Hi Devs, We are seeing following[1] SSL handshake logs continuously after starting the ESB. This can be seen when the server is started with the following command.
sh wso2server.sh -Djavax.net.debug=ssl:handshake These logs are printed in the carbon log continuously even though we are not sending any request to ESB. This was not there in ESB 5.0.0 Beta pack. Did anyone encountered a similar issue? [1] *** ClientHello, TLSv1.2 RandomCookie: GMT: 1451623051 bytes = { 98, 83, 62, 146, 217, 212, 181, 158, 111, 193, 193, 158, 75, 176, 45, 95, 157, 76, 60, 41, 180, 242, 30, 165, 127, 209, 136, 165 } Session ID: {87, 133, 253, 130, 65, 120, 180, 150, 106, 104, 99, 252, 181, 108, 210, 214, 34, 59, 117, 37, 88, 33, 223, 44, 110, 103, 27, 250, 226, 46, 168, 40} Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV] Compression Methods: { 0 } Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1} Extension ec_point_formats, formats: [uncompressed] Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA *** %% Resuming [Session-1, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256] *** ServerHello, TLSv1.2 RandomCookie: GMT: 1451623051 bytes = { 114, 182, 182, 220, 47, 131, 165, 58, 169, 65, 123, 167, 113, 251, 13, 217, 230, 92, 46, 235, 0, 146, 61, 209, 1, 11, 52, 243 } Session ID: {87, 133, 253, 130, 65, 120, 180, 150, 106, 104, 99, 252, 181, 108, 210, 214, 34, 59, 117, 37, 88, 33, 223, 44, 110, 103, 27, 250, 226, 46, 168, 40} Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 Compression Method: 0 Extension renegotiation_info, renegotiated_connection: <empty> *** Cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 CONNECTION KEYGEN: Client Nonce: 0000: 57 86 03 8B 62 53 3E 92 D9 D4 B5 9E 6F C1 C1 9E W...bS>.....o... 0010: 4B B0 2D 5F 9D 4C 3C 29 B4 F2 1E A5 7F D1 88 A5 K.-_.L<)........ Server Nonce: 0000: 57 86 03 8B 72 B6 B6 DC 2F 83 A5 3A A9 41 7B A7 W...r.../..:.A.. 0010: 71 FB 0D D9 E6 5C 2E EB 00 92 3D D1 01 0B 34 F3 q....\....=...4. Master Secret: 0000: 07 62 4F D6 DD 5F B9 02 FF 13 5A 67 B5 AF F4 54 .bO.._....Zg...T 0010: AF A3 8F DB 4B EE 7D A6 F0 21 9B 40 B4 64 59 C7 ....K....!.@.dY. 0020: 1A 46 6B 06 B2 59 F9 3D 5B 41 A4 38 F6 C0 3B B2 .Fk..Y.=[A.8..;. Client MAC write Secret: 0000: B9 23 FE 7E AA 03 36 0B C1 AB 8C 3C F2 C4 43 03 .#....6....<..C. 0010: A8 28 DF DB 07 3C FA 48 F4 60 D6 8D B6 09 E0 49 .(...<.H.`.....I Server MAC write Secret: 0000: 79 7A AF 05 68 CA E7 40 C2 AF 2E 05 02 1C ED 4E yz..h..@.......N 0010: 74 03 4F E6 26 BD 47 60 40 B7 47 90 D0 95 74 04 t.O.&.G`@.G...t. Client write key: 0000: 9B C5 33 41 CB 46 E4 27 80 00 D8 26 22 51 62 66 ..3A.F.'...&"Qbf Server write key: 0000: 99 F8 08 74 95 B8 4F CA 10 56 41 25 0C 6D 7D 6E ...t..O..VA%.m.n ... no IV derived for this protocol http-nio-9443-exec-14, WRITE: TLSv1.2 Handshake, length = 81 http-nio-9443-exec-14, WRITE: TLSv1.2 Change Cipher Spec, length = 1 *** Finished verify_data: { 34, 13, 158, 199, 232, 62, 238, 170, 75, 167, 35, 35 } *** http-nio-9443-exec-14, WRITE: TLSv1.2 Handshake, length = 80 http-nio-9443-exec-17, READ: TLSv1.2 Change Cipher Spec, length = 1 http-nio-9443-exec-9, READ: TLSv1.2 Handshake, length = 80 *** Finished verify_data: { 227, 105, 49, 249, 16, 87, 205, 237, 68, 143, 188, 57 } *** http-nio-9443-exec-9, WRITE: TLSv1.2 Application Data, length = 374 http-nio-9443-exec-21, READ: TLSv1.2 Alert, length = 64 http-nio-9443-exec-21, RECV TLSv1.2 ALERT: warning, close_notify http-nio-9443-exec-21, closeInboundInternal() http-nio-9443-exec-21, closeOutboundInternal() http-nio-9443-exec-21, SEND TLSv1.2 ALERT: warning, description = close_notify http-nio-9443-exec-21, WRITE: TLSv1.2 Alert, length = 64 http-nio-9443-exec-21, called closeOutbound() http-nio-9443-exec-21, closeOutboundInternal() Using SSLEngineImpl. Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Allow unsafe renegotiation: false Allow legacy hello messages: true Is initial handshake: true Is secure renegotiation: false Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1 http-nio-9443-exec-16, READ: TLSv1.2 Handshake, length = 267 -- Thank you and Best Regards, Chanaka Fernando Senior Technical Lead WSO2, Inc.; http://wso2.com lean.enterprise.middleware mobile: +94 773337238 Blog : http://soatutorials.blogspot.com LinkedIn:http://www.linkedin.com/pub/chanaka-fernando/19/a20/5b0 Twitter:https://twitter.com/chanakaudaya
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev