Will do, but not before tomorrow (I will also share the client side code). That said there is nothing special about the keymanager. Like I said before it sends the cert when using „want client with“, it just seems it may be too late.
Bye Norman > Am 15.09.2018 um 08:26 schrieb Bradford Wetmore <bradford.wetm...@oracle.com>: > > It would greatly help if you can provide the client side debug output so we > can see what's going on locally: > > -Djavax.net.debug=all or System.setProperty(....) > > Please also let us know if you are using a custom client keymanager. It's > possible that it isn't properly selecting an entity to use, in which case an > empty message will be sent. > > Brad > > >> On 9/14/2018 11:18 PM, Norman Maurer wrote: >> Ok will try to find time today. >>> Am 15.09.2018 um 08:08 schrieb Xuelei Fan <xuelei....@oracle.com>: >>> >>> Hi Norman, >>> >>> I have not had a chance to look into the details. But sure, it helps a lot >>> if you can provide a java client to reproduce the issue. >>> >>> Thanks, >>> Xuelei >>> >>>> On 9/14/2018 10:29 PM, Norman Maurer wrote: >>>> Is there any more details you need ? >>>> Just wondering. If you say so I can also provide a pure jdk client >>>> (without the Netty wrapper) that shows the problem when used with OpenSSL >>>> on the server in the next days. >>>> Bye >>>> Norman >>>>> Am 13.09.2018 um 21:07 schrieb Norman Maurer >>>>> <norman.mau...@googlemail.com>: >>>>> >>>>> Hi all, >>>>> >>>>> I am currently in the process of adding TLS 1.3 support into >>>>> netty-tcnative[1] which uses JNI to make use of OpenSSL for it. During >>>>> this work I noticed that I received test-failures when mutual auth is >>>>> used and the JDK implementation is used on the client side. When using >>>>> the JDK implementation on the server and client side all works as >>>>> expected. Also if I use another protocol (like TLSv1.2) all works as >>>>> expected. >>>>> >>>>> The problem I am observing is that the client seems to sent the >>>>> certificate “too late” and so the server (which uses openssl) will report >>>>> and error that the client did not provide an certificate (even when it >>>>> was required). >>>>> >>>>> To reproduce this you can use openssl s_server like this and just create >>>>> your usual SSLSocket with a KeyManagerFactory configured. >>>>> >>>>> ./bin/openssl s_server -tls1_3 -cert >>>>> ~/Documents/workspace/netty/handler/src/test/resources/io/netty/handler/ssl/test.crt >>>>> -key >>>>> ~/Documents/workspace/netty/handler/src/test/resources/io/netty/handler/ssl/test_unencrypted.pem >>>>> -4 -accept localhost:8443 -state -debug -Verify 1 >>>>> >>>>> When now try to connect to it via the JDK TLS1.3 implementation I see the >>>>> following output: >>>>> SSL_accept:before SSL initialization >>>>> read from 0x7fe400f050c0 [0x7fe40300f603] (5 bytes => 5 (0x5)) >>>>> 0000 - 16 03 03 01 60 ....` >>>>> read from 0x7fe400f050c0 [0x7fe40300f608] (352 bytes => 352 (0x160)) >>>>> 0000 - 01 00 01 5c 03 03 22 da-02 d7 86 40 6e 7d c5 a7 ...\.."....@n}.. >>>>> 0010 - ea 34 47 a4 fa d0 bb 92-f5 62 ec f6 21 e5 ec da .4G......b..!... >>>>> 0020 - d6 6b 75 aa b9 34 20 b7-57 a6 83 7b c8 bc a2 0f .ku..4 .W..{.... >>>>> 0030 - 52 82 11 6f a3 1a 84 c5-4b fd e0 80 58 3c 2a bf R..o....K...X<*. >>>>> 0040 - af 54 32 4c 7d 4f fe 00-14 c0 2c c0 2b c0 2f c0 .T2L}O....,.+./. >>>>> 0050 - 13 c0 14 00 9c 00 2f 00-35 13 01 13 02 01 00 00 ....../.5....... >>>>> 0060 - ff 00 05 00 05 01 00 00-00 00 00 0a 00 20 00 1e ............. .. >>>>> 0070 - 00 17 00 18 00 19 00 09-00 0a 00 0b 00 0c 00 0d ................ >>>>> 0080 - 00 0e 00 16 01 00 01 01-01 02 01 03 01 04 00 0b ................ >>>>> 0090 - 00 02 01 00 00 0d 00 28-00 26 04 03 05 03 06 03 .......(.&...... >>>>> 00a0 - 08 04 08 05 08 06 08 09-08 0a 08 0b 04 01 05 01 ................ >>>>> 00b0 - 06 01 04 02 03 03 03 01-03 02 02 03 02 01 02 02 ................ >>>>> 00c0 - 00 32 00 28 00 26 04 03-05 03 06 03 08 04 08 05 .2.(.&.......... >>>>> 00d0 - 08 06 08 09 08 0a 08 0b-04 01 05 01 06 01 04 02 ................ >>>>> 00e0 - 03 03 03 01 03 02 02 03-02 01 02 02 00 11 00 09 ................ >>>>> 00f0 - 00 07 02 00 04 00 00 00-00 00 17 00 00 00 2b 00 ..............+. >>>>> 0100 - 09 08 03 04 03 03 03 02-03 01 00 2d 00 02 01 01 ...........-.... >>>>> 0110 - 00 33 00 47 00 45 00 17-00 41 04 4e da b3 f2 63 .3.G.E...A.N...c >>>>> 0120 - ee 6e bf e3 af 73 be c9-92 c5 ec 70 ff c7 64 b8 .n...s.....p..d. >>>>> 0130 - 8a 9a cc fd f9 d6 36 ef-ce e0 dc 81 01 2f 87 57 ......6....../.W >>>>> 0140 - 56 f0 e4 2d 8b c8 73 14-eb 5f 21 0a 5e 94 46 ba V..-..s.._!.^.F. >>>>> 0150 - de d1 33 57 4c b5 b3 66-c9 26 fb ff 01 00 01 00 ..3WL..f.&...... >>>>> SSL_accept:before SSL initialization >>>>> SSL_accept:SSLv3/TLS read client hello >>>>> SSL_accept:SSLv3/TLS write server hello >>>>> SSL_accept:SSLv3/TLS write change cipher spec >>>>> SSL_accept:TLSv1.3 write encrypted extensions >>>>> SSL_accept:SSLv3/TLS write certificate request >>>>> SSL_accept:SSLv3/TLS write certificate >>>>> SSL_accept:TLSv1.3 write server certificate verify >>>>> write to 0x7fe400f050c0 [0x7fe403018a00] (1430 bytes => 1430 (0x596)) >>>>> 0000 - 16 03 03 00 9b 02 00 00-97 03 03 bc 7f 3b 07 ad .............;.. >>>>> 0010 - fb 21 9c 6f 7c 4a 9d 84-9a 82 6e 9c 1a b4 e3 5d .!.o|J....n....] >>>>> 0020 - a8 d3 9d 52 a7 e1 93 c3-cc 8c 82 20 b7 57 a6 83 ...R....... .W.. >>>>> 0030 - 7b c8 bc a2 0f 52 82 11-6f a3 1a 84 c5 4b fd e0 {....R..o....K.. >>>>> 0040 - 80 58 3c 2a bf af 54 32-4c 7d 4f fe 13 01 00 00 .X<*..T2L}O..... >>>>> 0050 - 4f 00 2b 00 02 03 04 00-33 00 45 00 17 00 41 04 O.+.....3.E...A. >>>>> 0060 - 7d 81 11 ab ff a6 60 e7-5f 23 82 ed 22 35 76 24 }.....`._#.."5v$ >>>>> 0070 - b0 47 09 25 0c 79 b9 07-5b 3e 28 b7 3c d8 d3 ce .G.%.y..[>(.<... >>>>> 0080 - 6b 89 c6 01 21 28 c9 97-ae 50 a5 e7 43 35 ae c7 k...!(...P..C5.. >>>>> 0090 - 73 10 60 62 57 25 9b c9-f1 93 28 70 03 44 e1 a0 s.`bW%....(p.D.. >>>>> 00a0 - 14 03 03 00 01 01 17 03-03 00 27 0f 8b fb 2d 33 ..........'...-3 >>>>> 00b0 - 72 c6 a8 28 0b 7d e1 c3-b7 d0 f3 d9 18 5b ca e0 r..(.}.......[.. >>>>> 00c0 - 56 09 74 48 ba 28 16 1c-15 11 d9 fa 6e b3 bc b9 V.tH.(......n... >>>>> 00d0 - 4d 54 17 03 03 00 42 35-53 5b 9a 8e 09 df 86 c4 MT....B5S[...... >>>>> 00e0 - 00 28 05 6d a8 c9 bb 38-e2 77 72 73 25 26 e3 65 .(.m...8.wrs%&.e >>>>> 00f0 - 58 d8 fd 15 8a ce ea 97-8a 50 1e e3 f9 c5 dc 96 X........P...... >>>>> 0100 - f0 3b 3c 0a 12 41 58 9d-ab f8 3a 28 0a 1f 61 e9 .;<..AX...:(..a. >>>>> 0110 - df 68 a9 1f 84 66 f7 5b-d7 17 03 03 03 20 8f b5 .h...f.[..... .. >>>>> 0120 - b4 52 44 80 d0 b9 63 3d-80 9c 8b 02 fc f3 d5 bb .RD...c=........ >>>>> 0130 - a9 2a 4f 5b 4a cc 77 78-96 75 95 20 b8 12 c4 a6 .*O[J.wx.u. .... >>>>> 0140 - e6 82 ea 56 56 e2 5f 97-65 99 7e 6e 3d b1 66 ee ...VV._.e.~n=.f. >>>>> 0150 - 10 4c f7 6d 9b 73 86 14-7a 81 f8 b1 27 af 08 ee .L.m.s..z...'... >>>>> 0160 - ce 26 90 34 73 3d b7 45-8d 85 29 a8 65 19 e7 02 .&.4s=.E..).e... >>>>> 0170 - e5 55 4a 27 f1 b1 6a a4-11 cc 6c af 78 6d 22 5c .UJ'..j...l.xm"\ >>>>> 0180 - 33 73 e3 ad 7f 8d 1b d3-75 95 66 64 2d 0e f1 3e 3s......u.fd-..> >>>>> 0190 - c2 30 df a1 7e ce a3 50-c3 4e 68 f6 36 b3 4e 45 .0..~..P.Nh.6.NE >>>>> 01a0 - 9c ac e9 f2 0d 7c e3 73-6a 40 ab 6e 6e f9 d8 20 .....|.sj@.nn.. >>>>> 01b0 - 9c f3 04 32 cd 1d df 18-e5 4d e3 e8 b1 38 59 f8 ...2.....M...8Y. >>>>> 01c0 - 28 67 2e ca af a2 8b 88-ce ca 48 a6 07 2b a6 9a (g........H..+.. >>>>> 01d0 - 0e 88 5b d7 0b d9 31 77-97 8d 6c 2b f5 60 24 61 ..[...1w..l+.`$a >>>>> 01e0 - a8 5c 47 5d 7c 66 f0 9b-1f e4 76 93 38 f6 78 3e .\G]|f....v.8.x> >>>>> 01f0 - 69 29 72 f9 d9 4b cb 05-03 e4 f2 d6 24 e1 91 ee i)r..K......$... >>>>> 0200 - 85 37 d7 7b c3 5c 35 90-08 cd b1 cc 76 11 fc 00 .7.{.\5.....v... >>>>> 0210 - 12 7e 89 7b 70 e6 ca fe-0b 26 b6 bb ac fe 4b 9f .~.{p....&....K. >>>>> 0220 - ec cf 41 69 42 3a 3e 41-f9 b0 c0 93 5b 70 1f c7 ..AiB:>A....[p.. >>>>> 0230 - 11 00 3d ec 66 5a 1a ca-31 89 22 27 02 dd a0 cb ..=.fZ..1."'.... >>>>> 0240 - 39 14 25 ee 30 44 e8 62-97 bf 8e 16 63 40 c4 11 9.%.0D.b....c@.. >>>>> 0250 - a6 d9 32 b1 3c 86 35 bb-9f f1 4d 71 9f a5 4f 78 ..2.<.5...Mq..Ox >>>>> 0260 - 0a e8 96 dd 4d 10 c3 48-f2 db 67 57 2d cd dc 23 ....M..H..gW-..# >>>>> 0270 - 3a 8d 6a 61 47 20 ff c8-33 cd e9 f7 47 4c 68 4f :.jaG ..3...GLhO >>>>> 0280 - 19 2f 8b e3 b1 90 ac 66-a7 cf 5c e6 d2 05 21 25 ./.....f..\...!% >>>>> 0290 - d2 d8 f0 43 8c 55 01 ef-d6 8f c0 27 87 0d 21 d5 ...C.U.....'..!. >>>>> 02a0 - 2b 2b 6f db e8 85 ea cd-6e 9c 5d 56 d5 31 c1 f2 ++o.....n.]V.1.. >>>>> 02b0 - 97 2f 5a 83 7a 2b 71 03-65 e0 b6 4a 56 37 de e1 ./Z.z+q.e..JV7.. >>>>> 02c0 - 80 3a c4 cc 5a ac 3b 9a-7a bf f7 6b fe a8 69 e9 .:..Z.;.z..k..i. >>>>> 02d0 - 58 09 59 bd 46 bd d2 a3-bc ad 1c 10 53 c8 29 7b X.Y.F.......S.){ >>>>> 02e0 - be 63 00 d6 e5 a8 d6 ab-b2 bc 8b e1 2c 0e 24 2a .c..........,.$* >>>>> 02f0 - c2 31 2d d8 6e 1f 19 93-d7 54 e1 1e 28 ce 72 83 .1-.n....T..(.r. >>>>> 0300 - ff 05 18 f2 fc e9 0c b3-0c 1b d5 96 c2 d8 fc 76 ...............v >>>>> 0310 - 37 a9 5a ef 8e e9 b6 71-21 f3 bd c1 85 23 85 22 7.Z....q!....#." >>>>> 0320 - 3d c4 1c c9 31 8b 7e 00-8f 8e b4 9f 05 d4 80 6b =...1.~........k >>>>> 0330 - 98 4c a8 82 68 ff 1a a5-28 e2 9b 03 a1 a7 b1 00 .L..h...(....... >>>>> 0340 - 02 2b 2d e2 e1 87 8c e8-0a fb 0b 79 54 ca 3d d5 .+-........yT.=. >>>>> 0350 - 6a dd b7 b7 87 42 2b 47-49 da e9 0a 82 0a c9 8f j....B+GI....... >>>>> 0360 - 57 f7 1e 03 ca 8d 16 bc-21 3a 6a ee b9 b8 fa f0 W.......!:j..... >>>>> 0370 - d9 18 35 9f 35 ac d8 6e-9a 8a 0d 56 10 1e 1f 5a ..5.5..n...V...Z >>>>> 0380 - ba ec e4 fe 1a 92 b4 31-35 43 1d 99 b9 12 fa ff .......15C...... >>>>> 0390 - 99 2b 88 e0 58 ec 9c dc-8f 67 ef 2a c2 e2 64 5d .+..X....g.*..d] >>>>> 03a0 - 66 76 1c d0 aa 00 30 59-b1 f5 b1 55 9f ad 60 e9 fv....0Y...U..`. >>>>> 03b0 - 3d 03 1e d0 8b 4d bf 74-ac bc bb 1c 83 14 c5 e0 =....M.t........ >>>>> 03c0 - f4 fc 70 9e f4 22 a0 78-04 fe c8 b1 17 65 f6 94 ..p..".x.....e.. >>>>> 03d0 - 47 82 50 4a b6 32 74 ae-5b 38 5a 2e d9 b0 6a 45 G.PJ.2t.[8Z...jE >>>>> 03e0 - 74 e8 f0 22 fe d3 b0 11-c3 fd 72 4f da 77 7a ba t.."......rO.wz. >>>>> 03f0 - 26 3e 61 0c 63 21 17 a6-b2 13 6e 71 5c f2 0d ad &>a.c!....nq\... >>>>> 0400 - f2 d1 19 71 51 9e a4 1b-b0 30 24 e0 71 7d 87 80 ...qQ....0$.q}.. >>>>> 0410 - a9 5a e9 bc db e4 4f 50-4d a1 bc bc 2c 4b 66 98 .Z....OPM...,Kf. >>>>> 0420 - d4 e4 b0 76 0f d2 db a5-a5 39 9e f2 5b ea 34 c1 ...v.....9..[.4. >>>>> 0430 - 62 ab 47 51 3b 37 17 45-54 31 18 f3 f1 ca 17 03 b.GQ;7.ET1...... >>>>> 0440 - 03 01 19 dd 50 50 f5 0c-f2 c9 3c b4 8f 63 cc 4a ....PP....<..c.J >>>>> 0450 - a7 50 c9 91 9b 79 9a 2a-5c 47 d3 77 f6 56 69 90 .P...y.*\G.w.Vi. >>>>> 0460 - 98 cd ff bd c1 2a 49 fc-0d d4 7e cc 7e 44 af c4 .....*I...~.~D.. >>>>> 0470 - 61 47 e0 c1 76 b1 8c 2e-df 7e d0 82 e1 89 1f 04 aG..v....