On Sat, 2016-02-20 at 22:51 -0500, Murat Balkan wrote: > Hi, > > I have a problem with HttpClient. (All versions, seems to have the same) > > When I try to connect an Https site (specifically so.n11.com) I got a > connection reset error after the handshake is finalized. If I try to call > the same URL with HttpUrlConnection, I dont get any errors. The browsers do > not have any problems displaying this site. > > I started thinking that this could be a bug, or I am doing something wrong. > I hope somebody can recognize this issue. > > > The code I am running is pretty straightforward: The same code works for > other HTTPS sites I tested. > > SSLConnectionSocketFactory sslConnectionFactory = new > > SSLConnectionSocketFactory(sslContext,new String[] > > {"TLSv1","TLSv1.1","TLSv1.2"},null, NoopHostnameVerifier.INSTANCE); > > Registry<ConnectionSocketFactory> socketFactoryRegistry = > > RegistryBuilder.<ConnectionSocketFactory>create() > > .register("http", PlainConnectionSocketFactory.getSocketFactory()) > > .register("https", sslConnectionFactory) > > .build(); > > PoolingHttpClientConnectionManager cm = new > > PoolingHttpClientConnectionManager(socketFactoryRegistry); > > cm.setDefaultMaxPerRoute(1); > > CloseableHttpClient httpClient = HttpClientBuilder.create().build(); > > HttpGet httpGet = new HttpGet("https://so.n11.com"); > > httpClient.execute(httpGet); > > System.out.println("I can never reach this point"); > > > > The exception I am receiving is: > > java.net.SocketException: Connection reset > > at java.net.SocketInputStream.read(Unknown Source) > > at java.net.SocketInputStream.read(Unknown Source) > > at sun.security.ssl.InputRecord.readFully(Unknown Source) > > at sun.security.ssl.InputRecord.read(Unknown Source) > > at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) > > at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source) > > at sun.security.ssl.AppInputStream.read(Unknown Source) > > at > > org.apache.http.impl.io.SessionInputBufferImpl.streamRead(SessionInputBufferImpl.java:139) > > at > > org.apache.http.impl.io.SessionInputBufferImpl.fillBuffer(SessionInputBufferImpl.java:155) > > at > > org.apache.http.impl.io.SessionInputBufferImpl.readLine(SessionInputBufferImpl.java:284) > > at > > org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:140) > > at > > org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:57) > > at > > org.apache.http.impl.io.AbstractMessageParser.parse(AbstractMessageParser.java:261) > > at > > org.apache.http.impl.DefaultBHttpClientConnection.receiveResponseHeader(DefaultBHttpClientConnection.java:165) > > at > > org.apache.http.impl.conn.CPoolProxy.receiveResponseHeader(CPoolProxy.java:167) > > at > > org.apache.http.protocol.HttpRequestExecutor.doReceiveResponse(HttpRequestExecutor.java:272) > > at > > org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:124) > > at > > org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:271) > > at > > org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184) > > at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88) > > at > > org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) > > at > > org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184) > > at > > org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) > > at > > org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107) > > at HttpTest.main(HttpTest.java:102) > > > > My ssl debugged console output, The last line shows where it is crashing. > > > keyStore is : > keyStore type is : jks > keyStore provider is : > init keystore > init keymanager of type SunX509 > trustStore is: C:\Program Files\Java\jre7\lib\security\cacerts > trustStore type is : jks > trustStore provider is : > init truststore > adding as trusted cert: > Subject: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH > Issuer: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH > Algorithm: RSA; Serial number: 0x4eb200670c035d4f > Valid from Wed Oct 25 04:36:00 EDT 2006 until Sat Oct 25 04:36:00 EDT 2036 > > adding as trusted cert: > Subject: EMAILADDRESS=i...