 0030: AD BB 9C 98 49 1E 2F D1 4E 30 C6 64 C3 61 9E 8E ....I./.N0.d.a.. 0040: FF . }, }, "digital signature": { "signature algorithm": "ecdsa_secp256r1_sha256" "signature": { 0000: 30 45 02 20 0F E5 16 17 4C 98 2E E5 7D 0C 05 5C 0E. ....L......\ 0010: A1 74 D0 DD C6 32 5E B3 CA CF 68 B7 B6 4A 1F D5 .t...2^...h..J.. 0020: 07 C7 AE 6E 02 21 00 90 11 1D 25 4C 59 EA AD 38 ...n.!....%LY..8 0030: F2 64 15 EA 3F 30 74 2B 20 D9 A9 D2 99 25 22 32 .d..?0t+ ....%"2 0040: 68 8B 20 6D 1F DB B7 h. m... }, } } ) javax.net.ssl|DEBUG|12|HttpClient-1-Worker-0|2020-02-19 16:19:33.445 CST|ServerHelloDone.java:151|Consuming ServerHelloDone handshake message ( ) javax.net.ssl|DEBUG|12|HttpClient-1-Worker-0|2020-02-19 16:19:33.452 CST|ECDHClientKeyExchange.java:398|Produced ECDHE ClientKeyExchange handshake message ( "ECDH ClientKeyExchange": { "ecdh public": { 0000: 04 22 A0 BC 12 47 14 0D C5 33 2A 8A E1 E5 9D FA ."...G...3*..... 0010: 52 9D 0E A6 7D 1F 35 76 0F 43 9F 37 99 02 65 89 R.....5v.C.7..e. 0020: 9C 8B 82 00 75 3B 14 C1 59 50 73 84 E5 DC 51 E4 ....u;..YPs...Q. 0030: 20 05 5A 6E 67 16 4B 5C 4D 37 96 AE FE AE C1 DC .Zng.K\M7...... 0040: 71 q }, } ) javax.net.ssl|DEBUG|12|HttpClient-1-Worker-0|2020-02-19 16:19:33.471 CST|ChangeCipherSpec.java:117|Produced ChangeCipherSpec message javax.net.ssl|DEBUG|12|HttpClient-1-Worker-0|2020-02-19 16:19:33.472 CST|Finished.java:399|Produced client Finished handshake message ( "Finished": { "verify data": { 0000: FB D0 A0 53 53 E9 35 C5 44 4E 03 30 }'} ) javax.net.ssl|DEBUG|12|HttpClient-1-Worker-0|2020-02-19 16:19:33.497 CST|ChangeCipherSpec.java:151|Consuming ChangeCipherSpec message javax.net.ssl|DEBUG|12|HttpClient-1-Worker-0|2020-02-19 16:19:33.498 CST|Finished.java:536|Consuming server Finished handshake message ( "Finished": { "verify data": { 0000: 3F 21 F0 2F AD 82 4C 26 B1 13 A2 93 }'} ) $5 ==> "Google "