~...... >>>>> 0480 - ae 64 bd 71 4d ae 1c 3c-e3 d3 39 5d 61 2a ea 70 .d.qM..<..9]a*.p >>>>> 0490 - 8c 31 6d a0 b1 72 a8 7a-5c 9c 11 08 b8 4d a5 c4 .1m..r.z\....M.. >>>>> 04a0 - ad 1b 38 4a 6a 02 28 d4-d1 0f c8 9f 0b b3 02 18 ..8Jj.(......... >>>>> 04b0 - 82 2b bd 46 82 04 64 f0-41 b2 da f5 cd 9c f7 f3 .+.F..d.A....... >>>>> 04c0 - 73 30 58 ca 12 ec ea 90-85 1c 75 09 0a 70 b8 80 s0X.......u..p.. >>>>> 04d0 - 3d 02 17 3e 9b 83 04 b5-dd 9e e6 18 17 65 83 a5 =..>.........e.. >>>>> 04e0 - 59 7d 4b 98 da bd 8b aa-d6 aa c5 1c 7d 87 56 e3 Y}K.........}.V. >>>>> 04f0 - 74 d8 e9 7b eb b3 3d f7-7c 3c 0a e9 a8 2e 04 0d t..{..=.|<...... >>>>> 0500 - 6a e7 83 e0 ec 99 43 6a-8b 1c 73 59 7a c8 cd 6e j.....Cj..sYz..n >>>>> 0510 - 4a 14 73 ff 9a fb 71 94-d5 50 a9 d9 e0 dd 02 4c J.s...q..P.....L >>>>> 0520 - 2b 67 9e da 9e fa 2d 67-49 df 13 10 ed 35 3e 73 +g....-gI....5>s >>>>> 0530 - 07 20 17 fb 0b ef f6 d0-b7 68 1c 65 21 a6 e3 3b . .......h.e!..; >>>>> 0540 - bf 7b 84 cd 9e f5 76 2a-0d 4f b8 c3 c8 15 08 e9 .{....v*.O...... >>>>> 0550 - 0f 3c 50 49 12 97 a8 d7-f1 a3 16 da 17 03 03 00 .<PI............ >>>>> 0560 - 35 22 dd a2 9d 25 98 2c-35 b8 00 29 fa a1 dd ba 5"...%.,5..).... >>>>> 0570 - 72 b9 fe e5 85 85 f0 f1-3b 4e f5 7c 58 c8 2a da r.......;N.|X.*. >>>>> 0580 - d2 75 94 3b c1 7a 7c 7e-db 5b fe 8a 2d 3f 8c 9a .u.;.z|~.[..-?.. >>>>> 0590 - 6e 79 ab 2b ff 1a ny.+.. >>>>> SSL_accept:SSLv3/TLS write finished >>>>> SSL_accept:TLSv1.3 early data >>>>> read from 0x7fe400f050c0 [0x7fe40300f603] (5 bytes => 5 (0x5)) >>>>> 0000 - 14 03 03 00 01 ..... >>>>> read from 0x7fe400f050c0 [0x7fe40300f608] (1 bytes => 1 (0x1)) >>>>> 0000 - 01 . >>>>> read from 0x7fe400f050c0 [0x7fe40300f603] (5 bytes => 5 (0x5)) >>>>> 0000 - 17 03 03 00 3d ....= >>>>> read from 0x7fe400f050c0 [0x7fe40300f608] (61 bytes => 61 (0x3D)) >>>>> 0000 - 38 e7 bb 2c 5b af b6 5f-37 d8 3e 7e bb f4 04 f5 8..,[.._7.>~.... >>>>> 0010 - e1 28 b5 e5 07 5a ec ce-da 2f f3 b6 45 61 cf ef .(...Z.../..Ea.. >>>>> 0020 - 90 fb 57 b8 f3 20 45 27-60 d4 26 51 38 77 e4 bc ..W.. E'`.&Q8w.. >>>>> 0030 - b7 64 d4 8b 73 25 41 9e-fe d3 9d 5f 53 .d..s%A...._S >>>>> SSL_accept:TLSv1.3 early data >>>>> write to 0x7fe400f050c0 [0x7fe403018a00] (24 bytes => 24 (0x18)) >>>>> 0000 - 17 03 03 00 13 25 85 60-eb 7d c1 a8 15 49 d5 63 .....%.`.}...I.c >>>>> 0010 - 18 7f c6 ac ed 7f df 77- .......w >>>>> SSL3 alert write:fatal:unknown >>>>> SSL_accept:error in error >>>>> ERROR >>>>> 140736092021632:error:1417C0C7:SSL >>>>> routines:tls_process_client_certificate:peer did not return a >>>>> certificate:ssl/statem/statem_srvr.c:3654: >>>>> shutting down SSL >>>>> CONNECTION CLOSED >>>>> >>>>> >>>>> >>>>> When using openssl s_client all works as expected tho (thats also true if >>>>> I use my native implementation on the client and server side that uses >>>>> openssl): >>>>> >>>>> ./bin/openssl s_client -cert >>>>> ~/Documents/workspace/netty/handler/src/test/resources/io/netty/handler/ssl/test.crt >>>>> -key >>>>> ~/Documents/workspace/netty/handler/src/test/resources/io/netty/handler/ssl/test_unencrypted.pem >>>>> -state -tls1_3 -connect localhost:8443 >>>>> >>>>> The interesting thing is if I use “-verify 1” and not “-Verify 1” with >>>>> openssl which tells it I want to request a certificate but will also >>>>> process if none is provided I receive the certificate at some point as >>>>> seen here: >>>>> >>>>> SSL_accept:before SSL initialization >>>>> read from 0x7fdc58809fb0 [0x7fdc5901da03] (5 bytes => 5 (0x5)) >>>>> 0000 - 16 03 03 01 60 ....