@valicert.com, CN=http://www.valicert.com/, > OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.", > L=ValiCert Validation Network > Issuer: EMAILADDRESS=i...@valicert.com, CN=http://www.valicert.com/, > OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.", > L=ValiCert Validation Network > Algorithm: RSA; Serial number: 0x1 > Valid from Fri Jun 25 18:23:48 EDT 1999 until Tue Jun 25 18:23:48 EDT 2019 > > .............other certs are added here..................... > trigger seeding of SecureRandom > done seeding SecureRandom > Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA > Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA > Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA > Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 > Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 > Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 > Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 > Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 > Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 > Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 > Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 > Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA > Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 > Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 > Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA > Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 > Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 > Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 > Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA > Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA > Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 > Allow unsafe renegotiation: true > Allow legacy hello messages: true > Is initial handshake: true > Is secure renegotiation: false > %% No cached client session > *** ClientHello, TLSv1 > RandomCookie: GMT: 1439249216 bytes = { 181, 51, 240, 91, 213, 128, 253, > 130, 175, 1, 120, 144, 175, 47, 84, 255, 110, 176, 90, 12, 1, 222, 26, 228, > 217, 253, 204, 183 } > Session ID: {} > Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, > TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, > TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, > TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, > SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, > TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, > SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, > TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, > TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, > SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV] > Compression Methods: { 0 } > Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, > secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, > secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, > secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, > sect193r2, secp224k1, sect239k1, secp256k1} > Extension ec_point_formats, formats: [uncompressed] > Extension server_name, server_name: [host_name: so.n11.com] > *** > main, WRITE: TLSv1 