On Sat, 2016-02-20 at 22:51 -0500, Murat Balkan wrote:
> Hi,
>
> I have a problem with HttpClient. (All versions, seems to have the same)
>
> When I try to connect an Https site (specifically so.n11.com) I got a
> connection reset error after the handshake is finalized. If I try to call
> the same URL with HttpUrlConnection, I dont get any errors. The browsers do
> not have any problems displaying this site.
>
> I started thinking that this could be a bug, or I am doing something wrong.
> I hope somebody can recognize this issue.
>
>
> The code I am running is pretty straightforward: The same code works for
> other HTTPS sites I tested.
>
> SSLConnectionSocketFactory sslConnectionFactory = new
> > SSLConnectionSocketFactory(sslContext,new String[]
> > {"TLSv1","TLSv1.1","TLSv1.2"},null, NoopHostnameVerifier.INSTANCE);
> > Registry<ConnectionSocketFactory> socketFactoryRegistry =
> > RegistryBuilder.<ConnectionSocketFactory>create()
> > .register("http", PlainConnectionSocketFactory.getSocketFactory())
> > .register("https", sslConnectionFactory)
> > .build();
> > PoolingHttpClientConnectionManager cm = new
> > PoolingHttpClientConnectionManager(socketFactoryRegistry);
> > cm.setDefaultMaxPerRoute(1);
> > CloseableHttpClient httpClient = HttpClientBuilder.create().build();
> > HttpGet httpGet = new HttpGet("https://so.n11.com";);
> > httpClient.execute(httpGet);
> > System.out.println("I can never reach this point");
>
>
>
> The exception I am receiving is:
>
> java.net.SocketException: Connection reset
> > at java.net.SocketInputStream.read(Unknown Source)
> > at java.net.SocketInputStream.read(Unknown Source)
> > at sun.security.ssl.InputRecord.readFully(Unknown Source)
> > at sun.security.ssl.InputRecord.read(Unknown Source)
> > at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
> > at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
> > at sun.security.ssl.AppInputStream.read(Unknown Source)
> > at
> > org.apache.http.impl.io.SessionInputBufferImpl.streamRead(SessionInputBufferImpl.java:139)
> > at
> > org.apache.http.impl.io.SessionInputBufferImpl.fillBuffer(SessionInputBufferImpl.java:155)
> > at
> > org.apache.http.impl.io.SessionInputBufferImpl.readLine(SessionInputBufferImpl.java:284)
> > at
> > org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:140)
> > at
> > org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:57)
> > at
> > org.apache.http.impl.io.AbstractMessageParser.parse(AbstractMessageParser.java:261)
> > at
> > org.apache.http.impl.DefaultBHttpClientConnection.receiveResponseHeader(DefaultBHttpClientConnection.java:165)
> > at
> > org.apache.http.impl.conn.CPoolProxy.receiveResponseHeader(CPoolProxy.java:167)
> > at
> > org.apache.http.protocol.HttpRequestExecutor.doReceiveResponse(HttpRequestExecutor.java:272)
> > at
> > org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:124)
> > at
> > org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:271)
> > at
> > org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184)
> > at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88)
> > at
> > org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
> > at
> > org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
> > at
> > org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
> > at
> > org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
> > at HttpTest.main(HttpTest.java:102)
>
>
>
> My ssl debugged console output, The last line shows where it is crashing.