` >>>>> read from 0x7fdc58809fb0 [0x7fdc5901da08] (352 bytes => 352 (0x160)) >>>>> 0000 - 01 00 01 5c 03 03 61 c0-b3 ed 88 65 e6 cf 11 3f ...\..a....e...? >>>>> 0010 - c0 e0 f8 df a6 63 32 c2-ab 3d 61 6f 41 ed b1 4b .....c2..=aoA..K >>>>> 0020 - 53 0e 83 e5 a1 b8 20 c7-1b 8c b8 e6 b5 da 4e 4e S..... .......NN >>>>> 0030 - 3f 3c 61 7a ad 58 23 94-a7 32 79 2f db 9f 21 c0 ?<az.X#..2y/..!. >>>>> 0040 - 8e 0c c5 ce b1 c2 a4 00-14 c0 2c c0 2b c0 2f c0 ..........,.+./. >>>>> 0050 - 13 c0 14 00 9c 00 2f 00-35 13 01 13 02 01 00 00 ....../.5....... >>>>> 0060 - ff 00 05 00 05 01 00 00-00 00 00 0a 00 20 00 1e ............. .. >>>>> 0070 - 00 17 00 18 00 19 00 09-00 0a 00 0b 00 0c 00 0d ................ >>>>> 0080 - 00 0e 00 16 01 00 01 01-01 02 01 03 01 04 00 0b ................ >>>>> 0090 - 00 02 01 00 00 0d 00 28-00 26 04 03 05 03 06 03 .......(.&...... >>>>> 00a0 - 08 04 08 05 08 06 08 09-08 0a 08 0b 04 01 05 01 ................ >>>>> 00b0 - 06 01 04 02 03 03 03 01-03 02 02 03 02 01 02 02 ................ >>>>> 00c0 - 00 32 00 28 00 26 04 03-05 03 06 03 08 04 08 05 .2.(.&.......... >>>>> 00d0 - 08 06 08 09 08 0a 08 0b-04 01 05 01 06 01 04 02 ................ >>>>> 00e0 - 03 03 03 01 03 02 02 03-02 01 02 02 00 11 00 09 ................ >>>>> 00f0 - 00 07 02 00 04 00 00 00-00 00 17 00 00 00 2b 00 ..............+. >>>>> 0100 - 09 08 03 04 03 03 03 02-03 01 00 2d 00 02 01 01 ...........-.... >>>>> 0110 - 00 33 00 47 00 45 00 17-00 41 04 52 dc d6 47 6e .3.G.E...A.R..Gn >>>>> 0120 - a1 de 9c 71 c2 54 0e 5c-9b 57 fb c8 aa 3f 19 f7 ...q.T.\.W...?.. >>>>> 0130 - d3 a4 25 12 fa 3f 6c 6d-95 30 66 ca 63 b7 a1 dd ..%..?lm.0f.c... >>>>> 0140 - ae 9f 99 d6 a8 6b 20 4f-29 7a 74 58 ad 58 de 12 .....k O)ztX.X.. >>>>> 0150 - d7 a5 9b 69 dc 27 ac ec-9e d4 04 ff 01 00 01 00 ...i.'.......... >>>>> SSL_accept:before SSL initialization >>>>> SSL_accept:SSLv3/TLS read client hello >>>>> SSL_accept:SSLv3/TLS write server hello >>>>> SSL_accept:SSLv3/TLS write change cipher spec >>>>> SSL_accept:TLSv1.3 write encrypted extensions >>>>> SSL_accept:SSLv3/TLS write certificate request >>>>> SSL_accept:SSLv3/TLS write certificate >>>>> SSL_accept:TLSv1.3 write server certificate verify >>>>> write to 0x7fdc58809fb0 [0x7fdc59025e00] (1430 bytes => 1430 (0x596)) >>>>> 0000 - 16 03 03 00 9b 02 00 00-97 03 03 8b c8 62 48 6c .............bHl >>>>> 0010 - f5 7c 73 d9 17 f8 63 a2-11 27 40 93 09 26 53 06 .|s...c..'@..&S. >>>>> 0020 - b3 62 df 46 26 b6 dc 59-29 b5 58 20 c7 1b 8c b8 .b.F&..Y).X .... >>>>> 0030 - e6 b5 da 4e 4e 3f 3c 61-7a ad 58 23 94 a7 32 79 ...NN?<az.X#..2y >>>>> 0040 - 2f db 9f 21 c0 8e 0c c5-ce b1 c2 a4 13 01 00 00 /..!............ >>>>> 0050 - 4f 00 2b 00 02 03 04 00-33 00 45 00 17 00 41 04 O.+.....3.E...A. >>>>> 0060 - 07 63 1c 19 53 89 68 a8-0f ea 9e 4c 18 6f 2a ad .c..S.h....L.o*. >>>>> 0070 - 2a df eb 17 a2 08 94 c6-e3 c5 97 ae 0f c1 1a d7 *............... >>>>> 0080 - 0d d7 2e 6d 77 3d 30 a0-07 db 70 35 bb 37 dd 1e ...mw=0...p5.7.. >>>>> 0090 - b6 f3 4d cb 13 97 7c 11-63 98 e8 64 2d a7 e6 cc ..M...|.c..d-... >>>>> 00a0 - 14 03 03 00 01 01 17 03-03 00 27 a3 73 d2 ee 2c ..........'.s.., >>>>> 00b0 - 2f 9c 8f 95 7f ca a3 89-bc b4 b3 b2 3c 8b 23 ef /...........<.#. >>>>> 00c0 - 36 66 23 c9 09 02 33 0d-dc 5d 36 61 44 89 8b ef 6f#...3..]6aD... >>>>> 00d0 - fd 13 17 03 03 00 42 f2-5b 3c 0c 27 5e 7f 97 4f ......B.[<.'^..O >>>>> 00e0 - 0f de 8c b9 0a a1 41 c7-c2 1e 92 99 6a d5 bd 12 ......A.....j... >>>>> 00f0 - 38 b6 b7 93 33 e9 8e 0f-44 93 f0 69 58 b6 41 22 8...3...D..iX.A" >>>>> 0100 - 46 e2 4a d5 d6 32 2b b8-a7 ae 3a c2 c5 2f e6 35 F.J..2+...:../.5 >>>>> 0110 - 11 0c f1 9a 35 2a 87 ed-9e 17 03 03 03 20 a7 e2 ....5*....... .. >>>>> 0120 - fe ba c7 10 5b 9c cd 94-67 19 37 2d 46 59 ab 56 ....