Hi Devs,
We are seeing following[1] SSL handshake logs continuously after starting
the ESB. This can be seen when the server is started with the following
command.
sh wso2server.sh -Djavax.net.debug=ssl:handshake
These logs are printed in the carbon log continuously even though we are
not sending any request to ESB. This was not there in ESB 5.0.0 Beta pack.
Did anyone encountered a similar issue?
[1] *** ClientHello, TLSv1.2
RandomCookie: GMT: 1451623051 bytes = { 98, 83, 62, 146, 217, 212, 181,
158, 111, 193, 193, 158, 75, 176, 45, 95, 157, 76, 60, 41, 180, 242, 30,
165, 127, 209, 136, 165 }
Session ID: {87, 133, 253, 130, 65, 120, 180, 150, 106, 104, 99, 252, 181,
108, 210, 214, 34, 59, 117, 37, 88, 33, 223, 44, 110, 103, 27, 250, 226,
46, 168, 40}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256,
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA,
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384,
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2,
secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1,
secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1,
secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1,
sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA,
SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA,
SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA,
SHA1withDSA
***
%% Resuming [Session-1, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256]
*** ServerHello, TLSv1.2
RandomCookie: GMT: 1451623051 bytes = { 114, 182, 182, 220, 47, 131, 165,
58, 169, 65, 123, 167, 113, 251, 13, 217, 230, 92, 46, 235, 0, 146, 61,
209, 1, 11, 52, 243 }
Session ID: {87, 133, 253, 130, 65, 120, 180, 150, 106, 104, 99, 252, 181,
108, 210, 214, 34, 59, 117, 37, 88, 33, 223, 44, 110, 103, 27, 250, 226,
46, 168, 40}
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
Cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
CONNECTION KEYGEN:
Client Nonce:
0000: 57 86 03 8B 62 53 3E 92 D9 D4 B5 9E 6F C1 C1 9E W...bS>.....o...
0010: 4B B0 2D 5F 9D 4C 3C 29 B4 F2 1E A5 7F D1 88 A5 K.-_.L<)........
Server Nonce:
0000: 57 86 03 8B 72 B6 B6 DC 2F 83 A5 3A A9 41 7B A7 W...r.../..:.A..
0010: 71 FB 0D D9 E6 5C 2E EB 00 92 3D D1 01 0B 34 F3 q....\....=...4.
Master Secret:
0000: 07 62 4F D6 DD 5F B9 02 FF 13 5A 67 B5 AF F4 54 .bO.._....Zg...T
0010: AF A3 8F DB 4B EE 7D A6 F0 21 9B 40 B4 64 59 C7 ....K....!.@.dY.
0020: 1A 46 6B 06 B2 59 F9 3D 5B 41 A4 38 F6 C0 3B B2 .Fk..Y.=[A.8..;.
Client MAC write Secret:
0000: B9 23 FE 7E AA 03 36 0B C1 AB 8C 3C F2 C4 43 03 .#....6....<..C.
0010: A8 28 DF DB 07 3C FA 48 F4 60 D6 8D B6 09 E0 49 .(...<.H.`.....I
Server MAC write Secret:
0000: 79 7A AF 05 68 CA E7 40 C2 AF 2E 05 02 1C ED 4E yz..h..@.......N
0010: 74 03 4F E6 26 BD 47 60 40 B7 47 90 D0 95 74 04 t.O.&.G`@.G...t.
Client write key:
0000: 9B C5 33 41 CB 46 E4 27 80 00 D8 26 22 51 62 66 ..3A.F.'...&"Qbf
Server write key:
0000: 99 F8 08 74 95 B8 4F CA 10 56 41 25 0C 6D 7D 6E ...t..O..VA%.m.n
... no IV derived for this protocol
http-nio-9443-exec-14, WRITE: TLSv1.2 Handshake, length = 81
http-nio-9443-exec-14, WRITE: TLSv1.2 Change Cipher Spec, length = 1
*** Finished
verify_data: { 34, 13, 158, 199, 232, 62, 238, 170, 75, 167, 35, 35 }
***
http-nio-9443-exec-14, WRITE: TLSv1.2 Handshake, length = 80
http-nio-9443-exec-17, READ: TLSv1.2 Change Cipher Spec, length = 1
http-nio-9443-exec-9, READ: TLSv1.2 Handshake, length = 80
*** Finished
verify_data: { 227, 105, 49, 249, 16, 87, 205, 237, 68, 143, 188, 57 }
***
http-nio-9443-exec-9, WRITE: TLSv1.2 Application Data, length = 374
http-nio-9443-exec-21, READ: TLSv1.2 Alert, length = 64
http-nio-9443-exec-21, RECV TLSv1.2 ALERT: warning, close_notify
http-nio-9443-exec-21, closeInboundInternal()
http-nio-9443-exec-21, closeOutboundInternal()
http-nio-9443-exec-21, SEND TLSv1.2 ALERT: warning, description =
close_notify
http-nio-9443-exec-21, WRITE: TLSv1.2 Alert, length = 64
http-nio-9443-exec-21, called closeOutbound()
http-nio-9443-exec-21, closeOutboundInternal()
Using SSLEngineImpl.
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for
TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for
TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for
TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for
TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for
TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for
TLSv1.1
http-nio-9443-exec-16, READ: TLSv1.2 Handshake, length = 267
--
Thank you and Best Regards,
Chanaka Fernando
Senior Technical Lead
WSO2, Inc.; http://wso2.com
lean.enterprise.middleware
mobile: +94 773337238
Blog : http://soatutorials.blogspot.com
LinkedIn:http://www.linkedin.com/pub/chanaka-fernando/19/a20/5b0
Twitter:https://twitter.com/chanakaudaya
_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