>
>
> keyStore is :
> keyStore type is : jks
> keyStore provider is :
> init keystore
> init keymanager of type SunX509
> trustStore is: C:\Program Files\Java\jre7\lib\security\cacerts
> trustStore type is : jks
> trustStore provider is :
> init truststore
> adding as trusted cert:
> Subject: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
> Issuer: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
> Algorithm: RSA; Serial number: 0x4eb200670c035d4f
> Valid from Wed Oct 25 04:36:00 EDT 2006 until Sat Oct 25 04:36:00 EDT 2036
>
> adding as trusted cert:
> Subject: EMAILADDRESS=i...@valicert.com, CN=http://www.valicert.com/,
> OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.",
> L=ValiCert Validation Network
> Issuer: EMAILADDRESS=i...@valicert.com, CN=http://www.valicert.com/,
> OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.",
> L=ValiCert Validation Network
> Algorithm: RSA; Serial number: 0x1
> Valid from Fri Jun 25 18:23:48 EDT 1999 until Tue Jun 25 18:23:48 EDT 2019
>
> .............other certs are added here.....................
> trigger seeding of SecureRandom
> done seeding SecureRandom
> Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
> Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
> Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
> Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
> Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
> Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
> Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
> Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
> Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
> Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
> Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
> Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
> Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
> Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
> Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
> Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
> Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
> Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
> Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
> Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
> Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
> Allow unsafe renegotiation: true
> Allow legacy hello messages: true
> Is initial handshake: true
> Is secure renegotiation: false
> %% No cached client session
> *** ClientHello, TLSv1
> RandomCookie: GMT: 1439249216 bytes = { 181, 51, 240, 91, 213, 128, 253,
> 130, 175, 1, 120, 144, 175, 47, 84, 255, 110, 176, 90, 12, 1, 222, 26, 228,
> 217, 253, 204, 183 }
> Session ID: {}
> Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA,
> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
> TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
> SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
> TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
> SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
> TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA,
> TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA,
> SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
> Compression Methods: { 0 }
> Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2,
> secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1,
> secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1,
> secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1,
> sect193r2, secp224k1, sect239k1, secp256k1}
> Extension ec_point_formats, formats: [uncompressed]
> Extension server_name, server_name: [host_name: so.n11.com]
> ***
> main, WRITE: TLSv1 Handshake, length = 168
> main, READ: TLSv1 Handshake, length = 81
> *** ServerHello, TLSv1
> RandomCookie: GMT: -248021780 bytes = { 64, 87, 126, 169, 131, 166, 131,
> 53, 47, 116, 132, 123, 96, 239, 214, 212, 205, 233, 60, 43, 47, 215, 42,
> 241, 70, 71, 193, 163 }
> Session ID: {160, 223, 84, 38, 21, 14, 47, 17, 44, 4, 143, 239, 27, 88,
> 141, 50, 135, 210, 22, 55, 10, 225, 144, 80, 32, 160, 166, 196, 53, 97,
> 173, 162}
> Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA
> Compression Method: 0
> Extension renegotiation_info, renegotiated_connection: <empty>
> ***
> %% Initialized: [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]
> ** TLS_RSA_WITH_AES_128_CBC_SHA
> main, READ: TLSv1 Handshake, length = 2811
> *** Certificate chain
> chain [0] = [
> [
> Version: V3
> Subject: CN=www.n11.com, O=Dogus Planet Elektronik Ticaret ve Bilisim
> Hizmetleri A.S., OU=Dogus Planet IT, STREET=Resitpasa Mah. ITU Teknokent
> ARI-3 N:4/A-3 Ickapi No:8-9, L=Sariyer, ST=Istanbul, C=TR,
> OID.1.3.6.1.4.1.311.60.2.1.3=TR, SERIALNUMBER=824112, OID.2.5.4.15=Private
> Organization
> Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
>
> Key: Sun RSA public key, 2048 bits
> modulus:
> 22836644521018276508843000972511360511817142465792577836128935435959156931305947010784223146380337369761698668175134462105224854055862419613719124355757789290179807554826760077516112777710883109860118043817151287493315641961466739474383875608008783365165145348645068516141971909173260212386832124402015304544064531092387299432880310533962291809691804377688097843426102003484673487144027667161121551683699081796612343937318530829213637924448835944079059665915427348484513297817037245931982590522360400125477769611363538194862955227499328393935619714246489467507020716345946541974642275640240250388710544525695289196549
> public exponent: 65537
> Validity: [From: Fri Oct 31 04:02:29 EDT 2014,
> To: Thu Dec 29 06:26:06 EST 2016]
> Issuer: CN=GlobalSign Extended Validation CA - SHA256 - G2, O=GlobalSign
> nv-sa, C=BE
> SerialNumber: [ 1121bf16 2244ec94 9440daf8 7379f94c b34f]
>
> Certificate Extensions: 9
> [1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
> AuthorityInfoAccess [
> [
> accessMethod: caIssuers
> accessLocation: URIName:
> http://secure.globalsign.com/cacert/gsextendvalsha2g2r2.crt
> ,
> accessMethod: ocsp
> accessLocation: URIName: http://ocsp2.globalsign.com/gsextendvalsha2g2
> ]
> ]
>
> [2]: ObjectId: 2.5.29.35 Criticality=false
> AuthorityKeyIdentifier [
> KeyIdentifier [
> 0000: DA 40 77 43 65 1C F8 FE A7 E3 F4 64 82 3E 4D 43 .@wCe......d.>MC
> 0010: 13 22 31 02 ."1.
> ]
> ]
>
> [3]: ObjectId: 2.5.29.19 Criticality=false
> BasicConstraints:[
> CA:false
> PathLen: undefined
> ]
>
> [4]: ObjectId: 2.5.29.31 Criticality=false
> CRLDistributionPoints [
> [DistributionPoint:
> [URIName: http://crl.globalsign.com/gs/gsextendvalsha2g2.crl]
> ]]
>
> [5]: ObjectId: 2.5.29.32 Criticality=false
> CertificatePolicies [
> [CertificatePolicyId: [1.3.6.1.4.1.4146.1.1]
> [PolicyQualifierInfo: [
> qualifierID: 1.3.6.1.5.5.7.2.1
> qualifier: 0000: 16 26 68 74 74 70 73 3A 2F 2F 77 77 77 2E 67 6C .&
> https://www.gl
> 0010: 6F 62 61 6C 73 69 67 6E 2E 63 6F 6D 2F 72 65 70 obalsign.com/rep
> 0020: 6F 73 69 74 6F 72 79 2F ository/
>
> ]] ]
> ]
>
> [6]: ObjectId: 2.5.29.37 Criticality=false
> ExtendedKeyUsages [
> serverAuth
> clientAuth
> ]
>
> [7]: ObjectId: 2.5.29.15 Criticality=true
> KeyUsage [
> DigitalSignature
> Key_Encipherment
> ]
>
>
> [9]: ObjectId: 2.5.29.14 Criticality=false
> SubjectKeyIdentifier [
> KeyIdentifier [
> 0000: 19 9D 52 D4 5D 21 D9 9B 34 AE 69 A7 B4 AE 1D EA ..R.]!..4.i.....
> 0010: 01 16 93 67 ...g
> ]
> ]
>
> ]
> Algorithm: [SHA256withRSA]
> Signature:
> 0000: 28 2D 42 BA 57 3C AF 1A 4B E8 97 50 B0 B6 11 06 (-B.W<..K..P....
> 0010: 70 72 92 1A 25 83 F8 21 32 8E A2 7E 38 4F 1E 80 pr..%..!2...8O..
> 0020: 48 25 50 2D E4 C8 AE CB 3B 94 18 DC 00 FE CF CA H%P-....;.......
> 0030: 6B D5 5F 72 1A 4C FF D1 41 B0 ED E7 49 06 D2 FD k._r.L..A...I...
> 0040: 9B CA 89 6E 4E 33 2B EE 85 CE A3 AE 5E BA 3B 56 ...nN3+.....^.;V
> 0050: 65 84 5A 43 33 C1 D4 06 6D 4C 98 00 B7 E4 8A 69 e.ZC3...mL.....i
> 0060: B9 56 0B 3F FA A6 BD 19 C9 FB CC 30 AB 4F 1E 9C .V.?.......0.O..