[...g.7-FY.V >>>>> 0130 - 6b dd a4 10 61 cc ed f1-71 a7 2d 6a 41 2e 2b da k...a...q.-jA.+. >>>>> 0140 - d1 35 fc 01 df 49 e5 90-1d 9b b2 03 0a 81 58 18 .5...I........X. >>>>> 0150 - 96 a1 db 31 19 98 35 5c-87 8f 6e 32 0a e6 c0 aa ...1..5\..n2.... >>>>> 0160 - 9e 8e 72 e2 34 b3 b7 a3-d6 d1 66 c7 ce 93 fe 78 ..r.4.....f....x >>>>> 0170 - 17 c4 71 7c 42 15 c8 af-dc 4f 50 42 51 80 fc bf ..q|B....OPBQ... >>>>> 0180 - fc 54 d5 d8 59 20 9a 90-c4 78 97 9c 2d 4a d5 58 .T..Y ...x..-J.X >>>>> 0190 - be 81 79 23 59 22 9d 27-f8 bd a0 b2 98 b3 47 82 ..y#Y".'......G. >>>>> 01a0 - d3 52 b5 b5 91 ab 5c 76-52 c5 a5 95 2d 03 1c b7 .R....\vR...-... >>>>> 01b0 - 64 4d 0b 88 7f 15 0b c8-a8 90 50 9a b6 b1 9f b7 dM........P..... >>>>> 01c0 - 40 09 f2 5f 39 f8 9a 06-21 4d 67 10 0a 67 08 b6 @.._9...!Mg..g.. >>>>> 01d0 - b5 9a 25 8c d5 ca 31 6a-8a 6b 01 93 7d 6f 1e 52 ..%...1j.k..}o.R >>>>> 01e0 - 98 96 9d fb e8 c1 07 ab-57 98 2d 1e 75 77 ef c2 ........W.-.uw.. >>>>> 01f0 - 49 78 e0 b9 2b 32 23 7e-95 4d 3e 27 00 61 86 0c Ix..+2#~.M>'.a.. >>>>> 0200 - 47 c7 79 e4 ee 9d ba c0-ea 62 f1 0d 8e 4a 91 30 G.y......b...J.0 >>>>> 0210 - bc 4f 5a 98 26 30 66 ec-c4 63 8f 28 d5 1c 61 23 .OZ.&0f..c.(..a# >>>>> 0220 - ea e9 90 4e 36 d9 fa 31-7b 14 27 22 0a ae 9f 64 ...N6..1{.'"...d >>>>> 0230 - 40 3d e5 a0 5c 9d 3c 04-71 09 b0 7a 6b 51 a0 9c @=..\.<.q..zkQ.. >>>>> 0240 - c0 61 32 ce 15 62 8e 29-b1 59 91 c0 17 2c b3 c5 .a2..b.).Y...,.. >>>>> 0250 - f9 ed 07 65 3d 11 de 98-de 62 36 50 74 37 af 2d ...e=....b6Pt7.- >>>>> 0260 - 7d 86 55 c4 3e a2 83 ab-47 8d f2 b2 8d 1d 75 83 }.U.>...G.....u. >>>>> 0270 - b5 e4 41 87 a7 a3 85 b0-5e 4e 2e 9c 8c b0 1b 83 ..A.....^N...... >>>>> 0280 - 7b 54 79 c9 60 ea 7d ed-06 fa dd 24 40 f1 53 9e {Ty.`.}....$@.S. >>>>> 0290 - 43 79 25 53 9c c7 6e 95-ab 9f 96 59 cd b9 7b a8 Cy%S..n....Y..{. >>>>> 02a0 - a0 23 13 69 db a9 c9 e7-1a 8e e1 9b 54 94 1c 44 .#.i........T..D >>>>> 02b0 - 50 08 8b dd eb 4e 2b bb-d7 c9 c2 33 8c a1 b3 65 P....N+....3...e >>>>> 02c0 - 06 e6 9d ac 11 16 21 58-40 8d 59 e6 67 e5 31 02 ......!X@.Y.g.1. >>>>> 02d0 - 15 8d 29 80 20 66 ba c3-56 93 95 5c 65 4b 41 00 ..). f..V..\eKA. >>>>> 02e0 - c5 71 12 12 f5 20 4f 59-be 77 06 10 6e 48 85 5c .q... OY.w..nH.\ >>>>> 02f0 - ff a2 c4 ae fb 4d 95 f5-cc f6 61 20 33 b7 92 1d .....M....a 3... >>>>> 0300 - ac a8 f1 b2 b0 88 c6 7b-8b 00 53 30 6d 4a d1 42 .......{..S0mJ.B >>>>> 0310 - b3 3e 85 f5 84 e1 c6 ab-10 9d 61 03 46 ff 2d 81 .>........a.F.-. >>>>> 0320 - 15 4f 84 d1 4c ee f4 a6-a0 ec 50 60 a0 d1 ff df .O..L.....P`.... >>>>> 0330 - 8a 97 f6 7d fb 8f fb 60-18 d4 f1 1f 92 4d d8 69 ...}...`.....M.i >>>>> 0340 - b1 92 97 44 0f 3c 8a aa-47 07 48 d4 07 2d 3e f2 ...D.<..G.H..->. >>>>> 0350 - c4 a7 16 35 a7 17 71 ef-98 84 24 67 12 58 30 3b ...5..q...$g.X0; >>>>> 0360 - 1d 41 8d e5 12 52 95 64-e5 88 35 99 d7 c3 58 40 .A...R.d..5...X@ >>>>> 0370 - f9 55 9b 9f e5 33 15 70-41 d7 45 ba a4 fc 75 ea .U...3.pA.E...u. >>>>> 0380 - a4 ae f0 68 ea 64 d8 f5-06 68 a9 75 22 4d 43 cc ...h.d...h.u"MC. >>>>> 0390 - ff 50 cc ac 6e fd 43 dd-eb e4 c8 dd 4b 6c 12 bb .P..n.C.....Kl.. >>>>> 03a0 - f1 d4 5e 11 4a 86 90 0b-f8 3a 2e 23 db 61 5a 1f ..^.J....:.#.aZ. >>>>> 03b0 - 7e 11 00 92 21 68 1f b5-ab f2 f8 38 5e 62 ea f8 ~...!h.....8^b.. >>>>> 03c0 - da ef c2 6e a0 b8 20 e4-69 49 b3 1f 15 84 0b 9b ...n.. .iI...... >>>>> 03d0 - ce b0 6f 36 32 7f 7e bf-e8 d7 18 7a 58 60 f4 04 ..o62.