Handshake, length = 168 > main, READ: TLSv1 Handshake, length = 81 > *** ServerHello, TLSv1 > RandomCookie: GMT: -248021780 bytes = { 64, 87, 126, 169, 131, 166, 131, > 53, 47, 116, 132, 123, 96, 239, 214, 212, 205, 233, 60, 43, 47, 215, 42, > 241, 70, 71, 193, 163 } > Session ID: {160, 223, 84, 38, 21, 14, 47, 17, 44, 4, 143, 239, 27, 88, > 141, 50, 135, 210, 22, 55, 10, 225, 144, 80, 32, 160, 166, 196, 53, 97, > 173, 162} > Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA > Compression Method: 0 > Extension renegotiation_info, renegotiated_connection: <empty> > *** > %% Initialized: [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA] > ** TLS_RSA_WITH_AES_128_CBC_SHA > main, READ: TLSv1 Handshake, length = 2811 > *** Certificate chain > chain [0] = [ > [ > Version: V3 > Subject: CN=www.n11.com, O=Dogus Planet Elektronik Ticaret ve Bilisim > Hizmetleri A.S., OU=Dogus Planet IT, STREET=Resitpasa Mah. ITU Teknokent > ARI-3 N:4/A-3 Ickapi No:8-9, L=Sariyer, ST=Istanbul, C=TR, > OID.1.3.6.1.4.1.311.60.2.1.3=TR, SERIALNUMBER=824112, OID.2.5.4.15=Private > Organization > Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 > > Key: Sun RSA public key, 2048 bits > modulus: > 22836644521018276508843000972511360511817142465792577836128935435959156931305947010784223146380337369761698668175134462105224854055862419613719124355757789290179807554826760077516112777710883109860118043817151287493315641961466739474383875608008783365165145348645068516141971909173260212386832124402015304544064531092387299432880310533962291809691804377688097843426102003484673487144027667161121551683699081796612343937318530829213637924448835944079059665915427348484513297817037245931982590522360400125477769611363538194862955227499328393935619714246489467507020716345946541974642275640240250388710544525695289196549 > public exponent: 65537 > Validity: [From: Fri Oct 31 04:02:29 EDT 2014, > To: Thu Dec 29 06:26:06 EST 2016] > Issuer: CN=GlobalSign Extended Validation CA - SHA256 - G2, O=GlobalSign > nv-sa, C=BE > SerialNumber: [ 1121bf16 2244ec94 9440daf8 7379f94c b34f] > > Certificate Extensions: 9 > [1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false > AuthorityInfoAccess [ > [ > accessMethod: caIssuers > accessLocation: URIName: > http://secure.globalsign.com/cacert/gsextendvalsha2g2r2.crt > , > accessMethod: ocsp > accessLocation: URIName: http://ocsp2.globalsign.com/gsextendvalsha2g2 > ] > ] > > [2]: ObjectId: 2.5.29.35 Criticality=false > AuthorityKeyIdentifier [ > KeyIdentifier [ > 0000: DA 40 77 43 65 1C F8 FE A7 E3 F4 64 82 3E 4D 43 .@wCe......d.>MC > 0010: 13 22 31 02 ."1. > ] > ] > > [3]: ObjectId: 2.5.29.19 Criticality=false > BasicConstraints:[ > CA:false > PathLen: undefined > ] > > [4]: ObjectId: 2.5.29.31 Criticality=false > CRLDistributionPoints [ > [DistributionPoint: > [URIName: http://crl.globalsign.com/gs/gsextendvalsha2g2.crl] > ]] > > [5]: ObjectId: 2.5.29.32 Criticality=false > CertificatePolicies [ > [CertificatePolicyId: [1.3.6.1.4.1.4146.1.1] > [PolicyQualifierInfo: [ > qualifierID: 1.3.6.1.5.5.7.2.1 > qualifier: 0000: 16 26 68 74 74 70 73 3A 2F 2F 77 77 77 2E 67 6C .& > https://www.gl > 0010: 6F 62 61 6C 73 69 67 6E 2E 63 6F 6D 2F 72 65 70 obalsign.com/rep > 0020: 6F 73 69 74 6F 72 79 2F ository/ > > ]] ] > ] > > [6]: ObjectId: 2.5.29.37 Criticality=false > ExtendedKeyUsages [ > serverAuth > clientAuth > ] > > [7]: ObjectId: 2.5.29.15 Criticality=true > KeyUsage [ > DigitalSignature > Key_Encipherment > ] > > > [9]: ObjectId: 2.5.29.14 Criticality=false > SubjectKeyIdentifier [ > KeyIdentifier [ > 0000: 19 9D 52 D4 5D 21 D9 9B 34 AE 69 A7 B4 AE 1D EA ..R.]