> 0070: 0A 6C E8 4B DA B6 26 B2 20 81 1C 16 74 AD 34 A7 .l.K..&. ...t.4.
> 0080: 8C D6 E4 60 19 8F 41 9E 2C 1C 9A 21 0D F7 62 39 ...`..A.,..!..b9
> 0090: 10 A0 4F 2E 18 70 70 60 00 88 C1 F8 6C 3B 0C 68 ..O..pp`....l;.h
> 00A0: 62 5C FD 5E 35 51 A8 3D C7 D5 BF 78 03 A8 74 1A b\.^5Q.=...x..t.
> 00B0: FB 6B 50 A0 36 42 16 36 3C 5B CD 60 38 08 06 6A .kP.6B.6<[.`8..j
> 00C0: AA 67 B7 D4 E6 7A 8B 6B 77 6B 05 67 D1 88 68 0E .g...z.kwk.g..h.
> 00D0: 88 62 76 83 20 18 2F 72 DD 91 91 13 55 53 5A FC .bv. ./r....USZ.
> 00E0: 82 E9 1E FB DF F1 5F AE C6 04 DB 45 69 0B 04 38 ......_....Ei..8
> 00F0: 75 BD ED 0D 1F AE 6B 6D 1E EA 0E 1C 6F 42 4C 25 u.....km....oBL%
>
> ]
> chain [1] = [
> [
> Version: V3
> Subject: CN=GlobalSign Extended Validation CA - SHA256 - G2, O=GlobalSign
> nv-sa, C=BE
> Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
>
> Key: Sun RSA public key, 2048 bits
> modulus:
> 20692545121192705092405399875689416275597327546962973690741146883608321881781548932874259264607405405821919372397851572311930571962344287019261678681503760836519538358426465125953767433400572674072012145502030347174099865398052927036123107330917599170883590029311075000964745788613042980084055476636747733880637074492577425731573013081070696586930500469603621400721003820193820122061857579582118659259010126818383230058089163517313498544019626528673455603854715135869762703162961091666004266797443259485594287862070970208959708347187322803241694112144804033788054120679393348853865967461591910068386373642566288179927
> public exponent: 65537
> Validity: [From: Thu Feb 20 05:00:00 EST 2014,
> To: Wed Dec 15 03:00:00 EST 2021]
> Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
> SerialNumber: [ 04000000 0001444e f04a55]
>
> Certificate Extensions: 7
> [1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
> AuthorityInfoAccess [
> [
> accessMethod: ocsp
> accessLocation: URIName: http://ocsp.globalsign.com/rootr2
> ]
> ]
>
> [2]: ObjectId: 2.5.29.35 Criticality=false
> AuthorityKeyIdentifier [
> KeyIdentifier [
> 0000: 9B E2 07 57 67 1C 1E C0 6A 06 DE 59 B4 9A 2D DF ...Wg...j..Y..-.
> 0010: DC 19 86 2E ....
> ]
> ]
>
> [3]: ObjectId: 2.5.29.19 Criticality=true
> BasicConstraints:[
> CA:true
> PathLen:0
> ]
>
> [4]: ObjectId: 2.5.29.31 Criticality=false
> CRLDistributionPoints [
> [DistributionPoint:
> [URIName: http://crl.globalsign.net/root-r2.crl]
> ]]
>
> [5]: ObjectId: 2.5.29.32 Criticality=false
> CertificatePolicies [
> [CertificatePolicyId: [2.5.29.32.0]
> [PolicyQualifierInfo: [
> qualifierID: 1.3.6.1.5.5.7.2.1
> qualifier: 0000: 16 26 68 74 74 70 73 3A 2F 2F 77 77 77 2E 67 6C .&
> https://www.gl
> 0010: 6F 62 61 6C 73 69 67 6E 2E 63 6F 6D 2F 72 65 70 obalsign.com/rep
> 0020: 6F 73 69 74 6F 72 79 2F ository/
>
> ]] ]
> ]
>
> [6]: ObjectId: 2.5.29.15 Criticality=true
> KeyUsage [
> Key_CertSign
> Crl_Sign
> ]
>
> [7]: ObjectId: 2.5.29.14 Criticality=false
> SubjectKeyIdentifier [
> KeyIdentifier [
> 0000: DA 40 77 43 65 1C F8 FE A7 E3 F4 64 82 3E 4D 43 .@wCe......d.>MC
> 0010: 13 22 31 02 ."1.