~....zX`.. >>>>> 03e0 - cc 36 bf 06 cd ec e5 9b-19 03 96 09 fb af 8f c3 .6.............. >>>>> 03f0 - 98 b4 02 aa e8 55 81 aa-c4 fe 06 81 30 a0 c7 b2 .....U......0... >>>>> 0400 - f8 e2 30 00 d7 a0 54 7f-5f d7 ef a6 f8 41 58 34 ..0...T._....AX4 >>>>> 0410 - f5 f0 18 69 8d e6 7a 23-78 90 8f b1 05 c5 b5 7f ...i..z#x....... >>>>> 0420 - e0 f2 c7 fa c8 36 5b 53-7e cf e6 75 d3 54 b4 69 .....6[S~..u.T.i >>>>> 0430 - 68 43 0d 6a d2 83 cc 13-6d ca bf 83 3c 90 17 03 hC.j....m...<... >>>>> 0440 - 03 01 19 96 dc 49 26 ce-1d 8e 86 3d bd cb 00 5e .....I&....=...^ >>>>> 0450 - ee f6 e7 1d 16 7a ca ef-fa 6d 16 40 b6 99 d0 c1 .....z...m.@.... >>>>> 0460 - df 0b 5f 51 60 a8 24 e0-61 82 13 40 da 88 38 3a .._Q`.$.a..@..8: >>>>> 0470 - 26 1d 80 51 c4 b1 95 35-95 3c 91 35 28 17 49 d8 &..Q...5.<.5(.I. >>>>> 0480 - c3 45 be 32 98 3e 02 07-3b 01 20 2b 51 e1 1a 94 .E.2.>..;. +Q... >>>>> 0490 - b9 be 96 aa 7a 13 09 ff-d5 a9 63 d4 6f 49 cb b5 ....z.....c.oI.. >>>>> 04a0 - 23 ab 7f 8c e2 63 f0 5c-5c 27 1e 04 a8 71 0c c0 #....c.\\'...q.. >>>>> 04b0 - 89 cd ed 18 8d 5b 75 ac-af f3 68 6d cc ba 20 38 .....[u...hm.. 8 >>>>> 04c0 - b5 7c 09 47 29 28 e2 26-57 57 1f f0 f3 18 fd 6f .|.G)(.&WW.....o >>>>> 04d0 - 27 42 a4 e3 de bb e5 d6-09 7d 25 b1 98 97 ad 33 'B.......}%....3 >>>>> 04e0 - 68 35 92 07 80 23 f1 66-20 5d 74 f3 02 c5 51 ff h5...#.f ]t...Q. >>>>> 04f0 - 07 a9 e9 0e 3e 74 da 2e-8f 3b 16 be e6 94 1b 66 ....>t...;.....f >>>>> 0500 - bb b2 a2 1e 7c 7b ff 5e-a4 36 2a ba 0b cd 7f e9 ....|{.^.6*..... >>>>> 0510 - 86 bb 5e 30 f5 57 92 52-82 b6 2e da 71 b7 22 c2 ..^0.W.R....q.". >>>>> 0520 - 90 c4 69 46 07 df 6c 3f-05 8b 19 3e ce b9 75 0d ..iF..l?...>..u. >>>>> 0530 - 4b 97 37 ae 94 e2 d6 3c-91 e6 82 c7 a1 78 79 2c K.7....<.....xy, >>>>> 0540 - 9a a3 d5 45 94 ad e2 c8-ab fd 81 ec 62 87 f7 75 ...E........b..u >>>>> 0550 - e3 70 79 8e 82 3b c5 45-0d d0 33 5f 17 03 03 00 .py..;.E..3_.... >>>>> 0560 - 35 da e0 74 2a 06 41 5a-64 1e 54 94 29 73 43 3f 5..t*.AZd.T.)sC? >>>>> 0570 - e5 24 a8 ba b2 7e 6b 26-82 fc d9 f6 dd 19 05 4a .$...~k&.......J >>>>> 0580 - 2c 1a f3 bb 16 1d 38 95-a6 d3 a8 58 f6 a3 41 c7 ,.....8....X..A. >>>>> 0590 - 92 44 35 24 25 0e .D5$%. >>>>> SSL_accept:SSLv3/TLS write finished >>>>> SSL_accept:TLSv1.3 early data >>>>> read from 0x7fdc58809fb0 [0x7fdc5901da03] (5 bytes => 5 (0x5)) >>>>> 0000 - 14 03 03 00 01 ..... >>>>> read from 0x7fdc58809fb0 [0x7fdc5901da08] (1 bytes => 1 (0x1)) >>>>> 0000 - 01 . >>>>> read from 0x7fdc58809fb0 [0x7fdc5901da03] (5 bytes => 5 (0x5)) >>>>> 0000 - 17 03 03 00 3d ....= >>>>> read from 0x7fdc58809fb0 [0x7fdc5901da08] (61 bytes => 61 (0x3D)) >>>>> 0000 - ad dd 3e d9 ee ab 56 65-50 1c 72 2a d8 62 7f 90 ..>...VeP.r*.b.. >>>>> 0010 - 13 71 7d 37 39 40 fb 89-8f 05 4b 39 44 9d 4d 67 >>>>> .q}7...@....k9d.mg >>>>> 0020 - e3 41 29 b6 3e e8 fe 04-1b 8e eb 7a 4c e2 14 a0 .A).>......zL... >>>>> 0030 - b1 c2 47 3f 94 35 ed ab-8a d1 75 3b ba ..G?.5....u;. >>>>> SSL_accept:TLSv1.3 early data >>>>> SSL_accept:SSLv3/TLS read client certificate >>>>> SSL_accept:SSLv3/TLS read finished >>>>> write to 0x7fdc58809fb0 [0x7fdc59025e00] (223 bytes => 223 (0xDF)) >>>>> 0000 - 17 03 03 00 da 52 1f 48-00 f4 31 13 90 7f 9c c2 .....R.H..1..... >>>>> 0010 - fc 70 1a fc f7 4a 48 e7-31 ad 37 ab b5 2b 4e 5c .p...JH.1.7..+N\ >>>>> 0020 - e8 d8 6d e9 af 6c 4f c1-9e 7b ea ff ef b3 eb 74 ..m..lO..{.....t >>>>> 0030 - 27 67 10 21 66 5b 32 13-31 bc 99 d5 1c 6c 79 55 'g.!f[2.1....lyU >>>>> 0040 - f3 3e f6 4b 07 4d a9 78-3d 12 8a f5 38 ef d9 f4 .>.K.M.x=...8... >>>>> 0050 - 48 e0 2c 35 94 06 4f eb-09 e6 70 fb 59 95 7a c8 H.,5..O...p.Y.z. >>>>> 0060 - 24 dd 24 e2 f9 63 b9 3c-f2 66 86 c4 73 44 53 fd $.$..c.<.f..sDS. >>>>> 0070 - ca 67 8f 01 d6 db 70 f9-60 bc 50 11 51 72 dc 63 .g....p.