!..4.i..... > 0010: 01 16 93 67 ...g > ] > ] > > ] > Algorithm: [SHA256withRSA] > Signature: > 0000: 28 2D 42 BA 57 3C AF 1A 4B E8 97 50 B0 B6 11 06 (-B.W<..K..P.... > 0010: 70 72 92 1A 25 83 F8 21 32 8E A2 7E 38 4F 1E 80 pr..%..!2...8O.. > 0020: 48 25 50 2D E4 C8 AE CB 3B 94 18 DC 00 FE CF CA H%P-....;....... > 0030: 6B D5 5F 72 1A 4C FF D1 41 B0 ED E7 49 06 D2 FD k._r.L..A...I... > 0040: 9B CA 89 6E 4E 33 2B EE 85 CE A3 AE 5E BA 3B 56 ...nN3+.....^.;V > 0050: 65 84 5A 43 33 C1 D4 06 6D 4C 98 00 B7 E4 8A 69 e.ZC3...mL.....i > 0060: B9 56 0B 3F FA A6 BD 19 C9 FB CC 30 AB 4F 1E 9C .V.?.......0.O.. > 0070: 0A 6C E8 4B DA B6 26 B2 20 81 1C 16 74 AD 34 A7 .l.K..&. ...t.4. > 0080: 8C D6 E4 60 19 8F 41 9E 2C 1C 9A 21 0D F7 62 39 ...`..A.,..!..b9 > 0090: 10 A0 4F 2E 18 70 70 60 00 88 C1 F8 6C 3B 0C 68 ..O..pp`....l;.h > 00A0: 62 5C FD 5E 35 51 A8 3D C7 D5 BF 78 03 A8 74 1A b\.^5Q.=...x..t. > 00B0: FB 6B 50 A0 36 42 16 36 3C 5B CD 60 38 08 06 6A .kP.6B.6<[.`8..j > 00C0: AA 67 B7 D4 E6 7A 8B 6B 77 6B 05 67 D1 88 68 0E .g...z.kwk.g..h. > 00D0: 88 62 76 83 20 18 2F 72 DD 91 91 13 55 53 5A FC .bv. ./r....USZ. > 00E0: 82 E9 1E FB DF F1 5F AE C6 04 DB 45 69 0B 04 38 ......_....Ei..8 > 00F0: 75 BD ED 0D 1F AE 6B 6D 1E EA 0E 1C 6F 42 4C 25 u.....km....oBL% > > ] > chain [1] = [ > [ > Version: V3 > Subject: CN=GlobalSign Extended Validation CA - SHA256 - G2, O=GlobalSign > nv-sa, C=BE > Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 > > Key: Sun RSA public key, 2048 bits > modulus: > 20692545121192705092405399875689416275597327546962973690741146883608321881781548932874259264607405405821919372397851572311930571962344287019261678681503760836519538358426465125953767433400572674072012145502030347174099865398052927036123107330917599170883590029311075000964745788613042980084055476636747733880637074492577425731573013081070696586930500469603621400721003820193820122061857579582118659259010126818383230058089163517313498544019626528673455603854715135869762703162961091666004266797443259485594287862070970208959708347187322803241694112144804033788054120679393348853865967461591910068386373642566288179927 > public exponent: 65537 > Validity: [From: Thu Feb 20 05:00:00 EST 2014, > To: Wed Dec 15 03:00:00 EST 2021] > Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2 > SerialNumber: [ 04000000 0001444e f04a55] > > Certificate Extensions: 7 > [1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false > AuthorityInfoAccess [ > [ > accessMethod: ocsp > accessLocation: URIName: http://ocsp.globalsign.com/rootr2 > ] > ] > > [2]: ObjectId: 2.5.29.35 Criticality=false > AuthorityKeyIdentifier [ > KeyIdentifier [ > 0000: 9B E2 07 57 67 1C 1E C0 6A 06 DE 59 B4 9A 2D DF ...Wg...j..Y..-. > 0010: DC 19 86 2E .... > ] > ] > > [3]: ObjectId: 2.5.29.19 Criticality=true > BasicConstraints:[ > CA:true > PathLen:0 > ] > > [4]: ObjectId: 2.5.29.31 Criticality=false > CRLDistributionPoints [ > [DistributionPoint: > [URIName: http://crl.globalsign.net/root-r2.crl] > ]] > > [5]: ObjectId: 2.5.29.32 Criticality=false > CertificatePolicies [ > [CertificatePolicyId: [2.5.29.32.0] > [PolicyQualifierInfo: [ > qualifierID: 1.3.6.1.5.5.7.2.1 > qualifier: 0000: 16 26 68 74 74 70 73 3A 2F 2F 77 77 77 2E 67 6C .& > https://www.gl > 0010: 6F 62 61 6C 73 69 67 6E 2E 63 6F 6D 2F 72 65 70 obalsign.com/rep > 0020: 6F 73 69 74 6F 72 79 2F ository/ > > ]] ] > ] > > [6]: ObjectId: 2.5.29.15 Criticality=true > KeyUsage [ > Key_CertSign > Crl_Sign > ] > > [7]: ObjectId: 2.5.29.14 Criticality=false > SubjectKeyIdentifier [ > KeyIdentifier [ > 0000: DA 40 77 43 65 1C F8 FE A7 E3 F4 64 82 3E 4D 43 .