> ]
> ]
>
> ]
> Algorithm: [SHA256withRSA]
> Signature:
> 0000: 40 EF 12 90 83 74 96 8A F9 3A BA 9B 59 4A 33 D3 @....t...:..YJ3.
> 0010: EF 4C 13 2B B5 91 CB C9 96 ED 6E F5 6C 64 F1 C6 .L.+......n.ld..
> 0020: 84 B2 46 59 5A 58 82 52 F1 34 A0 54 41 64 20 AB ..FYZX.R.4.TAd .
> 0030: D8 57 3B D4 14 74 71 18 36 CC 13 C1 C7 70 C0 F5 .W;..tq.6....p..
> 0040: 45 66 0E 71 AE 87 AF 92 94 EB 71 40 09 F4 CC 77 Ef.q......q@...w
> 0050: F7 1B 93 85 8A 4A AE 33 85 E6 74 AE F5 10 A6 3E .....J.3..t....>
> 0060: C9 59 83 C3 F9 5C 96 F9 28 F7 34 7B E9 38 C6 91 .Y...\..(.4..8..
> 0070: 3C 4F 71 58 75 FE E1 56 75 76 CD 40 C4 15 40 39 <OqXu..Vuv.@..@9
> 0080: A9 41 FD 64 10 0F 97 85 07 E8 79 64 D0 5B 4D 4C .A.d......yd.[ML
> 0090: 9B 27 97 D3 73 5E 92 7E 1F 48 E2 CA B9 05 97 4E .'..s^...H.....N
> 00A0: EF 2C 1C 6B 4D 8A 5F 78 53 95 CD 02 39 C2 2F E6 .,.kM._xS...9./.
> 00B0: 69 4F F6 71 D1 99 B5 7F 6D 20 DE 43 8F DB 00 1B iO.q....m .C....
> 00C0: A3 3B 37 DE D1 3F 6D F3 B6 90 76 1D AC 9D 6F 84 .;7..?m...v...o.
> 00D0: 4F 24 94 09 76 E0 9D A8 4D F7 4D 37 8F A4 2F 5F O$..v...M.M7../_
> 00E0: 4B 41 E4 49 16 97 CC 7B 6C AF 11 CA 96 54 09 8B KA.I....l....T..
> 00F0: 24 51 AE 5D ED A2 F1 BB 53 10 4D 97 FA 1A 77 03 $Q.]....S.M...w.
>
> ]
> ***
> Found trusted certificate:
> [
> [
> Version: V3
> Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
> Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
>
> Key: Sun RSA public key, 2048 bits
> modulus:
> 21057703584475184807565557524537816321491861642060041763647257260224980509300477196924243590718942686590709107534863816871998744486217397041943036790668349398596465655712023148303173173625617456109014852791089527884590320201838663822684972532489783525944263241117811947512306928924706019699374824809368116805968844700689553244922646662031817428598871924656385681991340984751484716908148967287908171187321560857250025694833777855463632395686856225456740364321799926634676042609958611723658984406384068047734580405304178873193147583468071249577706812402337331306461396767845742998827081874578148453783909473879293336463
> public exponent: 65537
> Validity: [From: Fri Dec 15 03:00:00 EST 2006,
> To: Wed Dec 15 03:00:00 EST 2021]
> Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
> SerialNumber: [ 04000000 00010f86 26e60d]
>
> Certificate Extensions: 5
> [1]: ObjectId: 2.5.29.35 Criticality=false
> AuthorityKeyIdentifier [
> KeyIdentifier [
> 0000: 9B E2 07 57 67 1C 1E C0 6A 06 DE 59 B4 9A 2D DF ...Wg...j..Y..-.