`.P.Qr.c >>>>> 0080 - 12 ca 4f 23 e2 c5 d1 1d-e5 b0 d4 ec 89 ca 28 be ..O#..........(. >>>>> 0090 - 9c 30 83 40 02 a4 62 a8-5c b3 20 1a ab 39 b7 7b .0.@..b.\. ..9.{ >>>>> 00a0 - 89 13 39 87 73 be a8 f8-60 13 31 0a 48 5c 79 b9 ..9.s...`.1.H\y. >>>>> 00b0 - cc 4a 51 e3 0d d2 b4 93-c0 1f 3a 22 b3 fa 24 a0 .JQ.......:"..$. >>>>> 00c0 - 7c f6 76 79 d0 2d 5b 1a-ff a6 e9 e1 40 d3 b1 8c |.vy.-[.....@... >>>>> 00d0 - 0a fa fa de f3 8e d6 ad-9a 22 6b 67 0b 88 18 ........."kg... >>>>> SSL_accept:SSLv3/TLS write session ticket >>>>> write to 0x7fdc58809fb0 [0x7fdc59025e00] (223 bytes => 223 (0xDF)) >>>>> 0000 - 17 03 03 00 da 46 aa ea-6a 37 b1 35 e8 41 c8 b3 .....F..j7.5.A.. >>>>> 0010 - 84 25 af 1c 36 a3 6d 78-a4 44 4a 83 52 ef 13 7c .%..6.mx.DJ.R..| >>>>> 0020 - 8f 18 d3 4c f8 22 c8 b3-ad d0 d0 5b 47 a0 43 da ...L.".....[G.C. >>>>> 0030 - d2 6e 04 8f dc c9 56 90-58 87 62 63 4c cc 31 ec .n....V.X.bcL.1. >>>>> 0040 - b8 c9 18 be 41 32 e1 3c-00 41 2a f1 4d 5c 2d 44 ....A2.<.A*.M\-D >>>>> 0050 - 8c aa e1 f0 ed 38 ee 44-64 e5 fd ea 58 3b 84 5d .....8.Dd...X;.] >>>>> 0060 - 83 39 21 2e fe 79 4d 76-10 65 87 0f 3c ac df 28 .9!..yMv.e..<..( >>>>> 0070 - 49 f8 60 eb be 49 e4 0a-0b 6a 03 2b 9d cf 9b a5 I.`..I...j.+.... >>>>> 0080 - 03 56 58 32 c2 b2 59 f9-0a 0d f0 ae af ff 20 19 .VX2..Y....... . >>>>> 0090 - e5 6e e4 86 2f 5e 3f 7d-47 d5 73 ae 89 48 a7 66 .n../^?}G.s..H.f >>>>> 00a0 - fb 2d 83 60 e8 8b ab 27-12 db 24 78 54 eb 14 2d .-.`...'..$xT..- >>>>> 00b0 - b7 c6 17 2d 3c 91 57 ac-6e 35 b8 c3 fa c2 42 48 ...-<.W.n5....BH >>>>> 00c0 - 2a cb aa 98 32 89 8a ce-0c f7 cd 5e fb bf 6d 33 *...2......^..m3 >>>>> 00d0 - 08 50 cf 1e 06 bb a1 98-be a4 a9 51 9a b0 34 .P.........Q..4 >>>>> SSL_accept:SSLv3/TLS write session ticket >>>>> write to 0x7fdc58809fb0 [0x7fdc59021c03] (23 bytes => 23 (0x17)) >>>>> 0000 - 17 03 03 00 12 c5 9b 73-cc 91 7e 48 cb 25 31 a0 .......s..~H.%1. >>>>> 0010 - 67 41 db bb 0f 62 d8 gA...b. >>>>> write to 0x7fdc58809fb0 [0x7fdc59021c03] (23 bytes => 23 (0x17)) >>>>> 0000 - 17 03 03 00 12 0f dd 3f-c1 7c e6 b0 cc ea f0 13 .......?.|...... >>>>> 0010 - 00 d8 01 de ef 7c bb .....|. >>>>> read from 0x7fdc58809fb0 [0x7fdc5901da03] (5 bytes => 5 (0x5)) >>>>> 0000 - 17 03 03 00 1e ..... >>>>> read from 0x7fdc58809fb0 [0x7fdc5901da08] (30 bytes => 30 (0x1E)) >>>>> 0000 - d6 88 44 82 cb 23 16 ba-c9 a4 fb 55 51 08 90 c1 ..D..#.....UQ... >>>>> 0010 - bf bd a1 7f 0e 37 b0 b4-b5 df f1 07 6c 07 .....7......l. >>>>> I am a clientwrite to 0x7fdc58809fb0 [0x7fdc59021c03] (23 bytes => 23 >>>>> (0x17)) >>>>> 0000 - 17 03 03 00 12 c0 70 5d-14 e7 69 57 0a d8 64 16 ......p]..iW..d. >>>>> 0010 - 0c 90 06 0f c3 4d 1d .....M. >>>>> read from 0x7fdc58809fb0 [0x7fdc5901da03] (5 bytes => 5 (0x5)) >>>>> 0000 - 17 03 03 00 13 ..... >>>>> read from 0x7fdc58809fb0 [0x7fdc5901da08] (19 bytes => 19 (0x13)) >>>>> 0000 - 60 28 5b ff bb 0d 9f 96-9a 2d cb fd 60 eb 96 62 `([......-..`..b >>>>> 0010 - 53 e6 25 S.% >>>>> SSL3 alert read:warning:close notify >>>>> DONE >>>>> shutting down SSL >>>>> CONNECTION CLOSED >>>>> >>>>> >>>>> I am using the following JDK version on MacOS: >>>>> >>>>> ssl git:(cert_cb_openssl_1_1_1) ✗ >>>>> /Library/Java/JavaVirtualMachines/jdk-11.jdk/Contents/Home/bin/java >>>>> -version >>>>> java version "11" 2018-09-25 >>>>> Java(TM) SE Runtime Environment 18.9 (build 11+28) >>>>> Java HotSpot(TM) 64-Bit Server VM 18.9 (build 11+28, mixed mode) >>>>> >>>>> For this to work you will need to have openssl 1.1.1 installed. >>>>> >>>>> Any help would be welcome, >>>>> Norman >>>>> >>>>> [1] https://github.com/netty/netty-tcnative >>>>> >>>>> >>>>>