Hi Chanaka, It looks like this is not related to request processing. Have you accessed the management console after starting the server ?
"http-nio-9443-exec-16" gives the idea that this is happening from servlet transport. On Wed, Jul 13, 2016 at 2:35 PM, Chanaka Fernando <[email protected]> wrote: > Hi Devs, > > We are seeing following[1] SSL handshake logs continuously after starting > the ESB. This can be seen when the server is started with the following > command. > > sh wso2server.sh -Djavax.net.debug=ssl:handshake > > These logs are printed in the carbon log continuously even though we are > not sending any request to ESB. This was not there in ESB 5.0.0 Beta pack. > Did anyone encountered a similar issue? > > [1] *** ClientHello, TLSv1.2 > RandomCookie: GMT: 1451623051 bytes = { 98, 83, 62, 146, 217, 212, 181, > 158, 111, 193, 193, 158, 75, 176, 45, 95, 157, 76, 60, 41, 180, 242, 30, > 165, 127, 209, 136, 165 } > Session ID: {87, 133, 253, 130, 65, 120, 180, 150, 106, 104, 99, 252, > 181, 108, 210, 214, 34, 59, 117, 37, 88, 33, 223, 44, 110, 103, 27, 250, > 226, 46, 168, 40} > Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, > TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, > TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, > TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, > TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, > TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, > TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, > TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, > TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, > TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, > TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, > TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, > TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, > TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, > TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, > TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, > TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, > TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, > TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, > TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, > TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, > TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, > TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, > SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, > TLS_EMPTY_RENEGOTIATION_INFO_SCSV] > Compression Methods: { 0 } > Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, > secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, > secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, > secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, > sect193r2, secp224k1, sect239k1, secp256k1} > Extension ec_point_formats, formats: [uncompressed] > Extension signature_algorithms, signature_algorithms: SHA512withECDSA, > SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, > SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, > SHA1withDSA > *** > %% Resuming [Session-1, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256] > *** ServerHello, TLSv1.2 > RandomCookie: GMT: 1451623051 bytes = { 114, 182, 182, 220, 47, 131, 165, > 58, 169, 65, 123, 167, 113, 251, 13, 217, 230, 92, 46, 235, 0, 146, 61, > 209, 1, 11, 52, 243 } > Session ID: {87, 133, 253, 130, 65, 120, 180, 150, 106, 104, 99, 252, > 181, 108, 210, 214, 34, 59, 117, 37, 88, 33, 223, 44, 110, 103, 27, 250, > 226, 46, 168, 40} > Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 > Compression Method: 0 > Extension renegotiation_info, renegotiated_connection: <empty> > *** > Cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 > CONNECTION KEYGEN: > Client Nonce: > 0000: 57 86 03 8B 62 53 3E 92 D9 D4 B5 9E 6F C1 C1 9E W...bS>.....o... > 0010: 4B B0 2D 5F 9D 4C 3C 29 B4 F2 1E A5 7F D1 88 A5 K.-_.L<)........ > Server Nonce: > 0000: 57 86 03 8B 72 B6 B6 DC 2F 83 A5 3A A9 41 7B A7 W...r.../..:.A.. > 0010: 71 FB 0D D9 E6 5C 2E EB 00 92 3D D1 01 0B 34 F3 q....\....=...4. > Master Secret: > 0000: 07 62 4F D6 DD 5F B9 02 FF 13 5A 67 B5 AF F4 54 .bO.._....Zg...T > 0010: AF A3 8F DB 4B EE 7D A6 F0 21 9B 40 B4 64 59 C7 [email protected]. > 0020: 1A 46 6B 06 B2 59 F9 3D 5B 41 A4 38 F6 C0 3B B2 .Fk..Y.=[A.8..;. > Client MAC write Secret: > 0000: B9 23 FE 7E AA 03 36 0B C1 AB 8C 3C F2 C4 43 03 .#....6....<..C. > 0010: A8 28 DF DB 07 3C FA 48 F4 60 D6 8D B6 09 E0 49 .(...<.H.`.....I > Server MAC write Secret: > 0000: 79 7A AF 05 68 CA E7 40 C2 AF 2E 05 02 1C ED 4E [email protected] > 0010: 74 03 4F E6 26 BD 47 60 40 B7 47 90 D0 95 74 04 t.O.&.G`@.G...t. > Client write key: > 0000: 9B C5 33 41 CB 46 E4 27 80 00 D8 26 22 51 62 66 ..3A.F.'...&"Qbf > Server write key: > 0000: 99 F8 08 74 95 B8 4F CA 10 56 41 25 0C 6D 7D 6E ...t..O..VA%.m.n > ... no IV derived for this protocol > http-nio-9443-exec-14, WRITE: TLSv1.2 Handshake, length = 81 > http-nio-9443-exec-14, WRITE: TLSv1.2 Change Cipher Spec, length = 1 > *** Finished > verify_data: { 34, 13, 158, 199, 232, 62, 238, 170, 75, 167, 35, 35 } > *** > http-nio-9443-exec-14, WRITE: TLSv1.2 Handshake, length = 80 > http-nio-9443-exec-17, READ: TLSv1.2 Change Cipher Spec, length = 1 > http-nio-9443-exec-9, READ: TLSv1.2 Handshake, length = 80 > *** Finished > verify_data: { 227, 105, 49, 249, 16, 87, 205, 237, 68, 143, 188, 57 } > *** > http-nio-9443-exec-9, WRITE: TLSv1.2 Application Data, length = 374 > http-nio-9443-exec-21, READ: TLSv1.2 Alert, length = 64 > http-nio-9443-exec-21, RECV TLSv1.2 ALERT: warning, close_notify > http-nio-9443-exec-21, closeInboundInternal() > http-nio-9443-exec-21, closeOutboundInternal() > http-nio-9443-exec-21, SEND TLSv1.2 ALERT: warning, description = > close_notify > http-nio-9443-exec-21, WRITE: TLSv1.2 Alert, length = 64 > http-nio-9443-exec-21, called closeOutbound() > http-nio-9443-exec-21, closeOutboundInternal() > Using SSLEngineImpl. > Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 > Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA > Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 > Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA > Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 > Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 > Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA > Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 > Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 > Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384 > Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 > Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 > Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA > Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 > Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 > Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 > Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA > Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 > Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA > Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA > Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 > Allow unsafe renegotiation: false > Allow legacy hello messages: true > Is initial handshake: true > Is secure renegotiation: false > Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 > for TLSv1 > Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 > for TLSv1 > Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 > for TLSv1 > Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 > for TLSv1 > Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for > TLSv1 > Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for > TLSv1 > Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 > for TLSv1.1 > Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 > for TLSv1.1 > Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 > for TLSv1.1 > Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 > for TLSv1.1 > Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for > TLSv1.1 > Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for > TLSv1.1 > http-nio-9443-exec-16, READ: TLSv1.2 Handshake, length = 267 > > -- > Thank you and Best Regards, > Chanaka Fernando > Senior Technical Lead > WSO2, Inc.; http://wso2.com > lean.enterprise.middleware > > mobile: +94 773337238 > Blog : http://soatutorials.blogspot.com > LinkedIn:http://www.linkedin.com/pub/chanaka-fernando/19/a20/5b0 > Twitter:https://twitter.com/chanakaudaya > > > > > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- *Isuru Udana* Technical Lead WSO2 Inc.; http://wso2.com email: [email protected] cell: +94 77 3791887 blog: http://mytecheye.blogspot.com/
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