> 0010: DC 19 86 2E ....
> ]
> ]
>
> [2]: ObjectId: 2.5.29.19 Criticality=true
> BasicConstraints:[
> CA:true
> PathLen:2147483647
> ]
>
> [3]: ObjectId: 2.5.29.31 Criticality=false
> CRLDistributionPoints [
> [DistributionPoint:
> [URIName: http://crl.globalsign.net/root-r2.crl]
> ]]
>
> [4]: ObjectId: 2.5.29.15 Criticality=true
> KeyUsage [
> Key_CertSign
> Crl_Sign
> ]
>
> [5]: ObjectId: 2.5.29.14 Criticality=false
> SubjectKeyIdentifier [
> KeyIdentifier [
> 0000: 9B E2 07 57 67 1C 1E C0 6A 06 DE 59 B4 9A 2D DF ...Wg...j..Y..-.
> 0010: DC 19 86 2E ....
> ]
> ]
>
> ]
> Algorithm: [SHA1withRSA]
> Signature:
> 0000: 99 81 53 87 1C 68 97 86 91 EC E0 4A B8 44 0B AB ..S..h.....J.D..
> 0010: 81 AC 27 4F D6 C1 B8 1C 43 78 B3 0C 9A FC EA 2C ..'O....Cx.....,
> 0020: 3C 6E 61 1B 4D 4B 29 F5 9F 05 1D 26 C1 B8 E9 83 <na.MK)....&....
> 0030: 00 62 45 B6 A9 08 93 B9 A9 33 4B 18 9A C2 F8 87 .bE......3K.....
> 0040: 88 4E DB DD 71 34 1A C1 54 DA 46 3F E0 D3 2A AB .N..q4..T.F?..*.
> 0050: 6D 54 22 F5 3A 62 CD 20 6F BA 29 89 D7 DD 91 EE mT".:b. o.).....
> 0060: D3 5C A2 3E A1 5B 41 F5 DF E5 64 43 2D E9 D5 39 .\.>.[A...dC-..9
> 0070: AB D2 A2 DF B7 8B D0 C0 80 19 1C 45 C0 2D 8C E8 ...........E.-..
> 0080: F8 2D A4 74 56 49 C5 05 B5 4F 15 DE 6E 44 78 39 .-.tVI...O..nDx9
> 0090: 87 A8 7E BB F3 79 18 91 BB F4 6F 9D C1 F0 8C 35 .....y....o....5
> 00A0: 8C 5D 01 FB C3 6D B9 EF 44 6D 79 46 31 7E 0A FE .]...m..DmyF1...
> 00B0: A9 82 C1 FF EF AB 6E 20 C4 50 C9 5F 9D 4D 9B 17 ......n .P._.M..
> 00C0: 8C 0C E5 01 C9 A0 41 6A 73 53 FA A5 50 B4 6E 25 ......AjsS..P.n%
> 00D0: 0F FB 4C 18 F4 FD 52 D9 8E 69 B1 E8 11 0F DE 88 ..L...R..i......
> 00E0: D8 FB 1D 49 F7 AA DE 95 CF 20 78 C2 60 12 DB 25 ...I..... x.`..%
> 00F0: 40 8C 6A FC 7E 42 38 40 64 12 F7 9E 81 E1 93 2E @.j..B8@d.......