@wCe......d.>MC > 0010: 13 22 31 02 ."1. > ] > ] > > ] > Algorithm: [SHA256withRSA] > Signature: > 0000: 40 EF 12 90 83 74 96 8A F9 3A BA 9B 59 4A 33 D3 @....t...:..YJ3. > 0010: EF 4C 13 2B B5 91 CB C9 96 ED 6E F5 6C 64 F1 C6 .L.+......n.ld.. > 0020: 84 B2 46 59 5A 58 82 52 F1 34 A0 54 41 64 20 AB ..FYZX.R.4.TAd . > 0030: D8 57 3B D4 14 74 71 18 36 CC 13 C1 C7 70 C0 F5 .W;..tq.6....p.. > 0040: 45 66 0E 71 AE 87 AF 92 94 EB 71 40 09 F4 CC 77 Ef.q......q@...w > 0050: F7 1B 93 85 8A 4A AE 33 85 E6 74 AE F5 10 A6 3E .....J.3..t....> > 0060: C9 59 83 C3 F9 5C 96 F9 28 F7 34 7B E9 38 C6 91 .Y...\..(.4..8.. > 0070: 3C 4F 71 58 75 FE E1 56 75 76 CD 40 C4 15 40 39 <OqXu..Vuv.@..@9 > 0080: A9 41 FD 64 10 0F 97 85 07 E8 79 64 D0 5B 4D 4C .A.d......yd.[ML > 0090: 9B 27 97 D3 73 5E 92 7E 1F 48 E2 CA B9 05 97 4E .'..s^...H.....N > 00A0: EF 2C 1C 6B 4D 8A 5F 78 53 95 CD 02 39 C2 2F E6 .,.kM._xS...9./. > 00B0: 69 4F F6 71 D1 99 B5 7F 6D 20 DE 43 8F DB 00 1B iO.q....m .C.... > 00C0: A3 3B 37 DE D1 3F 6D F3 B6 90 76 1D AC 9D 6F 84 .;7..?m...v...o. > 00D0: 4F 24 94 09 76 E0 9D A8 4D F7 4D 37 8F A4 2F 5F O$..v...M.M7../_ > 00E0: 4B 41 E4 49 16 97 CC 7B 6C AF 11 CA 96 54 09 8B KA.I....l....T.. > 00F0: 24 51 AE 5D ED A2 F1 BB 53 10 4D 97 FA 1A 77 03 $Q.]....S.M...w. > > ] > *** > Found trusted certificate: > [ > [ > Version: V3 > Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2 > Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5 > > Key: Sun RSA public key, 2048 bits > modulus: > 21057703584475184807565557524537816321491861642060041763647257260224980509300477196924243590718942686590709107534863816871998744486217397041943036790668349398596465655712023148303173173625617456109014852791089527884590320201838663822684972532489783525944263241117811947512306928924706019699374824809368116805968844700689553244922646662031817428598871924656385681991340984751484716908148967287908171187321560857250025694833777855463632395686856225456740364321799926634676042609958611723658984406384068047734580405304178873193147583468071249577706812402337331306461396767845742998827081874578148453783909473879293336463 > public exponent: 65537 > Validity: [From: Fri Dec 15 03:00:00 EST 2006, > To: Wed Dec 15 03:00:00 EST 2021] > Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2 > SerialNumber: [ 04000000 00010f86 26e60d] > > Certificate Extensions: 5 > [1]: ObjectId: 2.5.29.35 Criticality=false > AuthorityKeyIdentifier [ > KeyIdentifier [ > 0000: 9B E2 07 57 67 1C 1E C0 6A 06 DE 59 B4 9A 2D DF ...Wg...j..Y..-. > 0010: DC 19 86 2E .... > ] > ] > > [2]: ObjectId: 2.5.29.19 Criticality=true > BasicConstraints:[ > CA:true > PathLen:2147483647 > ] > > [3]: ObjectId: 2.5.29.31 Criticality=false > CRLDistributionPoints [ > [DistributionPoint: > [URIName: http://crl.globalsign.net/root-r2.crl] > ]] > > [4]: ObjectId: 2.5.29.15 Criticality=true > KeyUsage [ > Key_CertSign > Crl_Sign > ] > > [5]: ObjectId: 2.5.29.14 Criticality=false > SubjectKeyIdentifier [ > KeyIdentifier [ > 0000: 9B E2 07 57 67 1C 1E C0 6A 06 DE 59 B4 9A 2D DF ...Wg...j..Y..-. > 0010: DC 19 86 2E .... > ] > ] > > ] > Algorithm: [SHA1withRSA] > Signature: > 0000: 99 81 53 87 1C 68 97 86 91 EC E0 4A B8 44 0B AB ..S..h.....J.D.. > 0010: 81 AC 27 4F D6 C1 B8 1C 43 78 B3 0C 9A FC EA 2C ..'O....Cx....., > 0020: 3C 6E 61 1B 4D 4B 29 F5 9F 05 1D 26 C1 B8 E9 83 <na.MK)....&.... > 0030: 00 62 45 B6 A9 08 93 B9 A9 33 4B 18 9A C2 F8 87 .bE......3K..... > 0040: 88 4E DB DD 71 34 1A C1 54 DA 46 3F E0 D3 2A AB .N..q4..T.F?..*. > 0050: 6D 54 22 F5 3A 62 CD 20 6F BA 29 89 D7 DD 91 EE mT".:b. o.)