>
> ]
> main, READ: TLSv1 Handshake, length = 4
> *** ServerHelloDone
> *** ClientKeyExchange, RSA PreMasterSecret, TLSv1
> main, WRITE: TLSv1 Handshake, length = 262
> SESSION KEYGEN:
> PreMaster Secret:
> 0000: 03 01 21 B5 D6 C8 83 20 13 CE 9D 81 F5 A8 8A 41 ..!.... .......A
> 0010: DF 7C 00 1F DC 55 1E 03 F5 B9 A6 AE FE F5 EF 8F .....U..........
> 0020: D8 30 2C 83 3C 66 40 9E D2 EF 06 88 16 AB 4F 87 .0,.<f@.......O.
> CONNECTION KEYGEN:
> Client Nonce:
> 0000: 56 C9 33 40 B5 33 F0 5B D5 80 FD 82 AF 01 78 90 V.3@.3.[......x.
> 0010: AF 2F 54 FF 6E B0 5A 0C 01 DE 1A E4 D9 FD CC B7 ./T.n.Z.........
> Server Nonce:
> 0000: F1 37 7D EC 40 57 7E A9 83 A6 83 35 2F 74 84 7B .7..@W.....5/t..
> 0010: 60 EF D6 D4 CD E9 3C 2B 2F D7 2A F1 46 47 C1 A3 `.....<+/.*.FG..
> Master Secret:
> 0000: 6D 69 DA AA B3 B5 32 CB 23 3A 65 0E B9 82 0D A0 mi....2.#:e.....
> 0010: F1 BA CC 1D 5C 40 AE 40 5F A2 C5 93 4D 1A A0 4E ....\@.@_...M..N
> 0020: A0 87 22 6E FF D9 64 05 8F 92 EF 8D AE 07 49 54 .."n..d.......IT
> Client MAC write Secret:
> 0000: C8 43 0C 40 43 8B B0 CE 7A 2F 0E 1F 03 D3 54 B8 .C.@C...z/....T.
> 0010: DE 34 8F 90 .4..
> Server MAC write Secret:
> 0000: 6E 93 C2 22 EA EF 6B 2D 28 E1 65 8E 34 48 32 1E n.."..k-(.e.4H2.
> 0010: 95 21 57 ED .!W.
> Client write key:
> 0000: AE 53 70 D1 87 6C 8B 09 E0 17 84 19 F1 6E 48 47 .Sp..l.......nHG
> Server write key:
> 0000: 27 4C EC 7F 63 08 FA EA 47 FB 1C F3 05 90 D3 9E 'L..c...G.......
> Client write IV:
> 0000: CD FC 9B 82 6C 44 5E 83 FF 64 B1 B8 E1 76 87 97 ....lD^..d...v..
> Server write IV:
> 0000: 4F 4B 7D D1 22 0F 57 1A 87 8D 67 51 F1 95 87 EA OK..".W...gQ....
> main, WRITE: TLSv1 Change Cipher Spec, length = 1
> *** Finished
> verify_data: { 102, 197, 238, 191, 74, 233, 79, 51, 129, 63, 254, 62 }
> ***
> main, WRITE: TLSv1 Handshake, length = 48
> main, READ: TLSv1 Change Cipher Spec, length = 1
> main, READ: TLSv1 Handshake, length = 48
> *** Finished
> verify_data: { 126, 240, 234, 164, 31, 72, 200, 61, 37, 219, 129, 50 }
> ***
> %% Cached client session: [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]
> main, WRITE: TLSv1 Application Data, length = 176
> main, handling exception: java.net.SocketException: Connection reset
> %% Invalidated: [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]
> main, SEND TLSv1 ALERT: fatal, description = unexpected_message
> main, WRITE: TLSv1 Alert, length = 32
> main, Exception sending alert: java.net.SocketException: Connection reset
> by peer: socket write error
> main, called closeSocket()
> main, called close()
> main, called closeInternal(true)
It looks like the server may not like the TLS_RSA_WITH_AES_128_CBC_SHA
cipher chosen by the client.
Oleg
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org
For additional commands, e-mail: httpclient-users-h...@hc.apache.org