..... > 0060: D3 5C A2 3E A1 5B 41 F5 DF E5 64 43 2D E9 D5 39 .\.>.[A...dC-..9 > 0070: AB D2 A2 DF B7 8B D0 C0 80 19 1C 45 C0 2D 8C E8 ...........E.-.. > 0080: F8 2D A4 74 56 49 C5 05 B5 4F 15 DE 6E 44 78 39 .-.tVI...O..nDx9 > 0090: 87 A8 7E BB F3 79 18 91 BB F4 6F 9D C1 F0 8C 35 .....y....o....5 > 00A0: 8C 5D 01 FB C3 6D B9 EF 44 6D 79 46 31 7E 0A FE .]...m..DmyF1... > 00B0: A9 82 C1 FF EF AB 6E 20 C4 50 C9 5F 9D 4D 9B 17 ......n .P._.M.. > 00C0: 8C 0C E5 01 C9 A0 41 6A 73 53 FA A5 50 B4 6E 25 ......AjsS..P.n% > 00D0: 0F FB 4C 18 F4 FD 52 D9 8E 69 B1 E8 11 0F DE 88 ..L...R..i...... > 00E0: D8 FB 1D 49 F7 AA DE 95 CF 20 78 C2 60 12 DB 25 ...I..... x.`..% > 00F0: 40 8C 6A FC 7E 42 38 40 64 12 F7 9E 81 E1 93 2E @.j..B8@d....... > > ] > main, READ: TLSv1 Handshake, length = 4 > *** ServerHelloDone > *** ClientKeyExchange, RSA PreMasterSecret, TLSv1 > main, WRITE: TLSv1 Handshake, length = 262 > SESSION KEYGEN: > PreMaster Secret: > 0000: 03 01 21 B5 D6 C8 83 20 13 CE 9D 81 F5 A8 8A 41 ..!.... .......A > 0010: DF 7C 00 1F DC 55 1E 03 F5 B9 A6 AE FE F5 EF 8F .....U.......... > 0020: D8 30 2C 83 3C 66 40 9E D2 EF 06 88 16 AB 4F 87 .0,.<f@.......O. > CONNECTION KEYGEN: > Client Nonce: > 0000: 56 C9 33 40 B5 33 F0 5B D5 80 FD 82 AF 01 78 90 V.3@.3.[......x. > 0010: AF 2F 54 FF 6E B0 5A 0C 01 DE 1A E4 D9 FD CC B7 ./T.n.Z......... > Server Nonce: > 0000: F1 37 7D EC 40 57 7E A9 83 A6 83 35 2F 74 84 7B .7..@W.....5/t.. > 0010: 60 EF D6 D4 CD E9 3C 2B 2F D7 2A F1 46 47 C1 A3 `.....<+/.*.FG.. > Master Secret: > 0000: 6D 69 DA AA B3 B5 32 CB 23 3A 65 0E B9 82 0D A0 mi....2.#:e..... > 0010: F1 BA CC 1D 5C 40 AE 40 5F A2 C5 93 4D 1A A0 4E ....\@.@_...M..N > 0020: A0 87 22 6E FF D9 64 05 8F 92 EF 8D AE 07 49 54 .."n..d.......IT > Client MAC write Secret: > 0000: C8 43 0C 40 43 8B B0 CE 7A 2F 0E 1F 03 D3 54 B8 .C.@C...z/....T. > 0010: DE 34 8F 90 .4.. > Server MAC write Secret: > 0000: 6E 93 C2 22 EA EF 6B 2D 28 E1 65 8E 34 48 32 1E n.."..k-(.e.4H2. > 0010: 95 21 57 ED .!W. > Client write key: > 0000: AE 53 70 D1 87 6C 8B 09 E0 17 84 19 F1 6E 48 47 .Sp..l.......nHG > Server write key: > 0000: 27 4C EC 7F 63 08 FA EA 47 FB 1C F3 05 90 D3 9E 'L..c...G....... > Client write IV: > 0000: CD FC 9B 82 6C 44 5E 83 FF 64 B1 B8 E1 76 87 97 ....lD^..d...v.. > Server write IV: > 0000: 4F 4B 7D D1 22 0F 57 1A 87 8D 67 51 F1 95 87 EA OK..".W...gQ.... > main, WRITE: TLSv1 Change Cipher Spec, length = 1 > *** Finished > verify_data: { 102, 197, 238, 191, 74, 233, 79, 51, 129, 63, 254, 62 } > *** > main, WRITE: TLSv1 Handshake, length = 48 > main, READ: TLSv1 Change Cipher Spec, length = 1 > main, READ: TLSv1 Handshake, length = 48 > *** Finished > verify_data: { 126, 240, 234, 164, 31, 72, 200, 61, 37, 219, 129, 50 } > *** > %% Cached client session: [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA] > main, WRITE: TLSv1 Application Data, length = 176 > main, handling exception: java.net.SocketException: Connection reset > %% Invalidated: [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA] > main, SEND TLSv1 ALERT: fatal, description = unexpected_message > main, WRITE: TLSv1 Alert, length = 32 > main, Exception sending alert: java.net.SocketException: Connection reset > by peer: socket write error > main, called closeSocket() > main, called close() > main, called closeInternal(true)
It looks like the server may not like the TLS_RSA_WITH_AES_128_CBC_SHA cipher chosen by the client. Oleg --------------------------------------------------------------------- To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org For additional commands, e-mail: httpclient-users-h...@hc.apache.org